欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

codeigniter教程之多文件上传使用示例

程序员文章站 2023-11-28 20:00:10
复制代码 代码如下:

复制代码 代码如下:

<?php if(!defined("basepath")){ exit("no direct script access allowed"); }

 /**
  * multi-upload
  *
  * extends codeigniters native upload class to add support for multiple
  * uploads.
  *
  * @package  codeigniter
  * @subpackage libraries
  * @category uploads
  */
  class my_upload extends ci_upload {


   /**
    * properties
    */
     protected $_multi_upload_data   = array();
    protected $_multi_file_name_override = "";


   /**
    * initialize preferences
    *
    * @access public
    * @param array
    * @return void
    */
    public function initialize($config = array()){
     //upload default settings.
     $defaults = array(
         "max_size"   => 0,
         "max_width"   => 0,
         "max_height"  => 0,
         "max_filename"  => 0,
         "allowed_types"  => "",
         "file_temp"   => "",
         "file_name"   => "",
         "orig_name"   => "",
         "file_type"   => "",
         "file_size"   => "",
         "file_ext"   => "",
         "upload_path"  => "",
         "overwrite"   => false,
         "encrypt_name"  => false,
         "is_image"   => false,
         "image_width"  => "",
         "image_height"  => "",
         "image_type"  => "",
         "image_size_str" => "",
         "error_msg"   => array(),
         "mimes"    => array(),
         "remove_spaces"  => true,
         "xss_clean"   => false,
         "temp_prefix"  => "temp_file_",
         "client_name"  => ""
        );

     //set each configuration.
     foreach($defaults as $key => $val){
      if(isset($config[$key])){
       $method = "set_{$key}";
       if(method_exists($this, $method)){
        $this->$method($config[$key]);
       } else {
        $this->$key = $config[$key];
       }
      } else {
       $this->$key = $val;
      }
     }

     //check if file_name was provided.
     if(!empty($this->file_name)){
      //multiple file upload.
      if(is_array($this->file_name)){
       //clear file name override.
       $this->_file_name_override = "";

       //set multiple file name override.
       $this->_multi_file_name_override = $this->file_name;
      //single file upload.
      } else {
       //set file name override.
       $this->_file_name_override = $this->file_name;

       //clear multiple file name override.
       $this->_multi_file_name_override = "";
      }
     }
    }


   /**
    * file mime type
    *
    * detects the (actual) mime type of the uploaded file, if possible.
    * the input array is expected to be $_files[$field].
    *
    * in the case of multiple uploads, a optional second argument may be
    * passed specifying which array element of the $_files[$field] array
    * elements should be referenced (name, type, tmp_name, etc).
    *
    * @access protected
    * @param $file array
    * @param $count int
    * @return void
    */
    protected function _file_mime_type($file, $count=0){
     //mutliple file?
     if(is_array($file["name"])){
      $tmp_name = $file["tmp_name"][$count];
      $type = $file["type"][$count];
     //single file.
     } else {
      $tmp_name = $file["tmp_name"];
      $type = $file["type"];
     }

     //we'll need this to validate the mime info string (e.g. text/plain; charset=us-ascii).
     $regexp = "/^([a-z\-]+\/[a-z0-9\-\.\+]+)(;\s.+)?$/";

     /* fileinfo extension - most reliable method.
      *
      * unfortunately, prior to php 5.3 - it's only available as a pecl extension and the
      * more convenient fileinfo_mime_type flag doesn't exist.
      */
       if(function_exists("finfo_file")){
        $finfo = finfo_open(fileinfo_mime);
       if(is_resource($finfo)){
        $mime = @finfo_file($finfo, $tmp_name);
        finfo_close($finfo);

        /* according to the comments section of the php manual page,
         * it is possible that this function returns an empty string
         * for some files (e.g. if they don't exist in the magic mime database).
         */
          if(is_string($mime) && preg_match($regexp, $mime, $matches)){
           $this->file_type = $matches[1];
          return;
          }
       }
       }

     /* this is an ugly hack, but unix-type systems provide a "native" way to detect the file type,
      * which is still more secure than depending on the value of $_files[$field]['type'], and as it
      * was reported in issue #750 (https://github.com/ellislab/codeigniter/issues/750) - it's better
      * than mime_content_type() as well, hence the attempts to try calling the command line with
      * three different functions.
      *
      * notes:
      * - the directory_separator comparison ensures that we're not on a windows system
      * - many system admins would disable the exec(), shell_exec(), popen() and similar functions
      *   due to security concerns, hence the function_exists() checks
      */
       if(directory_separator !== "\\"){
        $cmd = "file --brief --mime ".escapeshellarg($tmp_name)." 2>&1";

       if(function_exists("exec")){
        /* this might look confusing, as $mime is being populated with all of the output when set in the second parameter.
         * however, we only neeed the last line, which is the actual return value of exec(), and as such - it overwrites
         * anything that could already be set for $mime previously. this effectively makes the second parameter a dummy
         * value, which is only put to allow us to get the return status code.
         */
         $mime = @exec($cmd, $mime, $return_status);
         if($return_status === 0 && is_string($mime) && preg_match($regexp, $mime, $matches)){
          $this->file_type = $matches[1];
          return;
         }
       }
       }

      if((bool)@ini_get("safe_mode") === false && function_exists("shell_exec")){
       $mime = @shell_exec($cmd);
       if(strlen($mime) > 0){
        $mime = explode("\n", trim($mime));
        if(preg_match($regexp, $mime[(count($mime) - 1)], $matches)){
         $this->file_type = $matches[1];
         return;
        }
       }
      }

      if(function_exists("popen")){
       $proc = @popen($cmd, "r");
       if(is_resource($proc)){
        $mime = @fread($proc, 512);
        @pclose($proc);
        if($mime !== false){
         $mime = explode("\n", trim($mime));
         if(preg_match($regexp, $mime[(count($mime) - 1)], $matches)){
          $this->file_type = $matches[1];
          return;
         }
        }
       }
      }

      //fall back to the deprecated mime_content_type(), if available (still better than $_files[$field]["type"])
      if(function_exists("mime_content_type")){
       $this->file_type = @mime_content_type($tmp_name);
       //it's possible that mime_content_type() returns false or an empty string.
       if(strlen($this->file_type) > 0){
        return;
       }
      }

      //if all else fails, use $_files default mime type.
      $this->file_type = $type;
    }


   /**
    * set multiple upload data
    *
    * @access protected
    * @return void
    */
    protected function set_multi_upload_data(){
     $this->_multi_upload_data[] = array(
      "file_name"   => $this->file_name,
      "file_type"   => $this->file_type,
      "file_path"   => $this->upload_path,
      "full_path"   => $this->upload_path.$this->file_name,
      "raw_name"   => str_replace($this->file_ext, "", $this->file_name),
      "orig_name"   => $this->orig_name,
      "client_name"  => $this->client_name,
      "file_ext"   => $this->file_ext,
      "file_size"   => $this->file_size,
      "is_image"   => $this->is_image(),
      "image_width"  => $this->image_width,
      "image_height"  => $this->image_height,
      "image_type"  => $this->image_type,
      "image_size_str" => $this->image_size_str
     );
    }


   /**
    * get multiple upload data
    *
    * @access public
    * @return array
    */
    public function get_multi_upload_data(){
     return $this->_multi_upload_data;
    }


   /**
    * multile file upload
    *
    * @access public
    * @param string
    * @return mixed
    */
    public function do_multi_upload($field){
     //is $_files[$field] set? if not, no reason to continue.
     if(!isset($_files[$field])){ return false; }

     //is this really a multi upload?
     if(!is_array($_files[$field]["name"])){
      //fallback to do_upload method.
      return $this->do_upload($field);
     }

     //is the upload path valid?
     if(!$this->validate_upload_path()){
      //errors will already be set by validate_upload_path() so just return false
      return false;
     }

     //every file will have a separate entry in each of the $_files associative array elements (name, type, etc).
     //loop through $_files[$field]["name"] as representative of total number of files. use count as key in
     //corresponding elements of the $_files[$field] elements.
     for($i=0; $i<count($_files[$field]["name"]); $i++){
      //was the file able to be uploaded? if not, determine the reason why.
      if(!is_uploaded_file($_files[$field]["tmp_name"][$i])){
       //determine error number.
       $error = (!isset($_files[$field]["error"][$i])) ? 4 : $_files[$field]["error"][$i];

