Merge pull request #579 from weblate/weblate-xbackbone-xbackbone

Translations update from Hosted Weblate

.github/FUNDING.yml

@@ -0,0 +1,8 @@
+# These are supported funding model platforms
+
+github: [SergiX44]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: #
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+custom: http://bit.ly/XBackBonePaypal

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,33 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**System Info**
++ PHP Version:
++ XBackBone Version:
++ Webserver: [Apache/Nginx/...]
++ Database backend: [SQLite/Mysql/...]
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Logs**
+XBackBone and/or webserver logs.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/test_suite.yml

@@ -0,0 +1,27 @@
+name: PHP Composer
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        operating-system: [ubuntu-latest]
+        php-versions: ["7.3", "7.4", "8.0", "8.1", "8.2"]
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Validate composer.json and composer.lock
+      run: composer validate --no-check-version
+
+    - name: Install dependencies
+      run: composer install --no-progress
+
+    - name: Run test suite
+      run: vendor/bin/phpunit --no-coverage

.gitignore

@@ -2,13 +2,10 @@
 composer.phar
 /vendor/
 
-# Commit your application's lock file http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file
-# You may choose to ignore a library lock file http://getcomposer.org/doc/02-libraries.md#lock-file
-composer.lock
-
 ### grunt ###
 # Grunt usually compiles files inside this directory
 dist/
+release*.zip
 
 # Grunt usually preprocesses files such as coffeescript, compass... inside the .tmp directory
 .tmp/
@@ -77,6 +74,7 @@ typings/
 # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
 
 # User-specific stuff:
+.idea/
 .idea/**/workspace.xml
 .idea/**/tasks.xml
 .idea/dictionaries
@@ -130,10 +128,14 @@ fabric.properties
 # Repo file
 storage/
 static/
+install/installer.js
 !resources/cache/.gitkeep
 resources/cache/*
 resources/database/*.db
 resources/sessions/sess_*
 logs/log-*.txt
 config.php
-release.zip
+release.zip
+/.settings/
+/.project
+/.buildpath

.htaccess

@@ -1,6 +1,8 @@
-Options -Indexes
-RewriteEngine On
-RewriteRule ^(app|bin|bootstrap|resources|storage|vendor|logs)(/.*|)$ - [NC,F]
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteCond %{REQUEST_FILENAME} !-d
-RewriteRule ^(.*)$ index.php [QSA,L]
+Options -Indexes +SymLinksIfOwnerMatch
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+    RewriteRule ^(app|bin|bootstrap|resources|storage|vendor|logs|CHANGELOG.md)(/.*|)$ - [NC,F]
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteRule ^(.*)$ index.php [QSA,L]
+</IfModule>

CHANGELOG.md

@@ -1,24 +1,450 @@
-## v1.3
-+ Added command to switch between bootswatch.com themes.
-+ Added popever to write the telegram message when sharing.
-+ Packaging improvements.
-+ Updated some dependencies.
-+ Allow Facebook bots to display the preview.
+# Changelog
+All notable changes to this project will be documented in this file.
 
-## v1.2
-+ Previews are now scaled for better page load.
-+ Added auto config generator for ShareX.
-+ Show upload file size on the dashboard.
-+ Fixed insert for admin user (running `php bin\migrate --install`).
-+ Removed HTTP2 push from the dashboard to improve loading time.
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
-## v1.1
-+ Added logging.
-+ Fixed back to top when click delete or publish/unpublish.
-+ Improved migrate system.
-+ Login redirect back to the requested page.
-+ Updated Bootstrap theme.
-+ Added share to Telegram.
+## Unreleased
 
-## v1.0
-+ Initial version.
+## [3.7.0] - 2024-01-14
+### Added
+- Added support for vanity urls.
+- Added KDE integration for linux script.
+
+### Changed
+- Updated translations.
+- File preview is now clickable to open the file.
+
+### Fixed
+- Fixes for LDAP authentication.
+
+## [3.6.3] - 2023-05-27
+### Fixed
+- Fix LDAP for php >= 8.1
+
+## [3.6.2] - 2023-05-24
+### Changed
+- Support for PHP 8.2
+
+### Removed
+- Azure blob storage driver
+
+## [3.6.1] - 2022-11-27
+### Changed
+- Upgraded dependencies
+- Updated translations
+
+### Fixed
+- Fixed error in export data (#499)
+- Fixed issues with reverse proxies (#495)
+- Fixed duplicated twitter tags
+
+## [3.6.0] - 2022-06-20
+### Changed
+- Improved embedding on discord of large videos.
+- Releases are now compressed for faster downloads
+- Updated translations
+
+### Fixed
+- Fixed deprecation notices on php >= 8 
+- Fixed embed UA for Discord.
+- Fixed error with post_max_size = 0
+
+### Removed
+- Support for php 7.2
+
+## [3.5.1] - 2021-10-22
+### Changed
+- Fixed embed UA for Discord.
+- Updated translations.
+
+## [3.5.0] - 2021-09-05
+### Added
+- Support for theme-park.dev themes.
+- Updated translations.
+
+### Fixed
+- Wrong css when reapplying the default theme.
+
+### Removed
+- Dropped theme cli command.
+
+## [3.4.1] - 2021-08-11
+### Added
+- Toggle to disable embeds.
+
+### Changed
+- Raw url copying now contains also the file extension.
+
+## [3.4.0] - 2021-08-01
+### Added
+- Added image support for OG for Discord only.
+
+### Changed
+- Updated translations.
+- Dropped support for PHP 7.1
+
+### Fixed
+- Fixed possible XSS and CSRF attacks.
+
+## [3.3.5] - 2021-04-25
+### Fixed
+- Removed OG integration for discord.
+
+### Changed
+- Updated translations.
+
+## [3.3.4] - 2021-03-07
+### Added
+- Login failed logging.
+- User identifier option for LDAP configurations.
+
+### Fixed
+- Fixed open graph meta tags for Discord.
+- Fixed custom html tags are not displayed back in the admin setting.
+- Fixed python plugin for newer version of Screencloud.
+- Fixed accented chars in email subject.
+- Fixed error on PHP 8.
+
+## [3.3.3] - 2020-11-13
+### Fixed
+- Fixed issue with responsive menu on mobile.
+
+## [3.3.2] - 2020-11-12
+### Fixed
+- Fixed switch not works for the first time for normal users.
+
+## [3.3.1] - 2020-11-12
+### Fixed
+- Formatting error on the check for updates.
+- Fixed default view for normal users.
+
+## [3.3.0] - 2020-11-12
+### Added
+- Enabled PHP 8 support.
+- Added Screencloud client support (https://screencloud.net).
+- OpenGraph image tag (issue #269).
+- Start adding unit tests.
+
+### Changed
+- The list mode is now available also for non-admin accounts (issue #226).
+
+### Fixed
+- Linux script strange response code in headless mode.
+
+### Removed
+- Dropped Telegram share button.
+
+## [3.2.0] - 2020-09-05
+### Added
+- Added support to use Azure Blob Storage account as storage location.
+- Support for other S3-compatible storage endpoint.
+- Line number when showing text files.
+
+### Fixed
+- S3 driver file streaming not working properly.
+- Fixed Slack image preview.
+
+## [3.1.4] - 2020-04-13
+### Changed
+- Now the migrate command resync the system quota for each user.
+
+### Fixed
+- Fixed error with the migrate command.
+
+## [3.1.3] - 2020-04-13
+### Changed
+- Added changelog page.
+- Updated translations.
+
+## [3.1.2] - 2020-04-12
+### Changed
+- Improved installer storage checks.
+
+### Fixed
+- Fixed upload table lost when updating very old instances.
+
+## [3.1.1] - 2020-04-11
+### Fixed
+- Fixed error during a fresh installation with sqlite.
+
+## [3.1] - 2020-04-10
+### Added
+- Added tagging system (add, delete, search of tagged files).
+- Added basic media auto-tagging on upload.
+- Added registration system.
+- Added password recovery system.
+- Added ability to export all media of an account.
+- Added ability to choose between default and raw url on copy.
+- Added hide by default option.
+- Added user disk quota.
+- Added reCAPTCHA login protection.
+- Added bulk delete.
+- Added account clean function.
+- Added user disk quota system.
+- Added notification option on account create.
+- Added LDAP authentication.
+
+### Changed
+- The theme is now re-applied after every system update.
+- Updated system settings page.
+- Updated translations.
+- Improved grid layout.
+
+### Fixed
+- Fixed bug html files raws are rendered in a browser.
+- Fixes and improvements.
+
+## [3.0.2] - 2019-12-04
+### Changed
+- Updated translations.
+
+### Fixed
+- Fixed error with migrate command.
+
+## [3.0.1] - 2019-11-25
+### Changed
+- Small installer update.
+
+### Fixed
+- Fixed error with older mysql versions.
+- Fixed config is compiled with the di container.
+
+## [3.0] - 2019-11-23
+### Added
+- Added web upload.
+- Added ability to add custom HTML in \<head\> tag.
+- Added ability to show a preview of PDF files.
+- Added remember me functionality.
+- Added delete button on the preview page if the user is logged in.
+- New project icon (by [@SerenaItalia](https://www.deviantart.com/serenaitalia)).
+- The linux script can be used on headless systems.
+- Raw URL now accept file extensions.
+- Implemented SameSite XSS protection.
+
+### Changed
+- Upgraded from Slim3 to Slim 4.
+- Replaced videojs player with Plyr.
+- Improved installer.
+- Improved thumbnail generation.
+- Small fixes and improvements.
+
+## [2.6.6] - 2019-10-23
+### Added
+- Ability to choose between releases and prereleases with the web updater.
+
+### Changed
+- Updated translations.
+
+## [2.6.5] - 2019-09-17
+### Changed
+- Changed color to some buttons to address visibility with some themes.
+
+### Fixed
+- Fixed error after orphaned files removal #74.
+- Fixed update password not correctly removed from log files (#74).
+
+## [2.6.4] - 2019-09-15
+### Added
+- Filter on displayable images.
+
+### Changed
+- The generated random strings are now more human readable.
+
+### Fixed
+- Fixed during upload error on php compiled for 32 bit.
+- Fixed icons on the installer page.
+
+## [2.6.3] - 2019-09-14
+### Fixed
+- Fixed #67.
+- Fixed bad preload statement.
+- Fixed wrong redirect after install in subdirs.
+
+## [2.6.2] - 2019-09-06
+### Added
+- Added method for cache busting when updating/change theme.
+- Added russian translation from [Weblate](https://hosted.weblate.org/projects/xbackbone/xbackbone/).
+
+### Changed
+- Changed background default color.
+- Use the Font Awesome web font for better performances.
+
+## [2.6.1] - 2019-09-04
+### Added
+- Added alert if required extensions are not loaded.
+
+### Changed
+- Improved shell commands.
+- Updated translations.
+
+### Fixed
+- Fixed bad redirects on the web installer (#62).
+- Fixed login page with dark themes.
+
+## [2.6] - 2019-08-20
+### Added
+- Added support to use AWS S3, Google Cloud Storage, Dropbox and FTP(s) accounts as storage location.
+- Added german and norwegian translations from [Weblate](https://hosted.weblate.org/projects/xbackbone/xbackbone/).
+- Added ability to force system language.
+
+### Changed
+- Improved lang detection.
+
+### Fixed
+- Fixed missing icon.
+
+## [2.5.3] - 2019-05-12
+### Changed
+- Improved exception stacktrace logging.
+
+### Fixed
+- Fixed bad css loading on Firefox (#35).
+- Fixed wrong style for publish/unpublish button.
+
+## [2.5.2] - 2019-05-09
+### Added
+- Added preloading for some resources to improve performances.
+- Added check for block execution on EOL and unsupported PHP versions.
+
+### Changed
+- Improved session handling.
+- Other minor improvements.
+
+### Fixed
+- Fixed telegram share not working.
+- Fix for big text file now are not rendered in the browser.
+
+## [2.5.1] - 2019-04-10
+### Changed
+- Improved HTTP partial content implementation for large files.
+
+### Fixed
+- Fixed bad redirect if the theme folder is not writable. (#27)
+
+## [2.5] - 2019-02-10
+### Added
+- Added partial content implementation (stream seeking on chromium based browsers).
+- **[BETA]** Added self update feature.
+- Added project favicon.
+
+### Changed
+- Updated project license to [AGPL v3.0](https://choosealicense.com/licenses/agpl-3.0/) (now releases ships with the new license).
+- Improved video.js alignment with large videos.
+- Optimized output zip release size.
+- Templates cleanup and optimizations.
+- Improved error handling.
+
+## [2.4.1] - 2019-01-24
+### Fixed
+- Fixed error message when the file is too large. (#15)
+- Fixed button alignment.
+
+## [2.4] - 2019-01-22
+### Added
+- Added function to remove orphaned files.
+- Multiple uploads sorting methods.
+- Switch between tab and gallery mode using an admin account.
+- Search in uploads.
+
+### Changed
+- Updated js dependencies.
+- Internal refactoring and improvements
+
+## [2.3.1] - 2018-12-09
+### Added
+- Added checks during the installation wizard.
+- cURL and Wget can now directly download the file.
+
+### Fixed
+- Fixed english language.
+- Fixed forced background with dark themes.
+
+## [2.3] - 2018-11-30
+### Added
+- Added overlay on user gallery images.
+- Added linux script to allow uploads from linux screenshot tools.
+- Enable audio player with video.js.
+- Font Awesome icon match the single file mime-type.
+
+### Changed
+- Improved image scaling in user gallery.
+- Video and audio now starts with volume at 50%.
+- Minor layout fixes.
+
+### Fixed
+- Fixed IT translation.
+
+## [2.2] - 2018-11-20
+### Added
+- Added multi-language support.
+
+### Fixed
+- Improved routing.
+- Minor improvements and bug fixes.
+- Fixed HTTP/2 push is resetting the current session.
+
+## [2.1] - 2018-11-20
+### Added
+- Added video.js support.
+- Allow e-mail login.
+- Support for ShareX deletion URL.
+
+### Changed
+- Improved theme style.
+- Improved page redirecting.
+
+### Fixed
+- Fixed HTTP/2 push preload.
+
+## [2.0] - 2018-11-13
+### Added
+- Added install wizard (using the CLI is no longer required).
+- Added used space indicator per user.
+- Allow discord bot to display the preview.
+- Theme switcher on the web UI.
+- MySQL support.
+
+### Changed
+- Migrated from Flight to Slim 3 framework.
+- Improvements under the hood.
+
+## [1.3] - 2018-10-14
+### Added
+- Added command to switch between bootswatch.com themes.
+- Added popover to write the telegram message when sharing.
+- Allow Facebook bots to display the preview.
+
+### Changed
+- Packaging improvements.
+- Updated some dependencies.
+
+## [1.2] - 2018-05-01
+### Added
+- Added auto config generator for ShareX.
+- Show upload file size on the dashboard.
+
+### Changed
+- Previews are now scaled for better page load.
+
+### Removed
+- Removed HTTP2 push from the dashboard to improve loading time.
+
+### Fixed
+- Fixed insert for admin user (running `php bin\migrate --install`).
+
+## [1.1] - 2018-04-28
+### Added
+- Added logging.
+- Added share to Telegram.
+
+### Changed
+- Improved migrate system.
+- Updated Bootstrap theme.
+
+### Fixed
+- Fixed back to top when click delete or publish/unpublish.
+- Login redirect back to the requested page.
+
+## [1.0] - 2018-04-28
+### Added
+- Initial version.

CODE_OF_CONDUCT.md

@@ -0,0 +1,76 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+ advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+ address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at sergio@brighenti.me. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq

Gruntfile.js

@@ -1,9 +1,14 @@
 module.exports = function (grunt) {
+    let version = grunt.file.readJSON('composer.json').version;
+    let releaseFilename = 'release-v' + version + '.zip';
     grunt.initConfig({
         pkg: grunt.file.readJSON('package.json'),
 
         jshint: {
-            all: ['Gruntfile.js', 'src/js/app.js']
+            all: ['Gruntfile.js', 'src/js/app.js'],
+            options: {
+                'esversion': 6,
+            }
         },
 
         cssmin: {
@@ -26,6 +31,9 @@ module.exports = function (grunt) {
                     'static/app/app.js': [
                         'src/js/app.js'
                     ],
+                    'install/installer.js': [
+                        'src/js/installer.js'
+                    ],
                 }
             }
         },
@@ -41,6 +49,7 @@ module.exports = function (grunt) {
             scripts: {
                 files: [
                     'src/js/app.js',
+                    'src/js/installer.js',
                 ],
 
                 tasks: ['uglify']
@@ -50,24 +59,131 @@ module.exports = function (grunt) {
         copy: {
             main: {
                 files: [
-                    {expand: true, cwd: 'node_modules/@fortawesome/fontawesome-free', src: ['css/**', 'js/**'], dest: 'static/fontawesome'},
-                    {expand: true, cwd: 'node_modules/bootstrap/dist', src: ['**'], dest: 'static/bootstrap'},
-                    {expand: true, cwd: 'node_modules/clipboard/dist', src: ['**'], dest: 'static/clipboardjs'},
-                    {expand: true, cwd: 'node_modules/highlightjs', src: ['styles/**/*', 'highlight.pack.min.js'], dest: 'static/highlightjs'},
+                    {
+                        expand: true,
+                        cwd: 'node_modules/@fortawesome/fontawesome-free',
+                        src: ['css/all.min.css', 'webfonts/**/*'],
+                        dest: 'static/fontawesome'
+                    },
+                    {
+                        expand: true,
+                        cwd: 'node_modules/bootstrap/dist/css',
+                        src: ['bootstrap.min.css'],
+                        dest: 'static/bootstrap/css'
+                    },
+                    {
+                        expand: true,
+                        cwd: 'node_modules/bootstrap/dist/js',
+                        src: ['bootstrap.bundle.min.js'],
+                        dest: 'static/bootstrap/js'
+                    },
+                    {
+                        expand: true,
+                        cwd: 'node_modules/clipboard/dist',
+                        src: ['clipboard.min.js'],
+                        dest: 'static/clipboardjs'
+                    },
+                    {
+                        expand: true,
+                        cwd: 'node_modules/plyr/dist',
+                        src: ['plyr.min.js', 'plyr.css'],
+                        dest: 'static/plyr'
+                    },
+                    {
+                        expand: true,
+                        cwd: 'node_modules/highlightjs',
+                        src: ['styles/**/*', 'highlight.pack.min.js'],
+                        dest: 'static/highlightjs'
+                    },                    {
+                        expand: true,
+                        cwd: 'node_modules/highlightjs-line-numbers.js/dist',
+                        src: ['highlightjs-line-numbers.min.js'],
+                        dest: 'static/highlightjs'
+                    },
+                    {
+                        expand: true,
+                        cwd: 'node_modules/dropzone/dist/min',
+                        src: ['dropzone.min.css', 'dropzone.min.js'],
+                        dest: 'static/dropzone'
+                    },
+                    {
+                        expand: true,
+                        cwd: 'node_modules/bootstrap4-toggle/css',
+                        src: ['bootstrap4-toggle.min.css'],
+                        dest: 'static/bootstrap/css'
+                    },
+                    {
+                        expand: true,
+                        cwd: 'node_modules/bootstrap4-toggle/js',
+                        src: ['bootstrap4-toggle.min.js'],
+                        dest: 'static/bootstrap/js'
+                    },
+                    {
+                        expand: true,
+                        cwd: 'src/images',
+                        src: ['**/*'],
+                        dest: 'static/images'
+                    },
                     {expand: true, cwd: 'node_modules/jquery/dist', src: ['jquery.min.js'], dest: 'static/jquery'}
                 ],
             },
         },
 
-        zip: {
-            'release.zip': ['app/**/*', 'bin/**/*', 'bootstrap/**/*', 'logs/**/*', 'resources/**/', 'static/**/*', '.htaccess', 'config.example.php', 'index.php', 'vendor']
-        }
+        shell: {
+            phpstan: {
+                command: '"./vendor/bin/phpstan" --level=0 analyse app resources/lang bin install'
+            },
+            composer_no_dev: {
+                command: 'composer install --no-dev --prefer-dist'
+            }
+        },
+
+        compress: {
+            main: {
+                options: {
+                    archive: releaseFilename,
+                    mode: 'zip',
+                    level: 9,
+                },
+                files: [{
+                    expand: true,
+                    cwd: './',
+                    src: [
+                        'app/**/*',
+                        'bin/**/*',
+                        'bootstrap/**/*',
+                        'install/**/*',
+                        'logs/**/',
+                        'resources/cache',
+                        'resources/sessions',
+                        'resources/database',
+                        'resources/lang/**/*',
+                        'resources/templates/**/*',
+                        'resources/schemas/**/*',
+                        'resources/lang/**/*',
+                        'resources/uploaders/**/*',
+                        'static/**/*',
+                        'vendor/**/*',
+                        '.htaccess',
+                        'config.example.php',
+                        'index.php',
+                        'composer.json',
+                        'composer.lock',
+                        'LICENSE',
+                        'favicon.ico',
+                        'CHANGELOG.md'
+                    ],
+                    dest: '/'
+                }]
+            }
+        },
 
     });
 
     require('load-grunt-tasks')(grunt);
     grunt.registerTask('default', ['jshint', 'cssmin', 'uglify', 'copy']);
     grunt.registerTask('test', ['jshint']);
-    grunt.registerTask('build-release', ['default', 'zip']);
-
+    grunt.registerTask('phpstan', ['shell:phpstan']);
+    grunt.registerTask('composer_no_dev', ['shell:composer_no_dev']);
+    grunt.registerTask('build-release', ['default', 'composer_no_dev', 'compress']);
 };

LICENSE

@@ -1,23 +1,21 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
                             Preamble
 
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
 
   The licenses for most software and other practical works are designed
 to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
+our General Public Licenses are intended to guarantee your freedom to
 share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
+software for all its users.
 
   When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
@@ -26,44 +24,34 @@ them if you wish), that you receive source code or can get it if you
 want it, that you can change the software or use pieces of it in new
 free programs, and that you know you can do these things.
 
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
 
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
 
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
 
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
 
   The precise terms and conditions for copying, distribution and
 modification follow.
@@ -72,7 +60,7 @@ modification follow.
 
   0. Definitions.
 
-  "This License" refers to version 3 of the GNU General Public License.
+  "This License" refers to version 3 of the GNU Affero General Public License.
 
   "Copyright" also means copyright-like laws that apply to other kinds of
 works, such as semiconductor masks.
@@ -549,35 +537,45 @@ to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.
 
-  13. Use with the GNU Affero General Public License.
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
 
   Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
+under version 3 of the GNU General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
 
   14. Revised Versions of this License.
 
   The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
 
   Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
+Program specifies that a certain numbered version of the GNU Affero General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
+GNU Affero General Public License, you may choose any version ever published
 by the Free Software Foundation.
 
   If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
+versions of the GNU Affero General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.
 
@@ -635,40 +633,29 @@ the "copyright" line and a pointer to where the full notice is found.
     Copyright (C) <year>  <name of author>
 
     This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
     (at your option) any later version.
 
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
+    GNU Affero General Public License for more details.
 
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    <program>  Copyright (C) <year>  <name of author>
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
 
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

README.md

@@ -1,107 +1,53 @@
 
-# XBackBone 📤 [![Build Status](https://travis-ci.org/SergiX44/XBackBone.svg?branch=master)](https://travis-ci.org/SergiX44/XBackBone)
-XBackBone is a simple, self-hosted, lightweight PHP backend for the instant sharing tool ShareX. It supports uploading and displaying images, GIF, video, code, formatted text, and file downloading and uploading. Also have a web UI with multi user management and past uploads history.
+# <a href="https://hosted.weblate.org/engage/xbackbone/?utm_source=widget"><img src="https://hosted.weblate.org/widgets/xbackbone/-/xbackbone/svg-badge.svg" alt="Weblate"></a> <a href="https://codeclimate.com/github/SergiX44/XBackBone/maintainability"><img src="https://api.codeclimate.com/v1/badges/bf8ee4a8df9c9f0dfa08/maintainability" alt="Codeclimate"></a> <a href="http://bit.ly/XBackBonePaypal"><img src="https://img.shields.io/badge/donate-PayPal-yellow" alt="Donations"></a> <a href="https://discord.gg/ksPfXFbhDF"><img src="https://img.shields.io/discord/780922715393359904?label=discord%20chat" alt="Discord"></a>
 
-## Features
+<p align="center">
+  <img src=".github/xbackbone.png" width="350px">
+</p>
+
+XBackBone is a simple, self-hosted, lightweight PHP file manager that support the instant sharing tool ShareX and *NIX systems. It supports uploading and displaying images, GIF, video, code, formatted text, and file downloading and uploading. Also have a web UI with multi user management, past uploads history and search support.
+
+
+## Documentation
+All the installations, configuration, and usage instructions are available in the GitHub Pages:
+
+[XBackBone Documentation](https://sergix44.github.io/XBackBone/)
+
+## Main Features
 
 + Supports every upload type from ShareX.
-+ User management, multi user features.
++ Config generator for ShareX.
++ Low memory footprint.
++ Multiple backends support: Local storage, AWS S3, Google Cloud, Azure Blob Storage, Dropbox, FTP(s).
++ Web file upload.
++ Code uploads syntax highlighting.
++ Video and audio uploads webplayer.
++ PDF viewer.
++ Files preview page.
++ Bootswatch themes support.
++ Responsive theme for mobile use.
++ Multi language support.
++ User management, multi user features, roles and disk quota.
 + Public and private uploads.
-+ Web UI for each user.
 + Logging system.
-+ Auto config generator for ShareX.
++ Share to Telegram.
++ Linux supported via a per-user custom generated script (server and desktop).
++ Direct downloads using curl or wget commands.
++ Direct images links support on Discord, Telegram, Facebook, etc.
++ System updates without FTP or CLI.
++ Easy web installer.
++ LDAP authentication.
++ Registration system.
++ Automatic uploads tagging system.
++ Tag uploads with custom tags for categorization.
++ ... and more.
 
-## How to Install
-XBackBone require PHP >= `7.1`, the composer package manager, writable storage path and PDO, with installed the needed extensions (ex. `php-sqlite3` for SQLite):
 
-+ **[release, stable]** Download latest release from GitHub:
- [https://github.com/SergiX44/XBackBone/releases/latest](https://github.com/SergiX44/XBackBone/releases/latest)
- 
-+ Run composer from your shell:
+## Security Vulnerabilities
 
-```sh
-composer install --no-dev
-```
-+ Setup the config file:
+If you discover a security vulnerability within XBackBone, please send an e-mail to Sergio at sergio@brighenti.me. All security vulnerabilities will be promptly addressed.
 
-```sh
-cp config.example.php config.php
-```
-By default, XBackBone will use Sqlite as DB engine, and a `storage` dir in the current directory. You can leave these settings unchanged for a simple personal installation.
-You must set the `base_url`, or remove it for get dynamically the url from request (not raccomanded).
+## License
+This software is licensed under the <a href="https://choosealicense.com/licenses/agpl-3.0/">GNU Affero General Public License v3.0</a>, available in this repository.
+As a "copyright notice" it is sufficient to keep the small footer at the bottom of the page, also to help other people to learn about this project!
 
-```php
-return [
-	'base_url' => 'https://myaswesomedomain.com', // no trailing slash
-	'storage_dir' => 'storage',
-	'db' => [
-		'connection' => 'sqlite',
-		'dsn' => 'resources/database/xbackbone.db',
-		'username' => null, // username and password not needed for sqlite
-		'password' => null,
-	]
-];
-```
-+ Finally, run the migrate script to setup the database
-
-```sh
-php bin/migrate --install
-```
-+ Now just login with `admin/admin`, **be sure to change these credentials after your first login**.
-
-#### Other deployment method
-+ [Docker container](https://hub.docker.com/r/pe46dro/xbackbone-docker)
-
-## ShareX Configuration
-Once you are logged in, just go in your profile settings and download the ShareX config file for your account.
-
-## Notes
-If you do not use Apache, or the Apache `.htaccess` is not enabled, set your web server so that the `static/` folder is the only one accessible from the outside, otherwise even private uploads and logs will be accessible!
-The NGINX configuration should be something like this:
-```
-# nginx configuration
-
-location /app {
-  return 403;
-}
-
-location /bin {
-  return 403;
-}
-
-location /bootstrap {
-  return 403;
-}
-
-location /resources {
-  return 403;
-}
-
-location /storage {
-  return 403;
-}
-
-location /vendor {
-  return 403;
-}
-
-location /logs {
-  return 403;
-}
-
-autoindex off;
-
-location / {
-  if (!-e $request_filename){
-    rewrite ^(.*)$ /index.php break;
-  }
-}
-```
-
-## Built with
-+ FlightPHP (http://flightphp.com/)
-+ Bootstrap 4 (https://getbootstrap.com/)
-+ Font Awesome 5 (http://fontawesome.com)
-+ ClipboardJS (https://clipboardjs.com/)
-+ HighlightJS (https://highlightjs.org/)
-+ JQuery (https://jquery.com/)

SECURITY.md

@@ -0,0 +1,5 @@
+# Security Policy
+
+## Security Vulnerabilities
+
+If you discover a security vulnerability within XBackBone, please send an e-mail to Sergio at sergio@brighenti.me. All security vulnerabilities will be promptly addressed.

