1. 云栖社区>
  2. PHP教程>
  3. 正文

Direct Upload to Amazon AWS S3 Using PHP & HTML

作者:用户 来源:互联网 时间:2017-12-01 14:52:04

Direct Upload to Amazon AWS S3 Using PHP & HTML - 摘要: 本文讲的是Direct Upload to Amazon AWS S3 Using PHP & HTML, As we all know, Amazon S3 is a cost-effective, reliable, fast and secure object storage system, which allows us to stor

As we all know, Amazon S3 is a cost-effective, reliable, fast and secure object storage system, which allows us to store and retrieve any amount of data from anywhere on the web. Today I am going to show you how you can directly upload any file to Amazon AWS S3 using HTML Form and PHP without compromising your own server security and upload latency.

Create User and Bucket First step is to create a bucket by visiting AWS S3 Console, this is where we will be uploading files. Note down its name and AWS region. Create a IAM user profile by going in your AWS Management Console, after user creation you should be presented with unique Access Key IDand Secret Access Key, you should write them down as we will need them in our PHP code. Now create a new Policy in Create Policy Console(Copy-paste Policy Document below) and attach the Policy to IAM user you’ve just created.

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Action": [

"s3:GetObject",

"s3:PutObject",

"s3:PutObjectAcl"

],

"Resource": [

"arn:aws:s3:::*"

]

}

]

}

You may also create policy document using policy generator.

HTML Form

Once everything is set correctly in AWS console, we can now create an HTML form that can upload content to Amazon S3 directly. But as you can see there are values in the form fields which needs specific values, such as Signature field ( X-Amz-Signature) it requires a SHA256 calculated signature, and Policy field requires Base64-encoded policy string. Let’s generate these values in next section of this tutorial.

< form action = "http://<BUCKET> .s3.amazonaws.com/" method="post" enctype="multipart/form-data">

< input type = "hidden" name = "key" value = "${filename}" />

< input type = "hidden" name = "acl" value = "public-read" />

< input type = "hidden" name = "X-Amz-Credential" value = "<--ACCESS_KEY--> / <--SHORT_DATE-->/ <--REGION-->/s3/aws4_request" />

< input type = "hidden" name = "X-Amz-Algorithm" value = "AWS4-HMAC-SHA256" />

< input type = "hidden" name = "X-Amz-Date" value = "<--ISO_DATE--> " />

< input type = "hidden" name = "Policy" value = "<--BASE64_POLICY--> " />

< input type = "hidden" name = "X-Amz-Signature" value = "<--SIGNATURE--> " />

< input type = "hidden" name = "success_action_redirect" value = "<--SUCCESS_REDIRECT--> " />

< input type = "file" name = "file" />

< input type = "submit" value = "Upload File" />

< / form>

Creating POST Policy and Calculating Signature using PHP

In our PHP code we need previously created user Access Key, Secret Key and several other values such as bucket name and region, using these variables wen can construct a POST policy and calculate AWS Signature (Version 4) which are required in our HTML upload form.

<?php

$access_key = "iam-user-access-key" ; //Access Key

$secret_key = "iam-user-secret-key" ; //Secret Key

$my_bucket = "mybucket" ; //bucket name

$region = "us-east-1" ; //bucket region

$success_redirect = 'http://' . $_SERVER [ 'SERVER_NAME' ] . $_SERVER [ 'REQUEST_URI' ] ; //URL to which the client is redirected upon success (currently self)

$allowd_file_size = "1048579" ; //1 MB allowed Size

//dates

$short_date = gmdate ( 'Ymd' ) ; //short date

$iso_date = gmdate ( "Ymd /THis/Z" ) ; //iso format date

$expiration_date = gmdate ( 'Y-m-d/TG:i:s/Z' , strtotime ( '+1 hours' ) ) ; //policy expiration 1 hour from now

//POST Policy required in order to control what is allowed in the request

//For more info http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html

$policy = utf8_encode ( json_encode ( array (

'expiration' => $expiration_date ,

'conditions' => array (

array ( 'acl' => 'public-read' ) ,

array ( 'bucket' => $my_bucket ) ,

array ( 'success_action_redirect' => $success_redirect ) ,

array ( 'starts-with' , '$key' , '' ) ,

array ( 'content-length-range' , '1' , $allowd_file_size ) ,

array ( 'x-amz-credential' => $access_key . '/' . $short_date . '/' . $region . '/s3/aws4_request' ) ,

array ( 'x-amz-algorithm' => 'AWS4-HMAC-SHA256' ) ,

array ( 'X-amz-date' => $iso_date )

) ) ) ) ;

//Signature calculation (AWS Signature Version 4)

//For more info http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html

$kDate = hash_hmac ( 'sha256' , $short_date , 'AWS4' . $secret_key , true ) ;

$kRegion = hash_hmac ( 'sha256' , $region , $kDate , true ) ;

$kService = hash_hmac ( 'sha256' , "s3" , $kRegion , true ) ;

$kSigning = hash_hmac ( 'sha256' , "aws4_request" , $kService , true ) ;

$signature = hash_hmac ( 'sha256' , base64_encode ( $policy ) , $kSigning ) ;

?>

Policy is Base64 encoded security policy that describes what is permitted in the request. For authenticated requests a policy is required, you can learn more about constructing HTTP POST Policy here.

Signature is the HMAC-SHA256 hash of the security policy using AWS Signature Version 4, and is required if a policy document is included with the request, more about AWS Signature Version 4 here.

