Thinkphp detects if the uploaded image contains a Trojan script

Recently on the Internet a lot of information about the PHP detection of the Trojan horse is basically the same kind of article here I summed up a reliable method from these articles

First, from the production principle to analyze the Trojan horse program. This trojan is written in hexadecimal, so we can detect the Trojan script by detecting the hex code.

1. First upload the image file, we have to define a way to upload the file, and then call thinkphp in the method of the framework to write the upload class, but the framework of the class does not detect the function of the Trojan horse, so we can write a upload class

<?PHP/** +------------------------------------------------------------------------------* Upload File Upload class +------------- -----------------------------------------------------------------* @package Upload +----------------------------- -------------------------------------------------*/classUpload {Private Static $image=NULL; Private Static $status= 0; Private Static $suffix=NULL; Private Static $imageType=Array('. jpg ', '. bmp ', '. gif ', '. png '); Allowed picture TypesPrivate Static $message=Array(//File upload error message' 0 ' = ' no error occurred and the file upload was successful. ', ' 1 ' = ' + ' uploads a file that exceeds the value of the Upload_max_filesize option limit in php.ini. ', ' 2 ' = ' + ' the size of the uploaded file exceeds the value specified by the Max_file_size option in the HTML form. ', ' 3 ' + ' files are only partially uploaded. ', ' 4 ' = ' = ' no file uploaded. ', ' 5 ' = ' = ' Failed to pass security check of the file. ', ' 6 ' and ' = ' cannot find the Temp folder. ', ' 7 ' = ' = ' file failed to write. ', ' 8 ' = ' = ' file type not supported ', ' 9 ' = ' + ' upload temporary file missing. ‘,      ); //@ Start performing file uploads       Public Static functionStart$feild= ' file ') {            if(!Empty($_files) ) { self::$status=$_files[$feild[' Error ']; if(Self::$status> 0)                      return Array(' status ' = self::$status, ' msg ' = ' Self::$message[Self::$status]); Self::$image=$_files[$feild[' Tmp_name ']; Self::$suffix=Strtolower(STRRCHR($_files[$feild[' name '], '. ')); return Array(' Status ' = Self::_upload (), ' path ' = ' Self::$image, ' msg ' = ' Self::$message[Self::$status]); } Else {                  return Array(' status ' = self::$status, ' msg ' = ' Self::$message[Self::$status]); }}    //@ Private Upload start    Private Static function_upload ($path= './upload/') {Date_default_timezone_set (' PRC '); $newFile=$path.Date(' Y/m/d/his ').Rand(100, 999). Self::$suffix; Define the upload subdirectory self:: Umkdir (dirname($newFile)); if(Is_uploaded_file(Self::$image) &&Move_uploaded_file(Self::$image,$newFile) ) { self::$image=$newFile; The generated new file nameif(In_array(Self::$suffix, Self::$imageType) //To determine if the upload type complies with the requirementsreturnSelf::Checkhex (); Returns the return value of the Trojan script detectionElse                returnSelf::$status= 0; } Else {            returnSelf::$status= 9; }    }    //@ Private 16 in-system detection    Private Static functionCheckhex () {if(file_exists(Self::$image)) {            $resource=fopen(Self::$image, ' RB '); $fileSize=filesize(Self::$image); fseek($resource, 0); Move the file pointer to the beginning of the fileif($fileSize> 512) {//if the file is larger than 521B file header and tail                $hexCode=Bin2Hex(fread($resource, 512)); fseek($resource,$fileSize-512); Move the file pointer to the end of the file$hexCode.=Bin2Hex(fread($resource, 512)); } Else{//Take all                $hexCode=Bin2Hex(fread($resource,$fileSize)); }            fclose($resource); /*Match <% () in 16 binary ()%>*/            /*match the < in the 16 binary;? ()?>*/            /*match <script in 16 binary |/script> case can also be*/
/* Core of the entire class is here to detect if a Trojan script is present by matching the hexadecimal code */
            if(Preg_match("/(3c25.*?28.*?29.*?253e) | (3c3f.*?28.*?29.*?3f3e) | (3c534352495054) | (2f5343524950543e) | (3c736372697074) | (2f7363726970743e)/is ",$hexCode)) self::$status= 5; Else Self::$status= 0; returnSelf::$status; } Else {            returnSelf::$status= 9; }    }    //@ Private Create directory    Private Static functionUmkdir ($dir) {        if(!file_exists($dir) &&!Is_dir($dir) ) { self:: Umkdir (dirname($dir)); @mkdir($dir); }    }}

This class with its own definition of the upload image method can detect whether the upload of a picture Trojan script

There are opinions and suggestions of brothers, can message to communicate, criticize correct! Thank you

Thinkphp detects if the uploaded image contains a Trojan script