develop
/
ql-gw-laravel5
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
109 Commits
1 Branch
0 Tags
14 MiB
Tree: 474c7f1675
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '474c7f1675'
${ noResults }
ql-gw-laravel5/public/other/flueditor/php/Uploader.class.php

371 lines
12 KiB
Raw Normal View History

Laravel基础
7 years ago
  1. <?php
  3. /**
  4. * Created by JetBrains PhpStorm.
  5. * User: taoqili
  6. * Date: 12-7-18
  7. * Time: 上午11: 32
  8. * UEditor编辑器通用上传类
  9. */
  10. class Uploader
  11. {
  12. private $fileField; //文件域名
  13. private $file; //文件上传对象
  14. private $base64; //文件上传对象
  15. private $config; //配置信息
  16. private $oriName; //原始文件名
  17. private $fileName; //新文件名
  18. private $fullName; //完整文件名,即从当前配置目录开始的URL
  19. private $filePath; //完整文件名,即从当前配置目录开始的URL
  20. private $fileSize; //文件大小
  21. private $fileType; //文件类型
  22. private $stateInfo; //上传状态信息,
  23. private $stateMap = array( //上传状态映射表,国际化用户需考虑此处数据的国际化
  24. "SUCCESS", //上传成功标记,在UEditor中内不可改变,否则flash判断会出错
  25. "文件大小超出 upload_max_filesize 限制",
  26. "文件大小超出 MAX_FILE_SIZE 限制",
  27. "文件未被完整上传",
  28. "没有文件被上传",
  29. "上传文件为空",
  30. "ERROR_TMP_FILE" => "临时文件错误",
  31. "ERROR_TMP_FILE_NOT_FOUND" => "找不到临时文件",
  32. "ERROR_SIZE_EXCEED" => "文件大小超出网站限制",
  33. "ERROR_TYPE_NOT_ALLOWED" => "文件类型不允许",
  34. "ERROR_CREATE_DIR" => "目录创建失败",
  35. "ERROR_DIR_NOT_WRITEABLE" => "目录没有写权限",
  36. "ERROR_FILE_MOVE" => "文件保存时出错",
  37. "ERROR_FILE_NOT_FOUND" => "找不到上传文件",
  38. "ERROR_WRITE_CONTENT" => "写入文件内容错误",
  39. "ERROR_UNKNOWN" => "未知错误",
  40. "ERROR_DEAD_LINK" => "链接不可用",
  41. "ERROR_HTTP_LINK" => "链接不是http链接",
  42. "ERROR_HTTP_CONTENTTYPE" => "链接contentType不正确",
  43. "INVALID_URL" => "非法 URL",
  44. "INVALID_IP" => "非法 IP"
  45. );
  47. /**
  48. * 构造函数
  49. * @param string $fileField 表单名称
  50. * @param array $config 配置项
  51. * @param bool $base64 是否解析base64编码,可省略。若开启,则$fileField代表的是base64编码的字符串表单名
  52. */
  53. public function __construct($fileField, $config, $type = "upload")
  54. {
  55. $this->fileField = $fileField;
  56. $this->config = $config;
  57. $this->type = $type;
  58. if ($type == "remote") {
  59. $this->saveRemote();
  60. } else if($type == "base64") {
  61. $this->upBase64();
  62. } else {
  63. $this->upFile();
  64. }
  66. $this->stateMap['ERROR_TYPE_NOT_ALLOWED'] = iconv('unicode', 'utf-8', $this->stateMap['ERROR_TYPE_NOT_ALLOWED']);
  67. }
  69. /**
  70. * 上传文件的主处理方法
  71. * @return mixed
  72. */
  73. private function upFile()
  74. {
  75. $file = $this->file = $_FILES[$this->fileField];
  76. if (!$file) {
  77. $this->stateInfo = $this->getStateInfo("ERROR_FILE_NOT_FOUND");
  78. return;
  79. }
  80. if ($this->file['error']) {
  81. $this->stateInfo = $this->getStateInfo($file['error']);
  82. return;
  83. } else if (!file_exists($file['tmp_name'])) {
  84. $this->stateInfo = $this->getStateInfo("ERROR_TMP_FILE_NOT_FOUND");
  85. return;
  86. } else if (!is_uploaded_file($file['tmp_name'])) {
  87. $this->stateInfo = $this->getStateInfo("ERROR_TMPFILE");
  88. return;
  89. }
  91. $this->oriName = $file['name'];
  92. $this->fileSize = $file['size'];
  93. $this->fileType = $this->getFileExt();
  94. $this->fullName = $this->getFullName();
  95. $this->filePath = $this->getFilePath();
  96. $this->fileName = $this->getFileName();
  97. $dirname = dirname($this->filePath);
  99. //检查文件大小是否超出限制
  100. if (!$this->checkSize()) {
  101. $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED");
  102. return;
  103. }
  105. //检查是否不允许的文件格式
  106. if (!$this->checkType()) {
  107. $this->stateInfo = $this->getStateInfo("ERROR_TYPE_NOT_ALLOWED");
  108. return;
  109. }
  111. //创建目录失败
  112. if (!file_exists($dirname) && !mkdir($dirname, 0777, true)) {
  113. $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR");
