T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/lavocat.quebec/private_html/php-migration/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/lavocat.quebec/private_html/php-migration/upload.php
<?php
/**
 * File Upload Handler
 * Handles file uploads for documents and images
 */

require_once 'config/config.php';
require_once 'auth/Auth.php';

$auth = new Auth();

// Check if user is logged in
if (!$auth->isLoggedIn()) {
    http_response_code(401);
    echo json_encode(['error' => 'Unauthorized']);
    exit;
}

$user = $auth->getCurrentUser();

// Set content type to JSON
header('Content-Type: application/json');

// Check if request method is POST
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['error' => 'Method not allowed']);
    exit;
}

// Check if file was uploaded
if (!isset($_FILES['file']) || $_FILES['file']['error'] !== UPLOAD_ERR_OK) {
    http_response_code(400);
    echo json_encode(['error' => 'No file uploaded or upload error']);
    exit;
}

$file = $_FILES['file'];
$fileName = $file['name'];
$fileSize = $file['size'];
$fileTmpName = $file['tmp_name'];
$fileType = $file['type'];

// Validate file size
if ($fileSize > MAX_FILE_SIZE) {
    http_response_code(400);
    echo json_encode(['error' => 'File too large. Maximum size: ' . (MAX_FILE_SIZE / 1024 / 1024) . 'MB']);
    exit;
}

// Get file extension
$fileExtension = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));

// Validate file type
if (!in_array($fileExtension, ALLOWED_FILE_TYPES)) {
    http_response_code(400);
    echo json_encode(['error' => 'File type not allowed. Allowed types: ' . implode(', ', ALLOWED_FILE_TYPES)]);
    exit;
}

// Create upload directory if it doesn't exist
if (!is_dir(UPLOAD_DIR)) {
    mkdir(UPLOAD_DIR, 0755, true);
}

// Create user-specific directory
$userUploadDir = UPLOAD_DIR . $user['id'] . '/';
if (!is_dir($userUploadDir)) {
    mkdir($userUploadDir, 0755, true);
}

// Generate unique filename
$uniqueFileName = uniqid() . '_' . time() . '.' . $fileExtension;
$uploadPath = $userUploadDir . $uniqueFileName;

// Move uploaded file
if (move_uploaded_file($fileTmpName, $uploadPath)) {
    // Generate public URL
    $publicUrl = APP_URL . '/php-migration/uploads/' . $user['id'] . '/' . $uniqueFileName;
    
    // Return success response
    echo json_encode([
        'success' => true,
        'file' => [
            'name' => $fileName,
            'size' => $fileSize,
            'type' => $fileType,
            'url' => $publicUrl,
            'path' => $uploadPath
        ]
    ]);
} else {
    http_response_code(500);
    echo json_encode(['error' => 'Failed to upload file']);
}
?>

CasperSecurity Mini