PHPOnline
سه شنبه 13 بهمن 1394, 21:25 عصر
سلام
کلاس آپلود :
class EUP {
/**
* in the name of allah
* Easy Upload Prans
* @author Mahdi Sorkhabi
* @version 1.4
* @author website http://prans.info
* @author weblog http://sorkhabi.net
* The followings are the available columns in table 'agents':
* @property string $dir
* @property string $domin
* @property boolean $randomName
* @property integer $minSize
* @property integer $maxSize
* @property array $format
* @property array $log
* @property array $result
*/
private $_attributes = array(
'dir',
'domin',
'randomName',
'minSize',
'maxSize',
'format',
'log' => array (),
'result' => array(),
);
public function __construct ($dir,$domin,$format = array ('pdf'=> 'application/pdf'),$randomName = false,$minSize = 1024,$maxSize = 1048576)
{
$this->_attributes ['domin'] = $domin;
$this->_attributes ['dir'] = $dir;
$this->_attributes ['format'] = $format;
$this->_attributes ['randomName'] = $randomName;
$this->_attributes ['minSize'] = $minSize;
$this->_attributes ['maxSize'] = $maxSize;
}
/**
* Magic Getter method
* @param string $fileName The name of attribute
*
* @return mixed The value of attribute
*/
public function __GET($fileName)
{
if(isset($this->_attributes)) {
return $this->_attributes[$fileName];
}
}
/**
* Magic setter method
* @param string $fileName The name of attribute
* @param mixed $value The value of attribute
*/
public function __SET($fileName, $value)
{
if(isset($this->_attributes)) {
$this->_attributes[$fileName] = $value;
}
}
/**
* Check the size
* @param integer $size The size to check
*
* @return boolean Whether the size is valid
*/
private function checkMaxSize($size)
{
return ($size <= $this->maxSize);
}
/**
* Check the size
* @param integer $size The size to check
*
* @return boolean Whether the size is valid
*/
private function checkMinSize($size)
{
return ($size >= $this->minSize);
}
/**
* Get the file extension
* @param string $fileName The filename
* @param boolean $lower Whether to return the extension in lowercase
*
* @return string The file extension
*/
private function getExtension($fileName)
{
mb_internal_encoding('utf-8');
return mb_substr($fileName, mb_strrpos($fileName, '.') + 1);
}
private function checkFormat($fileName,$fileType)
{
$extension = $this->getExtension ($fileName);
foreach ($this->_attributes ['format'] as $format => $MIME){
if ($extension === $format and $fileType === $MIME){
return true;
}
}
return false;
}
/**
* Get the safe filename based on the original name
* @param string $fileName The original filename
*
* @return string The new filename
*/
private function newFileName($fileName)
{
$extension = '.' . $this->getExtension($fileName);
if ($this->_attributes ['randomName']){
return md5(rand(100000, 999999) . $fileName . rand(100000, 999999)) . $extension;
}else{
return str_replace('.', '-', basename($fileName,'.' . $this->getExtension ($fileName))) . $extension;
}
}
/**
* Create a unique name
* @param string $fileName The original filename
*
* @return string The new filename
*/
private function uniqueName($fileName)
{
$baseName = basename($fileName,'.' . $this->getExtension ($fileName));
$extension = '.' . $this->getExtension($fileName);
$counter = 2;
while(file_exists($this->dir . $fileName)) {
$fileName = $baseName . '-' . $counter . $extension;
$counter++;
}
return $fileName;
}
/**
* Add log
* @param string $log The log to add
*/
private function addLog($log)
{
$this->_attributes ['log'] = $log;
}
/**
* Do the real upload process
* @param array $element The file element (an element of $_FILES array)
*
* @return boolean|false The uploaded file URL on success, false otherwise
*/
private function uploadFile ($element,$key = false){
$this->_attributes ['log'] = '';
if ($key === false){
list($name, $tempName, $error, $size, $mimeType) = array($element['name'], $element['tmp_name'], $element['error'], $element['size'], $element['type']);
}else{
list($name, $tempName, $error, $size, $mimeType) = array($element['name'][$key], $element['tmp_name'][$key], $element['error'][$key], $element['size'][$key], $element['type'][$key]);
}
if (trim ($name) !== '') {
