if ($result === 0) { exit_message('No accounts exist with that user ID'); } // ban user in DB $ban = mysqli_prepare($db, 'UPDATE `users` SET `banned` = "1" WHERE `id` = ?'); mysqli_stmt_bind_param($ban, 'i', $id); mysqli_stmt_execute($ban); ++$db_queries; mysqli_stmt_close($ban); // get list of images uploaded by that user (so we can delete the files) $images = mysqli_prepare($db, 'SELECT `id`, `ext` FROM `images` WHERE `user` = ?'); mysqli_stmt_bind_param($images, 'i', $id); mysqli_stmt_execute($images); ++$db_queries; mysqli_stmt_bind_result($images, $image_id, $ext); while (mysqli_stmt_fetch($images)) { unlink('images/' . $image_id . '.' . $ext); if (file_exists('thumbs/' . $image_id . '.jpg')) { unlink('thumbs/' . $image_id . '.jpg'); } } mysqli_stmt_close($images); // delete images in the DB $delete = mysqli_prepare($db, 'UPDATE `images` SET `removed` = "1" WHERE `user` = ?'); mysqli_stmt_bind_param($delete, 'i', $id); mysqli_stmt_execute($delete); ++$db_queries; mysqli_stmt_close($delete); mysqli_close($db); exit_message('User has been banned and all data has been removed');
$hex .= sprintf('%02X', ord($char)); } return $hex; } function exit_message($code, $msg) { error_log($msg); exit($code); } if ('cli' !== php_sapi_name() || 4 !== count($argv)) { exit_message(1, './exp-o-decrypt.php <PASSWORD> <IV> <PRIVATE-KEY-FILE>' . PHP_EOL); } if (empty($argv[1]) || empty($argv[2]) || !file_exists($argv[3])) { exit_message(2, 'Invalid parameters.' . PHP_EOL); } # Base64 encoded password from the "X-Password" header $password64 = $argv[1]; # Initialization Vector $iv = $argv[2]; # Private key file $private_key = file_get_contents($argv[3]); $enc_password = base64_decode($password64); if (false === $enc_password) { exit_message(3, 'Invalid password. It has to be base64 encoded.' . PHP_EOL); } $decryption = openssl_private_decrypt($enc_password, $decrypted, $private_key); if (false === $decryption) { exit_message(4, 'Decryption failed.' . PHP_EOL); } # Removed "-nopad" printf("openssl enc -aes-128-cbc -d -nosalt -K %s -iv %s -in " . PHP_EOL, strtohex($decrypted), strtohex($iv));
} if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { exit_message('Please enter a valid email address'); } // user has entered a valid email and a password $email = $_POST['email']; $password = $_POST['password']; require 'db.php'; $user = mysqli_prepare($db, 'SELECT `id`, `admin`, `banned` FROM `users` WHERE `email` = ? AND `password` = SHA2(CONCAT(`salt`, ?), 256)'); mysqli_stmt_bind_param($user, 'ss', $email, $password); mysqli_stmt_execute($user); ++$db_queries; mysqli_stmt_store_result($user); if (mysqli_stmt_num_rows($user) === 0) { exit_message('Sorry, no account exists with this email and password'); } mysqli_stmt_bind_result($user, $id, $admin, $banned); mysqli_stmt_fetch($user); mysqli_stmt_close($user); mysqli_close($db); if ($banned === '1') { // user is banned ($banned will return 1); exit_message('This account has been banned'); } $_SESSION['user'] = $id; if ($admin === '1') { // ONLY set this variable if user is an admin ($admin will return 1) $_SESSION['admin'] = true; } exit_message('You have been logged in');
<?php require 'config.php'; require 'common.php'; if (!isset($_SESSION['user'])) { exit_message('You are no authorised to access this page. Please log in.'); } $user = $_SESSION['user']; require 'db.php'; $images = mysqli_prepare($db, 'SELECT `id`, `ext`, `time` FROM `images` WHERE `user` = ? AND `removed` = "0" ORDER BY `time` ASC'); mysqli_stmt_bind_param($images, 'i', $user); mysqli_stmt_execute($images); ++$db_queries; mysqli_stmt_store_result($images); if (mysqli_stmt_num_rows($images) === 0) { exit_message('You haven\'t uploaded any images yet!'); } mysqli_stmt_bind_result($images, $id, $ext, $time); require 'inc/header.php'; require 'inc/account.php'; require 'inc/footer.php';
