API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 18th, 2019
292
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 6.85 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. require('config.php');
  4. require('common.php');
  5.  
  6. // see if anonymous uploads has been disabled, and check if the user is logged in
  7. if (ANON_UPLOADS === false && !isset($_SESSION['user']))
  8. {
  9.     exit_message('Anonymous uploads have been disabled, please register or log in to upload');
  10. }
  11.  
  12. // both image and url submitted. wtf, let's get the hell out of here!
  13. if (isset($_FILES['image']) && isset($_POST['url']))
  14. {
  15.     exit_message('Please only choose one image to upload.');
  16. }
  17.  
  18. // neither submitted - inform user and exit
  19. if (!isset($_FILES['image']) && !isset($_POST['url']))
  20. {
  21.     exit_message('Please choose either an image on your computer to upload or a remote image to download.');
  22. }
  23.  
  24. $allowed_ext = [
  25.     'png',
  26.     'jpg',
  27.     'gif',
  28.     'jpeg'
  29. ];
  30.  
  31. // user must have submitted either an image or URL
  32. // check which one and make sure it's valid
  33. // check for an uploaded image first
  34. if (isset($_FILES['image']))
  35. {
  36.  
  37.     if ($_FILES['image']['error'] == 0)
  38.     {
  39.         // user wants to upload via browser
  40.         // set variables - will check after
  41.         $size = $_FILES['image']['size'];
  42.         $ext = pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION);
  43.     }
  44.  
  45.     else
  46.     {
  47.         exit_message('File upload error (error code: ' . $_FILES['image']['error'] . ')<br /><br />See here for error codes: <a href="http://php.net/manual/en/features.file-upload.errors.php" target="_blank">http://php.net/manual/en/features.file-upload.errors.php</a>');
  48.     }
  49.  
  50. }
  51.  
  52. elseif (isset($_POST['url']))
  53. {
  54.     // user wants to download a remote image
  55.     // make sure URL is valid and set variables - will check after
  56.     // is remote downloading enabled in conf.php?
  57.     if (ALLOW_REMOTE !== true)
  58.     {
  59.         // remote downloading is disabled - error and exit
  60.         exit_message('Remote downloading is not enabled on this installation');
  61.     }
  62.  
  63.     // allowed URL schemes
  64.     $allowed_schemes = [
  65.         'http',
  66.         'https'
  67.     ];
  68.  
  69.     // check if URL is valid and http/https only
  70.     if (!filter_var($_POST['url'], FILTER_VALIDATE_URL) || (!in_array(parse_url($_POST['url'], PHP_URL_SCHEME), $allowed_schemes)))
  71.     {
  72.         // not a valid URL
  73.         exit_message('Sorry, this URL is invalid');
  74.     }
  75.  
  76.     // if whitelisting is enabled, make sure it's an allowed domain
  77.     if ((URL_WHITELIST === true) && (!in_array(parse_url($_POST['url'], PHP_URL_HOST), $allowed_urls)))
  78.     {
  79.         exit_message('Sorry, downloads from this domain have not been allowed by the administrator');
  80.     }
  81.  
  82.     // looks good so far, download the image and make sure it's valid
  83.     $size = get_headers($_POST['url'], 1)['Content-Length'];
  84.     $tmp_ext = getimagesize($_POST['url']);
  85.     $ext = $tmp_ext['mime'];
  86.     $ext = str_replace('image/', '', $ext);
  87. }
  88.  
  89. // OK, everything checks out so far
  90. // check size/ext
  91. if ($size > ALLOWED_SIZE)
  92. {
  93.     // file is too big
  94.     exit_message('Sorry, this file is too big');
  95. }
  96.  
  97. // size is OK, make sure EXT is allowed
  98. if (!in_array($ext, $allowed_ext))
  99. {
  100.     // ext not allowed
  101.     exit_message('Sorry, this extension is not allowed.');
  102. }
  103.  
  104. // size and ext are fine
  105. // let's set $image to either $_FILES['image'] or $_POST['url'] and check if they're valid
  106.  
  107. if (isset($_FILES['image']))
  108. {
  109.     if (!getimagesize($_FILES['image']['tmp_name']))
  110.     {
  111.         exit_message('Sorry, this does not appear to be a valid image');
  112.     }
  113.  
  114.     $image = $_FILES['image']['tmp_name'];
  115. }
  116.  
  117. elseif (isset($_POST['url']))
  118. {
  119.     $image = file_get_contents($_POST['url'], NULL, NULL, NULL, $size);
  120.  
  121.     if (!imagecreatefromstring($image))
  122.     {
  123.         exit_message('Sorry, this does not appear to be a valid image');
  124.     }
  125. }
  126.  
  127. // everything looks good so far! images are valid, size and ext check out
  128. // generate an ID, move files and insert into DB
  129.  
  130. // generate ID (and make sure it doesn't exist)
  131. require('db.php');
  132.  
