negodiy/erv-ticket-dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2c516362df4c2c7dc55ede14d7b8aa5c92bdf527
erv-ticket-dev/file-server.php
Fedor 2c516362df feat: Secure SMS verification with Redis (Predis) 
- Added Predis library for Redis connection (no PHP extension required)
- Server-side SMS code generation and storage in Redis
- Rate limiting and brute-force protection
- Integration with n8n webhook for SMS sending
- Environment variables moved to .env file
- Fixed policy verification endpoint
- Added file-based fallback if Redis unavailable
2026-01-15 15:40:13 +03:00

65 lines
2.1 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
$input_name = 'file';
$allow = array();
$deny = array(
'phtml', 'php', 'php3', 'php4', 'php5', 'php6', 'php7', 'phps', 'cgi', 'pl', 'asp',
'aspx', 'shtml', 'shtm', 'htaccess', 'htpasswd', 'ini', 'log', 'sh', 'js', 'html',
'htm', 'css', 'sql', 'spl', 'scgi', 'fcgi', 'exe'
);
$path = __DIR__ . '/uploads/';
$error = $success = '';
if (!isset($_FILES[$input_name])) {
$error = 'Файл не загружен.';
} else {
$file = $_FILES[$input_name];
if (!empty($file['error']) || empty($file['tmp_name'])) {
$error = 'Не удалось загрузить файл.';
} elseif ($file['tmp_name'] == 'none' || !is_uploaded_file($file['tmp_name'])) {
$error = 'Не удалось загрузить файл.';
} else {
$pattern = "[^a-zа-яё0-9,~!@#%^-_\$\?\(\)\{\}\[\]\.]";
$name = mb_eregi_replace($pattern, '-', $file['name']);
$name = mb_ereg_replace('[-]+', '-', $name);
$parts = pathinfo($name);
if (empty($name) || empty($parts['extension'])) {
$error = 'Недопустимый тип файла';
} elseif (!empty($allow) && !in_array(strtolower($parts['extension']), $allow)) {
$error = 'Недопустимый тип файла';
} elseif (!empty($deny) && in_array(strtolower($parts['extension']), $deny)) {
$error = 'Недопустимый тип файла';
} else {
if (move_uploaded_file($file['tmp_name'], $path . $name)) {
$fullpath = $_SERVER['HTTP_REFERER']. '/uploads/' . $name;
exec("convert uploads/".$name." uploads/".$name.'_'.date('m-d-Y-H-i-s').".pdf");
$success = '<p style="color: green">Файл «' . $name . '» успешно загружен.</p><a href="'.$fullpath.'">Скачать</a>';
} else {
$error = 'Не удалось загрузить файл.';
}
}
}
}
if (!empty($error)) {
$error = '<p style="color: red">' . $error . '</p>';
}
$data = array(
'error' => $error,
'success' => $success,
);
header('Content-Type: application/json');
echo json_encode($data, JSON_UNESCAPED_UNICODE);
exit();
//exec("convert banner.png banner.pdf");
Reference in New Issue View Git Blame Copy Permalink