DEV Community

Dušan Jolović
Dušan Jolović

Posted on

CuteUpload - Encrypted PHP file uploade

Cute upload is file uploader written in PHP (version used is PHP 8), also uses MySQL database.
Files uploaded with Cute upload will be ENCRYPTED with AES-256.
I will say that this is just a beta, a lot of functionality will be added after.

HOW TO USE IT

  1. You need to setup your PHP server and MySQL database
  2. Import cuteupload.sql to your database.
  3. You need to edit engine/database.php according to your settings.
  4. Opontional - you can change encryption key and iv in engine/enc.php

HOW DOES IT WORK

  1. You upload your file - you can add password and description.
  2. After file is uploaded without any errors you will get information about uploaded file, like md5 hash of file sha1 of file, file name and most importantly you will get CUTE CODE - code that will be used to download file you uploaded. It will be 21 character alphanumeric string. generating code for download
  3. This file for example "Capture.PNG" is now encrypted with AES-256. File name is hashed, and file is now stored in random generated folder name. All information is logged in database.
  4. Now go back to the main page. And type CUTE CODE. downloading file
  5. If file with this code exists you will see a page that looks like this. enter image description here
  6. After you click button for download, file will be decrypted, file name will be de-hashed - than downloaded.
  7. For security reasons whenever someone downloads file folder where file is located will be renamed and file will be encrypted again.

SECURITY

  1. [x] SQL Injection protected, XSS also.
  2. [x] CSRF token is implemented.
  3. [x] Files are encrypted and hashed, untraceable.

WILL BE ADDED/CHANGED IN FUTURE

  1. Option to log in and register
  2. API
  3. About page
  4. Option to report file (for malware, abuse etc...)
  5. QR code for downloading files
  6. Option to remove files after some time (7 days, 1 day, month)
  7. To download file as zip.
  8. Change a code, so it isn't so messy.
  9. Bug fixes.

GITHUB LINK : CHECK OUT HERE

Top comments (0)