<?php
header('Content-type: text/html; charset=utf-8');
$tmparr = !empty($_FILES['filename']) ? $_FILES['filename'] : NULL; //$tmparr = @$_FILES['filename'];
if ($tmparr['error'] == 0) {
if(is_uploaded_file($tmparr['tmp_name']) && !empty($_FILES) && $_SERVER['CONTENT_LENGTH'] > 0){ //杜绝非法提交 而不是指向的类似/etc/passwd
$fileext=strtolower( substr(strrchr($tmparr['name'], '.'),1)); //strrchr() 函数查找字符串在另一个字符串中最后一次出现的位置,并返回从该位置到字符串结尾的所有字符。
$allow_mimes = array(
'image/png' => 'png',
'image/x-png' => 'png',
'image/gif' => 'gif',
'image/jpeg' => 'jpg',
'image/pjpeg' => 'jpg'
);
if(array_key_exists($tmparr['type'], $allow_mimes) && $allow_mimes[$tmparr['type']]==$fileext){
$storage= './storage/'. basename(iconv('UTF-8', 'gbk', $tmparr['name']));
if (true == move_uploaded_file($tmparr['tmp_name'],$storage)) {
echo "<script>alert('上传成功!');history.go(-1);</script>";
} else {
echo "<script>alert('上传失败!');history.go(-1);</script>";
}
}else{
die('对不起,请检查你上传的是图片吗?');
}
}else{
echo "<script>alert('请使用post提交合法数据');history.go(-1);</script>";
die;
}
}else{
echo "<script>alert('上传错误!错误类型:".$tmparr['error']."');history.go(-1);</script>";
}
?>