4 changed files with 147 additions and 0 deletions
-
42db.php
-
15email.template
-
43upload.php
-
47validate.php
@ -0,0 +1,42 @@ |
|||||
|
<?php |
||||
|
|
||||
|
$CONFIG = array(); |
||||
|
$CONFIG['sqliteFile'] = 'uploadfilter.sqlite3'; |
||||
|
$CONFIG['fileDir'] = '/tmp'; |
||||
|
$CONFIG['validationCount'] = 1; |
||||
|
$CONFIG['emailTemplate'] = './email.template'; |
||||
|
|
||||
|
$db = new PDO('sqlite:' . $CONFIG['sqliteFile']); |
||||
|
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); |
||||
|
|
||||
|
$db->exec("CREATE TABLE IF NOT EXISTS files (
|
||||
|
id INTEGER PRIMARY KEY, |
||||
|
filePath TEXT, |
||||
|
fileHash TEXT)");
|
||||
|
|
||||
|
$db->exec("CREATE TABLE IF NOT EXISTS emails (
|
||||
|
id INTEGER PRIMARY KEY, |
||||
|
email TEXT, |
||||
|
firstName TEXT, |
||||
|
lastName TEXT, |
||||
|
UNIQUE(email))");
|
||||
|
|
||||
|
$db->exec("CREATE TABLE IF NOT EXISTS validations (
|
||||
|
id INTEGER PRIMARY KEY, |
||||
|
fileId INTEGER, |
||||
|
email TEXT, |
||||
|
token TEXT, |
||||
|
validated BOOLEAN, |
||||
|
FOREIGN KEY(fileId) REFERENCES files(id), |
||||
|
FOREIGN KEY(email) REFERENCES emails(email))");
|
||||
|
|
||||
|
/* |
||||
|
// demo emails!
|
||||
|
$query = $db->prepare("INSERT INTO emails (email,firstName,lastName) VALUES (:email,:firstName,:lastName);"); |
||||
|
|
||||
|
$query->execute(array(':email' => 'upload-filter1@example.com', ':firstName' => 'Firstname1', ':lastName' => 'Lastname1')); |
||||
|
$query->execute(array(':email' => 'upload-filter2@example.com', ':firstName' => 'Firstname2', ':lastName' => 'Lastname2')); |
||||
|
$query->execute(array(':email' => 'upload-filter3@example.com', ':firstName' => 'Firstname3', ':lastName' => 'Lastname3')); |
||||
|
$query->execute(array(':email' => 'upload-filter4@example.com', ':firstName' => 'Firstname4', ':lastName' => 'Lastname4')); |
||||
|
$query->execute(array(':email' => 'upload-filter5@example.com', ':firstName' => 'Firstname5', ':lastName' => 'Lastname5')); |
||||
|
*/ |
||||
@ -0,0 +1,15 @@ |
|||||
|
Hello $firstName $lastName, |
||||
|
|
||||
|
I have recevied a new upload on my plattform and due to Article 13 of the new EU copyright reform, the files must be reviewed for copyright infringement. |
||||
|
Because I am not capable of a better technical solution and because of privacy concerns due to GDPR I don't want big plattforms like Google to get this content; you are choosen to review the content. |
||||
|
|
||||
|
Under the following link, you can download the content and validate against a copyright infringement: |
||||
|
https://www.example.com/validate.php?token=$token |
||||
|
|
||||
|
As legislator of Article 13 you must have thought about a good and easy way to legitmate a content. If you have a technical solution set up, you can easily automate this validation process by parsing this Email for the following urls: |
||||
|
direct download of the file: https://www.example.com/validate.php?download&token=$token |
||||
|
direct validation of the file: https://www.example.com/validate.php?validate&token=$token |
||||
|
direct copyright infringement of the file: https://www.example.com/validate.php?infringement&token=$token |
||||
|
|
||||
|
Best regards, |
||||
|
Owner of example.com |
||||
@ -0,0 +1,43 @@ |
|||||
|
<?php |
||||
|
|
||||
|
require_once('db.php'); |
||||
|
|
||||
|
foreach($_FILES as $file){ |
||||
|
$fileHash = hash_file ('sha512' , $file['tmp_name']); |
||||
|
// TODO: file hash lookup for duplicate uploads
|
||||
|
|
||||
|
$filePath = $CONFIG['fileDir'] . basename($file['name']); |
||||
|
// TODO: duplicate file name check
|
||||
|
|
||||
|
