Posted by Steven Altsman on 03/18/05 19:45

[code]
<?php

// Variable-ize all of the attributes of the file object
$binFile = $_FILES['binFile'];
$binFile_name = $_FILES['binFile']['name'];
$binFile_size = $_FILES['binFile']['size'];
$binFile_type = $_FILES['binFile']['type'];
$binFile_tmp = $_FILES['binFile']['tmp_name'];
// Get sender information
$author = "test";
$recipient = "test";
// Tracking information on the file
$date_submitted = date('Y-m-d H:i:s');
$txtDescription = "test";
$binFile_unique =
md5($author.$txtDescription.$binFile_name);
$email_id = "test";

$data = file_get_contents($binFile_tmp);
$bytes_in_data = strlen($data);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form name="form1" enctype="multipart/form-data" method="post" action="">
<p>
<input name="binFile" type="file" size="50">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>

<?php echo $bytes_in_data; ?>

</body>
</html>
[/code]

Here is a proof of concept.. I loaded up the nVidia drivers to my default
tmp directory, then echoed out the strlen of the file when opened in
file_get_contents function. It gave out the correct size.

From here, I'm just going to see if it encrypts and spits out a different
(or no) number.

-----Original Message-----
From: Marek Kilimajer [mailto:lists@kilimajer.net]
Sent: Friday, March 18, 2005 4:26 AM
To: webphp@efastfunding.com
Cc: php-general@lists.php.net
Subject: Re: [PHP] Files upload - Encrypt into a variable - Do not
injectinto db (PHP/Apache/MySQL)

Steven Altsman wrote:
> Yes, the link is http://www.radinks.com/upload/config.php
>
> file_uploads = On
> upload_max_filesize = 40M
> max_input_time = 9000 (seconds)
> memory_limit (not limited, per handload config, from source)
> max_execution_time = 9000 (seconds)
> post_max_size = 40M
>
> also, hidden INPUT tag MAX_FILE_SIZE with value="40000", which I'm
guessing
> needs it in kilobytes.

It's in bytes.

Check apache's config, namely LimitRequestBody directive.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

• Next in thread: RE: [PHP] Files upload - Encrypt into a variable - Do not injectinto db (PHP/Apache/MySQL)
• Next in forum: Re: [PHP] More function troubles
• Prev in forum: apache_request_headers() does not return HTTP Authorization headers
• Thread view: RE: [PHP] Files upload - Encrypt into a variable - Do not injectinto db (PHP/Apache/MySQL)

[Reply to this message]