Jump to content

Bug Test

rotoxis

By rotoxis
in PHP Coding Help

 Share

Recommended Posts

rotoxis Newbie

rotoxis

Posted
Posted 

<?
error_reporting(7);
$max_file_size="1024";
$max_combined_size="2048";
$file_uploads="2";
$websitename="Security Test.";
$random_name=true;
$allow_types=array("jpg","gif","png");
$folder="./uploads/";
$full_url="http://www.url.info/uploads/";
$fullpath="";
$password=""; 


$password_md5=md5($password);

If($password) {
    If($_POST['verify_password']==true) {
        If(md5($_POST['check_password'])==$password_md5) {
            setcookie("phUploader",$password_md5,time()+86400);
            sleep(1); 
            header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
            exit;
            
        }
    }
}

$password_form="";
If($password) {
    If($_COOKIE['phUploader']!=$password_md5) {
        $password_form="<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n";
        $password_form.="<table align=\"center\" class=\"table\">\n";
        $password_form.="<tr>\n";
        $password_form.="<td width=\"100%\" class=\"table_header\" colspan=\"2\">Password Required</td>\n";
        $password_form.="</tr>\n";
        $password_form.="<tr>\n";
        $password_form.="<td width=\"35%\" class=\"table_body\">Enter Password:</td>\n";
        $password_form.="<td width=\"65%\" class=\"table_body\"><input type=\"password\" name=\"check_password\" /></td>\n";
        $password_form.="</tr>\n";
        $password_form.="<td colspan=\"2\" align=\"center\" class=\"table_body\">\n";
        $password_form.="<input type=\"hidden\" name=\"verify_password\" value=\"true\">\n";
        $password_form.="<input type=\"submit\" value=\" Verify Password \" />\n";
        $password_form.="</td>\n";
        $password_form.="</tr>\n";
        $password_form.="</table>\n";
        $password_form.="</form>\n";
    }
}

function get_ext($key) { 
    $key=strtolower(substr(strrchr($key, "."), 1));
    $key=str_replace("jpeg","jpg",$key);
    return $key;
}

$ext_count=count($allow_types);
$i=0;
foreach($allow_types AS $extension) {
    
    
    If($i <= $ext_count-2) {
        $types .="*.".$extension.", ";
    } Else {
        $types .="*.".$extension;
    }
    $i++;
}
unset($i,$ext_count); 
$error="";
$display_message="";
$uploaded==false;


If($_POST['submit']==true AND !$password_form) {

    For($i=0; $i <= $file_uploads-1; $i++) {
                    
        If($_FILES['file']['name'][$i]) {
                        
            $ext=get_ext($_FILES['file']['name'][$i]);
            $size=$_FILES['file']['size'][$i];
            $max_bytes=$max_file_size*1024;
            
            
            If($random_name){
                $file_name[$i]=time()+rand(0,100000).".".$ext;
            } Else {
                $file_name[$i]=$_FILES['file']['name'][$i];
            }
            
           
                        
            If(!in_array($ext, $allow_types)) {
                            
                $error.= "Invalid extension for your file: ".$_FILES['file']['name'][$i].", only ".$types." are allowed.<br />Your file(s) were <b>not</b> uploaded.<br />";
                            
           
                            
            } Elseif($size > $max_bytes) {
                
                $error.= "Your file: ".$_FILES['file']['name'][$i]." is to big. Max file size is ".$max_file_size."kb.<br />Your file(s) were <b>not</b> uploaded.<br />";
                
               
            } Elseif(file_exists($folder.$file_name[$i])) {
                
                $error.= "The file: ".$_FILES['file']['name'][$i]." exists on this server, please rename your file.<br />Your file(s) were <b>not</b> uploaded.<br />";
                
            }
                        
        } 
    
    } 
                
    $total_size=array_sum($_FILES['file']['size']);
                  
    $max_combined_bytes=$max_combined_size*1024;
                
    If($total_size > $max_combined_bytes) {
        $error.="The max size allowed for all your files combined is ".$max_combined_size."kb<br />";
    }
        
    
    
    If($error) {
        
        $display_message=$error;
        
    } Else {
        
        
        For($i=0; $i <= $file_uploads-1; $i++) {
                
            If($_FILES['file']['name'][$i]) {
                
                If(@move_uploaded_file($_FILES['file']['tmp_name'][$i],$folder.$file_name[$i])) {
                    $uploaded=true;
                } Else {
                    $display_message.="Couldn't copy ".$file_name[$i]." to server, please make sure ".$folder." is chmod 777 and the path is correct.\n";
                }
            }
                
        } 
    } 
    
} 


?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Language" content="en-us" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title><?php echo $websitename; ?> - Powered By ?</title>

<style type="text/css">
    body{
        background-color:#FFFFFF;
        font-family: Verdana, Arial, sans-serif;
        font-size: 12pt;
        color: #000000;
    }
    
    .error_message{
        font-family: Verdana, Arial, sans-serif;
        font-size: 11pt;
        color: #FF0000;
    }
    
