<?
//index.php
session_start();
if($_SESSION["login"] != true)
{
if(!isset($_SERVER['PHP_AUTH_USER']))
{
header('WWW-Authenticate: Basic realm=" ====My Pictures Library===="');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
}
else
{
if(md5($_SERVER['PHP_AUTH_USER']) == 'aa7a0f4750f1fd42257f26af921abeee' and md5($_SERVER['PHP_AUTH_PW']) == 'bb39dfc1cb7d9f7d6b3ad7218dfa02f9')
{
$_SESSION["login"]=true;
print "
<center>
<form action='loop.php' method='post'>
<table border=0>
<tr><td>
<input type='password' name='mycode' size='20'>
</td></tr>
</table>
<input type='submit' value='Continue...'>
</form>
</center>
";
}
}
}
else
{
print "What are you doing?!<br>";
print "Please enter your name and pass,retry!";
exit;
}
?>
<?
//show.php
session_start();
include "function.php";
header("Content-type: image/jpeg");
$filename="./pic/".$_GET["picid"];
$pass_str=$_SESSION["pass_str"];
$fp=fopen($filename,"rb");
$pic1=fread($fp,filesize($filename));
fclose($fp);
$pic1=decrypt($pic1,$pass_str);
$pictrue=hex2bin($pic1);
echo $pictrue;
?>
<?
//loop.php
session_start();
if(!$_SESSION["login"])
{
print "<font size=5 color=red>Error!</font>";
exit;
}
if(isset($_POST["mycode"]))
{
unset($_SESSION["pass_str"]);
unset($pass_str);
$_SESSION["pass_str"]=md5($_POST["mycode"]);
}
include "function.php";
print "
<center>
<a href=\"$_SERVER[PHP_SELF]?cmd=upload\">Upload a picture</a>
<a href=\"$_SERVER[PHP_SELF]?cmd=list\">List all pictures</a>
<a href=\"$_SERVER[PHP_SELF]?cmd=change\">Change Code</a>
<a href=\"$_SERVER[PHP_SELF]?cmd=logout\">Logout</a>
<hr>
</center>
";
$cmd=$_GET["cmd"];
switch($cmd)
{
case "upload":
print "
<center>
<table border=0>
<FORM ENCTYPE=\"multipart/form-data\" NAME=MyForm ACTION=$_SERVER[PHP_SELF] METHOD=\"POST\">
<tr><td>Select one file:</td></tr>
<tr><td><INPUT NAME=\"MyFile\" TYPE=\"File\"></td></tr>
<tr><td>
<input name=\"action\" value=\"upload\" type=\"hidden\">
<INPUT NAME=\"submit\" VALUE=\"Upload\" TYPE=\"submit\">
</td></tr>
</FORM>
</table>
</center>
";
break;
case "list":
$dir=dir("./pic");
print "<center><table border=0>";
while($filed=$dir->read())
{
if($filed != '.' and $filed != '..')
{
echo "<tr><td><a href='show.php?picid=$filed' target=_blank>$filed</
a></td><td><a href='$_SERVER[PHP_SELF]?picid=$filed&action=delete'>Delete It</a></td></tr>";
}
}
print "</table></center>";
$dir->close();
break;
case "logout":
unset($_SESSION["login"]);
unset($login);
unset($_SESSION["pass_str"]);
unset($pass_str);
session_destroy();
print "OK! Please close the window!";
break;
case "change":
print "
<center>
<form action=$_SERVER[PHP_SELF] method='post'>
<table border=0>
<tr><td>
<input type='password' name='mycode' size='20'>
<input type='hidden' name='action' value='change'>
</td></tr>
</table>
<input type='submit' value='Continue...'>
</form>
</center>
";
break;
}
if($_POST["action"]=="upload")
{
If($MyFile != "none")
{
$pass_str=$_SESSION["pass_str"];
$fp = fopen($_FILES['MyFile']['tmp_name'],"rb");
$picture = fread($fp,filesize($_FILES['MyFile']['tmp_name']));
fclose($fp);
$picture=bin2hex($picture);
$pic1=encrypt($picture,$pass_str);
$newfile="./pic/".strtolower($_FILES['MyFile']['name']);
$fp = fopen($newfile,"wb");
fwrite($fp,$pic1);
fclose($fp);
unlink($_FILES['MyFile']['tmp_name']);
print "Upload file:\t" . $_FILES['MyFile']['name'] . "\tSize: ".$_FILES['MyFile']['size'] . "\tbytes, success!";
}
else
{
echo"Nothing is uploaded!";
}
}
if($_GET["action"]=="delete")
{
$filename="./pic/".$_GET["picid"];
unlink($filename);
print "Picture\t". $_GET["picid"] ."\thas moved!";
}
?>
<?
#function.php
#这一段代码是别人写的,来源忘了
function keyED($txt,$encrypt_key)
{
$encrypt_key = md5($encrypt_key);
$ctr=0;
$tmp = "";
for ($i=0;$i<strlen($txt);$i++)
{
if ($ctr==strlen($encrypt_key)) $ctr=0;
$tmp.= substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1);
$ctr++;
}
return $tmp;
}
function encrypt($txt,$key)
{
srand((double)microtime()*1000000);
$encrypt_key = md5(rand(0,32000));
$ctr=0;
$tmp = "";
for ($i=0;$i<strlen($txt);$i++)
{
if ($ctr==strlen($encrypt_key)) $ctr=0;
$tmp.= substr($encrypt_key,$ctr,1) .
(substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1));
$ctr++;
}
return keyED($tmp,$key);
}
function decrypt($txt,$key)
{
$txt = keyED($txt,$key);
$tmp = "";
for ($i=0;$i<strlen($txt);$i++)
{
$md5 = substr($txt,$i,1);
$i++;
$tmp.= (substr($txt,$i,1) ^ $md5);
}
return $tmp;
}
function _FromHexPair($str,$start = 0)
{
$c1 = $str[$start];
$c2 = $str[$start + 1];
$c1 = ord($c1);
$c2 = ord($c2);
$i1;
$i2;
if($c1>=ord('0')&& $c1<=ord('9'))
$i1 =$c1-ord('0');
else if($c1>=ord('A')&&$c1<=ord('F'))
$i1 =$c1-ord('A')+10;
else if($c1>=ord('a')&&$c1<=ord('f'))
$i1 =$c1-ord('a')+10;
else throw new exception("unexpected char 1:" . $c1 . " @ " . $start);
if($c2>=ord('0')&&$c2<=ord('9'))
$i2 =$c2-ord('0');
else if($c2>=ord('A')&&$c2<=ord('F'))
$i2 =$c2-ord('A')+10;
else if($c2>=ord('a')&&$c2<=ord('f'))
$i2 =$c2-ord('a')+10;
else throw new exception("unexpected char 2:" . $c2 . " @ " . ($start+1));
return chr(($i1<<4) + $i2);
}
function hex2bin($str)
{
if((strlen($str)%2) != 0 )
throw new exception("str.Length % 2 != 0");
$len = strlen($str)/2;
$str_result = '';
for($i=0;$i<$len;$i++)
{
$str_result .= _FromHexPair($str,$i*2);
}
return $str_result;
}
?>