From cd757b9e825f6f5ed7344f8a39b1b44efeae3207 Mon Sep 17 00:00:00 2001
From: Jacob Casper <dev@jacobcasper.com>
Date: Fri, 8 Apr 2022 16:38:29 -0500
Subject: [PATCH] Initial commit

---
 .gitignore        |  3 +++
 README.md         |  4 +++
 auth.php          | 26 +++++++++++++++++++
 db.php            |  8 ++++++
 index.php         | 19 ++++++++++++++
 setup.sh          |  3 +++
 sql/001_users.sql |  4 +++
 sql/002_posts.sql | 19 ++++++++++++++
 unauthorized.php  |  4 +++
 upload.php        | 64 +++++++++++++++++++++++++++++++++++++++++++++++
 uuid.php          | 35 ++++++++++++++++++++++++++
 11 files changed, 189 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 auth.php
 create mode 100644 db.php
 create mode 100644 index.php
 create mode 100755 setup.sh
 create mode 100644 sql/001_users.sql
 create mode 100644 sql/002_posts.sql
 create mode 100644 unauthorized.php
 create mode 100644 upload.php
 create mode 100644 uuid.php

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..24b12c6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+pics.db
+pics.tar
+pics.tgz
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ab4860e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,4 @@
+Requirements:
+- php7.3+
+- php-imagick
+- sqlite3
diff --git a/auth.php b/auth.php
new file mode 100644
index 0000000..32bdcc1
--- /dev/null
+++ b/auth.php
@@ -0,0 +1,26 @@
+<?php
+
+require_once 'db.php';
+
+function check_auth() {
+  if (!isset($_SERVER['PHP_AUTH_USER'])) {
+    header('WWW-Authenticate: Basic realm="My Realm"');
+    header('HTTP/1.0 401 Unauthorized');
+    die("You hit cancel");
+  }
+  $db = get_db();
+  $authStmt = $db->prepare('select count(*) as count, username from users where username = :username AND password = :password;');
+  $authStmt->bindValue(':username', $_SERVER['PHP_AUTH_USER']);
+  $authStmt->bindValue(':password', $_SERVER['PHP_AUTH_PW']);
+  $result = $authStmt->execute();
+  if ($result->fetchArray()[0] != 1) {
+    unauthorized_die();
+  }
+  return $_SERVER['PHP_AUTH_USER'];
+}
+
+function unauthorized_die() {
+  header('Location: unauthorized.php');
+  die('Unauthorized');
+}
+
diff --git a/db.php b/db.php
new file mode 100644
index 0000000..1330a38
--- /dev/null
+++ b/db.php
@@ -0,0 +1,8 @@
+<?php
+
+function get_db($db_name = 'pics.db') {
+  $db = new SQLite3($db_name);
+  $db->exec('PRAGMA journal_mode=WAL;');
+  return $db;
+}
+
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..a33a56c
--- /dev/null
+++ b/index.php
@@ -0,0 +1,19 @@
+<html>
+<a href='upload.php'>Upload</a>
+<?php
+
+require_once __DIR__ . '/db.php';
+
+$db = get_db();
+$pics = $db->query('SELECT * from pics');
+while ($pic = $pics->fetchArray()) {
+  $mime_type = $pic['MIME_TYPE'];
+  $file_b64 = $pic['PIC_B64'];
+  $name = $pic['ID'];
+
+  echo "<img src='data:{$mime_type};base64,{$file_b64}' alt='$name'/>";
+}
+echo '<p>done with pics</p>';
+?>
+<div>footer</div>
+</html>
diff --git a/setup.sh b/setup.sh
new file mode 100755
index 0000000..ae6b471
--- /dev/null
+++ b/setup.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sqlite3 /opt/pics/pics.db "$(cat ./sql/*)"
diff --git a/sql/001_users.sql b/sql/001_users.sql
new file mode 100644
index 0000000..09206c0
--- /dev/null
+++ b/sql/001_users.sql
@@ -0,0 +1,4 @@
+CREATE TABLE users (
+  username TEXT NOT NULL UNIQUE,
+  password TEXT NOT NULL
+);
diff --git a/sql/002_posts.sql b/sql/002_posts.sql
new file mode 100644
index 0000000..3136142
--- /dev/null
+++ b/sql/002_posts.sql
@@ -0,0 +1,19 @@
+CREATE TABLE posts (
