PHP 基于文件头的文件类型验证类函数
2015-01-24信息快讯网
在PHP开发中,传统的上传文件类型验证是基于文件扩展名的验证方式(如pathinfo函数),很容易通过修改扩展名来欺骗
我这里写了一个验证类,是通过文件头来判断文件格式.(也不是百分之百安全,如果用户伪造了文件头,也能通过验证)<?php /** * 检证文件类型类 * * @author Silver */ class FileTypeValidation { // 文件类型,不同的头信息 private static $_fileFormats = Array( 'jp2' => '0000000C6A502020',<br/> '3gp' => '0000002066747970', '3gp5' => '0000001866747970', 'm4a' => '00000020667479704D3441', 'ico' => '00000100', 'spl' => '00000100', 'vob' => '000001BA', 'cur' => '00000200', 'wb2' => '00000200', 'wk1' => '0000020006040600', 'wk3' => '00001A0000100400', 'wk4' => '00001A0002100400', 'wk5' => '00001A0002100400', '123' => '00001A00051004', 'qxd' => '00004D4D585052', 'mdf' => '010F0000', 'tr1' => '0110', 'rgb' => '01DA01010003', 'drw' => '07', 'dss' => '02647373', 'dat' => 'A90D000000000000', 'db3' => '03', 'qph' => '03000000', 'adx' => '80000020031204', 'db4' => '04', 'n' => 'FFFE0000', 'a' => 'FFFE0000', 'skf' => '07534B46', 'dtd' => '0764743264647464', 'db' => 'D0CF11E0A1B11AE1', 'pcx' => '0A050101', 'mp' => '0CED', 'doc' => 'D0CF11E0A1B11AE1', 'nri' => '0E4E65726F49534F', 'wks' => 'FF00020004040554', 'pf' => '1100000053434341', 'ntf' => '4E49544630', 'nsf' => '4E45534D1A01', 'arc' => '41724301', 'pak' => '5041434B', 'eth' => '1A350100', 'mkv' => '1A45DFA393428288', 'ws' => '1D7D', 'gz' => '1F8B08', 'tar.z' => '1FA0', 'ain' => '2112', 'lib' => '213C617263683E0A', 'msi' => 'D0CF11E0A1B11AE1', 'vmdk' => '4B444D', 'dsp' => '23204D6963726F73', 'amr' => '2321414D52', 'hdr' => '49536328', 'sav' => '24464C3240282329', 'eps' => 'C5D0D3C6', 'pdf' => '25504446', 'fdf' => '25504446', 'hqx' => '2854686973206669', 'log' => '2A2A2A2020496E73', 'ivr' => '2E524543', 'rm' => '2E524D46', 'rmvb' => '2E524D46', 'ra' => '2E7261FD00', 'au' => '646E732E', 'cat' => '30', 'evt' => '300000004C664C65', 'asf' => '3026B2758E66CF11', 'wma' => '3026B2758E66CF11', 'wmv' => '3026B2758E66CF11', 'wri' => 'BE000000AB', '7z' => '377ABCAF271C', 'psd' => '38425053', 'sle' => '414376', 'asx' => '3C', 'xdr' => '3C', 'dci' => '3C21646F63747970', 'manifest' => '3C3F786D6C2076657273696F6E3D', 'xml' => '3C3F786D6C2076657273696F6E3D22312E30223F3E', 'msc' => 'D0CF11E0A1B11AE1', 'fm' => '3C4D616B65724669', 'mif' => '56657273696F6E20', 'gid' => '4C4E0200', 'hlp' => '4C4E0200', 'dwg' => '41433130', 'syw' => '414D594F', 'abi' => '414F4C494E444558', 'aby' => '414F4C4442', 'bag' => '414F4C2046656564', 'idx' => '5000000020000000', 'ind' => '414F4C494458', 'pfc' => '414F4C564D313030', 'org' => '414F4C564D313030', 'vcf' => '424547494E3A5643', 'bin' => '424C4932323351', 'bmp' => '424D', 'dib' => '424D', 'prc' => '424F4F4B4D4F4249', 'bz2' => '425A68', 'tar.bz2' => '425A68', 'tbz2' => '425A68', 'tb2' => '425A68', 'rtd' => '43232B44A4434DA5', 'cbd' => '434246494C45', 'iso' => '4344303031', 'clb' => '434F4D2B', 'cpt' => '43505446494C45', 'cru' => '43525553482076', 'swf' => '465753', 'ctf' => '436174616C6F6720', 'dms' => '444D5321', 'adf' => '5245564E554D3A2C', 'dvr' => '445644', 'ifo' => '445644', 'cdr' => '52494646', 'vcd' => '454E545259564344', 'mdi' => '4550', 'e01' => '4C5646090D0AFF00', 'evtx' => '456C6646696C6500', 'qbb' => '458600000600', 