       //set error.
       switch($error){
        //upload_err_ini_size
        case 1:
         $this->set_error("upload_file_exceeds_limit");
        break;
        //upload_err_form_size
        case 2:
         $this->set_error("upload_file_exceeds_form_limit");
        break;
        //upload_err_partial
        case 3:
         $this->set_error("upload_file_partial");
        break;
        //upload_err_no_file
        case 4:
         $this->set_error("upload_no_file_selected");
        break;
        //upload_err_no_tmp_dir
        case 6:
         $this->set_error("upload_no_temp_directory");
        break;
        //upload_err_cant_write
        case 7:
         $this->set_error("upload_unable_to_write_file");
        break;
        //upload_err_extension
        case 8:
         $this->set_error("upload_stopped_by_extension");
        break;
        default:
         $this->set_error("upload_no_file_selected");
        break;
       }

       //return failed upload.
       return false;
      }

      //set current file data as class variables.
      $this->file_temp = $_files[$field]["tmp_name"][$i];
      $this->file_size = $_files[$field]["size"][$i];
      $this->_file_mime_type($_files[$field], $i);
      $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $this->file_type);
      $this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
      $this->file_name = $this->_prep_filename($_files[$field]["name"][$i]);
      $this->file_ext  = $this->get_extension($this->file_name);
      $this->client_name = $this->file_name;

      //is the file type allowed to be uploaded?
      if(!$this->is_allowed_filetype()){
       $this->set_error("upload_invalid_filetype");
       return false;
      }

      //if we're overriding, let's now make sure the new name and type is allowed.
      //check if a filename was supplied for the current file. otherwise, use it's given name.
      if(!empty($this->_multi_file_name_override[$i])){
       $this->file_name = $this->_prep_filename($this->_multi_file_name_override[$i]);

       //if no extension was provided in the file_name config item, use the uploaded one.
       if(strpos($this->_multi_file_name_override[$i], ".") === false){
        $this->file_name .= $this->file_ext;
       //an extension was provided, lets have it!
       } else {
        $this->file_ext = $this->get_extension($this->_multi_file_name_override[$i]);
       }

       if(!$this->is_allowed_filetype(true)){
        $this->set_error("upload_invalid_filetype");
        return false;
       }
      }

      //convert the file size to kilobytes.
      if($this->file_size > 0){
       $this->file_size = round($this->file_size/1024, 2);
      }

      //is the file size within the allowed maximum?
      if(!$this->is_allowed_filesize()){
       $this->set_error("upload_invalid_filesize");
       return false;
      }

      //are the image dimensions within the allowed size?
      //note: this can fail if the server has an open_basdir restriction.
      if(!$this->is_allowed_dimensions()){
       $this->set_error("upload_invalid_dimensions");
       return false;
      }

      //sanitize the file name for security.
      $this->file_name = $this->clean_file_name($this->file_name);

      //truncate the file name if it's too long
      if($this->max_filename > 0){
       $this->file_name = $this->limit_filename_length($this->file_name, $this->max_filename);
      }

      //remove white spaces in the name
      if($this->remove_spaces == true){
       $this->file_name = preg_replace("/\s+/", "_", $this->file_name);
      }

      /* validate the file name
       * this function appends an number onto the end of
       * the file if one with the same name already exists.
       * if it returns false there was a problem.
       */
       $this->orig_name = $this->file_name;
       if($this->overwrite == false){
        $this->file_name = $this->set_filename($this->upload_path, $this->file_name);
        if($this->file_name === false){
         return false;
        }
       }

      /* run the file through the xss hacking filter
       * this helps prevent malicious code from being
       * embedded within a file.  scripts can easily
       * be disguised as images or other file types.
       */
       if($this->xss_clean){
        if($this->do_xss_clean() === false){
         $this->set_error("upload_unable_to_write_file");
         return false;
        }
       }

      /* move the file to the final destination
       * to deal with different server configurations
       * we'll attempt to use copy() first.  if that fails
       * we'll use move_uploaded_file().  one of the two should
       * reliably work in most environments
       */
       if(!@copy($this->file_temp, $this->upload_path.$this->file_name)){
        if(!@move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name)){
         $this->set_error("upload_destination_error");
         return false;
        }
       }

      /* set the finalized image dimensions
       * this sets the image width/height (assuming the
       * file was an image).  we use this information
       * in the "data" function.
       */
       $this->set_image_properties($this->upload_path.$this->file_name);

      //set current file data to multi_file_upload_data.
      $this->set_multi_upload_data();
     }

     //return all file upload data.
     return true;
   }
  }