yavgel85 · March 26, 2021 08:24
diff --git a/Laravel Controller to upload, zip, password protect the zip, save the password encrypted.php b/Laravel Controller to upload, zip, password protect the zip, save the password encrypted.php
 <?php

 // The issue this solves is to allow the user to upload a document and for us to save the document such that: the document is zip'd, the zip file is given a unique name, the zip file is password protected with a unique password, the password is encrypted for storage in the db table.
  
 // The following will allow for creating one codeset to be called for the creation of all Documents.
 // For the moment, we will need to set up IF statements for the statement that creates an instance of $Document
 // which will allow for us to create a new entry in the appropriate database table.
 public function storeInitDocument($request, $id, $theUserID, $ignore, $tableName){
  // This function will determine if the User has uploading any documents.  If so, the document's properties will be stored,
  // followed by the storage of the physical document with a unique name.  The document will be
  // zip'd with this password.
  // Note 
  // 1) The document name is a unique name, making it more difficult for a hacker to determine
  //     what the document is or who it belongs to.  All we are doing is to make it as 
  //     difficult as possible for hackers.
  //  2) The document's name will be changed to match the zip file's name
  //  3) The document name and password are stored in the table, encrypted using Laravel's 
  //     encryption.
  //  4) There are a ton of ways to perform this action, some better than others.  I didnt
  //     find anything that met the current need/approach.  Close, but the creation of a unique
  //     file name, unique zip name, unique password, unique approach to extract the real password 
  //     fro the storedd password, and the use of an encryption such as Laravel to hide the data.
  //  5) Yes, this may be overkill, but we are trying our best to make it as difficult as possible
  //     for hackers.  It is not if, it is a matter of when.
  $file = $request->file;
  $image = $request->file('image');
  if ($request->hasFile('image')) {
    $imageCount = count($image);
    $newPwdHERE = '';
    for ($i = 0; $i < $imageCount; $i++) {
      $origDocName = $image[$i]->getClientOriginalName();
      $fullDesc = "";
      $theExt = $image[$i]->getClientOriginalExtension();
      $mimeType = $image[$i]->getMimeType();
      $fileSize = $image[$i]->getSize();
      $newNameNoExt = str_replace('.', "", uniqid('', true)) .
        str_replace('.', "", uniqid('', true));
      $newName = $newNameNoExt . "." . $theExt;
      // The following will determine the password.  Note: The complete string that the password was extracted from is what is
      // stored in the "pwd" field.  The first character is a hardcoded letter, the next xx digits is the starting position
      // of the password, and goes for the next aa characters.
      // Note:  There are plenty of ways to create a unique password, this is the way chosen
      // for the moment.  It has and will continue to morph over time.
      $pwdSave="Q" . random_int (05,43) . bin2hex(random_bytes(21). random_bytes(19) . random_bytes(3) . random_bytes(18) . random_bytes(11)
                                                  . random_bytes(21) . random_bytes(14) . random_bytes(8));
      $pwdFile = "Q" . substr($pwdSave,substr($pwdSave,8,2),21);

      DB::insert('insert into ' . $tableName .
                 ' (userID, connectorID, origDocName, ext, typeID, mimeType, fileSize, newName, newNameNoExt,
                       storedDocName, pwd, fullDesc)
                    values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
                 [$theUserID, $id, encrypt($origDocName), encrypt($theExt), encrypt($theExt), encrypt($mimeType),
                  encrypt($fileSize), encrypt($newName), encrypt($newNameNoExt), encrypt($newName), encrypt($pwdSave), encrypt($fullDesc) ]);

      // Store the document
      // echo $newName . " ---- " . $image[$i] . "<br>" . $this->storeArea . '/' . $newNameNoExt . '.zip   ';
      $image[$i]->move($this->storeArea, $newName);
      ob_start();
      system('zip -P ' . $pwdFile . '   ' . $this->storeArea . '/' . $newNameNoExt . '.zip   ' . $this->storeArea . '/' . $newName);
      unlink($this->storeArea . '/' . $newName);
      ob_end_clean();
    }
  }
 }
	<?php

	// The issue this solves is to allow the user to upload a document and for us to save the document such that: the document is zip'd, the zip file is given a unique name, the zip file is password protected with a unique password, the password is encrypted for storage in the db table.