move_uploaded_file($file['tmp_name'], $filePath); |
||||
|
|
||||
|
$query = $db->prepare("INSERT INTO files (filePath,fileHash) VALUES (:filePath,:fileHash);"); |
||||
|
$query->execute(array(':filePath' => $filePath, ':fileHash' => $fileHash)); |
||||
|
$fileId = $db->lastInsertId(); |
||||
|
|
||||
|
$query = $db->prepare("SELECT * FROM emails WHERE id IN (SELECT id FROM emails ORDER BY RANDOM() LIMIT :limit);"); |
||||
|
$query->execute(array(':limit' => $CONFIG['validationCount'])); |
||||
|
$emails = $query->fetchAll(PDO::FETCH_ASSOC); |
||||
|
|
||||
|
for($i = 0; $i < $CONFIG['validationCount']; $i++) { |
||||
|
$token = bin2hex(openssl_random_pseudo_bytes(32)); |
||||
|
// TODO: duplicate token check
|
||||
|
|
||||
|
$email = $emails[$i]['email']; |
||||
|
$firstName = $emails[$i]['firstName']; |
||||
|
$lastName = $emails[$i]['lastName']; |
||||
|
$query = $db->prepare("INSERT INTO validations (fileId,email,token) VALUES (:fileId,:email,:token);"); |
||||
|
$query->execute(array(':fileId' => $fileId, ':email' => $email, ':token' => $token)); |
||||
|
|
||||
|
$subject = 'Please validate file to satisfy copyright'; |
||||
|
|
||||
|
$template = file_get_contents($CONFIG['emailTemplate'], FILE_USE_INCLUDE_PATH); |
||||
|
$message = strtr($template, array('$firstName' => $firstName, '$lastName' => $lastName, '$token' => $token)); |
||||
|
|
||||
|
$headers = 'From: webmaster@example.com' . "\r\n" . |
||||
|
'Reply-To: webmaster@example.com' . "\r\n" . |
||||
|
'X-Mailer: PHP/' . phpversion(); |
||||
|
|
||||
|
mail($email, $subject, $message, $headers); |
||||
|
} |
||||
|
} |
||||
@ -0,0 +1,47 @@ |
|||||
|
<?php |
||||
|
|
||||
|
if (!isset($_GET['token'])) { |
||||
|
echo 'No token specified!'; |
||||
|
die(); |
||||
|
} |
||||
|
|
||||
|
require_once('db.php'); |
||||
|
|
||||
|
$token = $_GET['token']; |
||||
|
|
||||
|
$query = $db->prepare("SELECT fileId FROM validations WHERE token=:token LIMIT 1;"); |
||||
|
$query->execute(array(':token' => $token)); |
||||
|
$validation = $query->fetchAll(PDO::FETCH_ASSOC); |
||||
|
|
||||
|
if (!isset($validation[0])) { |
||||
|
echo 'Invalid token specified!'; |
||||
|
die(); |
||||
|
} |
||||
|
|
||||
|
$query = $db->prepare("SELECT * FROM files WHERE id=:fileId LIMIT 1;"); |
||||
|
$query->execute(array(':fileId' => $validation[0]['fileId'])); |
||||
|
$file = $query->fetchAll(PDO::FETCH_ASSOC); |
||||
|
|
||||
|
$file = $file[0]; |
||||
|
|
||||
|
if (isset($_GET['download'])) { |
||||
|
header($_SERVER["SERVER_PROTOCOL"] . " 200 OK"); |
||||
|
header("Cache-Control: public"); |
||||
|
header("Content-Transfer-Encoding: Binary"); |
||||
|
header("Content-Length:".filesize($file['filePath'])); |
||||
|
header("Content-Disposition: attachment; filename=" . basename($file['filePath'])); |
||||
|
readfile($file['filePath']); |
||||
|
die(); |
||||
|
} else if (isset($_GET['validate'])) { |
||||
|
$query = $db->prepare("UPDATE validations SET validated = 1 WHERE token=:token LIMIT 1;"); |
||||
|
$query->execute(array(':token' => $token)); |
||||
|
} else if (isset($_GET['infringement'])) { |
||||
|
$query = $db->prepare("UPDATE validations SET validated = 0 WHERE token=:token LIMIT 1;"); |
||||
|
$query->execute(array(':token' => $token)); |
||||
|
} |
||||
|
|
||||
|
?>
|
||||
|
|
||||
|
<a href="validate.php?token=<?php echo $token; ?>&download">Download File</a><br \> |
||||
|
<a href="validate.php?token=<?php echo $token; ?>&validate">Mark File as validated</a> <br \> |
||||
|
<a href="validate.php?token=<?php echo $token; ?>&infringement">Report copyright infringement</a> |
||||
Write
Preview
Loading…
Cancel
Save
Reference in new issue