时间:2023-08-22 22:11:24
出现被篡改数据的网站首先检查后台文件夹 public\uploads\avatar 目录内是否有php文件或者html文件,如果有先删除
app\Http\Controllers\Api\AuthController.php文件
打开搜索 uploadimg 关键词,将下方替换即可
该方法是上传头像,建议直接禁止上传头像
public function uploadimg(Request $request)
{
exit;
$token = $request->header('authorization');
$token = str_replace('Bearer ','',$token) ;
$user = User::where('api_token',$token)->first();
$data = $request->all();
\Illuminate\Support\Facades\Log::info("上传回调结果");
\Illuminate\Support\Facades\Log::info($_FILES);
\Illuminate\Support\Facades\Log::info(json_encode($_FILES));
$filename=$_FILES['file']['name'];
$type=$_FILES['file']['type'];
// echo $type;
$fileTypes = array('image/png','image/jpg','image/jpeg');
if (!in_array($type,$fileTypes)){
return $this->returnMsg(201,'','上传失败');
}
$tmp_name=$_FILES['file']['tmp_name'];
$size=$_FILES['file']['size'];
$error=$_FILES['file']['error'];
$temp = explode('.',$filename);
$name = $temp[0];
$typePic = $temp[1];
$filename = time().".".$typePic;
$save = '/uploads/avatar/'.basename($filename);
$stored_path = APPPATH.$save;
$res = move_uploaded_file($tmp_name, $stored_path);
$httpsStr = env('APP_URL');
$stored_path = $httpsStr.$save;
$user->avatar = $save;
$rest = $user->save();
//$rest = $this->uploadImgSql($types,$stored_path,$user_id,$rid);
if ($rest){
echo $stored_path;
}else{
echo '';
}
}