first commit

INSTALL.txt

@@ -0,0 +1,17 @@
+----- Installation steps -----
+
+1) Import the upload.sql file to your database through phpMyAdmin
+2) Amend the conf.php file in the "public" folder
+3) Upload the files in the "public" folder
+4) chmod the "images" folder to 0777
+
+----- (OPTIONAL) URL rewrite settings for lighttpd -----
+
+$HTTP["host"] == "domain.com" {
+	url.rewrite = ( "^/([a-zA-Z0-9]{5})$" => "/path/to/upld/script/from/root/view.php?id=$1" )
+}
+
+$HTTP["host"] == "i.domain.com" {
+	server.document-root = "/path/to/upld/script/from/root/images/"
+}
+

LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 lfiore
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.txt

@@ -0,0 +1,5 @@
+Image upload script by Luciano Fiore
+
+http://lfiore.co.uk/
+
+http://github.com/lfiore/upld/

public/common.php

@@ -0,0 +1,6 @@
+<?php
+
+$view_url	= 'http://' . trim($site_url, '/') . '/' . ($script_path ? trim($script_path, '/') . '/' : '') . ($friendly_urls ? '' : 'view.php?id=');
+
+$images_url	= 'http://' . ($friendly_urls ? 'i.' : '') . trim($site_url, '/') . '/' . ($script_path ? trim($script_path, '/') . '/' : '') . ($friendly_urls ? '' : 'images/');
+

public/conf.php

@@ -0,0 +1,33 @@
+<?php
+
+$site_name		= 'mycoolsite'; // site name displayed in the header and FAQ/ToS
+
+$site_url		= 'mydomain.com'; // the domain ONLY for your site (i.e. without the "upld" folder)
+$script_path	= 'upld'; // 
+
+// email for contact page
+$contact_email = 'contact@mydomain.com'; // the email on the contact page
+// email to get reports
+$report_email = 'reports@mydomain.com'; // where emails should be sent if someone reports an image
+
+// use domain.com/imageID and i.domain.com/imageID.ext instead of domain.com/view.php?id=imageID and domain.com/images/imageID.ext for shorter URLs?
+// WARNING: ONLY enable this if you have configured your webserver to rewrite URLs - see README.txt
+$friendly_urls	= false;
+
+$db_server	= 'localhost';
+$db_user	= 'dbusername';
+$db_pass	= 'dbpassword';
+$db_name	= 'databasename';
+$db_port	= 3306; // usually 3306 by default. If you don't know what this is, leave it alone and ask your hosting company if it doesn't work
+
+// max size in bytes - remember that you might need to change this in your PHP config file too
+$allowed_size = 2000000; // 1000 = 1 kilobyte, 1000000 = 1 megabyte
+
+// allowed extensions - keep in mind this
+$allowed_ext = [
+	'png',
+	'jpg',
+	'gif',
+	'bmp'
+];
+

public/contact.php

@@ -0,0 +1,9 @@
+<?php
+
+$start = microtime(true);
+
+require('conf.php');
+require('inc/header.php');
+require('inc/contact.php');
+require('inc/footer.php');
+

