Is this uploader safe ?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Is this uploader safe ?

    Hi to all, i wanna know if this upload.php is safe from hacking.

    Code:
    <?php
    
    include("./architecture/connect.php");
    include("./architecture/functions.php");
    
    if(isset($_POST['title']))
    {
    
    
    $title=checkerr(mysql_real_escape_string($_POST['title']));
    
    $filename = preg_replace('/[\p{Z}\s]{2,}/u', ' ', $title);
    $filename = str_replace(" ", "_", $filename);
    $filename = preg_replace("/[^A-Za-z0-9_]/","",$filename);
    $filename = str_replace("_", "-", $filename);
    $filename=strtolower($filename);
    
    $wexten = getFileExtension($_FILES['foto']['name']);
    
    $type = $_FILES['foto']['type'];
    
      if(!strcmp("image/jpg",$type) || !strcmp("image/jpeg",$type) || !strcmp("image/pjpeg",$type))
    	{
          	  $type = "image/jpeg";
    	}
       else if(!strcmp("image/png",$type))
    	{
          	  $type = "image/png";
    	}
       else if(!strcmp("image/gif",$type))
    	{
          	  $type = "image/gif";
    	}
       else
    	{
    
    	$url = constructLink("submit",$property['apache']);
    	$url = $url."?msg=2";
    	echo("<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$url\">");
    	
    	}
    
    $images = mysql_query("SELECT * FROM approve ORDER BY id DESC");
    if(mysql_num_rows($images) > 0)
    {
    
    $approval = mysql_fetch_array($images);
    $id = $approval['id'] + 1;
    }
    else
    {
    $id = 1;
    
    }
    
    $target = "./tempimg/".$filename."-".$id.".".$wexten;
    
    if(isset($_POST['source']))
    {
    $source = checkerr(mysql_real_escape_string($_POST['source']));
    }
    else
    {
    $source = "Unknown";
    }
    
    $date = date(time());
    
    mysql_query("INSERT INTO approve (id, title,filename,ext, source,date,type) VALUES ('$id', '$title', '$filename', '$wexten', '$source', '$date', '$type')") or die("Error!");
    
    
    if(move_uploaded_file($_FILES['foto']['tmp_name'], $target))
    {
    $url = constructLink("index",$property['apache']);
    $url = $url."?msg=1";
    echo("<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$url\">");
    
    }
    else {
    
    $url = constructLink("submit",$property['apache']);
    $url = $url."?msg=2";
    echo("<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$url\">");
    
    }
    
    
    }
    else
    {
    $url = constructLink("submit",$property['apache']);
    $url = $url."?msg=2";
    echo("<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$url\">");
    }
    
    ?>

    Waiting for a post. Thank you.

    #2
    So what so clean uploader but it still can crack it..

    Remove php word..

    Replace with -(try)- so you know
    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
    Visit: WapMasterz Coming Back Soon!
    _______
    SCRIPTS FOR SALE BY SUBZERO
    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
    _______
    Info & Tips
    php.net
    w3schools.com

    Comment


      #3
      Originally posted by subzero View Post
      So what so clean uploader but it still can crack it..

      Remove php word..

      Replace with -(try)- so you know
      Hi,
      thank you for replying. But i actually didn't understand what you meant to say. What php word i should replace and with what word should i replace it. Because i can really figure out how someone can crack this.

      Please give me a more detailed answer. Thank you.

      Comment


        #4
        there's no safe uploader unless you save it in your database, like vbulletin.. if you want to secure it, configure your host with htaccess

        http://wapx.amob.com
        Applications, Games, Wallpapers, Ringtones, Videos, Themes, Screensaver and More!!!

        Comment

        Working...
        X