app/Controllers/AdminController.php

@@ -0,0 +1,110 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Database\Migrator;
+use App\Web\Theme;
+use League\Flysystem\FileNotFoundException;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+
+class AdminController extends Controller
+{
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     *
+     * @return Response
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     *
+     */
+    public function system(Request $request, Response $response): Response
+    {
+        $settings = [];
+        foreach ($this->database->query('SELECT `key`, `value` FROM `settings`') as $setting) {
+            $settings[$setting->key] = $setting->value;
+        }
+
+        $settings['default_user_quota'] = humanFileSize(
+            $this->getSetting('default_user_quota', stringToBytes('1G')),
+            0,
+            true
+        );
+
+        return view()->render($response, 'dashboard/system.twig', [
+            'usersCount' => $this->database->query('SELECT COUNT(*) AS `count` FROM `users`')->fetch()->count,
+            'mediasCount' => $this->database->query('SELECT COUNT(*) AS `count` FROM `uploads`')->fetch()->count,
+            'orphanFilesCount' => $this->database->query('SELECT COUNT(*) AS `count` FROM `uploads` WHERE `user_id` IS NULL')->fetch()->count,
+            'totalSize' => humanFileSize($this->database->query('SELECT SUM(`current_disk_quota`) AS `sum` FROM `users`')->fetch()->sum ?? 0),
+            'post_max_size' => ini_get('post_max_size'),
+            'upload_max_filesize' => ini_get('upload_max_filesize'),
+            'installed_lang' => $this->lang->getList(),
+            'forced_lang' => $request->getAttribute('forced_lang'),
+            'php_version' => PHP_VERSION,
+            'max_memory' => ini_get('memory_limit'),
+            'settings' => $settings,
+        ]);
+    }
+
+    /**
+     * @param  Response  $response
+     *
+     * @return Response
+     */
+    public function deleteOrphanFiles(Response $response): Response
+    {
+        $orphans = $this->database->query('SELECT * FROM `uploads` WHERE `user_id` IS NULL')->fetchAll();
+
+        $filesystem = $this->storage;
+        $deleted = 0;
+
+        foreach ($orphans as $orphan) {
+            try {
+                $filesystem->delete($orphan->storage_path);
+                $deleted++;
+            } catch (FileNotFoundException $e) {
+            }
+        }
+
+        $this->database->query('DELETE FROM `uploads` WHERE `user_id` IS NULL');
+
+        $this->session->alert(lang('deleted_orphans', [$deleted]));
+
+        return redirect($response, route('system'));
+    }
+
+    /**
+     * @param  Response  $response
+     *
+     * @return Response
+     */
+    public function getThemes(Response $response): Response
+    {
+        $themes = make(Theme::class)->availableThemes();
+
+        $out = [];
+
+        foreach ($themes as $vendor => $list) {
+            $out["-- {$vendor} --"] = null;
+            foreach ($list as $name => $url) {
+                $out[$name] = "{$vendor}|{$url}";
+            }
+        }
+
+        return json($response, $out);
+    }
+
+    /**
+     * @param  Response  $response
+     * @return Response
+     */
+    public function recalculateUserQuota(Response $response): Response
+    {
+        $migrator = new Migrator($this->database, null);
+        $migrator->reSyncQuotas($this->storage);
+        $this->session->alert(lang('quota_recalculated'));
+        return redirect($response, route('system'));
+    }
+}

app/Controllers/Auth/AuthController.php

@@ -0,0 +1,123 @@
+<?php
+
+
+namespace App\Controllers\Auth;
+
+use App\Controllers\Controller;
+use App\Web\Session;
+use App\Web\ValidationHelper;
+use Psr\Http\Message\ServerRequestInterface as Request;
+
+abstract class AuthController extends Controller
+{
+    protected function checkRecaptcha(ValidationHelper $validator, Request $request)
+    {
+        $validator->callIf($this->getSetting('recaptcha_enabled') === 'on', function (Session $session) use (&$request) {
+            $recaptcha = json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$this->getSetting('recaptcha_secret_key').'&response='.param($request, 'recaptcha_token')));
+
+            if ($recaptcha->success && $recaptcha->score < 0.5) {
+                $session->alert(lang('recaptcha_failed'), 'danger');
+                return false;
+            }
+            return true;
+        });
+        return $validator;
+    }
+
+
+    /**
+     * Connects to LDAP server and logs in with service account (if configured)
+     * @return \LDAP\Connection|resource|false
+     */
+    public function ldapConnect()
+    {
+        if (!extension_loaded('ldap')) {
+            $this->logger->error('The LDAP extension is not loaded.');
+            return false;
+        }
+        // Building LDAP URI
+        $ldapSchema=(@is_string($this->config['ldap']['schema'])) ?
+            strtolower($this->config['ldap']['schema']) : 'ldap';
+        $ldapURI="$ldapSchema://".$this->config['ldap']['host'].':'.$this->config['ldap']['port'];
+
+        // Connecting to LDAP server
+        $this->logger->debug("Connecting to $ldapURI");
+        $server = ldap_connect($ldapURI);
+        if ($server) {
+            ldap_set_option($server, LDAP_OPT_PROTOCOL_VERSION, 3);
+            ldap_set_option($server, LDAP_OPT_REFERRALS, 0);
+            ldap_set_option($server, LDAP_OPT_NETWORK_TIMEOUT, 10);
+        } else {
+            $this->logger->error('LDAP-URI was not parseable');
+            return false;
+        }
+
+        // Upgrade to StartTLS
+        $useStartTLS = @is_bool($this->config['ldap']['useStartTLS']) ? $this->config['ldap']['useStartTLS'] : false;
+        if (($useStartTLS === true) && (ldap_start_tls($server) === false)) {
+            $this->logger->debug(ldap_error($server));
+            $this->logger->error("Failed to establish secure LDAP swith StartTLS");
+            return false;
+        }
+
+        // Authenticating LDAP service account (if configured)
+        $serviceAccountFQDN= (@is_string($this->config['ldap']['service_account_dn'])) ?
+            $this->config['ldap']['service_account_dn'] : null;
+        if (is_string($serviceAccountFQDN)) {
+            if (ldap_bind($server, $serviceAccountFQDN, $this->config['ldap']['service_account_password']) === false) {
+                $this->logger->debug(ldap_error($server));
+                $this->logger->error("Bind with service account ($serviceAccountFQDN) failed.");
+                return false;
+            }
+        }
+
+        return $server;
+    }
+
+    /**
+     * Returns User's LDAP DN
+     * @param  string  $username
+     * @param \LDAP\Connection|resource $server LDAP Server Resource
+     * @return string|null
+     */
+    protected function getLdapRdn(string $username, $server)
+    {
+        //Dynamic LDAP User Binding
+        if (@is_string($this->config['ldap']['search_filter'])) {
+            //Replace ???? with username
+            $searchFilter = str_replace('????', ldap_escape($username, '', LDAP_ESCAPE_FILTER), $this->config['ldap']['search_filter']);
+            $ldapAddributes = array('dn');
+            $this->logger->debug("LDAP Search filter: $searchFilter");
+            $ldapSearchResp = ldap_search(
+                $server,
+                $this->config['ldap']['base_domain'],
+                $searchFilter,
+                $ldapAddributes
+            );
+            if (!$ldapSearchResp) {
+                $this->logger->debug(ldap_error($server));
+                $this->logger->error("User LDAP search for user $username failed");
+                return null;
+            }
+            if (ldap_count_entries($server, $ldapSearchResp) !== 1) {
+                $this->logger->notice("LDAP search for $username not found or had multiple entries");
+                return null;
+            }
+            $ldapEntry = ldap_first_entry($server, $ldapSearchResp);
+            //Returns full DN
+            $bindString = ldap_get_dn($server, $ldapEntry);
+        } else {
+            // Static LDAP Binding
+            $bindString = ($this->config['ldap']['rdn_attribute'] ?? 'uid=').addslashes($username);
+            if ($this->config['ldap']['user_domain'] !== null) {
+                $bindString .= ','.$this->config['ldap']['user_domain'];
+            }
+
+            if ($this->config['ldap']['base_domain'] !== null) {
+                $bindString .= ','.$this->config['ldap']['base_domain'];
+            }
+            //returns partial DN
+        }
+        return $bindString;
+    }
+}

app/Controllers/Auth/LoginController.php

@@ -0,0 +1,183 @@
+<?php
+
+namespace App\Controllers\Auth;
+
+use App\Database\Repositories\UserRepository;
+use App\Web\ValidationHelper;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+
+class LoginController extends AuthController
+{
+    /**
+     * @param  Response  $response
+     *
+     * @return Response
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     *
+     * @throws \Twig\Error\LoaderError
+     */
+    public function show(Response $response): Response
+    {
+        if ($this->session->get('logged', false)) {
+            return redirect($response, route('home'));
+        }
+
+        return view()->render($response, 'auth/login.twig', [
+            'register_enabled' => $this->getSetting('register_enabled', 'off'),
+            'recaptcha_site_key' => $this->getSetting('recaptcha_enabled') === 'on' ? $this->getSetting('recaptcha_site_key') : null,
+        ]);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     *
+     * @return Response
+     * @throws \Exception
+     *
+     */
+    public function login(Request $request, Response $response): Response
+    {
+        /** @var ValidationHelper $validator */
+        $validator = make(ValidationHelper::class);
+
+        if ($this->checkRecaptcha($validator, $request)->fails()) {
+            return redirect($response, route('login'));
+        }
+
+        $username = param($request, 'username');
+        $password = param($request, 'password');
+        $user = $this->database->query('SELECT `id`, `email`, `username`, `password`,`is_admin`, `active`, `current_disk_quota`, `max_disk_quota`, `ldap`, `copy_raw` FROM `users` WHERE `username` = ? OR `email` = ? LIMIT 1', [$username, $username])->fetch();
+
+        if ($this->config['ldap']['enabled'] && (!$user || $user->ldap ?? true)) {
+            $user = $this->ldapLogin($request, $username, param($request, 'password'), $user);
+        }
+
+        $validator
+            ->alertIf(!$user || !password_verify($password, $user->password), 'bad_login')
+            ->alertIf(isset($this->config['maintenance']) && $this->config['maintenance'] && !($user->is_admin ?? true), 'maintenance_in_progress', 'info')
+            ->alertIf(!($user->active ?? false), 'account_disabled');
+
+        if ($validator->fails()) {
+            if (!empty($request->getHeaderLine('X-Forwarded-For'))) {
+                $ip = $request->getHeaderLine('X-Forwarded-For');
+            } else {
+                $ip = $request->getServerParams()['REMOTE_ADDR'] ?? null;
+            }
+            $this->logger->info("Login failed with username='{$username}', ip={$ip}.");
+            return redirect($response, route('login'));
+        }
+
+        $this->session->set('logged', true)
+            ->set('user_id', $user->id)
+            ->set('username', $user->username)
+            ->set('admin', $user->is_admin)
+            ->set('copy_raw', $user->copy_raw);
+
+        $this->setSessionQuotaInfo($user->current_disk_quota, $user->max_disk_quota);
+
+        $this->session->alert(lang('welcome', [$user->username]), 'info');
+        $this->logger->info("User $user->username logged in.");
+
+        if (param($request, 'remember') === 'on') {
+            $this->refreshRememberCookie($user->id);
+        }
+
+        if ($this->session->has('redirectTo')) {
+            return redirect($response, $this->session->get('redirectTo'));
+        }
+
+        return redirect($response, route('home'));
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     *
+     * @return Response
+     */
+    public function logout(Request $request, Response $response): Response
+    {
+        $this->session->clear();
+        $this->session->set('logged', false);
+        $this->session->alert(lang('goodbye'), 'warning');
+
+        if (!empty($request->getCookieParams()['remember'])) {
+            setcookie('remember', null, 0, '', '', false, true);
+        }
+
+        return redirect($response, route('login.show'));
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  string  $username
+     * @param  string  $password
+     * @param $dbUser
+     * @return bool|null
+     * @throws \Slim\Exception\HttpNotFoundException
+     * @throws \Slim\Exception\HttpUnauthorizedException
+     */
+    protected function ldapLogin(Request $request, string $username, string $password, $dbUser)
+    {
+        // Build LDAP connection
+        $server = $this->ldapConnect();
+        if (!$server) {
+            $this->session->alert(lang('ldap_cant_connect'), 'warning');
+            return $dbUser;
+        }
+
+        //Get LDAP user's (R)DN
+        $userDN=$this->getLdapRdn($username, $server);
+        if (!is_string($userDN)) {
+            return null;
+        }
+
+        //Bind as user to validate password
+        if (@ldap_bind($server, $userDN, $password)) {
+            $this->logger->debug("$userDN authenticated against LDAP sucessfully");
+        } else {
+            $this->logger->debug("$userDN authenticated against LDAP unsucessfully");
+            if ($dbUser && !$dbUser->ldap) {
+                return $dbUser;
+            }
+            return null;
+        }
+
+        if (!$dbUser) {
+            $email = $username;
+            if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
+                if (@is_string($this->config['ldap']['search_filter'])) {
+                    $search = ldap_read(
+                        $server,
+                        $userDN,
+                        'objectClass=*',
+                        array('mail',$this->config['ldap']['rdn_attribute'])
+                    );
+                } else {
+                    $search = ldap_search($server, $this->config['ldap']['base_domain'], ($this->config['ldap']['rdn_attribute'] ?? 'uid=').addslashes($username), ['mail']);
+                }
+                $entry = ldap_first_entry($server, $search);
+                $email = @ldap_get_values($server, $entry, 'mail')[0] ?? platform_mail($username.rand(0, 100)); // if the mail is not set, generate a placeholder
+            }
+            /** @var UserRepository $userQuery */
+            $userQuery = make(UserRepository::class);
+            $userQuery->create($email, $username, $password, 0, 1, (int) $this->getSetting('default_user_quota', -1), null, 1);
+            return $userQuery->get($request, $this->database->getPdo()->lastInsertId());
+        }
+
+        if ($server) {
+            ldap_close($server);
+        }
+
+        if (!password_verify($password, $dbUser->password)) {
+            $userQuery = make(UserRepository::class);
+            $userQuery->update($dbUser->id, $dbUser->email, $username, $password, $dbUser->is_admin, $dbUser->active, $dbUser->max_disk_quota, $dbUser->ldap);
+            return $userQuery->get($request, $dbUser->id);
+        }
+
+        return $dbUser;
+    }
+}

