Perform the upload of the file

unsafe_gallery/src/.gitignore

@@ -0,0 +1 @@
+uploads

unsafe_gallery/src/.htaccess

@@ -0,0 +1 @@
+Options -Indexes

unsafe_gallery/src/index.php

@@ -1,43 +1,91 @@
 <?php
 
-print_r($_FILES); 
+session_start();
 
-if(isset($_FILES["file"]))
+// Assign unique session ID to the client
-{
+if (!isset($_SESSION["id"]))
-  TODO
+  $_SESSION["id"] = uniqid();
+
+// Specify uploads target directory
+define('UPLOAD_DIR', __DIR__ . "/uploads/" . $_SESSION["id"]);
+
+if (isset($_FILES["file"])) {
+  $dest_file_name = (string)time() ."-". str_replace("/", "", $_FILES["file"]["name"]);
+
+  // Create target directory
+  if(!is_dir(UPLOAD_DIR) && !mkdir(UPLOAD_DIR, 0770, true)) {
+    $error = "Failed to create storage directory!";
+  }
+  else if ($_FILES["file"]["size"] > 10000) {
+    $error = "File is too large!";
+  } else if (move_uploaded_file($_FILES["file"]["tmp_name"], UPLOAD_DIR . "/" . $dest_file_name)) {
+    $success = "The file was successfully uploaded!";
+  } else {
+    $error = "Error while uploading file!";
+  }
 }
 
 ?><!doctype html>
 <html lang="en" data-bs-theme="auto">
-  <head>
 
-    <meta charset="utf-8">
+<head>
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-    <title>Safe gallery</title>
 
-    <link href="/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
+  <meta charset="utf-8">
-    <link href="/style.css" rel="stylesheet">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
-  </head>
+  <title>Safe gallery</title>
-  <body class="d-flex align-items-center py-4 bg-body-tertiary">    
-<main class="form-signin w-100 m-auto">
-  
 
-<div class="alert alert-success">
+  <link href="/bootstrap.min.css" rel="stylesheet"
-<strong>Note</strong> : Une information se cache dans la variable d'environnement <i>FLAG</i>.
+    integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
-</div>
+  <link href="/style.css" rel="stylesheet">
+</head>
 
-<h2>Upload file</h2>
+<body class="d-flex align-items-center py-4 bg-body-tertiary">
+  <main class="form-signin w-100 m-auto">
 
-<form action="/" method="post" enctype="multipart/form-data">
+    <h1>Gallery manager</h1>
-  <div>
+
-    <label for="formFile" class="form-label mt-4">Select image to upload</label>
+    <div class="alert alert-secondary">
-    <input class="form-control" type="file" id="formFile" name="file" required />
+      <strong>Note</strong> : Une information se cache dans la variable d'environnement <i>FLAG</i>.
-  </div>
+    </div>
-  <div style="margin-top: 10px;">
+
-    <button type="submit" class="btn btn-primary">Perform upload</button>
+    <?php
-  </div>
+    if (isset($success)) {
-</form>
+      ?>
-  
+      <div class="alert alert-success">
-</main>
+        <?= $success ?>
+      </div><?php
+    }
+
+    if (isset($error)) {
+      ?>
+      <div class="alert alert-danger">
+        <?= $error ?>
+      </div><?php
+    }
+    ?>
+
+    <h2>Upload file</h2>
+
+    <form action="/" method="post" enctype="multipart/form-data">
+      <div>
+        <label for="formFile" class="form-label mt-4">Select image to upload</label>
+        <input class="form-control" type="file" id="formFile" name="file" required />
+      </div>
+      <div style="margin-top: 10px;">
+        <button type="submit" class="btn btn-primary">Perform upload</button>
+      </div>
+    </form>
+
+    <h2 style="margin-top: 50px;">Your files</h2>
+    <ul>
+    <?php
+    foreach(scandir(UPLOAD_DIR) as $f) {
+      if($f === "." or $f === "..") continue;
+      echo "<li><a href='uploads/".$_SESSION['id']."/$f' target='_blank'>".$f."</a></li>";
+    }
+    ?>
+    </ul>
+  </main>
 </body>
-</html>
+
+</html>

unsafe_gallery/src/style.css

@@ -4,7 +4,7 @@ body {
 }
 
 .form-signin {
-  max-width: 530px;
+  max-width: 800px;
   padding: 1rem;
 }