Home >Backend Development >PHP Tutorial >Implementation code for intelligent file type detection using PHP_PHP tutorial

Implementation code for intelligent file type detection using PHP_PHP tutorial

WBOY
WBOYOriginal
2016-07-21 15:26:01750browse

Use file suffix and MIME type detection
Usually when we want to strictly limit the file type, we can simply use $_FILES['myFile']['type'] to get the MIME type of the file and then detect it. Whether it is a legal type.
Alternatively we can take the last few characters of the file name to get the file suffix. Unfortunately, these methods are not sufficient and the extension of the file can be easily changed to bypass this restriction. Furthermore, MIME type information is sent by the browser, and most, if not all, browsers give MIME type information based on the file extension! Therefore, MIME types, like extensions, can be easily spoofed.
Using the "Magic Bytes"
The best way to determine the file type is by examining the first few bytes of the file - known as the "Magic Bytes". Magic bytes are essentially signatures of varying lengths between 2 and 40 bytes in the file header, or at the end of the file. There are hundreds of file types, and quite a few of them have several file signatures associated with them. Here you can see a list of file signatures.
The lazy way is to use the fileinfo extension, which is enabled by default in PHP 5.3.0 (according to the official MANUAL). If it is not enabled, you can enable it yourself
For example, under Windows:

Copy the code The code is as follows:

extension=php_fileinfo.dll


under linux:
Copy code The code is as follows:

extension=fileinfo.so
#If it doesn’t work properly, add the following
#mime_magic .magicfile=/usr/share/file/magic


If it does not work properly under windows:
Please refer to: http://www.php.net/manual/en/ fileinfo.installation.php#82570
Download file-5.03-bin.zip and unzip it. There are two files magic.mgc and magic in the share directory.
Then add a system environment variable named MAGIC pointing to the magic file. Such as D:softwarePHPextrasmiscmagic      
Copy code The code is as follows:
function getFileMimeType($file) {
$buffer = file_get_contents ($file);
$finfo = new finfo(FILEINFO_MIME_TYPE);
return $finfo->buffer($buffer);
}
$mime_type = getFileMimeType($file);
switch($mime_type) {
case "image/jpeg":
// your actions go here...
}


Handle image upload
If you plan to only allow image uploads, then you can use the built-in getimagesize() function to ensure that the user is actually uploading a valid image file. If the file is not a valid image file, this function returns false.

Copy code The code is as follows:
// Assume that the name attribute of the file input field is myfile
$tempFile = $ _FILES['myFile']['tmp_name']; // path of the temp file created by PHP during upload
$imginfo_array = getimagesize($tempFile); // returns a false if not a valid image file
if ($imginfo_array !== false) {
$mime_type = $imginfo_array['mime'];
switch($mime_type) {
case "image/jpeg":
// your actions go here...
}
}
else {
echo "This is not a valid image file";
}


Manually reading and interpreting the "magic bytes"
If for some reason you are unable to install the FileInfo extension, you can still determine this manually, by reading the first few words of the file sections and compares them to the bytes of the known magic associated with a specific file type. This process must have involved a little trial and error, as there is also the possibility that there are a few illegal magic bytes associated with a legitimate file format.
However, this is not impossible. A few years ago, I was asked to make a script file that only allowed real mp3 files to be uploaded. And, since we couldn't use Fileinfo at the time, we had to rely on this manual detection method.
It took me a while to parse the illegal magic bytes of some mp3 files, but soon, I got a stable upload script.
Before I end this article, I want to give you a warning: make sure you never call an include() to include an uploaded file, because the PHP code may be cleverly hidden inside the image, and the image can also be successful Through your file detection, when such a script is run, it can only cause damage to the system.
Translated from: http://designshack.co.uk/articles/php-articles/smart-file-type-detection-using-php/

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/324061.htmlTechArticleUsing file suffix and MIME type detection Usually when we want to strictly limit file types, we can simply use $_FILES[ 'myFile']['type'] gets the MIME type of the file and checks whether it...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn