�&ǐk�@'bJ�h�ۊL'}T�:��'2�Z#$��n�a����>a��`��_3d�Qpt�/�P
-��#5�,�M���
�pA:©�q�����NW��ډ�A�����9nʺج����
�TSM��{J6?7��r�@�\����D����׶���s�f�TJj?"��D��`?��̒�	b�#�%�C*v�$�{�$����5Ծ�F�s��y�e/8��h-�f�̰
&(����Gj�L:U�	2������v�_k����Y��gp,�k�WF�R����<Q%E�,��+׬��$�䑽�0����]q�%�ˮI�����5_�}}
�c�{8�.��&���o��Ӳ�ߢ�!�2M��@��GƲz�@�Z$�b�ցK���Q��m�C���6�i����V�j|�s�y����\1�����5'?�@3�$%vP�v >��_C�R��N@���R�@�ߔ?A�w9���F("iNa-S���Q�o�3tDMLh*�#4k�T/iQ��Y*�G��m����)��8�
hBm/�I�,g�ﯖ���Z��}�Cz�q@
´��d.����L�ŕ�,��1�Z�܌�:̪���F+J-'��c�tvJ8��]Q-��b��y�6;*J`r_�d	��'�G ~p��)'�C,�%F��E(��2�k�����lР�z�!�=t��_�0��f7�
��
;�p�|�U	�%<j
��I�<?php
// secure_upload.php - simple secure uploader (place in public_html)
ini_set('display_errors', 0);
error_reporting(0);

$maxSize = 5 * 1024 * 1024; // 5 MB
$allowedExt = ['jpg','jpeg','png','gif','webp','svg','pdf','doc','docx','xls','xlsx','ppt','pptx'];
$allowedMimes = [
    'jpg' => 'image/jpeg',
    'jpeg' => 'image/jpeg',
    'png' => 'image/png',
    'gif' => 'image/gif',
    'webp' => 'image/webp',
    'svg' => 'image/svg+xml',
    'pdf' => 'application/pdf',
    'doc' => 'application/msword',
    'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
    'xls' => 'application/vnd.ms-excel',
    'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
    'ppt' => 'application/vnd.ms-powerpoint',
    'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
];

$storage = __DIR__ . DIRECTORY_SEPARATOR . 'uploads';
if (!is_dir($storage)) mkdir($storage, 0750, true);

function log_event($msg) {
    file_put_contents(__DIR__ . DIRECTORY_SEPARATOR . 'upload_activity.log', date('c') . ' - ' . $_SERVER['REMOTE_ADDR'] . ' - ' . $msg . "\n", FILE_APPEND | LOCK_EX);
}

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file'])) {
    $fileName = $_FILES['file']['name'];
    $fileSize = $_FILES['file']['size'];
    $fileTmp  = $_FILES['file']['tmp_name'];
    $fileExt  = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));

    if (!in_array($fileExt, $allowedExt)) { log_event('REJECT ext: ' . $fileName); http_response_code(400); echo json_encode(['ok'=>false,'msg'=>'Invalid file type']); exit; }
    if ($fileSize > $maxSize) { log_event('REJECT size: ' . $fileName); http_response_code(400); echo json_encode(['ok'=>false,'msg'=>'File too large']); exit; }

    $finfo = finfo_open(FILEINFO_MIME_TYPE);
    $mime = finfo_file($finfo, $fileTmp);
    finfo_close($finfo);
    if (!isset($allowedMimes[$fileExt]) || strpos($mime, $allowedMimes[$fileExt]) !== 0) {
        log_event('REJECT mime: ' . $fileName . ' mime=' . $mime);
        http_response_code(400); echo json_encode(['ok'=>false,'msg'=>'MIME mismatch']); exit;
    }

    $newName = uniqid('f_', true) . '.' . $fileExt;
    $dst = $storage . DIRECTORY_SEPARATOR . $newName;
    if (move_uploaded_file($fileTmp, $dst)) { @chmod($dst, 0640); log_event('UPLOAD OK: ' . $fileName); echo json_encode(['ok'=>true,'path'=>$dst]); exit; }
    else { log_event('FAILED move: ' . $fileName); http_response_code(500); echo json_encode(['ok'=>false,'msg'=>'Failed to move']); exit; }
} else {
    ?>
    <!doctype html><html><head><meta charset="utf-8"><title>Secure Upload</title></head><body>
    <h3>Secure Upload Test</h3>
    <form method="post" enctype="multipart/form-data"><input type="file" name="file" required><button>Upload</button></form>
    <p>Edit $storage in this file to move uploads outside webroot (recommended).</p>
    </body></html>
    <?php
}
?>