diff --git a/db.php b/db.php new file mode 100755 index 0000000..7fa8d2e --- /dev/null +++ b/db.php @@ -0,0 +1,42 @@ +setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + +$db->exec("CREATE TABLE IF NOT EXISTS files ( + id INTEGER PRIMARY KEY, + filePath TEXT, + fileHash TEXT)"); + +$db->exec("CREATE TABLE IF NOT EXISTS emails ( + id INTEGER PRIMARY KEY, + email TEXT, + firstName TEXT, + lastName TEXT, + UNIQUE(email))"); + +$db->exec("CREATE TABLE IF NOT EXISTS validations ( + id INTEGER PRIMARY KEY, + fileId INTEGER, + email TEXT, + token TEXT, + validated BOOLEAN, + FOREIGN KEY(fileId) REFERENCES files(id), + FOREIGN KEY(email) REFERENCES emails(email))"); + +/* +// demo emails! +$query = $db->prepare("INSERT INTO emails (email,firstName,lastName) VALUES (:email,:firstName,:lastName);"); + +$query->execute(array(':email' => 'upload-filter1@example.com', ':firstName' => 'Firstname1', ':lastName' => 'Lastname1')); +$query->execute(array(':email' => 'upload-filter2@example.com', ':firstName' => 'Firstname2', ':lastName' => 'Lastname2')); +$query->execute(array(':email' => 'upload-filter3@example.com', ':firstName' => 'Firstname3', ':lastName' => 'Lastname3')); +$query->execute(array(':email' => 'upload-filter4@example.com', ':firstName' => 'Firstname4', ':lastName' => 'Lastname4')); +$query->execute(array(':email' => 'upload-filter5@example.com', ':firstName' => 'Firstname5', ':lastName' => 'Lastname5')); +*/ \ No newline at end of file diff --git a/email.template b/email.template new file mode 100644 index 0000000..f87bd9c --- /dev/null +++ b/email.template @@ -0,0 +1,15 @@ +Hello $firstName $lastName, + +I have recevied a new upload on my plattform and due to Article 13 of the new EU copyright reform, the files must be reviewed for copyright infringement. +Because I am not capable of a better technical solution and because of privacy concerns due to GDPR I don't want big plattforms like Google to get this content; you are choosen to review the content. + +Under the following link, you can download the content and validate against a copyright infringement: +https://www.example.com/validate.php?token=$token + +As legislator of Article 13 you must have thought about a good and easy way to legitmate a content. If you have a technical solution set up, you can easily automate this validation process by parsing this Email for the following urls: +direct download of the file: https://www.example.com/validate.php?download&token=$token +direct validation of the file: https://www.example.com/validate.php?validate&token=$token +direct copyright infringement of the file: https://www.example.com/validate.php?infringement&token=$token + +Best regards, +Owner of example.com \ No newline at end of file diff --git a/upload.php b/upload.php new file mode 100755 index 0000000..812e04a --- /dev/null +++ b/upload.php @@ -0,0 +1,43 @@ +prepare("INSERT INTO files (filePath,fileHash) VALUES (:filePath,:fileHash);"); + $query->execute(array(':filePath' => $filePath, ':fileHash' => $fileHash)); + $fileId = $db->lastInsertId(); + + $query = $db->prepare("SELECT * FROM emails WHERE id IN (SELECT id FROM emails ORDER BY RANDOM() LIMIT :limit);"); + $query->execute(array(':limit' => $CONFIG['validationCount'])); + $emails = $query->fetchAll(PDO::FETCH_ASSOC); + + for($i = 0; $i < $CONFIG['validationCount']; $i++) { + $token = bin2hex(openssl_random_pseudo_bytes(32)); + // TODO: duplicate token check + + $email = $emails[$i]['email']; + $firstName = $emails[$i]['firstName']; + $lastName = $emails[$i]['lastName']; + $query = $db->prepare("INSERT INTO validations (fileId,email,token) VALUES (:fileId,:email,:token);"); + $query->execute(array(':fileId' => $fileId, ':email' => $email, ':token' => $token)); + + $subject = 'Please validate file to satisfy copyright'; + + $template = file_get_contents($CONFIG['emailTemplate'], FILE_USE_INCLUDE_PATH); + $message = strtr($template, array('$firstName' => $firstName, '$lastName' => $lastName, '$token' => $token)); + + $headers = 'From: webmaster@example.com' . "\r\n" . + 'Reply-To: webmaster@example.com' . "\r\n" . + 'X-Mailer: PHP/' . phpversion(); + + mail($email, $subject, $message, $headers); + } +} \ No newline at end of file diff --git a/validate.php b/validate.php new file mode 100755 index 0000000..123533d --- /dev/null +++ b/validate.php @@ -0,0 +1,47 @@ +prepare("SELECT fileId FROM validations WHERE token=:token LIMIT 1;"); +$query->execute(array(':token' => $token)); +$validation = $query->fetchAll(PDO::FETCH_ASSOC); + +if (!isset($validation[0])) { + echo 'Invalid token specified!'; + die(); +} + +$query = $db->prepare("SELECT * FROM files WHERE id=:fileId LIMIT 1;"); +$query->execute(array(':fileId' => $validation[0]['fileId'])); +$file = $query->fetchAll(PDO::FETCH_ASSOC); + +$file = $file[0]; + +if (isset($_GET['download'])) { + header($_SERVER["SERVER_PROTOCOL"] . " 200 OK"); + header("Cache-Control: public"); + header("Content-Transfer-Encoding: Binary"); + header("Content-Length:".filesize($file['filePath'])); + header("Content-Disposition: attachment; filename=" . basename($file['filePath'])); + readfile($file['filePath']); + die(); +} else if (isset($_GET['validate'])) { + $query = $db->prepare("UPDATE validations SET validated = 1 WHERE token=:token LIMIT 1;"); + $query->execute(array(':token' => $token)); +} else if (isset($_GET['infringement'])) { + $query = $db->prepare("UPDATE validations SET validated = 0 WHERE token=:token LIMIT 1;"); + $query->execute(array(':token' => $token)); +} + +?> + +Download File
+Mark File as validated
+Report copyright infringement \ No newline at end of file