简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Backend Development  >  PHP detects image Trojans

PHP detects image Trojans

WBOY
WBOYOriginal
2016-07-23 08:54:501302browse
Practice php detection of image Trojans
  1. /**
  2. +------------------------------------------------ -------------------------------
  3. * Upload file upload class
  4. +--------------------- -------------------------------------------------- ----------------
  5. * @package Upload
  6. * @author nicegy
  7. * @version $Id: Upload.class.php 2014-4-11 19:00:23 nicegy $
  8. +------------------------------------------------ -------------------------------
  9. */
  10. class Upload {
  12. private static $image = null;
  13. private static $status = 0;
  14. private static $suffix = null ;
  15. private static $imageType = array('.jpg', '.bmp','.gif','.png');
  16. private static $message = array(
  17. '0' => 'No error occurred, The file uploaded successfully. ',
  18. '1' => 'The uploaded file exceeded the value of the upload_max_filesize option in php.ini',
  19. '2' => 'The size of the uploaded file exceeded the MAX_FILE_SIZE option in the HTML form. Specified value. ',
  20. '3' => 'Only part of the file was uploaded',
  21. '4' => 'No file uploaded',
  22. '5' => 'Failed to pass security check. File. ',
  23. '6' => 'Temp folder not found. ',
  24. '7' => 'File writing failed.',
  25. '8' => 'File type not supported',
  26. '9' => 'The uploaded temporary file is lost. ',
  27. );
  29. //@ Start file upload
  30. public static function start($feild = 'file') {
  31. if (!empty($_FILES) )) {
  32. self::$status = $_FILES[$feild]['error'];
  33. if (self::$status > 0)
  34. return array('status' => self::$status, 'msg' => self::$message[self::$status]);
  35. self::$image = $_FILES[$feild]['tmp_name'];
  36. self::$suffix = strtolower(strrchr( $_FILES[$feild]['name'], '.'));
  37. return array('status' => self::_upload(), 'path' => self::$image, 'msg' => self::$message[self::$status]);
  38. } else {
  39. return array('status' => self::$status, 'msg' => self::$message[self ::$status]);
  40. }
  41. }
  43. //@ Private upload starts
  44. private static function _upload($path = './upload/') {
  45. date_default_timezone_set('PRC');
  46. $newFile = $path . date('Y/m/d/His') . rand(100, 999) . self::$suffix;
  47. self::umkdir(dirname($newFile));
  48. if (is_uploaded_file(self::$image ) && move_uploaded_file(self::$image, $newFile)) {
  49. self::$image = $newFile;
  50. if (in_array(self::$suffix, self::$imageType))
  51. return self::checkHex( );
  52. else
  53. return self::$status = 0;
  54. } else {
  55. return self::$status = 9;
  56. }
  57. }
  59. //@ Private hexadecimal detection hacker
  60. private static function checkHex() {
  61. if (file_exists(self::$image)) {
  62. $resource = fopen(self::$image, 'rb');
  63. $fileSize = filesize(self::$image);
  64. fseek($resource, 0);
  65. if ($fileSize > 512) { // Get the head and tail
  66. $hexCode = bin2hex(fread($resource, 512));
  67. fseek($resource, $fileSize - 512);
  68. $hexCode . = bin2hex(fread($resource, 512));
  69. } else { // Get all
  70. $hexCode = bin2hex(fread($resource, $fileSize));
  71. }
  72. fclose($resource);
  73. /* Match 16 */ in base
  74. /* matches */ in hexadecimal
  75. /* matches
in hexadecimal Copy code

php


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Visual SVN cannot be restored after reinstalling Windows, giving me a headache!Next article:Visual SVN cannot be restored after reinstalling Windows, giving me a headache!

Related articles

See more