	// The following will allow for creating one codeset to be called for the creation of all Documents.
	// For the moment, we will need to set up IF statements for the statement that creates an instance of $Document
	// which will allow for us to create a new entry in the appropriate database table.
	public function storeInitDocument($request, $id, $theUserID, $ignore, $tableName){
	// This function will determine if the User has uploading any documents. If so, the document's properties will be stored,
	// followed by the storage of the physical document with a unique name. The document will be
	// zip'd with this password.
	// Note
	// 1) The document name is a unique name, making it more difficult for a hacker to determine
	// what the document is or who it belongs to. All we are doing is to make it as
	// difficult as possible for hackers.
	// 2) The document's name will be changed to match the zip file's name
	// 3) The document name and password are stored in the table, encrypted using Laravel's
	// encryption.
	// 4) There are a ton of ways to perform this action, some better than others. I didnt
	// find anything that met the current need/approach. Close, but the creation of a unique
	// file name, unique zip name, unique password, unique approach to extract the real password
	// fro the storedd password, and the use of an encryption such as Laravel to hide the data.
	// 5) Yes, this may be overkill, but we are trying our best to make it as difficult as possible
	// for hackers. It is not if, it is a matter of when.
	$file = $request->file;
	$image = $request->file('image');
	if ($request->hasFile('image')) {
	$imageCount = count($image);
	$newPwdHERE = '';
	for ($i = 0; $i < $imageCount; $i++) {
	$origDocName = $image[$i]->getClientOriginalName();
	$fullDesc = "";
	$theExt = $image[$i]->getClientOriginalExtension();
	$mimeType = $image[$i]->getMimeType();
	$fileSize = $image[$i]->getSize();
	$newNameNoExt = str_replace('.', "", uniqid('', true)) .
	str_replace('.', "", uniqid('', true));
	$newName = $newNameNoExt . "." . $theExt;
	// The following will determine the password. Note: The complete string that the password was extracted from is what is
	// stored in the "pwd" field. The first character is a hardcoded letter, the next xx digits is the starting position
	// of the password, and goes for the next aa characters.
	// Note: There are plenty of ways to create a unique password, this is the way chosen
	// for the moment. It has and will continue to morph over time.
	$pwdSave="Q" . random_int (05,43) . bin2hex(random_bytes(21). random_bytes(19) . random_bytes(3) . random_bytes(18) . random_bytes(11)
	. random_bytes(21) . random_bytes(14) . random_bytes(8));
	$pwdFile = "Q" . substr($pwdSave,substr($pwdSave,8,2),21);

	DB::insert('insert into ' . $tableName .
	' (userID, connectorID, origDocName, ext, typeID, mimeType, fileSize, newName, newNameNoExt,
	storedDocName, pwd, fullDesc)
	values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
	[$theUserID, $id, encrypt($origDocName), encrypt($theExt), encrypt($theExt), encrypt($mimeType),
	encrypt($fileSize), encrypt($newName), encrypt($newNameNoExt), encrypt($newName), encrypt($pwdSave), encrypt($fullDesc) ]);

	// Store the document
	// echo $newName . " ---- " . $image[$i] . "<br>" . $this->storeArea . '/' . $newNameNoExt . '.zip ';
	$image[$i]->move($this->storeArea, $newName);
	ob_start();
	system('zip -P ' . $pwdFile . ' ' . $this->storeArea . '/' . $newNameNoExt . '.zip ' . $this->storeArea . '/' . $newName);
	unlink($this->storeArea . '/' . $newName);
	ob_end_clean();
	}
	}
	}