Recently on the Internet a lot of information about the PHP detection of the Trojan horse is basically the same kind of article here I summed up a reliable method from these articles
First, from the production principle to analyze the Trojan horse program. This trojan is written in hexadecimal, so we can detect the Trojan script by detecting the hex code.
1. First upload the image file, we have to define a way to upload the file, and then call thinkphp in the method of the framework to write the upload class, but the framework of the class does not detect the function of the Trojan horse, so we can write a upload class
<?PHP/** +------------------------------------------------------------------------------* Upload File Upload class +------------- -----------------------------------------------------------------* @package Upload +----------------------------- -------------------------------------------------*/classUpload {Private Static $image=NULL; Private Static $status= 0; Private Static $suffix=NULL; Private Static $imageType=Array('. jpg ', '. bmp ', '. gif ', '. png '); Allowed picture TypesPrivate Static $message=Array(//File upload error message' 0 ' = ' no error occurred and the file upload was successful. ', ' 1 ' = ' + ' uploads a file that exceeds the value of the Upload_max_filesize option limit in php.ini. ', ' 2 ' = ' + ' the size of the uploaded file exceeds the value specified by the Max_file_size option in the HTML form. ', ' 3 ' + ' files are only partially uploaded. ', ' 4 ' = ' = ' no file uploaded. ', ' 5 ' = ' = ' Failed to pass security check of the file. ', ' 6 ' and ' = ' cannot find the Temp folder. ', ' 7 ' = ' = ' file failed to write. ', ' 8 ' = ' = ' file type not supported ', ' 9 ' = ' + ' upload temporary file missing. ‘, ); //@ Start performing file uploads Public Static functionStart$feild= ' file ') { if(!Empty($_files) ) { self::$status=$_files[$feild[' Error ']; if(Self::$status> 0) return Array(' status ' = self::$status, ' msg ' = ' Self::$message[Self::$status]); Self::$image=$_files[$feild[' Tmp_name ']; Self::$suffix=Strtolower(STRRCHR($_files[$feild[' name '], '. ')); return Array(' Status ' = Self::_upload (), ' path ' = ' Self::$image, ' msg ' = ' Self::$message[Self::$status]); } Else { return Array(' status ' = self::$status, ' msg ' = ' Self::$message[Self::$status]); }} //@ Private Upload start Private Static function_upload ($path= './upload/') {Date_default_timezone_set (' PRC '); $newFile=$path.Date(' Y/m/d/his ').Rand(100, 999). Self::$suffix; Define the upload subdirectory self:: Umkdir (dirname($newFile)); if(Is_uploaded_file(Self::$image) &&Move_uploaded_file(Self::$image,$newFile) ) { self::$image=$newFile; The generated new file nameif(In_array(Self::$suffix, Self::$imageType) //To determine if the upload type complies with the requirementsreturnSelf::Checkhex (); Returns the return value of the Trojan script detectionElse returnSelf::$status= 0; } Else { returnSelf::$status= 9; } } //@ Private 16 in-system detection Private Static functionCheckhex () {if(file_exists(Self::$image)) { $resource=fopen(Self::$image, ' RB '); $fileSize=filesize(Self::$image); fseek($resource, 0); Move the file pointer to the beginning of the fileif($fileSize> 512) {//if the file is larger than 521B file header and tail $hexCode=Bin2Hex(fread($resource, 512)); fseek($resource,$fileSize-512); Move the file pointer to the end of the file$hexCode.=Bin2Hex(fread($resource, 512)); } Else{//Take all $hexCode=Bin2Hex(fread($resource,$fileSize)); } fclose($resource); /*Match <% () in 16 binary ()%>*/ /*match the < in the 16 binary;? ()?>*/ /*match <script in 16 binary |/script> case can also be*/
/* Core of the entire class is here to detect if a Trojan script is present by matching the hexadecimal code */
if(Preg_match("/(3c25.*?28.*?29.*?253e) | (3c3f.*?28.*?29.*?3f3e) | (3c534352495054) | (2f5343524950543e) | (3c736372697074) | (2f7363726970743e)/is ",$hexCode)) self::$status= 5; Else Self::$status= 0; returnSelf::$status; } Else { returnSelf::$status= 9; } } //@ Private Create directory Private Static functionUmkdir ($dir) { if(!file_exists($dir) &&!Is_dir($dir) ) { self:: Umkdir (dirname($dir)); @mkdir($dir); } }}
This class with its own definition of the upload image method can detect whether the upload of a picture Trojan script
There are opinions and suggestions of brothers, can message to communicate, criticize correct! Thank you
Thinkphp detects if the uploaded image contains a Trojan script