public/css/upload.css

@@ -0,0 +1,229 @@
+@font-face {
+	font-family: 'Open Sans';
+	src: url('http://fonts.gstatic.com/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2') format('woff2');
+}
+
+* {
+	margin: 0;
+	padding: 0;
+}
+
+body, a {
+	color: #666;
+}
+
+body {
+	background-color: #EEE;
+	font-family: 'Open Sans', 'Arial', sans-serif;
+	font-size: 0.875em;
+}
+
+a {
+	text-decoration: none;
+}
+
+p {
+	margin-bottom: 10px;
+}
+
+p:last-child {
+	margin-bottom: 0;
+}
+
+li {
+	margin-bottom: 5px;
+	list-style-type: none;
+}
+
+li:last-child {
+	margin-bottom: 0;
+}
+
+input {
+	outline: none;
+}
+
+.black, #faq li:nth-child(odd) {
+	color: #000;
+}
+
+.box {
+	margin-bottom: 20px;
+	padding: 10px;
+	background-color: #FFF;
+}
+
+.box:last-child {
+	margin-bottom: 0;
+}
+
+.title {
+	margin-bottom: 15px;
+	color: #06F;
+}
+
+.hidden {
+	display: none;
+}
+
+.sidebar-box {
+	color: #FFF;
+}
+
+.sidebar-box li {
+	margin: 0 10px 5px 0;
+}
+
+.sidebar-box li:last-child {
+	margin-bottom: 0;
+}
+
+.sidebar-box input {
+	width: 100%;
+	padding: 5px;
+	background-color: #FFF;
+	color: #666;
+	border: none;
+}
+
+.code {
+	padding: 2px;
+	background-color: #777;
+}
+
+.tc {
+	margin-bottom: 15px;
+}
+
+.tc:last-child {
+	margin-bottom: 0;
+}
+
+.tc li {
+	margin: 0 0 5px 30px;
+	list-style-type: square;
+}
+
+.tc li:last-child {
+	margin-bottom: 0;
+}
+
+#header {
+	padding: 0 20px;
+	background-color: #222;
+	color: #FFF;
+	text-transform: uppercase;
+}
+
+#navbar {
+	float: right;
+}
+
+#navbar li {
+	display: inline-block;
+	border-left: #444 solid 1px;
+}
+
+#navbar li:last-child {
+	border-right: #444 solid 1px;
+}
+
+#navbar li a {
+	display: inline-block;
+	padding: 20px 20px;
+	color: #FFF;
+}
+
+#navbar li a:hover {
+	background-color: #111;
+	color: #FFF;
+}
+
+#logo {
+	padding: 20px 0;
+}
+
+#main {
+	margin: 20px 20px 0;
+}
+
+#select-image {
+	padding: 40px 10px;
+	background-color: #3BF;
+	color: #FFF;
+	text-align: center;
+	text-transform: uppercase;
+	cursor: pointer;
+	-webkit-user-select: none;
+	-moz-user-select: none;
+	-ms-user-select: none;
+}
+
+#select-image:hover {
+	background-color: #5AF;
+}
+
+#cancel-image {
+	margin-bottom: 20px;
+	color: #F33;
+	text-align: center;
+	font-size: 0.75em;
+	font-weight: bold;
+}
+
+#cancel-image span {
+	cursor: pointer;
+}
+
+#allowed-ext {
+	text-transform: uppercase;
+}
+
+#sidebar {
+	float: right;
+	width: 270px;
+}
+
+#links {
+	background-color: #3BF;
+}
+
+#info {
+	margin-bottom: 10px;
+	background-color: #111;
+}
+
+#report {
+	text-align: center;
+}
+
+#report a {
+	color: #F33;
+	font-size: 0.75em;
+	font-weight: bold;
+}
+
+#image {
+	margin: 0 290px 20px 0;
+	text-align: center;
+}
+
+#image img {
+	max-width: 100%;
+}
+
+#faq li:nth-child(even) {
+	margin-bottom: 10px;
+}
+
+#faq li:last-child {
+	margin-bottom: 0;
+}
+
+#footer {
+	clear: both;
+	margin: 10px 0;
+	color: #CCC;
+	text-align: center;
+}
+

public/db.php

@@ -0,0 +1,6 @@
+<?php
+
+$db = mysqli_connect($db_server, $db_user, $db_pass, $db_name, $db_port);
+
+$db_queries = 0;
+

public/faq.php

@@ -0,0 +1,9 @@
+<?php
+
+$start = microtime(true);
+
+require('conf.php');
+require('inc/header.php');
+require('inc/faq.php');
+require('inc/footer.php');
+

public/inc/contact.php

@@ -0,0 +1,7 @@
+<div class="box">
+
+	<p class="title">Contact</p>
+
+	<p>If you would like to contact us, please email <?php echo $contact_email; ?></p>
+
+</div>

public/inc/error.php

@@ -0,0 +1,7 @@
+<div class="box">
+
+	<p class="title">Error</p>
+
+	<p><?php echo $error; ?></p>
+
+</div>

public/inc/faq.php

@@ -0,0 +1,24 @@
+<div class="box">
+
+	<p class="title">FAQs</p>
+
+	<ul id="faq">
+
+		<li>Is <?php echo $site_name; ?> really free?</li>
+		<li>Yes! It is 100% free to use</li>
+
+		<li>Which types of image can I upload?</li>
+		<li>You can upload images with the following extensions: <span id="allowed-ext" class="black"><?php echo implode(', ', $allowed_ext); ?></span></li>
+
+		<li>Can I upload big images?</li>
+		<li>Yes! You can upload any image up to <span class="black"><?php while ($allowed_size >= 1000) { $allowed_size = ($allowed_size / 1000); ++$i; } $units = array('', 'K', 'M'); echo round($allowed_size, 1) . $units[$i]; ?>B</span> in size</li>
+
+		<li>Will you delete my image after X days?</li>
+		<li>Nope. We will only delete your image if it is against our terms &amp; conditions</li>
+
+		<li>Can people browse through uploaded images?</li>
+		<li>Nope. Every upload is given a random, non-sequential ID</li>
+
+	</ul>
+
+</div>