'cpe' => '464158434F564552', 'flv' => '464C56', 'aiff' => '464F524D00', 'eml' => '582D', 'gif' => '47494638', 'pat' => '47504154', 'gx2' => '475832', 'sh3' => '4848474231', 'tif' => '4D4D002B', 'tiff' => '4D4D002B', 'mp3' => '494433', 'koz' => '49443303000000', 'crw' => '49491A0000004845', 'cab' => '4D534346', 'lit' => '49544F4C49544C53', 'chi' => '49545346', 'chm' => '49545346', 'jar' => '5F27A889', 'jg' => '4A47040E000000', 'kgb' => '4B47425F61726368', 'shd' => '68490000', 'lnk' => '4C00000001140200', 'obj' => '80', 'pdb' => 'ACED000573720012', 'mar' => '4D41723000', 'dmp' => '504147454455', 'hdmp' => '4D444D5093A7', 'mls' => '4D563243', 'mmf' => '4D4D4D440000', 'nvram' => '4D52564E', 'ppz' => '4D534346', 'snp' => '4D534346', 'tlb' => '4D53465402000100', 'dvf' => '4D535F564F494345', 'msv' => '4D535F564F494345', 'mid' => '4D546864', 'midi' => '4D546864', 'dsn' => '4D56', 'com' => 'EB', 'dll' => '4D5A', 'drv' => '4D5A', 'exe' => '4D5A', 'pif' => '4D5A', 'qts' => '4D5A', 'qtx' => '4D5A', 'sys' => 'FFFFFFFF', 'acm' => '4D5A', 'ax' => '4D5A900003000000', 'cpl' => 'DCDC', 'fon' => '4D5A', 'ocx' => '4D5A', 'olb' => '4D5A', 'scr' => '4D5A', 'vbx' => '4D5A', 'vxd' => '4D5A', '386' => '4D5A', 'api' => '4D5A900003000000', 'flt' => '76323030332E3130', 'zap' => '4D5A90000300000004000000FFFF', 'sln' => '4D6963726F736F66742056697375616C', 'jnt' => '4E422A00', 'jtp' => '4E422A00', 'cod' => '4E616D653A20', 'dbf' => '4F504C4461746162', 'oga' => '4F67675300020000', 'ogg' => '4F67675300020000', 'ogv' => '4F67675300020000', 'ogx' => '4F67675300020000', 'dw4' => '4F7B', 'pgm' => '50350A', 'pax' => '504158', 'pgd' => '504750644D41494E', 'img' => 'EB3C902A', 'zip' => '504B0304140000', 'docx' => '504B030414000600', 'pptx' => '504B030414000600', 'xlsx' => '504B030414000600', 'kwd' => '504B0304', 'odt' => '504B0304', 'odp' => '504B0304', 'ott' => '504B0304', 'sxc' => '504B0304', 'sxd' => '504B0304', 'sxi' => '504B0304', 'sxw' => '504B0304', 'wmz' => '504B0304', 'xpi' => '504B0304', 'xps' => '504B0304', 'xpt' => '5850434F4D0A5479', 'grp' => '504D4343', 'qemu' => '514649', 'abd' => '5157205665722E20', 'qsd' => '5157205665722E20', 'reg' => 'FFFE', 'sud' => '52454745444954', 'ani' => '52494646', 'cmx' => '52494646', 'ds4' => '52494646', '4xm' => '52494646', 'avi' => '52494646', 'cda' => '52494646', 'qcp' => '52494646', 'rmi' => '52494646', 'wav' => '52494646', 'cap' => '58435000', 'rar' => '526172211A0700', 'ast' => '5343486C', 'shw' => '53484F57', 'cpi' => 'FF464F4E54', 'sit' => '5374756666497420', 'sdr' => '534D415254445257', 'cnv' => '53514C4F434F4E56', 'cal' => 'B5A2B0B3B3B0A5B5', 'info' => 'E310000100000000', 'uce' => '55434558', 'ufa' => '554641C6D2C1', 'pch' => '564350434830', 'ctl' => '56455253494F4E20', 'ws2' => '575332303030', 'lwp' => '576F726450726F', 'bdr' => '5854', 'zoo' => '5A4F4F20', 'ecf' => '5B47656E6572616C', 'vcw' => '5B4D535643', 'dun' => '5B50686F6E655D', 'sam' => '5B7665725D', 'cpx' => '5B57696E646F7773', 'cfg' => '5B666C7473696D2E', 'cas' => '5F434153455F', 'cbk' => '5F434153455F', 'arj' => '60EA', 'vhd' => '636F6E6563746978', 'csh' => '6375736800000002', 'p10' => '64000000', 'dex' => '6465780A30303900', 