app/Controllers/Auth/PasswordRecoveryController.php

@@ -0,0 +1,130 @@
+<?php
+
+
+namespace App\Controllers\Auth;
+
+use App\Web\Mail;
+use App\Web\ValidationHelper;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Exception\HttpNotFoundException;
+
+class PasswordRecoveryController extends AuthController
+{
+    /**
+     * @param  Response  $response
+     * @return Response
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     */
+    public function recover(Response $response): Response
+    {
+        return view()->render($response, 'auth/recover_mail.twig', [
+            'recaptcha_site_key' => $this->getSetting('recaptcha_enabled') === 'on' ? $this->getSetting('recaptcha_site_key') : null,
+        ]);
+    }
+
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @return Response
+     * @throws \Exception
+     */
+    public function recoverMail(Request $request, Response $response): Response
+    {
+        if ($this->session->get('logged', false)) {
+            return redirect($response, route('home'));
+        }
+
+        if ($this->checkRecaptcha(make(ValidationHelper::class), $request)->fails()) {
+            return redirect($response, route('recover'));
+        }
+
+        $user = $this->database->query('SELECT `id`, `username` FROM `users` WHERE `email` = ? AND NOT `ldap` LIMIT 1', param($request, 'email'))->fetch();
+
+        if (!isset($user->id)) {
+            $this->session->alert(lang('recover_email_sent'), 'success');
+            return redirect($response, route('recover'));
+        }
+
+        $resetToken = bin2hex(random_bytes(16));
+
+        $this->database->query('UPDATE `users` SET `reset_token`=? WHERE `id` = ?', [
+            $resetToken,
+            $user->id,
+        ]);
+
+        Mail::make()
+            ->from(platform_mail(), $this->config['app_name'])
+            ->to(param($request, 'email'))
+            ->subject(lang('mail.recover_password', [$this->config['app_name']]))
+            ->message(lang('mail.recover_text', [
+                $user->username,
+                route('recover.password', ['resetToken' => $resetToken]),
+                route('recover.password', ['resetToken' => $resetToken]),
+            ]))
+            ->send();
+
+        $this->session->alert(lang('recover_email_sent'), 'success');
+        return redirect($response, route('recover'));
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  string  $resetToken
+     * @return Response
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     * @throws HttpNotFoundException
+     */
+    public function recoverPasswordForm(Request $request, Response $response, string $resetToken): Response
+    {
+        $user = $this->database->query('SELECT `id` FROM `users` WHERE `reset_token` = ? LIMIT 1', $resetToken)->fetch();
+
+        if (!$user) {
+            throw new HttpNotFoundException($request);
+        }
+
+        return view()->render($response, 'auth/recover_password.twig', [
+            'reset_token' => $resetToken
+        ]);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  string  $resetToken
+     * @return Response
+     * @throws HttpNotFoundException
+     */
+    public function recoverPassword(Request $request, Response $response, string $resetToken): Response
+    {
+        $user = $this->database->query('SELECT `id` FROM `users` WHERE `reset_token` = ? LIMIT 1', $resetToken)->fetch();
+
+        if (!$user) {
+            throw new HttpNotFoundException($request);
+        }
+
+        /** @var ValidationHelper $validator */
+        $validator = make(ValidationHelper::class)
+            ->alertIf(empty(param($request, 'password')), 'password_required')
+            ->alertIf(param($request, 'password') !== param($request, 'password_repeat'), 'password_match');
+
+        if ($validator->fails()) {
+            return redirect($response, route('recover.password', ['resetToken' => $resetToken]));
+        }
+
+        $this->database->query('UPDATE `users` SET `password`=?, `reset_token`=? WHERE `id` = ?', [
+            password_hash(param($request, 'password'), PASSWORD_DEFAULT),
+            null,
+            $user->id,
+        ]);
+
+        $this->session->alert(lang('password_restored'), 'success');
+        return redirect($response, route('login.show'));
+    }
+}

app/Controllers/Auth/RegisterController.php

@@ -0,0 +1,126 @@
+<?php
+
+
+namespace App\Controllers\Auth;
+
+use App\Controllers\Controller;
+use App\Database\Repositories\UserRepository;
+use App\Web\Mail;
+use App\Web\ValidationHelper;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Exception\HttpNotFoundException;
+
+class RegisterController extends AuthController
+{
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @return Response
+     * @throws HttpNotFoundException
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     */
+    public function registerForm(Request $request, Response $response): Response
+    {
+        if ($this->session->get('logged', false)) {
+            return redirect($response, route('home'));
+        }
+
+        if ($this->getSetting('register_enabled', 'off') === 'off') {
+            throw new HttpNotFoundException($request);
+        }
+
+        return view()->render($response, 'auth/register.twig', [
+            'recaptcha_site_key' => $this->getSetting('recaptcha_enabled') === 'on' ? $this->getSetting('recaptcha_site_key') : null,
+        ]);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @return Response
+     * @throws HttpNotFoundException
+     * @throws \Exception
+     */
+    public function register(Request $request, Response $response): Response
+    {
+        if ($this->session->get('logged', false)) {
+            return redirect($response, route('home'));
+        }
+
+        if ($this->getSetting('register_enabled', 'off') === 'off') {
+            throw new HttpNotFoundException($request);
+        }
+
+        if ($this->checkRecaptcha(make(ValidationHelper::class), $request)->fails()) {
+            return redirect($response, route('register.show'));
+        }
+
+        $validator = $this->getUserCreateValidator($request)->alertIf(empty(param($request, 'password')), 'password_required');
+
+        if ($validator->fails()) {
+            return redirect($response, route('register.show'));
+        }
+
+        $activateToken = bin2hex(random_bytes(16));
+
+        make(UserRepository::class)->create(
+            param($request, 'email'),
+            param($request, 'username'),
+            param($request, 'password'),
+            0,
+            0,
+            (int) $this->getSetting('default_user_quota', -1),
+            $activateToken
+        );
+
+        Mail::make()
+            ->from(platform_mail(), $this->config['app_name'])
+            ->to(param($request, 'email'))
+            ->subject(lang('mail.activate_account', [$this->config['app_name']]))
+            ->message(lang('mail.activate_text', [
+                param($request, 'username'),
+                $this->config['app_name'],
+                $this->config['base_url'],
+                $this->config['base_url'],
+                route('activate', ['activateToken' => $activateToken]),
+                route('activate', ['activateToken' => $activateToken]),
+            ]))
+            ->send();
+
+        $this->session->alert(lang('register_success', [param($request, 'username')]), 'success');
+        $this->logger->info('New user registered.', [array_diff_key($request->getParsedBody(), array_flip(['password']))]);
+
+        return redirect($response, route('login.show'));
+    }
+
+    /**
+     * @param  Response  $response
+     * @param  string  $activateToken
+     * @return Response
+     */
+    public function activateUser(Response $response, string $activateToken): Response
+    {
+        if ($this->session->get('logged', false)) {
+            return redirect($response, route('home'));
+        }
+
+        $userId = $this->database->query('SELECT `id` FROM `users` WHERE `activate_token` = ? LIMIT 1', $activateToken)->fetch()->id ?? null;
+
+        if ($userId === null) {
+            $this->session->alert(lang('account_not_found'), 'warning');
+            return redirect($response, route('login.show'));
+        }
+
+        $this->database->query('UPDATE `users` SET `activate_token`=?, `active`=? WHERE `id` = ?', [
+            null,
+            1,
+            $userId,
+        ]);
+
+        $this->session->alert(lang('account_activated'), 'success');
+        return redirect($response, route('login.show'));
+    }
+}

app/Controllers/ClientController.php

@@ -0,0 +1,148 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Database\Repositories\UserRepository;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Exception\HttpNotFoundException;
+use ZipStream\Option\Archive;
+use ZipStream\ZipStream;
+
+class ClientController extends Controller
+{
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     *
+     * @return Response
+     */
+    public function getShareXConfig(Request $request, Response $response, int $id): Response
+    {
+        $user = make(UserRepository::class)->get($request, $id, true);
+
+        if (!$user->token) {
+            $this->session->alert(lang('no_upload_token'), 'danger');
+
+            return redirect($response, $request->getHeaderLine('Referer'));
+        }
+
+        $json = [
+            'DestinationType' => 'ImageUploader, TextUploader, FileUploader',
+            'RequestURL' => route('upload'),
+            'FileFormName' => 'upload',
+            'Arguments' => [
+                'file' => '$filename$',
+                'text' => '$input$',
+                'token' => $user->token,
+            ],
+            'URL' => '$json:url$',
+            'ThumbnailURL' => '$json:url$/raw',
+            'DeletionURL' => '$json:url$/delete/'.$user->token,
+        ];
+
+        return json($response, $json, 200, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT)
+            ->withHeader('Content-Disposition', 'attachment;filename="'.$user->username.'-ShareX.sxcu"');
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  string|null  $token
+     * @return Response
+     * @throws \ZipStream\Exception\FileNotFoundException
+     * @throws \ZipStream\Exception\FileNotReadableException
+     * @throws \ZipStream\Exception\OverflowException
+     * @throws HttpNotFoundException
+     */
+    public function getScreenCloudConfig(Request $request, string $token): Response
+    {
+        $user = $this->database->query('SELECT * FROM `users` WHERE `token` = ? LIMIT 1', $token)->fetch();
+        if (!$user) {
+            throw new HttpNotFoundException($request);
+        }
+
+        $config = [
+            'token' => $token,
+            'host' => route('root'),
+        ];
+
+        ob_end_clean();
+
+        $options = new Archive();
+        $options->setSendHttpHeaders(true);
+
+        $zip = new ZipStream($user->username.'-screencloud.zip', $options);
+
+        $zip->addFileFromPath('main.py', BASE_DIR.'resources/uploaders/screencloud/main.py');
+        $zip->addFileFromPath('icon.png', BASE_DIR.'static/images/favicon-32x32.png');
+        $zip->addFileFromPath('metadata.xml', BASE_DIR.'resources/uploaders/screencloud/metadata.xml');
+        $zip->addFileFromPath('settings.ui', BASE_DIR.'resources/uploaders/screencloud/settings.ui');
+        $zip->addFile('config.json', json_encode($config, JSON_UNESCAPED_SLASHES));
+
+        $zip->finish();
+        exit(0);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     *
+     * @return Response
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     */
+    public function getBashScript(Request $request, Response $response, int $id): Response
+    {
+        $user = make(UserRepository::class)->get($request, $id, true);
+
+        if (!$user->token) {
+            $this->session->alert(lang('no_upload_token'), 'danger');
+
+            return redirect($response, $request->getHeaderLine('Referer'));
+        }
+
+        return view()->render(
+            $response->withHeader('Content-Disposition', 'attachment;filename="xbackbone_uploader_'.$user->username.'.sh"'),
+            'scripts/xbackbone_uploader.sh.twig',
+            [
+                'username' => $user->username,
+                'upload_url' => route('upload'),
+                'token' => $user->token,
+            ]
+        );
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     *
+     * @return Response
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     */
+    public function getKDEScript(Request $request, Response $response, int $id): Response
+    {
+        $user = make(UserRepository::class)->get($request, $id, true);
+
+        if (!$user->token) {
+            $this->session->alert(lang('no_upload_token'), 'danger');
+
+            return redirect($response, $request->getHeaderLine('Referer'));
+        }
+
+        return view()->render(
+            $response->withHeader('Content-Disposition', 'attachment;filename="xbackbone_uploader_'.$user->username.'.sh"'),
+            'scripts/xbackbone_kde_uploader.sh.twig',
+            [
+                'username' => $user->username,
+                'upload_url' => route('upload'),
+                'token' => $user->token,
+            ]
+        );
+    }
+}

app/Controllers/Controller.php

@@ -2,89 +2,153 @@
 
 namespace App\Controllers;
 
-
-use App\Exceptions\AuthenticationException;
-use App\Exceptions\UnauthorizedException;
-use App\Web\Session;
-use Flight;
 use App\Database\DB;
-use League\Flysystem\Adapter\Local;
+use App\Database\Repositories\UserRepository;
+use App\Web\Lang;
+use App\Web\Session;
+use App\Web\ValidationHelper;
+use App\Web\View;
+use DI\Container;
+use DI\DependencyException;
+use DI\NotFoundException;
+use Exception;
 use League\Flysystem\Filesystem;
+use Monolog\Logger;
+use Psr\Http\Message\ServerRequestInterface as Request;
 
+/**
+ * @property Session session
+ * @property View view
+ * @property DB database
+ * @property Logger|null logger
+ * @property Filesystem|null storage
+ * @property Lang lang
+ * @property array config
+ */
 abstract class Controller
 {
+    /** @var Container */
+    protected $container;
 
-	/**
-	 * Check if the current user is logged in
-	 * @throws AuthenticationException
-	 */
-	protected function checkLogin(): void
-	{
-		if (!Session::get('logged', false)) {
-			Session::set('redirectTo', (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
-			throw new AuthenticationException();
-		}
+    public function __construct(Container $container)
+    {
+        $this->container = $container;
+    }
 
-		if (!DB::query('SELECT `id`, `active` FROM `users` WHERE `id` = ? LIMIT 1', [Session::get('user_id')])->fetch()->active) {
-			Session::alert('Your account is not active anymore.', 'danger');
-			Session::set('logged', false);
-			Session::set('redirectTo', (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
-			throw new AuthenticationException();
-		}
+    /**
+     * @param $name
+     *
+     * @return mixed|null
+     * @throws NotFoundException
+     *
+     * @throws DependencyException
+     */
+    public function __get($name)
+    {
+        if ($this->container->has($name)) {
+            return $this->container->get($name);
+        }
 
-	}
+        return null;
+    }
 
-	/**
-	 * Check if the current user is an admin
-	 * @throws AuthenticationException
-	 * @throws UnauthorizedException
-	 */
-	protected function checkAdmin(): void
-	{
-		$this->checkLogin();
+    /**
+     * @param $key
+     * @param  null  $default
+     * @return object
+     */
+    protected function getSetting($key, $default = null)
+    {
+        return $this->database->query('SELECT `value` FROM `settings` WHERE `key` = '.$this->database->getPdo()->quote($key))->fetch()->value ?? $default;
+    }
 
-		if (!DB::query('SELECT `id`, `is_admin` FROM `users` WHERE `id` = ? LIMIT 1', [Session::get('user_id')])->fetch()->is_admin) {
-			Session::alert('Your account is not admin anymore.', 'danger');
-			Session::set('admin', false);
-			Session::set('redirectTo', (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
-			throw new UnauthorizedException();
-		}
-	}
+    /**
+     * @param $current
+     * @param $max
+     */
+    protected function setSessionQuotaInfo($current, $max)
+    {
+        $this->session->set('current_disk_quota', humanFileSize($current));
+        if ($this->getSetting('quota_enabled', 'off') === 'on') {
+            if ($max < 0) {
+                $this->session->set('max_disk_quota', '∞')->set('percent_disk_quota', null);
+            } else {
+                $this->session->set('max_disk_quota', humanFileSize($max))->set('percent_disk_quota', round(($current * 100) / $max));
+            }
+        } else {
+            $this->session->set('max_disk_quota', null)->set('percent_disk_quota', null);
+        }
+    }
 
+    /**
+     * @param  Request  $request
+     * @param $userId
+     * @param $fileSize
+     * @param  bool  $dec
+     * @return bool
+     */
+    protected function updateUserQuota(Request $request, $userId, $fileSize, $dec = false)
+    {
+        $user = make(UserRepository::class)->get($request, $userId);
 
-	/**
-	 * Generate a human readable file size
-	 * @param $size
-	 * @param int $precision
-	 * @return string
-	 */
-	protected function humanFilesize($size, $precision = 2): string
-	{
-		for ($i = 0; ($size / 1024) > 0.9; $i++, $size /= 1024) {
-		}
-		return round($size, $precision) . ['B', 'kB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'][$i];
-	}
+        if ($dec) {
+            $tot = max($user->current_disk_quota - $fileSize, 0);
+        } else {
+            $tot = $user->current_disk_quota + $fileSize;
 
-	/**
-	 * Get a filesystem instance
-	 * @return Filesystem
-	 */
-	protected function getStorage(): Filesystem
-	{
-		return new Filesystem(new Local(Flight::get('config')['storage_dir']));
-	}
+            if ($this->getSetting('quota_enabled') === 'on' && $user->max_disk_quota > 0 && $user->max_disk_quota < $tot) {
+                return false;
+            }
+        }
 
-	/**
-	 * Set http2 header for a resource if is supported
-	 * @param string $url
-	 * @param string $as
-	 */
-	protected function http2push(string $url, string $as = 'image'): void
-	{
-		if (Flight::request()->scheme === 'HTTP/2.0') {
-			$headers = isset(Flight::response()->headers()['Link']) ? Flight::response()->headers()['Link'] : [];
-			$headers[] = "<${url}>; rel=preload; as=${as}";
-			Flight::response()->header('Link', $headers);
-		}
-	}
-}
+        $this->database->query('UPDATE `users` SET `current_disk_quota`=? WHERE `id` = ?', [
+            $tot,
+            $user->id,
+        ]);
+
+        return true;
+    }
+
+    /**
+     * @param $userId
+     * @throws Exception
+     */
+    protected function refreshRememberCookie($userId)
+    {
+        $selector = bin2hex(random_bytes(8));
+        $token = bin2hex(random_bytes(32));
+        $expire = time() + 604800; // a week
+
+        $this->database->query('UPDATE `users` SET `remember_selector`=?, `remember_token`=?, `remember_expire`=? WHERE `id`=?', [
+            $selector,
+            password_hash($token, PASSWORD_DEFAULT),
+            date('Y-m-d\TH:i:s', $expire),
+            $userId,
+        ]);
+
+        // Workaround for php <= 7.3
+        if (PHP_VERSION_ID < 70300) {
+            setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Strict', '', isSecure(), true);
+        } else {
+            setcookie('remember', "{$selector}:{$token}", [
+                'expires' => $expire,
+                'httponly' => true,
+                'samesite' => 'Strict',
+                'secure' => isSecure(),
+            ]);
+        }
+    }
+
+    /**
+     * @param  Request  $request
+     * @return ValidationHelper
+     */
+    public function getUserCreateValidator(Request $request)
+    {
+        return make(ValidationHelper::class)
+            ->alertIf(empty(param($request, 'username')), 'username_required')
+            ->alertIf(!filter_var(param($request, 'email'), FILTER_VALIDATE_EMAIL), 'email_required')
+            ->alertIf($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `email` = ?', param($request, 'email'))->fetch()->count != 0, 'email_taken')
+            ->alertIf($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `username` = ?', param($request, 'username'))->fetch()->count != 0, 'username_taken');
+    }
+}

app/Controllers/DashboardController.php

@@ -2,89 +2,96 @@
 
 namespace App\Controllers;
 
-
-use App\Database\DB;
-use App\Traits\SingletonController;
-use App\Web\Session;
-use Flight;
-use League\Flysystem\FileNotFoundException;
+use App\Database\Repositories\MediaRepository;
+use App\Database\Repositories\TagRepository;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
 
 class DashboardController extends Controller
 {
-	use SingletonController;
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     *
+     * @return Response
+     */
+    public function redirects(Request $request, Response $response): Response
+    {
+        if (param($request, 'afterInstall') !== null && !is_dir(BASE_DIR.'install')) {
+            $this->session->alert(lang('installed'), 'success');
+        }
 
-	const PER_PAGE = 21;
-	const PER_PAGE_ADMIN = 50;
+        return redirect($response, route('home'));
+    }
 
-	public function redirects(): void
-	{
-		$this->checkLogin();
-		Flight::redirect('/home');
-	}
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int|null  $page
+     *
+     * @return Response
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     *
+     * @throws \Twig\Error\LoaderError
+     */
+    public function home(Request $request, Response $response, int $page = 0): Response
+    {
+        $page = max(0, --$page);
 
-	public function home($page = 1): void
-	{
-		$this->checkLogin();
+        switch (param($request, 'sort', 'time')) {
+            case 'size':
+                $order = MediaRepository::ORDER_SIZE;
+                break;
+            case 'name':
+                $order = MediaRepository::ORDER_NAME;
+                break;
+            default:
+            case 'time':
+                $order = MediaRepository::ORDER_TIME;
+                break;
+        }
 
-		$page = max(0, --$page);
+        $isAdmin = (bool) $this->session->get('admin', false);
 
-		if (Session::get('admin', false)) {
-			$medias = DB::query('SELECT `uploads`.*, `users`.`user_code`, `users`.`username` FROM `uploads` LEFT JOIN `users` ON `uploads`.`user_id` = `users`.`id` ORDER BY `timestamp` DESC LIMIT ? OFFSET ?', [self::PER_PAGE_ADMIN, $page * self::PER_PAGE_ADMIN])->fetchAll();
-			$pages = DB::query('SELECT COUNT(*) AS `count` FROM `uploads`')->fetch()->count / self::PER_PAGE_ADMIN;
-		} else {
-			$medias = DB::query('SELECT `uploads`.*,`users`.`user_code`, `users`.`username` FROM `uploads` INNER JOIN `users` ON `uploads`.`user_id` = `users`.`id` WHERE `user_id` = ? ORDER BY `timestamp` DESC LIMIT ? OFFSET ?', [Session::get('user_id'), self::PER_PAGE, $page * self::PER_PAGE])->fetchAll();
-			$pages = DB::query('SELECT COUNT(*) AS `count` FROM `uploads` WHERE `user_id` = ?', Session::get('user_id'))->fetch()->count / self::PER_PAGE;
-		}
+        /** @var MediaRepository $query */
+        $query = make(MediaRepository::class, ['isAdmin' => $isAdmin])
+            ->orderBy($order, param($request, 'order', 'DESC'))
+            ->withUserId($this->session->get('user_id'))
+            ->search(param($request, 'search', null))
+            ->filterByTag(param($request, 'tag'))
+            ->run($page);
 
-		$filesystem = $this->getStorage();
+        $tags = make(TagRepository::class, [
+            'isAdmin' => $isAdmin,
+            'userId' => $this->session->get('user_id')
+        ])->all();
 
-		foreach ($medias as $media) {
-			$extension = pathinfo($media->filename, PATHINFO_EXTENSION);
-			try {
-				$mime = $filesystem->getMimetype($media->storage_path);
-				$size = $filesystem->getSize($media->storage_path);
-			} catch (FileNotFoundException $e) {
-				$mime = null;
-			}
-			$media->mimetype = $mime;
-			$media->extension = $extension;
-			$media->size = $this->humanFilesize($size);
-		}
+        return view()->render(
+            $response,
+            ($this->session->get('gallery_view', $isAdmin)) ? 'dashboard/list.twig' : 'dashboard/grid.twig',
+            [
+                'medias' => $query->getMedia(),
+                'next' => $page < floor($query->getPages()),
+                'previous' => $page >= 1,
+                'current_page' => ++$page,
+                'copy_raw' => $this->session->get('copy_raw', false),
+                'tags' => $tags,
+            ]
+        );
+    }
 
-		Flight::render(
-			Session::get('admin', false) ? 'dashboard/admin.twig' : 'dashboard/home.twig',
-			[
-				'medias' => $medias,
-				'next' => $page < floor($pages),
-				'previous' => $page >= 1,
-				'current_page' => ++$page,
-			]
-		);
-	}
+    /**
+     * @param  Response  $response
+     *
+     * @return Response
+     */
+    public function switchView(Response $response): Response
+    {
+        $isAdmin = (bool) $this->session->get('admin', false);
 
-	public function system()
-	{
-		$this->checkAdmin();
+        $this->session->set('gallery_view', !$this->session->get('gallery_view', $isAdmin));
 
-		$usersCount = DB::query('SELECT COUNT(*) AS `count` FROM `users`')->fetch()->count;
-		$mediasCount = DB::query('SELECT COUNT(*) AS `count` FROM `uploads`')->fetch()->count;
-		$orphanFilesCount = DB::query('SELECT COUNT(*) AS `count` FROM `uploads` WHERE `user_id` IS NULL')->fetch()->count;
-
-		$medias = DB::query('SELECT `users`.`user_code`, `uploads`.`code`, `uploads`.`storage_path` FROM `uploads` LEFT JOIN `users` ON `uploads`.`user_id` = `users`.`id`')->fetchAll();
-
-		$totalSize = 0;
-
-		$filesystem = $this->getStorage();
-		foreach ($medias as $media) {
-			$totalSize += $filesystem->getSize($media->storage_path);
-		}
-
-		Flight::render('dashboard/system.twig', [
-			'usersCount' => $usersCount,
-			'mediasCount' => $mediasCount,
-			'orphanFilesCount' => $orphanFilesCount,
-			'totalSize' => $this->humanFilesize($totalSize),
-			'max_filesize' => ini_get('post_max_size') . '/' . ini_get('upload_max_filesize'),
-		]);
-	}
-}
+        return redirect($response, route('home'));
+    }
+}

app/Controllers/ExportController.php

@@ -0,0 +1,49 @@
+<?php
+
+
+namespace App\Controllers;
+
+use App\Database\Repositories\UserRepository;
+use League\Flysystem\FileNotFoundException;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use ZipStream\Option\Archive;
+use ZipStream\ZipStream;
+
+class ExportController extends Controller
+{
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int|null  $id
+     * @return Response
+     * @throws \ZipStream\Exception\OverflowException
+     */
+    public function downloadData(Request $request, Response $response, int $id): Response
+    {
+        $user = make(UserRepository::class)->get($request, $id, true);
+
+        $medias = $this->database->query('SELECT `uploads`.`filename`, `uploads`.`storage_path` FROM `uploads` WHERE `user_id` = ?', $user->id);
+
+        $this->logger->info("User $user->id, $user->username, exporting data...");
+
+        set_time_limit(0);
+        ob_end_clean();
+
+        $options = new Archive();
+        $options->setSendHttpHeaders(true);
+
+        $zip = new ZipStream($user->username.'-'.time().'-export.zip', $options);
+
+        $filesystem = $this->storage;
+        foreach ($medias as $media) {
+            try {
+                $zip->addFileFromStream($media->filename, $filesystem->readStream($media->storage_path));
+            } catch (FileNotFoundException $e) {
+                $this->logger->error('Cannot export file', ['exception' => $e]);
+            }
+        }
+        $zip->finish();
+        exit(0);
+    }
+}

app/Controllers/LoginController.php

@@ -1,68 +0,0 @@
-<?php
-
-namespace App\Controllers;
-
-
-use App\Database\DB;
-use App\Traits\SingletonController;
-use App\Web\Log;
-use App\Web\Session;
-use Flight;
-
-class LoginController extends Controller
-{
-	use SingletonController;
-
-	public function show(): void
-	{
-		if (Session::get('logged', false)) {
-			Flight::redirect('/home');
-			return;
-		}
-		Flight::render('auth/login.twig');
-	}
-
-	public function login(): void
-	{
-		$form = Flight::request()->data;
-
-		$result = DB::query('SELECT `id`,`username`, `password`,`is_admin`, `active` FROM `users` WHERE `username` = ? LIMIT 1', $form->username)->fetch();
-
-		if (!$result || !password_verify($form->password, $result->password)) {
-			Flight::redirect('login');
-			Session::alert('Wrong credentials', 'danger');
-			return;
-		}
-
-		if (!$result->active) {
-			Flight::redirect('login');
-			Session::alert('Your account is disabled.', 'danger');
-			return;
-		}
-
-		Session::set('logged', true);
-		Session::set('user_id', $result->id);
-		Session::set('username', $result->username);
-		Session::set('admin', $result->is_admin);
-
-		Session::alert("Welcome, $result->username!", 'info');
-		Log::info("User $result->username logged in.");
-
-		if (Session::has('redirectTo')) {
-			Flight::redirect(Session::get('redirectTo'));
-			return;
-		}
-
-		Flight::redirect('/home');
-	}
-
-	public function logout(): void
-	{
-		$this->checkLogin();
-		Session::clear();
-		Session::set('logged', false);
-		Session::alert('Goodbye!', 'warning');
-		Flight::redirect('/login');
-	}
-
-}

