feat: Secure SMS verification with Redis (Predis)
- Added Predis library for Redis connection (no PHP extension required) - Server-side SMS code generation and storage in Redis - Rate limiting and brute-force protection - Integration with n8n webhook for SMS sending - Environment variables moved to .env file - Fixed policy verification endpoint - Added file-based fallback if Redis unavailable
This commit is contained in:
Fedor
114
fileupload.php
Normal file
114
fileupload.php
Normal file
@@ -0,0 +1,114 @@
|
||||
<?php
|
||||
|
||||
$result=array("success"=>"false","message"=>"asdasd", "result" => "");
|
||||
|
||||
|
||||
$lastname = str_replace(' ', '_',$_POST['lastname']);
|
||||
$inputsArray = $_POST['files_names'];
|
||||
$inputLabel = $_POST['docs_names'];
|
||||
$pdf_page_counts=array();
|
||||
$img_page_counts=0;
|
||||
if($inputsArray) {
|
||||
|
||||
foreach($inputsArray as $index => $inputsArray_item) {
|
||||
for($i=0;$i<10;$i++) {
|
||||
if (!isset($_FILES[$inputsArray_item.'-'.$i])) {
|
||||
$error = 'Файл не загружен.';
|
||||
break;
|
||||
} else {
|
||||
$file = $_FILES[$inputsArray_item.'-'.$i];
|
||||
$allow = array();
|
||||
$deny = array(
|
||||
'phtml', 'php', 'php3', 'php4', 'php5', 'php6', 'php7', 'phps', 'cgi', 'pl', 'asp',
|
||||
'aspx', 'shtml', 'shtm', 'htaccess', 'htpasswd', 'ini', 'log', 'sh', 'js', 'html',
|
||||
'htm', 'css', 'sql', 'spl', 'scgi', 'fcgi', 'exe'
|
||||
);
|
||||
$path = __DIR__ . '/uploads/';
|
||||
$error = $success = '';
|
||||
if (!empty($file['error']) || empty($file['tmp_name'])) {
|
||||
$error = 'Не удалось загрузить файл.';
|
||||
} elseif ($file['tmp_name'] == 'none' || !is_uploaded_file($file['tmp_name'])) {
|
||||
$error = 'Не удалось загрузить файл.';
|
||||
} else {
|
||||
$pattern = "[^a-zа-яё0-9,~!@#%^-_\$\?\(\)\{\}\[\]\.]";
|
||||
$name = mb_eregi_replace($pattern, '-', $file['name']);
|
||||
$name = mb_ereg_replace('[-]+', '-', $name);
|
||||
$parts = pathinfo($name);
|
||||
if (empty($name) || empty($parts['extension'])) {
|
||||
$error = 'Недопустимый тип файла';
|
||||
} elseif (!empty($allow) && !in_array(strtolower($parts['extension']), $allow)) {
|
||||
$error = 'Недопустимый тип файла';
|
||||
} elseif (!empty($deny) && in_array(strtolower($parts['extension']), $deny)) {
|
||||
$error = 'Недопустимый тип файла';
|
||||
} else {
|
||||
if (move_uploaded_file($file['tmp_name'], $path . $name)) {
|
||||
$fullpath = $_SERVER['HTTP_REFERER']. '/uploads/' . $name;
|
||||
if(strtolower($parts['extension']) != 'pdf') {
|
||||
$oldfile = 'uploads/'.$name;
|
||||
$name = trim(preg_replace('/\s*\([^)]*\)/', '', $name));
|
||||
$newfile = 'uploads/'.$name.'_'.date('m-d-Y-H-i-s').'.pdf';
|
||||
exec("convert ".$oldfile." ".$newfile." ");
|
||||
$pdfFiles[] = $newfile;
|
||||
$img_page_counts++;
|
||||
} else {
|
||||
$pdfFiles[] = 'uploads/' . $name; // 'uploads/'
|
||||
$pdf_page_counts[]=get_pdf_count('uploads/'.$name);
|
||||
}
|
||||
//exec("convert uploads/".$name." uploads/".$name.'_'.date('m-d-Y-H-i-s').".pdf");
|
||||
//$success = '<p style="color: green">Файл «' . $name . '» успешно загружен.</p><a href="'.$fullpath.'">Скачать</a>';
|
||||
} else {
|
||||
$error = 'Не удалось загрузить файл.';
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
$pages_count=array_sum($pdf_page_counts)+$img_page_counts;
|
||||
$new = 'uploads/'.translit($inputLabel[$index]).'_'.date('d-m-Y').'_'.translit($lastname).'_'.$pages_count.'_CTP.pdf';
|
||||
$cmd = "gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=".$new." ".implode(" ", $pdfFiles);
|
||||
shell_exec($cmd);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
function get_pdf_count($target_pdf){
|
||||
$cmd = sprintf("identify %s", $target_pdf);
|
||||
exec($cmd, $output);
|
||||
$pages = count($output);
|
||||
return $pages;
|
||||
}
|
||||
|
||||
if($new) {
|
||||
$result['success']="true";
|
||||
$result['message']=$new;
|
||||
}
|
||||
|
||||
|
||||
function translit($value)
|
||||
{
|
||||
$converter = array(
|
||||
'а' => 'a', 'б' => 'b', 'в' => 'v', 'г' => 'g', 'д' => 'd',
|
||||
'е' => 'e', 'ё' => 'e', 'ж' => 'zh', 'з' => 'z', 'и' => 'i',
|
||||
'й' => 'y', 'к' => 'k', 'л' => 'l', 'м' => 'm', 'н' => 'n',
|
||||
'о' => 'o', 'п' => 'p', 'р' => 'r', 'с' => 's', 'т' => 't',
|
||||
'у' => 'u', 'ф' => 'f', 'х' => 'h', 'ц' => 'c', 'ч' => 'ch',
|
||||
'ш' => 'sh', 'щ' => 'sch', 'ь' => '', 'ы' => 'y', 'ъ' => '',
|
||||
'э' => 'e', 'ю' => 'yu', 'я' => 'ya',
|
||||
|
||||
'А' => 'A', 'Б' => 'B', 'В' => 'V', 'Г' => 'G', 'Д' => 'D',
|
||||
'Е' => 'E', 'Ё' => 'E', 'Ж' => 'Zh', 'З' => 'Z', 'И' => 'I',
|
||||
'Й' => 'Y', 'К' => 'K', 'Л' => 'L', 'М' => 'M', 'Н' => 'N',
|
||||
'О' => 'O', 'П' => 'P', 'Р' => 'R', 'С' => 'S', 'Т' => 'T',
|
||||
'У' => 'U', 'Ф' => 'F', 'Х' => 'H', 'Ц' => 'C', 'Ч' => 'Ch',
|
||||
'Ш' => 'Sh', 'Щ' => 'Sch', 'Ь' => '', 'Ы' => 'Y', 'Ъ' => '',
|
||||
'Э' => 'E', 'Ю' => 'Yu', 'Я' => 'Ya',
|
||||
);
|
||||
|
||||
$value = strtr($value, $converter);
|
||||
return preg_replace('/\s+/', '', $value);
|
||||
}
|
||||
|
||||
|
||||
echo json_encode($result);
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user