Success page

After successful upload, AWS redirects user to success page specified in success_action_redirectform field and policy document, it also attaches bucket, etag and key in the query string, which we can use to quickly generate a link to uploaded object on our S3 bucket.

<?php

//After success redirection from AWS S3

if ( isset ( $_GET [ "key" ] ) )

{

$filename = $_GET [ "key" ] ;

$ext = pathinfo ( $filename ,PATHINFO_EXTENSION ) ;

if ( in_array ( $ext , array ( "jpg" , "png" , "gif" , "jpeg" ) ) ) {

echo '<hr />Image File Uploaded : <br /><img src="http://' . $my_bucket . '.s3.amazonaws.com/' . $_GET [ "key" ] . '" style="width:100%;" />' ;

} else {

echo '<hr />File Uploaded : <br /><a href="http://' . $my_bucket . '.s3.amazonaws.com/' . $_GET [ "key" ] . '">' . $filename . '</a>' ;

}

}

?>

Putting together

All we got to do now is put them together in a single PHP file.

<?php

$access_key = "iam-user-access-key" ; //Access Key

$secret_key = "iam-user-secret-key" ; //Secret Key

$my_bucket = "mybucket" ; //bucket name

$region = "us-east-1" ; //bucket region

$success_redirect = 'http://' . $_SERVER [ 'SERVER_NAME' ] . $_SERVER [ 'REQUEST_URI' ] ; //URL to which the client is redirected upon success (currently self)

$allowd_file_size = "1048579" ; //1 MB allowed Size

//dates

$short_date = gmdate ( 'Ymd' ) ; //short date

$iso_date = gmdate ( "Ymd /THis/Z" ) ; //iso format date

$expiration_date = gmdate ( 'Y-m-d/TG:i:s/Z' , strtotime ( '+1 hours' ) ) ; //policy expiration 1 hour from now

//POST Policy required in order to control what is allowed in the request

//For more info http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html

$policy = utf8_encode ( json_encode ( array (

'expiration' => $expiration_date ,

'conditions' => array (

array ( 'acl' => 'public-read' ) ,

array ( 'bucket' => $my_bucket ) ,

array ( 'success_action_redirect' => $success_redirect ) ,

array ( 'starts-with' , '$key' , '' ) ,

array ( 'content-length-range' , '1' , $allowd_file_size ) ,

array ( 'x-amz-credential' => $access_key . '/' . $short_date . '/' . $region . '/s3/aws4_request' ) ,

array ( 'x-amz-algorithm' => 'AWS4-HMAC-SHA256' ) ,

array ( 'X-amz-date' => $iso_date )

) ) ) ) ;

//Signature calculation (AWS Signature Version 4)

//For more info http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html

$kDate = hash_hmac ( 'sha256' , $short_date , 'AWS4' . $secret_key , true ) ;

$kRegion = hash_hmac ( 'sha256' , $region , $kDate , true ) ;

$kService = hash_hmac ( 'sha256' , "s3" , $kRegion , true ) ;

$kSigning = hash_hmac ( 'sha256' , "aws4_request" , $kService , true ) ;

$signature = hash_hmac ( 'sha256' , base64_encode ( $policy ) , $kSigning ) ;

?>

<!DOCTYPE HTML>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<title>Aws S3 Direct File Uploader</title>

</head>

<body>

<form action="http:// <?= $my_bucket ?>.s3.amazonaws.com/" method="post" enctype="multipart/form-data">

<input type="hidden" name="key" value="${filename}" />

<input type="hidden" name="acl" value="public-read" />

<input type="hidden" name="X-Amz-Credential" value=" <?= $access_key ; ?>/ <?= $short_date ; ?>/ <?= $region ; ?>/s3/aws4_request" />

<input type="hidden" name="X-Amz-Algorithm" value="AWS4-HMAC-SHA256" />

<input type="hidden" name="X-Amz-Date" value=" <?= $iso_date ; ?>" />

<input type="hidden" name="Policy" value=" <?= base64_encode ( $policy ) ; ?>" />

<input type="hidden" name="X-Amz-Signature" value=" <?= $signature ?>" />

<input type="hidden" name="success_action_redirect" value=" <?= $success_redirect ?>" />

<input type="file" name="file" />

<input type="submit" value="Upload File" />

</form>

<?php

//After success redirection from AWS S3

if ( isset ( $_GET [ "key" ] ) )

{

$filename = $_GET [ "key" ] ;

$ext = pathinfo ( $filename ,PATHINFO_EXTENSION ) ;

if ( in_array ( $ext , array ( "jpg" , "png" , "gif" , "jpeg" ) ) ) {

echo '<hr />Image File Uploaded : <br /><img src="http://' . $my_bucket . '.s3.amazonaws.com/' . $_GET [ "key" ] . '" style="width:100%;" />' ;

} else {

echo '<hr />File Uploaded : <br /><a href="http://' . $my_bucket . '.s3.amazonaws.com/' . $_GET [ "key" ] . '">' . $filename . '</a>' ;

}

}

?>

</body>

</html>

That’s it! you can copy this code or download and play with your own Aws S3 credentials . You can also check-out the demo page that directly uploads files in my S3 bucket, Good luck!

以上是云栖社区小编为您精心准备的的内容,在云栖社区的博客、问答、公众号、人物、课程等栏目也有的相关内容,欢迎继续使用右上角搜索按钮进行搜索,以便于您获取更多的相关知识。