app/Controllers/MediaController.php

@@ -0,0 +1,549 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Database\Repositories\UserRepository;
+use App\Web\UA;
+use Intervention\Image\Constraint;
+use Intervention\Image\ImageManagerStatic as Image;
+use League\Flysystem\FileNotFoundException;
+use League\Flysystem\Filesystem;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Exception\HttpBadRequestException;
+use Slim\Exception\HttpNotFoundException;
+use Slim\Exception\HttpUnauthorizedException;
+use Slim\Psr7\Stream;
+
+class MediaController extends Controller
+{
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  string  $userCode
+     * @param  string  $mediaCode
+     * @param  string|null  $token
+     *
+     * @return Response
+     * @throws HttpNotFoundException
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     * @throws FileNotFoundException
+     *
+     */
+    public function show(
+        Request $request,
+        Response $response,
+        string $userCode,
+        string $mediaCode,
+        string $token = null
+    ): Response {
+        $media = $this->getMedia($userCode, $mediaCode, true);
+
+        if (!$media || (!$media->published && $this->session->get('user_id') !== $media->user_id && !$this->session->get(
+            'admin',
+            false
+        ))) {
+            throw new HttpNotFoundException($request);
+        }
+
+        $filesystem = $this->storage;
+
+        $userAgent = $request->getHeaderLine('User-Agent');
+        $mime = $filesystem->getMimetype($media->storage_path);
+
+        try {
+            $media->mimetype = $mime;
+            $media->extension = pathinfo($media->filename, PATHINFO_EXTENSION);
+            $size = $filesystem->getSize($media->storage_path);
+
+            $type = explode('/', $media->mimetype)[0];
+            if ($type === 'image' && !isDisplayableImage($media->mimetype)) {
+                $type = 'application';
+                $media->mimetype = 'application/octet-stream';
+            }
+            if ($type === 'text') {
+                if ($size <= (500 * 1024)) { // less than 500 KB
+                    $media->text = $filesystem->read($media->storage_path);
+                } else {
+                    $type = 'application';
+                    $media->mimetype = 'application/octet-stream';
+                }
+            }
+            $media->size = humanFileSize($size);
+        } catch (FileNotFoundException $e) {
+            throw new HttpNotFoundException($request);
+        }
+
+        if (
+            UA::isBot($userAgent) &&
+            !(
+                // embed if enabled
+                (UA::embedsLinks($userAgent) &&
+                    isEmbeddable($mime) &&
+                    $this->getSetting('image_embeds') === 'on') ||
+                // if the file is too large to be displayed as non embedded
+                (UA::embedsLinks($userAgent) &&
+                    isEmbeddable($mime) &&
+                    $size >= (8 * 1024 * 1024))
+            )
+        ) {
+            return $this->streamMedia($request, $response, $filesystem, $media);
+        }
+
+        return view()->render($response, 'upload/public.twig', [
+            'delete_token' => $token,
+            'media' => $media,
+            'type' => $type,
+            'url' => urlFor(glue($userCode, $mediaCode)),
+            'copy_raw' => $this->session->get('copy_raw', false),
+        ]);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     *
+     * @return Response
+     * @throws HttpNotFoundException
+     *
+     * @throws FileNotFoundException
+     */
+    public function getRawById(Request $request, Response $response, int $id): Response
+    {
+        $media = $this->database->query('SELECT * FROM `uploads` WHERE `id` = ? LIMIT 1', $id)->fetch();
+
+        if (!$media) {
+            throw new HttpNotFoundException($request);
+        }
+
+        return $this->streamMedia($request, $response, $this->storage, $media);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  string  $userCode
+     * @param  string  $mediaCode
+     * @param  string|null  $ext
+     *
+     * @return Response
+     * @throws HttpBadRequestException
+     * @throws HttpNotFoundException
+     *
+     * @throws FileNotFoundException
+     */
+    public function getRaw(
+        Request $request,
+        Response $response,
+        string $userCode,
+        string $mediaCode,
+        ?string $ext = null
+    ): Response {
+        $media = $this->getMedia($userCode, $mediaCode, false);
+
+        if (!$media || (!$media->published && $this->session->get('user_id') !== $media->user_id && !$this->session->get(
+            'admin',
+            false
+        ))) {
+            throw new HttpNotFoundException($request);
+        }
+
+        if ($ext !== null && pathinfo($media->filename, PATHINFO_EXTENSION) !== $ext) {
+            throw new HttpBadRequestException($request);
+        }
+
+        if (must_be_escaped($this->storage->getMimetype($media->storage_path))) {
+            $response = $this->streamMedia($request, $response, $this->storage, $media);
+            return $response->withHeader('Content-Type', 'text/plain');
+        }
+
+        return $this->streamMedia($request, $response, $this->storage, $media);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  string  $userCode
+     * @param  string  $mediaCode
+     *
+     * @return Response
+     * @throws HttpNotFoundException
+     *
+     * @throws FileNotFoundException
+     */
+    public function download(Request $request, Response $response, string $userCode, string $mediaCode): Response
+    {
+        $media = $this->getMedia($userCode, $mediaCode, false);
+
+        if (!$media || (!$media->published && $this->session->get('user_id') !== $media->user_id && !$this->session->get(
+            'admin',
+            false
+        ))) {
+            throw new HttpNotFoundException($request);
+        }
+
+        return $this->streamMedia($request, $response, $this->storage, $media, 'attachment');
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  string  $vanity
+     * @param  string  $id
+     *
+     * @return Response
+     * @throws HttpNotFoundException
+     * @throws HttpBadRequestException
+     */
+    public function createVanity(Request $request, Response $response, int $id): Response
+    {
+        $media = $this->database->query('SELECT * FROM `uploads` WHERE `id` = ? LIMIT 1', $id)->fetch();
+
+        $vanity = param($request, 'vanity');
+        $vanity = preg_replace('/[^a-z0-9]+/', '-', strtolower($vanity));
+
+        //handle collisions
+        $collision = $this->database->query('SELECT * FROM `uploads` WHERE `code` = ? AND `id` != ? LIMIT 1', [$vanity, $id])->fetch();
+
+        if (!$media) {
+            throw new HttpNotFoundException($request);
+        }
+
+        if ($vanity === '' || $collision) {
+            throw new HttpBadRequestException($request);
+        }
+
+        $this->database->query('UPDATE `uploads` SET `code` = ? WHERE `id` = ?', [$vanity, $media->id]);
+        $media->code = $vanity;
+        $response->getBody()->write(json_encode($media));
+
+        $this->logger->info('User '.$this->session->get('username').' created a vanity link for media '.$media->id);
+
+        return $response;
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     *
+     * @return Response
+     * @throws HttpNotFoundException
+     *
+     */
+    public function togglePublish(Request $request, Response $response, int $id): Response
+    {
+        if ($this->session->get('admin')) {
+            $media = $this->database->query('SELECT * FROM `uploads` WHERE `id` = ? LIMIT 1', $id)->fetch();
+        } else {
+            $media = $this->database->query(
+                'SELECT * FROM `uploads` WHERE `id` = ? AND `user_id` = ? LIMIT 1',
+                [$id, $this->session->get('user_id')]
+            )->fetch();
+        }
+
+        if (!$media) {
+            throw new HttpNotFoundException($request);
+        }
+
+        $this->database->query(
+            'UPDATE `uploads` SET `published`=? WHERE `id`=?',
+            [$media->published ? 0 : 1, $media->id]
+        );
+
+        return $response;
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     *
+     * @return Response
+     * @throws HttpNotFoundException
+     * @throws HttpUnauthorizedException
+     */
+    public function delete(Request $request, Response $response, int $id): Response
+    {
+        $media = $this->database->query('SELECT * FROM `uploads` WHERE `id` = ? LIMIT 1', $id)->fetch();
+
+        if (!$media) {
+            throw new HttpNotFoundException($request);
+        }
+
+        if (!$this->session->get('admin', false) && $media->user_id !== $this->session->get('user_id')) {
+            throw new HttpUnauthorizedException($request);
+        }
+
+        $this->deleteMedia($request, $media->storage_path, $id, $media->user_id);
+        $this->logger->info('User '.$this->session->get('username').' deleted a media.', [$id]);
+
+        if ($media->user_id === $this->session->get('user_id')) {
+            $user = make(UserRepository::class)->get($request, $media->user_id, true);
+            $this->setSessionQuotaInfo($user->current_disk_quota, $user->max_disk_quota);
+        }
+
+        if ($request->getMethod() === 'GET') {
+            return redirect($response, route('home'));
+        }
+
+        return $response;
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  string  $userCode
+     * @param  string  $mediaCode
+     * @param  string  $token
+     *
+     * @return Response
+     * @throws HttpUnauthorizedException
+     *
+     * @throws HttpNotFoundException
+     */
+    public function deleteByToken(
+        Request $request,
+        Response $response,
+        string $userCode,
+        string $mediaCode,
+        string $token
+    ): Response {
+        $media = $this->getMedia($userCode, $mediaCode, false);
+
+        if (!$media) {
+            throw new HttpNotFoundException($request);
+        }
+
+        $user = $this->database->query('SELECT `id`, `active` FROM `users` WHERE `token` = ? LIMIT 1', $token)->fetch();
+
+        if (!$user) {
+            $this->session->alert(lang('token_not_found'), 'danger');
+
+            return redirect($response, $request->getHeaderLine('Referer'));
+        }
+
+        if (!$user->active) {
+            $this->session->alert(lang('account_disabled'), 'danger');
+
+            return redirect($response, $request->getHeaderLine('Referer'));
+        }
+
+        if ($this->session->get('admin', false) || $user->id === $media->user_id) {
+            $this->deleteMedia($request, $media->storage_path, $media->mediaId, $user->id);
+            $this->logger->info('User '.$user->username.' deleted a media via token.', [$media->mediaId]);
+        } else {
+            throw new HttpUnauthorizedException($request);
+        }
+
+        return redirect($response, route('home'));
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  string  $storagePath
+     * @param  int  $id
+     *
+     * @param  int  $userId
+     * @return void
+     * @throws HttpNotFoundException
+     */
+    protected function deleteMedia(Request $request, string $storagePath, int $id, int $userId)
+    {
+        try {
+            $size = $this->storage->getSize($storagePath);
+            $this->storage->delete($storagePath);
+            $this->updateUserQuota($request, $userId, $size, true);
+        } catch (FileNotFoundException $e) {
+            throw new HttpNotFoundException($request);
+        } finally {
+            $this->database->query('DELETE FROM `uploads` WHERE `id` = ?', $id);
+            $this->database->query('DELETE FROM `tags` WHERE `tags`.`id` NOT IN (SELECT `uploads_tags`.`tag_id` FROM `uploads_tags`)');
+        }
+    }
+
+    /**
+     * @param $userCode
+     * @param $mediaCode
+     *
+     * @param  bool  $withTags
+     * @return mixed
+     */
+    protected function getMedia($userCode, $mediaCode, $withTags = false)
+    {
+        $mediaCode = pathinfo($mediaCode)['filename'];
+
+        $media = $this->database->query(
+            'SELECT `uploads`.*, `users`.*, `users`.`id` AS `userId`, `uploads`.`id` AS `mediaId` FROM `uploads` INNER JOIN `users` ON `uploads`.`user_id` = `users`.`id` WHERE `user_code` = ? AND `uploads`.`code` = ? LIMIT 1',
+            [
+                $userCode,
+                $mediaCode,
+            ]
+        )->fetch();
+
+        if (!$withTags || !$media) {
+            return $media;
+        }
+
+        $media->tags = [];
+        foreach ($this->database->query(
+            'SELECT `tags`.`id`, `tags`.`name` FROM `uploads_tags` INNER JOIN `tags` ON `uploads_tags`.`tag_id` = `tags`.`id` WHERE `uploads_tags`.`upload_id` = ?',
+            $media->mediaId
+        ) as $tag) {
+            $media->tags[$tag->id] = $tag->name;
+        }
+
+        return $media;
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  Filesystem  $storage
+     * @param $media
+     * @param  string  $disposition
+     *
+     * @return Response
+     * @throws FileNotFoundException
+     *
+     */
+    protected function streamMedia(
+        Request $request,
+        Response $response,
+        Filesystem $storage,
+        $media,
+        string $disposition = 'inline'
+    ): Response {
+        set_time_limit(0);
+        $this->session->close();
+        $mime = $storage->getMimetype($media->storage_path);
+
+        if ((param($request, 'width') !== null || param($request, 'height') !== null) && explode(
+            '/',
+            $mime
+        )[0] === 'image') {
+            return $this->makeThumbnail(
+                $storage,
+                $media,
+                param($request, 'width'),
+                param($request, 'height'),
+                $disposition
+            );
+        }
+
+        $stream = new Stream($storage->readStream($media->storage_path));
+
+        if (!in_array(explode('/', $mime)[0], ['image', 'video', 'audio']) || $disposition === 'attachment') {
+            return $response->withHeader('Content-Type', $mime)
+                ->withHeader('Content-Disposition', $disposition.'; filename="'.$media->filename.'"')
+                ->withHeader('Content-Length', $stream->getSize())
+                ->withBody($stream);
+        }
+
+        if (isset($request->getServerParams()['HTTP_RANGE'])) {
+            return $this->handlePartialRequest(
+                $response,
+                $stream,
+                $request->getServerParams()['HTTP_RANGE'],
+                $disposition,
+                $media,
+                $mime
+            );
+        }
+
+        return $response->withHeader('Content-Type', $mime)
+            ->withHeader('Content-Length', $stream->getSize())
+            ->withHeader('Accept-Ranges', 'bytes')
+            ->withBody($stream);
+    }
+
+    /**
+     * @param  Filesystem  $storage
+     * @param $media
+     * @param  null  $width
+     * @param  null  $height
+     * @param  string  $disposition
+     *
+     * @return Response
+     * @throws FileNotFoundException
+     *
+     */
+    protected function makeThumbnail(
+        Filesystem $storage,
+        $media,
+        $width = null,
+        $height = null,
+        string $disposition = 'inline'
+    ) {
+        return Image::make($storage->readStream($media->storage_path))
+            ->resize($width, $height, function (Constraint $constraint) {
+                $constraint->aspectRatio();
+            })
+            ->resizeCanvas($width, $height, 'center')
+            ->psrResponse('png')
+            ->withHeader(
+                'Content-Disposition',
+                $disposition.';filename="scaled-'.pathinfo($media->filename, PATHINFO_FILENAME).'.png"'
+            );
+    }
+
+    /**
+     * @param  Response  $response
+     * @param  Stream  $stream
+     * @param  string  $range
+     * @param  string  $disposition
+     * @param $media
+     * @param $mime
+     *
+     * @return Response
+     */
+    protected function handlePartialRequest(
+        Response $response,
+        Stream $stream,
+        string $range,
+        string $disposition,
+        $media,
+        $mime
+    ) {
+        $end = $stream->getSize() - 1;
+        [, $range] = explode('=', $range, 2);
+
+        if (strpos($range, ',') !== false) {
+            return $response->withHeader('Content-Type', $mime)
+                ->withHeader('Content-Disposition', $disposition.'; filename="'.$media->filename.'"')
+                ->withHeader('Content-Length', $stream->getSize())
+                ->withHeader('Accept-Ranges', 'bytes')
+                ->withHeader('Content-Range', "0,{$stream->getSize()}")
+                ->withStatus(416)
+                ->withBody($stream);
+        }
+
+        if ($range === '-') {
+            $start = $stream->getSize() - (int) substr($range, 1);
+        } else {
+            $range = explode('-', $range);
+            $start = (int) $range[0];
+            $end = (isset($range[1]) && is_numeric($range[1])) ? (int) $range[1] : $stream->getSize();
+        }
+
+        if ($end > $stream->getSize() - 1) {
+            $end = $stream->getSize() - 1;
+        }
+        $stream->seek($start);
+
+        header("Content-Type: $mime");
+        header('Content-Length: '.($end - $start + 1));
+        header('Accept-Ranges: bytes');
+        header("Content-Range: bytes $start-$end/{$stream->getSize()}");
+
+        http_response_code(206);
+        ob_end_clean();
+
+        fpassthru($stream->detach());
+
+        exit(0);
+    }
+}

app/Controllers/ProfileController.php

@@ -0,0 +1,74 @@
+<?php
+
+
+namespace App\Controllers;
+
+use App\Database\Repositories\UserRepository;
+use App\Web\ValidationHelper;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+
+class ProfileController extends Controller
+{
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     *
+     * @return Response
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     */
+    public function profile(Request $request, Response $response): Response
+    {
+        $user = make(UserRepository::class)->get($request, $this->session->get('user_id'), true);
+
+        return view()->render($response, 'user/edit.twig', [
+            'profile' => true,
+            'user' => $user,
+        ]);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     *
+     * @return Response
+     */
+    public function profileEdit(Request $request, Response $response, int $id): Response
+    {
+        $user = make(UserRepository::class)->get($request, $id, true);
+
+        /** @var ValidationHelper $validator */
+        $validator = make(ValidationHelper::class)
+            ->alertIf(!filter_var(param($request, 'email'), FILTER_VALIDATE_EMAIL), 'email_required')
+            ->alertIf($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `email` = ? AND `email` <> ?', [param($request, 'email'), $user->email])->fetch()->count != 0, 'email_taken');
+
+        if ($validator->fails()) {
+            return redirect($response, route('profile'));
+        }
+
+        if (param($request, 'password') !== null && !empty(param($request, 'password'))) {
+            $this->database->query('UPDATE `users` SET `email`=?, `password`=?, `hide_uploads`=?, `copy_raw`=? WHERE `id` = ?', [
+                param($request, 'email'),
+                password_hash(param($request, 'password'), PASSWORD_DEFAULT),
+                param($request, 'hide_uploads') !== null ? 1 : 0,
+                param($request, 'copy_raw') !== null ? 1 : 0,
+                $user->id,
+            ]);
+        } else {
+            $this->database->query('UPDATE `users` SET `email`=?, `hide_uploads`=?, `copy_raw`=? WHERE `id` = ?', [
+                param($request, 'email'),
+                param($request, 'hide_uploads') !== null ? 1 : 0,
+                param($request, 'copy_raw') !== null ? 1 : 0,
+                $user->id,
+            ]);
+        }
+
+        $this->session->set('copy_raw', param($request, 'copy_raw') !== null ? 1 : 0)->alert(lang('profile_updated'), 'success');
+        $this->logger->info('User '.$this->session->get('username')." updated profile of $user->id.");
+
+        return redirect($response, route('profile'));
+    }
+}

