php mine类型大全

2021-12-04 09:10:20

一些题外话,抱怨一下,不要介意。还是进入正题吧,我这里讨论很浅,仅仅是思路,以上传txt格式的文件为例,深层次的扩展这里就不讨论了,因此这篇文章只适合PHP初学者,对高手来说可能没有什么意义。好,我们开始。

首先要建立一个文件夹和两个文件,具体如下:

File              —————— 文件夹,用于存放上传的文件。
choose.htm   —————— htm文件,用于选择上传的文件。
upload.php —————— php文件,用于处理上传的文件。


第一步:建立 File 文件夹。


第二步:建立 choose.htm 文件,代码如下:
____________________________________________________________________________________________________________

<form action="upload.php" method="post" enctype="multipart/form-data">
    <input type="hidden" name="MAX_FLIE_SIZE" value="1000000" />
上传此文件:
    <input name="userfile" type="file" id="userfile" />
    <input type="submit" name="Submit" value="上传" />
</form>
____________________________________________________________________________________________________________



第三步:建立 upload.php 文件,代码如下:
____________________________________________________________________________________________________________
<?php

//上传文件错误判定
if($_FILES[‘userfile‘][‘error‘]>0)
{
       echo ‘错误:‘;
      
       switch($_FILES[‘userfile‘][‘error‘])
       {
            case 1: echo ‘文件尺寸超过允许的最大上传限度!‘; break;
            case 2: echo ‘文件尺寸超过允许的最大上传限度!‘; break;
            case 3: echo ‘只有部分文件被上传!‘; break;
            case 4: echo ‘没有任何文件被上传!‘; break;
       }
       exit;
}

//上传文件格式判定
if($_FILES[‘userfile‘][‘type‘] !=‘text/plain‘)
{
       echo ‘错误:非法文件格式!‘;
       exit;
}

//设置文件保存路径
$upfile = ‘./File/‘ . $_FILES[‘userfile‘][‘name‘];

if(is_uploaded_file($_FILES[‘userfile‘][‘tmp_name‘]))
{
       if(!move_uploaded_file($_FILES[‘userfile‘][‘tmp_name‘],$upfile))
       {
            echo ‘错误:没有将文件移动到指定目录!‘;
            exit;
       }
}
else
{
       echo ‘错误:可能文件上传被攻击!文件名:‘;
       echo $_FILES[‘userfile‘][‘name‘];
}

echo ‘文件上传成功!‘;

//格式化上传的文件
$fp = fopen($upfile,‘r‘);
$contents = fread($fp,filesize($upfile));
fclose($fp);

$contents = strip_tags($contents);
$fp = fopen($upfile,‘w‘);
fwrite($fp,$contents);
fclose($fp);

//显示上传文件内容
echo ‘上传文件的内容为:‘;
echo $contents;
?>
____________________________________________________________________________________________________________


测试一下:

1、建立一个 123.txt 文件,里面输入一些纯文本字符,比如 abc,上传成功!

2、我们再来试看其他后缀名,如.exe,.php,.htm之类的,只要非txt,就将导致失败!

3、把任意一个大于1M的文件名改为123.txt并上传,我们将发现超过限制大小的文件将导致上传失败!

4、将123.txt的内容改掉,删除所有内容,输入 <html>HTML code</html>,保存并上传,我们会发现上传失败!

5、将123.txt的内容改掉,删除所有内容,输入 <?php echo‘PHP code‘; ?>保存并上传,我们会发现 File 文件夹中有一个0字节的,没有任何内容的123.txt文件!



相关说明:

首先我们使用了检测MIME类型的方法,因此如果希望通过传一个错误的类型来蒙混过关,这对那些有恶意的用户来说还是很难的,但这只是错误检查,并非安全性检查,但起码这比简单的后缀名过滤的上传方法要安全一些。

之后我们检查要打开的文件是否已经真的被上传而且不是一个本地文件,因为有的恶意软件能够让侵入者修改文件上传脚本,使此脚本可以将本地文件当成上载的文件进行处理。我们使用 is_uploaded_file() 和 move_uploaded_file() 这两个函数来确保所处理的文件已经被上传,而非一个本地文件。

最后,我们打开这个文件,使用 strip_tags() 函数清除任何 HTML 或 PHP 标记,防止通过重重错误检查的 123.txt 仍然含有恶意代码。最后保存文件,直到这里,才真正的完成了整个上传工作。


补充说明:

有可能某些人看客对 upload.php 中的 switch 条件句有些模糊,不知道为什么要这么写,我在这里简单的补充说明一下:

$_FILES[‘userfile‘][‘error‘]

