diff --git a/db.php b/db.php
new file mode 100755
index 0000000..7fa8d2e
--- /dev/null
+++ b/db.php
@@ -0,0 +1,42 @@
+setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+$db->exec("CREATE TABLE IF NOT EXISTS files (
+ id INTEGER PRIMARY KEY,
+ filePath TEXT,
+ fileHash TEXT)");
+
+$db->exec("CREATE TABLE IF NOT EXISTS emails (
+ id INTEGER PRIMARY KEY,
+ email TEXT,
+ firstName TEXT,
+ lastName TEXT,
+ UNIQUE(email))");
+
+$db->exec("CREATE TABLE IF NOT EXISTS validations (
+ id INTEGER PRIMARY KEY,
+ fileId INTEGER,
+ email TEXT,
+ token TEXT,
+ validated BOOLEAN,
+ FOREIGN KEY(fileId) REFERENCES files(id),
+ FOREIGN KEY(email) REFERENCES emails(email))");
+
+/*
+// demo emails!
+$query = $db->prepare("INSERT INTO emails (email,firstName,lastName) VALUES (:email,:firstName,:lastName);");
+
+$query->execute(array(':email' => 'upload-filter1@example.com', ':firstName' => 'Firstname1', ':lastName' => 'Lastname1'));
+$query->execute(array(':email' => 'upload-filter2@example.com', ':firstName' => 'Firstname2', ':lastName' => 'Lastname2'));
+$query->execute(array(':email' => 'upload-filter3@example.com', ':firstName' => 'Firstname3', ':lastName' => 'Lastname3'));
+$query->execute(array(':email' => 'upload-filter4@example.com', ':firstName' => 'Firstname4', ':lastName' => 'Lastname4'));
+$query->execute(array(':email' => 'upload-filter5@example.com', ':firstName' => 'Firstname5', ':lastName' => 'Lastname5'));
+*/
\ No newline at end of file
diff --git a/email.template b/email.template
new file mode 100644
index 0000000..f87bd9c
--- /dev/null
+++ b/email.template
@@ -0,0 +1,15 @@
+Hello $firstName $lastName,
+
+I have recevied a new upload on my plattform and due to Article 13 of the new EU copyright reform, the files must be reviewed for copyright infringement.
+Because I am not capable of a better technical solution and because of privacy concerns due to GDPR I don't want big plattforms like Google to get this content; you are choosen to review the content.
+
+Under the following link, you can download the content and validate against a copyright infringement:
+https://www.example.com/validate.php?token=$token
+
+As legislator of Article 13 you must have thought about a good and easy way to legitmate a content. If you have a technical solution set up, you can easily automate this validation process by parsing this Email for the following urls:
+direct download of the file: https://www.example.com/validate.php?download&token=$token
+direct validation of the file: https://www.example.com/validate.php?validate&token=$token
+direct copyright infringement of the file: https://www.example.com/validate.php?infringement&token=$token
+
+Best regards,
+Owner of example.com
\ No newline at end of file
diff --git a/upload.php b/upload.php
new file mode 100755
index 0000000..812e04a
--- /dev/null
+++ b/upload.php
@@ -0,0 +1,43 @@
+prepare("INSERT INTO files (filePath,fileHash) VALUES (:filePath,:fileHash);");
+ $query->execute(array(':filePath' => $filePath, ':fileHash' => $fileHash));
+ $fileId = $db->lastInsertId();
+
+ $query = $db->prepare("SELECT * FROM emails WHERE id IN (SELECT id FROM emails ORDER BY RANDOM() LIMIT :limit);");
+ $query->execute(array(':limit' => $CONFIG['validationCount']));
+ $emails = $query->fetchAll(PDO::FETCH_ASSOC);
+
+ for($i = 0; $i < $CONFIG['validationCount']; $i++) {
+ $token = bin2hex(openssl_random_pseudo_bytes(32));
+ // TODO: duplicate token check
+
+ $email = $emails[$i]['email'];
+ $firstName = $emails[$i]['firstName'];
+ $lastName = $emails[$i]['lastName'];
+ $query = $db->prepare("INSERT INTO validations (fileId,email,token) VALUES (:fileId,:email,:token);");
+ $query->execute(array(':fileId' => $fileId, ':email' => $email, ':token' => $token));
+
+ $subject = 'Please validate file to satisfy copyright';
+
+ $template = file_get_contents($CONFIG['emailTemplate'], FILE_USE_INCLUDE_PATH);
+ $message = strtr($template, array('$firstName' => $firstName, '$lastName' => $lastName, '$token' => $token));
+
+ $headers = 'From: webmaster@example.com' . "\r\n" .
+ 'Reply-To: webmaster@example.com' . "\r\n" .
+ 'X-Mailer: PHP/' . phpversion();
+
+ mail($email, $subject, $message, $headers);
+ }
+}
\ No newline at end of file
diff --git a/validate.php b/validate.php
new file mode 100755
index 0000000..123533d
--- /dev/null
+++ b/validate.php
@@ -0,0 +1,47 @@
+prepare("SELECT fileId FROM validations WHERE token=:token LIMIT 1;");
+$query->execute(array(':token' => $token));
+$validation = $query->fetchAll(PDO::FETCH_ASSOC);
+
+if (!isset($validation[0])) {
+ echo 'Invalid token specified!';
+ die();
+}
+
+$query = $db->prepare("SELECT * FROM files WHERE id=:fileId LIMIT 1;");
+$query->execute(array(':fileId' => $validation[0]['fileId']));
+$file = $query->fetchAll(PDO::FETCH_ASSOC);
+
+$file = $file[0];
+
+if (isset($_GET['download'])) {
+ header($_SERVER["SERVER_PROTOCOL"] . " 200 OK");
+ header("Cache-Control: public");
+ header("Content-Transfer-Encoding: Binary");
+ header("Content-Length:".filesize($file['filePath']));
+ header("Content-Disposition: attachment; filename=" . basename($file['filePath']));
+ readfile($file['filePath']);
+ die();
+} else if (isset($_GET['validate'])) {
+ $query = $db->prepare("UPDATE validations SET validated = 1 WHERE token=:token LIMIT 1;");
+ $query->execute(array(':token' => $token));
+} else if (isset($_GET['infringement'])) {
+ $query = $db->prepare("UPDATE validations SET validated = 0 WHERE token=:token LIMIT 1;");
+ $query->execute(array(':token' => $token));
+}
+
+?>
+
+Download File
+Mark File as validated
+Report copyright infringement
\ No newline at end of file