app/Controllers/SettingController.php

@@ -0,0 +1,115 @@
+<?php
+
+
+namespace App\Controllers;
+
+use App\Database\Repositories\UserRepository;
+use App\Web\Theme;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Exception\HttpBadRequestException;
+use Slim\Exception\HttpInternalServerErrorException;
+
+class SettingController extends Controller
+{
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     *
+     * @return Response
+     * @throws HttpInternalServerErrorException
+     */
+    public function saveSettings(Request $request, Response $response): Response
+    {
+        if (!preg_match('/[0-9]+[K|M|G|T]/i', param($request, 'default_user_quota', '1G'))) {
+            $this->session->alert(lang('invalid_quota', 'danger'));
+            return redirect($response, route('system'));
+        }
+
+        if (param($request, 'recaptcha_enabled', 'off') === 'on' && (empty(param($request, 'recaptcha_site_key')) || empty(param($request, 'recaptcha_secret_key')))) {
+            $this->session->alert(lang('recaptcha_keys_required', 'danger'));
+            return redirect($response, route('system'));
+        }
+
+        // registrations
+        $this->updateSetting('register_enabled', param($request, 'register_enabled', 'off'));
+        $this->updateSetting('auto_tagging', param($request, 'auto_tagging', 'off'));
+
+        // quota
+        $this->updateSetting('quota_enabled', param($request, 'quota_enabled', 'off'));
+        $this->updateSetting('default_user_quota', stringToBytes(param($request, 'default_user_quota', '1G')));
+        $user = make(UserRepository::class)->get($request, $this->session->get('user_id'));
+        $this->setSessionQuotaInfo($user->current_disk_quota, $user->max_disk_quota);
+
+        $this->updateSetting('custom_head', param($request, 'custom_head'));
+        $this->updateSetting('recaptcha_enabled', param($request, 'recaptcha_enabled', 'off'));
+        $this->updateSetting('recaptcha_site_key', param($request, 'recaptcha_site_key'));
+        $this->updateSetting('recaptcha_secret_key', param($request, 'recaptcha_secret_key'));
+        $this->updateSetting('image_embeds', param($request, 'image_embeds'));
+
+        $this->applyTheme($request);
+        $this->applyLang($request);
+
+        $this->logger->info("User $user->username updated the system settings.");
+        $this->session->alert(lang('settings_saved'));
+
+        return redirect($response, route('system'));
+    }
+
+    /**
+     * @param  Request  $request
+     */
+    public function applyLang(Request $request)
+    {
+        if (param($request, 'lang') !== 'auto') {
+            $this->updateSetting('lang', param($request, 'lang'));
+        } else {
+            $this->database->query('DELETE FROM `settings` WHERE `key` = \'lang\'');
+        }
+    }
+
+    /**
+     * @param  Request  $request
+     * @throws HttpInternalServerErrorException
+     */
+    public function applyTheme(Request $request)
+    {
+        $css = param($request, 'css');
+        if ($css === null) {
+            return;
+        }
+
+        if (!is_writable(BASE_DIR.'static/bootstrap/css/bootstrap.min.css')) {
+            $this->session->alert(lang('cannot_write_file'), 'danger');
+            throw new HttpInternalServerErrorException($request);
+        }
+
+        make(Theme::class)->applyTheme($css);
+
+        // if is default, remove setting
+        if ($css !== Theme::default()) {
+            $this->updateSetting('css', $css);
+        } else {
+            $this->database->query('DELETE FROM `settings` WHERE `key` = \'css\'');
+        }
+    }
+
+    /**
+     * @param $key
+     * @param  null  $value
+     */
+    private function updateSetting($key, $value = null)
+    {
+        if (!$this->database->query('SELECT `value` FROM `settings` WHERE `key` = '.$this->database->getPdo()->quote($key))->fetch()) {
+            $this->database->query(
+                'INSERT INTO `settings`(`key`, `value`) VALUES ('.$this->database->getPdo()->quote($key).', ?)',
+                $value
+            );
+        } else {
+            $this->database->query(
+                'UPDATE `settings` SET `value`=? WHERE `key` = '.$this->database->getPdo()->quote($key),
+                $value
+            );
+        }
+    }
+}

app/Controllers/TagController.php

@@ -0,0 +1,79 @@
+<?php
+
+
+namespace App\Controllers;
+
+use App\Database\Repositories\TagRepository;
+use App\Web\ValidationHelper;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Exception\HttpBadRequestException;
+use Slim\Exception\HttpNotFoundException;
+
+class TagController extends Controller
+{
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @return Response
+     * @throws HttpBadRequestException
+     */
+    public function addTag(Request $request, Response $response): Response
+    {
+        $validator = $this->validateTag($request)->failIf(empty(param($request, 'tag')));
+
+        if ($validator->fails()) {
+            throw new HttpBadRequestException($request);
+        }
+
+        [$id, $limit] = make(TagRepository::class)->addTag(param($request, 'tag'), param($request, 'mediaId'));
+
+        $this->logger->info("Tag added $id.");
+
+        return json($response, [
+            'limitReached' => $limit,
+            'tagId' => $id,
+            'href' => queryParams(['tag' => $id]),
+        ]);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @return Response
+     * @throws HttpBadRequestException
+     * @throws HttpNotFoundException
+     */
+    public function removeTag(Request $request, Response $response): Response
+    {
+        $validator = $this->validateTag($request);
+
+        if ($validator->fails()) {
+            throw new HttpBadRequestException($request);
+        }
+
+        $result = make(TagRepository::class)->removeTag(param($request, 'tagId'), param($request, 'mediaId'));
+
+        if ($result === null) {
+            throw new HttpNotFoundException($request);
+        }
+
+        $this->logger->info("Tag removed ".param($request, 'tagId').', from media '.param($request, 'mediaId'));
+
+        return json($response, [
+            'deleted' => $result,
+        ]);
+    }
+
+    /**
+     * @param  Request  $request
+     * @return ValidationHelper
+     */
+    protected function validateTag(Request $request)
+    {
+        return make(ValidationHelper::class)
+            ->failIf(empty(param($request, 'mediaId')))
+            ->failIf($this->database->query('SELECT COUNT(*) AS `count` FROM `uploads` WHERE `id` = ?', param($request, 'mediaId'))->fetch()->count == 0)
+            ->failIf(!$this->session->get('admin', false) && $this->database->query('SELECT `user_id` FROM `uploads` WHERE `id` = ? LIMIT 1', param($request, 'mediaId'))->fetch()->user_id != $this->session->get('user_id'));
+    }
+}

app/Controllers/UpgradeController.php

@@ -0,0 +1,194 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Web\Session;
+use Monolog\Logger;
+use Parsedown;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use RuntimeException;
+use ZipArchive;
+use function glob_recursive;
+use function redirect;
+use function removeDirectory;
+use function route;
+use function urlFor;
+
+class UpgradeController extends Controller
+{
+    const GITHUB_SOURCE_API = 'https://api.github.com/repos/SergiX44/XBackBone/releases';
+
+    /**
+     * @param  Response  $response
+     *
+     * @param  Logger  $logger
+     * @param  Session  $session
+     * @return Response
+     */
+    public function upgrade(Response $response, Logger $logger, Session $session): Response
+    {
+        if (!extension_loaded('zip')) {
+            $session->alert(lang('zip_ext_not_loaded'), 'danger');
+            return redirect($response, route('system'));
+        }
+
+        if (!is_writable(BASE_DIR)) {
+            $session->alert(lang('path_not_writable', BASE_DIR), 'warning');
+
+            return redirect($response, route('system'));
+        }
+
+        try {
+            $json = $this->getApiJson();
+        } catch (RuntimeException $e) {
+            $session->alert($e->getMessage(), 'danger');
+
+            return redirect($response, route('system'));
+        }
+
+        if (version_compare($json[0]->tag_name, PLATFORM_VERSION, '<=')) {
+            $session->alert(lang('already_latest_version'), 'warning');
+
+            return redirect($response, route('system'));
+        }
+
+        $tmpFile = sys_get_temp_dir().DIRECTORY_SEPARATOR.'xbackbone_update.zip';
+
+        if (file_put_contents($tmpFile, file_get_contents($json[0]->assets[0]->browser_download_url)) === false) {
+            $session->alert(lang('cannot_retrieve_file'), 'danger');
+
+            return redirect($response, route('system'));
+        }
+
+        if (filesize($tmpFile) !== $json[0]->assets[0]->size) {
+            $session->alert(lang('file_size_no_match'), 'danger');
+
+            return redirect($response, route('system'));
+        }
+        $logger->info('System update started.');
+
+        $config = require BASE_DIR.'config.php';
+        $config['maintenance'] = true;
+
+        file_put_contents(BASE_DIR.'config.php', '<?php'.PHP_EOL.'return '.var_export($config, true).';');
+
+        $currentFiles = array_merge(
+            glob_recursive(BASE_DIR.'app/*'),
+            glob_recursive(BASE_DIR.'bin/*'),
+            glob_recursive(BASE_DIR.'bootstrap/*'),
+            glob_recursive(BASE_DIR.'resources/templates/*'),
+            glob_recursive(BASE_DIR.'resources/lang/*'),
+            glob_recursive(BASE_DIR.'resources/schemas/*'),
+            glob_recursive(BASE_DIR.'static/*')
+        );
+
+        removeDirectory(BASE_DIR.'vendor/');
+
+        $updateZip = new ZipArchive();
+        $updateZip->open($tmpFile);
+
+        for ($i = 0; $i < $updateZip->numFiles; $i++) {
+            $nameIndex = $updateZip->getNameIndex($i);
+
+            $updateZip->extractTo(BASE_DIR, $nameIndex);
+
+            if (($key = array_search(rtrim(BASE_DIR.$nameIndex, '/'), $currentFiles)) !== false) {
+                unset($currentFiles[$key]);
+            }
+        }
+
+        $updateZip->close();
+        unlink($tmpFile);
+
+        foreach ($currentFiles as $extraneous) {
+            if (is_dir($extraneous)) {
+                removeDirectory($extraneous);
+            } else {
+                unlink($extraneous);
+            }
+        }
+
+        $logger->info('System update completed.');
+
+        return redirect($response, urlFor('/install'));
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     *
+     * @return Response
+     */
+    public function checkForUpdates(Request $request, Response $response): Response
+    {
+        $jsonResponse = [
+            'status' => 'OK',
+            'message' => lang('already_latest_version'),
+            'upgrade' => false,
+        ];
+
+        $acceptPrerelease = param($request, 'prerelease', 'false') === 'true';
+
+        try {
+            $json = $this->getApiJson();
+
+            foreach ($json as $release) {
+                if (
+                    $release->prerelease === $acceptPrerelease &&
+                    version_compare($release->tag_name, PLATFORM_VERSION, '>') &&
+                    version_compare($release->tag_name, '4.0.0', '<')
+                ) {
+                    $jsonResponse['message'] = lang('new_version_available', [$release->tag_name]);
+                    $jsonResponse['upgrade'] = true;
+                    break;
+                }
+
+                if (version_compare($release->tag_name, PLATFORM_VERSION, '<=')) {
+                    break;
+                }
+            }
+        } catch (RuntimeException $e) {
+            $jsonResponse['status'] = 'ERROR';
+            $jsonResponse['message'] = $e->getMessage();
+        }
+
+        return json($response, $jsonResponse);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @return Response
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     */
+    public function changelog(Request $request, Response $response): Response
+    {
+        return view()->render($response, 'dashboard/changelog.twig', [
+            'content' => Parsedown::instance()->text(file_get_contents('CHANGELOG.md')),
+        ]);
+    }
+
+    protected function getApiJson()
+    {
+        $opts = [
+            'http' => [
+                'method' => 'GET',
+                'header' => [
+                    'User-Agent: XBackBone-App',
+                    'Accept: application/vnd.github.v3+json',
+                ],
+            ],
+        ];
+
+        $data = @file_get_contents(self::GITHUB_SOURCE_API, false, stream_context_create($opts));
+
+        if ($data === false) {
+            throw new RuntimeException('Cannot contact the Github API. Try again.');
+        }
+
+        return json_decode($data);
+    }
+}

app/Controllers/UploadController.php

@@ -2,247 +2,236 @@
 
 namespace App\Controllers;
 
-
-use App\Database\DB;
-use App\Exceptions\NotFoundException;
-use App\Traits\SingletonController;
-use App\Web\Log;
-use App\Web\Session;
-use Flight;
-use League\Flysystem\FileExistsException;
-use League\Flysystem\FileNotFoundException;
-use League\Flysystem\Filesystem;
+use App\Database\Repositories\TagRepository;
+use App\Database\Repositories\UserRepository;
+use App\Exceptions\ValidationException;
+use Exception;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Message\UploadedFileInterface;
 
 class UploadController extends Controller
 {
-	use SingletonController;
+    private $json = [
+        'message' => null,
+        'version' => PLATFORM_VERSION,
+    ];
 
-	public function upload(): void
-	{
-		$requestData = Flight::request()->data;
+    /**
+     * @param  Response  $response
+     *
+     * @return Response
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     */
+    public function uploadWebPage(Response $response): Response
+    {
+        $maxFileSize = min(stringToBytes(ini_get('post_max_size')), stringToBytes(ini_get('upload_max_filesize')));
 
-		$response = [
-			'message' => null,
-		];
+        return view()->render($response, 'upload/web.twig', [
+            'max_file_size' => humanFileSize($maxFileSize),
+        ]);
+    }
 
-		if (!isset($requestData->token)) {
-			$response['message'] = 'Token not specified.';
-			Flight::json($response, 400);
-			return;
-		}
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @return Response
+     * @throws Exception
+     */
+    public function uploadWeb(Request $request, Response $response): Response
+    {
+        try {
+            $file = $this->validateFile($request, $response);
 
-		$user = DB::query('SELECT * FROM `users` WHERE `token` = ? LIMIT 1', $requestData->token)->fetch();
+            $user = make(UserRepository::class)->get($request, $this->session->get('user_id'));
 
-		if (!$user) {
-			$response['message'] = 'Token specified not found.';
-			Flight::json($response, 404);
-			return;
-		}
+            $this->validateUser($request, $response, $file, $user);
+        } catch (ValidationException $e) {
+            return $e->response();
+        }
 
-		if (!$user->active) {
-			$response['message'] = 'Account disabled.';
-			Flight::json($response, 401);
-			return;
-		}
+        if (!$this->updateUserQuota($request, $user->id, $file->getSize())) {
+            $this->json['message'] = 'User disk quota exceeded.';
 
-		do {
-			$code = uniqid();
-		} while (DB::query('SELECT COUNT(*) AS `count` FROM `uploads` WHERE `code` = ?', $code)->fetch()->count > 0);
+            return json($response, $this->json, 507);
+        }
 
-		$file = Flight::request()->files->current();
-		$fileInfo = pathinfo($file['name']);
-		$storagePath = "$user->user_code/$code.$fileInfo[extension]";
+        try {
+            $response = $this->saveMedia($response, $file, $user);
+            $this->setSessionQuotaInfo($user->current_disk_quota + $file->getSize(), $user->max_disk_quota);
+        } catch (Exception $e) {
+            $this->updateUserQuota($request, $user->id, $file->getSize(), true);
+            throw $e;
+        }
 