  133. // prepare query
  134. $exists = mysqli_prepare($db, 'SELECT EXISTS(SELECT 1 FROM `images` WHERE `id` = ?)');
  135.  
  136. // create ID and check if it exists in the DB
  137. do
  138. {
  139.     // create ID
  140.     $id = '';
  141.     $chars = 'ACDEFHJKLMNPQRTUVWXYZabcdefghijkmnopqrstuvwxyz23479';
  142.     for ($i = 0; $i < 5; ++$i)
  143.     {
  144.         $id .= $chars[mt_rand(0, 50)];
  145.     }
  146.     // $id is now set to a randomly generated ID
  147.  
  148.     // query DB to see if ID exists
  149.     mysqli_stmt_bind_param($exists, "s", $id);
  150.     mysqli_stmt_execute($exists);
  151.     ++$db_queries;
  152.     mysqli_stmt_bind_result($exists, $result);
  153.     mysqli_stmt_fetch($exists);
  154.     mysqli_stmt_close($exists);
  155. }
  156. while ($result === 1);
  157.  
  158. // write image (this is different depending on whether it's an upload or remote download)
  159. if (isset($_FILES['image']))
  160. {
  161.     $image_path = 'images/' . $id . '.' . $ext;
  162.  
  163.     // write image
  164.     move_uploaded_file($image, $image_path);
  165. }
  166. else if (isset($_POST['url']))
  167. {
  168.     // write image
  169.     file_put_contents('images/' . $id . '.' . $ext, $image);
  170. }
  171.  
  172. // create thumbnail (only bother if user is logged in)
  173. if (isset($_SESSION['user']))
  174. {
  175.     if (isset($_FILES['image']))
  176.     {
  177.         // set source for thumb
  178.         switch ($ext)
  179.         {
  180.             case 'jpg':
  181.             case 'jpeg':
  182.                 $thumb = imagecreatefromjpeg($image_path);
  183.             break;
  184.  
  185.             case 'png':
  186.                 $thumb = imagecreatefrompng($image_path);
  187.             break;
  188.  
  189.             case 'gif':
  190.                 $thumb = imagecreatefromgif($image_path);
  191.             break;
  192.         }
  193.     }
  194.     else if (isset($_POST['url']))
  195.     {
  196.         // set source for thumb
  197.         $thumb = imagecreatefromstring($image);
  198.     }
  199.  
  200.     $width = imagesx($thumb);
  201.     $height = imagesy($thumb);
  202.  
  203.     if ($width > 200 || $height > 200)
  204.     {
  205.         if ($width > $height)
  206.         {
  207.             $new_width = 200;
  208.             // if image height is below 300, don't bother resizing
  209.             $new_height = floor($height * ($new_width / $width));
  210.         }
  211.         else
  212.         {
  213.             $new_height = 200;
  214.             // if image width is below 300, don't bother resizing
  215.             $new_width = floor($width * ($new_height / $height));
  216.         }
  217.     }
  218.     else
  219.     {
  220.         $new_height = $height;
  221.         $new_width = $width;
  222.     }
  223.  
  224.     $new_thumb = imagecreatetruecolor($new_width, $new_height);
  225.  
  226.     switch ($ext)
  227.     {
  228.         case 'png':
  229.             imagefill($new_thumb, 0, 0, imagecolorallocate($new_thumb, 255, 255, 255));
  230.             imagealphablending($new_thumb, TRUE);
  231.         break;
  232.  
  233.         case 'gif':
  234.             $new_thumb = imagecolorallocate($thumb, 0, 0, 0);
  235.             imagecolortransparent($thumb, $new_thumb);
  236.         break;
  237.     }
  238.    
  239.     imagecopyresized($new_thumb, $thumb, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
  240.     imagedestroy($thumb);  
  241.  
  242.     imagejpeg($new_thumb, 'thumbs/' . $id . '.jpg', 30);
  243.     imagedestroy($new_thumb);
  244. }
  245.  
  246. // check if user is logged in or not and write info to DB
  247. if (!isset($_SESSION['user']))
  248. {
  249.     $query = mysqli_prepare($db, 'INSERT INTO `images` (`id`, `ext`, `ip`) VALUES (?, ?, ?)');
  250.     mysqli_stmt_bind_param($query, 'sss', $id, $ext, $ip);
  251. }
  252. else
  253. {
  254.     $query = mysqli_prepare($db, 'INSERT INTO `images` (`id`, `ext`, `user`, `ip`) VALUES (?, ?, ?, ?)');
  255.     mysqli_stmt_bind_param($query, 'ssis', $id, $ext, $user, $ip);
  256. }
  257.  
  258. // set data for query
  259. $user = $_SESSION['user'];
  260. $ip = IP;
  261.  
  262. // insert data
  263. mysqli_stmt_execute($query);
  264. ++$db_queries;
  265. mysqli_stmt_close($query);
  266.  
  267. // close connection
  268. mysqli_close($db);
  269.  
  270. header('location: ' . VIEW_URL . $id);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!