Mein neuestes Projekt ist ein Backend mit integrierter Nutzerverwaltung auf Basis von PHP und MySQL. Es baut auf meinem Nvskript auf, ist jedoch deutlich umfangreicher und legt diesmal einen starken Fokus auf Sicherheit. Während das vorherige Skript rein prozedural war, ist dieses Projekt funktional aufgebaut.
Ich habe einen kleinen Image uploader mit PHP umgesetzt, der über ein eigenes Fehlersystem verfügt und leicht an jede andere Dateiart angepasst werden kann.
//Zur Verwendung, die Dateien unter den aufgeführten Pfaden speichern.
//Dateiname: ImageUploader.php
//Name des Ordners: classes
//classes/ImageUploader.php
class ImageUploader {
private $errors = [];
private $image;
private $allowed_image_extensions = array("jpg", "jpeg", "png");
private $allowed_image_mime_types = array('image/jpeg', 'image/png');
private $maximum_image_size = 2 * 1024 * 1024;
function __construct($image) {
$this->image = $image['image'];
}
public function add_error($error) {
$this->errors[] = $error;
}
public function get_errors() {
return $this->errors;
}
public function has_errors() {
return ! empty($this->errors);
}
private function create_new_image_name() {
$image_name = $this->image['name'];
$new_image_name = uniqid();
$image_extension = pathinfo($image_name, PATHINFO_EXTENSION);
return $final_new_image_name = $new_image_name. "." . $image_extension;
}
private function validate_image() {
if (isset($this->image) && is_array($this->image)) {
if ($this->image['error'] === UPLOAD_ERR_OK) {
$image_size = $this->image['size'];
if ($image_size > $this->maximum_image_size) {
$this->add_error('Error uploading image, invalid image size.');
}
$image_name = $this->image['name'];
$image_extension = pathinfo($image_name, PATHINFO_EXTENSION);
if (! in_array(strtolower($image_extension), $this->allowed_image_extensions)) {
$this->add_error('Error uploading image, invalid image extension. Only JPG, JPEG or PNG allowed.');
}
$image_type = $this->image['type'];
if (! in_array($image_type, $this->allowed_image_mime_types)) {
$this->add_error('Error uploading image, invalid MIME Type.');
}
$file_image_size = getimagesize($this->image['tmp_name']);
if ($file_image_size !== false) {
$width = $file_image_size[0];
$height = $file_image_size[1];
if ($width > 250 and $height > 250 or $width < 250 and $height < 250) {
$this->add_error('The image must be 250X250PX.');
}
} else {
$this->add_error('The image must be 250X250PX.');
}
} elseif ($this->image['error'] === UPLOAD_ERR_NO_FILE) {
$this->add_error('Error uploading image, you need to enter a image.');
}
}
}
private function upload_image() {
$image_tmp_name = $this->image['tmp_name'];
$new_image_name = $this->create_new_image_name();
if ($new_image_name && move_uploaded_file ($image_tmp_name , 'images/'. $new_image_name)) {
return true;
} else {
return false;
}
}
public function upload() {
$this->validate_image();
if ($this->has_errors()) {
return false;
} else {
return $result = $this->upload_image();
}
}
}
Das Uploadformular.
//Dateiname: image_uploader_template.php
//Name des Ordners: templates
//templates/image_uploader_template.php
<form enctype="multipart/form-data" method="post">
<input type="file" name="image" size="90" maxlength="255">
<button type="submit" name="upload_image">Upload picture</button>
</form>
Ausführen des Uploads.
//Dateiname: index.php
require_once 'classes/ImageUploader.php';
if (isset($_POST['upload_image'])) {
$image_uploader = new ImageUploader($_FILES);
$upload_result = $image_uploader->upload();
if ($upload_result === true) {
echo "The image has been successfully uploaded.";
}
if ($image_uploader->has_errors()) {
echo "<li>". "The upload was not successful.". "</li>";
foreach ($image_uploader->get_errors() as $error) {
echo "<li>". htmlentities($error). "</li>";
}
}
}
include 'templates/image_uploader_template.php';