File Uploader

A simple file uploader application that allows authenticated users to upload, list, and delete files. The application uses PHP and a Python authentication service running on Apache2.

Prerequisites

• Apache2, configured, up and running
• PHP 8.1 or higher
• Python 3
• Required PHP extensions: php-json, php-curl

Hint:

sudo apt update
sudo apt install apache2
sudo apt install php libapache2-mod-php
sudo apt install python3

Installation

For simplicity, I'll use my current Ubuntu instance user name, you should replace by yours.

Clone

git clone https://github.com/yourusername/uploader.git
cd uploader

or download this repository

wget https://github.com/sensboston/uploader/archive/refs/heads/master.zip
unzip master.zip -d uploader
mv uploader/uploader-master/* uploader/
rm -r uploader/uploader-master
rm master.zip

Install Python prerequisites

pip install flask pam

Create Python authentication service

(note: port 7000 is used; if you need to change port number, make needful changes in the app.py and php scripts - search for '7000')

sudo nano /etc/systemd/system/flaskapp.service

Add the following content to this file (but replace User, WorkingDirectory and ExecStart):

[Unit]
Description=Flask Application
After=network.target

[Service]
User=ubuntu
WorkingDirectory=/home/ubuntu/uploader
ExecStart=/usr/bin/python3 /home/ubuntu/uploader/app.py
Restart=always

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl enable flaskapp
sudo systemctl start flaskapp
sudo systemctl status flaskapp.service

Configure PHP

Ensure the following PHP settings are in your /etc/php/8.1/apache2/php.ini:

log_errors = On
error_log = /var/log/php_errors.log

Also check for max upload file/post size limits in /etc/php/8.1/apache2/php.ini (adjust to your needs, like 10G):

upload_max_filesize = 10M
post_max_size = 10M

Create the upload directory and set the necessary permissions:

sudo mkdir -p /var/www/html/upload
sudo chown -R www-data:www-data /var/www/html/upload
sudo chmod -R 755 /var/www/html/upload

Create a limited user for uploading files

(please note, I don't recommend you to use your actual ssh-enabled user account):

sudo useradd -M -d /var/www/html/upload -s /usr/sbin/nologin uploader
sudo passwd uploader
sudo chown -R uploader:www-data /var/www/html/upload

Create application directory at webroot (or configure app/site):

(note: with my Apache configuration, I just need to create a subdirectory)

sudo mkdir -p /var/www/html/uploader

Copy all files to the folder created above:

sudo cp -r * /var/www/html/uploader

Restart Apache to apply changes:

sudo systemctl restart apache2

Usage

Open your web browser and navigate to https://yourserveraddress/uploader

Enter your username and password to authenticate.

Choose a file to upload and click the "Upload" button.

The uploaded files will be listed on the page, and you can delete them using the "Delete" button.

Issues / TODO

There are two unresoved (yet) issues with the app:

• First, I suppose to use Python app, running as service, for the user authentication in the PHP scripts because I can't make the PAM PHP extension works 😒 Google's searches returned tonns of useless and non-working advises and suggestions; even ChatGPT can't resolve that issue. It looks like this module is deprecated but I can't find any working replacement. By the way, if I'll get PAM module working in PHP, Python app and auth.php will be replaced by very simple call: if (pam_auth($username, $password))

  BTW, I found a third-party implementation but haven't tried yet.

• Secondly, a very strange error occurs: if I use the authenticate function from the auth.php module in file_list.php (adding require_once 'auth.php';), then the file list is not appearing on web page. Although the user is authenticated and file_list.php sends a list of files in JSON format. If I define this function (using copy&paste) in the file_list.php module itself, then everything works great. Perhaps this has something to do with PHP session - I'm not a big expert in PHP and web programming. If anyone can help solve this problem, I would be very grateful - I hate strange errors!