Posts: 2
|
PHP Code:
<?
function new_picture_size($max_w, $max_h, $path){
$size = getimagesize($path);
$w = $size[0];
$h = $size[1];
if($w <= $max_w && $h <= $max_h) $s = array(0=>$w, 1=>$h, 2=>$w, 3=>$h);
else {
if($w >= $h){
if($w > $max_w){
$new_w = $max_w;
$new_h = ceil(($new_w * $h) / $w);
}
if($h > $max_h){
$new_h = $max_h;
$new_w = ceil(($new_h * $w) / $h);
}
} else {
if($h > $max_h){
$new_h = $max_h;
$new_w = ceil(($new_h * $w) / $h);
}
if($w > $max_w){
$new_w = $max_w;
$new_h = ceil(($new_w * $h) / $w);
}
}
$s = array(0=>$new_w, 1=>$new_h, 2=>$w, 3=>$h);
}
return $s;
}
function make_square($max, $dir, $file){
$path = $dir."/".$file;
$newpath = $dir."_mini/".$file;
$size = getimagesize($path);
$w = $size[0];
$h = $size[1];
if($w > $max_w || $h > $max_h) {
if($w > $h){
$neww = ($w * $max) / $h;
$newh = $max;
} else {
$newh = ($h * $max) / $w;
$neww = $max;
}
$oldpic = imagecreatefromjpeg($path);
$newpic = imagecreatetruecolor($neww, $newh);
imagecopyresampled($newpic, $oldpic, 0, 0, 0, 0, $neww, $newh, $w, $h);
imagejpeg($newpic, $newpath, 100);
imagedestroy($oldpic);
imagedestroy($newpic);
$size = getimagesize($newpath);
$w = $size[0];
$h = $size[1];
if($w > $max) $x = round(($w - $max)/2);
else $x = round(($max - $w)/2);
if($h > $max) $y = round(($h - $max)/2);
else $y = round(($max - $h)/2);
$oldpic = imagecreatefromjpeg($newpath);
$newpic = imagecreatetruecolor($max, $max);
imagecopyresampled($newpic, $oldpic, 0, 0, $x, $y, $w, $h, $w, $h);
imagejpeg($newpic, $newpath, 100);
imagedestroy($oldpic);
imagedestroy($newpic);
}
return $s;
}
function resize_picture($w, $h, $picture, $format){
$format = str_replace(".", "", $format);
switch(strtolower($format)){
case "jpg":
//$th_size = new_picture_size($w, $h, $picture);
$oldpic = imagecreatefromjpeg($picture);
$newpic = imagecreatetruecolor($w, $h);
$size = min(imageSX($oldpic), imageSY($oldpic));
$offsetX = (imageSX($oldpic) - $size) / 2;
imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
imagejpeg($newpic, $picture, 100);
imagedestroy($oldpic);
imagedestroy($newpic);
break;
case "jpeg":
$oldpic = imagecreatefromjpeg($picture);
$newpic = imagecreatetruecolor($w, $h);
$size = min(imageSX($oldpic), imageSY($oldpic));
$offsetX = (imageSX($oldpic) - $size) / 2;
imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
imagejpeg($newpic, $picture, 100);
imagedestroy($oldpic);
imagedestroy($newpic);
break;
case "png":
$oldpic = imagecreatefrompng($picture);
$newpic = imagecreatetruecolor($w, $h);
$size = min(imageSX($oldpic), imageSY($oldpic));
$offsetX = (imageSX($oldpic) - $size) / 2;
//$offsetY = (imageSX($oldpic) - $size) / 2;
imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
imagepng($newpic, $picture, 9);
imagedestroy($oldpic);
imagedestroy($newpic);
break;
case "gif";
$oldpic = imagecreatefromgif($picture);
$newpic = imagecreate($w, $h);
$size = min(imageSX($oldpic), imageSY($oldpic));
$offsetX = (imageSX($oldpic) - $size) / 2;
//$offsetY = (imageSX($oldpic) - $size) / 2;
imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
imagegif($newpic, $picture, 100);
imagedestroy($oldpic);
imagedestroy($newpic);
break;
}
}
function upload_avatar($file_field, $uid){
if(is_file("profile_images/$uid.jpg")) unlink("profile_images/$uid.jpg");
if(is_file("profile_images/$uid.jpeg")) unlink("profile_images/$uid.jpeg");
if(is_file("profile_images/$uid.gif")) unlink("profile_images/$uid.gif");
if(is_file("profile_images/$uid.png")) unlink("profile_images/$uid.png");
if(is_uploaded_file($_FILES[$file_field]['tmp_name'])){
$size = getimagesize($_FILES[$file_field]['tmp_name']);
$mime = $size['mime'];
if($mime != "image/png" && $mime != "image/jpeg" && $mime != "image/gif") return false;
if($_FILES['userfile']['size'] > 1048576) return false;
$size = getimagesize($_FILES[$file_field]['tmp_name']);
$parts = explode(".", $_FILES[$file_field]['name']);
$last = count($parts) - 1;
$ext = $parts[$last];
$filename = $uid.".".$ext;
move_uploaded_file($_FILES[$file_field]['tmp_name'], "profile_images/$filename");
chmod("profile_images/$filename", 0777);
resize_picture(60, 60, "profile_images/$filename", $ext);
//create 25x25 thumbnail
copy("profile_images/$filename", "avatars/$filename");
resize_picture(25, 25, "avatars/$filename", $ext);
//update the user's avatar filename in the database
$db = new database;
$db->dblink();
$db->db_update("users", "avatar='$filename'", "id=$uid");
return $filename;
}
}
function get_ext_from_mime($mime){
switch($mime) {
case "image/jpeg":
return "jpg";
break;
case "image/jpg":
return "jpg";
break;
case "image/gif":
return "gif";
break;
case "image/png":
return "png";
break;
}
}
?>
User are able to bypass the mine check..
file Input Validation bypass
[Mime Check Bypass]:
----------
GIF89aP;
[php_shell_code]
so any one know how to fix this......
------------------------------------------------------------------
and i have a login proble..
PHP Code:
//login a user
if($_POST['login']){
//hash password
$temp = $post['pass'];
$hashed = md5(sha1($temp));
$result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='$hashed' and new=0");
$how_many = $db->count_recs($result);
if($how_many != 0) {
$rec = $db->fetch_objects($result);
$_SESSION['user'] = new user($rec[0]);
$_SESSION['user_id'] = $_SESSION['user']->id;
if($_POST['remember_me']){
setcookie("login_user", $_SESSION['user']->username, time() + 86400 * 60);
setcookie("login_pass", $_SESSION['user']->$hashed, time() + 86400 * 60);
}
unset($_SESSION['logged_out']);
header("Location: profile/{$_SESSION['user']->username}");
} else {
//$result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='{$_POST['pass']}' and new=1");
$result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='$hashed' and new=1");
$how_many = $db->count_recs($result);
if($how_many != 0){
The user are able to login the account..by just user username...even wrong password they can login...so anyon know how to fix? |
