Created
April 29, 2017 09:23
-
-
Save iamahuman/df5d49a8885f32af90008f17d5be90b8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| ini_set("display_errors", 0); | |
| $ver_outer = explode('-', PHP_VERSION); | |
| $ver_info = explode('.', $ver_outer[0]); | |
| $ver_major = intval($ver_info[0]); | |
| $ver_minor = intval($ver_info[1]); | |
| $ver_release = intval($ver_info[2]); | |
| if ($ver_major < 7 || ($ver_major == 7 && | |
| ($ver_minor < 0 || ($ver_minor == 0 && | |
| ($ver_release < 14))))) | |
| { | |
| die("engine too old..."); | |
| } | |
| if (!defined("DIRECTORY_SEPARATOR") || !function_exists("password_verify") || !defined('PHP_VERSION')) | |
| { | |
| die("this ain't sane..."); | |
| } | |
| define("BASE_DIR", "/home/luke1337/uploads"); | |
| if (!is_dir(BASE_DIR) || !is_writable(BASE_DIR)) | |
| die("wtf..?"); | |
| function do_logic() | |
| { | |
| $f = $_FILES["file"]; | |
| if (!isset($f["error"]) || $f["error"] === NULL || is_array($f["error"])) | |
| { | |
| return "Missing file param"; | |
| } | |
| if ($f["error"] === UPLOAD_ERR_NO_FILE) | |
| { | |
| return "No file given"; | |
| } | |
| if ($f["error"] === UPLOAD_ERR_INI_SIZE || $f["error"] === UPLOAD_ERR_FORM_SIZE) | |
| { | |
| return "File too big"; | |
| } | |
| if ($f["error"] !== UPLOAD_ERR_OK || | |
| empty($f["tmp_name"]) || !is_string($src = $f["tmp_name"])) | |
| { | |
| return "File upload error"; | |
| } | |
| if (empty($_POST["password"]) || !is_string($_POST["password"])) | |
| { | |
| $msg = "Password empty"; | |
| } | |
| elseif (password_verify($_POST["password"], '!<insert your password hash here and remove the excl. mark>') !== TRUE) | |
| { | |
| $msg = "Incorrect password"; | |
| } | |
| else | |
| { | |
| for ($i = 0; $i < 16; $i++) | |
| { | |
| $name = "upload_" . bin2hex(openssl_random_pseudo_bytes(16)); | |
| $path = BASE_DIR . DIRECTORY_SEPARATOR . $name; | |
| if (!file_exists($path)) | |
| break; | |
| $name = NULL; $path = NULL; | |
| } | |
| if ($name === NULL) | |
| { | |
| $msg = "Cannot generate a unique name"; | |
| } | |
| else | |
| { | |
| $r = is_uploaded_file($src) && move_uploaded_file($src, $path); | |
| $msg = ($r === TRUE ? "Success, put as $name" : "Failure"); | |
| } | |
| } | |
| if (is_uploaded_file($src)) | |
| unlink($src); | |
| return $msg; | |
| } | |
| $msg = "Upload with POST password and @file"; | |
| if ($_SERVER["REQUEST_METHOD"] === "POST") | |
| { | |
| $msg = do_logic(); | |
| } | |
| if (empty($_SERVER["HTTP_ACCEPT"]) || strpos($_SERVER["HTTP_ACCEPT"], "text/html") === FALSE) | |
| die($msg . "\n"); | |
| header("Content-Type: text/html; charset=UTF-8"); | |
| ?><!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <title>Uploader</title> | |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> | |
| </head> | |
| <body> | |
| <form id="form" method="post" enctype="multipart/form-data" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'); ?>"> | |
| <div> | |
| <pre id="status"><?php echo htmlspecialchars($msg, ENT_QUOTES, 'UTF-8'); ?></pre> | |
| </div> | |
| <div> | |
| <label for="password">Password</label> | |
| <input id="password" name="password" type="password" /> | |
| </div> | |
| <div> | |
| <label for="file">File</label> | |
| <input id="file" name="file" type="file" /> | |
| </div> | |
| <div><input type="submit" /></div> | |
| </form> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment