我的PHP图像验证有什么问题？

Question

我无法弄清楚为什么当图像尺寸太大时，我得到错误'无效的文件类型''上传的文件不是图像'而不是'文件太大'（图像验证/上传脚本我没有完全写自己 - 我找到了代码，并使其适合我的需求）。除此之外，其他一切似乎都很好。此外，我得到以下警告

警告：和getimagesize（）：文件名不能在C空：\ XAMPP \ htdocs中\桃花鱼\包括\在线创建-post.php中75

这里我的代码

<?php 
require_once('../dbconnect.php'); 
include_once(INCLUDES_PATH .'functions.php'); 

$body = $_POST["body"]; 
$image = 'image'; 
$user_id = $_SESSION['user_id']; 

if(empty($_FILES[$image]['name'])){ 
$has_image = 0; 
}else{ 
$has_image = 1; 
} 

$postEmpty = 0; 
$imageError = 0; 

if(empty($_FILES[$image]['name']) && empty($body)){ 
$postEmpty = 1; 
die(); 
} 

// validate post 

if($postEmpty == 0 && !empty($body)){ 

    $cleanBody = clean_input($body); 

} 

// validate image (if any) 

if($has_image == 1){ 

    //check if directory exist if not create it 
    if (!file_exists(HOME_PATH ."users/user_".$user_id)) { 
     mkdir(HOME_PATH ."users/user_".$user_id, 0777, true); 
    } 
    if (!file_exists(HOME_PATH ."users/user_".$user_id."/posts")) { 
     mkdir(HOME_PATH ."users/user_".$user_id."/posts", 0777, true); 
    } 
    //Set file upload path 
    $path = "../users/user_".$user_id."/posts/"; //with trailing slash 
    //Set max file size in bytes 
    $max_size = 2000000; 
    //Set default file extension whitelist 
    $whitelist_ext = array('jpeg','jpg','png','gif'); 
    //Set default file type whitelist 
    $whitelist_type = array('image/jpeg', 'image/jpg', 'image/png','image/gif'); 

    // Create an array to hold any output 
    $errors = array(); 

    // Get filename 
    $file_info = pathinfo($_FILES[$image]['name']); 
    $name = $file_info['filename']; 
    $ext = $file_info['extension']; 

    //Check file has the right extension   
    if (!in_array($ext, $whitelist_ext)) { 
     $errors[] = "Invalid file Extension"; 
    } 

    //Check that the file is of the right type 
    if (!in_array($_FILES[$image]["type"], $whitelist_type)) { 
     $errors[] = "Invalid file Type"; 
    } 

    //Check that the file is not too big 
    if ($_FILES[$image]["size"] > $max_size) { 
     $errors[] = "File is too big"; 
    } 

    //If $check image is set as true 
    if (!getimagesize($_FILES[$image]['tmp_name'])) { 
     $errors[] = "Uploaded file is not a valid image"; 
    } 

    //Create full filename including path 
    if ($random_name) { 
    // Generate random filename 
     $tmp = str_replace(array('.',' '), array('',''), microtime()); 

    if (!$tmp || $tmp == '') { 
     $errors[] = "File must have a name"; 
    }  
     $newname = $tmp.'.'.$ext;         
    } else { 
     $newname = $name.'.'.$ext; 
    } 

    //Check if file already exists on server 
    if (file_exists($path.$newname)) { 
     $errors[] = "A file with this name already exists"; 
    } 

    if (count($errors)>0) { 
    //The file has not correctly validated 
     $imageError = 1; 
    } 

// if no errors: 

    // upload image (if any) and retrieve filename 
    if($imageError == 1){ 

     $ret_data = ['items' => $errors, 'responseCode' => 0]; 
     //content in $items must be in UTF-8 
     echo json_encode($ret_data); 
     die(); 

    }else{ 

     //Create full filename including path 
     // Generate random filename 
     $tmp = str_replace(array('.',' '), array('',''), microtime()); 

     if (!$tmp || $tmp == '') { 
      $errors[] = "File must have a name"; 
     }  

     $newname = $tmp.'.'.$ext;         

