Home  >  Article  >  Backend Development  >  PHP detects image Trojans

PHP detects image Trojans

WBOY
WBOYOriginal
2016-07-23 08:54:501341browse
Practice php detection of image Trojans
  1. /**
  2. +------------------------------------------------ -------------------------------
  3. * Upload file upload class
  4. +--------------------- -------------------------------------------------- ----------------
  5. * @package Upload
  6. * @author nicegy
  7. * @version $Id: Upload.class.php 2014-4-11 19:00:23 nicegy $
  8. +------------------------------------------------ -------------------------------
  9. */
  10. class Upload {
  11. private static $image = null;
  12. private static $status = 0;
  13. private static $suffix = null ;
  14. private static $imageType = array('.jpg', '.bmp','.gif','.png');
  15. private static $message = array(
  16. '0' => 'No error occurred, The file uploaded successfully. ',
  17. '1' => 'The uploaded file exceeded the value of the upload_max_filesize option in php.ini',
  18. '2' => 'The size of the uploaded file exceeded the MAX_FILE_SIZE option in the HTML form. Specified value. ',
  19. '3' => 'Only part of the file was uploaded',
  20. '4' => 'No file uploaded',
  21. '5' => 'Failed to pass security check. File. ',
  22. '6' => 'Temp folder not found. ',
  23. '7' => 'File writing failed.',
  24. '8' => 'File type not supported',
  25. '9' => 'The uploaded temporary file is lost. ',
  26. );
  27. //@ Start file upload
  28. public static function start($feild = 'file') {
  29. if (!empty($_FILES) )) {
  30. self::$status = $_FILES[$feild]['error'];
  31. if (self::$status > 0)
  32. return array('status' => self::$status, 'msg' => self::$message[self::$status]);
  33. self::$image = $_FILES[$feild]['tmp_name'];
  34. self::$suffix = strtolower(strrchr( $_FILES[$feild]['name'], '.'));
  35. return array('status' => self::_upload(), 'path' => self::$image, 'msg' => self::$message[self::$status]);
  36. } else {
  37. return array('status' => self::$status, 'msg' => self::$message[self ::$status]);
  38. }
  39. }
  40. //@ Private upload starts
  41. private static function _upload($path = './upload/') {
  42. date_default_timezone_set('PRC');
  43. $newFile = $path . date('Y/m/d/His') . rand(100, 999) . self::$suffix;
  44. self::umkdir(dirname($newFile));
  45. if (is_uploaded_file(self::$image ) && move_uploaded_file(self::$image, $newFile)) {
  46. self::$image = $newFile;
  47. if (in_array(self::$suffix, self::$imageType))
  48. return self::checkHex( );
  49. else
  50. return self::$status = 0;
  51. } else {
  52. return self::$status = 9;
  53. }
  54. }
  55. //@ Private hexadecimal detection hacker
  56. private static function checkHex() {
  57. if (file_exists(self::$image)) {
  58. $resource = fopen(self::$image, 'rb');
  59. $fileSize = filesize(self::$image);
  60. fseek($resource, 0);
  61. if ($fileSize > 512) { // Get the head and tail
  62. $hexCode = bin2hex(fread($resource, 512));
  63. fseek($resource, $fileSize - 512);
  64. $hexCode . = bin2hex(fread($resource, 512));
  65. } else { // Get all
  66. $hexCode = bin2hex(fread($resource, $fileSize));
  67. }
  68. fclose($resource);
  69. /* Match 16 */ in base
  70. /* matches */ in hexadecimal
  71. /* matches
in hexadecimal Copy code

php


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn