"临时文件错误", "ERROR_TMP_FILE_NOT_FOUND" => "找不到临时文件", "ERROR_SIZE_EXCEED" => "文件大小超出网站限制", "ERROR_TYPE_NOT_ALLOWED" => "文件类型不允许", "ERROR_CREATE_DIR" => "目录创建失败", "ERROR_DIR_NOT_WRITEABLE" => "目录没有写权限", "ERROR_FILE_MOVE" => "保存出错,文件有误", "ERROR_FILE_NOT_FOUND" => "找不到上传文件", "ERROR_WRITE_CONTENT" => "写入文件内容错误", "ERROR_UNKNOWN" => "未知错误", "ERROR_DEAD_LINK" => "链接不可用", "ERROR_HTTP_LINK" => "链接不是http链接", "ERROR_HTTP_CONTENTTYPE" => "链接contentType不正确", "INVALID_URL" => "非法 URL", "INVALID_IP" => "非法 IP", "ERROR_IMAGE_SAVE" => "保存出错,图片有误", "ERROR_UPLOAD_TYPE" => "操作类型有误", ); /** * 构造函数 * @param string $fileField 表单名称 * @param array $config 配置项 * @param bool $base64 是否解析base64编码，可省略。若开启，则$fileField代表的是base64编码的字符串表单名 */ public function __construct($fileField, $config, $type = "file") { $this->fileField = $fileField; $this->config = $config; $this->type = $type; switch($this->type) { // 抓取远程文件 case 'remote' : $this->saveRemote(); break; // base64文件 case 'base64' : case 'scrawl' : $this->uploadBase64(); break; // 图片 case 'image' : $this->uploadImage(); break; // 文件、视频 case 'file' : case 'video' : $this->uploadFile(); break; // 默认 default : $this->stateInfo = $this->getStateInfo("ERROR_UPLOAD_TYPE"); } } /** * 文件上传 * @author Devil * @blog http://gong.gg/ * @version 1.0.0 * @date 2019-02-26 * @desc description */ private function uploadFile() { if(empty($_FILES[$this->fileField])) { $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED"); return; } $file = $this->file = $_FILES[$this->fileField]; if (!$file) { $this->stateInfo = $this->getStateInfo("ERROR_FILE_NOT_FOUND"); return; } if ($this->file['error']) { $this->stateInfo = $this->getStateInfo($file['error']); return; } else if (!file_exists($file['tmp_name'])) { $this->stateInfo = $this->getStateInfo("ERROR_TMP_FILE_NOT_FOUND"); return; } else if (!is_uploaded_file($file['tmp_name'])) { $this->stateInfo = $this->getStateInfo("ERROR_TMPFILE"); return; } $this->oriName = $file['name']; $this->fileSize = $file['size']; $this->fileType = $this->getFileExt(); $this->fullName = $this->getFullName(); $this->filePath = $this->getFilePath(); $this->fileName = $this->getFileName(); $dirname = dirname($this->filePath); //检查文件大小是否超出限制 if (!$this->checkSize()) { $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED"); return; } //检查是否不允许的文件格式 if (!$this->checkType()) { $this->stateInfo = $this->getStateInfo("ERROR_TYPE_NOT_ALLOWED"); return; } //创建目录失败 if (!is_dir($dirname) && !@mkdir($dirname, 0777, true)) { $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR"); return; } else if (!is_writeable($dirname)) { $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE"); return; } //移动文件 if (!(move_uploaded_file($file["tmp_name"], $this->filePath) && file_exists($this->filePath))) { //移动失败 $this->stateInfo = $this->getStateInfo("ERROR_FILE_MOVE"); } else { //移动成功 $this->stateInfo = $this->stateMap[0]; } } /** * 图片上传 * @author Devil * @blog http://gong.gg/ * @version 1.0.0 * @date 2019-02-26 * @desc description */ private function uploadImage() { $file = $this->file = $_FILES[$this->fileField]; if (!$file) { $this->stateInfo = $this->getStateInfo("ERROR_FILE_NOT_FOUND"); return; } if ($this->file['error']) { $this->stateInfo = $this->getStateInfo($file['error']); return; } else if (!file_exists($file['tmp_name'])) { $this->stateInfo = $this->getStateInfo("ERROR_TMP_FILE_NOT_FOUND"); return; } else if (!is_uploaded_file($file['tmp_name'])) { $this->stateInfo = $this->getStateInfo("ERROR_TMPFILE"); return; } // 防止原名称没有带后缀 if(stripos($file['name'], '.') === false) { $info = getimagesize($file['tmp_name']); $file['name'] .