我正在使用以下代码将图像存储在我的Web服务器上:
function SavePic()
{
$allowedExts = array("jpeg", "jpg");
$temp = explode(".", $_FILES["UserPic"]["name"]);
$extension = end($temp);
if ((($_FILES["UserPic"]["type"] == "image/jpeg")
|| ($_FILES["UserPic"]["type"] == "image/jpg"))
//&& ($_FILES["UserPic"]["size"] < 2097152)
&& in_array($extension, $allowedExts))
{
if ($_FILES["UserPic"]["error"] > 0)
{
echo json_encode("Error: ".$_FILES["UserPic"]["error"]);
}
else
{
$folder = "/home5/username/public_html/Project/Users/Images/";
echo move_uploaded_file($_FILES["UserPic"]["tmp_name"],$folder.$_REQUEST["email"].".".$extension);
}
}
else
{
echo json_encode("Invalid file");
}
}
和以下代码检索图像:
function RetrievePic()
{
$handle = fopen('php://input','r');
$jsonInput = fgets($handle);
// Decoding JSON into an Array
$retrieveParameters = json_decode($jsonInput,true);
$UserPic = array("UserPic" => "http://www.mysite.com/Project/Users/Images/".$retrieveParameters['email']."."."jpg");
echo json_encode($UserPic);
}
例如,如果我的电子邮件abc@xyz.com则图像将存储为"abc@xyz.com.jpg".问题是,当我试图覆盖图像以用新图像替换旧图像时,服务器每次都会返回旧图像。
更新:当我在浏览器中放置url时,例如http://www.mysite.com/Project/Users/Images/abc@xyz.com.jpg显示最新图像,然后我开始接收最新图像。
这看起来像是一个缓存问题。您是否验证了新图片是否正确保存在服务器上?
如果图片保存正确,则应在RetrievePic例程中添加一些标头,以防止其被缓存。另请参阅:禁用某些图像的缓存
- 我不建议您处理带有扩展名的文件它可以很容易地伪装
$_FILES['UserPic']['type']
也不可靠 - 在PHP版本5.4.1下,存在严重的有关$_FILES的安全漏洞。
- 目录遍历攻击
- $_FILES崩溃攻击
你应该这样做:
<?php
// Configure
$upload_key = 'UserPic';
$max_filesize = 2097152; // Bytes
$save_directory = '/home5/username/public_html/Project/Users/Images';
if (version_compare(PHP_VERSION, '5.4.1') < 0) {
die('This PHP Version has serious security hole concerning $_FILES.');
}
if (isset($_FILES[$upload_key])) {
try {
$error = $_FILES[$upload_key]['error'];
if (is_array($error)) {
throw new Exception('This script can''t accept multiple files');
}
switch ($error) {
case UPLOAD_ERR_INI_SIZE:
throw new Exception('Exceeded upload_max_filesize');
case UPLOAD_ERR_FORM_SIZE:
throw new Exception('Exceeded MAX_FILE_SIZE');
case UPLOAD_ERR_PARTIAL:
throw new Exception('Incomplete file uploaded');
case UPLOAD_ERR_NO_FILE:
throw new Exception('No file uploaded');
case UPLOAD_ERR_NO_TMP_DIR:
throw new Exception('No tmp directory');
case UPLOAD_ERR_CANT_WRITE:
throw new Exception('Couldn''t write data');
case UPLOAD_ERR_EXTENSION:
throw new Exception('Extension error');
}
$name = $_FILES[$upload_key]['name'];
$tmp_name = $_FILES[$upload_key]['tmp_name'];
$size = $_FILES[$upload_key]['size'];
if ($name === '') {
throw new Exception('Invalid filename');
}
if ($size > $max_filesize) {
throw new Exception(sprintf('Exceeded %d bytes limit', $max_filesize));
}
if (!is_uploaded_file($tmp_name)) {
throw new Exception('Not an uploaded file');
}
$finfo = new finfo(FILEINFO_MIME);
$type = $finfo->file($tmp_name);
if ($type === false) {
throw new Exception('Failed to get MimeType');
}
if (substr($type, 'image/jpeg') !== 0) {
throw new Exception('Only JPEG images available');
}
if (!isset($_REQUEST['email']) || !is_string($email = $_REQUEST['email']) || $email === '') {
throw new Exception('E-mail address required');
}
if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
throw new Exception('Invalid E-mail address');
}
$new_name = $save_directory.'/'.$email.'.jpg';
if (is_file($new_name)) {
throw new Exception('The file already exists');
}
if (!@move_uploaded_file($tmp_name, $new_name)) {
throw new Exception('Failed to move uploaded file');
}
$msg = "File successfully uploaded as {$new_name}";
} catch (Exception $e) {
$msg = 'Error: '.$e->getMessage();
}
} else {
$msg = 'No file sent';
}
echo json_encode($msg);