tl;dr:

- LFI + path traversal to get sources and 1st flag
- `stripos` can return `0` if haystack starts with needle and this `0` is treated by `!=` as `false`

Full writeup: https://github.com/p4-team/ctf/tree/master/2017-09-02-tokyo/web_uploader

Original writeup (https://github.com/p4-team/ctf/tree/master/2017-09-02-tokyo/web_uploader).