public static function uploadFile($filepath="upload",$existCheck=0,$uniq=0){
global $_FILES;
try {
// Undefined | Multiple Files | $_FILES Corruption Attack
// If this request falls under any of them, treat it invalid.
if (
!isset($_FILES['uploaded_file']['error']) ||
is_array($_FILES['uploaded_file']['error'])
) {
$result["status"]="fail";$result["errors"]=('Invalid parameters.');return $result;
}
// Check $_FILES['uploaded_file']['error'] value.
switch ($_FILES['uploaded_file']['error']) {
case UPLOAD_ERR_OK:
break;
case UPLOAD_ERR_NO_FILE:
$result["status"]="fail";$result["errors"]=('No file sent.');return $result;
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$result["status"]="fail";$result["errors"]=('Exceeded filesize limit.');return $result;
default:
$result["status"]="fail";$result["errors"]=('Unknown errors.');return $result;
}
// You should also check filesize here.
if ($_FILES['uploaded_file']['size'] > 1000000) {
$result["status"]="fail";$result["errors"]=('Exceeded filesize limit.');return $result;
}
// DO NOT TRUST $_FILES['uploaded_file']['mime'] VALUE !!
// Check MIME Type by yourself.
$finfo = new finfo(FILEINFO_MIME_TYPE);
if (false === $ext = array_search(
$finfo->file($_FILES['uploaded_file']['tmp_name']),
array(
'jpg' => 'image/jpeg',
'png' => 'image/png',
'gif' => 'image/gif',
),
true
)) {
$result["status"]="fail";$result["errors"]=('Invalid file format.');return $result;
}
if($uniq==0){
$temp=$filepath;
}
else{
$temp=$filepath."/".uniqid()."_".$_FILES['uploaded_file']['name'];
}
if ($existCheck==1 && file_exists($temp)) {
$result["status"]="fail";$result["errors"]=('Unknown errors.');return $result;
}
if(@copy($_FILES['uploaded_file']['tmp_name'], $temp)) {
return $result["status"]="success";
}
$result["status"]="fail";$result["errors"]=('Unknown errors.');return $result;
} catch (Exception $e) {
$result["status"]="fail";$result["errors"]= $e->getMessage();return $result;
}
}