Parsing php remote image download functions can be forged
Last Update:2018-04-02
Source: Internet
Author: User
This article provides a detailed analysis of the remote image download function in php. For more information, see the image download address of gurl.
$ Rfurl. If the target image has anti-Leech settings, you can bypass it.
$ Filename: the file name for downloading the image, relative path. do not use realpath.
$ Gcookie: adjust cookie forgery
$ JumpCount jump count
$ Maxtime maximum times
Call method: DownImageKeep ("success );
The code is as follows:
Function DownImageKeep ($ gurl, $ rfurl, $ filename, $ gcookie = "", $ JumpCount = 0, $ maxtime = 30)
{
$ Urlinfos = GetHostInfo ($ gurl );
$ Ghost = trim ($ urlinfos ['host']);
If ($ ghost = '')
{
Return FALSE;
}
$ Gquery = $ urlinfos ['query'];
If ($ gcookie = ""&&! Empty ($ rfurl ))
{
$ Gcookie = RefurlCookie ($ rfurl );
}
$ SessionQuery = "GET $ gquery HTTP/1.1 \ r \ n ";
$ SessionQuery. = "Host: $ ghost \ r \ n ";
$ SessionQuery. = "Referer: $ rfurl \ r \ n ";
$ SessionQuery. = "Accept: */* \ r \ n ";
$ SessionQuery. = "User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) \ r \ n ";
If ($ gcookie! = ""&&! Preg_match ("/[\ r \ n]/", $ gcookie ))
{
$ SessionQuery. = $ gcookie. "\ r \ n ";
}
$ SessionQuery. = "Connection: Keep-Alive \ r \ n ";
$ Errno = "";
$ Errstr = "";
$ M_fp = fsockopen ($ ghost, 80, $ errno, $ errstr, 10 );
Fwrite ($ m_fp, $ sessionQuery );
$ Lnum = 0;
// Obtain the detailed response header
$ M_httphead = Array ();
$ Httpstas = explode ("", fgets ($ m_fp, 256 ));
$ M_httphead ["http-edition"] = trim ($ httpstas [0]);
$ M_httphead ["http-state"] = trim ($ httpstas [1]);
While (! Feof ($ m_fp ))
{
$ Line = trim (fgets ($ m_fp, 256 ));
If ($ line = "" ||$ lnum> 100)
{
Break;
}
$ Hkey = "";
$ Hvalue = "";
$ V = 0;
For ($ I = 0; $ I {
If ($ v = 1)
{
$ Hvalue. = $ line [$ I];
}
If ($ line [$ I] = ":")
{
$ V = 1;
}
If ($ v = 0)
{
$ Hkey. = $ line [$ I];
}
}
$ Hkey = trim ($ hkey );
If ($ hkey! = "")
{
$ M_httphead [strtolower ($ hkey)] = trim ($ hvalue );
}
}
// Analyze the returned Records
If (preg_match ("/^ 3/", $ m_httphead ["http-state"])
{
If (isset ($ m_httphead ["location"]) & $ JumpCount <3)
{
$ JumpCount ++;
DownImageKeep ($ gurl, $ rfurl, $ filename, $ gcookie, $ JumpCount );
}
Else
{
Return FALSE;
}
}
If (! Preg_match ("/^ 2/", $ m_httphead ["http-state"])
{
Return FALSE;
}
If (! Isset ($ m_httphead ))
{
Return FALSE;
}
$ ContentLength = $ m_httphead ['content-length'];
// Save the file
$ Fp = fopen ($ filename, "w") or die ("writing File: {$ filename} failed! ");
$ I = 0;
$ Okdata = "";
$ Starttime = time ();
While (! Feof ($ m_fp ))
{
$ Okdata. = fgetc ($ m_fp );
$ I ++;
// Timeout ends
If (time ()-$ starttime> $ maxtime)
{
Break;
}
// End with the specified size
If ($ I >=$ contentLength)
{
Break;
}
}
If ($ okdata! = "")
{
Fwrite ($ fp, $ okdata );
}
Fclose ($ fp );
If ($ okdata = "")
{
@ Unlink ($ filename );
Fclose ($ m_fp );
Return FALSE;
}
Fclose ($ m_fp );
Return TRUE;
}
/**
* Obtain the Cookie information returned from a page.
*
* @ Access public
* @ Param string $ gurl adjust the address
* @ Return string
*/
Function RefurlCookie ($ gurl)
{
Global $ gcookie, $ lastRfurl;
$ Gurl = trim ($ gurl );
If (! Empty ($ gcookie) & $ lastRfurl ==$ gurl)
{
Return $ gcookie;
}
Else
{
$ LastRfurl = $ gurl;
}
If (trim ($ gurl) = '')
{
Return '';
}
$ Urlinfos = GetHostInfo ($ gurl );
$ Ghost = $ urlinfos ['host'];
$ Gquery = $ urlinfos ['query'];
$ SessionQuery = "GET $ gquery HTTP/1.1 \ r \ n ";
$ SessionQuery. = "Host: $ ghost \ r \ n ";
$ SessionQuery. = "Accept: */* \ r \ n ";
$ SessionQuery. = "User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) \ r \ n ";
$ SessionQuery. = "Connection: Close \ r \ n ";
$ Errno = "";
$ Errstr = "";
$ M_fp = fsockopen ($ ghost, 80, $ errno, $ errstr, 10) or die ($ ghost .'
');
Fwrite ($ m_fp, $ sessionQuery );
$ Lnum = 0;
// Obtain the detailed response header
$ Gcookie = "";
While (! Feof ($ m_fp ))
{
$ Line = trim (fgets ($ m_fp, 256 ));
If ($ line = "" ||$ lnum> 100)
{
Break;
}
Else
{
If (preg_match ("/^ cookie/I", $ line ))
{
$ Gcookie = $ line;
Break;
}
}
}
Fclose ($ m_fp );
Return $ gcookie;
}
/**
* Obtain the host and query parts of the website.
*
* @ Access public
* @ Param string $ gurl adjust the address
* @ Return string
*/
Function GetHostInfo ($ gurl)
{
$ Gurl = preg_replace ("/^ http: \\// I", "", trim ($ gurl ));
$ Garr ['host'] = preg_replace ("// (. *) $/I", "", $ gurl );
$ Garr ['query'] = "/". preg_replace ("/^ ([^ \/] *) \ // I", "", $ gurl );
Return $ garr;
}
?>