= str_replace('/', '.', $info['mime']); } $this->oriName = $file['name']; $this->fileSize = $file['size']; $this->fileType = $this->getFileExt(); $this->fullName = $this->getFullName(); $this->filePath = $this->getFilePath(); $this->fileName = $this->getFileName(); $dirname = dirname($this->filePath); //检查文件大小是否超出限制 if (!$this->checkSize()) { $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED"); return; } //检查是否不允许的文件格式 if (!$this->checkType()) { $this->stateInfo = $this->getStateInfo("ERROR_TYPE_NOT_ALLOWED"); return; } //创建目录失败 if (!is_dir($dirname) && !@mkdir($dirname, 0777, true)) { $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR"); return; } else if (!is_writeable($dirname)) { $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE"); return; } // 存储图片、使用GD存储图片、防止图片包含木马 // 如未安装相应的gd库则直接存储文件 // 未开启重新绘制 $is_move = false; // 是否开启图片重新绘制 if(MyC('is_upload_images_redraw', 0) == 1) { switch($this->fileType) { case '.png': if(function_exists('imagecreatefrompng')) { $image = imagecreatefrompng($file["tmp_name"]); //PNG imagesavealpha($image, true); //这里很重要 意思是不要丢了$sourePic图像的透明色; $width = imagesx($image); //图宽度 $heigh = imagesy($image); //图高度 $thumb = imagecreatetruecolor($width, $heigh); imagealphablending($thumb, false); //这里很重要,意思是不合并颜色,直接用$img图像颜色替换,包括透明色; imagesavealpha($thumb, true); //这里很重要,意思是不要丢了$thumb图像的透明色; if(imagecopyresampled($thumb, $image, 0, 0, 0, 0, $width, $heigh, $width, $heigh)) { imagepng($thumb, $this->filePath); } } else { $is_move = true; } break; case '.gif': if(function_exists('imagecreatefromgif')) { @imagegif(@imagecreatefromgif($file["tmp_name"]), $this->filePath); } else { $is_move = true; } break; default: if(function_exists('imagecreatefromjpeg')) { @imagejpeg(@imagecreatefromjpeg($file["tmp_name"]), $this->filePath, 100); } else { $is_move = true; } } } else { $is_move = true; } // 是否需要直接存储文件 if($is_move && !move_uploaded_file($file["tmp_name"], $this->filePath)) { $this->stateInfo = $this->getStateInfo("ERROR_FILE_MOVE"); } // 图片是否存储成功 if(!file_exists($this->filePath)) { $this->stateInfo = $this->getStateInfo("ERROR_IMAGE_SAVE"); } else { $this->stateInfo = $this->stateMap[0]; } } /** * 处理base64编码的图片上传 * @author Devil * @blog http://gong.gg/ * @version 1.0.0 * @date 2019-02-26 * @desc description */ private function uploadBase64() { $base64Data = $_POST[$this->fileField]; $img = base64_decode($base64Data); $this->oriName = $this->config['oriName']; $this->fileSize = strlen($img); $this->fileType = $this->getFileExt(); $this->fullName = $this->getFullName(); $this->filePath = $this->getFilePath(); $this->fileName = $this->getFileName(); $dirname = dirname($this->filePath); //检查文件大小是否超出限制 if (!$this->checkSize()) { $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED"); return; } //创建目录失败 if (!file_exists($dirname) && !mkdir($dirname, 0777, true)) { $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR"); return; } else if (!is_writeable($dirname)) { $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE"); return; } //移动文件 if (!(file_put_contents($this->filePath, $img) && file_exists($this->filePath))) { //移动失败 $this->stateInfo = $this->getStateInfo("ERROR_WRITE_CONTENT"); } else { //移动成功 $this->stateInfo = $this->stateMap[0]; } } /** * 拉取远程图片 * @author Devil * @blog http://gong.gg/ * @version 1.0.0 * @date 2019-02-26 * @desc description */ private function saveRemote() { $imgUrl = htmlspecialchars($this->fileField); $imgUrl = str_replace("&", "&", $imgUrl); //检查是否不允许的文件格式 if (!$this->checkType()) { $this->stateInfo = $this->getStateInfo("ERROR_TYPE_NOT_ALLOWED"); return; } //http开头验证 if (strpos($imgUrl, "http") !== 0) { $this->stateInfo = $this->getStateInfo("ERROR_HTTP_LINK"); return; } preg_match('/(^https*:\/\/[^:\/]+)/', $imgUrl, $matches); $host_with_protocol = count($matches) > 1 ? $matches[1] : ''; // 判断是否是合法 url if (!filter_var($host_with_protocol, FILTER_VALIDATE_URL)) { $this->stateInfo = $this->getStateInfo("INVALID_URL"); return; } preg_match('/^https*:\/\/(.+)/', $host_with_protocol, $matches); $host_without_protocol = count($matches) > 1 ? $matches[1] : ''; // 此时提取出来的可能是 ip 也有可能是域名，先获取 ip $ip = gethostbyname($host_without_protocol); // 判断是否是私有 ip if(!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) { $this->stateInfo = $this->getStateInfo("INVALID_IP"); return; } //打开输出缓冲区并获取远程图片 $img = RequestGet($imgUrl); if(empty($img)) { $this->stateInfo = $this->getStateInfo("ERROR_DEAD_LINK"); return; } preg_match("/[\/]([^\/]*)[\.]?[^\.\/]*$/", $imgUrl, $m); $this->oriName = $m ? $m[1]:""; $this->fileSize = strlen($img); $this->fileType = $this->getFileExt(); $this->fullName = $this->getFullName(); $this->filePath = $this->getFilePath(); $this->fileName = $this->getFileName(); $dirname = dirname($this->filePath); //检查文件大小是否超出限制 if (!$this->checkSize()) { $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED"); return; } //创建目录失败 if (!file_exists($dirname) && !mkdir($dirname, 0777, true)) { $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR"); return; } else if (!is_writeable($dirname)) { $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE"); return; } //移动文件 if (!(file_put_contents($this->filePath, $img) && file_exists($this->filePath))) { //移动失败 $this->stateInfo = $this->getStateInfo("ERROR_WRITE_CONTENT"); } else { //移动成功 $this->stateInfo = $this->stateMap[0]; } } /** * 上传错误检查 * @param $errCode * @return string */ private function getStateInfo($errCode) { return !$this->stateMap[$errCode] ? $this->stateMap["ERROR_UNKNOWN"] : $this->stateMap[$errCode]; } /** * 获取文件扩展名 * @return string */ private function getFileExt() { return strtolower(strrchr($this->oriName, '.')); } /** * 重命名文件 * @return string */ private function getFullName() { //替换日期事件 $t = time(); $d = explode('-', date("Y-y-m-d-H-i-s")); $format = $this->config["pathFormat"]; $format = str_replace("{yyyy}", $d[0], $format); $format = str_replace("{yy}", $d[1], $format); $format = str_replace("{mm}", $d[2], $format); $format = str_replace("{dd}", $d[3], $format); $format = str_replace("{hh}", $d[4], $format); $format = str_replace("{ii}", $d[5], $format); $format = str_replace("{ss}", $d[6], $format); $format = str_replace("{time}", $t, $format); //过滤文件名的非法自负,并替换文件名 $oriName = substr($this->oriName, 0, strrpos($this->oriName, '.')); $oriName = preg_replace("/[\|\?\"\<\>\/\*\\\\]+/", '', $oriName); $format = str_replace("{filename}", $oriName, $format); //替换随机字符串 $randNum = rand(1, 1000) . rand(1, 1000) . rand(1, 1000); if (preg_match("/\{rand\:([\d]*)\}/i", $format, $matches)) { $format = preg_replace("/\{rand\:[\d]*\}/i", substr($randNum, 0, $matches[1]), $format); } $ext = $this->getFileExt(); return $format . $ext; } /** * 获取文件名 * @return string */ private function getFileName () { return substr($this->filePath, strrpos($this->filePath, '/') + 1); } /** * 获取文件完整路径 * @return string */ private function getFilePath() { $fullname = $this->fullName; $rootPath = GetDocumentRoot(); if (substr($fullname, 0, 1) != '/') { $fullname = '/' . $fullname; } return $rootPath . $fullname; } /** * 文件类型检测 * @return bool */ private function checkType() { return in_array($this->getFileExt(), $this->config["allowFiles"]); } /** * 文件大小检测 * @return bool */ private function checkSize() { return $this->fileSize <= ($this->config["maxSize"]); } /** * 获取当前上传成功文件的各项信息 * @return array */ public function getFileInfo() { return array( "state" => $this->stateInfo, "url" => $this->fullName, "path" => $this->filePath, "title" => $this->fileName, "original" => $this->oriName, "ext" => $this->fileType, "size" => $this->fileSize, "hash" => file_exists($this->filePath) ? hash_file('sha256', $this->filePath, false) : '', ); } } ?>