'dsw' => '64737766696C65', 'flac' => '664C614300000022', 'dbb' => '6C33336C', 'acd' => '72696666', 'ram' => '727473703A2F2F', 'dmg' => '78', 'lgc' => '7B0D0A6F20', 'lgd' => '7B0D0A6F20', 'pwi' => '7B5C707769', 'rtf' => '7B5C72746631', 'psp' => '7E424B00', 'wab' => '9CCBCB8D1375D211', 'wpf' => '81CDAB', 'png' => '89504E470D0A1A0A', 'aw' => '8A0109000000E108', 'hap' => '91334846', 'skr' => '9501', 'gpg' => '99', 'pkr' => '9901', 'qdf' => 'AC9EBD8F0000', 'pwl' => 'E3828596', 'dcx' => 'B168DE3A', 'tib' => 'B46E6844', 'acs' => 'C3ABCDAB', 'lbk' => 'C8007900', 'class' => 'CAFEBABE', 'dbx' => 'CFAD12FE', 'dot' => 'D0CF11E0A1B11AE1', 'pps' => 'D0CF11E0A1B11AE1', 'ppt' => 'D0CF11E0A1B11AE1', 'xla' => 'D0CF11E0A1B11AE1', 'xls' => 'D0CF11E0A1B11AE1', 'wiz' => 'D0CF11E0A1B11AE1', 'ac_' => 'D0CF11E0A1B11AE1', 'adp' => 'D0CF11E0A1B11AE1', 'apr' => 'D0CF11E0A1B11AE1', 'mtw' => 'D0CF11E0A1B11AE1', 'opt' => 'D0CF11E0A1B11AE1', 'pub' => 'D0CF11E0A1B11AE1', 'rvt' => 'D0CF11E0A1B11AE1', 'sou' => 'D0CF11E0A1B11AE1', 'spo' => 'D0CF11E0A1B11AE1', 'vsd' => 'D0CF11E0A1B11AE1', 'wps' => 'D0CF11E0A1B11AE1', 'ftr' => 'D20A0000', 'arl' => 'D42A', 'aut' => 'D42A', 'wmf' => 'D7CDC69A', 'efx' => 'DCFE', 'one' => 'E4525C7B8CD8A74D', 'rpm' => 'EDABEEDB', 'gho' => 'FEEF', 'ghs' => 'FEEF', 'wp' => 'FF575043', 'wpd' => 'FF575043', 'wpg' => 'FF575043', 'wpp' => 'FF575043', 'wp5' => 'FF575043', 'wp6' => 'FF575043', 'jfif' => 'FFD8FF', 'jpe' => 'FFD8FF', 'jpeg' => 'FFD8FF', 'jpg' => 'FFD8FF', 'mof' => 'FFFE23006C006900', 'ipa' => '504B03040A', ); /** * 检查文件类型 * * @param string $filePath 文件路径 * @param string $fileExt 文件扩展名 * * @return boolean */ public static function validation($filePath, $fileExt) { // 文件格式未知 if (!isset(self::$_fileFormats[$fileExt])) { return false; } $length = strlen(self::$_fileFormats[$fileExt]); $bin = self::_readFile($filePath, $length); $fileHead = @unpack("H{$length}", $bin); // 判断文件头 if (strtolower(self::$_fileFormats[$fileExt]) == $fileHead[1]) { return true; } return false; } /** * 读取文件内容 * * @param string $filePath 文件路径 * @param integer $size * * @return string */ private function _readFile($filePath, $size) { $file = fopen($filePath, "rb"); $bin = fread($file, $size); fclose($file); return $bin; } } ?>
调用
require './class_filetypevalidation.php'; // 文件路径 $filePath = "D:/test.png"; $x = FileTypeValidation::validation($filePath, 'zip'); var_dump($x);
php 读取文件头判断文件类型的实现代码
PHP取二进制文件头快速判断文件类型的实现代码
ubuntu下编译安装xcache for php5.3 的具体操作步骤
编译php 5.2.14+fpm+memcached(具体操作详解)
解析PHP实现多进程并行执行脚本
PHP实现多进程并行操作的详解(可做守护进程)
解析php中static,const与define的使用区别
PHP实现的封装验证码类详解
php.ini 配置文件的深入解析
jQuery+php实现ajax文件即时上传的详解
php.ini修改php上传文件大小限制的方法详解
修改php.ini不生效问题解决方法(上传大于8M的文件)
与文件上传有关的php配置参数总结
探讨如何在php168_cms中提取验证码
编写php应用程序实现摘要式身份验证的方法详解
解析dedeCMS验证码的实现代码
PHP自定义大小验证码的方法详解
几个有用的php字符串过滤,转换函数代码
PHP 第三节 变量介绍
PHP 第二节 数据类型之转换
PHP 第二节 数据类型之数组
PHP 第二节 数据类型之字符串类型
PHP 第二节 数据类型之数值型
php 文件上传实例代码
php递归创建和删除文件夹的代码小结
PHP文件注释标记及规范小结
用PHP读取超大文件的实例代码
批量去除PHP文件中bom的PHP代码
支持中文字母数字、自定义字体php验证码代码
php tp验证表单与自动填充函数代码
PHP+Ajax异步通讯实现用户名邮箱验证是否已注册( 2种方法实现)
php自动注册登录验证机制实现代码
Ajax实时验证用户名/邮箱等是否已经存在的代码打包
利用PHP实现智能文件类型检测的实现代码
PHP文件上传后缀名与文件类型对照表整理