最近一段時(shí)間對(duì)PHP文件處理方面很感興趣，因此在許多站點(diǎn)上看了許多的文件處理的文章，但是國(guó)內(nèi)許多的站點(diǎn)上的PHP文件處理方面的知識(shí)大多數(shù)是你抄我的我抄你的，用baidu.com或者是google.com搜索出來(lái)的東西多是重復(fù)的。最近在國(guó)外一個(gè)站點(diǎn)上盾了一篇文章感覺(jué)很不錯(cuò)，因此推薦給大家閱讀。

首先我們有必要說(shuō)明一下文件上傳的操作流程及用到的知識(shí)點(diǎn)：

文件上傳我們需要用到HTML里面表單的type="file"類型，及其enctype屬性。這是我們大家必須要用的。當(dāng)然了PHP函數(shù)庫(kù)當(dāng)中的FILE函數(shù)庫(kù)，字符串類型函數(shù)庫(kù)，目錄函數(shù)庫(kù)及$_FILES[]的使用是我們必須要用到的。

也許每一個(gè)站點(diǎn)都可能會(huì)對(duì)上傳文件有許多的限制，這些限制會(huì)包括 文件類型，文件大小，擴(kuò)展名，以及上傳目錄的存在與否，上傳文件的存在與否，目錄的可寫性，可讀性，上傳文件的改名及怎樣把文件從緩存當(dāng)中復(fù)制到你所需要的目錄當(dāng)中。

當(dāng)然出錯(cuò)的預(yù)處理也是我們不容忽視的!如果再深一步的討論我們還可以對(duì)文件的操作起用事件日志的記錄。

下面我們通過(guò)一段程序來(lái)實(shí)現(xiàn)這些功能：

--------------------------------------------------------------------------------------------


首先是我們預(yù)設(shè)的變量值，它包括文件大小，文件擴(kuò)展名類型，MIMI類型，及是否刪除的開(kāi)關(guān)變量

$MAX_SIZE = 2000000;
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
                   ,'image/png','application/msword');

$FILE_EXTS  = array('.zip','.jpg','.png','.gif');

$DELETABLE  = true;                               


下一部就是設(shè)置瀏覽器訪問(wèn)變量及目錄訪問(wèn)變量：

$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";


建立上傳目錄并相應(yīng)改變權(quán)限：

if (!is_dir("files")) {
  if (!mkdir($upload_dir))
   die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
   die ("change permission to 755 failed.");
}



用戶請(qǐng)求的處理：

if ($_REQUEST[del] && $DELETABLE)  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);
  
  if (strpos($_REQUEST[del],"/.")>0);                  //possible hacking
  else if (strpos($_REQUEST[del],"files/") === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)=="files/") {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

$file_type = $_FILES['userfile']['type'];
  $file_name = $_FILES['userfile']['name'];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  //文件大小的檢查：


  if ( $_FILES['userfile']['size'] > $MAX_SIZE)
     $message = "The file size is over 2MB.";
  //File Type/Extension Check
  else if (!in_array($file_type, $FILE_MIMES)
          && !in_array($file_ext, $FILE_EXTS) )
     $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
  else
     $message = do_upload($upload_dir, $upload_url);
  
  print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else
$message = "Invalid File Specified.";

列出我們上傳的文件：

$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "<a href='$upload_dir$file'>".$file."</a>";
      if ($DELETABLE)
        $filelist .= " <a href='?del=$upload_dir$file' title='delete'>x</a>";
      $filelist .= "_{<small><small><font color=grey>  ".date("d-m H:i", filemtime($upload_dir.$file))
                   ."</font></small></small>}";
      $filelist .="<br>";
   }
}

function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = $_FILES['userfile']['name'];
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
$file_path = $upload_dir.$file_name;

//File Name Check
  if ( $file_name =="") {
   $message = "Invalid File Name Specified";
   return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0777))
    $message = "change permission to 777 failed.";
  else
    $message = ($result)?"$file_name uploaded successfully." :
            "Somthing is wrong with uploading a file.";
  return $message;
}

?>

<center>
   <font color=red><?=$_REQUEST[message]?></font>
   <br>
   <form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post">
     Upload File <input type="file" id="userfile" name="userfile">
     <input type="submit" name="upload" value="Upload">
   </form>
   
   <br><b>My Files</b>
   <hr width=70%>
   <?=$filelist?>
   <hr width=70%>
   <small>^{Developed By
   <a style="text-decoration:none" >CityPost.ca</a>}</small>
</center>