值为0时:UPLOAD_ERROR_OK (表示没有发生任何错误)
值为1时:UPLOAD_ERR_INI_SIZE (表示上传文件的大小超过了PHP配置文件的最大值)
值为2时:UPLOAD_ERR_FORM_SIZE (表示上传文件的大小超过了HTML表单中指定的最大值)
值为3时:UPLOAD_ERR_PARTIAL (表示文件只有一部分被上传)
值为4时:UPLOAD_ERR_NO_FILE (表示没有任何的文件被上传)

好,那就到这里结束吧。再次重声,这仅仅是个很浅的思路,如果要真的运用到开发中去,还需要进行很多修改很完善,这个就得靠大家自己去研究了。还是那句话:有什么不足的地方,欢迎各位指正,让大家见笑了。

写这篇文章最根本的目的:希望能给需要的人一些微薄的帮助。我PHP也是自学的,知道其中的辛苦,所以自己虽然很菜菜,但是也要懂得去分享,也希望每个人都能这样:共同学习、共同进步。

自知这种文章多如牛毛,再烂好歹也是原创,所以……各位口下留情,小弟知错了,呵呵。

另外注意:enctype 属性规定在发送到服务器之前应该如何对表单数据进行编码。

<form action="form_action.asp" enctype="text/plain">
  <p>First name: <input type="text" name="fname" /></p>
  <p>Last name: <input type="text" name="lname" /></p>
  <input type="submit" value="Submit" />
</form>
可以参考:http://www.w3school.com.cn/tags/att_form_enctype.asp



