initial code commit
This commit is contained in:
Lurkars
parent
4776b65ab8
commit
8e888e7427
42
db.php
Executable file
42
db.php
Executable file
@ -0,0 +1,42 @@
|
||||
<?php
|
||||
|
||||
$CONFIG = array();
|
||||
$CONFIG['sqliteFile'] = 'uploadfilter.sqlite3';
|
||||
$CONFIG['fileDir'] = '/tmp';
|
||||
$CONFIG['validationCount'] = 1;
|
||||
$CONFIG['emailTemplate'] = './email.template';
|
||||
|
||||
$db = new PDO('sqlite:' . $CONFIG['sqliteFile']);
|
||||
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
|
||||
$db->exec("CREATE TABLE IF NOT EXISTS files (
|
||||
id INTEGER PRIMARY KEY,
|
||||
filePath TEXT,
|
||||
fileHash TEXT)");
|
||||
|
||||
$db->exec("CREATE TABLE IF NOT EXISTS emails (
|
||||
id INTEGER PRIMARY KEY,
|
||||
email TEXT,
|
||||
firstName TEXT,
|
||||
lastName TEXT,
|
||||
UNIQUE(email))");
|
||||
|
||||
$db->exec("CREATE TABLE IF NOT EXISTS validations (
|
||||
id INTEGER PRIMARY KEY,
|
||||
fileId INTEGER,
|
||||
email TEXT,
|
||||
token TEXT,
|
||||
validated BOOLEAN,
|
||||
FOREIGN KEY(fileId) REFERENCES files(id),
|
||||
FOREIGN KEY(email) REFERENCES emails(email))");
|
||||
|
||||
/*
|
||||
// demo emails!
|
||||
$query = $db->prepare("INSERT INTO emails (email,firstName,lastName) VALUES (:email,:firstName,:lastName);");
|
||||
|
||||
$query->execute(array(':email' => 'upload-filter1@example.com', ':firstName' => 'Firstname1', ':lastName' => 'Lastname1'));
|
||||
$query->execute(array(':email' => 'upload-filter2@example.com', ':firstName' => 'Firstname2', ':lastName' => 'Lastname2'));
|
||||
$query->execute(array(':email' => 'upload-filter3@example.com', ':firstName' => 'Firstname3', ':lastName' => 'Lastname3'));
|
||||
$query->execute(array(':email' => 'upload-filter4@example.com', ':firstName' => 'Firstname4', ':lastName' => 'Lastname4'));
|
||||
$query->execute(array(':email' => 'upload-filter5@example.com', ':firstName' => 'Firstname5', ':lastName' => 'Lastname5'));
|
||||
*/
|
||||
15
email.template
Normal file
15
email.template
Normal file
@ -0,0 +1,15 @@
|
||||
Hello $firstName $lastName,
|
||||
|
||||
I have recevied a new upload on my plattform and due to Article 13 of the new EU copyright reform, the files must be reviewed for copyright infringement.
|
||||
Because I am not capable of a better technical solution and because of privacy concerns due to GDPR I don't want big plattforms like Google to get this content; you are choosen to review the content.