  114. return;
  115. } else if (!is_writeable($dirname)) {
  116. $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE");
  117. return;
  118. }
  120. //移动文件
  121. if (!(move_uploaded_file($file["tmp_name"], $this->filePath) && file_exists($this->filePath))) { //移动失败
  122. $this->stateInfo = $this->getStateInfo("ERROR_FILE_MOVE");
  123. } else { //移动成功
  124. $this->stateInfo = $this->stateMap[0];
  125. }
  126. }
  128. /**
  129. * 处理base64编码的图片上传
  130. * @return mixed
  131. */
  132. private function upBase64()
  133. {
  134. $base64Data = $_POST[$this->fileField];
  135. $img = base64_decode($base64Data);
  137. $this->oriName = $this->config['oriName'];
  138. $this->fileSize = strlen($img);
  139. $this->fileType = $this->getFileExt();
  140. $this->fullName = $this->getFullName();
  141. $this->filePath = $this->getFilePath();
  142. $this->fileName = $this->getFileName();
  143. $dirname = dirname($this->filePath);
  145. //检查文件大小是否超出限制
  146. if (!$this->checkSize()) {
  147. $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED");
  148. return;
  149. }
  151. //创建目录失败
  152. if (!file_exists($dirname) && !mkdir($dirname, 0777, true)) {
  153. $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR");
  154. return;
  155. } else if (!is_writeable($dirname)) {
  156. $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE");
  157. return;
  158. }
  160. //移动文件
  161. if (!(file_put_contents($this->filePath, $img) && file_exists($this->filePath))) { //移动失败
  162. $this->stateInfo = $this->getStateInfo("ERROR_WRITE_CONTENT");
  163. } else { //移动成功
  164. $this->stateInfo = $this->stateMap[0];
  165. }
  167. }
  169. /**
  170. * 拉取远程图片
  171. * @return mixed
  172. */
  173. private function saveRemote()
  174. {
  175. $imgUrl = htmlspecialchars($this->fileField);
  176. $imgUrl = str_replace("&amp;", "&", $imgUrl);
  178. //http开头验证
  179. if (strpos($imgUrl, "http") !== 0) {
  180. $this->stateInfo = $this->getStateInfo("ERROR_HTTP_LINK");
  181. return;
  182. }
  184. preg_match('/(^https*:\/\/[^:\/]+)/', $imgUrl, $matches);
  185. $host_with_protocol = count($matches) > 1 ? $matches[1] : '';
  187. // 判断是否是合法 url
  188. if (!filter_var($host_with_protocol, FILTER_VALIDATE_URL)) {
  189. $this->stateInfo = $this->getStateInfo("INVALID_URL");
  190. return;
  191. }
  193. preg_match('/^https*:\/\/(.+)/', $host_with_protocol, $matches);
  194. $host_without_protocol = count($matches) > 1 ? $matches[1] : '';
  196. // 此时提取出来的可能是 ip 也有可能是域名,先获取 ip
  197. $ip = gethostbyname($host_without_protocol);
  198. // 判断是否是私有 ip
  199. if(!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) {
  200. $this->stateInfo = $this->getStateInfo("INVALID_IP");
  201. return;
  202. }
  204. //获取请求头并检测死链
  205. $heads = get_headers($imgUrl, 1);
  206. if (!(stristr($heads[0], "200") && stristr($heads[0], "OK"))) {
  207. $this->stateInfo = $this->getStateInfo("ERROR_DEAD_LINK");
  208. return;
  209. }
  210. //格式验证(扩展名验证和Content-Type验证)
  211. $fileType = strtolower(strrchr($imgUrl, '.'));
  212. if (!in_array($fileType, $this->config['allowFiles']) || !isset($heads['Content-Type']) || !stristr($heads['Content-Type'], "image")) {
  213. $this->stateInfo = $this->getStateInfo("ERROR_HTTP_CONTENTTYPE");
  214. return;
  215. }
  217. //打开输出缓冲区并获取远程图片
  218. ob_start();
  219. $context = stream_context_create(
  220. array('http' => array(
  221. 'follow_location' => false // don't follow redirects
  222. ))
  223. );
  224. readfile($imgUrl, false, $context);
  225. $img = ob_get_contents();
  226. ob_end_clean();
  227. preg_match("/[\/]([^\/]*)[\.]?[^\.\/]*$/", $imgUrl, $m);
  229. $this->oriName = $m ? $m[1]:"";
  230. $this->fileSize = strlen($img);
  231. $this->fileType = $this->getFileExt();
