首先贴出代码:
<?php
if( isset( $_POST[ 'Upload' ] ) ) {
// Where are we going to be writing to?
$target_path = DVWA_WEB_PAGE_TO_ROOT . "hackable/uploads/";
$target_path .= basename( $_FILES[ 'uploaded' ][ 'name' ] );
// File information
$uploaded_name = $_FILES[ 'uploaded' ][ 'name' ];
$uploaded_ext = substr( $uploaded_name, strrpos( $uploaded_name, '.' ) + 1);
$uploaded_size = $_FILES[ 'uploaded' ][ 'size' ];
$uploaded_tmp = $_FILES[ 'uploaded' ][ 'tmp_name' ];
// Is it an image?
if( ( strtolower( $uploaded_ext ) == "jpg" || strtolower( $uploaded_ext ) == "jpeg" || strtolower( $uploaded_ext ) == "png" ) &&
( $uploaded_size < 100000 ) &&
getimagesize( $uploaded_tmp ) ) {
// Can we move the file to the upload folder?
if( !move_uploaded_file( $uploaded_tmp, $target_path ) ) {
// No
echo '<pre>Your image was not uploaded.</pre>';
}
else {
// Yes!
echo "<pre>{$target_path} succesfully uploaded!</pre>";
}
}
else {
// Invalid file
echo '<pre>Your image was not uploaded. We can only accept JPEG or PNG images.</pre>';
}
}
?> 下面是用到的几个函数:
(1)isset()函数用于检测变量是否已设置并且非NULL。https://www.runoob.com/php/php-isset-function.html
(2)basename()函数返回路径中的文件名部分。https://www.runoob.com/php/func-filesystem-basename.html
(3)substr()函数返回字符串的一部分。https://www.runoob.com/php/func-string-substr.html
(4)strrpos()函数查找字符串在另一字符串中最后一次出现的位置(区分大小写)。https://www.runoob.com/php/func-string-strrpos.html
(5)strtolower()函数把字符串转换为小写。https://www.runoob.com/php/func-string-strtolower.html
(6)getimagesize()函数用于获取图像大小及相关信息,成功返回一个数组,失败则返回FALSE并产生一条E_WARNING级的错误信息。https://www.runoob.com/php/php-getimagesize.html
(7)move_uploaded_file()函数把上传的文件移动到新位置。如果成功该函数返回TRUE,如果失败则返回FALSE。https://www.runoob.com/php/func-filesystem-move-uploaded-file.html
下面是几个概念:
(1)在PHP中,预定义的$ _POST变量用于收集来自method =“post”的表单中的值。https://www.runoob.com/php/php-post.html
(2)DVWA_WEB_PAGE_TO_ROOT:可以参考这篇文章http://blog.sina.com.cn/s/blog_15db60e8e0102wmee.html,大概意思就是说这个变量表示
这个图片中的192.168.1.4/DVWA-master/其实就是DVWA-WEB服务器的根目录
(3).=代表的意思是连续定义变量!https://zhidao.baidu.com/question/491020632.html
(4)$_FILES[ 'uploaded' ][ '*' ],*代表一个属性。uploaded是上传的文件字段,可以参考下面的链接https://zhidao.baidu.com/question/239878782154307564.html
(5)$_FILES[ 'uploaded' ][ 'tmp_name' ];特别说一下这个临时文件的概念。这句话言简意赅“php的机制就是这样的,你通过post上传文件以后是在一个临时目录下并取个临时文件名,这个时候你需要把文件copy到你自己的项目指定的目录下。方便你的管理。”下面这个链接是关于临时文件的安全性分析的:https://www.jb51.net/article/51840.htm
懂了上面的一些概念后,理解上面的php代码就很简单了。下面是在代码上添加的自我理解:
<?php
if( isset( $_POST[ 'Upload' ] ) ) { //判断通过表单提交上来的变量是否已设置并且非NULL,true的话执行下面操作。
// Where are we going to be writing to?
$target_path = DVWA_WEB_PAGE_TO_ROOT . "hackable/uploads/";//设置目标路径为WEB服务器根目录(这个可以变)/hackable/uploads/
$target_path .= basename( $_FILES[ 'uploaded' ][ 'name' ] );//再次定义目标路径,并在最后加上上传文件的文件名,形成一个完整的路径。
// File information
$uploaded_name = $_FILES[ 'uploaded' ][ 'name' ];//上传文件的文件名(包含文件名和后缀)赋值给uploaded_name
$uploaded_ext = substr( $uploaded_name, strrpos( $uploaded_name, '.' ) + 1);//上传文件的后缀名赋值给uploaded_ext
$uploaded_size = $_FILES[ 'uploaded' ][ 'size' ];//上传文件的大小赋值为uploaded_size
$uploaded_tmp = $_FILES[ 'uploaded' ][ 'tmp_name' ];//上传文件的临时文件名赋值给uploaded_tmp
// Is it an image?
if( ( strtolower( $uploaded_ext ) == "jpg" || strtolower( $uploaded_ext ) == "jpeg" || strtolower( $uploaded_ext ) == "png" ) &&
( $uploaded_size < 100000 ) &&
getimagesize( $uploaded_tmp ) ) { //判断上传文件的后缀是否是jpg,jpeg,png,同时大小小于100000B,并且临时文件存在。
// Can we move the file to the upload folder?
if( !move_uploaded_file( $uploaded_tmp, $target_path ) ) {//把临时文件移动到目标路径,成功返回true失败返回false。
// No
echo '<pre>Your image was not uploaded.</pre>';
}
else {
// Yes!
echo "<pre>{$target_path} succesfully uploaded!</pre>";
}
}
else {
// Invalid file
echo '<pre>Your image was not uploaded. We can only accept JPEG or PNG images.</pre>';
}
}
?> 