diff --git a/README.md b/README.md index 7a7f092..ac00365 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,71 @@ +Here are list of changes made to original code base: + +# Functionality & Features + +- **Multi-file Upload:** + Allows users to upload multiple files at once, which improves efficiency and user experience. + +- **File Editing:** + Built-in editing functionality for text-based files enables quick modifications without leaving the interface. + +- **Batch Deleting:** + The ability to select multiple files and delete them in one action streamlines file management. + +- **Sorting & Filtering:** + Users can sort files by various attributes (name, date modified, uploaded date, size, uploader), making navigation easier. + +- **User Management:** + Incorporates secure authentication (with hashed passwords) and admin-only controls for adding new users. + +# Security + +- **Password Hashing:** + Using PHP's `password_hash()` and `password_verify()` ensures that user credentials are securely stored and verified. + +- **Session-based Authentication:** + Leveraging PHP sessions to maintain secure user state across the application. + +- **Access Control:** + Admins have extra privileges (such as creating new users), which is properly enforced via session checks and restricted endpoints. + +- **Safe File Operations:** + File metadata (including uploader info) is stored securely in JSON, helping avoid direct exposure of sensitive details. + +# User Experience & Interface + +- **Responsive Design:** + The layout adapts to different screen sizes, ensuring a good experience on both desktop and mobile devices. + +- **Dynamic UI Updates:** + Uses modern JavaScript (Fetch API, asynchronous calls) to update the file list and authentication state without full page reloads. + +- **Clear Feedback:** + Users receive immediate alerts and visual feedback for actions like login, file upload, and deletion. + +# Extensibility & Maintainability + +- **Modular Code Structure:** + The project is divided into distinct files (`auth.js`, `upload.js`, `displayFileList.js`, etc.), which makes it easier to manage and extend. + +- **Customization Options:** + The codebase is flexible enough to allow the addition of more file types, new features (e.g., versioning, file previews), or integration with other systems. + +- **Good Practices Demonstrated:** + The project illustrates the use of best practices in PHP (such as session management and secure password handling) and modern front-end JavaScript, making it a valuable learning resource. + +# Deployment & Real-world Use + +- **Reverse Proxy Compatibility:** + With proper server configuration and security measures, this project can be deployed behind a reverse proxy, offering an extra layer of security. + +- **Real-world Scenario:** + A multi-file uploader with editing and user management is useful in many environments—whether for managing firmware, documents, images, or any files—making this a practical solution. + + + + + +Original readme: # File Uploader A simple file uploader web app that allows authenticated users to upload, list, and delete files. @@ -16,95 +84,6 @@ sudo apt install apache2 sudo apt install php libapache2-mod-php ``` -## Installation - - ### Clone - ``` - git clone https://github.com/sensboston/uploader.git - cd uploader - ``` - ### or download this repository - ``` - wget https://github.com/sensboston/uploader/archive/refs/heads/master.zip - unzip master.zip -d uploader - mv uploader/uploader-master/* uploader/ - rm -r uploader/uploader-master - rm master.zip - ``` - - ### Configure PHP - Note: adjust PHP version in paths - - Ensure the following PHP settings are in your **/etc/php/8.1/apache2/php.ini**: - ``` - log_errors = On - error_log = /var/log/php_errors.log - ``` - - Also check for max upload file/post size limits in **/etc/php/8.1/apache2/php.ini** (adjust to your needs, like 10G): - ``` - upload_max_filesize = 10M - post_max_size = 10M - ``` - - ### Create the upload directory and set the necessary permissions: - - ``` - sudo mkdir -p /var/www/html/upload - sudo chown -R www-data:www-data /var/www/html/upload - sudo chmod -R 755 /var/www/html/upload - ``` - - ### Do not forget to add proper permissions to www-data (used by apache & php) - ``` - sudo chown -R www-data:www-data /var/www/html/upload - sudo chmod -R 775 /var/www/html/upload - ``` - - ### Create application directory at webroot (or configure app/site): - (note: with my Apache configuration, I just need to create a subdirectory) - ``` - sudo mkdir -p /var/www/html/uploader - ``` - - ### Edit file config.php and adjust variables - (website name, time zone etc.) - ``` - sudo nano /home/ubuntu/uploader/config.php - ``` - ### Edit file users.txt: - This file lists pseudo-users for upload access authentication, in the format **username:password**. - These pseudo-users have **nothing to do** with Linux users and only serve as **an additional layer** of protection! - Please **do not use your real login credentials** for this file! - Also, be sure to check if you copied the **.htaccess** file with content (that denies access to **users.txt** file) - ``` - - Order Allow,Deny - Deny from all - - ``` - - ### Copy all app files (html, php & js) to the app folder: - ``` - sudo cp /home/ubuntu/uploader/*.* /var/www/html/uploader/ - ``` - - ### Restart Apache to apply changes: - - ``` - sudo systemctl restart apache2 - ``` - -## Usage -Open your web browser and navigate to https://yourserveraddress/uploader - -Enter username and password, stored in **user.txt** to authenticate. - -Choose a file to upload and click the "Upload" button. - -The uploaded files will be listed on the page, and you can delete them using the "Delete" button. ![screenshot](https://github.com/sensboston/uploader/assets/1036158/5428672d-7dcc-4d7a-a96f-dfe578618c75) -## Issues / TODO - - Add JS check for upload file size, before starting actual upload.