<?php
function isImg($data){
$r = true;
$notAllow = @explode('|','evel|base|encode|decode|print|close|hide|display|connect|select|order|src|link|charset|title|safe|mode|php|css|style|span|div|echo|play|stop|any|text|expression|behaviour|applet|link|style|frame|frameset');
foreach($notAllow as $b){
if(strpos($data, $b) !== false){
$r = false;
break;
}
}
if($r){
$im = @imagecreatefromstring($data);
if(!$im)
$r = false;
}
return $r;
}
if(isset($_POST))
{
if($_POST['do']=='upload')
{
$up['maxSize'] = 1000 * 1000; // just one mb :D in bytes;
$up['types'] = array("image/jpeg", "image/png","image/gif"); // kb
$up['path'] = "images/i".time()."_".rand(0000,99999).".png";
$filename = $_FILES["file"]["name"];
$filetype = $_FILES["file"]["type"];
$filesize = $_FILES["file"]["size"];
$name_tmp = $_FILES["file"]["tmp_name"];
$data = file_get_contents($name_tmp);
if(empty($filename))
{
echo 'please select file';
}elseif(!in_array($filetype,$up['types']))
{
echo 'not allow file type';
}elseif($filesize>$up['maxSize'])
{
echo 'file size to big';
}elseif(!isImg($data))
{
echo 'please add true image ';
}else{
file_put_contents($up['path'], $data);
echo 'create image done';
echo '<img src="'. $up['path'].'"/>';
}
}
}
?>
<meta charset="utf-8" />
<form action="index.php" method="post" enctype="multipart/form-data">
<input type="file" name="file" />
<input type="submit" value="Uplaoder"/>
<input type="hidden" name="do" value="upload"/>
</form>