if ($error == 0) {
if($this->checkFormat ($name,$mimeType)) {
if($this->checkMinSize($size)) {
if($this->checkMaxSize($size)) {
$newName = $this->newFileName($name);
$newName = $this->uniqueName($newName);
if(move_uploaded_file($tempName, $this->dir . $newName)) {
$this->addLog ('فایل "' . $name . '" با موفقیت آپلود شد');
$file = $this->domin . $newName;
}
else {
$this->addLog('مشکلی در اجرای عملیات رخ داد (آپلود فایل "' . $name . '")');
}
}
else {
$this->addLog('سایز فایل "' . $name . '" بیش از اندازه مجاز می باشد');
}
}
else{
$this->addLog('سایز فایل "' . $name . '" کم تر از حجم مجاز می باشد');
}
}
else {
$this->addLog('پسوند فایل "' . $name . '" مجاز نیست');
}
}
else{
$this->addLog('مشکلی در اجرای عملیات رخ داد (آپلود فایل "' . $name . '")');
}
if(isset ($file)){
return array (
'result' => true,
'url' => $file,
'log' => $this->_attributes ['log'],
'fileName' => $name,
);
}else{
return array (
'result' => false,
'url' => '',
'log' => $this->_attributes ['log'],
'fileName' => $name,
);
}
}
return false;
}
/**
* Execute the upload process
* @param array $element (an element of $_FILES array)
*
* @return array|string The upload result in single mode or an array of results in multiple mode
*/
public function upload($element,$multiple = false) {
if (!is_dir ($this->_attributes ['dir'])){
mkdir ($this->_attributes ['dir']);
}
if($multiple) {
if(isset ($element ['name'])){
$count = count ($element ['name']);
for ($key = 0;$key < $count; $key++) {
$result = $this->uploadFile($element,$key);
if ($result){
$this->_attributes ['result'][$key] = $result;
}
}
return $this->_attributes ['result'];
}
}else{
$result = $this->uploadFile($element,false);
if ($result){
$this->_attributes ['result'][0] = $result;
}
return $this->_attributes ['result'];
}
}
public function checkUpload ($uploadResult){
return (isset ($uploadResult ['0']) ? true : false);
}
}
?>
پیش رفتم و فایل ها رو به راحتی آپلود کردم ، اما از لحاظ امنیتی مشکلاتی داره ، مثل آپلود شل به راحتی انجام میشه !
به چه شکل باید این حفره رو پوشش بدم ؟ تا فقط فایل های مد نظرم آپلود بشن
ممنون از شما
کلاس آپلود :
class EUP {
/**
* in the name of allah
* Easy Upload Prans
* @author Mahdi Sorkhabi
* @version 1.4
* @author website http://prans.info
* @author weblog http://sorkhabi.net
* The followings are the available columns in table 'agents':
* @property string $dir
* @property string $domin
* @property boolean $randomName
* @property integer $minSize
* @property integer $maxSize
* @property array $format
* @property array $log
* @property array $result
*/
private $_attributes = array(
'dir',
'domin',
'randomName',
'minSize',
'maxSize',
'format',
'log' => array (),
'result' => array(),
);
public function __construct ($dir,$domin,$format = array ('pdf'=> 'application/pdf'),$randomName = false,$minSize = 1024,$maxSize = 1048576)
{
$this->_attributes ['domin'] = $domin;
$this->_attributes ['dir'] = $dir;
$this->_attributes ['format'] = $format;
$this->_attributes ['randomName'] = $randomName;
$this->_attributes ['minSize'] = $minSize;
$this->_attributes ['maxSize'] = $maxSize;
}
/**
* Magic Getter method
* @param string $fileName The name of attribute
*
* @return mixed The value of attribute
*/
public function __GET($fileName)
{
if(isset($this->_attributes)) {
return $this->_attributes[$fileName];
}
}
/**
* Magic setter method
* @param string $fileName The name of attribute
* @param mixed $value The value of attribute
*/
public function __SET($fileName, $value)
{
if(isset($this->_attributes)) {
$this->_attributes[$fileName] = $value;
}
}
/**
* Check the size
* @param integer $size The size to check
*
* @return boolean Whether the size is valid
*/
private function checkMaxSize($size)
{
return ($size <= $this->maxSize);
}
/**
* Check the size
* @param integer $size The size to check
*
* @return boolean Whether the size is valid
*/
private function checkMinSize($size)
{
return ($size >= $this->minSize);
}
/**
* Get the file extension
* @param string $fileName The filename
* @param boolean $lower Whether to return the extension in lowercase
*
* @return string The file extension
*/
