Implementation code for intelligent file type detection using PHP

Home

Backend Development

PHP Tutorial

Implementation code for intelligent file type detection using PHP_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 21, 2016 pm 03:26 PM

phpcodeuseusesuffixandaccomplishusdocumentintelligentDetectionoftype

Use file suffix and MIME type detection
Usually when we want to strictly limit the file type, we can simply use $_FILES['myFile']['type'] to get the MIME type of the file and then detect it. Whether it is a legal type.
Alternatively we can take the last few characters of the file name to get the file suffix. Unfortunately, these methods are not sufficient and the extension of the file can be easily changed to bypass this restriction. Furthermore, MIME type information is sent by the browser, and most, if not all, browsers give MIME type information based on the file extension! Therefore, MIME types, like extensions, can be easily spoofed.
Using the "Magic Bytes"
The best way to determine the file type is by examining the first few bytes of the file - known as the "Magic Bytes". Magic bytes are essentially signatures of varying lengths between 2 and 40 bytes in the file header, or at the end of the file. There are hundreds of file types, and quite a few of them have several file signatures associated with them. Here you can see a list of file signatures.
The lazy way is to use the fileinfo extension, which is enabled by default in PHP 5.3.0 (according to the official MANUAL). If it is not enabled, you can enable it yourself
For example, under Windows:

Copy the code The code is as follows:

extension=php_fileinfo.dll

under linux:

Copy code The code is as follows:

 
extension=fileinfo.so 
#If it doesn’t work properly, add the following 
#mime_magic .magicfile=/usr/share/file/magic 

If it does not work properly under windows:
Please refer to: http://www.php.net/manual/en/ fileinfo.installation.php#82570
Download file-5.03-bin.zip and unzip it. There are two files magic.mgc and magic in the share directory.
Then add a system environment variable named MAGIC pointing to the magic file. Such as D:softwarePHPextrasmiscmagic 　　　　　

Copy code The code is as follows:

function getFileMimeType($file) { 
$buffer = file_get_contents ($file); 
$finfo = new finfo(FILEINFO_MIME_TYPE); 
return $finfo->buffer($buffer); 
} 
$mime_type = getFileMimeType($file); 
switch($mime_type) { 
case "image/jpeg": 
// your actions go here... 
} 

 

Handle image upload
If you plan to only allow image uploads, then you can use the built-in getimagesize() function to ensure that the user is actually uploading a valid image file. If the file is not a valid image file, this function returns false.

Copy code The code is as follows:

// Assume that the name attribute of the file input field is myfile
$tempFile = $ _FILES['myFile']['tmp_name']; // path of the temp file created by PHP during upload
$imginfo_array = getimagesize($tempFile); // returns a false if not a valid image file
if ($imginfo_array !== false) {
$mime_type = $imginfo_array['mime'];
switch($mime_type) {
case "image/jpeg":
// your actions go here...
}
}
else {
echo "This is not a valid image file";
}

Manually reading and interpreting the "magic bytes"
If for some reason you are unable to install the FileInfo extension, you can still determine this manually, by reading the first few words of the file sections and compares them to the bytes of the known magic associated with a specific file type. This process must have involved a little trial and error, as there is also the possibility that there are a few illegal magic bytes associated with a legitimate file format.
However, this is not impossible. A few years ago, I was asked to make a script file that only allowed real mp3 files to be uploaded. And, since we couldn't use Fileinfo at the time, we had to rely on this manual detection method.
It took me a while to parse the illegal magic bytes of some mp3 files, but soon, I got a stable upload script.
Before I end this article, I want to give you a warning: make sure you never call an include() to include an uploaded file, because the PHP code may be cleverly hidden inside the image, and the image can also be successful Through your file detection, when such a script is run, it can only cause damage to the system.
Translated from: http://designshack.co.uk/articles/php-articles/smart-file-type-detection-using-php/

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

php怎么把负数转为正整数Apr 19, 2022 pm 08:59 PM

php把负数转为正整数的方法：1、使用abs()函数将负数转为正数，使用intval()函数对正数取整，转为正整数，语法“intval(abs($number))”；2、利用“~”位运算符将负数取反加一，语法“~$number + 1”。

php怎么实现几秒后执行一个函数Apr 24, 2022 pm 01:12 PM

实现方法：1、使用“sleep(延迟秒数)”语句，可延迟执行函数若干秒；2、使用“time_nanosleep(延迟秒数,延迟纳秒数)”语句，可延迟执行函数若干秒和纳秒；3、使用“time_sleep_until(time()+7)”语句。

如何利用GitLab进行项目文档管理Oct 20, 2023 am 10:40 AM

如何利用GitLab进行项目文档管理一、背景介绍在软件开发过程中，项目文档是非常重要的资料，不仅能够帮助开发团队了解项目的需求和设计，还能提供给测试团队和客户参考。为了方便项目文档的版本控制和团队协作，我们可以利用GitLab来进行项目文档管理。GitLab是一个基于Git的版本控制系统，除了支持代码管理，还可以管理项目文档。二、GitLab环境搭建首先，我