解析php下载远程图片函数 可伪造来路
程序员文章站
2022-04-05 07:59:20
gurl 要下载的图片地址$rfurl 来路。如果目标图像做了防盗链设置,可以绕过。$filename 下载图片保存的文件名,相对路径,不要用realpath$gcooki...
gurl 要下载的图片地址
$rfurl 来路。如果目标图像做了防盗链设置,可以绕过。
$filename 下载图片保存的文件名,相对路径,不要用realpath
$gcookie 调整cookie 伪造的cookie
$jumpcount 跳转计数
$maxtime 最大次数
调用方法:downimagekeep(“http://www.baidu.com/img/baidu_jgylogo2.gif”,”http://baidu.com”,”a.gif”,”",0,10);
<?php
function downimagekeep($gurl, $rfurl, $filename, $gcookie="", $jumpcount=0, $maxtime=30)
{
$urlinfos = gethostinfo($gurl);
$ghost = trim($urlinfos['host']);
if($ghost=='')
{
return false;
}
$gquery = $urlinfos['query'];
if($gcookie=="" && !empty($rfurl))
{
$gcookie = refurlcookie($rfurl);
}
$sessionquery = "get $gquery http/1.1\r\n";
$sessionquery .= "host: $ghost\r\n";
$sessionquery .= "referer: $rfurl\r\n";
$sessionquery .= "accept: */*\r\n";
$sessionquery .= "user-agent: mozilla/4.0 (compatible; msie 5.00; windows 98)\r\n";
if($gcookie!="" && !preg_match("/[\r\n]/", $gcookie))
{
$sessionquery .= $gcookie."\r\n";
}
$sessionquery .= "connection: keep-alive\r\n\r\n";
$errno = "";
$errstr = "";
$m_fp = fsockopen($ghost, 80, $errno, $errstr,10);
fwrite($m_fp,$sessionquery);
$lnum = 0;
//获取详细应答头
$m_httphead = array();
$httpstas = explode(" ",fgets($m_fp,256));
$m_httphead["http-edition"] = trim($httpstas[0]);
$m_httphead["http-state"] = trim($httpstas[1]);
while(!feof($m_fp))
{
$line = trim(fgets($m_fp,256));
if($line == "" || $lnum>100)
{
break;
}
$hkey = "";
$hvalue = "";
$v = 0;
for($i=0; $i<strlen($line); $i++)
{
if($v==1)
{
$hvalue .= $line[$i];
}
if($line[$i]==":")
{
$v = 1;
}
if($v==0)
{
$hkey .= $line[$i];
}
}
$hkey = trim($hkey);
if($hkey!="")
{
$m_httphead[strtolower($hkey)] = trim($hvalue);
}
}
//分析返回记录
if(preg_match("/^3/", $m_httphead["http-state"]))
{
if(isset($m_httphead["location"]) && $jumpcount<3)
{
$jumpcount++;
downimagekeep($gurl,$rfurl,$filename,$gcookie,$jumpcount);
}
else
{
return false;
}
}
if(!preg_match("/^2/", $m_httphead["http-state"]))
{
return false;
}
if(!isset($m_httphead))
{
return false;
}
$contentlength = $m_httphead['content-length'];
//保存文件
$fp = fopen($filename,"w") or die("写入文件:{$filename} 失败!");
$i=0;
$okdata = "";
$starttime = time();
while(!feof($m_fp))
{
$okdata .= fgetc($m_fp);
$i++;
//超时结束
if(time()-$starttime>$maxtime)
{
break;
}
//到达指定大小结束
if($i >= $contentlength)
{
break;
}
}
if($okdata!="")
{
fwrite($fp,$okdata);
}
fclose($fp);
if($okdata=="")
{
@unlink($filename);
fclose($m_fp);
return false;
}
fclose($m_fp);
return true;
}
/**
* 获得某页面返回的cookie信息
*
* @access public
* @param string $gurl 调整地址
* @return string
*/
function refurlcookie($gurl)
{
global $gcookie,$lastrfurl;
$gurl = trim($gurl);
if(!empty($gcookie) && $lastrfurl==$gurl)
{
return $gcookie;
}
else
{
$lastrfurl=$gurl;
}
if(trim($gurl)=='')
{
return '';
}
$urlinfos = gethostinfo($gurl);
$ghost = $urlinfos['host'];
$gquery = $urlinfos['query'];
$sessionquery = "get $gquery http/1.1\r\n";
$sessionquery .= "host: $ghost\r\n";
$sessionquery .= "accept: */*\r\n";
$sessionquery .= "user-agent: mozilla/4.0 (compatible; msie 5.00; windows 98)\r\n";
$sessionquery .= "connection: close\r\n\r\n";
$errno = "";
$errstr = "";
$m_fp = fsockopen($ghost, 80, $errno, $errstr,10) or die($ghost.'<br />');
fwrite($m_fp,$sessionquery);
$lnum = 0;
//获取详细应答头
$gcookie = "";
while(!feof($m_fp))
{
$line = trim(fgets($m_fp,256));
if($line == "" || $lnum>100)
{
break;
}
else
{
if(preg_match("/^cookie/i", $line))
{
$gcookie = $line;
break;
}
}
}
fclose($m_fp);
return $gcookie;
}
/**
* 获得网址的host和query部份
*
* @access public
* @param string $gurl 调整地址
* @return string
*/
function gethostinfo($gurl)
{
$gurl = preg_replace("/^http:\/\//i", "", trim($gurl));
$garr['host'] = preg_replace("/\/(.*)$/i", "", $gurl);
$garr['query'] = "/".preg_replace("/^([^\/]*)\//i", "", $gurl);
return $garr;
}
?>
$rfurl 来路。如果目标图像做了防盗链设置,可以绕过。
$filename 下载图片保存的文件名,相对路径,不要用realpath
$gcookie 调整cookie 伪造的cookie
$jumpcount 跳转计数
$maxtime 最大次数
调用方法:downimagekeep(“http://www.baidu.com/img/baidu_jgylogo2.gif”,”http://baidu.com”,”a.gif”,”",0,10);
复制代码 代码如下:
<?php
function downimagekeep($gurl, $rfurl, $filename, $gcookie="", $jumpcount=0, $maxtime=30)
{
$urlinfos = gethostinfo($gurl);
$ghost = trim($urlinfos['host']);
if($ghost=='')
{
return false;
}
$gquery = $urlinfos['query'];
if($gcookie=="" && !empty($rfurl))
{
$gcookie = refurlcookie($rfurl);
}
$sessionquery = "get $gquery http/1.1\r\n";
$sessionquery .= "host: $ghost\r\n";
$sessionquery .= "referer: $rfurl\r\n";
$sessionquery .= "accept: */*\r\n";
$sessionquery .= "user-agent: mozilla/4.0 (compatible; msie 5.00; windows 98)\r\n";
if($gcookie!="" && !preg_match("/[\r\n]/", $gcookie))
{
$sessionquery .= $gcookie."\r\n";
}
$sessionquery .= "connection: keep-alive\r\n\r\n";
$errno = "";
$errstr = "";
$m_fp = fsockopen($ghost, 80, $errno, $errstr,10);
fwrite($m_fp,$sessionquery);
$lnum = 0;
//获取详细应答头
$m_httphead = array();
$httpstas = explode(" ",fgets($m_fp,256));
$m_httphead["http-edition"] = trim($httpstas[0]);
$m_httphead["http-state"] = trim($httpstas[1]);
while(!feof($m_fp))
{
$line = trim(fgets($m_fp,256));
if($line == "" || $lnum>100)
{
break;
}
$hkey = "";
$hvalue = "";
$v = 0;
for($i=0; $i<strlen($line); $i++)
{
if($v==1)
{
$hvalue .= $line[$i];
}
if($line[$i]==":")
{
$v = 1;
}
if($v==0)
{
$hkey .= $line[$i];
}
}
$hkey = trim($hkey);
if($hkey!="")
{
$m_httphead[strtolower($hkey)] = trim($hvalue);
}
}
//分析返回记录
if(preg_match("/^3/", $m_httphead["http-state"]))
{
if(isset($m_httphead["location"]) && $jumpcount<3)
{
$jumpcount++;
downimagekeep($gurl,$rfurl,$filename,$gcookie,$jumpcount);
}
else
{
return false;
}
}
if(!preg_match("/^2/", $m_httphead["http-state"]))
{
return false;
}
if(!isset($m_httphead))
{
return false;
}
$contentlength = $m_httphead['content-length'];
//保存文件
$fp = fopen($filename,"w") or die("写入文件:{$filename} 失败!");
$i=0;
$okdata = "";
$starttime = time();
while(!feof($m_fp))
{
$okdata .= fgetc($m_fp);
$i++;
//超时结束
if(time()-$starttime>$maxtime)
{
break;
}
//到达指定大小结束
if($i >= $contentlength)
{
break;
}
}
if($okdata!="")
{
fwrite($fp,$okdata);
}
fclose($fp);
if($okdata=="")
{
@unlink($filename);
fclose($m_fp);
return false;
}
fclose($m_fp);
return true;
}
/**
* 获得某页面返回的cookie信息
*
* @access public
* @param string $gurl 调整地址
* @return string
*/
function refurlcookie($gurl)
{
global $gcookie,$lastrfurl;
$gurl = trim($gurl);
if(!empty($gcookie) && $lastrfurl==$gurl)
{
return $gcookie;
}
else
{
$lastrfurl=$gurl;
}
if(trim($gurl)=='')
{
return '';
}
$urlinfos = gethostinfo($gurl);
$ghost = $urlinfos['host'];
$gquery = $urlinfos['query'];
$sessionquery = "get $gquery http/1.1\r\n";
$sessionquery .= "host: $ghost\r\n";
$sessionquery .= "accept: */*\r\n";
$sessionquery .= "user-agent: mozilla/4.0 (compatible; msie 5.00; windows 98)\r\n";
$sessionquery .= "connection: close\r\n\r\n";
$errno = "";
$errstr = "";
$m_fp = fsockopen($ghost, 80, $errno, $errstr,10) or die($ghost.'<br />');
fwrite($m_fp,$sessionquery);
$lnum = 0;
//获取详细应答头
$gcookie = "";
while(!feof($m_fp))
{
$line = trim(fgets($m_fp,256));
if($line == "" || $lnum>100)
{
break;
}
else
{
if(preg_match("/^cookie/i", $line))
{
$gcookie = $line;
break;
}
}
}
fclose($m_fp);
return $gcookie;
}
/**
* 获得网址的host和query部份
*
* @access public
* @param string $gurl 调整地址
* @return string
*/
function gethostinfo($gurl)
{
$gurl = preg_replace("/^http:\/\//i", "", trim($gurl));
$garr['host'] = preg_replace("/\/(.*)$/i", "", $gurl);
$garr['query'] = "/".preg_replace("/^([^\/]*)\//i", "", $gurl);
return $garr;
}
?>