private function getExtension($fileName)
{
mb_internal_encoding('utf-8');
return mb_substr($fileName, mb_strrpos($fileName, '.') + 1);
}
private function checkFormat($fileName,$fileType)
{
$extension = $this->getExtension ($fileName);
foreach ($this->_attributes ['format'] as $format => $MIME){
if ($extension === $format and $fileType === $MIME){
return true;
}
}
return false;
}
/**
* Get the safe filename based on the original name
* @param string $fileName The original filename
*
* @return string The new filename
*/
private function newFileName($fileName)
{
$extension = '.' . $this->getExtension($fileName);
if ($this->_attributes ['randomName']){
return md5(rand(100000, 999999) . $fileName . rand(100000, 999999)) . $extension;
}else{
return str_replace('.', '-', basename($fileName,'.' . $this->getExtension ($fileName))) . $extension;
}
}
/**
* Create a unique name
* @param string $fileName The original filename
*
* @return string The new filename
*/
private function uniqueName($fileName)
{
$baseName = basename($fileName,'.' . $this->getExtension ($fileName));
$extension = '.' . $this->getExtension($fileName);
$counter = 2;
while(file_exists($this->dir . $fileName)) {
$fileName = $baseName . '-' . $counter . $extension;
$counter++;
}
return $fileName;
}
/**
* Add log
* @param string $log The log to add
*/
private function addLog($log)
{
$this->_attributes ['log'] = $log;
}
/**
* Do the real upload process
* @param array $element The file element (an element of $_FILES array)
*
* @return boolean|false The uploaded file URL on success, false otherwise
*/
private function uploadFile ($element,$key = false){
$this->_attributes ['log'] = '';
if ($key === false){
list($name, $tempName, $error, $size, $mimeType) = array($element['name'], $element['tmp_name'], $element['error'], $element['size'], $element['type']);
}else{
list($name, $tempName, $error, $size, $mimeType) = array($element['name'][$key], $element['tmp_name'][$key], $element['error'][$key], $element['size'][$key], $element['type'][$key]);
}
if (trim ($name) !== '') {
if ($error == 0) {
if($this->checkFormat ($name,$mimeType)) {
if($this->checkMinSize($size)) {
if($this->checkMaxSize($size)) {
$newName = $this->newFileName($name);
$newName = $this->uniqueName($newName);
if(move_uploaded_file($tempName, $this->dir . $newName)) {
$this->addLog ('فایل "' . $name . '" با موفقیت آپلود شد');
$file = $this->domin . $newName;
}
else {
$this->addLog('مشکلی در اجرای عملیات رخ داد (آپلود فایل "' . $name . '")');
}
}
else {
$this->addLog('سایز فایل "' . $name . '" بیش از اندازه مجاز می باشد');
}
}
else{
$this->addLog('سایز فایل "' . $name . '" کم تر از حجم مجاز می باشد');
}
}
else {
$this->addLog('پسوند فایل "' . $name . '" مجاز نیست');
}
}
else{
$this->addLog('مشکلی در اجرای عملیات رخ داد (آپلود فایل "' . $name . '")');
}
if(isset ($file)){
return array (
'result' => true,
'url' => $file,
'log' => $this->_attributes ['log'],
'fileName' => $name,
);
}else{
return array (
'result' => false,
'url' => '',
'log' => $this->_attributes ['log'],
'fileName' => $name,
);
}
}
return false;
}
/**
* Execute the upload process
* @param array $element (an element of $_FILES array)
*
* @return array|string The upload result in single mode or an array of results in multiple mode
*/
public function upload($element,$multiple = false) {
if (!is_dir ($this->_attributes ['dir'])){
mkdir ($this->_attributes ['dir']);
}
if($multiple) {
if(isset ($element ['name'])){
$count = count ($element ['name']);
for ($key = 0;$key < $count; $key++) {
$result = $this->uploadFile($element,$key);
if ($result){
$this->_attributes ['result'][$key] = $result;
}
}
return $this->_attributes ['result'];
}
}else{
$result = $this->uploadFile($element,false);
if ($result){
$this->_attributes ['result'][0] = $result;
}
return $this->_attributes ['result'];
}
}
public function checkUpload ($uploadResult){
return (isset ($uploadResult ['0']) ? true : false);
}
}
?>
پیش رفتم و فایل ها رو به راحتی آپلود کردم ، اما از لحاظ امنیتی مشکلاتی داره ، مثل آپلود شل به راحتی انجام میشه !
به چه شکل باید این حفره رو پوشش بدم ؟ تا فقط فایل های مد نظرم آپلود بشن
ممنون از شما