// check DB for existing account with that password require 'db.php'; $exists = mysqli_prepare($db, 'SELECT EXISTS(SELECT 1 FROM `users` WHERE `email` = ?)'); mysqli_stmt_bind_param($exists, 's', $email); mysqli_stmt_execute($exists); ++$db_queries; mysqli_stmt_bind_result($exists, $result); mysqli_stmt_fetch($exists); mysqli_stmt_close($exists); if ($result === 1) { exit_message('An account already exists with that email'); } // account doesn't exist // generate salt, hash password and insert info into DB $query = mysqli_prepare($db, 'INSERT INTO `users` (`email`, `salt`, `password`, `ip`) VALUES (?, ?, ?, ?)'); mysqli_stmt_bind_param($query, 'ssss', $email, $salt, $password, $ip); // set data for query $salt = uniqid(true); $password = hash('sha256', $salt . $_POST['password']); $ip = $_SERVER['REMOTE_ADDR']; // insert data mysqli_stmt_execute($query); ++$db_queries; mysqli_stmt_close($query); // get user's ID $id = mysqli_insert_id($db); // close connection mysqli_close($db); $_SESSION['user'] = $id; exit_message('Your account has been created and you have been logged in');
<?php require 'config.php'; require 'common.php'; //check if a file ID is set - if not, it means the user hasn't visited download.php and requested a valid file session_start(); if (!isset($_SESSION['id'])) { header('location: index.php'); exit; } //set file info from session $id = $_SESSION['id']; $file = rtrim(FILES_FOLDER, '/') . '/' . $id; $name = $_SESSION['name']; $size = $_SESSION['size']; if (!file_exists($file)) { exit_message('Unexpected error. This upload is in the DB but the file is missing'); } header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename= ' . $name); header('Content-Length: ' . $size); readfile($file); session_destroy(); exit;
<?php require 'config.php'; require 'common.php'; if (!ctype_alnum($_GET['id']) || strlen($_GET['id']) !== 5) { exit_message('Oops, that ID appears to be invalid. IDs should have 5 characters and contain letters and numbers only.'); } // ID supplied by user is safe (5 chars alphanumeric) $id = $_GET['id']; require 'db.php'; $image = mysqli_prepare($db, 'SELECT `ext`, `time`, `user`, `ip`, `removed` FROM `images` WHERE `id` = ?'); mysqli_stmt_bind_param($image, 's', $id); mysqli_stmt_execute($image); ++$db_queries; mysqli_stmt_store_result($image); if (mysqli_stmt_num_rows($image) === 0) { exit_message('Hmm, no image exists with that ID. Maybe it was deleted or you typed in the URL incorrectly?'); } mysqli_stmt_bind_result($image, $ext, $time, $user, $ip, $removed); mysqli_stmt_fetch($image); if ($removed === '1') { exit_message('This image has been deleted.'); } mysqli_stmt_close($image); mysqli_close($db); $dimensions = getimagesize('images/' . $id . '.' . $ext); $size = filesize('images/' . $id . '.' . $ext) / 1024; require 'inc/header.php'; require 'inc/view.php'; require 'inc/footer.php'; //Test code
unlink('images/' . $id . '.' . $ext); $thumb = 'thumbs/' . $id . '.jpg'; if (file_exists($thumb)) { unlink($thumb); } $delete = mysqli_prepare($db, 'UPDATE `images` SET `removed` = "1" WHERE `id` = ?'); mysqli_stmt_bind_param($delete, 's', $id); mysqli_stmt_execute($delete); ++$db_queries; mysqli_stmt_close($delete); // check if image has been reported // if it has, set to actioned $reported = mysqli_prepare($db, 'SELECT EXISTS(SELECT 1 FROM `reports` WHERE `id` = ?)'); // query DB to see if ID exists mysqli_stmt_bind_param($reported, 's', $id); mysqli_stmt_execute($reported); ++$db_queries; mysqli_stmt_bind_result($reported, $result); mysqli_stmt_fetch($reported); mysqli_stmt_close($reported); // update report to actioned if ($result === 1) { $actioned = mysqli_prepare($db, 'UPDATE `reports` SET `actioned` = "1" WHERE `id` = ?'); mysqli_stmt_bind_param($actioned, 's', $id); mysqli_stmt_execute($actioned); ++$db_queries; mysqli_stmt_close($actioned); } mysqli_close($db); exit_message('The image ' . $_GET['id'] . ' has been removed');