public/inc/footer.php

@@ -0,0 +1,11 @@
+	</div>
+
+<!--	<div id="footer">
+		page generated in <?php echo round((microtime(true) - $start), 5); ?> seconds with <?php echo ($db_queries ? $db_queries : '0'); ?> DB quer<?php echo ($db_queries === 1 ? 'y' : 'ies'); ?>
+	</div>-->
+
+	<script src="js/jquery.min.js" type="text/javascript"></script>	
+	<script src="js/upload.js" type="text/javascript"></script>
+
+</body>
+</html>

public/inc/header.php

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title><?php echo $site_name; ?></title>
+	<link href="css/upload.css" rel="stylesheet" type="text/css" />
+</head>
+
+<body>
+
+	<div id="header">
+
+		<ul id="navbar">
+			<li><a href="index.php">upload</a></li><li><a href="faq.php">faq</a></li><li><a href="tc.php">Terms &amp; Conditions</a></li><li><a href="contact.php">contact</a></li>
+		</ul>
+
+		<div id="logo"><?php echo $site_name; ?></div>
+
+	</div>
+
+	<div id="main">
+

public/inc/tc.php

@@ -0,0 +1,19 @@
+<div class="box">
+
+	<p class="title">Terms &amp; Conditions</p>
+
+	<p>You must not use <?php echo $site_name; ?> to upload any of the following:</p>
+
+	<ul class="tc">
+		<li>Copyrighted images (images owned by someone else) unless you have explicit permission</li>
+		<li>Images which are considered illegal</li>
+	</ul>
+
+	<p>Things to note when using <?php echo $site_name; ?>:</p>
+
+	<ul class="tc">
+		<li>When uploading an image, your IP address will be stored. We will not provide this information to anybody unless requested by law enforcement authorities.</li>
+		<li><?php echo $site_name; ?> has the right to remove any images at it's discretion</li>
+	</ul>
+
+</div>

public/inc/upload.php

@@ -0,0 +1,27 @@
+		<div class="box">
+			Welcome to <span class="black"><?php echo $site_name; ?></span>, the free online image host. Simply click the button below to start uploading!
+		</div>
+
+		<div class="box">
+
+			<p class="title">Why use <?php echo $site_name; ?>?</p>
+
+			<ul>
+				<li>It's completely <span class="black">free</span>!</li>
+				<li>The following image types are allowed: <span id="allowed-ext" class="black"><?php echo implode(', ', $allowed_ext); ?></span></li>
+				<li>The files may be up to <span class="black"><?php while ($allowed_size >= 1000) { $allowed_size = ($allowed_size / 1000); ++$i; } $units = array('', 'K', 'M'); echo round($allowed_size, 1) . $units[$i]; ?>B</span> in size</li>
+				<li><span class="black">Short, easy to remember</span> URLs!</li>
+			</ul>
+		</div>
+
+		<div id="select-image" class="box">
+			click here to select your image
+		</div>
+
+		<form id="upload-form" class="hidden" name="upload" method="POST" action="upload.php" enctype="multipart/form-data">
+			<input id="image-input" name="image" type="file" />
+		</form>
+
+		<div id="cancel-image" class="hidden">
+			<span>wait, I want to upload something else!</span>
+		</div>

