initial code commit

upload.php

@@ -0,0 +1,43 @@
+<?php
+
+require_once('db.php');
+
+foreach($_FILES as $file){
+  $fileHash = hash_file ('sha512' , $file['tmp_name']);
+  // TODO: file hash lookup for duplicate uploads
+
+  $filePath = $CONFIG['fileDir'] . basename($file['name']);
+  // TODO: duplicate file name check
+
+  move_uploaded_file($file['tmp_name'], $filePath);
+
+  $query = $db->prepare("INSERT INTO files (filePath,fileHash) VALUES (:filePath,:fileHash);");
+  $query->execute(array(':filePath' => $filePath, ':fileHash' => $fileHash));
+  $fileId = $db->lastInsertId();
+
+  $query = $db->prepare("SELECT * FROM emails WHERE id IN (SELECT id FROM emails ORDER BY RANDOM() LIMIT :limit);");
+  $query->execute(array(':limit' => $CONFIG['validationCount']));		
+  $emails = $query->fetchAll(PDO::FETCH_ASSOC);
+
+  for($i = 0; $i < $CONFIG['validationCount']; $i++) {
+    $token = bin2hex(openssl_random_pseudo_bytes(32));
+    // TODO: duplicate token check
+    
+    $email = $emails[$i]['email'];
+    $firstName = $emails[$i]['firstName'];
+    $lastName = $emails[$i]['lastName'];
+    $query = $db->prepare("INSERT INTO validations (fileId,email,token) VALUES (:fileId,:email,:token);");
+    $query->execute(array(':fileId' => $fileId, ':email' => $email, ':token' => $token));
+
+    $subject = 'Please validate file to satisfy copyright';
+
+    $template = file_get_contents($CONFIG['emailTemplate'], FILE_USE_INCLUDE_PATH);
+    $message = strtr($template, array('$firstName' => $firstName, '$lastName' => $lastName, '$token' => $token));
+
+    $headers = 'From: webmaster@example.com' . "\r\n" .
+        'Reply-To: webmaster@example.com' . "\r\n" .
+        'X-Mailer: PHP/' . phpversion();
+
+    mail($email, $subject, $message, $headers);
+  }
+}