嘿,我有一個系統在上傳文件。我有一個script我在網上找到了,它似乎運作良好。PHP文件上傳系統
這裏是PHP代碼:
if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0))
{
//Check if the file is JPEG image and it's size is less than 350Kb
$filename = basename($_FILES['uploaded_file']['name']);
$ext = substr($filename, strrpos($filename, '.') + 1);
if (($ext == "jpg") && ($_FILES["uploaded_file"]["type"] == "image/jpeg") && ($_FILES["uploaded_file"]["size"] < 350000))
{
//Determine the path to which we want to save this file
$newname = dirname(__FILE__).'upload/'.$filename;
//Check if the file with the same name is already exists on the server
if (!file_exists($newname))
{
//Attempt to move the uploaded file to it's new place
if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname)))
{
echo "It's done! The file has been saved as: ".$newname;
}
else
{
echo "Error: A problem occurred during file upload!";
}
}
else
{
echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";
}
}
else
{
echo "Error: Only .jpg images under 350Kb are accepted for upload";
}
}
else
{
echo "Error: No file uploaded";
}
沒有,如果我想上傳一個JPG文件能正常工作。但我想能夠將文件放入另一個目錄。因爲目前上傳頁面是針對管理員用戶的,他們位於名爲admin.mysite.com的子域名上,但我想要文件去的位置位於mysite.com/members/video/
現在有一些代碼不是100%,如「dirname(FILE)」這是幹什麼的?我猜它會得到當前的位置,但我已經改變了整條生產線在那裏,所以它看起來是這樣的:
$newname = '../mysite.com/members/video/'.$filename;
和
$newname = 'http://www.mysite.com/members/video/'.$filename;
但一無所獲。任何人都知道我可以如何更改此代碼,以便我可以將文件複製到新目錄中?
感謝您的幫助。
http://php.net/dirname ...你將無法像第二次嘗試一樣將文件移動到URL。 – ceejayoz 2012-02-16 14:41:37
這個腳本不是很安全。沒有什麼阻止我上傳steal_cookie.js文件,並將擴展名更改爲steal_cookie.jpg。在瀏覽器中查看文件時,我會竊取您的所有Cookie。 – 2012-02-16 14:43:25
有,它的所有密碼只保護我們的管理帳戶。 – ragebunny 2012-02-16 14:51:42