php实现登录上传图片

PHP 登录与图片上传实现

用户登录验证

创建一个登录表单（login.php），包含用户名和密码输入字段。表单提交后，使用 PHP 验证用户凭据。

// login.php
<form action="authenticate.php" method="post">
    <input type="text" name="username" placeholder="Username">
    <input type="password" name="password" placeholder="Password">
    <button type="submit">Login</button>
</form>

在 authenticate.php 中处理登录逻辑：

// authenticate.php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];

// 验证逻辑（示例中使用硬编码，实际应查询数据库）
if ($username === 'admin' && $password === 'password') {
    $_SESSION['logged_in'] = true;
    $_SESSION['username'] = $username;
    header('Location: upload.php');
} else {
    echo "Invalid credentials";
}

图片上传功能

创建上传表单（upload.php），确保用户已登录：

// upload.php
session_start();
if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) {
    header('Location: login.php');
    exit;
}
?>
<form action="process_upload.php" method="post" enctype="multipart/form-data">
    <input type="file" name="image" accept="image/*">
    <button type="submit">Upload</button>
</form>

处理上传的图片（process_upload.php）：

// process_upload.php
session_start();
if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) {
    header('Location: login.php');
    exit;
}

$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["image"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));

// 检查是否为真实图片
if (isset($_POST["submit"])) {
    $check = getimagesize($_FILES["image"]["tmp_name"]);
    if ($check === false) {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}

// 检查文件大小（限制为5MB）
if ($_FILES["image"]["size"] > 5000000) {
    echo "File is too large.";
    $uploadOk = 0;
}

// 允许特定文件格式
if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg") {
    echo "Only JPG, JPEG, PNG files are allowed.";
    $uploadOk = 0;
}

// 检查上传状态
if ($uploadOk == 0) {
    echo "File was not uploaded.";
} else {
    if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
        echo "The file " . htmlspecialchars(basename($_FILES["image"]["name"])) . " has been uploaded.";
    } else {
        echo "Error uploading file.";
    }
}

安全增强措施

创建上传目录并设置适当权限：

mkdir uploads
chmod 755 uploads

在服务器配置中限制上传文件大小（php.ini）：

upload_max_filesize = 5M
post_max_size = 6M

考虑使用数据库存储上传记录：

// 连接数据库并存储记录
$pdo = new PDO('mysql:host=localhost;dbname=your_db', 'username', 'password');
$stmt = $pdo->prepare("INSERT INTO uploads (username, filename, upload_date) VALUES (?, ?, NOW())");
$stmt->execute([$_SESSION['username'], basename($_FILES["image"]["name"])]);

错误处理与用户反馈

实现更友好的错误提示：

// 在 process_upload.php 中添加
if (!is_dir($target_dir)) {
    die("Upload directory does not exist");
}

if (!is_writable($target_dir)) {
    die("Upload directory is not writable");
}

添加文件重命名功能避免冲突：

$new_filename = uniqid() . '.' . $imageFileType;
$target_file = $target_dir . $new_filename;