Mime Check Bypass Need 2Be FIXED.need help.and login problem

  • xDragonZ
  • Born
  • Born
  • xDragonZ
  • Posts: 3

Post 3+ Months Ago

PHP Code: [ Select ]
<?
function new_picture_size($max_w, $max_h, $path){
   $size = getimagesize($path);
   $w = $size[0];
   $h = $size[1];
   if($w <= $max_w && $h <= $max_h) $s = array(0=>$w, 1=>$h, 2=>$w, 3=>$h);
   else {
      if($w >= $h){
         if($w > $max_w){
            $new_w = $max_w;
            $new_h = ceil(($new_w * $h) / $w);
         }
         if($h > $max_h){
            $new_h = $max_h;
            $new_w = ceil(($new_h * $w) / $h);
         }
      } else {
         if($h > $max_h){
            $new_h = $max_h;
            $new_w = ceil(($new_h * $w) / $h);
         }
         if($w > $max_w){
            $new_w = $max_w;
            $new_h = ceil(($new_w * $h) / $w);
         }
      }
      $s = array(0=>$new_w, 1=>$new_h, 2=>$w, 3=>$h);
   }
   return $s;
}
 
function make_square($max, $dir, $file){
   $path = $dir."/".$file;
   $newpath = $dir."_mini/".$file;
   $size = getimagesize($path);
   $w = $size[0];
   $h = $size[1];
   if($w > $max_w || $h > $max_h) {
      if($w > $h){
         $neww = ($w * $max) / $h;
         $newh = $max;
      } else {
         $newh = ($h * $max) / $w;
         $neww = $max;
      }
      $oldpic = imagecreatefromjpeg($path);
      $newpic = imagecreatetruecolor($neww, $newh);
      imagecopyresampled($newpic, $oldpic, 0, 0, 0, 0, $neww, $newh, $w, $h);
      imagejpeg($newpic, $newpath, 100);
      imagedestroy($oldpic);
      imagedestroy($newpic);
 
      $size = getimagesize($newpath);
      $w = $size[0];
      $h = $size[1];
 
      if($w > $max) $x = round(($w - $max)/2);
      else $x = round(($max - $w)/2);
      if($h > $max) $y = round(($h - $max)/2);
      else $y = round(($max - $h)/2);
      $oldpic = imagecreatefromjpeg($newpath);
      $newpic = imagecreatetruecolor($max, $max);
      imagecopyresampled($newpic, $oldpic, 0, 0, $x, $y, $w, $h, $w, $h);
      imagejpeg($newpic, $newpath, 100);
      imagedestroy($oldpic);
      imagedestroy($newpic);
   }
   return $s;
}
 
function resize_picture($w, $h, $picture, $format){
   $format = str_replace(".", "", $format);
   switch(strtolower($format)){
      case "jpg":
         //$th_size = new_picture_size($w, $h, $picture);
         $oldpic = imagecreatefromjpeg($picture);
         $newpic = imagecreatetruecolor($w, $h);
         $size = min(imageSX($oldpic), imageSY($oldpic));
         $offsetX = (imageSX($oldpic) - $size) / 2;
         imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
 
 
         imagejpeg($newpic, $picture, 100);
         imagedestroy($oldpic);
         imagedestroy($newpic);
         break;
      case "jpeg":
         $oldpic = imagecreatefromjpeg($picture);
         $newpic = imagecreatetruecolor($w, $h);
         $size = min(imageSX($oldpic), imageSY($oldpic));
         $offsetX = (imageSX($oldpic) - $size) / 2;
         imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
         imagejpeg($newpic, $picture, 100);
         imagedestroy($oldpic);
         imagedestroy($newpic);
         break;
      case "png":
         $oldpic = imagecreatefrompng($picture);
         $newpic = imagecreatetruecolor($w, $h);
         $size = min(imageSX($oldpic), imageSY($oldpic));
         $offsetX = (imageSX($oldpic) - $size) / 2;
         //$offsetY = (imageSX($oldpic) - $size) / 2;
         imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
         imagepng($newpic, $picture, 9);
         imagedestroy($oldpic);
         imagedestroy($newpic);
         break;
      case "gif";
         $oldpic = imagecreatefromgif($picture);
         $newpic = imagecreate($w, $h);
         $size = min(imageSX($oldpic), imageSY($oldpic));
         $offsetX = (imageSX($oldpic) - $size) / 2;
         //$offsetY = (imageSX($oldpic) - $size) / 2;
         imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
         imagegif($newpic, $picture, 100);
         imagedestroy($oldpic);
         imagedestroy($newpic);
         break;
   }
}
 
