Practice PHP Detection Picture Trojan
- /**
- +------------------------------------------------------------------------------
- * Upload File Upload class
- +------------------------------------------------------------------------------
- * @package Upload
- * @author Nicegy
- * @version $Id: Upload.class.php 2014-4-11 19:00:23 Nicegy $
- +------------------------------------------------------------------------------
- */
- Class Upload {
- private static $image = null;
- private static $status = 0;
- private static $suffix = null;
- private static $imageType = Array ('. jpg ', '. bmp ', '. gif ', '. png ');
- private static $message = Array (
- ' 0 ' = ' no error occurred and the file upload was successful. ',
- ' 1 ' + ' uploaded file exceeded the upload_max_filesize option limit in php.ini. ',
- ' 2 ' + ' the size of the uploaded file exceeds the value specified by the Max_file_size option in the HTML form. ',
- ' 3 ' + ' files are only partially uploaded. ',
- ' 4 ' = ' no file upload. ',
- ' 5 ' = ' Failed to pass security check file. ',
- ' 6 ' = ' cannot find the Temp folder. ',
- ' 7 ' = ' file failed to write. ',
- ' 8 ' = ' file type not supported ',
- ' 9 ' = ' upload temporary files are missing. ',
- );
- @ Start performing file uploads
- public static function Start ($feild = ' file ') {
- if (!empty ($_files)) {
- Self:: $status = $_files[$feild] [' ERROR '];
- if (self:: $status > 0)
- Return array (' status ' = + Self:: $status, ' msg ' + ' self:: $message [Self:: $status]);
- Self:: $image = $_files[$feild] [' tmp_name '];
- Self:: $suffix = Strtolower (STRRCHR ($_files[$feild [' name '], '. '));
- Return array (' status ' = = Self::_upload (), ' path ' = + Self:: $image, ' msg ' = ' self:: $message [Self:: $status]);
- } else {
- Return array (' status ' = + Self:: $status, ' msg ' + ' self:: $message [Self:: $status]);
- }
- }
- @ Private Upload Start
- private static function _upload ($path = './upload/') {
- Date_default_timezone_set (' PRC ');
- $newFile = $path. Date (' Y/m/d/his '). RAND (100, 999). Self:: $suffix;
- Self::umkdir (DirName ($newFile));
- if (Is_uploaded_file (self:: $image) && move_uploaded_file (self:: $image, $newFile)) {
- Self:: $image = $newFile;
- if (In_array (self:: $suffix, Self:: $imageType))
- return Self::checkhex ();
- Else
- Return self:: $status = 0;
- } else {
- Return self:: $status = 9;
- }
- }
- @ Private 16 binary detection hack
- private static function Checkhex () {
- if (File_exists (self:: $image)) {
- $resource = fopen (self:: $image, ' RB ');
- $fileSize = FileSize (self:: $image);
- Fseek ($resource, 0);
- if ($fileSize > 512) {//Pick head and tail
- $hexCode = Bin2Hex (Fread ($resource, 512));
- Fseek ($resource, $fileSize-512);
- $hexCode. = Bin2Hex (Fread ($resource, 512));
- } else {//Fetch all
- $hexCode = Bin2Hex (Fread ($resource, $fileSize));
- }
- Fclose ($resource);
- /* Match 16 in the binary */
- /* Match 16 in the binary */
- /* Match 16 in the binary
Copy Code
|