+  ID TEXT PRIMARY KEY,
+  USERNAME TEXT NOT NULL,
+  TIMESTAMP INT NOT NULL,
+  FOREIGN KEY(username) references users(username)
+);
+CREATE TABLE pics (
+  ID TEXT PRIMARY KEY,
+  POST_ID TEXT NOT NULL,
+  MIME_TYPE TEXT NOT NULL,
+  PIC_B64 TEXT NOT NULL,
+  FOREIGN KEY(POST_ID) references posts(id)
+);
+CREATE TABLE comments (
+  ID TEXT PRIMARY KEY,
+  POST_ID TEXT NOT NULL,
+  BODY TEXT NOT NULL,
+  FOREIGN KEY(POST_ID) references posts(id)
+);
diff --git a/unauthorized.php b/unauthorized.php
new file mode 100644
index 0000000..46e801b
--- /dev/null
+++ b/unauthorized.php
@@ -0,0 +1,4 @@
+<?php
+
+header('HTTP/1.0 401 Unauthorized');
+die('Unauthorized');
diff --git a/upload.php b/upload.php
new file mode 100644
index 0000000..295f420
--- /dev/null
+++ b/upload.php
@@ -0,0 +1,64 @@
+<?php
+
+require_once __DIR__ . '/db.php';
+require_once __DIR__ . '/auth.php';
+require_once __DIR__ . '/uuid.php';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+  $user = check_auth();
+  $db = get_db();
+  $db->exec('BEGIN TRANSACTION');
+  $post_id = uuid_v4();
+  $post_time = time();
+  $images = $_FILES['image'];
+  $num_files = count($images['name']);
+  for ($i = 0; $i < $num_files; $i++) {
+    $name = $images['name'][$i];
+    $mime_type = $images['type'][$i];
+    $tmp_file = $images['tmp_name'][$i];
+    $error = $images['error'][$i];
+    $size = $images['size'][$i];
+    // strip EXIF
+    $img = new Imagick($tmp_file);
+    // keep ICC for quality
+    $profiles = $img->getImageProfiles("icc", true);
+    $img->stripImage();
+    if(!empty($profiles)) {
+      $img->profileImage('icc', $profiles['icc']);
+    }
+
+    $file_b64 = base64_encode($img->getImageBlob());
+    $pic_id = uuid_v4();
+    $upload_stmt = $db->prepare('INSERT into pics values (:id, :post_id, :mime_type, :b64_bytes)');
+    $upload_stmt->bindValue(':id', $pic_id);
+    $upload_stmt->bindValue(':post_id', $post_id);
+    $upload_stmt->bindValue(':mime_type', $mime_type);
+    $upload_stmt->bindValue(':b64_bytes', $file_b64);
+    $upload_stmt->execute();
+
+    echo "<img src='data:{$mime_type};base64,{$file_b64}' alt='$name'/>";
+  }
+
+  $post_stmt = $db->prepare('INSERT into posts VALUES(:id, :user, :time)');
+  $post_stmt->bindValue(':id', $post_id);
+  $post_stmt->bindValue(':user', $user);
+  $post_stmt->bindValue(':time', $post_time);
+  $post_stmt->execute();
+
+  $db->exec('COMMIT');
+} else {
+echo '
+  <html>
+    <body>
+      <form enctype="multipart/form-data" method="POST" action="upload.php">
+	<label>Pick Images:<input type="file" id="upload" name="image[]" multiple>
+        </input></label>
+        <br/>
+        <textarea id="comment" name="comment">Title/comment your post</textarea>
+        <br/>
+	<input type="submit" value="Upload"/>
+      </form>
+    </body>
+  </html>
+';
+}
diff --git a/uuid.php b/uuid.php
new file mode 100644
index 0000000..3d03ebe
--- /dev/null
+++ b/uuid.php
@@ -0,0 +1,35 @@
+<?php
+
+// sourced from symfony/uuid-polyfill
+/*
+ Copyright (c) 2018-2019 Fabien Potencier
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is furnished
+ to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in all
+ copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+ */
+
+function uuid_v4() {
+  $uuid = bin2hex(random_bytes(16));
+  return sprintf('%08s-%04s-4%03s-%04x-%012s',
+	  substr($uuid, 0, 8),
+	  substr($uuid, 8, 4),
+	  substr($uuid, 13, 3),
+	  hexdec(substr($uuid, 16, 4)) & 0x3fff | 0x8000,
+	  substr($uuid, 20, 12)
+  );
+}
-- 
2.20.1