public/inc/view.php

@@ -0,0 +1,31 @@
+<div id="sidebar">
+
+	<ul id="links" class="box sidebar-box">
+		<li>preview link (email &amp; chat)</li>
+		<li><input type="text" value="<?php echo $view_url . $_GET['id']; ?>" readonly /></li>
+		<li>direct link (websites &amp; backgrounds)</li>
+		<li><input type="text" value="<?php echo $images_url . $_GET['id'] . '.' . $image['ext']; ?>" readonly /></li>
+		<li>html code (websites)</li>
+		<li><input type="text" size="25" value="<img src=&#34;<?php echo $images_url . $_GET['id'] . '.' . $image['ext']; ?>&#34; alt=&#34;<?php echo $_GET['id']; ?>&#34; />" readonly /></li>
+		<li>bb code (forums)</li>
+		<li><input type="text" size="25" value="[img]<?php echo $images_url . $_GET['id'] . '.' . $image['ext']; ?>[/img]" readonly /></li>
+		<li>linked bb code (forums)</li>
+		<li><input type="text" size="25" value="[url=<?php echo $view_url . $_GET['id']; ?>][img]<?php echo $images_url . $_GET['id'] . '.' . $image['ext']; ?>[/img][/url]" readonly /></li>
+	</ul>
+
+	<ul id="info" class="box sidebar-box">
+		<li>image ID: <?php echo $_GET['id']; ?></li>
+		<li>image dimensions: <?php echo $dimensions[0] . 'x' . $dimensions[1]; ?></li>
+		<li>image size: <?php echo ($size > 1024 ? round(($size / 1024), 1) . 'MB' : round($size, 1) . 'KB' ); ?></li>
+		<li>image type: <?php echo $image['ext']; ?></li>
+	</ul>
+
+	<ul id="report">
+		<li><a href="report.php?id=<?php echo $_GET['id']; ?>">report this image</a></li>
+	</ul>
+
+</div>
+
+<div id="image" class="box">
+	<img src="<?php echo $images_url . $_GET['id'] . '.' . $image['ext']; ?>" />
+</div>

public/index.php

@@ -0,0 +1,9 @@
+<?php
+
+$start = microtime(true);
+
+require('conf.php');
+require('inc/header.php');
+require('inc/upload.php');
+require('inc/footer.php');
+

public/js/upload.js

@@ -0,0 +1,30 @@
+$('#image-input').on('change', function()
+{
+	$('#select-image').text('click again to upload ' + $(this).val().replace('C:\\fakepath\\', ''));
+
+	$('#select-image').css('margin-bottom', '10px');
+
+	$('#cancel-image').css('display', 'block');
+
+	$('#select-image').off();
+
+	$('#select-image').on('click', function()
+	{
+		$('#select-image').off();
+		$('#cancel-image').css('display', 'none');
+		$('#upload-form').submit();
+		$('#select-image').text('Your image is uploading, please wait');
+	});
+});
+
+$('#select-image, #cancel-image').on('click', function()
+{
+
+	$('#image-input').click();
+
+});
+
+$('#links li input').on('click', function()
+{
+	$(this).select();
+});

public/report.php

@@ -0,0 +1,57 @@
+<?php
+
+$start = microtime(true);
+
+require('conf.php');
+require('inc/header.php');
+
+if (!ctype_alnum($_GET['id']) || (strlen($_GET['id']) !== 5))
+{
+	$error = 'Oops, that ID appears to be invalid. IDs should have 5 characters and contain letters and numbers only.';
+	require('inc/error.php');
+	require('inc/footer.php');
+	exit;
+}
+
+require('db.php');
+
+$image_query = mysqli_query($db, 'SELECT COUNT(*) FROM `images` WHERE `id` = "' . $_GET['id'] . '"');
+++$db_queries;
+
+if (mysqli_fetch_row($image_query)[0] === 0)
+{
+	$error = 'Hmm, no image exists with that ID. Maybe it was deleted or you typed in the URL incorrectly? IDs should have 5 characters and contain letters and numbers only.';
+	require('inc/error.php');
+	require('inc/footer.php');
+	exit;
+}
+
+$report_query = mysqli_query($db, 'SELECT `actioned` FROM `reports` WHERE `id` = "' . $_GET['id'] . '"');
+++$db_queries;
+
+if (mysqli_num_rows($report_query) === 0)
+{
+	require('common.php');
+
+	mysqli_query($db, 'INSERT INTO `reports` (`id`, `ip`) VALUES ("' . $_GET['id'] . '", "' . $_SERVER['REMOTE_ADDR'] . '")');
+
+	mail($report_email, 'An image has been reported (' . $_GET['id'] . ')', 'The following image has been reported: ' . $view_url . $_GET['id'], 'FROM: reports <reports@' . $site_url . '>');
+	$error = 'This image has been reported and will be reviewed. Thank you.';
+	require('inc/error.php');
+	require('inc/footer.php');
+	exit;
+}
+
+if (mysqli_fetch_row($report_query)[0] === '0')
+{
+	$error = 'This image has already been reported and is currently under review. Thank you.';
+	require('inc/error.php');
+	require('inc/footer.php');
+	exit;
+}
+
+$error = 'This image has already been reported, and after review was deemed to be acceptable.';
+require('inc/error.php');
+require('inc/footer.php');
+exit;
+

public/tc.php

@@ -0,0 +1,9 @@
+<?php
+
+$start = microtime(true);
+
+require('conf.php');
+require('inc/header.php');
+require('inc/tc.php');
+require('inc/footer.php');
+

public/upload.php

@@ -0,0 +1,56 @@
+<?php
+
+$start = microtime(true);
+
+function create_id()
+{
+	$chars = 'ACDEFHJKLMNPQRTUVWXYZabcdefghijkmnopqrstuvwxyz23479';
+	for ($i = 0; $i < 5; ++$i)
+	{
+		$id .= $chars[mt_rand(0, 50)];
+	}
+	return $id;
+}
+
+require('conf.php');
+
+$image = $_FILES['image'];
+$ext = pathinfo($image['name'], PATHINFO_EXTENSION);
+
+if ($image['size'] > $allowed_size)
+{
+	$error = 'Hmm, the image you have selected is too large.';
+	require('inc/header.php');
+	require('inc/error.php');
+	require('inc/footer.php');
+	exit;
+}
+
+if (!in_array($ext, $allowed_ext))
+{
+	$error = 'Hmm, the image you uploaded has an incorrect extension and is not allowed.';
+	require('inc/header.php');
+	require('inc/error.php');
+	require('inc/footer.php');
+	exit;
+}
+
+require('db.php');
+
+do
+{
+	$id = create_id();
+	$exists = mysqli_query($db, 'SELECT EXISTS(SELECT 1 FROM `images` WHERE `name` = "' . $id . '")');
+	++$db_queries;
+}
+while (mysqli_fetch_assoc($exists) === 1);
+
+mysqli_free_result($exists);
+
+move_uploaded_file($image['tmp_name'], 'images/' . $id . '.' . $ext);
+
+mysqli_query($db, 'INSERT INTO `images` (`id`, `ext`, `ip`) VALUES ("' . $id . '", "' . $ext . '", "' . $_SERVER['REMOTE_ADDR'] . '")');
+++$db_queries;
+
+header('location: view.php?id=' . $id);
+

public/view.php

@@ -0,0 +1,39 @@
+<?php
+
+$start = microtime(true);
+
+require('conf.php');
+require('inc/header.php');
+
+if (!ctype_alnum($_GET['id']) || (strlen($_GET['id']) !== 5))
+{
+	$error = 'Oops, that ID appears to be invalid. IDs should have 5 characters and contain letters and numbers only.';
+	require('inc/error.php');
+	require('inc/footer.php');
+	exit;
+}
+
+require('db.php');
+
+$image_query = mysqli_query($db, 'SELECT `ext` FROM `images` WHERE `id` = "' . $_GET['id'] . '"');
+++$db_queries;
+
+if (mysqli_num_rows($image_query) === 0)
+{
+	$error = 'Hmm, no image exists with that ID. Maybe it was deleted or you typed in the URL incorrectly? IDs should have 5 characters and contain letters and numbers only.';
+	require('inc/error.php');
+	require('inc/footer.php');
+	exit;
+}
+
+$image = mysqli_fetch_assoc($image_query);
+
+mysqli_free_result($image_query);
+
+$dimensions = getimagesize('images/' . $_GET['id'] . '.' . $image['ext']);
+$size = (filesize('images/' . $_GET['id'] . '.' . $image['ext']) / 1024);
+
+require('common.php');
+require('inc/view.php');
+require('inc/footer.php');
+

upld.sql

@@ -0,0 +1,33 @@
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+SET time_zone = "+00:00";
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8 */;
+
+
+CREATE TABLE IF NOT EXISTS `images` (
+  `id` char(5) NOT NULL,
+  `ext` char(3) NOT NULL,
+  `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `ip` varchar(39) NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+CREATE TABLE IF NOT EXISTS `reports` (
+  `id` char(5) NOT NULL,
+  `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `ip` varchar(39) NOT NULL,
+  `actioned` enum('1','0') NOT NULL DEFAULT '0'
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+
+ALTER TABLE `images`
+ ADD PRIMARY KEY (`id`);
+
+ALTER TABLE `reports`
+ ADD PRIMARY KEY `id` (`id`);
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;