From cd757b9e825f6f5ed7344f8a39b1b44efeae3207 Mon Sep 17 00:00:00 2001 From: Jacob Casper Date: Fri, 8 Apr 2022 16:38:29 -0500 Subject: [PATCH] Initial commit --- .gitignore | 3 +++ README.md | 4 +++ auth.php | 26 +++++++++++++++++++ db.php | 8 ++++++ index.php | 19 ++++++++++++++ setup.sh | 3 +++ sql/001_users.sql | 4 +++ sql/002_posts.sql | 19 ++++++++++++++ unauthorized.php | 4 +++ upload.php | 64 +++++++++++++++++++++++++++++++++++++++++++++++ uuid.php | 35 ++++++++++++++++++++++++++ 11 files changed, 189 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 auth.php create mode 100644 db.php create mode 100644 index.php create mode 100755 setup.sh create mode 100644 sql/001_users.sql create mode 100644 sql/002_posts.sql create mode 100644 unauthorized.php create mode 100644 upload.php create mode 100644 uuid.php diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..24b12c6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +pics.db +pics.tar +pics.tgz diff --git a/README.md b/README.md new file mode 100644 index 0000000..ab4860e --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +Requirements: +- php7.3+ +- php-imagick +- sqlite3 diff --git a/auth.php b/auth.php new file mode 100644 index 0000000..32bdcc1 --- /dev/null +++ b/auth.php @@ -0,0 +1,26 @@ +prepare('select count(*) as count, username from users where username = :username AND password = :password;'); + $authStmt->bindValue(':username', $_SERVER['PHP_AUTH_USER']); + $authStmt->bindValue(':password', $_SERVER['PHP_AUTH_PW']); + $result = $authStmt->execute(); + if ($result->fetchArray()[0] != 1) { + unauthorized_die(); + } + return $_SERVER['PHP_AUTH_USER']; +} + +function unauthorized_die() { + header('Location: unauthorized.php'); + die('Unauthorized'); +} + diff --git a/db.php b/db.php new file mode 100644 index 0000000..1330a38 --- /dev/null +++ b/db.php @@ -0,0 +1,8 @@ +exec('PRAGMA journal_mode=WAL;'); + return $db; +} + diff --git a/index.php b/index.php new file mode 100644 index 0000000..a33a56c --- /dev/null +++ b/index.php @@ -0,0 +1,19 @@ + +Upload +query('SELECT * from pics'); +while ($pic = $pics->fetchArray()) { + $mime_type = $pic['MIME_TYPE']; + $file_b64 = $pic['PIC_B64']; + $name = $pic['ID']; + + echo "$name"; +} +echo '

done with pics

'; +?> +
footer
+ diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..ae6b471 --- /dev/null +++ b/setup.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +sqlite3 /opt/pics/pics.db "$(cat ./sql/*)" diff --git a/sql/001_users.sql b/sql/001_users.sql new file mode 100644 index 0000000..09206c0 --- /dev/null +++ b/sql/001_users.sql @@ -0,0 +1,4 @@ +CREATE TABLE users ( + username TEXT NOT NULL UNIQUE, + password TEXT NOT NULL +); diff --git a/sql/002_posts.sql b/sql/002_posts.sql new file mode 100644 index 0000000..3136142 --- /dev/null +++ b/sql/002_posts.sql @@ -0,0 +1,19 @@ +CREATE TABLE posts ( + ID TEXT PRIMARY KEY, + USERNAME TEXT NOT NULL, + TIMESTAMP INT NOT NULL, + FOREIGN KEY(username) references users(username) +); +CREATE TABLE pics ( + ID TEXT PRIMARY KEY, + POST_ID TEXT NOT NULL, + MIME_TYPE TEXT NOT NULL, + PIC_B64 TEXT NOT NULL, + FOREIGN KEY(POST_ID) references posts(id) +); +CREATE TABLE comments ( + ID TEXT PRIMARY KEY, + POST_ID TEXT NOT NULL, + BODY TEXT NOT NULL, + FOREIGN KEY(POST_ID) references posts(id) +); diff --git a/unauthorized.php b/unauthorized.php new file mode 100644 index 0000000..46e801b --- /dev/null +++ b/unauthorized.php @@ -0,0 +1,4 @@ +exec('BEGIN TRANSACTION'); + $post_id = uuid_v4(); + $post_time = time(); + $images = $_FILES['image']; + $num_files = count($images['name']); + for ($i = 0; $i < $num_files; $i++) { + $name = $images['name'][$i]; + $mime_type = $images['type'][$i]; + $tmp_file = $images['tmp_name'][$i]; + $error = $images['error'][$i]; + $size = $images['size'][$i]; + // strip EXIF + $img = new Imagick($tmp_file); + // keep ICC for quality + $profiles = $img->getImageProfiles("icc", true); + $img->stripImage(); + if(!empty($profiles)) { + $img->profileImage('icc', $profiles['icc']); + } + + $file_b64 = base64_encode($img->getImageBlob()); + $pic_id = uuid_v4(); + $upload_stmt = $db->prepare('INSERT into pics values (:id, :post_id, :mime_type, :b64_bytes)'); + $upload_stmt->bindValue(':id', $pic_id); + $upload_stmt->bindValue(':post_id', $post_id); + $upload_stmt->bindValue(':mime_type', $mime_type); + $upload_stmt->bindValue(':b64_bytes', $file_b64); + $upload_stmt->execute(); + + echo "$name"; + } + + $post_stmt = $db->prepare('INSERT into posts VALUES(:id, :user, :time)'); + $post_stmt->bindValue(':id', $post_id); + $post_stmt->bindValue(':user', $user); + $post_stmt->bindValue(':time', $post_time); + $post_stmt->execute(); + + $db->exec('COMMIT'); +} else { +echo ' + + +
+ +
+ +
+ +
+ + +'; +} diff --git a/uuid.php b/uuid.php new file mode 100644 index 0000000..3d03ebe --- /dev/null +++ b/uuid.php @@ -0,0 +1,35 @@ +