Created
November 20, 2019 06:33
-
-
Save AL1L/594a602ab1f48eddfe5433546778c2ac to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Allen, StackDoubleFlow | |
| $tokens = array("mySecret", "myOtherSecret"); | |
| $blacklist_names = array("upload.php", ".htaccess"); | |
| $sharexdir = "./"; // File directory | |
| $lengthofstring = 5; // Length of file name | |
| // Random file name generation | |
| function random_string($length) { | |
| $keys = array_merge(range(0,9), range('a', 'z')); | |
| for($i=0; $i < $length; $i++) { | |
| $key .= $keys[mt_rand(0, count($keys) - 1)]; | |
| } | |
| return $key; | |
| } | |
| // Check for token | |
| if(!isset($_POST['secret']) || !in_array($_POST['secret'], $tokens)) { | |
| die('Invalid Secret Key'); | |
| } | |
| // Prepares for upload | |
| $filename = $_FILES["sharex"]["name"]; | |
| if (!$filename) { | |
| $target_file = $_FILES["sharex"]["name"]; | |
| $fileType = pathinfo($target_file, PATHINFO_EXTENSION); | |
| $filename = random_string($lengthofstring).'.'.$fileType; | |
| } | |
| if(in_array($blacklist_names, $filename)) { | |
| die('Invalid filename'); | |
| } | |
| // Accepts and moves to directory | |
| if (move_uploaded_file($_FILES["sharex"]["tmp_name"], $sharexdir.$filename)) { | |
| // Sends info to client | |
| $json->status = "OK"; | |
| $json->errormsg = ""; | |
| $json->url = $filename; | |
| } else { | |
| // Warning | |
| die('File upload failed - CHMOD/Folder doesn\'t exist?'); | |
| } | |
| // Sends json | |
| echo(json_encode($json)); | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment