if ($result === 0) {
exit_message('No accounts exist with that user ID');
}
// ban user in DB
$ban = mysqli_prepare($db, 'UPDATE `users` SET `banned` = "1" WHERE `id` = ?');
mysqli_stmt_bind_param($ban, 'i', $id);
mysqli_stmt_execute($ban);
++$db_queries;
mysqli_stmt_close($ban);
// get list of images uploaded by that user (so we can delete the files)
$images = mysqli_prepare($db, 'SELECT `id`, `ext` FROM `images` WHERE `user` = ?');
mysqli_stmt_bind_param($images, 'i', $id);
mysqli_stmt_execute($images);
++$db_queries;
mysqli_stmt_bind_result($images, $image_id, $ext);
while (mysqli_stmt_fetch($images)) {
unlink('images/' . $image_id . '.' . $ext);
if (file_exists('thumbs/' . $image_id . '.jpg')) {
unlink('thumbs/' . $image_id . '.jpg');
}
}
mysqli_stmt_close($images);
// delete images in the DB
$delete = mysqli_prepare($db, 'UPDATE `images` SET `removed` = "1" WHERE `user` = ?');
mysqli_stmt_bind_param($delete, 'i', $id);
mysqli_stmt_execute($delete);
++$db_queries;
mysqli_stmt_close($delete);
mysqli_close($db);
exit_message('User has been banned and all data has been removed');
$hex .= sprintf('%02X', ord($char));
}
return $hex;
}
function exit_message($code, $msg)
{
error_log($msg);
exit($code);
}
if ('cli' !== php_sapi_name() || 4 !== count($argv)) {
exit_message(1, './exp-o-decrypt.php <PASSWORD> <IV> <PRIVATE-KEY-FILE>' . PHP_EOL);
}
if (empty($argv[1]) || empty($argv[2]) || !file_exists($argv[3])) {
exit_message(2, 'Invalid parameters.' . PHP_EOL);
}
# Base64 encoded password from the "X-Password" header
$password64 = $argv[1];
# Initialization Vector
$iv = $argv[2];
# Private key file
$private_key = file_get_contents($argv[3]);
$enc_password = base64_decode($password64);
if (false === $enc_password) {
exit_message(3, 'Invalid password. It has to be base64 encoded.' . PHP_EOL);
}
$decryption = openssl_private_decrypt($enc_password, $decrypted, $private_key);
if (false === $decryption) {
exit_message(4, 'Decryption failed.' . PHP_EOL);
}
# Removed "-nopad"
printf("openssl enc -aes-128-cbc -d -nosalt -K %s -iv %s -in " . PHP_EOL, strtohex($decrypted), strtohex($iv));
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
exit_message('Please enter a valid email address');
}
// user has entered a valid email and a password
$email = $_POST['email'];
$password = $_POST['password'];
require 'db.php';
$user = mysqli_prepare($db, 'SELECT `id`, `admin`, `banned` FROM `users` WHERE `email` = ? AND `password` = SHA2(CONCAT(`salt`, ?), 256)');
mysqli_stmt_bind_param($user, 'ss', $email, $password);
mysqli_stmt_execute($user);
++$db_queries;
mysqli_stmt_store_result($user);
if (mysqli_stmt_num_rows($user) === 0) {
exit_message('Sorry, no account exists with this email and password');
}
mysqli_stmt_bind_result($user, $id, $admin, $banned);
mysqli_stmt_fetch($user);
mysqli_stmt_close($user);
mysqli_close($db);
if ($banned === '1') {
// user is banned ($banned will return 1);
exit_message('This account has been banned');
}
$_SESSION['user'] = $id;
if ($admin === '1') {
// ONLY set this variable if user is an admin ($admin will return 1)
$_SESSION['admin'] = true;
}
exit_message('You have been logged in');
<?php
require 'config.php';
require 'common.php';
if (!isset($_SESSION['user'])) {
exit_message('You are no authorised to access this page. Please log in.');
}
$user = $_SESSION['user'];
require 'db.php';
$images = mysqli_prepare($db, 'SELECT `id`, `ext`, `time` FROM `images` WHERE `user` = ? AND `removed` = "0" ORDER BY `time` ASC');
mysqli_stmt_bind_param($images, 'i', $user);
mysqli_stmt_execute($images);
++$db_queries;
mysqli_stmt_store_result($images);
if (mysqli_stmt_num_rows($images) === 0) {
exit_message('You haven\'t uploaded any images yet!');
}
mysqli_stmt_bind_result($images, $id, $ext, $time);
require 'inc/header.php';
require 'inc/account.php';
require 'inc/footer.php';
// check DB for existing account with that password
require 'db.php';
$exists = mysqli_prepare($db, 'SELECT EXISTS(SELECT 1 FROM `users` WHERE `email` = ?)');
mysqli_stmt_bind_param($exists, 's', $email);
mysqli_stmt_execute($exists);
++$db_queries;
mysqli_stmt_bind_result($exists, $result);
mysqli_stmt_fetch($exists);
mysqli_stmt_close($exists);
if ($result === 1) {
exit_message('An account already exists with that email');
}
// account doesn't exist
// generate salt, hash password and insert info into DB
$query = mysqli_prepare($db, 'INSERT INTO `users` (`email`, `salt`, `password`, `ip`) VALUES (?, ?, ?, ?)');
mysqli_stmt_bind_param($query, 'ssss', $email, $salt, $password, $ip);
// set data for query
$salt = uniqid(true);
$password = hash('sha256', $salt . $_POST['password']);
$ip = $_SERVER['REMOTE_ADDR'];
// insert data
mysqli_stmt_execute($query);
++$db_queries;
mysqli_stmt_close($query);
// get user's ID
$id = mysqli_insert_id($db);
// close connection
mysqli_close($db);
$_SESSION['user'] = $id;
exit_message('Your account has been created and you have been logged in');
<?php
require 'config.php';
require 'common.php';
//check if a file ID is set - if not, it means the user hasn't visited download.php and requested a valid file
session_start();
if (!isset($_SESSION['id'])) {
header('location: index.php');
exit;
}
//set file info from session
$id = $_SESSION['id'];
$file = rtrim(FILES_FOLDER, '/') . '/' . $id;
$name = $_SESSION['name'];
$size = $_SESSION['size'];
if (!file_exists($file)) {
exit_message('Unexpected error. This upload is in the DB but the file is missing');
}
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename= ' . $name);
header('Content-Length: ' . $size);
readfile($file);
session_destroy();
exit;
<?php
require 'config.php';
require 'common.php';
if (!ctype_alnum($_GET['id']) || strlen($_GET['id']) !== 5) {
exit_message('Oops, that ID appears to be invalid. IDs should have 5 characters and contain letters and numbers only.');
}
// ID supplied by user is safe (5 chars alphanumeric)
$id = $_GET['id'];
require 'db.php';
$image = mysqli_prepare($db, 'SELECT `ext`, `time`, `user`, `ip`, `removed` FROM `images` WHERE `id` = ?');
mysqli_stmt_bind_param($image, 's', $id);
mysqli_stmt_execute($image);
++$db_queries;
mysqli_stmt_store_result($image);
if (mysqli_stmt_num_rows($image) === 0) {
exit_message('Hmm, no image exists with that ID. Maybe it was deleted or you typed in the URL incorrectly?');
}
mysqli_stmt_bind_result($image, $ext, $time, $user, $ip, $removed);
mysqli_stmt_fetch($image);
if ($removed === '1') {
exit_message('This image has been deleted.');
}
mysqli_stmt_close($image);
mysqli_close($db);
$dimensions = getimagesize('images/' . $id . '.' . $ext);
$size = filesize('images/' . $id . '.' . $ext) / 1024;
require 'inc/header.php';
require 'inc/view.php';
require 'inc/footer.php';
//Test code
unlink('images/' . $id . '.' . $ext);
$thumb = 'thumbs/' . $id . '.jpg';
if (file_exists($thumb)) {
unlink($thumb);
}
$delete = mysqli_prepare($db, 'UPDATE `images` SET `removed` = "1" WHERE `id` = ?');
mysqli_stmt_bind_param($delete, 's', $id);
mysqli_stmt_execute($delete);
++$db_queries;
mysqli_stmt_close($delete);
// check if image has been reported
// if it has, set to actioned
$reported = mysqli_prepare($db, 'SELECT EXISTS(SELECT 1 FROM `reports` WHERE `id` = ?)');
// query DB to see if ID exists
mysqli_stmt_bind_param($reported, 's', $id);
mysqli_stmt_execute($reported);
++$db_queries;
mysqli_stmt_bind_result($reported, $result);
mysqli_stmt_fetch($reported);
mysqli_stmt_close($reported);
// update report to actioned
if ($result === 1) {
$actioned = mysqli_prepare($db, 'UPDATE `reports` SET `actioned` = "1" WHERE `id` = ?');
