Cleanup + set randomized length to 11, bringing the total filename length to 13.

merge-requests/2/head
YandolsZX 6 years ago
parent e99dc7df6c
commit 1e52b9f248
  1. 34
      upload.php

@ -1,12 +1,14 @@
<?php <?php
//Imeji Uploader Core Code -- Version 1.3 (Uploader Filename Randomizer Algorithm Update) // Imeji Uploader Core Code -- Version 1.3 (Uploader Filename Randomizer Algorithm Update)
$imejicoreversion = "imeji_v1.3_0"; //
// Core Variables. Don't change unless you know what you're doing.
$imejicoreversion = "imeji_v1.3_1";
$target_dir = "public/"; $target_dir = "public/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]); $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$target_filenameonly = basename($_FILES["fileToUpload"]["name"]); $target_filenameonly = basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1; $uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION); $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image // Check if uploaded image file is a actual image or fake image with masked extension.
if(isset($_POST["submit"])) { if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]); $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) { if($check !== false) {
@ -18,20 +20,20 @@ if(isset($_POST["submit"])) {
header('Location: ./failed.php'); header('Location: ./failed.php');
} }
} }
// Check if file already exists // Check whether a file with the same name already exists on server or not for security reasons.
if (file_exists($target_file)) { if (file_exists($target_file)) {
echo "Sorry, file already exists."; echo "Sorry, file already exists.";
$uploadOk = 0; $uploadOk = 0;
header('Location: ./failed.php'); header('Location: ./failed.php');
} }
// Check file size (Currently Max 6MB) // Check file size. (Imeji Standard Max is 6MB)
if ($_FILES["fileToUpload"]["size"] > 6291456) { if ($_FILES["fileToUpload"]["size"] > 6291456) {
echo "Sorry, your file is too large. (Max is 6MB)"; echo "Sorry, your file is too large. (Max is 6MB)";
$uploadOk = 0; $uploadOk = 0;
header('Location: ./failed.php'); header('Location: ./failed.php');
} }
// Allow certain file formats // Allow only certain file formats.
// Fixed uppercase rejection bug in 1.1a // 1.1a -- Fixed uppercase rejection bug and allows them.
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "JPG" && $imageFileType != "PNG" && $imageFileType != "JPEG" && $imageFileType != "JPG" && $imageFileType != "PNG" && $imageFileType != "JPEG"
&& $imageFileType != "gif" && $imageFileType != "svg" && $imageFileType != "gif" && $imageFileType != "svg"
@ -40,17 +42,17 @@ if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg
$uploadOk = 0; $uploadOk = 0;
header('Location: ./failed.php'); header('Location: ./failed.php');
} }
// Check if $uploadOk is set to 0 by an error // Check if $uploadOk is set to 0 by an error, if so go to failure condition.
if ($uploadOk == 0) { if ($uploadOk == 0) {
echo "Sorry, your file could not be uploaded."; echo "Sorry, your file could not be uploaded.";
header('Location: ./failed.php'); header('Location: ./failed.php');
// if everything is ok, try to upload file // If everything is ok, try to upload file.
} else { } else {
// 1.2a --- Changed some case-confusing characters such as I and O to web safe symbols. // 1.2a --- Changed some case-confusing characters such as I and O to web safe symbols.
// 1.3 ---- Removed some problematic symbol characters that can break CMS such as + and $. // 1.3 ---- Removed some problematic symbol characters that can break CMS such as + and $.
// 1.3_0 -- Changed the filename randomizer algorithm to compensate for characters pool reduction to 62 from 64. // 1.3_0 -- Changed the filename randomizer algorithm to compensate for characters pool reduction to 62 from 64.
$characters = 'abcdefghjklmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ1234567890-_!*'; $characters = 'abcdefghjklmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ1234567890-_!*';
$random_string_length = 10; $random_string_length = 11;
$randomFilename = ''; $randomFilename = '';
for ($i = 0; $i < $random_string_length; $i++) { for ($i = 0; $i < $random_string_length; $i++) {
$randomFilename .= $characters[rand(0, strlen($characters) - 1)]; $randomFilename .= $characters[rand(0, strlen($characters) - 1)];
@ -85,22 +87,18 @@ if ($uploadOk == 0) {
} else { } else {
$hourId = 'z'; $hourId = 'z';
} }
//$newfilename = time() . '_' . rand(1000000, 9999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.6b // Finalize file upload and return output to user.
//$newfilename = time() . '_' . rand(100, 999) . '_' . rand(100000000, 999999999) . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v0.8 // Old line: $newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); --prior to v1.3, kept for instaneous rollback safety.
//$newfilename = $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"]));
$newfilename = $dayId . $hourId . $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"])); $newfilename = $dayId . $hourId . $randomFilename . '.' . end(explode(".",$_FILES["fileToUpload"]["name"]));
$newtarget = $target_dir . $newfilename; $newtarget = $target_dir . $newfilename;
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newtarget)) { if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $newtarget)) {
chmod("$newtarget", 0775); // Set read and write permissions if file chmod("$newtarget", 0775); // Set read and write permissions on file
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded."; echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
$uploaderlog = "" . date('U') . ", ". date('Y-m-d H:i:s e') . ", $_SERVER[REMOTE_ADDR], $newfilename" . ", " . $imejicoreversion . ", $_SERVER[HTTP_USER_AGENT]"; $uploaderlog = "" . date('U') . ", ". date('Y-m-d H:i:s e') . ", $_SERVER[REMOTE_ADDR], $newfilename" . ", " . $imejicoreversion . ", $_SERVER[HTTP_USER_AGENT]";
//$uploaderlog = "Unix Time: " . date('U') . ", Logical Time: ". date('Y-m-d H:i:s e') . ", IP Address: $_SERVER[REMOTE_ADDR], Filename: $newfilename" . ", User Agent: $_SERVER[HTTP_USER_AGENT], Referer: $_SERVER[HTTP_REFERER]"; --simplified in v0.9e
file_put_contents('uploads.log', $uploaderlog . PHP_EOL, FILE_APPEND); file_put_contents('uploads.log', $uploaderlog . PHP_EOL, FILE_APPEND);
header('Location: https://i.yandols.xyz/' . $newfilename); header('Location: https://i.yandols.xyz/' . $newfilename);
//header('Location: http://i.zxicar.us/' . $newfilename); --switched to HTTPS as of v0.9d
//header('Location: ../imeji/' . $newtarget); --changed as of v0.7
//header('Location: http://zxicar.us/imeji/'.basename( $_FILES["fileToUpload"]["name"])); --changed as of v0.2
} else { } else {
// If anything wrong here, go to failure condition.
echo "Sorry, there was a problem uploading your file."; echo "Sorry, there was a problem uploading your file.";
header('Location: ./failed.php'); header('Location: ./failed.php');
} }

Loading…
Cancel
Save