验证用户上传的图像文件类型是否真实可靠

在网络开发中经常需要用户上传文件，一般的做法都是验证用户上传文件的后缀名是不是在自己限定的范围内，比如jpg,png.这种方式有个bug就是用户可以自己修改用户名，比如把一个1.txt文件改成1.png文件上传，这样上传的文件就不是我们需要的，所以在服务端还要在判断下文件的mimie

这时候就需要用到这两个函数finfo_open()和finfo_file,php5.3以后需要打开extension=php_fileinfo.dll

直接撸代码：

 function checkTpe($type,$filepath){

if(!file_exists($filepath)){

return false;

}

$extensions = [

'image/bmp' => 'bmp',

'image/x-ms-bmp' => 'bmp',

'image/cgm' => 'cgm',

'image/g3fax' => 'g3',

'image/gif' => 'gif',

'image/ief' => 'ief',

'image/jpeg' => 'jpeg',

'image/pjpeg' => 'jpeg',

'image/ktx' => 'ktx',

'image/png' => 'png',

'image/prs.btif' => 'btif',

'image/sgi' => 'sgi',

'image/svg+xml' => 'svg',

'image/tiff' => 'tiff',

'image/vnd.adobe.photoshop' => 'psd',

'image/vnd.dece.graphic' => 'uvi',

'image/vnd.dvb.subtitle' => 'sub',

'image/vnd.djvu' => 'djvu',

'image/vnd.dwg' => 'dwg',

'image/vnd.dxf' => 'dxf',

'image/vnd.fastbidsheet' => 'fbs',

'image/vnd.fpx' => 'fpx',

'image/vnd.fst' => 'fst',

'image/vnd.fujixerox.edmics-mmr' => 'mmr',

'image/vnd.fujixerox.edmics-rlc' => 'rlc',

'image/vnd.ms-modi' => 'mdi',

'image/vnd.ms-photo' => 'wdp',

'image/vnd.net-fpx' => 'npx',

'image/vnd.wap.wbmp' => 'wbmp',

'image/vnd.xiff' => 'xif',

'image/webp' => 'webp',

'image/x-3ds' => '3ds',

'image/x-cmu-raster' => 'ras',

'image/x-cmx' => 'cmx',

'image/x-freehand' => 'fh',

'image/x-icon' => 'ico',

'image/x-mrsid-image' => 'sid',

'image/x-pcx' => 'pcx',

'image/x-pict' => 'pic',

'image/x-portable-anymap' => 'pnm',

'image/x-portable-bitmap' => 'pbm',

'image/x-portable-graymap' => 'pgm',

'image/x-portable-pixmap' => 'ppm',

'image/x-rgb' => 'rgb',

'image/x-tga' => 'tga',

'image/x-xbitmap' => 'xbm',

'image/x-xpixmap' => 'xpm',

'image/x-xwindowdump' => 'xwd'

];

$fg = finfo_open(FILEINFO_MIME_TYPE);

$mime = finfo_file($fg,$filepath);

finfo_close($fg);

if($extensions[$mime] && $extensions[$mime]==$type){

return true;

}

return false;

}