Reply to RE: [PHP] Files upload - Encrypt into a variable - Do not injectinto db (PHP/Apache/MySQL) — PHP

Posted by Steven Altsman on 03/18/05 19:58

Updated : It ain't MCRYPT.

[code]
<?php
// Variable-ize all of the attributes of the file object
$binFile = $_FILES['binFile'];
$binFile_name = $_FILES['binFile']['name'];
$binFile_size = $_FILES['binFile']['size'];
$binFile_type = $_FILES['binFile']['type'];
$binFile_tmp = $_FILES['binFile']['tmp_name'];
// Get sender information
$author = "test";
$recipient = "test";
// Tracking information on the file
$date_submitted = date('Y-m-d H:i:s');
$txtDescription = "test";
$binFile_unique =
md5($author.$txtDescription.$binFile_name);
$email_id = "test";

$data = file_get_contents($binFile_tmp);
$bytes_in_data = strlen($data);

$key = "supa_secret_key_type_thingie";
$input = $data;

$td = mcrypt_module_open('twofish', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td),
MCRYPT_RAND);

mcrypt_generic_init($td, $key, $iv);

$encrypted_data = mcrypt_generic($td, $input);
$bytes_in_encrypted_data = strlen($encrypted_data);

mcrypt_generic_deinit($td);
mcrypt_module_close($td);

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form name="form1" enctype="multipart/form-data" method="post" action="">
<p>
<input name="binFile" type="file" size="50">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>

<?php echo $bytes_in_data; ?>
<br>
<?php echo $bytes_in_encrypted_data;?>
</body>
</html>
[/code]

-----Original Message-----
From: Marek Kilimajer [mailto:lists@kilimajer.net]
Sent: Friday, March 18, 2005 4:26 AM
To: webphp@efastfunding.com
Cc: php-general@lists.php.net
Subject: Re: [PHP] Files upload - Encrypt into a variable - Do not
injectinto db (PHP/Apache/MySQL)

Steven Altsman wrote:
> Yes, the link is http://www.radinks.com/upload/config.php
>
> file_uploads = On
> upload_max_filesize = 40M
> max_input_time = 9000 (seconds)
> memory_limit (not limited, per handload config, from source)
> max_execution_time = 9000 (seconds)
> post_max_size = 40M
>
> also, hidden INPUT tag MAX_FILE_SIZE with value="40000", which I'm
guessing
> needs it in kilobytes.

It's in bytes.

Check apache's config, namely LimitRequestBody directive.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация