Jump to content

Millertime1

Members
  • Posts

    15
  • Joined

  • Last visited

Millertime1's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Never mind I did end up adding a class value. I've been away from my computer for awhile sorry.
  2. I decide to redirect instead since it better suits my application but I figure name and class were the same for an input since I can grab the element using a class selector.
  3. <input type="hidden" name="token" id="token" value="sha512 hash"> All my other Ajax calls work off of .token so I'm lost at why it's not working.
  4. Hi, I'm having a problem with a hidden input value not changing on the browser after a request. I can change the value and alert or console log the new value but it won't change the DOM. Here's the section I'm having problems with: xhr.onload = function() { if (xhr.status === 200) { var data = JSON.parse(this.responseText); $(".token").attr('value', data.token); alert($(".token").val()); } else { console.log('Something went terribly wrong...'); } };
  5. I should have checked into mcrypt more before i typed it since its been 2 months since i called that module and instead i just googled it and using it as a token and that's what came up. There's 30x the bad advice compared to good advice out there and about cross communicating i was also thinking that later i might add .pdf files and that's why i was thinking that i would need to have cross domain set up. Im on my phone and its hard to write on.
  6. I went with the 256 encryption iv size because i read that it also works as a token. The errors weren't set up yet as i should have mentioned as I'm having trouble with changing a value onload from a reponseText right now so i just left them as an echo for the time being, i should have mentioned that. I'll change the iv. I don't know why I put the escape on the user id. And for images I'm going to have to work on storing the images when i get home...I'm running an xampp server so I'll have to research how to properly set it up since i read I'll have to set some setting to be able to cross communicate with the other domain.
  7. Like a file hosting website that's meant just for websites to host images on that scan them and allow you to call them to your page. I've looked at imageshack, photobucket, and Amazon file storage but none of them seem to match what I'm looking for.
  8. Here's a updated code, it's not done yet as it doesn't check the session or the request before starting and also it doesn't move the file to another domain as I haven't set it up yet but here it is: if(!empty($_FILES['file']['name'][0])) { if(sizeof($_FILES['file']['name'], 0) < 11 ) { foreach ($_FILES['file']['tmp_name'] as $k => $v) { $name = $_FILES['file']['name'][$k]; $type = $_FILES['file']['type'][$k]; $error = $_FILES["file"]["error"][$k]; $size = $_FILES["file"]["size"][$k]; $tempDir = $_FILES["file"]["tmp_name"][$k]; if ($error > 0) { echo "Return Code: " . $error . "<br>"; } else { $finfo = finfo_open(FILEINFO_MIME_TYPE); $fileType = finfo_file($finfo, $tempDir); finfo_close($finfo); if ((($fileType == "image/gif") || ($fileType == "image/jpg") || ($fileType == "image/png")) && ($size < 20000)) { $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); switch($fileType) { case 'image/gif': $newName = bin2hex(mcrypt_create_iv($iv_size, MCRYPT_RAND)). '.' .time(). '.gif'; break; case 'image/jpg': $newName = bin2hex(mcrypt_create_iv($iv_size, MCRYPT_RAND)). '.' .time(). '.jpg'; break; case 'image/png': $newName = bin2hex(mcrypt_create_iv($iv_size, MCRYPT_RAND)). '.' .time(). '.png'; break; } $user = Session::get(Config::get('session/session_name')); if(ctype_digit($user)) { if(move_uploaded_file($tempDir, 'images/' .escape($user). '/' .$newName)) { //insert into database } else { echo "There was an error uploading your files"; } }else { exit(); } }else { echo "Invalid file"; } } } }else { echo "Only 10 images can be uploaded at a time!"; } }
  9. That's why I had getimagesize() too but I'm not sure if you can trust that one either from what I've been reading. I've changed a section of my code to this: header('Content-Type: application/json'); $uploaded = array(); if(!empty($_FILES['file']['name'][0])) { $allowedExts = array("gif", "jpeg", "pjpeg", "x-png", "jpg", "png"); foreach ($_FILES['file']['tmp_name'] as $k => $v) { $name = $_FILES['file']['name'][$k]; $type = $_FILES['file']['type'][$k]; $error = $_FILES["file"]["error"][$k]; $size = $_FILES["file"]["size"][$k]; $tempDir = $_FILES["file"]["tmp_name"][$k]; $lowerName = strtolower($name); $temp = explode(".", $lowerName); $extension = end($temp); $finfo = finfo_open(FILEINFO_MIME_TYPE); $fileType = finfo_file($finfo, $tempDir); finfo_close($finfo); if ((($fileType == "image/gif") || ($fileType == "image/jpeg") || ($fileType == "image/jpg") || ($fileType == "image/pjpeg") || ($fileType == "image/x-png") || ($fileType == "image/png")) && ($size < 20000) && in_array($extension, $allowedExts)) { if ($error > 0) { echo "Return Code: " . $error . "<br>"; } else { $imageInfo = getimagesize($tempDir); if($imageInfo['mime'] != 'image/gif' && $imageInfo['mime'] != 'image/jpeg' && $imageInfo['mime'] != 'image/jpg' && $imageInfo['mime'] != 'image/pjpeg' && $imageInfo['mime'] != 'image/x-png' && $imageInfo['mime'] != 'image/png') { echo 'Sorry we only accept GIF, JPEG, JPG, PJPEG, X-PNG, PNG image files!'; }else { switch($fileType) { case 'image/gif': $newName = md5(uniqid()). '.' .time(). '.gif'; break; case 'image/jpeg': $newName = md5(uniqid()). '.' .time(). '.jpeg'; break; case 'image/jpg': $newName = md5(uniqid()). '.' .time(). '.jpg'; break; case 'image/pjpeg': $newName = md5(uniqid()). '.' .time(). '.pjpeg'; break; case 'image/x-png': $newName = md5(uniqid()). '.' .time(). '.x-png'; break; case 'image/png': $newName = md5(uniqid()). '.' .time(). '.png'; break; }
  10. I'm new to programming so take it easy on me but I wrote this script for php and it's not complete yet but I could use some advice on file upload security. Besides recreating the image, checking token/request and setting apache settings what else can I do to secure this application. Here's my code: header('Content-Type: application/json'); $uploaded = array(); if(!empty($_FILES['file']['name'][0])) { $allowedExts = array("gif", "jpeg", "pjpeg", "x-png", "jpg", "png"); foreach ($_FILES['file']['tmp_name'] as $k => $v) { $name = $_FILES['file']['name'][$k]; $type = $_FILES['file']['type'][$k]; $error = $_FILES["file"]["error"][$k]; $size = $_FILES["file"]["size"][$k]; $tempDir = $_FILES["file"]["tmp_name"][$k]; $lowerName = strtolower($name); $temp = explode(".", $lowerName); $extension = end($temp); if ((($type == "image/gif") || ($type == "image/jpeg") || ($type == "image/jpg") || ($type == "image/pjpeg") || ($type == "image/x-png") || ($type == "image/png")) && ($size < 20000) && in_array($extension, $allowedExts)) { if ($error > 0) { echo "Return Code: " . $error . "<br>"; } else { $imageInfo = getimagesize($tempDir); if($imageInfo['mime'] != 'image/gif' && $imageInfo['mime'] != 'image/jpeg' && $imageInfo['mime'] != 'image/jpg' && $imageInfo['mime'] != 'image/pjpeg' && $imageInfo['mime'] != 'image/x-png' && $imageInfo['mime'] != 'image/png') { echo 'Sorry we only accept GIF, JPEG, JPG, PJPEG, X-PNG, PNG image files!'; }else { switch($type) { case 'image/gif': $newName = md5(uniqid()). '.' .time(). '.gif'; break; case 'image/jpeg': $newName = md5(uniqid()). '.' .time(). '.jpeg'; break; case 'image/jpg': $newName = md5(uniqid()). '.' .time(). '.jpg'; break; case 'image/pjpeg': $newName = md5(uniqid()). '.' .time(). '.pjpeg'; break; case 'image/x-png': $newName = md5(uniqid()). '.' .time(). '.x-png'; break; case 'image/png': $newName = md5(uniqid()). '.' .time(). '.png'; break; } if (file_exists('images/' .Session::get(Config::get('session/session_name')). '/' .$newName)) { echo escape($name) . " already exists. "; } else { if(move_uploaded_file($tempDir, 'images/' .Session::get(Config::get('session/session_name')). '/' .$newName)) { $uploaded[] = array( 'name' => $name, 'file' => 'images/' .Session::get(Config::get('session/session_name')). '/' .$newName ); } } } } } else { echo 'Sorry we only accept GIF, JPEG, JPG, PJPEG, X-PNG, PNG image files!'; } } } I've been researching apache Mod_mime but can't find enough info to wrap my mind around it.
  11. First of all I wouldn't use that code in production since it is unsafe. The problem with your code is that it is comparing both POSTS to the sql query statement and not the column for one and also you are using fetch array wrong.
  12. Thanks for the advice. I was actually able to get it to work after a fresh install of xampp so I must have corrupted mysql when I was messing around with a .ini file or shell. I'm doing all my development on the shared computer with the wife so I was running xampp on windows even though I'm running a dual boot computer...the wife hates linux so she always loads windows when she gets on so its a headache to restart it all the time.
  13. Hello, I could really use a hand transferring my database off of an external hard drive onto a new drive after my os crashed. I'm running xampp with php 5.5 and my database is password protected so I need to be able to reset that too. Everything i have tried has not worked and now mysql can't be found so I have to do a new install. My database engine is innoDB. Sorry I'm new to programming and was running phpmyadmin so I don't quite understand getting shell commands to work since now mysql can't be found...
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.