function upload_avatar($file_field, $uid){
   if(is_file("profile_images/$uid.jpg")) unlink("profile_images/$uid.jpg");
   if(is_file("profile_images/$uid.jpeg")) unlink("profile_images/$uid.jpeg");
   if(is_file("profile_images/$uid.gif")) unlink("profile_images/$uid.gif");
   if(is_file("profile_images/$uid.png")) unlink("profile_images/$uid.png");
 
   if(is_uploaded_file($_FILES[$file_field]['tmp_name'])){
      $size = getimagesize($_FILES[$file_field]['tmp_name']);
      $mime = $size['mime'];
      if($mime != "image/png" && $mime != "image/jpeg" && $mime != "image/gif") return false;
      if($_FILES['userfile']['size'] > 1048576) return false;
      $size = getimagesize($_FILES[$file_field]['tmp_name']);
 
      $parts = explode(".", $_FILES[$file_field]['name']);
      $last = count($parts) - 1;
      $ext = $parts[$last];
      $filename = $uid.".".$ext;
 
      move_uploaded_file($_FILES[$file_field]['tmp_name'], "profile_images/$filename");
      chmod("profile_images/$filename", 0777);
      resize_picture(60, 60, "profile_images/$filename", $ext);
 
      //create 25x25 thumbnail
      copy("profile_images/$filename", "avatars/$filename");
      resize_picture(25, 25, "avatars/$filename", $ext);
 
      //update the user's avatar filename in the database
      $db = new database;
      $db->dblink();
      $db->db_update("users", "avatar='$filename'", "id=$uid");
      return $filename;
   }
}
 
