Thinkphp detects if the uploaded image contains a Trojan script

Source: Internet
Author: User
Tags create directory fread html form hex code

Recently on the Internet a lot of information about the PHP detection of the Trojan horse is basically the same kind of article here I summed up a reliable method from these articles

First, from the production principle to analyze the Trojan horse program. This trojan is written in hexadecimal, so we can detect the Trojan script by detecting the hex code.

1. First upload the image file, we have to define a way to upload the file, and then call thinkphp in the method of the framework to write the upload class, but the framework of the class does not detect the function of the Trojan horse, so we can write a upload class

<?PHP/** +------------------------------------------------------------------------------* Upload File Upload class +------------- -----------------------------------------------------------------* @package Upload +----------------------------- -------------------------------------------------*/classUpload {Private Static $image=NULL; Private Static $status= 0; Private Static $suffix=NULL; Private Static $imageType=Array('. jpg ', '. bmp ', '. gif ', '. png '); Allowed picture TypesPrivate Static $message=Array(//File upload error message' 0 ' = ' no error occurred and the file upload was successful. ', ' 1 ' = ' + ' uploads a file that exceeds the value of the Upload_max_filesize option limit in php.ini. ', ' 2 ' = ' + ' the size of the uploaded file exceeds the value specified by the Max_file_size option in the HTML form. ', ' 3 ' + ' files are only partially uploaded. ', ' 4 ' = ' = ' no file uploaded. ', ' 5 ' = ' = ' Failed to pass security check of the file. ', ' 6 ' and ' = ' cannot find the Temp folder. ', ' 7 ' = ' = ' file failed to write. ', ' 8 ' = ' = ' file type not supported ', ' 9 ' = ' + ' upload temporary file missing. ‘,      ); //@ Start performing file uploads       Public Static functionStart$feild= ' file ') {            if(!Empty($_files) ) { self::$status=$_files[$feild[' Error ']; if(Self::$status> 0)                      return Array(' status ' = self::$status, ' msg ' = ' Self::$message[Self::$status]); Self::$image=$_files[$feild[' Tmp_name ']; Self::$suffix=Strtolower(STRRCHR($_files[$feild[' name '], '. ')); return Array(' Status ' = Self::_upload (), ' path ' = ' Self::$image, ' msg ' = ' Self::$message[Self::$status]); } Else {                  return Array(' status ' = self::$status, ' msg ' = ' Self::$message[Self::$status]); }}    //@ Private Upload start    Private Static function_upload ($path= './upload/') {Date_default_timezone_set (' PRC '); $newFile=$path.Date(' Y/m/d/his ').Rand(100, 999). Self::$suffix; Define the upload subdirectory self:: Umkdir (dirname($newFile)); if(Is_uploaded_file(Self::$image) &&Move_uploaded_file(Self::$image,$newFile) ) { self::$image=$newFile; The generated new file nameif(In_array(Self::$suffix, Self::$imageType) //To determine if the upload type complies with the requirementsreturnSelf::Checkhex (); Returns the return value of the Trojan script detectionElse                returnSelf::$status= 0; } Else {            returnSelf::$status= 9; }    }    //@ Private 16 in-system detection    Private Static functionCheckhex () {if(file_exists(Self::$image)) {            $resource=fopen(Self::$image, ' RB '); $fileSize=filesize(Self::$image); fseek($resource, 0); Move the file pointer to the beginning of the fileif($fileSize> 512) {//if the file is larger than 521B file header and tail                $hexCode=Bin2Hex(fread($resource, 512)); fseek($resource,$fileSize-512); Move the file pointer to the end of the file$hexCode.=Bin2Hex(fread($resource, 512)); } Else{//Take all                $hexCode=Bin2Hex(fread($resource,$fileSize)); }            fclose($resource); /*Match <% () in 16 binary ()%>*/            /*match the < in the 16 binary;? ()?>*/            /*match <script in 16 binary |/script> case can also be*/
/* Core of the entire class is here to detect if a Trojan script is present by matching the hexadecimal code */
if(Preg_match("/(3c25.*?28.*?29.*?253e) | (3c3f.*?28.*?29.*?3f3e) | (3c534352495054) | (2f5343524950543e) | (3c736372697074) | (2f7363726970743e)/is ",$hexCode)) self::$status= 5; Else Self::$status= 0; returnSelf::$status; } Else { returnSelf::$status= 9; } } //@ Private Create directory Private Static functionUmkdir ($dir) { if(!file_exists($dir) &&!Is_dir($dir) ) { self:: Umkdir (dirname($dir)); @mkdir($dir); } }}

This class with its own definition of the upload image method can detect whether the upload of a picture Trojan script

There are opinions and suggestions of brothers, can message to communicate, criticize correct! Thank you

Thinkphp detects if the uploaded image contains a Trojan script

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.