Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(0);
- session_start();
- prepareanticsrf();
- if(!defined("DIRTOUPLOAD")){ define("DIRTOUPLOAD",'./img2base64/');};
- if(!file_exists(DIRTOUPLOAD))
- {
- mkdir(DIRTOUPLOAD,0775);
- }
- if(!file_exists(DIRTOUPLOAD . '/.htaccess') || file_get_contents(DIRTOUPLOAD . '/.htaccess')!='deny from all')
- {
- file_put_contents(DIRTOUPLOAD . '/.htaccess','deny from all');
- }
- function refreshsess()
- {
- echo '<META HTTP-EQUIV="Refresh" CONTENT="1;URL=?">';
- }
- function prepareanticsrf()
- {
- /* ************************** BEOF ANTI CSRF YOXLANMA UCUN. EL VURMA HECNEYE *******************************************/
- if($_SERVER['REQUEST_METHOD']==='GET') // her bir GET requestde yaradiriq.
- {
- $_SESSION['csrftokenize']=sha1(md5(rand(51389,4895615454).md5(time())));
- // # debug echo '<font color="red">' . $_SESSION['csrftokenize'] . '</font>'; kk #
- // # debug echo "<script>alert(\"{$_SESSION['csrftokenize']}\");</script>"; #
- /* sessiyani yaradiriq. Mehz bunun sayesinde server side yoxlanama edirik CSRF attackdir ya yox?*/
- }
- //# Eger sehifeye POST or HEAD OR TRACE zapros gonderirse bizi firlatmaq ucun amma yemeyib gedir bu defe de. #
- if($_SERVER['REQUEST_METHOD']!=='GET' && !isset($_SESSION['csrftokenize'])) die(refreshsess());
- // Burda header() de vermek olardi amma o halda HEAD requestde infinitive loopa duse bilerdik.
- if($_SERVER['REQUEST_METHOD']==='POST' && isset($_SESSION['csrftokenize']))
- //Mehz burada biz POST req-ler ucun CSRF token yaradiriq.CSRF tokenleri daha sensitive edirik.
- {
- $_SESSION['oldbasecsrf']=$_SESSION['csrftokenize'];
- $_SESSION['csrftokenize']=sha1(md5(rand(51389,4895615454).md5(time())));
- }
- if(count($_SESSION) !==0) $_SESSION=array_map('htmlentities',$_SESSION); // Her ehtimal ucun sanitizasiya edek.
- /* ************************** EOF ANTI CSRF YOXLANMA UCUN EL VURMA HECNEYE *******************************************/
- }
- function csrfcheck(&$val1,&$val2)
- {
- if(!isset($_POST['anticsrftokenize']) || !isset($_SESSION['csrftokenize']) ||!isset($_SESSION['oldbasecsrf']) || md5($_POST['anticsrftokenize'])!==md5($_SESSION['oldbasecsrf']))
- {
- die('<script>location.replace("?");</script>' . refreshsess());
- }
- }
- ?>
- <!DOCTYPE html>
- <head>
- <style type="text/css">
- body
- {
- background-color: black;
- color: green;
- }
- textarea
- {
- background-color: black;
- color: red;
- }
- h1
- {
- color: red;
- }
- label
- {
- color: red;
- }
- input{
- background-color: black;
- color: red;
- }
- </style>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Simple Image2base64 Encoder By AkaStep</title>
- </head>
- <body>
- <center><h1><blink>Simple Image2base64 Encoder By AkaStep</blink><br></h1>
- <form action="" method="post" name="main" enctype="multipart/form-data">
- <label>Input File:</label>
- <input type="file" name="inputfile"/>
- <input type="hidden" name="anticsrftokenize" id="anticsrftokenize" value="<?php echo htmlentities($_SESSION['csrftokenize']);?>" />
- <input type="submit" name="submit" value="SendIT"/>
- </form>
- <?php
- if(strtolower($_SERVER['REQUEST_METHOD'])!=='post'){
- die('</center></body>
- </html>');
- }
- if(isset($_POST['submit']) && isset($_FILES['inputfile']['name']) && !empty($_FILES['inputfile']['name']) &&
- is_string($_FILES['inputfile']['name']) && (strlen($_FILES['inputfile']['name'])>0) && (strlen($_FILES['inputfile']['name'])<=255))
- {
- csrfcheck($_POST['anticsrftokenize'],$_SESSION['csrftokenize']);
- $tmpname=$_FILES['inputfile']['tmp_name'];
- $newrndname=DIRTOUPLOAD .'/'. md5(sha1(htmlspecialchars(basename($_FILES['inputfile']['name']))) . mktime());
- if(move_uploaded_file($tmpname,$newrndname))
- {
- if(file_exists($newrndname))
- {
- $encodedfile_contents='<img src="data:image/png;base64,' .wordwrap(base64_encode(file_get_contents($newrndname)),80,PHP_EOL,TRUE) . '" />' .PHP_EOL;
- if(!unlink($newrndname)){ chmod($newrndname,0777);unlink($newrndname);}
- echo '<br>
- <br><h2>OutPut:</h2>
- <textarea name="output" cols="120" rows="30" readonly="readonly">' .PHP_EOL. $encodedfile_contents . '</textarea>' . PHP_EOL;
- die('</center></body>
- </html>');
- }
- else
- {
- die('<h>Unable to upload file!<br>Please check permissions!<br>!<script>alert("Unable to upload file! Please check premissions!");location.replace("?");</script>');
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement