我有一個分析圖像的java程序。我想讓程序在網絡瀏覽器中可用。當我使用html表單和php上傳文件時,我也可以將文件傳遞給java applet?
該程序需要來自用戶的圖像文件。使用普通的Java程序,這不是問題,因爲您可以訪問用戶的文件系統。然而,在小程序中情況並非如此。我的計劃是讓用戶使用html表單和php程序將圖像上傳到我的服務器。這具有存儲照片以供在網站上使用的額外好處。
出於安全原因,建議將圖像放在webroot上方的目錄中。但是,這意味着小程序將無法訪問圖像。有沒有辦法將圖像發送到服務器和小程序?出於安全原因,我想避免讓一個程序發送webroot之外的文件。我也想避免難看的安全警告。有沒有另一種方法來處理這個項目?
以下是PHP代碼,我使用了上傳:
<?php
// the current directory
$current_directory = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
// the location of the program and uploads the file
$uploadProgram = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'webuploadcode.php';
// the maximum file size in bytes for the html upload form
$maximum_file_size = 300000;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<title>Upload form</title>
</head>
<body>
<form id="Upload" action="<?php echo $uploadProgram ?>" enctype="multipart/form-data" method="post">
<h1>Upload form</h1>
<p>Logged in as: <?php echo $_SERVER['PHP_AUTH_USER'] ?></p>
<p><input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $maximum_file_size ?>"></p>
<p>
<label for="file">Select a file to upload:</label>
<input id="file" type="file" name="file">
</p>
<p>
<label for="submit">Click to </label>
<input id="submit" type="submit" name="submit" value="Upload File">
</p>
</form>
</body>
</html>
<?php
// the directory to receieve the files
$upload_directory = '../../photouploads/';
// the location of the upload form in case we need it
$upload_form = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'webuploadform.php';
// the location of the status page
$upload_status = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'uploadstatus.php';
// name of the fieldname used for the file in the HTML form
$fieldname = 'file';
$username = $_SERVER['PHP_AUTH_USER'];
// possible PHP upload errors
$errors = array(1 => 'php.ini max file size exceeded',
2 => 'html form max file size exceeded',
3 => 'file upload was only partial',
4 => 'no file was attached');
// check the upload form was actually submitted else print form
isset($_POST['submit']) or error('the upload form is needed', $upload_form);
// check for standard uploading errors
($_FILES[$fieldname]['error'] == 0) or error($errors[$_FILES[$fieldname]['error']], $upload_form);
// check that the file we are working on really was an HTTP upload
@is_uploaded_file($_FILES[$fieldname]['tmp_name']) or error('not an HTTP upload', $upload_form);
// blacklist php files
$blacklist = array(".php", ".phtml", ".php3", ".php4");
foreach ($blacklist as $item)
{
if(preg_match("/$item\$/i", $_FILES[$fieldname]['tmp_name']))
{
echo "We do not allow uploading PHP files.\n";
exit;
}
}
// check the size of the image to confirm that it is an image file
@getimagesize($_FILES[$fieldname]['tmp_name']) or error('only image uploads are allowed', $upload_form);
// make a unique filename for the uploaded file
$now = time();
//$_POST['credit']
while(file_exists($uploadFilename = $upload_directory.$now.'-'.$username.'.jpg'))
{
$now++;
}
// move the file to the image folder and allocate it with the new filename
@move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
or error('receiving directory insuffiecient permission', $upload_form);
// Redirect the client to the status page
header('Location: ' . $uploadStatus);
// an error handler which will be used if the upload fails
function error($error, $location, $seconds = 5)
{
header("Refresh: $seconds; URL=\"$location\"");
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"'."\n".
'"http://www.w3.org/TR/html4/strict.dtd">'."\n\n".
'<html lang="en">'."\n".
' <head>'."\n".
' <meta http-equiv="content-type" content="text/html; charset=iso- 8859-1"> '."\n\n".
' <link rel="stylesheet" type="text/css" href="stylesheet.css"> '."\n\n".
' <title>Upload error</title>'."\n\n".
' </head>'."\n\n".
' <body>'."\n\n".
' <div id="Upload">'."\n\n".
' <h1>Upload failure</h1>'."\n\n".
' <p>An error has occured: '."\n\n".
' <span class="red">' . $error . '...</span>'."\n\n".
' The upload form is reloading</p>'."\n\n".
' </div>'."\n\n".
'</html>';
exit;
} // end error handler
?>
您在設計中提到的安全問題是什麼?如果您需要通過Applet將圖像提供給用戶,請將其置於可訪問的網頁位置。另外,如果您在Applet上簽名,則可以從用戶本地文件系統讀取圖像。 – Perception 2011-12-29 15:19:16
安全問題與惡意用戶上傳代碼(而不是圖像)和黑客入侵網站以及讀取密碼文件等存儲在webroot上方有關。顯然,上傳和閱讀都必須謹慎處理。對這種事情沒有特別的經驗,我很謹慎。 – leonin 2011-12-29 15:47:15