一下是文件后缀与MIME类型的对照表
123 application/vnd.lotus-1-2-3 
3gp video/3gpp 
aab application/x-authoware-bin 
aam application/x-authoware-map 
aas application/x-authoware-seg 
ai application/postscript 
aif audio/x-aiff 
aifc audio/x-aiff 
aiff audio/x-aiff 
als audio/X-Alpha5 
amc application/x-mpeg 
ani application/octet-stream 
asc text/plain 
asd application/astound 
asf video/x-ms-asf 
asn application/astound 
asp application/x-asap 
asx video/x-ms-asf 
au audio/basic 
avb application/octet-stream 
avi video/x-msvideo 
awb audio/amr-wb 
bcpio application/x-bcpio 
bin application/octet-stream 
bld application/bld 
bld2 application/bld2 
bmp application/x-MS-bmp 
bpk application/octet-stream 
bz2 application/x-bzip2 
cal image/x-cals 
ccn application/x-cnc 
cco application/x-cocoa 
cdf application/x-netcdf 
cgi magnus-internal/cgi 
chat application/x-chat 
class application/octet-stream 
clp application/x-msclip 
cmx application/x-cmx 
co application/x-cult3d-object 
cod image/cis-cod 
cpio application/x-cpio 
cpt application/mac-compactpro 
crd application/x-mscardfile 
csh application/x-csh 
csm chemical/x-csml 
csml chemical/x-csml 
css text/css 
cur application/octet-stream 
dcm x-lml/x-evm 
dcr application/x-director 
dcx image/x-dcx 
dhtml text/html 
dir application/x-director 
dll application/octet-stream 
dmg application/octet-stream 
dms application/octet-stream 
doc application/msword 
dot application/x-dot 
dvi application/x-dvi 
dwf drawing/x-dwf 
dwg application/x-autocad 
dxf application/x-autocad 
dxr application/x-director 
ebk application/x-expandedbook 
emb chemical/x-embl-dl-nucleotide 
embl chemical/x-embl-dl-nucleotide 
eps application/postscript 
eri image/x-eri 
es audio/echospeech 
esl audio/echospeech 
etc application/x-earthtime 
etx text/x-setext 
evm x-lml/x-evm 
evy application/x-envoy 
exe application/octet-stream 
fh4 image/x-freehand 
fh5 image/x-freehand 
fhc image/x-freehand 
fif image/fif 
fm application/x-maker 
fpx image/x-fpx 
fvi video/isivideo 
gau chemical/x-gaussian-input 
gca application/x-gca-compressed 
gdb x-lml/x-gdb 
gif image/gif 
gps application/x-gps 
gtar application/x-gtar 
gz application/x-gzip 
hdf application/x-hdf 
hdm text/x-hdml 
hdml text/x-hdml 
hlp application/winhlp 
hqx application/mac-binhex40 
htm text/html 
html text/html 
hts text/html 
ice x-conference/x-cooltalk 
ico application/octet-stream 
ief image/ief 
ifm image/gif 
ifs image/ifs 
imy audio/melody 
ins application/x-NET-Install 
ips application/x-ipscript 
ipx application/x-ipix 
it audio/x-mod 
itz audio/x-mod 
ivr i-world/i-vrml 
j2k image/j2k 
jad text/vnd.sun.j2me.app-descriptor 
jam application/x-jam 
jar application/java-archive 
jnlp application/x-java-jnlp-file 
jpe image/jpeg 
jpeg image/jpeg 
jpg image/jpeg 
jpz image/jpeg 
js application/x-javascript 
jwc application/jwc 
kjx application/x-kjx 
lak x-lml/x-lak 
latex application/x-latex 
lcc application/fastman 
lcl application/x-digitalloca 
lcr application/x-digitalloca 
lgh application/lgh 
lha application/octet-stream 
lml x-lml/x-lml 
lmlpack x-lml/x-lmlpack 
lsf video/x-ms-asf 
lsx video/x-ms-asf 
lzh application/x-lzh 
m13 application/x-msmediaview 
m14 application/x-msmediaview 
m15 audio/x-mod 
m3u audio/x-mpegurl 
m3url audio/x-mpegurl 
ma1 audio/ma1 
ma2 audio/ma2 
ma3 audio/ma3 
ma5 audio/ma5 
man application/x-troff-man 
map magnus-internal/imagemap 
mbd application/mbedlet 
mct application/x-mascot 
mdb application/x-msaccess 
mdz audio/x-mod 
me application/x-troff-me 
mel text/x-vmel 
mi application/x-mif 
mid audio/midi 
midi audio/midi 
mif application/x-mif 
mil image/x-cals 
mio audio/x-mio 
mmf application/x-skt-lbs 
mng video/x-mng 
mny application/x-msmoney 
moc application/x-mocha 
mocha application/x-mocha 
mod audio/x-mod 
mof application/x-yumekara 
mol chemical/x-mdl-molfile 
mop chemical/x-mopac-input 
mov video/quicktime 
movie video/x-sgi-movie 
mp2 audio/x-mpeg 
mp3 audio/x-mpeg 
mp4 video/mp4 
mpc application/vnd.mpohun.certificate 
mpe video/mpeg 
mpeg video/mpeg 
mpg video/mpeg 
mpg4 video/mp4 
mpga audio/mpeg 
mpn application/vnd.mophun.application 
mpp application/vnd.ms-project 
mps application/x-mapserver 
mrl text/x-mrml 
mrm application/x-mrm 
ms application/x-troff-ms 
mts application/metastream 
mtx application/metastream 
mtz application/metastream 
mzv application/metastream 
nar application/zip 
nbmp image/nbmp 
nc application/x-netcdf 
ndb x-lml/x-ndb 
ndwn application/ndwn 
nif application/x-nif 
nmz application/x-scream 
nokia-op-logo image/vnd.nok-oplogo-color 
npx application/x-netfpx 
nsnd audio/nsnd 
nva application/x-neva1 
oda application/oda 
oom application/x-AtlasMate-Plugin 
pac audio/x-pac 
pae audio/x-epac 
pan application/x-pan 
pbm image/x-portable-bitmap 
pcx image/x-pcx 
pda image/x-pda 
pdb chemical/x-pdb 
pdf application/pdf 
pfr application/font-tdpfr 
pgm image/x-portable-graymap 
pict image/x-pict 
pm application/x-perl 