function get_ext_from_mime($mime){
 switch($mime) {
    case "image/jpeg":
       return "jpg";
    break;
    case "image/jpg":
       return "jpg";
    break;
    case "image/gif":
       return "gif";
    break;
    case "image/png":
       return "png";
    break;
 }
}
?>
  1. <?
  2. function new_picture_size($max_w, $max_h, $path){
  3.    $size = getimagesize($path);
  4.    $w = $size[0];
  5.    $h = $size[1];
  6.    if($w <= $max_w && $h <= $max_h) $s = array(0=>$w, 1=>$h, 2=>$w, 3=>$h);
  7.    else {
  8.       if($w >= $h){
  9.          if($w > $max_w){
  10.             $new_w = $max_w;
  11.             $new_h = ceil(($new_w * $h) / $w);
  12.          }
  13.          if($h > $max_h){
  14.             $new_h = $max_h;
  15.             $new_w = ceil(($new_h * $w) / $h);
  16.          }
  17.       } else {
  18.          if($h > $max_h){
  19.             $new_h = $max_h;
  20.             $new_w = ceil(($new_h * $w) / $h);
  21.          }
  22.          if($w > $max_w){
  23.             $new_w = $max_w;
  24.             $new_h = ceil(($new_w * $h) / $w);
  25.          }
  26.       }
  27.       $s = array(0=>$new_w, 1=>$new_h, 2=>$w, 3=>$h);
  28.    }
  29.    return $s;
  30. }
  31.  
  32. function make_square($max, $dir, $file){
  33.    $path = $dir."/".$file;
  34.    $newpath = $dir."_mini/".$file;
  35.    $size = getimagesize($path);
  36.    $w = $size[0];
  37.    $h = $size[1];
  38.    if($w > $max_w || $h > $max_h) {
  39.       if($w > $h){
  40.          $neww = ($w * $max) / $h;
  41.          $newh = $max;
  42.       } else {
  43.          $newh = ($h * $max) / $w;
  44.          $neww = $max;
  45.       }
  46.       $oldpic = imagecreatefromjpeg($path);
  47.       $newpic = imagecreatetruecolor($neww, $newh);
  48.       imagecopyresampled($newpic, $oldpic, 0, 0, 0, 0, $neww, $newh, $w, $h);
  49.       imagejpeg($newpic, $newpath, 100);
  50.       imagedestroy($oldpic);
  51.       imagedestroy($newpic);
  52.  
  53.       $size = getimagesize($newpath);
  54.       $w = $size[0];
  55.       $h = $size[1];
  56.  
  57.       if($w > $max) $x = round(($w - $max)/2);
  58.       else $x = round(($max - $w)/2);
  59.       if($h > $max) $y = round(($h - $max)/2);
  60.       else $y = round(($max - $h)/2);
  61.       $oldpic = imagecreatefromjpeg($newpath);
  62.       $newpic = imagecreatetruecolor($max, $max);
  63.       imagecopyresampled($newpic, $oldpic, 0, 0, $x, $y, $w, $h, $w, $h);
  64.       imagejpeg($newpic, $newpath, 100);
  65.       imagedestroy($oldpic);
  66.       imagedestroy($newpic);
  67.    }
  68.    return $s;
  69. }
  70.  
  71. function resize_picture($w, $h, $picture, $format){
  72.    $format = str_replace(".", "", $format);
  73.    switch(strtolower($format)){
  74.       case "jpg":
  75.          //$th_size = new_picture_size($w, $h, $picture);
  76.          $oldpic = imagecreatefromjpeg($picture);
  77.          $newpic = imagecreatetruecolor($w, $h);
  78.          $size = min(imageSX($oldpic), imageSY($oldpic));
  79.          $offsetX = (imageSX($oldpic) - $size) / 2;
  80.          imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
  81.  
  82.  
  83.          imagejpeg($newpic, $picture, 100);
  84.          imagedestroy($oldpic);
  85.          imagedestroy($newpic);
  86.          break;
  87.       case "jpeg":
  88.          $oldpic = imagecreatefromjpeg($picture);
  89.          $newpic = imagecreatetruecolor($w, $h);
  90.          $size = min(imageSX($oldpic), imageSY($oldpic));
  91.          $offsetX = (imageSX($oldpic) - $size) / 2;
  92.          imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
  93.          imagejpeg($newpic, $picture, 100);
  94.          imagedestroy($oldpic);
  95.          imagedestroy($newpic);
  96.          break;
  97.       case "png":
  98.          $oldpic = imagecreatefrompng($picture);
  99.          $newpic = imagecreatetruecolor($w, $h);
  100.          $size = min(imageSX($oldpic), imageSY($oldpic));
  101.          $offsetX = (imageSX($oldpic) - $size) / 2;
  102.          //$offsetY = (imageSX($oldpic) - $size) / 2;
  103.          imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
  104.          imagepng($newpic, $picture, 9);
  105.          imagedestroy($oldpic);
  106.          imagedestroy($newpic);
  107.          break;
  108.       case "gif";
  109.          $oldpic = imagecreatefromgif($picture);
  110.          $newpic = imagecreate($w, $h);
  111.          $size = min(imageSX($oldpic), imageSY($oldpic));
  112.          $offsetX = (imageSX($oldpic) - $size) / 2;
  113.          //$offsetY = (imageSX($oldpic) - $size) / 2;
  114.          imagecopyresampled($newpic, $oldpic, 0, 0, $offsetX, 0, $w, $h, $size, $size);
  115.          imagegif($newpic, $picture, 100);
  116.          imagedestroy($oldpic);
  117.          imagedestroy($newpic);
  118.          break;
  119.    }
  120. }
  121.  
  122. function upload_avatar($file_field, $uid){
  123.    if(is_file("profile_images/$uid.jpg")) unlink("profile_images/$uid.jpg");
  124.    if(is_file("profile_images/$uid.jpeg")) unlink("profile_images/$uid.jpeg");
  125.    if(is_file("profile_images/$uid.gif")) unlink("profile_images/$uid.gif");
  126.    if(is_file("profile_images/$uid.png")) unlink("profile_images/$uid.png");
  127.  
  128.    if(is_uploaded_file($_FILES[$file_field]['tmp_name'])){
  129.       $size = getimagesize($_FILES[$file_field]['tmp_name']);
  130.       $mime = $size['mime'];
  131.       if($mime != "image/png" && $mime != "image/jpeg" && $mime != "image/gif") return false;
  132.       if($_FILES['userfile']['size'] > 1048576) return false;
  133.       $size = getimagesize($_FILES[$file_field]['tmp_name']);
  134.  
  135.       $parts = explode(".", $_FILES[$file_field]['name']);
  136.       $last = count($parts) - 1;
  137.       $ext = $parts[$last];
  138.       $filename = $uid.".".$ext;
  139.  
  140.       move_uploaded_file($_FILES[$file_field]['tmp_name'], "profile_images/$filename");
  141.       chmod("profile_images/$filename", 0777);
  142.       resize_picture(60, 60, "profile_images/$filename", $ext);
  143.  
  144.       //create 25x25 thumbnail
  145.       copy("profile_images/$filename", "avatars/$filename");
  146.       resize_picture(25, 25, "avatars/$filename", $ext);
  147.  
  148.       //update the user's avatar filename in the database
  149.       $db = new database;
  150.       $db->dblink();
  151.       $db->db_update("users", "avatar='$filename'", "id=$uid");
  152.       return $filename;
  153.    }
  154. }
  155.  
  156. function get_ext_from_mime($mime){
  157.  switch($mime) {
  158.     case "image/jpeg":
  159.        return "jpg";
  160.     break;
  161.     case "image/jpg":
  162.        return "jpg";
  163.     break;
  164.     case "image/gif":
  165.        return "gif";
  166.     break;
  167.     case "image/png":
  168.        return "png";
  169.     break;
  170.  }
  171. }
  172. ?>