|
||||
|
||||
Under the following link, you can download the content and validate against a copyright infringement:
|
||||
https://www.example.com/validate.php?token=$token
|
||||
|
||||
As legislator of Article 13 you must have thought about a good and easy way to legitmate a content. If you have a technical solution set up, you can easily automate this validation process by parsing this Email for the following urls:
|
||||
direct download of the file: https://www.example.com/validate.php?download&token=$token
|
||||
direct validation of the file: https://www.example.com/validate.php?validate&token=$token
|
||||
direct copyright infringement of the file: https://www.example.com/validate.php?infringement&token=$token
|
||||
|
||||
Best regards,
|
||||
Owner of example.com
|
||||
43
upload.php
Executable file
43
upload.php
Executable file
@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
require_once('db.php');
|
||||
|
||||
foreach($_FILES as $file){
|
||||
$fileHash = hash_file ('sha512' , $file['tmp_name']);
|
||||
// TODO: file hash lookup for duplicate uploads
|
||||
|
||||
$filePath = $CONFIG['fileDir'] . basename($file['name']);
|
||||
// TODO: duplicate file name check
|
||||
|
||||
move_uploaded_file($file['tmp_name'], $filePath);
|
||||
|
||||
$query = $db->prepare("INSERT INTO files (filePath,fileHash) VALUES (:filePath,:fileHash);");
|
||||
$query->execute(array(':filePath' => $filePath, ':fileHash' => $fileHash));
|
||||
$fileId = $db->lastInsertId();
|
||||
|
||||
$query = $db->prepare("SELECT * FROM emails WHERE id IN (SELECT id FROM emails ORDER BY RANDOM() LIMIT :limit);");
|
||||
$query->execute(array(':limit' => $CONFIG['validationCount']));
|
||||
$emails = $query->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
for($i = 0; $i < $CONFIG['validationCount']; $i++) {
|
||||
$token = bin2hex(openssl_random_pseudo_bytes(32));
|
||||
// TODO: duplicate token check
|
||||
|
||||
$email = $emails[$i]['email'];
|
||||
$firstName = $emails[$i]['firstName'];
|
||||
$lastName = $emails[$i]['lastName'];
|
||||
$query = $db->prepare("INSERT INTO validations (fileId,email,token) VALUES (:fileId,:email,:token);");
|
||||
$query->execute(array(':fileId' => $fileId, ':email' => $email, ':token' => $token));
|
||||
|
||||
$subject = 'Please validate file to satisfy copyright';
|
||||
|
||||
$template = file_get_contents($CONFIG['emailTemplate'], FILE_USE_INCLUDE_PATH);
|
||||
$message = strtr($template, array('$firstName' => $firstName, '$lastName' => $lastName, '$token' => $token));
|
||||
|
||||
$headers = 'From: webmaster@example.com' . "\r\n" .
|
||||
'Reply-To: webmaster@example.com' . "\r\n" .
|
||||
'X-Mailer: PHP/' . phpversion();
|
||||
|
||||
mail($email, $subject, $message, $headers);
|
||||
}
|
||||
}
|
||||
47
validate.php
Executable file
47
validate.php
Executable file
@ -0,0 +1,47 @@
|
||||
<?php
|
||||
|
||||
if (!isset($_GET['token'])) {
|
||||
echo 'No token specified!';
|
||||
die();
|
||||
}
|
||||
|
||||
require_once('db.php');
|
||||
|
||||
$token = $_GET['token'];
|
||||
|
||||
$query = $db->prepare("SELECT fileId FROM validations WHERE token=:token LIMIT 1;");
|
||||
$query->execute(array(':token' => $token));
|
||||
$validation = $query->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
if (!isset($validation[0])) {
|
||||
echo 'Invalid token specified!';
|
||||
die();
|
||||
}
|
||||
|
||||
$query = $db->prepare("SELECT * FROM files WHERE id=:fileId LIMIT 1;");
|
||||
$query->execute(array(':fileId' => $validation[0]['fileId']));
|
||||
$file = $query->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
$file = $file[0];
|
||||
|
||||
if (isset($_GET['download'])) {
|
||||
header($_SERVER["SERVER_PROTOCOL"] . " 200 OK");
|
||||
header("Cache-Control: public");
|
||||
header("Content-Transfer-Encoding: Binary");
|
||||
header("Content-Length:".filesize($file['filePath']));
|
||||
header("Content-Disposition: attachment; filename=" . basename($file['filePath']));
|
||||
readfile($file['filePath']);
|
||||
die();
|
||||
} else if (isset($_GET['validate'])) {
|
||||
$query = $db->prepare("UPDATE validations SET validated = 1 WHERE token=:token LIMIT 1;");
|
||||
$query->execute(array(':token' => $token));
|
||||
} else if (isset($_GET['infringement'])) {
|
||||
$query = $db->prepare("UPDATE validations SET validated = 0 WHERE token=:token LIMIT 1;");
|
||||
$query->execute(array(':token' => $token));
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
<a href="validate.php?token=<?php echo $token; ?>&download">Download File</a><br \>
|
||||
<a href="validate.php?token=<?php echo $token; ?>&validate">Mark File as validated</a> <br \>
|
||||
<a href="validate.php?token=<?php echo $token; ?>&infringement">Report copyright infringement</a>
|
||||
Loading…
Reference in New Issue
Block a user