Secure Donwload System

This article has been written before more than 24months, information might old.

Am scris , acum ceva vreme sistem de download simplu in php intentionat sa serveasca un fisier numai daca cineva stie link-ul , astfel de sisteme cum sunt la site-urile de crack-uri .
Nu are in el incorporat si un upload desi e simplu de scris , oricum e scris demult in graba si doar aveam nevoie de ceva de gen .

Are urmatoarea structura :

-Folder: date ( folderul protejat unde se tin fisierele )
-Folder: db ( folderul protejat in care se tine un fisier cu locatiile fisierelor ce se pot descarca )
-Fila : admin.php ( de unde se adauga cai catre fisiere si se administreaza )
-Fila : cfg.php ( Fila unde exista datele de autentificare in administratie si diverse functii )
-Fila : fisier.php ( Fila care serveste fisierul cerut pentru descarcare )

Tot sistemul se poate descarca de aici : link de aceea nu voi pune decat codul celor 3 fisiere php pentru a avea o idee .

cfg.php :

<?php
$admin_name = "azrael-sub7";
$admin_pass = "*****";
function send_download($fisier){
$file_size=@filesize($fisier);
header("Content-Type: application/x-zip-compressed");
header('Content-Disposition: attachment; filename="' . basename($fisier) . '"');
header("Content-Length: $file_size");
readfile($fisier);
exit;
}
function delLineFromFile($fileName,$lineNum){
  if(!is_writable($fileName))
    {
    print "The file $fileName is not writable";
    exit;
    }
  else
      {   
    $arr = file($fileName);
    }

  $lineToDelete = $lineNum-1;
  
  if($lineToDelete > sizeof($arr))
    {
    print "You have chosen a line number, <b>[$lineNum]</b>,  higher than the length of the file.";
    exit;
    }

  unset($arr["$lineToDelete"]);

  if (!$fp = fopen($fileName, 'w+'))
    {
        print "Cannot open file ($fileName)";
        exit;
        }
  
  if($fp)
    {
        foreach($arr as $line) { fwrite($fp,$line); }

        fclose($fp);
        }

echo "Codul A fost sters :)<br /><br /> ";
}
function scrie_linie($fis,$cod,$ema) {

$gfil = fopen($fis,"a");
$add = "$cod=$ema\n";
fwrite($gfil, $add);
fclose($gfil); 
echo "cod adaugat ";
}
function generare_cod(){
$len = 18;
$base='ABCDEFGHKLMNOPQRSTWXYZabcdefghjkmnpqrstwxyz123456789';
$max=strlen($base)-1;
$activatecode='';
mt_srand((double)microtime()*1000000);
while (strlen($activatecode)<$len+1)
$activatecode.=$base{mt_rand(0,$max)};
return md5($activatecode);
}

function is_cod_in_db($fisier,$code){
$ff = @fopen($fisier, "r");
if ($ff) {
while (!feof($ff)) {
    $buffer = fgets($ff);
    $arex = explode("=",$buffer);
    if ( $arex&#91;0&#93; == $code ){
    fclose($ff);
    return $arex&#91;1&#93;;
    break;
	}
} return "";  } }

?>

fisier.php :

<?php
@include("cfg.php");
$ffisier = "db/db.txt";
if(!isset($_GET&#91;'id'&#93;))
{ echo'<h1> File ID missing ! </h1>'; }
else{
$cond = is_cod_in_db($ffisier,$_GET['id']);
if( $cond == "" ){
echo '<h1> Invalid File ID ! </h1>';
}else {
$cond = trim($cond);
if(file_exists($cond))send_download($cond) ;
else echo '<h1> File Not Found ! </h1>';
}}
?>

admin.php :

<?php
include("cfg.php");
$ffisier = "db/db.txt";
if(isset($_COOKIE&#91;'ss_logat'&#93;) && $_COOKIE&#91;'ss_logat'&#93; == "da")
{?>
<h2>Generare Cod</h2><br />
<form action="admin.php" method="post"/>
--cod--<input type="text" name="cod" value="<?php if(isset($_POST&#91;'bgen'&#93;)) echo generare_cod()  ?>" size="50" /><br />
<input name="bgen" type="submit" value="Genereaza" />
</form><br />


<h2>Adauga cod</h2><br />
<form action="admin.php" method="post"/>
--Code--<input type="text" name="cod" value="" size="50" /><br />
--Path--<input type="text" name="path" value="" size="25" /><br />
<input type="submit" value="Adauga" />
</form><br />
<h2>Lista <a style="color:red;font-size:small;" href="admin.php"> Refresh ... </a></h2> <br />
<?php

if(isset($_GET&#91;'del'&#93;)) {
if(is_numeric($_GET&#91;'del'&#93;)) {
delLineFromFile($ffisier,$_GET&#91;'del'&#93;);
}
}

$lines = file($ffisier);
foreach ($lines as $line_num => $line) {
$line_num = $line_num + 1;
echo "Nr linie #<b>$line_num</b> , Cod </b> : " . htmlspecialchars($line) . " <a href='admin.php?del=".$line_num."'> Sterge cod</a> <br />\n";
}

if(isset($_POST['cod']) && isset($_POST['path']) )  scrie_linie($ffisier,$_POST['cod'],$_POST['path']); 

}else{
if(isset($_POST['user']) and isset($_POST['pass'])) {
if(($_POST['user'] == $admin_name) and ($_POST['pass'] == $admin_pass))
{
setcookie("ss_logat","da");
header("location: admin.php");
}else{?>
<form action="admin.php" method="post"/>
User : <input type="text" name="user" value="" /><br />
Pass : <input type="text" name="pass" value="" /><br />
       <input type="submit" value="submit" />
</form>
<?php
}
}else{
?>
<form action="admin.php" method="post"/>
User : <input type="text" name="user" value="" /><br />
Pass : <input type="text" name="pass" value="" /><br />
       <input type="submit" value="submit" />
</form>
<?php
}}

?>

Stiu ca setarea unui cookie doar cu „da” pentru a verifica autentificarea e un risc extrem de securitate si ca acel „da” ar trebui inlocuit cu parola din cfg.php dar mi-a fost lene ….

Share the joy

Leave a Reply