initial code commit

db.php

@@ -0,0 +1,42 @@
+<?php
+
+$CONFIG = array();
+$CONFIG['sqliteFile'] = 'uploadfilter.sqlite3';
+$CONFIG['fileDir'] = '/tmp';
+$CONFIG['validationCount'] = 1;
+$CONFIG['emailTemplate'] = './email.template';
+
+$db = new PDO('sqlite:' . $CONFIG['sqliteFile']);
+$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+$db->exec("CREATE TABLE IF NOT EXISTS files (
+  id INTEGER PRIMARY KEY, 
+  filePath TEXT,
+  fileHash TEXT)");
+
+$db->exec("CREATE TABLE IF NOT EXISTS emails (
+  id INTEGER PRIMARY KEY,
+  email TEXT,
+  firstName TEXT,
+  lastName TEXT,
+  UNIQUE(email))");
+
+$db->exec("CREATE TABLE IF NOT EXISTS validations (
+  id INTEGER PRIMARY KEY,
+  fileId INTEGER, 
+  email TEXT,
+  token TEXT,
+  validated BOOLEAN,
+  FOREIGN KEY(fileId) REFERENCES files(id),
+  FOREIGN KEY(email) REFERENCES emails(email))");
+
+/*
+// demo emails!
+$query = $db->prepare("INSERT INTO emails (email,firstName,lastName) VALUES (:email,:firstName,:lastName);");
+
+$query->execute(array(':email' => 'upload-filter1@example.com', ':firstName' => 'Firstname1', ':lastName' => 'Lastname1'));
+$query->execute(array(':email' => 'upload-filter2@example.com', ':firstName' => 'Firstname2', ':lastName' => 'Lastname2'));
+$query->execute(array(':email' => 'upload-filter3@example.com', ':firstName' => 'Firstname3', ':lastName' => 'Lastname3'));
+$query->execute(array(':email' => 'upload-filter4@example.com', ':firstName' => 'Firstname4', ':lastName' => 'Lastname4'));
+$query->execute(array(':email' => 'upload-filter5@example.com', ':firstName' => 'Firstname5', ':lastName' => 'Lastname5'));
+*/

email.template

@@ -0,0 +1,15 @@
+Hello $firstName $lastName,
+
+I have recevied a new upload on my plattform and due to Article 13 of the new EU copyright reform, the files must be reviewed for copyright infringement.
+Because I am not capable of a better technical solution and because of privacy concerns due to GDPR I don't want big plattforms like Google to get this content; you are choosen to review the content.
+
+Under the following link, you can download the content and validate against a copyright infringement:
+https://www.example.com/validate.php?token=$token
+
+As legislator of Article 13 you must have thought about a good and easy way to legitmate a content. If you have a technical solution set up, you can easily automate this validation process by parsing this Email for the following urls:
+direct download of the file: https://www.example.com/validate.php?download&token=$token
+direct validation of the file: https://www.example.com/validate.php?validate&token=$token
+direct copyright infringement of the file: https://www.example.com/validate.php?infringement&token=$token
+
+Best regards,
+Owner of example.com

upload.php

@@ -0,0 +1,43 @@
+<?php
+
+require_once('db.php');
+
+foreach($_FILES as $file){
+  $fileHash = hash_file ('sha512' , $file['tmp_name']);
+  // TODO: file hash lookup for duplicate uploads
+
+  $filePath = $CONFIG['fileDir'] . basename($file['name']);
+  // TODO: duplicate file name check
+
+  move_uploaded_file($file['tmp_name'], $filePath);
+
+  $query = $db->prepare("INSERT INTO files (filePath,fileHash) VALUES (:filePath,:fileHash);");
+  $query->execute(array(':filePath' => $filePath, ':fileHash' => $fileHash));
+  $fileId = $db->lastInsertId();
+
+  $query = $db->prepare("SELECT * FROM emails WHERE id IN (SELECT id FROM emails ORDER BY RANDOM() LIMIT :limit);");
+  $query->execute(array(':limit' => $CONFIG['validationCount']));		
+  $emails = $query->fetchAll(PDO::FETCH_ASSOC);
+
+  for($i = 0; $i < $CONFIG['validationCount']; $i++) {
+    $token = bin2hex(openssl_random_pseudo_bytes(32));
+    // TODO: duplicate token check
+    
+    $email = $emails[$i]['email'];
+    $firstName = $emails[$i]['firstName'];
+    $lastName = $emails[$i]['lastName'];
+    $query = $db->prepare("INSERT INTO validations (fileId,email,token) VALUES (:fileId,:email,:token);");
+    $query->execute(array(':fileId' => $fileId, ':email' => $email, ':token' => $token));
+
+    $subject = 'Please validate file to satisfy copyright';
+
+    $template = file_get_contents($CONFIG['emailTemplate'], FILE_USE_INCLUDE_PATH);
+    $message = strtr($template, array('$firstName' => $firstName, '$lastName' => $lastName, '$token' => $token));
+
+    $headers = 'From: webmaster@example.com' . "\r\n" .
+        'Reply-To: webmaster@example.com' . "\r\n" .
+        'X-Mailer: PHP/' . phpversion();
+
+    mail($email, $subject, $message, $headers);
+  }
+}

validate.php

@@ -0,0 +1,47 @@
+<?php
+
+if (!isset($_GET['token'])) {
+  echo 'No token specified!';
+  die(); 
+}
+
+require_once('db.php');
+
+$token = $_GET['token'];
+
+$query = $db->prepare("SELECT fileId FROM validations WHERE token=:token LIMIT 1;");
+$query->execute(array(':token' => $token));
+$validation = $query->fetchAll(PDO::FETCH_ASSOC);
+
+if (!isset($validation[0])) {
+  echo 'Invalid token specified!';
+  die(); 
+}
+
+$query = $db->prepare("SELECT * FROM files WHERE id=:fileId LIMIT 1;");
+$query->execute(array(':fileId' => $validation[0]['fileId']));
+$file = $query->fetchAll(PDO::FETCH_ASSOC);
+
+$file = $file[0];
+
+if (isset($_GET['download'])) {
+  header($_SERVER["SERVER_PROTOCOL"] . " 200 OK");
+  header("Cache-Control: public");
+  header("Content-Transfer-Encoding: Binary");
+  header("Content-Length:".filesize($file['filePath']));
+  header("Content-Disposition: attachment; filename=" . basename($file['filePath']));
+  readfile($file['filePath']);
+  die(); 
+} else if (isset($_GET['validate'])) {
+  $query = $db->prepare("UPDATE validations SET validated = 1 WHERE token=:token LIMIT 1;");
+  $query->execute(array(':token' => $token));
+} else if (isset($_GET['infringement'])) {
+  $query = $db->prepare("UPDATE validations SET validated = 0 WHERE token=:token LIMIT 1;");
+  $query->execute(array(':token' => $token));
+}
+
+?>
+
+<a href="validate.php?token=<?php echo $token; ?>&download">Download File</a><br \>
+<a href="validate.php?token=<?php echo $token; ?>&validate">Mark File as validated</a> <br \>
+<a href="validate.php?token=<?php echo $token; ?>&infringement">Report copyright infringement</a>