User are able to bypass the mine check..
file Input Validation bypass

[Mime Check Bypass]:
----------
GIF89aP;
[php_shell_code]

so any one know how to fix this......


------------------------------------------------------------------
and i have a login proble..

PHP Code: [ Select ]
//login a user
if($_POST['login']){
      //hash password
      $temp = $post['pass'];
      $hashed = md5(sha1($temp));
   $result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='$hashed' and new=0");
   $how_many = $db->count_recs($result);
   if($how_many != 0) {
      $rec = $db->fetch_objects($result);
      $_SESSION['user'] = new user($rec[0]);
      $_SESSION['user_id'] = $_SESSION['user']->id;
      if($_POST['remember_me']){
         setcookie("login_user", $_SESSION['user']->username, time() + 86400 * 60);
         setcookie("login_pass", $_SESSION['user']->$hashed, time() + 86400 * 60);
      }
      unset($_SESSION['logged_out']);
      header("Location: profile/{$_SESSION['user']->username}");
   } else {
   //$result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='{$_POST['pass']}' and new=1");
      $result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='$hashed' and new=1");
      $how_many = $db->count_recs($result);
      if($how_many != 0){
  1. //login a user
  2. if($_POST['login']){
  3.       //hash password
  4.       $temp = $post['pass'];
  5.       $hashed = md5(sha1($temp));
  6.    $result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='$hashed' and new=0");
  7.    $how_many = $db->count_recs($result);
  8.    if($how_many != 0) {
  9.       $rec = $db->fetch_objects($result);
  10.       $_SESSION['user'] = new user($rec[0]);
  11.       $_SESSION['user_id'] = $_SESSION['user']->id;
  12.       if($_POST['remember_me']){
  13.          setcookie("login_user", $_SESSION['user']->username, time() + 86400 * 60);
  14.          setcookie("login_pass", $_SESSION['user']->$hashed, time() + 86400 * 60);
  15.       }
  16.       unset($_SESSION['logged_out']);
  17.       header("Location: profile/{$_SESSION['user']->username}");
  18.    } else {
  19.    //$result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='{$_POST['pass']}' and new=1");
  20.       $result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='$hashed' and new=1");
  21.       $how_many = $db->count_recs($result);
  22.       if($how_many != 0){


The user are able to login the account..by just user username...even wrong password they can login...so anyon know how to fix?

Post Information

  • Total Posts in this topic: 1 post
  • Users browsing this forum: No registered users and 75 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.