    .uploaded_message{
        font-family: Verdana, Arial, sans-serif;
        font-size: 11pt;
        color: #000000;
    }
    
    a:link{
        text-decoration:none;
        color: #000000;
    }
    a:visited{
        text-decoration:none;
        color: #000000;
    }
    a:hover{
        text-decoration:none;
        color: #000000;
    }
    
    
    .table {
        border-collapse:collapse;
        border:1px solid #000000;
        width:450px;
    }
    
    .table_header{
        border:1px solid #070707;
        background-color:#C03738;
        font-family: Verdana, Arial, sans-serif;
        font-size: 11pt;
        font-weight:bold;
        color: #FFFFFF;
        text-align:center;
        padding:2px;
    }
    
    .upload_info{
        border:1px solid #070707;
        background-color:#EBEBEB;
        font-family: Verdana, Arial, sans-serif;
        font-size: 8pt;
        color: #000000;
        padding:4px;
    }
    
    
    .table_body{
        border:1px solid #070707;
        background-color:#EBEBEB;
        font-family: Verdana, Arial, sans-serif;
        font-size: 10pt;
        color: #000000;
        padding:2px;
    }
    
    
    .table_footer{
        border:1px solid #070707;
        background-color:#C03738;
        text-align:center;
        padding:2px;
    }
    
    
    input,select,textarea {
        font-family: Verdana, Arial, sans-serif;
        font-size: 10pt;
        color: #000000;
        background-color:#AFAEAE;
        border:1px solid #000000;
    }
    
    .copyright {
        border:0px;
        font-family: Verdana, Arial, sans-serif;
        font-size: 9pt;
        color: #000000;
        text-align:right;
    }
    
    form{
        padding:0px;
        margin:0px;
    }
</style>

<?
If($password_form) {
    
    Echo $password_form;
    
} Elseif($uploaded==true) {?>

<table align="center"class="table">

    <tr>
        <td class="table_header" colspan="2"><b>Your file(s) have been uploaded!</b> </td>
    </tr>
    <tr>
    <td class="table_body">
    <br />
<?
For($i=0; $i <= $file_uploads-1; $i++) {
    
    If($_FILES['file']['name'][$i]) {
        $file=$i+1;
        
                Echo("<b>File #".$file.":</b> <a href=\"".$full_url.$file_name[$i]."\" target=\"_blank\">".$full_url.$file_name[$i]."</a><br /><br />\n");
    }
                
}

?>
<br />
<a href="<?=$_SERVER['PHP_SELF'];?>">Go Back</a>
<br />
</td>
</tr>
</table>

<?} Else {?>

<?If($display_message){?>
    <div align="center" class="error_message"><?=$display_message;?></div>
    <br />
<?}?>

<form action="<?=$_SERVER['PHP_SELF'];?>" method="post" enctype="multipart/form-data" name="phuploader">
<table align="center"class="table">

    <tr>
        <td class="table_header" colspan="2"><b><?=$websitename;?></b> </td>
    </tr>
    <tr>
        <td colspan="2" class="upload_info">
            <b>Allowed Types:</b> <?=$types?><br />
            <b>Max size per file:</b> <?=$max_file_size?>kb.<br />
            <b>Max size for all files combined:</b> <?=$max_combined_size?>kb.<br />
        </td>
    </tr>
    <?For($i=0;$i <= $file_uploads-1;$i++) {?>
        <tr>
            <td class="table_body" width="20%"><b>Select File:</b> </td>
            <td class="table_body" width="80%"><input type="file" name="file[]" size="30" /></td>
        </tr>
    <?}?>
    <tr>
        <td colspan="2" align="center" class="table_footer">
            <input type="hidden" name="submit" value="true" />
            <input type="submit" value=" Upload File(s) " />  
            <input type="reset" name="reset" value=" Reset Form " />
        </td>
    </tr>
</table>
</form>

<?}//Footer?>
<table width="703" align="center" class="table" style="border:0px;">
    <tr>
      <td width="695"><div class="copyright">©<a href="http://www.url.info" target="_blank" title="Security">Security Test</a></div></td>
    </tr>
</table>
</body>
</html>

 

 

Is that script 100% Secure ?

 

Thanks in Advanced

Link to comment
https://forums.phpfreaks.com/topic/159371-bug-test/
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

First off theirs no such thing as 100% secure,

 

I just quickly read the script and wrote some notes,

 

okay well the unless i missed something and providing your site is also secure it looks okay (a few things i would change)

heres my notes hope they help

 

storing the MD5 password in a cookie isn't a good idea,

Why not have a session thats just set to true

$_SESSION['allowUploads'] = true; //the the username or IP etc etc

 

also $_SERVER['PHP_SELF'] can be used to inject HTML

ie

mypage.php?a=<script>alert('hello');</script>

 

as for checking extensions, personally I use a MIME test as well!

 

try to use long php tags <?php instead of <? for portability

 

I don't like your random name idea

$file_name[$i]=time()+rand(0,100000).".".$ext;

Just say the random number is 60

then 55 seconds later someone gets a random number 5

So that i would change.

 

Link to comment
https://forums.phpfreaks.com/topic/159371-bug-test/#findComment-840628
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.