liujiankang
/
iamberry-app-international


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165
							<%@page import="java.security.SecureRandom"%>
<%@page import="com.iamberry.wechat.tools.ImageUtils"%>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ page import="java.util.*,java.io.*" %>
<%@ page import="java.text.SimpleDateFormat" %>
<%@ page import="org.apache.commons.fileupload.*" %>
<%@ page import="org.apache.commons.fileupload.disk.*" %>
<%@ page import="org.apache.commons.fileupload.servlet.*" %>
<%@ page import="org.json.simple.*" %>
<%
String saveServerPath = "/common/images/uploadimages/";
// hostname
String hostName = "";
if (request.getRequestURL().indexOf("localhost") == -1) {
	hostName = "http://test.iamberry.com";
} else {
	hostName = "http://localhost:" + request.getLocalPort();
}
//文件保存目录路径
String savePath = pageContext.getServletContext().getRealPath(saveServerPath);
//文件保存目录URL
String saveUrl  = request.getContextPath() + saveServerPath;
//定义允许上传的文件扩展名
HashMap<String, String> extMap = new HashMap<String, String>();
extMap.put("image", "jpeg,jpg,png,gif");
//最大文件大小
long maxSize = 1000000;
response.setContentType("text/html; charset=UTF-8");
if(!ServletFileUpload.isMultipartContent(request)){
	out.println(getError("请选择文件。"));
	return;
}
//检查目录
File uploadDir = new File(savePath);
if(!uploadDir.isDirectory()){
	out.println(getError("上传目录不存在。"));
	return;
}
//检查目录写权限
if(!uploadDir.canWrite()){
	out.println(getError("上传目录没有写权限。"));
	return;
}
String dirName = request.getParameter("dir");
if (dirName == null) {
	dirName = "common/images";
}
if(!extMap.containsKey(dirName)){
	out.println(getError("目录名不正确。"));
	return;
}
//创建文件夹
savePath += "/" + dirName + "/";
saveUrl += "/" + dirName + "/";
File saveDirFile = new File(savePath);
if (!saveDirFile.exists()) {
	saveDirFile.mkdirs();
}
SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd");
String ymd = sdf.format(new Date());
savePath += ymd + "/";
saveUrl += ymd + "/";
File dirFile = new File(savePath);
if (!dirFile.exists()) {
	dirFile.mkdirs();
}
FileItemFactory factory = new DiskFileItemFactory();
ServletFileUpload upload = new ServletFileUpload(factory);
upload.setHeaderEncoding("UTF-8");
List items = upload.parseRequest(request);
Iterator itr = items.iterator();
while (itr.hasNext()) {
	FileItem item = (FileItem) itr.next();
	String fileName = item.getName();
	
	// 防止windows截断问题
	if (fileName != null && fileName.indexOf(":") != -1) {
		fileName = fileName.replaceAll(":", "");
	}
	long fileSize = item.getSize();
	if (!item.isFormField()) {
		//检查文件大小
		if(item.getSize() > maxSize){
			out.println(getError("上传文件大小超过限制。"));
			return;
		}
		//检查扩展名
		String fileExt = fileName.substring(fileName.lastIndexOf(".") + 1).toLowerCase();
		if(!Arrays.<String>asList(extMap.get(dirName).split(",")).contains(fileExt)){
			out.println(getError("上传文件扩展名是不允许的扩展名。\n只允许" + extMap.get(dirName) + "格式。"));
			return;
		}
		// 根据文件魔数，校验文件类型
		SimpleDateFormat df = new SimpleDateFormat("yyyyMMddHHmmss");
		// 文件名使用安全的随机_时间_随机数.扩展名
		String newFileName = byte2hex(createRandomByte()) + "_" + df.format(new Date()) + "_" + new Random().nextInt(10000) + "." + fileExt;
		try{
			File uploadedFile = new File(savePath, newFileName);
			item.write(uploadedFile);
		}catch(Exception e){
			out.println(getError("上传文件失败。"));
			return;
		}
		// 系统任务，凡是上传的图片，系统认为全部不安全，默认缩放，改变文件结构，防止文件为木马
		if (ImageUtils.reSize(savePath + newFileName)) {
			JSONObject obj = new JSONObject();
			obj.put("error", 0);
			obj.put("url", hostName + saveUrl + newFileName);
			out.println(obj.toJSONString());
		} else {
			// 删除上传文件
			new File(savePath + newFileName).delete();
			out.println(getError("上传文件失败。"));
			return;
		}
	}
}
%>
<%!

/**
 * 创建一个安全的随机数组byte[]
 * @return
 */
public byte[] createRandomByte() {
	try {
		SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
		byte[] bytes = new byte[1024 / 8];
		random.nextBytes(bytes);
		int count = 10;
		byte[] seed = random.generateSeed(count);
		random = SecureRandom.getInstance("SHA1PRNG");
		random.setSeed(seed);
		SecureRandom random2 = SecureRandom.getInstance("SHA1PRNG");
		random2.setSeed(seed);
		return seed;
	} catch (Exception e) {
		return UUID.randomUUID().toString().getBytes();
	}
}

/**
 * byte[] 转 字符串
 * @param b
 * @return
 */
public String byte2hex(byte[] b) {
	String hs = "";
	String stmp = "";
	for (int n = 0; n < b.length; n++) {
		stmp = (java.lang.Integer.toHexString(b[n] & 0XFF));
		if (stmp.length() == 1)
			hs = hs + "0" + stmp;
		else
			hs = hs + stmp;
	}
	return hs.toUpperCase();
}
private String getError(String message) {
	JSONObject obj = new JSONObject();
	obj.put("error", 1);
	obj.put("message", message);
	return obj.toJSONString();
}
%>