网站被莫名篡改数据解决办法

出现被篡改数据的网站首先检查后台文件夹   public\uploads\avatar  目录内是否有php文件或者html文件，如果有先删除

app\Http\Controllers\Api\AuthController.php文件

打开搜索  uploadimg  关键词，将下方替换即可

该方法是上传头像，建议直接禁止上传头像

    public function uploadimg(Request $request)

    {

     exit;

     $token = $request->header('authorization');

     $token = str_replace('Bearer ','',$token) ;

        $user = User::where('api_token',$token)->first();

        $data = $request->all();

        \Illuminate\Support\Facades\Log::info("上传回调结果");

        \Illuminate\Support\Facades\Log::info($_FILES);

        \Illuminate\Support\Facades\Log::info(json_encode($_FILES));    

        $filename=$_FILES['file']['name'];

        $type=$_FILES['file']['type'];

        // echo $type;

        $fileTypes = array('image/png','image/jpg','image/jpeg');

        if (!in_array($type,$fileTypes)){

            return $this->returnMsg(201,'','上传失败');

        }

        $tmp_name=$_FILES['file']['tmp_name'];

        $size=$_FILES['file']['size'];

        $error=$_FILES['file']['error'];

        $temp = explode('.',$filename);

        $name = $temp[0];

        $typePic = $temp[1];

        $filename = time().".".$typePic;

        $save = '/uploads/avatar/'.basename($filename);

        $stored_path = APPPATH.$save;

        $res = move_uploaded_file($tmp_name, $stored_path);

        $httpsStr = env('APP_URL');

        $stored_path = $httpsStr.$save;

        $user->avatar = $save;

        $rest = $user->save();

        //$rest = $this->uploadImgSql($types,$stored_path,$user_id,$rid);

        if ($rest){

           echo $stored_path;

        }else{

           echo ''; 

        }         

    }