PHP：圖片上傳錯誤

Question

我正在製作一個圖片上傳器，但我得到的錯誤：只允許JPG，JPEG和PNG圖像類型。

上傳器沒有得到擴展權。我做錯了什麼？ 獲取擴展的函數在第33行。第59行的廣告是我嘗試獲取擴展的地方。

<?php session_start(); if ($_SESSION['username']) {} else { header("location:index.php"); exit(); } ?> 

<?php 

include 'db_connect.php'; 
$uploadSubmit = mysql_real_escape_string($_POST['imageSubmit']); 

if ($uploadSubmit) 
{ 
if ($_FILES['image']) 
{ 
    $contents = file_get_contents($_FILES['image']['tmp_name']); 

    if (stristr($contents, "<?php") || stristr($contents, "system(") || stristr($contents, "exec(") || 
    stristr($contents, "mysql") || stristr($contents, "include(") || stristr($contents, "require(") || 
    stristr($contents, "include_once(") || stristr($contents, "require_once(") || stristr($contents, "echo'") || stristr($contents, 'echo"')) 
    { 
     echo 'Are you really trying to hack this site? Enjoy your upload b&.'; 
     $sql = "INSERT INTO banned (ip) VALUES ('".$_SERVER['REMOTE_ADDR']."')"; 
     $result = mysql_query($sql) or trigger_error(mysql_error()."".$sql); 
     die(); 
    } 
} 

else 
{ 
    $sql = "SELECT * FROM banned WHERE ip='".$_SERVER['REMOTE_ADDR']."'"; 
    $result = mysql_query($sql) or trigger_error(mysql_error()."".$sql); 
    $num_rows = mysql_fetch_row($result); 

    if ($num_rows[0] == 0) 
    { 
     function getExtension($str) 
     { 
      $i = strrpos($str,"."); 

      if (!$i) 
      { 
       return ""; 
      } 

      $I = strlen($str) - $i; 
      $ext = substr($str,$i+1,$I); 
      return $ext; 
     } 

     define ("MAX_SIZE","5000"); 
     $error = 0; 
     $file = $_FILES['image']['name']; 

     if ($file = '') 
     { 
      echo 'You didn\'t select an image to upload.'; 
      $error = 1; 
     } 

     else 
     { 
      $filename = stripslashes($file); 
      $extension = getExtension($filename); 
      $extension = strtolower($extension); 

      if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png")) 
      { 
       echo 'Only JPG, JPEG and PNG are allowed image types.'; 
       $error = 1; 
      } 

      else 
      { 
       $size = filesize($_FILES['image']['tmp_name']); 

       if ($size > MAX_SIZE*1024) 
       { 
        echo 'The max allowed filesize is 5MB.'; 
        $error = 1; 
       } 

       $time = time(); 
       $newImageName = 'wally-'.$time.'.'.$extension.''; 
       $imageFullPath = 'images/'.$newImageName.''; 

       if (!$errors) 
       { 
        if (!move_uploaded_file($_FILES['image']['tmp_name'], $imageFullPath)) 
        { 
         $error = 1; 
        } 
       } 

       if ($uploadSubmit && !$error) 
       { 
        include 'class.imageResizer.php'; 
        $work = new ImgResizer($imageFullPath); 
        $work -> resize(125, "thumbs/".$newImageName.""); 

        $uploader = $_SESSION['username']; 
        $sql = "INSERT INTO images (image, uploader, validated) VALUES ('$newImageName','$uploader','0')"; 
        $result = mysql_query($sql) or trigger_error(mysql_error()."".$sql); 

        echo 'Your image has been uploaded and awaiting validation.'; 
        echo 'The page will redirect in 2 seconds.'; 
        echo '<meta http-equiv="Refresh" content="2;url=http://www.wallpapers.puffys.net">'; 

       } 
      } 
     } 
    } 

    else 
    { 
     die("You are banned from uploading."); 
    } 
} 
} 

?> 

Answer 1

嘗試使用這樣的事情：

$allowedExtensions = array("jpg","jpeg","png"); 
if (!in_array(end(explode(".",strtolower($file))),$allowedExtensions)) { 
    echo 'Only JPG, JPEG and PNG are allowed image types.'; 
    $error = 1; 
} 

Answer 2

$i = strrpos($str,"."); 

if (!$i) 

不是測試，如果strrpos函數返回一個正值的好方法。

你應該使用===運算符，就像這樣：

$i = strrpos($str,"."); 

if ($pos === false)