From 69ad885419740b330979019ecc17956a60aa5fbf Mon Sep 17 00:00:00 2001 From: Yandols ZeonX Date: Fri, 12 Apr 2019 01:21:16 +0800 Subject: [PATCH 1/6] Finished new working uploader filename randomizer algorithm (abbr. as UFNRA). --- upload.php | 44 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/upload.php b/upload.php index ac7b70f..58e92f1 100644 --- a/upload.php +++ b/upload.php @@ -1,6 +1,6 @@ = '00') && (date('H') <= '05')) { + $hourId = '3'; + } else if ((date('H') >= '06') && (date('H') <= '11')) { + $hourId = 'E'; + } else if ((date('H') >= '12') && (date('H') <= '17')) { + $hourId = 'd'; + } else if ((date('H') >= '18') && (date('H') <= '23')) { + $hourId = 'C'; + } else { + $hourId = 'z'; + } //$newfilename = time() . '_' . rand(1000000, 9999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.6b //$newfilename = time() . '_' . rand(100, 999) . '_' . rand(100000000, 999999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.8 + //$newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); $newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); $newtarget = $target_dir . $newfilename; - //if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) { if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newtarget)) { chmod("$newtarget", 0775); // Set read and write permissions if file echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded."; From e99dc7df6c9cb7deba4c825bba0d66faba5ea448 Mon Sep 17 00:00:00 2001 From: Yandols ZeonX Date: Fri, 12 Apr 2019 01:51:23 +0800 Subject: [PATCH 2/6] Fixed forgetting to parse the new algorithm into the filename itself. --- upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upload.php b/upload.php index 58e92f1..129c521 100644 --- a/upload.php +++ b/upload.php @@ -88,7 +88,7 @@ if ($uploadOk == 0) { //$newfilename = time() . '_' . rand(1000000, 9999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.6b //$newfilename = time() . '_' . rand(100, 999) . '_' . rand(100000000, 999999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.8 //$newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); - $newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); + $newfilename = $dayId . $hourId . $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); $newtarget = $target_dir . $newfilename; if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newtarget)) { chmod("$newtarget", 0775); // Set read and write permissions if file From 1e52b9f2483141dd50bdc1b99d82fb20487628c4 Mon Sep 17 00:00:00 2001 From: Yandols ZeonX Date: Fri, 12 Apr 2019 03:52:45 +0800 Subject: [PATCH 3/6] Cleanup + set randomized length to 11, bringing the total filename length to 13. --- upload.php | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/upload.php b/upload.php index 129c521..c7e1d09 100644 --- a/upload.php +++ b/upload.php @@ -1,12 +1,14 @@ 6291456) { echo "Sorry, your file is too large. (Max is 6MB)"; $uploadOk = 0; header('Location: ./failed.php'); } -// Allow certain file formats -// Fixed uppercase rejection bug in 1.1a +// Allow only certain file formats. +// 1.1a -- Fixed uppercase rejection bug and allows them. if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "JPG" && $imageFileType != "PNG" && $imageFileType != "JPEG" && $imageFileType != "gif" && $imageFileType != "svg" @@ -40,17 +42,17 @@ if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg $uploadOk = 0; header('Location: ./failed.php'); } -// Check if $uploadOk is set to 0 by an error +// Check if $uploadOk is set to 0 by an error, if so go to failure condition. if ($uploadOk == 0) { echo "Sorry, your file could not be uploaded."; header('Location: ./failed.php'); -// if everything is ok, try to upload file +// If everything is ok, try to upload file. } else { // 1.2a --- Changed some case-confusing characters such as I and O to web safe symbols. // 1.3 ---- Removed some problematic symbol characters that can break CMS such as + and $. // 1.3_0 -- Changed the filename randomizer algorithm to compensate for characters pool reduction to 62 from 64. $characters = 'abcdefghjklmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ1234567890-_!