API tools faq
paste
Advertisement
Guest User

asdsafsdfdsf

a guest
Nov 9th, 2012
410
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.53 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. session_start();
  4. prepareanticsrf();
  5.  
  6.  
  7. if(!defined("DIRTOUPLOAD")){ define("DIRTOUPLOAD",'./img2base64/');};
  8. if(!file_exists(DIRTOUPLOAD))
  9. {
  10. mkdir(DIRTOUPLOAD,0775);
  11. }
  12. if(!file_exists(DIRTOUPLOAD . '/.htaccess') || file_get_contents(DIRTOUPLOAD . '/.htaccess')!='deny from all')
  13. {
  14. file_put_contents(DIRTOUPLOAD . '/.htaccess','deny from all');
  15. }
  16.  
  17.  
  18.  
  19.  
  20. function refreshsess()
  21. {
  22. echo '<META HTTP-EQUIV="Refresh" CONTENT="1;URL=?">';
  23. }
  24.  
  25.  
  26.  
  27.  
  28. function prepareanticsrf()
  29. {
  30. /* ************************** BEOF ANTI CSRF YOXLANMA UCUN. EL VURMA HECNEYE *******************************************/
  31. if($_SERVER['REQUEST_METHOD']==='GET') // her bir GET requestde yaradiriq.
  32. {
  33. $_SESSION['csrftokenize']=sha1(md5(rand(51389,4895615454).md5(time())));
  34.  
  35. // # debug echo '<font color="red">' . $_SESSION['csrftokenize'] . '</font>'; kk #
  36. // # debug echo "<script>alert(\"{$_SESSION['csrftokenize']}\");</script>"; #
  37. /* sessiyani yaradiriq. Mehz bunun sayesinde server side yoxlanama edirik CSRF attackdir ya yox?*/
  38. }
  39. //# Eger sehifeye POST or HEAD OR TRACE zapros gonderirse bizi firlatmaq ucun amma yemeyib gedir bu defe de. #
  40. if($_SERVER['REQUEST_METHOD']!=='GET' && !isset($_SESSION['csrftokenize'])) die(refreshsess());
  41. // Burda header() de vermek olardi amma o halda HEAD requestde infinitive loopa duse bilerdik.
  42.  
  43. if($_SERVER['REQUEST_METHOD']==='POST' && isset($_SESSION['csrftokenize']))
  44. //Mehz burada biz POST req-ler ucun CSRF token yaradiriq.CSRF tokenleri daha sensitive edirik.
  45. {
  46. $_SESSION['oldbasecsrf']=$_SESSION['csrftokenize'];
  47. $_SESSION['csrftokenize']=sha1(md5(rand(51389,4895615454).md5(time())));
  48. }
  49.  
  50. if(count($_SESSION) !==0) $_SESSION=array_map('htmlentities',$_SESSION); // Her ehtimal ucun sanitizasiya edek.
  51.  
  52. /* ************************** EOF ANTI CSRF YOXLANMA UCUN EL VURMA HECNEYE *******************************************/
  53. }
  54.  
  55.  
  56. function csrfcheck(&$val1,&$val2)
  57. {
  58.  
  59. if(!isset($_POST['anticsrftokenize']) || !isset($_SESSION['csrftokenize']) ||!isset($_SESSION['oldbasecsrf']) || md5($_POST['anticsrftokenize'])!==md5($_SESSION['oldbasecsrf']))
  60. {
  61. die('<script>location.replace("?");</script>' . refreshsess());
  62. }
  63.  
  64.  
  65. }
  66.  
  67.  
  68. ?>
  69. <!DOCTYPE html>
  70. <head>
  71. <style type="text/css">
  72. body
  73. {
  74. background-color: black;
  75. color: green;
  76. }
  77. textarea
  78. {
  79. background-color: black;
  80. color: red;
  81. }
  82. h1
  83. {
  84. color: red;
  85. }
  86. label
  87. {
  88. color: red;
  89. }
  90. input{
  91. background-color: black;
  92. color: red;
  93. }
  94. </style>
  95.  
  96. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  97. <title>Simple Image2base64 Encoder By AkaStep</title>
  98. </head>
  99.  
  100. <body>
  101. <center><h1><blink>Simple Image2base64 Encoder By AkaStep</blink><br></h1>
  102. <form action="" method="post" name="main" enctype="multipart/form-data">
  103. <label>Input File:</label>
  104. <input type="file" name="inputfile"/>
  105. <input type="hidden" name="anticsrftokenize" id="anticsrftokenize" value="<?php echo htmlentities($_SESSION['csrftokenize']);?>" />
  106. <input type="submit" name="submit" value="SendIT"/>
  107. </form>
  108.  
  109. <?php
  110.  
  111.  
  112. if(strtolower($_SERVER['REQUEST_METHOD'])!=='post'){
  113. die('</center></body>
  114. </html>');
  115. }
  116.  
  117.  
  118.  
  119. if(isset($_POST['submit']) && isset($_FILES['inputfile']['name']) && !empty($_FILES['inputfile']['name']) &&
  120. is_string($_FILES['inputfile']['name']) && (strlen($_FILES['inputfile']['name'])>0) && (strlen($_FILES['inputfile']['name'])<=255))
  121. {
  122. csrfcheck($_POST['anticsrftokenize'],$_SESSION['csrftokenize']);
  123.  
  124.  
  125.  
  126. $tmpname=$_FILES['inputfile']['tmp_name'];
  127. $newrndname=DIRTOUPLOAD .'/'. md5(sha1(htmlspecialchars(basename($_FILES['inputfile']['name']))) . mktime());
  128.  
  129. if(move_uploaded_file($tmpname,$newrndname))
  130. {
  131. if(file_exists($newrndname))
  132. {
  133.  
  134. $encodedfile_contents='<img src="data:image/png;base64,' .wordwrap(base64_encode(file_get_contents($newrndname)),80,PHP_EOL,TRUE) . '" />' .PHP_EOL;
  135. if(!unlink($newrndname)){ chmod($newrndname,0777);unlink($newrndname);}
  136.  
  137. echo '<br>
  138. <br><h2>OutPut:</h2>
  139. <textarea name="output" cols="120" rows="30" readonly="readonly">' .PHP_EOL. $encodedfile_contents . '</textarea>' . PHP_EOL;
  140. die('</center></body>
  141. </html>');
  142.  
  143.  
  144. }
  145. else
  146. {
  147. die('<h>Unable to upload file!<br>Please check permissions!<br>!<script>alert("Unable to upload file! Please check premissions!");location.replace("?");</script>');
  148. }
  149. }
  150. }
  151. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!