From fc1d66e2f4914d709210ec969707a82ba6c2c13b Mon Sep 17 00:00:00 2001
From: Yandols ZeonX <cs_aero2@yahoo.com>
Date: Fri, 12 Apr 2019 20:25:56 +0800
Subject: [PATCH] Apply UFNRA update to droploader.

---
 dropload.php | 69 ++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 53 insertions(+), 16 deletions(-)

diff --git a/dropload.php b/dropload.php
index 8ba1d92..2e92d25 100644
--- a/dropload.php
+++ b/dropload.php
@@ -1,12 +1,14 @@
 <?php
-//Imeji Uploader Core Code -- Version 2.0 (revision 49) (Migrations Phase 1)
-$imejicoreversion = "Icarus_Imeji_V2_Droploader_r49_S_p1";
+// Imeji Uploader Core Code -- Version 2.1 (revision 54) (Uploader Filename Randomizer Algorithm Update)
+//
+// Core Variables. Don't change unless you know what you're doing.
+$imejicoreversion = "Icarus_Imeji_V2.1_Droploader_r54";
 $target_dir = "public/";
 $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
 $target_filenameonly = basename($_FILES["fileToUpload"]["name"]);
 $uploadOk = 1;
 $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
-// Check if image file is a actual image or fake image
+// Check if uploaded image file is a actual image or fake image with masked extension.
 if(isset($_POST["submit"])) {
     $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
     if($check !== false) {
@@ -22,7 +24,7 @@ if(isset($_POST["submit"])) {
 	    return;
     }
 }
-// Check if file already exists
+// Check whether a file with the same name already exists on server or not for security reasons.
 if (file_exists($target_file)) {
     //echo "Sorry, file already exists.";
     $uploadOk = 0;
@@ -32,7 +34,7 @@ if (file_exists($target_file)) {
     //echo 400;
     return;
 }
-// Check file size (Currently Max 6MB)
+// Check file size. (Imeji Standard Max is 6MB)
 if ($_FILES["fileToUpload"]["size"] > 6291456) {
     //echo "Sorry, your file is too large. (Max is 6MB)";
     $uploadOk = 0;
@@ -42,8 +44,8 @@ if ($_FILES["fileToUpload"]["size"] > 6291456) {
     //echo 400;
     return;
 }
-// Allow certain file formats
-// Fixed uppercase rejection bug in 1.1a
+// Allow only certain file formats.
+// 1.1a -- Fixed uppercase rejection bug and allows them.
 if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
 && $imageFileType != "JPG" && $imageFileType != "PNG" && $imageFileType != "JPEG"
 && $imageFileType != "gif" && $imageFileType != "svg"
@@ -56,7 +58,7 @@ if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg
     //echo 400;
     return;
 }
-// Check if $uploadOk is set to 0 by an error
+// Check if $uploadOk is set to 0 by an error, if so go to failure condition.
 if ($uploadOk == 0) {
     //echo "Sorry, your file could not be uploaded.";
     //header('Location: ./failed.php');
@@ -64,20 +66,55 @@ if ($uploadOk == 0) {
     http_response_code(400);
     //echo 400;
     return;
-// if everything is ok, try to upload file
+// If everything is ok, try to upload file.
 } else {
-    // 1.2a -- Changed some case-confusing characters such as I and O to web safe symbols.
-    $characters = 'abcdefghjklmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ1234567890-_!$+*';
-    $random_string_length = 12;
+    // 1.2a --- Changed some case-confusing characters such as I and O to web safe symbols.
+    // 1.3 ---- Removed some problematic symbol characters that can break CMS such as + and $.
+    // 1.3_0 -- Changed the filename randomizer algorithm to compensate for characters pool reduction to 62 from 64.
+    $characters = 'abcdefghjklmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ1234567890-_!*';
+    $random_string_length = 11;
     $randomFilename = '';
     for ($i = 0; $i < $random_string_length; $i++) {
       $randomFilename .= $characters[rand(0, strlen($characters) - 1)];
     }
-    //$newfilename = time() . '_' . rand(1000000, 9999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.6b
-    //$newfilename = time() . '_' . rand(100, 999) . '_' . rand(100000000, 999999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.8
-    $newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"]));
+    // Day-base identifiers (Implemented in v1.3_0)
+    if (date('D') == 'Sun') {
+        $dayId = 'Q';
+    } else if (date('D') == 'Mon') {
+        $dayId = 'a';
+    } else if (date('D') == 'Tue') {
+        $dayId = 'z';
+    } else if (date('D') == 'Wed') {
+        $dayId = '2';
+    } else if (date('D') == 'Thu') {
+        $dayId = 'W';
+    } else if (date('D') == 'Fri') {
+        $dayId = 's';
+    } else if (date('D') == 'Sat') {
+        $dayId = 'x';
+    } else {
+        $dayId = '0';
+    }
+    // Hour-base identifiers (Implemented in v1.3_0 / Changed in v1.3_2)
+    if ((date('H') >= '00') && (date('H') <= '03')) {
+        $hourId = '3';
+    } else if ((date('H') >= '04') && (date('H') <= '07')) {
+        $hourId = 'E';
+    } else if ((date('H') >= '08') && (date('H') <= '11')) {
+        $hourId = 'd';
+    } else if ((date('H') >= '12') && (date('H') <= '15')) {
+        $hourId = '4';
+    } else if ((date('H') >= '16') && (date('H') <= '19')) {
+        $hourId = 'R';
+    } else if ((date('H') >= '20') && (date('H') <= '23')) {
+        $hourId = 'f';
+    } else {
+        $hourId = 'z';
+    }
+    // Finalize file upload and return output to user.
+    // Old line: $newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v1.3, kept for instaneous rollback safety.
+    $newfilename = $dayId . $hourId . $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"]));
     $newtarget = $target_dir . $newfilename;
-    //if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
     if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newtarget)) {
         chmod("$newtarget", 0775); // Set read and write permissions if file
         //echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";