pmd application/x-pmd 
png image/png 
pnm image/x-portable-anymap 
pnz image/png 
pot application/vnd.ms-powerpoint 
ppm image/x-portable-pixmap 
pps application/vnd.ms-powerpoint 
ppt application/vnd.ms-powerpoint 
pqf application/x-cprplayer 
pqi application/cprplayer 
prc application/x-prc 
proxy application/x-ns-proxy-autoconfig 
ps application/postscript 
ptlk application/listenup 
pub application/x-mspublisher 
pvx video/x-pv-pvx 
qcp audio/vnd.qcelp 
qt video/quicktime 
qti image/x-quicktime 
qtif image/x-quicktime 
r3t text/vnd.rn-realtext3d 
ra audio/x-pn-realaudio 
ram audio/x-pn-realaudio 
rar application/x-rar-compressed 
ras image/x-cmu-raster 
rdf application/rdf+xml 
rf image/vnd.rn-realflash 
rgb image/x-rgb 
rlf application/x-richlink 
rm audio/x-pn-realaudio 
rmf audio/x-rmf 
rmm audio/x-pn-realaudio 
rmvb audio/x-pn-realaudio 
rnx application/vnd.rn-realplayer 
roff application/x-troff 
rp image/vnd.rn-realpix 
rpm audio/x-pn-realaudio-plugin 
rt text/vnd.rn-realtext 
rte x-lml/x-gps 
rtf application/rtf 
rtg application/metastream 
rtx text/richtext 
rv video/vnd.rn-realvideo 
rwc application/x-rogerwilco 
s3m audio/x-mod 
s3z audio/x-mod 
sca application/x-supercard 
scd application/x-msschedule 
sdf application/e-score 
sea application/x-stuffit 
sgm text/x-sgml 
sgml text/x-sgml 
sh application/x-sh 
shar application/x-shar 
shtml magnus-internal/parsed-html 
shw application/presentations 
si6 image/si6 
si7 image/vnd.stiwap.sis 
si9 image/vnd.lgtwap.sis 
sis application/vnd.symbian.install 
sit application/x-stuffit 
skd application/x-Koan 
skm application/x-Koan 
skp application/x-Koan 
skt application/x-Koan 
slc application/x-salsa 
smd audio/x-smd 
smi application/smil 
smil application/smil 
smp application/studiom 
smz audio/x-smd 
snd audio/basic 
spc text/x-speech 
spl application/futuresplash 
spr application/x-sprite 
sprite application/x-sprite 
spt application/x-spt 
src application/x-wais-source 
stk application/hyperstudio 
stm audio/x-mod 
sv4cpio application/x-sv4cpio 
sv4crc application/x-sv4crc 
svf image/vnd 
svg image/svg-xml 
svh image/svh 
svr x-world/x-svr 
swf application/x-shockwave-flash 
swfl application/x-shockwave-flash 
t application/x-troff 
tad application/octet-stream 
talk text/x-speech 
tar application/x-tar 
taz application/x-tar 
tbp application/x-timbuktu 
tbt application/x-timbuktu 
tcl application/x-tcl 
tex application/x-tex 
texi application/x-texinfo 
texinfo application/x-texinfo 
tgz application/x-tar 
thm application/vnd.eri.thm 
tif image/tiff 
tiff image/tiff 
tki application/x-tkined 
tkined application/x-tkined 
toc application/toc 
toy image/toy 
tr application/x-troff 
trk x-lml/x-gps 
trm application/x-msterminal 
tsi audio/tsplayer 
tsp application/dsptype 
tsv text/tab-separated-values 
tsv text/tab-separated-values 
ttf application/octet-stream 
ttz application/t-time 
txt text/plain 
ult audio/x-mod 
ustar application/x-ustar 
uu application/x-uuencode 
uue application/x-uuencode 
vcd application/x-cdlink 
vcf text/x-vcard 
vdo video/vdo 
vib audio/vib 
viv video/vivo 
vivo video/vivo 
vmd application/vocaltec-media-desc 
vmf application/vocaltec-media-file 
vmi application/x-dreamcast-vms-info 
vms application/x-dreamcast-vms 
vox audio/voxware 
vqe audio/x-twinvq-plugin 
vqf audio/x-twinvq 
vql audio/x-twinvq 
vre x-world/x-vream 
vrml x-world/x-vrml 
vrt x-world/x-vrt 
vrw x-world/x-vream 
vts workbook/formulaone 
wav audio/x-wav 
wax audio/x-ms-wax 
wbmp image/vnd.wap.wbmp 
web application/vnd.xara 
wi image/wavelet 
wis application/x-InstallShield 
wm video/x-ms-wm 
wma audio/x-ms-wma 
wmd application/x-ms-wmd 
wmf application/x-msmetafile 
wml text/vnd.wap.wml 
wmlc application/vnd.wap.wmlc 
wmls text/vnd.wap.wmlscript 
wmlsc application/vnd.wap.wmlscriptc 
wmlscript text/vnd.wap.wmlscript 
wmv audio/x-ms-wmv 
wmx video/x-ms-wmx 
wmz application/x-ms-wmz 
wpng image/x-up-wpng 
wpt x-lml/x-gps 
wri application/x-mswrite 
wrl x-world/x-vrml 
wrz x-world/x-vrml 
ws text/vnd.wap.wmlscript 
wsc application/vnd.wap.wmlscriptc 
wv video/wavelet 
wvx video/x-ms-wvx 
wxl application/x-wxl 
x-gzip application/x-gzip 
xar application/vnd.xara 
xbm image/x-xbitmap 
xdm application/x-xdma 
xdma application/x-xdma 
xdw application/vnd.fujixerox.docuworks 
xht application/xhtml+xml 
xhtm application/xhtml+xml 
xhtml application/xhtml+xml 
xla application/vnd.ms-excel 
xlc application/vnd.ms-excel 
xll application/x-excel 
xlm application/vnd.ms-excel 
xls application/vnd.ms-excel 
xlt application/vnd.ms-excel 
xlw application/vnd.ms-excel 
xm audio/x-mod 
xml text/xml 
xmz audio/x-mod 
xpi application/x-xpinstall 
xpm image/x-xpixmap 
xsit text/xml 
xsl text/xml 
xul text/xul 
xwd image/x-xwindowdump 
xyz chemical/x-pdb 
yz1 application/x-yz1 
z application/x-compress 
zac application/x-zaurus-zac 
zip application/zip 

php mine类型大全,布布扣,bubuko.com

php mine类型大全

上一篇:转载 jQuery validation


下一篇:weblogic OutOfMemoryError 分析