-
Notifications
You must be signed in to change notification settings - Fork 0
/
post-upload.php
164 lines (156 loc) · 7.69 KB
/
post-upload.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
<?php
// if the user isn't logged in - this redirects to index
session_start();
if(!isset($_SESSION['sessionId'])){
header('location: login.php?status=not_logged_in');
exit;
}
// now we know that the person trying to post is logged in
// but we still don't know whether it's the real person or just someone using their session ID
// a token was created if the real person wanted to do this - does it match what we got?
if(!isset($_SESSION['tokenPost']) || !isset($_POST['activityToken'])){
//echo 'The token is not set';
header('location: ups.php');
exit;
}else{
// if there is a token, compare it to the one we got from the form
if ($_SESSION['tokenPost'] != $_POST['activityToken']){
// redirect to UPS THIS WASN'T SUPPOSED TO HAPPEN page
header('location: ups.php');
exit;
}
}
// check whether we got data from the form
if( isset($_FILES['postFile']) && $_FILES['postFile']['size'] != 0 && !empty($_POST['postHeader'])){
require('controllers/database.php');
$newPostId = uniqid();
$newPostUserId = $_SESSION['userId'];
$newPostHeadline = $_POST['postHeader'];
$newPostImageLocation;
$newPostImageName;
if(isset($_POST['postSensitive'])){
$newPostSensitivity = '1';
}else{
$newPostSensitivity = '0';
}
// echo $_FILES['postFile']['size'];
if( $_FILES['postFile']['size'] < 4000000 ){ // unit is bytes - 4 MB
// use the image
$aImage = $_FILES['postFile'];
// print_r( $aImage );
// Array ( [name] => logo.svg [type] => image/svg+xml [tmp_name] => C:\xampp\tmp\php3128.tmp [error] => 0 [size] => 2668 )
$sOldPath = $aImage['tmp_name'];
// Create an id that will be unique for the file that we will save
$sUniqueImageName = uniqid();
$newPostImageName = $sUniqueImageName;
// Extract the extension of the image
$sImageName = $aImage['name'];
$aImageName = explode( '.' , $sImageName ); // logo.svg ['logo','svg']
// loop through all of the items in the exploded array except the first one - if any contain 'exe', redirect back to index and log this attempt
for($i = 1; $i < sizeof($aImageName); $i++){
if($aImageName[$i] == 'exe'){
// write logs here on which user did it
$currentIp = 'template';
$attack_description = 'Upload of an exe file';
date_default_timezone_set("UTC");
$time_of_attack = date('Y-m-d H:i:s');
try{
$db->beginTransaction();
$stmt = $db->prepare('INSERT INTO security_logs VALUES ( :id_security_logs , :description_of_attack , :ip_address , :user_og_id, :time_of_attack)');
$id_security_logs = uniqid();
$stmt->bindValue(':id_security_logs', $id_security_logs);
$stmt->bindValue(':description_of_attack', $attack_description);
//get IP address https://stackoverflow.com/questions/3003145/how-to-get-the-client-ip-address-in-php
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$currentIp = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$currentIp = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$currentIp = $_SERVER['REMOTE_ADDR'];
}
$stmt->bindValue(':ip_address', $currentIp);
$stmt->bindValue(':user_og_id', $_SESSION['userId']);
$stmt->bindValue(':time_of_attack', $time_of_attack);
if($stmt->execute()){ //true or false -> doesn't throw a fatal error if it returns false . so we need to use if statement to check for it
// ban the user who tried to upload an exe file
$stmtTwo = $db->prepare('UPDATE users SET banned = 1 WHERE id_users = :user_og_id');
$stmtTwo->bindValue(':user_og_id', $_SESSION['userId']);
if($stmtTwo->execute()){ //true or false -> doesn't throw a fatal error if it returns false . so we need to use if statement to check for it
$db->commit();
}else{
$db->rollBack(); //if the if is false, the database roolsback all the changes
echo 'we rolledback the changes in db';
}
}else{
$db->rollBack(); // same as above
echo 'we rolledback ALL the changes in db';
}
} catch (PDOException $ex){
echo $ex;
exit();
}
$userProfileId = $_SESSION['userId'];
$userProfileEmail = $_SESSION['userEmail'];
$enteredUsername = $_SESSION['userUsername'];
session_destroy();
header('location: index.php?status=banned');
require_once('send_email_potential_attack.php');
exit;
}
}
//if there was NOT an exe
// get extension knowing that the last element is the extension
$sExtension = $aImageName[count($aImageName)-1];
// now we whitelist PNG JPG JPEG
// if the extention isn't any of these then tell the user only they are allowed
$bCorrectExtension = false;
$allowedExtensions = ['png', 'jpg', 'jpeg', 'gif', 'PNG', 'JPG', 'JPEG', 'GIF'];
for($j = 0; $j < sizeof($allowedExtensions)-1; $j++){
if($allowedExtensions[$j] == $sExtension){
$bCorrectExtension = true;
}
}
if($bCorrectExtension == false){
header('location: index.php?status=wrong_file_format');
exit;
}
// Create a variable with the new path
$sPathToSaveFile = "images/posts/$sUniqueImageName.$sExtension";
$newPostImageLocation = $sPathToSaveFile;
// save the image to a folder
if( move_uploaded_file( $sOldPath , $sPathToSaveFile ) ){
echo "SUCCESS UPLOADING FILE";
// now we can update the database when the image is in the folder
try{
$stmt = $db->prepare('INSERT INTO posts (id_posts, id_users, headline, image_location, image_name, sensitive_content)
VALUES ( :newPostId , :newPostUserId , :newPostHeadline , :newPostImageLocation , :newPostImageName , :newPostSensitivity )');
$stmt->bindValue(':newPostId', $newPostId);
$stmt->bindValue(':newPostUserId', $newPostUserId);
$stmt->bindValue(':newPostHeadline', $newPostHeadline);
$stmt->bindValue(':newPostImageLocation', $newPostImageLocation);
$stmt->bindValue(':newPostImageName', $newPostImageName);
$stmt->bindValue(':newPostSensitivity', $newPostSensitivity);
$stmt->execute();
} catch (PDOException $ex){
echo $ex;
// if the new post couldn't be written into the database, pretend the whole thing failed
header('location: index.php?status=error_uploading_image');
exit();
}
header('location: index.php');
exit;
}else{
echo "ERROR UPLOADING FILE";
header('location: index.php?status=error_uploading_image');
exit;
}
}else{
echo "FILE TOO LARGE";
header('location: index.php?status=file_too_large');
exit;
}
}else{
header('location: index.php?status=post_invalid');
exit;
}
?>