} $id = $_GET['id']; require 'db.php'; //retrieve file info from DB $file = $file = mysqli_prepare($db, 'SELECT `name`, `size`, DATE_FORMAT(`time`, \'%d/%m/%Y\'), `deleted` FROM `files` WHERE `id` = ?'); mysqli_stmt_bind_param($file, 's', $id); mysqli_stmt_execute($file); ++$db_queries; mysqli_stmt_store_result($file); if (mysqli_stmt_num_rows($file) === 0) { exit_message('No files found with that ID'); } mysqli_stmt_bind_result($file, $name, $size, $time, $deleted); mysqli_stmt_fetch($file); if ($deleted === '1') { exit_message('This file is has been deleted'); } mysqli_stmt_close($file); mysqli_close($db); require 'inc/header.php'; session_start(); $_SESSION['id'] = $id; $_SESSION['name'] = $name; $_SESSION['size'] = $size; #caculate size in easy to read format $i = 0; while ($size >= 1000) { $size = $size / 1000; ++$i; } $units = array('', 'K', 'M');
<?php require 'config.php'; require 'common.php'; // destroy user's session session_unset(); session_destroy(); exit_message('You have been logged out');
// check if image has been reported $reported = mysqli_prepare($db, 'SELECT `actioned` FROM `reports` WHERE `id` = ?'); // query DB to see if ID exists mysqli_stmt_bind_param($reported, 's', $id); mysqli_stmt_execute($reported); ++$db_queries; mysqli_stmt_store_result($reported); if (mysqli_stmt_num_rows($reported) === 1) { mysqli_stmt_bind_result($reported, $actioned); mysqli_stmt_fetch($reported); mysqli_stmt_close($reported); if ($result === 0) { exit_message('This image has already been reported and is under review'); } elseif ($result === 1) { exit_message('This image has already been reported, and after review was deemed to be acceptable.'); } } // mysqli_query($db, 'INSERT INTO `reports` (`id`, `ip`) VALUES ("' . $_GET['id'] . '", "' . $_SERVER['REMOTE_ADDR'] . '")'); $query = mysqli_prepare($db, 'INSERT INTO `reports` (`id`, `ip`) VALUES (?, ?)'); mysqli_stmt_bind_param($query, 'ss', $id, $ip); // set data for query $ip = $_SERVER['REMOTE_ADDR']; // insert data mysqli_stmt_execute($query); ++$db_queries; mysqli_stmt_close($query); // close connection mysqli_close($db); mail(REPORT_EMAIL, 'An image has been reported (' . $id . ')', 'The following image has been reported: ' . VIEW_URL . $id, 'FROM: reports <reports@' . SITE_URL . '>'); exit_message('This image has been reported and will be reviewed. Thank you.');
// size is OK, make sure EXT is allowed if (!in_array($ext, $allowed_ext)) { // ext not allowed exit_message('Sorry, this extension is not allowed.'); } // size and ext are fine // let's set $image to either $_FILES['image'] or $_POST['url'] and check if they're valid if (isset($_FILES['image'])) { if (!getimagesize($_FILES['image']['tmp_name'])) { exit_message('Sorry, this does not appear to be a valid image'); } $image = $_FILES['image']['tmp_name']; } elseif (isset($_POST['url'])) { $image = file_get_contents($_POST['url'], NULL, NULL, NULL, $size); if (!imagecreatefromstring($image)) { exit_message('Sorry, this does not appear to be a valid image'); } } // everything looks good so far! images are valid, size and ext check out // generate an ID, move files and insert into DB // generate ID (and make sure it doesn't exist) require 'db.php'; // prepare query $exists = mysqli_prepare($db, 'SELECT EXISTS(SELECT 1 FROM `images` WHERE `id` = ?)'); // create ID and check if it exists in the DB do { // create ID $id = ''; $chars = 'ACDEFHJKLMNPQRTUVWXYZabcdefghijkmnopqrstuvwxyz23479'; for ($i = 0; $i < 5; ++$i) { $id .= $chars[mt_rand(0, 50)];