RE: [PHP] Files upload - Encrypt into a variable - Do not injectinto db (PHP/Apache/MySQL)

Fri, 18 Mar 2005 10:03:48 -0800 

Updated : It ain't MCRYPT.

[code]
<?php
        // Variable-ize all of the attributes of the file object
                $binFile = $_FILES['binFile'];
                $binFile_name = $_FILES['binFile']['name'];
                $binFile_size = $_FILES['binFile']['size'];
                $binFile_type = $_FILES['binFile']['type'];
                $binFile_tmp = $_FILES['binFile']['tmp_name'];
        // Get sender information
                $author = "test";
                $recipient = "test";
        // Tracking information on the file
                $date_submitted = date('Y-m-d H:i:s');
                $txtDescription = "test";
                $binFile_unique =
md5($author.$txtDescription.$binFile_name);
                $email_id = "test";
                
                $data = file_get_contents($binFile_tmp);
                $bytes_in_data = strlen($data);

                $key = "supa_secret_key_type_thingie";
                $input = $data;

                $td = mcrypt_module_open('twofish', '', 'ecb', '');
                $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td),
MCRYPT_RAND);

                mcrypt_generic_init($td, $key, $iv);

                $encrypted_data = mcrypt_generic($td, $input);
                $bytes_in_encrypted_data = strlen($encrypted_data);

                mcrypt_generic_deinit($td);
                mcrypt_module_close($td);

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form name="form1" enctype="multipart/form-data" method="post" action="">
  <p>
    <input name="binFile" type="file" size="50">
</p>
  <p>
    <input type="submit" name="Submit" value="Submit">
</p>
</form>

<?php echo $bytes_in_data; ?>
<br>
<?php echo $bytes_in_encrypted_data;?>
</body>
</html>
[/code]

-----Original Message-----
From: Marek Kilimajer [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 18, 2005 4:26 AM
To: [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Subject: Re: [PHP] Files upload - Encrypt into a variable - Do not
injectinto db (PHP/Apache/MySQL)

Steven Altsman wrote:
> Yes, the link is http://www.radinks.com/upload/config.php
> 
> file_uploads = On
> upload_max_filesize = 40M
> max_input_time = 9000 (seconds)
> memory_limit (not limited, per handload config, from source)
> max_execution_time = 9000 (seconds)
> post_max_size = 40M
> 
> also, hidden INPUT tag MAX_FILE_SIZE with value="40000", which I'm
guessing
> needs it in kilobytes.

It's in bytes.

Check apache's config, namely LimitRequestBody directive.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to