     //Check if file already exists on server 
     if (file_exists($path.$newname)) { 
      $errors[] = "A file with this name already exists"; 
     } 

     if (count($errors)>0) { 
     //The file has not correctly validated 
      $imageError = 1; 
      $ret_data = ['items' => $errors, 'responseCode' => 0]; 
      //content in $items must be in UTF-8 
      echo json_encode($ret_data); 
      die(); 

     } 
     if (move_uploaded_file($_FILES[$image]['tmp_name'], $path.$newname)) { 

      $uploadSuccesfull = 1; 

     }else { 

      $ret_data = ['items' => $errors, 'responseCode' => 0]; 
      //content in $items must be in UTF-8 
      echo json_encode($ret_data); 
      die(); 
     } 

    } 
} 


// if no errors: 

// save post (with filename if any); if it fails, delete image (if any) 
if($has_image == 1){ 

$query = "INSERT INTO posts 
     (user_id, body, image, has_image, date) 
     VALUES 
     ('$user_id', '$body', '$newname', '$has_image', now())"; 

}else{ 

    $query = "INSERT INTO posts 
     (user_id, body, has_image, date) 
     VALUES 
     ('$user_id', '$body', '$has_image', now())"; 

} 

$result = $db->query($query); 

// send response 

//check to make sure the user was added 
if($db->affected_rows == 1){ 

    $user_id = $_SESSION['user_id']; 

    $post_id = $db->insert_id; 

    $query = "SELECT post_id, body, image, has_image 
      FROM posts 
      WHERE post_id = $post_id 
      LIMIT 1"; 
    $result = $db->query($query); 

    if($result->num_rows == 1){ 
     $row = $result->fetch_assoc(); 
    } 

    $queryuser = "SELECT * 
       FROM users 
       WHERE user_id = $user_id 
       LIMIT 1"; 
    $resultuser = $db->query($queryuser); 
    if($resultuser->num_rows == 1){ 
     $rowuser = $resultuser->fetch_assoc(); 
    } 


if(!empty($row['avatar'])){ $userpic = $row['avatar']; }else{ $userpic = HOME_URL . 'img/avatar.jpg'; } 

    if($row['has_image'] == 1){ 

    $data = "<article class='post'><div class='post-head cf'><a class='userpic' href=''><img src='$userpic' alt='".$rowuser['username']."'></a><a href='' class='username'>".$rowuser['username']."</a></div><img src='users/user_".$rowuser['user_id']."/posts/".$row['image']."' alt=''><div class='post-body'><div class='post-options'><a class='likes' href=''>156 likes</a></div><p><a class='username' href=''>".$rowuser['username']."</a>".$row['body']."</p><hr /><div class='cf'><a class='like hide-text' href='javascript:;'>Like This Post</a><form action='' class='comment'><input type='text' placeholder='Add a comment'></form></div></div></article>"; 
    echo json_encode($data, JSON_UNESCAPED_SLASHES); 

}else{ 

$data = "<article class='post no-img'><div class='post-head cf'><a class='userpic' href=''><img src='$userpic' alt='".$rowuser['username']."'></a><a href='' class='username'>".$rowuser['username']."</a></div><div class='post-body'><p><a class='username' href=''>".$rowuser['username']."</a>".$row['body']."</p><div class='post-options'><a class='likes' href=''>1 like</a></div><hr /><div class='cf'><a class='like hide-text' href='javascript:;'>Like This Post</a><form action='' class='comment'><input type='text' placeholder='Add a comment'></form></div></div></article>"; 
    echo json_encode($data, JSON_UNESCAPED_SLASHES); 

} 
    }else{ 

     $errors[] = "Server Error!"; 

     $ret_data = ['items' => $errors, 'responseCode' => 0]; 
     //content in $items must be in UTF-8 
     echo json_encode($ret_data); 

    } 

die(); 

Answer 1

可能是该文件没有上传到服务器。

查看$_FILES[$image]['error']查看可能出错的内容。

请参阅错误消息here。

编辑：这些行后：

$body = $_POST["body"]; 
$image = 'image'; 
$user_id = $_SESSION['user_id']; 

这样做：

// check for error greater than zero 
if($_FILES[$image]['error'] > 0) { 
    // something went wrong with the upload, handle the error 
    echo $_FILES[$image]['error']; exit; // as an example to find out what the error was 
} 

然后参考http://php.net/manual/en/features.file-upload.errors.php找出原因。