Encrypt with MD5 the image name coming from PLUPLOAD

Asked

Viewed 629 times

0

I have the code I use to upload using PLUPLOAD. But I didn’t want the name of the original photo, I wanted it to come ENCRYPTED, using md5. I am recovering the data and comes the original name of the photo uploaded, wanted encrypted.

Code from Upload.php

<?php
/**
 * upload.php
 *
 * Copyright 2009, Moxiecode Systems AB
 * Released under GPL License.
 *
 * License: http://www.plupload.com/license
 * Contributing: http://www.plupload.com/contributing
 */

// HTTP headers for no cache etc
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

// Settings
//$targetDir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
$targetDir = '../uploads2/';

//$cleanupTargetDir = false; // Remove old files
//$maxFileAge = 60 * 60; // Temp file age in seconds

// 5 minutes execution time
@set_time_limit(5 * 60);

// Uncomment this one to fake upload time
// usleep(5000);

// Get parameters
$chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0;
$chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0;
$fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';

// Clean the fileName for security reasons
$fileName = preg_replace('/[^\w\._]+/', '', $fileName);


// Make sure the fileName is unique but only if chunking is disabled
if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) {

    $ext = strrpos($fileName, '.');
    $fileName_a = substr($fileName, 0, $ext);
    $fileName_b = substr($fileName, $ext);

    $count = 1;
    while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b))
        $count++;

    $fileName = $fileName_a . '_' . $count . $fileName_b;
}

// Create target dir
if (!file_exists($targetDir))
    @mkdir($targetDir);

// Look for the content type header
if (isset($_SERVER["HTTP_CONTENT_TYPE"]))
    $contentType = $_SERVER["HTTP_CONTENT_TYPE"];

if (isset($_SERVER["CONTENT_TYPE"]))
    $contentType = $_SERVER["CONTENT_TYPE"];

// Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
if (strpos($contentType, "multipart") !== false) {
    if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
        // Open temp file
        $out = fopen($targetDir . DIRECTORY_SEPARATOR . $fileName, $chunk == 0 ? "wb" : "ab");
        if ($out) {
            // Read binary input stream and append it to temp file
            $in = fopen($_FILES['file']['tmp_name'], "rb");

            if ($in) {
                while ($buff = fread($in, 4096))
                    fwrite($out, $buff);
            } else
                die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
            fclose($in);
            fclose($out);
            @unlink($_FILES['file']['tmp_name']);
        } else
            die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
    } else
        die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
} else {
    // Open temp file
    $out = fopen($targetDir . DIRECTORY_SEPARATOR . $fileName, $chunk == 0 ? "wb" : "ab");
    if ($out) {
        // Read binary input stream and append it to temp file
        $in = fopen("php://input", "rb");

        if ($in) {
            while ($buff = fread($in, 4096))
                fwrite($out, $buff);
        } else
            die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');

        fclose($in);
        fclose($out);
    } else
        die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}

// Return JSON-RPC response
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');

?>
php
  • 1

    MD5 is not a hash-generating encryption algorithm

  • 1

    I would just like to change the name, I would not like the original name to be posted. I usually use md5 only to randomize... and change the name... Managed to understand @Ricardo Thanks!

  • @Andrébaill md5 is not random.

  • Do you want to generate random names? But you still want to be able to retrieve the name from $_REQUEST["name"]??

  • Like, these names I retrieve them and record in the database... but I didn’t want to record the original name, I wanted to record only a "fictional" name that would be the new name of the image...

1 answer

0


Understanding what you want

If I understood your logic you would just like the name of the image on the random pseudo server to the point that it does not interfere with the storage and let alone a third party guess the name of the image and see what should not be seen.

Basic Points

Understand that encrypt image file is one thing and if that’s what you really want edit your question by informing.

Also understand that MD5 as the SHA family is for HASH generation only, not encryption itself.

Solution

What we should do is basically the following: At the time of saving we will generate a random name using time() of the moment and using the function md5 to leave the name "confused" and "unnoticeable"

What would be something like that: 

md5(time()));

and changing your code, I think you need to change that line:

    $fileName = $fileName_a . '_' . $count . $fileName_b;

for this

    $fileName = md5(time());

I don’t have the ability to test, because I don’t have the HTML of this, but something we are there..

  • Okay, it works. I did this and put the extension through Request, however, at the time of entering in the database, it only inserts the old name, and the new name it does not insert... as I pass this parameter to be able to enter the correct name?

  • I didn’t see in her code the function she inserts in the database, I would need candle to know which variable she is inserting

  • Yes to enter in the database it returns the records in json, which I recover through the post array... but in the post array it comes only the "old" data and not the new names...

  • Can you give me an example of output? Why don’t I see JSON code other than error messages in its original code..

  • 1

    It does change the name of the image, but in the post that comes within an array, it is the old name.. but I’ll see if I can reassemble the script based on this, so that it does the automatic insertion when you upload the photo, already inserts in the database... because there is already the correct name.

  • All right, if you have any more questions call me!

  • Okay, where can I call you? Do you have any contact? Thank you! Suddenly if you are interested, we can develop some work together, I have enough. Obg

  • Leave a contact of your that I return, Att

  • Skype srandrebaill

Show 4 more comments

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.