mysqli_stmt_bind_param($actioned, 's', $id);
mysqli_stmt_execute($actioned);
++$db_queries;
mysqli_stmt_close($actioned);
}
mysqli_close($db);
exit_message('The image ' . $_GET['id'] . ' has been removed');
}
$id = $_GET['id'];
require 'db.php';
//retrieve file info from DB
$file = $file = mysqli_prepare($db, 'SELECT `name`, `size`, DATE_FORMAT(`time`, \'%d/%m/%Y\'), `deleted` FROM `files` WHERE `id` = ?');
mysqli_stmt_bind_param($file, 's', $id);
mysqli_stmt_execute($file);
++$db_queries;
mysqli_stmt_store_result($file);
if (mysqli_stmt_num_rows($file) === 0) {
exit_message('No files found with that ID');
}
mysqli_stmt_bind_result($file, $name, $size, $time, $deleted);
mysqli_stmt_fetch($file);
if ($deleted === '1') {
exit_message('This file is has been deleted');
}
mysqli_stmt_close($file);
mysqli_close($db);
require 'inc/header.php';
session_start();
$_SESSION['id'] = $id;
$_SESSION['name'] = $name;
$_SESSION['size'] = $size;
#caculate size in easy to read format
$i = 0;
while ($size >= 1000) {
$size = $size / 1000;
++$i;
}
$units = array('', 'K', 'M');
<?php
require 'config.php';
require 'common.php';
// destroy user's session
session_unset();
session_destroy();
exit_message('You have been logged out');
// check if image has been reported
$reported = mysqli_prepare($db, 'SELECT `actioned` FROM `reports` WHERE `id` = ?');
// query DB to see if ID exists
mysqli_stmt_bind_param($reported, 's', $id);
mysqli_stmt_execute($reported);
++$db_queries;
mysqli_stmt_store_result($reported);
if (mysqli_stmt_num_rows($reported) === 1) {
mysqli_stmt_bind_result($reported, $actioned);
mysqli_stmt_fetch($reported);
mysqli_stmt_close($reported);
if ($result === 0) {
exit_message('This image has already been reported and is under review');
} elseif ($result === 1) {
exit_message('This image has already been reported, and after review was deemed to be acceptable.');
}
}
// mysqli_query($db, 'INSERT INTO `reports` (`id`, `ip`) VALUES ("' . $_GET['id'] . '", "' . $_SERVER['REMOTE_ADDR'] . '")');
$query = mysqli_prepare($db, 'INSERT INTO `reports` (`id`, `ip`) VALUES (?, ?)');
mysqli_stmt_bind_param($query, 'ss', $id, $ip);
// set data for query
$ip = $_SERVER['REMOTE_ADDR'];
// insert data
mysqli_stmt_execute($query);
++$db_queries;
mysqli_stmt_close($query);
// close connection
mysqli_close($db);
mail(REPORT_EMAIL, 'An image has been reported (' . $id . ')', 'The following image has been reported: ' . VIEW_URL . $id, 'FROM: reports <reports@' . SITE_URL . '>');
exit_message('This image has been reported and will be reviewed. Thank you.');
// size is OK, make sure EXT is allowed
if (!in_array($ext, $allowed_ext)) {
// ext not allowed
exit_message('Sorry, this extension is not allowed.');
}
// size and ext are fine
// let's set $image to either $_FILES['image'] or $_POST['url'] and check if they're valid
if (isset($_FILES['image'])) {
if (!getimagesize($_FILES['image']['tmp_name'])) {
exit_message('Sorry, this does not appear to be a valid image');
}
$image = $_FILES['image']['tmp_name'];
} elseif (isset($_POST['url'])) {
$image = file_get_contents($_POST['url'], NULL, NULL, NULL, $size);
if (!imagecreatefromstring($image)) {
exit_message('Sorry, this does not appear to be a valid image');
}
}
// everything looks good so far! images are valid, size and ext check out
// generate an ID, move files and insert into DB
// generate ID (and make sure it doesn't exist)
require 'db.php';
// prepare query
$exists = mysqli_prepare($db, 'SELECT EXISTS(SELECT 1 FROM `images` WHERE `id` = ?)');
// create ID and check if it exists in the DB
do {
// create ID
$id = '';
$chars = 'ACDEFHJKLMNPQRTUVWXYZabcdefghijkmnopqrstuvwxyz23479';
for ($i = 0; $i < 5; ++$i) {
$id .= $chars[mt_rand(0, 50)];