*'; - $random_string_length = 10; + $random_string_length = 11; $randomFilename = ''; for ($i = 0; $i < $random_string_length; $i++) { $randomFilename .= $characters[rand(0, strlen($characters) - 1)]; @@ -85,22 +87,18 @@ if ($uploadOk == 0) { } else { $hourId = 'z'; } - //$newfilename = time() . '_' . rand(1000000, 9999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.6b - //$newfilename = time() . '_' . rand(100, 999) . '_' . rand(100000000, 999999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.8 - //$newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); + // Finalize file upload and return output to user. + // Old line: $newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v1.3, kept for instaneous rollback safety. $newfilename = $dayId . $hourId . $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); $newtarget = $target_dir . $newfilename; if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newtarget)) { - chmod("$newtarget", 0775); // Set read and write permissions if file + chmod("$newtarget", 0775); // Set read and write permissions on file echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded."; $uploaderlog = "" . date('U') . ", ". date('Y-m-d H:i:s e') . ", $_SERVER[REMOTE_ADDR], $newfilename" . ", " . $imejicoreversion . ", $_SERVER[HTTP_USER_AGENT]"; - //$uploaderlog = "Unix Time: " . date('U') . ", Logical Time: ". date('Y-m-d H:i:s e') . ", IP Address: $_SERVER[REMOTE_ADDR], Filename: $newfilename" . ", User Agent: $_SERVER[HTTP_USER_AGENT], Referer: $_SERVER[HTTP_REFERER]"; --simplified in v0.9e file_put_contents('uploads.log', $uploaderlog . PHP_EOL, FILE_APPEND); header('Location: https://i.yandols.xyz/' . $newfilename); - //header('Location: http://i.zxicar.us/' . $newfilename); --switched to HTTPS as of v0.9d - //header('Location: ../imeji/' . $newtarget); --changed as of v0.7 - //header('Location: http://zxicar.us/imeji/'.basename( $_FILES["fileToUpload"]["name"])); --changed as of v0.2 } else { + // If anything wrong here, go to failure condition. echo "Sorry, there was a problem uploading your file."; header('Location: ./failed.php'); } From 07e9424bb78386969f5c6c3c863eb843291832d8 Mon Sep 17 00:00:00 2001 From: Yandols ZeonX Date: Fri, 12 Apr 2019 04:03:30 +0800 Subject: [PATCH 4/6] Changed hour-base identifiers to intervals of 4 hours instead of 6. --- upload.php | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/upload.php b/upload.php index c7e1d09..f57cb09 100644 --- a/upload.php +++ b/upload.php @@ -2,7 +2,7 @@ // Imeji Uploader Core Code -- Version 1.3 (Uploader Filename Randomizer Algorithm Update) // // Core Variables. Don't change unless you know what you're doing. -$imejicoreversion = "imeji_v1.3_1"; +$imejicoreversion = "imeji_v1.3_2"; $target_dir = "public/"; $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]); $target_filenameonly = basename($_FILES["fileToUpload"]["name"]); @@ -75,15 +75,19 @@ if ($uploadOk == 0) { } else { $dayId = '0'; } - // Hour-base identifiers (Implemented in v1.3_0) - if ((date('H') >= '00') && (date('H') <= '05')) { + // Hour-base identifiers (Implemented in v1.3_0 / Changed in v1.3_2) + if ((date('H') >= '00') && (date('H') <= '03')) { $hourId = '3'; - } else if ((date('H') >= '06') && (date('H') <= '11')) { + } else if ((date('H') >= '04') && (date('H') <= '07')) { $hourId = 'E'; - } else if ((date('H') >= '12') && (date('H') <= '17')) { + } else if ((date('H') >= '08') && (date('H') <= '11')) { $hourId = 'd'; - } else if ((date('H') >= '18') && (date('H') <= '23')) { - $hourId = 'C'; + } else if ((date('H') >= '12') && (date('H') <= '15')) { + $hourId = '4'; + } else if ((date('H') >= '16') && (date('H') <= '19')) { + $hourId = 'R'; + } else if ((date('H') >= '20') && (date('H') <= '23')) { + $hourId = 'f'; } else { $hourId = 'z'; } From fc1d66e2f4914d709210ec969707a82ba6c2c13b Mon Sep 17 00:00:00 2001 From: Yandols ZeonX Date: Fri, 12 Apr 2019 20:25:56 +0800 Subject: [PATCH 5/6] Apply UFNRA update to droploader. --- dropload.php | 69 ++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 53 insertions(+), 16 deletions(-) diff --git a/dropload.php b/dropload.php index 8ba1d92..2e92d25 100644 --- a/dropload.php +++ b/dropload.php @@ -1,12 +1,14 @@ 6291456) { //echo "Sorry, your file is too large. (Max is 6MB)"; $uploadOk = 0; @@ -42,8 +44,8 @@ if ($_FILES["fileToUpload"]["size"] > 6291456) { //echo 400; return; } -// Allow certain file formats -// Fixed uppercase rejection bug in 1.1a +// Allow only certain file formats. +// 1.1a -- Fixed uppercase rejection bug and allows them. if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "JPG" && $imageFileType != "PNG" && $imageFileType != "JPEG" && $imageFileType != "gif" && $imageFileType != "svg" @@ -56,7 +58,7 @@ if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg //echo 400; return; } -// Check if $uploadOk is set to 0 by an error +// Check if $uploadOk is set to 0 by an error, if so go to failure condition. if ($uploadOk == 0) { //echo "Sorry, your file could not be uploaded."; //header('Location: ./failed.php'); @@ -64,20 +66,55 @@ if ($uploadOk == 0) { http_response_code(400); //echo 400; return; -// if everything is ok, try to upload file +// If everything is ok, try to upload file. } else { - // 1.2a -- Changed some case-confusing characters such as I and O to web safe symbols. - $characters = 'abcdefghjklmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ1234567890-_!$+*'; - $random_string_length = 12; + // 1.2a --- Changed some case-confusing characters such as I and O to web safe symbols. + // 1.3 ---- Removed some problematic symbol characters that can break CMS such as + and $. + // 1.3_0 -- Changed the filename randomizer algorithm to compensate for characters pool reduction to 62 from 64. + $characters = 'abcdefghjklmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ1234567890-_!*'; + $random_string_length = 11; $randomFilename = ''; for ($i = 0; $i < $random_string_length; $i++) { $randomFilename .= $characters[rand(0, strlen($characters) - 1)]; } - //$newfilename = time() . '_' . rand(1000000, 9999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.6b - //$newfilename = time() . '_' . rand(100, 999) . '_' . rand(100000000, 999999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.8 - $newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); + // Day-base identifiers (Implemented in v1.3_0) + if (date('D') == 'Sun') { + $dayId = 'Q'; + } else if (date('D') == 'Mon') { + $dayId = 'a'; + } else if (date('D') == 'Tue') { + $dayId = 'z'; + } else if (date('D') == 'Wed') { + $dayId = '2'; + } else if (date('D') == 'Thu') { + $dayId = 'W'; + } else if (date('D') == 'Fri') { + $dayId = 's'; + } else if (date('D') == 'Sat') { + $dayId = 'x'; + } else { + $dayId = '0'; + } + // Hour-base identifiers (Implemented in v1.3_0 / Changed in v1.3_2) + if ((date('H') >= '00') && (date('H') <= '03')) { + $hourId = '3'; + } else if ((date('H') >= '04') && (date('H') <= '07')) { + $hourId = 'E'; + } else if ((date('H') >= '08') && (date('H') <= '11')) { + $hourId = 'd'; + } else if ((date('H') >= '12') && (date('H') <= '15')) { + $hourId = '4'; + } else if ((date('H') >= '16') && (date('H') <= '19')) { + $hourId = 'R'; + } else if ((date('H') >= '20') && (date('H') <= '23')) { + $hourId = 'f'; + } else { + $hourId = 'z'; + } + // Finalize file upload and return output to user. + // Old line: $newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v1.3, kept for instaneous rollback safety. + $newfilename = $dayId . $hourId . $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); $newtarget = $target_dir . $newfilename; - //if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) { if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newtarget)) { chmod("$newtarget", 0775); // Set read and write permissions if file //echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded."; From a09e25d7943879409b3d258042cda3a4ac05c915 Mon Sep 17 00:00:00 2001 From: Yandols ZeonX Date: Fri, 12 Apr 2019 22:26:07 +0800 Subject: [PATCH 6/6] Cleanup. --- dropload.php | 37 +------------------------------------ 1 file changed, 1 insertion(+), 36 deletions(-) diff --git a/dropload.php b/dropload.php index 2e92d25..0b0518a 100644 --- a/dropload.php +++ b/dropload.php @@ -12,36 +12,26 @@ $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION); if(isset($_POST["submit"])) { $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]); if($check !== false) { - //echo "File is an image - " . $check["mime"] . "."; $uploadOk = 1; } else { - //echo "File is not an image."; $uploadOk = 0; - //header('Location: ./failed.php'); header('HTTP/1.1 400 Bad Request', true, 400); http_response_code(400); - //echo 400; return; } } // Check whether a file with the same name already exists on server or not for security reasons. if (file_exists($target_file)) { - //echo "Sorry, file already exists."; $uploadOk = 0; - //header('Location: ./failed.php'); header('HTTP/1.1 400 Bad Request', true, 400); http_response_code(400); - //echo 400; return; } // Check file size. (Imeji Standard Max is 6MB) if ($_FILES["fileToUpload"]["size"] > 6291456) { - //echo "Sorry, your file is too large. (Max is 6MB)"; $uploadOk = 0; - //header('Location: ./failed.php'); header('HTTP/1.1 400 Bad Request', true, 400); http_response_code(400); - //echo 400; return; } // Allow only certain file formats. @@ -50,21 +40,15 @@ if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg && $imageFileType != "JPG" && $imageFileType != "PNG" && $imageFileType != "JPEG" && $imageFileType != "gif" && $imageFileType != "svg" && $imageFileType != "GIF" && $imageFileType != "SVG" ) { - //echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed."; $uploadOk = 0; - //header('Location: ./failed.php'); header('HTTP/1.1 400 Bad Request', true, 400); http_response_code(400); - //echo 400; return; } // Check if $uploadOk is set to 0 by an error, if so go to failure condition. if ($uploadOk == 0) { - //echo "Sorry, your file could not be uploaded."; - //header('Location: ./failed.php'); header('HTTP/1.1 400 Bad Request', true, 400); http_response_code(400); - //echo 400; return; // If everything is ok, try to upload file. } else { @@ -116,36 +100,17 @@ if ($uploadOk == 0) { $newfilename = $dayId . $hourId . $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); $newtarget = $target_dir . $newfilename; if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newtarget)) { - chmod("$newtarget", 0775); // Set read and write permissions if file - //echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded."; + chmod("$newtarget", 0775); // Set read and write permissions on file $uploaderlog = "" . date('U') . ", ". date('Y-m-d H:i:s e') . ", $_SERVER[REMOTE_ADDR], $newfilename" . ", " . $imejicoreversion . ", $_SERVER[HTTP_USER_AGENT]"; - //$uploaderlog = "Unix Time: " . date('U') . ", Logical Time: ". date('Y-m-d H:i:s e') . ", IP Address: $_SERVER[REMOTE_ADDR], Filename: $newfilename" . ", User Agent: $_SERVER[HTTP_USER_AGENT], Referer: $_SERVER[HTTP_REFERER]"; --simplified in v0.9e file_put_contents('uploads.log', $uploaderlog . PHP_EOL, FILE_APPEND); - //$respondingcode = http_response_code(); - //return $respondingcode; - - //$droploaddata = header('Location: https://i.zxicar.us/' . $newfilename); - //$droploaddata = '{ "Location": "https://i.zxicar.us/' . $newfilename . '" }'; - //header('Content-type: application/json'); - //echo $droploaddata; - //return; - header('Content-type: application/json'); echo json_encode([ "location" => "https://i.yandols.xyz/{$newfilename}" ]); return; - //header('Location: https://i.zxicar.us/' . $newfilename); - //return; - //header('Location: http://i.zxicar.us/' . $newfilename); --switched to HTTPS as of v0.9d - //header('Location: ../imeji/' . $newtarget); --changed as of v0.7 - //header('Location: http://zxicar.us/imeji/'.basename( $_FILES["fileToUpload"]["name"])); --changed as of v0.2 } else { - //echo "Sorry, there was a problem uploading your file."; - //header('Location: ./failed.php'); header('HTTP/1.1 400 Bad Request', true, 400); http_response_code(400); - //echo 400; return; } }