uploadfilter/upload.php

<?php

require_once('db.php');

foreach($_FILES as $file){
  $fileHash = hash_file ('sha512' , $file['tmp_name']);
  // TODO: file hash lookup for duplicate uploads

  $filePath = $CONFIG['fileDir'] . basename($file['name']);
  // TODO: duplicate file name check

  move_uploaded_file($file['tmp_name'], $filePath);

  $query = $db->prepare("INSERT INTO files (filePath,fileHash) VALUES (:filePath,:fileHash);");
  $query->execute(array(':filePath' => $filePath, ':fileHash' => $fileHash));
  $fileId = $db->lastInsertId();

  $query = $db->prepare("SELECT * FROM emails WHERE id IN (SELECT id FROM emails ORDER BY RANDOM() LIMIT :limit);");
  $query->execute(array(':limit' => $CONFIG['validationCount']));		
  $emails = $query->fetchAll(PDO::FETCH_ASSOC);

  for($i = 0; $i < $CONFIG['validationCount']; $i++) {
    $token = bin2hex(openssl_random_pseudo_bytes(32));
    // TODO: duplicate token check
    
    $email = $emails[$i]['email'];
    $firstName = $emails[$i]['firstName'];
    $lastName = $emails[$i]['lastName'];
    $query = $db->prepare("INSERT INTO validations (fileId,email,token) VALUES (:fileId,:email,:token);");
    $query->execute(array(':fileId' => $fileId, ':email' => $email, ':token' => $token));

    $subject = 'Please validate file to satisfy copyright';

    $template = file_get_contents($CONFIG['emailTemplate'], FILE_USE_INCLUDE_PATH);
    $message = strtr($template, array('$firstName' => $firstName, '$lastName' => $lastName, '$token' => $token));

    $headers = 'From: webmaster@example.com' . "\r\n" .
        'Reply-To: webmaster@example.com' . "\r\n" .
        'X-Mailer: PHP/' . phpversion();

    mail($email, $subject, $message, $headers);
  }
}