  232. $this->fullName = $this->getFullName();
  233. $this->filePath = $this->getFilePath();
  234. $this->fileName = $this->getFileName();
  235. $dirname = dirname($this->filePath);
  237. //检查文件大小是否超出限制
  238. if (!$this->checkSize()) {
  239. $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED");
  240. return;
  241. }
  243. //创建目录失败
  244. if (!file_exists($dirname) && !mkdir($dirname, 0777, true)) {
  245. $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR");
  246. return;
  247. } else if (!is_writeable($dirname)) {
  248. $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE");
  249. return;
  250. }
  252. //移动文件
  253. if (!(file_put_contents($this->filePath, $img) && file_exists($this->filePath))) { //移动失败
  254. $this->stateInfo = $this->getStateInfo("ERROR_WRITE_CONTENT");
  255. } else { //移动成功
  256. $this->stateInfo = $this->stateMap[0];
  257. }
  259. }
  261. /**
  262. * 上传错误检查
  263. * @param $errCode
  264. * @return string
  265. */
  266. private function getStateInfo($errCode)
  267. {
  268. return !$this->stateMap[$errCode] ? $this->stateMap["ERROR_UNKNOWN"] : $this->stateMap[$errCode];
  269. }
  271. /**
  272. * 获取文件扩展名
  273. * @return string
  274. */
  275. private function getFileExt()
  276. {
  277. return strtolower(strrchr($this->oriName, '.'));
  278. }
  280. /**
  281. * 重命名文件
  282. * @return string
  283. */
  284. private function getFullName()
  285. {
  286. //替换日期事件
  287. $t = time();
  288. $d = explode('-', date("Y-y-m-d-H-i-s"));
  289. $format = $this->config["pathFormat"];
  290. $format = str_replace("{yyyy}", $d[0], $format);
  291. $format = str_replace("{yy}", $d[1], $format);
  292. $format = str_replace("{mm}", $d[2], $format);
  293. $format = str_replace("{dd}", $d[3], $format);
  294. $format = str_replace("{hh}", $d[4], $format);
  295. $format = str_replace("{ii}", $d[5], $format);
  296. $format = str_replace("{ss}", $d[6], $format);
  297. $format = str_replace("{time}", $t, $format);
  299. //过滤文件名的非法自负,并替换文件名
  300. $oriName = substr($this->oriName, 0, strrpos($this->oriName, '.'));
  301. $oriName = preg_replace("/[\|\?\"\<\>\/\*\\\\]+/", '', $oriName);
  302. $format = str_replace("{filename}", $oriName, $format);
  304. //替换随机字符串
  305. $randNum = rand(1, 10000000000) . rand(1, 10000000000);
  306. if (preg_match("/\{rand\:([\d]*)\}/i", $format, $matches)) {
  307. $format = preg_replace("/\{rand\:[\d]*\}/i", substr($randNum, 0, $matches[1]), $format);
  308. }
  310. $ext = $this->getFileExt();
  311. return $format . $ext;
  312. }
  314. /**
  315. * 获取文件名
  316. * @return string
  317. */
  318. private function getFileName () {
  319. return substr($this->filePath, strrpos($this->filePath, '/') + 1);
  320. }
  322. /**
  323. * 获取文件完整路径
  324. * @return string
  325. */
  326. private function getFilePath()
  327. {
  328. $fullname = $this->fullName;
  329. $rootPath = $_SERVER['DOCUMENT_ROOT'];
  331. if (substr($fullname, 0, 1) != '/') {
  332. $fullname = '/' . $fullname;
  333. }
  335. return $rootPath . $fullname;
  336. }
  338. /**
  339. * 文件类型检测
  340. * @return bool
  341. */
  342. private function checkType()
  343. {
  344. return in_array($this->getFileExt(), $this->config["allowFiles"]);
  345. }
  347. /**
  348. * 文件大小检测
  349. * @return bool
  350. */
  351. private function checkSize()
  352. {
  353. return $this->fileSize <= ($this->config["maxSize"]);
  354. }
  356. /**
  357. * 获取当前上传成功文件的各项信息
  358. * @return array
  359. */
  360. public function getFileInfo()
  361. {
  362. return array(
  363. "state" => $this->stateInfo,
  364. "url" => $this->fullName,
  365. "title" => $this->fileName,
  366. "original" => $this->oriName,
  367. "type" => $this->fileType,
  368. "size" => $this->fileSize
  369. );
  370. }
  372. }