https://github.com/arkanis/simple-gallery
MIT License
How to install:
- Upload this PHP file into that directory you want to use as image gallery. The webserver has to support PHP but gd isn't necessary.
- Make sure the webserver has write permission to the directory. It's needed to store uploaded images in there.
- Optional: Change the value of $secret_key below to something you can remember and use more easily.
How to use:
- To view the gallery open the directories URL in your browser.
- To upload or delete images append "?key=qrW{$-mnaEoEN{oy8ZzE;\J3c2ri$uup" to that URL. This will show the upload and delete controls.
Changelog:
2015-08-10 Initial release
*/
$secret_key = 'NLRw{[b}8l8ZgQ1)x_6SF-lir88tcimFP_';
$thumb_quality = 85;
$image_quality = 90;
$extentions = array('jpg', 'jpeg', 'png', 'bmp', 'tif', 'svg');
// Escpae all special HTML character in the $string. The result can be safely inserted into HTML code without risking XSS attacks.
function h($string) {
return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
}
// Exit the script with the specified HTTP response code and text message.
function http_die($http_status, $message = null) {
header($_SERVER['SERVER_PROTOCOL'] . ' ' . $http_status);
header('Content-Type: text/plain');
die($message);
}
$method = $_SERVER['REQUEST_METHOD'];
$key = urldecode(@$_GET['key']);
$name = basename(trim(urldecode(@$_GET['name'])));
if ( ($method == 'PUT' or $method == 'DELETE') and $key === $secret_key and $name != '' ) {
// Check filename
$ext = strtolower(pathinfo($name, PATHINFO_EXTENSION));
if ( $name[0] == '.' or $name == basename(__FILE__) or !in_array($ext, $extentions) )
http_die('403 Forbidden', "Sorry, you can only upload image files that don't start with a dot.");
if ($method == 'DELETE') {
// DELETE index.php?key=xyz&name=filename
// Delete the file
if ( @unlink(dirname(__FILE__) . '/' . $name) )
http_die('204 No Content');
else
http_die('500 Internal Server Error', "Can't delete the image, sorry. Please make sure the webserver has the permission to delete it.");
} else {
// PUT index.php?key=xyz&name=filename
// Save the uploaded data into the file
$upload = fopen('php://input', 'rb');
$file = @fopen(dirname(__FILE__) . '/' . $name, 'wb');
if (!$file)
http_die('500 Internal Server Error', "Can't upload the image, sorry. Please make sure the webserver has write permission for the directory so it can store new images.");
stream_copy_to_stream($upload, $file);
fclose($upload);
fclose($file);
http_die('204 No Content');
}
} elseif ($method == 'GET' or $method == 'HEAD') {
// GET index.php, HEAD index.php
// Show image gallery
$image_paths = glob(dirname(__FILE__) . '/*.{' . join(',', $extentions) . '}', GLOB_BRACE );
natsort($image_paths);
$images = array();
foreach($image_paths as $image_path) {
$filename = pathinfo($image_path, PATHINFO_FILENAME);
if ( preg_match('/\.thumb$/', $filename) )
continue;
$thumb_basename = $filename . '.thumb.jpg';
$image_basename = basename($image_path);
if ( file_exists(dirname(__FILE__) . '/' . $thumb_basename) )
$images[$image_basename] = $thumb_basename;
else
$images[$image_basename] = $image_basename;
}
// GET index.php?key=xyz
// Show upload panel if key is ok
$show_upload_panel = ($key === $secret_key);
// Fall through to show the HTML output
} else {
http_die('405 Method Not Allowed');
}
$title = ucwords(basename(dirname(__FILE__)));
?>
<?= h($title) ?>