-		$stream = fopen($file['tmp_name'], 'r+');
+        return $response;
+    }
 
-		$filesystem = $this->getStorage();
-		try {
-			$filesystem->writeStream($storagePath, $stream);
-		} catch (FileExistsException $e) {
-			Flight::halt(500);
-			return;
-		} finally {
-			fclose($stream);
-		}
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     *
+     * @return Response
+     * @throws Exception
+     */
+    public function uploadEndpoint(Request $request, Response $response): Response
+    {
+        if ($this->config['maintenance']) {
+            $this->json['message'] = 'Endpoint under maintenance.';
 
-		DB::query('INSERT INTO `uploads`(`user_id`, `code`, `filename`, `storage_path`) VALUES (?, ?, ?, ?)', [
-			$user->id,
-			$code,
-			$file['name'],
-			$storagePath
-		]);
+            return json($response, $this->json, 503);
+        }
 
-		$base_url = Flight::get('config')['base_url'];
+        try {
+            $file = $this->validateFile($request, $response);
 
-		$response['message'] = 'OK.';
-		$response['url'] = "$base_url/$user->user_code/$code.$fileInfo[extension]";
-		Flight::json($response, 201);
+            if (param($request, 'token') === null) {
+                $this->json['message'] = 'Token not specified.';
 
-		Log::info("User $user->username uploaded new media.", [DB::raw()->lastInsertId()]);
-	}
+                return json($response, $this->json, 400);
+            }
 
-	public function show($userCode, $mediaCode): void
-	{
-		$media = $this->getMedia($userCode, $mediaCode);
+            $user = $this->database->query('SELECT * FROM `users` WHERE `token` = ? LIMIT 1', param($request, 'token'))->fetch();
 
-		if (!$media || !$media->published && Session::get('user_id') !== $media->user_id && !Session::get('admin', false)) {
-			Flight::error(new NotFoundException());
-			return;
-		}
+            $this->validateUser($request, $response, $file, $user);
+        } catch (ValidationException $e) {
+            return $e->response();
+        }
 
-		$filesystem = $this->getStorage();
+        if (!$this->updateUserQuota($request, $user->id, $file->getSize())) {
+            $this->json['message'] = 'User disk quota exceeded.';
 
-		if (stristr(Flight::request()->user_agent, 'TelegramBot') ||
-			stristr(Flight::request()->user_agent, 'facebookexternalhit/') ||
-			stristr(Flight::request()->user_agent, 'Facebot')) {
-			$this->streamMedia($filesystem, $media);
-		} else {
+            return json($response, $this->json, 507);
+        }
 
-			try {
-				$mime = $filesystem->getMimetype($media->storage_path);
+        try {
+            $response = $this->saveMedia($response, $file, $user);
+        } catch (Exception $e) {
+            $this->updateUserQuota($request, $user->id, $file->getSize(), true);
+            throw $e;
+        }
+        return $response;
+    }
 
-				$type = explode('/', $mime)[0];
-				if ($type === 'text') {
-					$media->text = $filesystem->read($media->storage_path);
-				} elseif (in_array($type, ['image', 'video'])) {
-					$this->http2push(Flight::get('config')['base_url'] . "/$userCode/$mediaCode/raw");
-				}
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @return UploadedFileInterface
+     * @throws ValidationException
+     */
+    protected function validateFile(Request $request, Response $response)
+    {
+        $iniValue = ini_get('post_max_size');
+        $maxPostSize = $iniValue === '0' ? INF : stringToBytes($iniValue);
+        if ($request->getServerParams()['CONTENT_LENGTH'] > $maxPostSize) {
+            $this->json['message'] = 'File too large (post_max_size too low?).';
 
-			} catch (FileNotFoundException $e) {
-				Flight::error($e);
-				return;
-			}
+            throw new ValidationException(json($response, $this->json, 400));
+        }
 
-			Flight::render('upload/public.twig', [
-				'media' => $media,
-				'type' => $mime,
-				'extension' => pathinfo($media->filename, PATHINFO_EXTENSION)
-			]);
-		}
-	}
+        $file = array_values($request->getUploadedFiles());
+        /** @var UploadedFileInterface|null $file */
+        $file = $file[0] ?? null;
 
-	public function getRawById($id): void
-	{
-		$this->checkAdmin();
+        if ($file === null) {
+            $this->json['message'] = 'Request without file attached.';
 
-		$media = DB::query('SELECT * FROM `uploads` WHERE `id` = ? LIMIT 1', $id)->fetch();
+            throw new ValidationException(json($response, $this->json, 400));
+        }
 
-		if (!$media) {
-			Flight::error(new NotFoundException());
-			return;
-		}
+        if ($file->getError() === UPLOAD_ERR_INI_SIZE) {
+            $this->json['message'] = 'File too large (upload_max_filesize too low?).';
 
-		$this->streamMedia($this->getStorage(), $media);
-	}
+            throw new ValidationException(json($response, $this->json, 400));
+        }
 
-	public function showRaw($userCode, $mediaCode): void
-	{
-		$media = $this->getMedia($userCode, $mediaCode);
+        return $file;
+    }
 
-		if (!$media || !$media->published && Session::get('user_id') !== $media->user_id && !Session::get('admin', false)) {
-			Flight::error(new NotFoundException());
-			return;
-		}
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  UploadedFileInterface  $file
+     * @param $user
+     * @return void
+     * @throws ValidationException
+     */
+    protected function validateUser(Request $request, Response $response, UploadedFileInterface $file, $user)
+    {
+        if (!$user) {
+            $this->json['message'] = 'Token specified not found.';
 
-		$this->streamMedia($this->getStorage(), $media);
-	}
+            throw new ValidationException(json($response, $this->json, 404));
+        }
+
+        if (!$user->active) {
+            $this->json['message'] = 'Account disabled.';
+
+            throw new ValidationException(json($response, $this->json, 401));
+        }
+    }
 
 
-	public function download($userCode, $mediaCode): void
-	{
-		$media = $this->getMedia($userCode, $mediaCode);
+    /**
+     * @param  Response  $response
+     * @param  UploadedFileInterface  $file
+     * @param $user
+     * @return Response
+     * @throws \League\Flysystem\FileExistsException
+     * @throws \League\Flysystem\FileNotFoundException
+     */
+    protected function saveMedia(Response $response, UploadedFileInterface $file, $user)
+    {
+        do {
+            $code = humanRandomString();
+        } while ($this->database->query('SELECT COUNT(*) AS `count` FROM `uploads` WHERE `code` = ?', $code)->fetch()->count > 0);
 
-		if (!$media || !$media->published && Session::get('user_id') !== $media->user_id && !Session::get('admin', false)) {
-			Flight::error(new NotFoundException());
-			return;
-		}
+        $fileInfo = pathinfo($file->getClientFilename());
+        $storagePath = "$user->user_code/$code.$fileInfo[extension]";
 
-		$this->streamMedia($this->getStorage(), $media, 'attachment');
-	}
+        $this->storage->writeStream($storagePath, $file->getStream()->detach());
 
-	public function togglePublish($id): void
-	{
-		$this->checkLogin();
+        $this->database->query('INSERT INTO `uploads`(`user_id`, `code`, `filename`, `storage_path`, `published`) VALUES (?, ?, ?, ?, ?)', [
+            $user->id,
+            $code,
+            $file->getClientFilename(),
+            $storagePath,
+            $user->hide_uploads == '1' ? 0 : 1,
+        ]);
+        $mediaId = $this->database->getPdo()->lastInsertId();
 
-		if (Session::get('admin')) {
-			$media = DB::query('SELECT * FROM `uploads` WHERE `id` = ? LIMIT 1', $id)->fetch();
-		} else {
-			$media = DB::query('SELECT * FROM `uploads` WHERE `id` = ? AND `user_id` = ? LIMIT 1', [$id, Session::get('user_id')])->fetch();
-		}
+        if ($this->getSetting('auto_tagging') === 'on') {
+            $this->autoTag($mediaId, $storagePath);
+        }
 
-		if (!$media) {
-			Flight::halt(404);
-			return;
-		}
+        $this->json['message'] = 'OK';
+        $this->json['url'] = urlFor("/{$user->user_code}/{$code}.{$fileInfo['extension']}");
+        $this->json['raw_url'] = urlFor("/{$user->user_code}/{$code}/raw.{$fileInfo['extension']}");
 
-		DB::query('UPDATE `uploads` SET `published`=? WHERE `id`=?', [!$media->published, $media->id]);
-	}
+        $this->logger->info("User $user->username uploaded new media.", [$mediaId]);
 
-	public function delete($id): void
-	{
-		$this->checkLogin();
+        return json($response, $this->json, 201);
+    }
 
-		$media = DB::query('SELECT * FROM `uploads` WHERE `id` = ? LIMIT 1', $id)->fetch();
+    /**
+     * @param $mediaId
+     * @param $storagePath
+     * @throws \League\Flysystem\FileNotFoundException
+     */
+    protected function autoTag($mediaId, $storagePath)
+    {
+        $mime = $this->storage->getMimetype($storagePath);
 
-		if (Session::get('admin', false) || $media->user_id === Session::get('user_id')) {
+        [$type, $subtype] = explode('/', $mime);
 
-			$filesystem = $this->getStorage();
-			try {
-				$filesystem->delete($media->storage_path);
-			} catch (FileNotFoundException $e) {
-				Flight::halt(404);
-				return;
-			} finally {
-				DB::query('DELETE FROM `uploads` WHERE `id` = ?', $id);
-				Log::info('User ' . Session::get('username') . " deleted media $id");
-			}
-		} else {
-			Flight::halt(403);
-		}
-	}
+        /** @var TagRepository $query */
+        $query = make(TagRepository::class);
+        $query->addTag($type, $mediaId);
 
-	protected function getMedia($userCode, $mediaCode)
-	{
-		$mediaCode = pathinfo($mediaCode)['filename'];
-
-		$media = DB::query('SELECT * FROM `uploads` INNER JOIN `users` ON `uploads`.`user_id` = `users`.`id` WHERE `user_code` = ? AND `uploads`.`code` = ? LIMIT 1', [
-			$userCode,
-			$mediaCode
-		])->fetch();
-
-		return $media;
-	}
-
-	protected function streamMedia(Filesystem $storage, $media, string $disposition = 'inline'): void
-	{
-		try {
-			$mime = $storage->getMimetype($media->storage_path);
-			$query = Flight::request()->query;
-
-			if ($query['width'] !== null && explode('/', $mime)[0] === 'image') {
-				Flight::response()->header('Content-Type', 'image/png');
-				Flight::response()->header('Content-Disposition', $disposition . ';filename="scaled-' . pathinfo($media->filename)['filename'] . '.png"');
-				Flight::response()->sendHeaders();
-				ob_clean();
-
-				$image = imagecreatefromstring($storage->read($media->storage_path));
-				$scaled = imagescale($image, $query['width'], $query['height'] !== null ? $query['height'] : -1);
-
-				imagedestroy($image);
-
-				imagepng($scaled, null, 9);
-				imagedestroy($scaled);
-			} else {
-				Flight::response()->header('Content-Type', $mime);
-				Flight::response()->header('Content-Disposition', $disposition . ';filename="' . $media->filename . '"');
-				Flight::response()->header('Content-Length', $storage->getSize($media->storage_path));
-				Flight::response()->sendHeaders();
-				ob_end_clean();
-
-				fpassthru($storage->readStream($media->storage_path));
-			}
-		} catch (FileNotFoundException $e) {
-			Flight::error($e);
-		}
-	}
-}
+        if ($type === 'application' || $subtype === 'gif') {
+            $query->addTag($subtype, $mediaId);
+        }
+    }
+}

app/Controllers/UserController.php

@@ -2,336 +2,316 @@
 
 namespace App\Controllers;
 
-
-use App\Database\DB;
-use App\Exceptions\NotFoundException;
-use App\Exceptions\UnauthorizedException;
-use App\Traits\SingletonController;
-use App\Web\Log;
-use App\Web\Session;
-use Flight;
+use App\Database\Repositories\UserRepository;
+use App\Web\Mail;
+use App\Web\ValidationHelper;
+use League\Flysystem\FileNotFoundException;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
 
 class UserController extends Controller
 {
-	use SingletonController;
-
-	const PER_PAGE = 15;
-
-	public function index($page = 1): void
-	{
-		$this->checkAdmin();
-
-		$page = max(0, --$page);
-
-		$users = DB::query('SELECT * FROM `users` LIMIT ? OFFSET ?', [self::PER_PAGE, $page * self::PER_PAGE])->fetchAll();
-
-		$pages = DB::query('SELECT COUNT(*) AS `count` FROM `users`')->fetch()->count / self::PER_PAGE;
-
-		Flight::render('user/index.twig', [
-			'users' => $users,
-			'next' => $page < floor($pages),
-			'previous' => $page >= 1,
-			'current_page' => ++$page,
-		]);
-	}
-
-	public function create(): void
-	{
-		$this->checkAdmin();
-		Flight::render('user/create.twig');
-	}
-
-	public function store(): void
-	{
-		$this->checkAdmin();
-
-		$form = Flight::request()->data;
-
-		if (!isset($form->email) || empty($form->email)) {
-			Session::alert('The email is required.', 'danger');
-			Flight::redirectBack();
-			return;
-		}
-
-		if (!isset($form->username) || empty($form->username)) {
-			Session::alert('The username is required.', 'danger');
-			Flight::redirectBack();
-			return;
-		}
-
-		if (DB::query('SELECT COUNT(*) AS `count` FROM `users` WHERE `username` = ?', $form->username)->fetch()->count > 0) {
-			Session::alert('The username already taken.', 'danger');
-			Flight::redirectBack();
-			return;
-		}
-
-		if (!isset($form->password) || empty($form->password)) {
-			Session::alert('The password is required.', 'danger');
-			Flight::redirectBack();
-			return;
-		}
-
-		do {
-			$userCode = substr(md5(microtime()), rand(0, 26), 5);
-		} while (DB::query('SELECT COUNT(*) AS `count` FROM `users` WHERE `user_code` = ?', $userCode)->fetch()->count > 0);
-
-		$token = $this->generateNewToken();
-
-		DB::query('INSERT INTO `users`(`email`, `username`, `password`, `is_admin`, `active`, `user_code`, `token`) VALUES (?, ?, ?, ?, ?, ?, ?)', [
-			$form->email,
-			$form->username,
-			password_hash($form->password, PASSWORD_DEFAULT),
-			isset($form->is_admin),
-			isset($form->is_active),
-			$userCode,
-			$token
-		]);
-
-		Session::alert("User '$form->username' created!", 'success');
-		Log::info('User ' . Session::get('username') . ' created a new user.', [array_diff($form->getData(), ['password'])]);
-
-		Flight::redirect('/users');
-	}
-
-	public function edit($id): void
-	{
-		$this->checkAdmin();
-
-		$user = DB::query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-		if (!$user) {
-			Flight::error(new NotFoundException());
-			return;
-		}
-
-		Flight::render('user/edit.twig', [
-			'user' => $user
-		]);
-	}
-
-	public function update($id): void
-	{
-		$this->checkAdmin();
-
-		$form = Flight::request()->data;
-
-		$user = DB::query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-		if (!$user) {
-			Flight::error(new NotFoundException());
-			return;
-		}
-
-		if (!isset($form->email) || empty($form->email)) {
-			Session::alert('The email is required.', 'danger');
-			Flight::redirectBack();
-			return;
-		}
-
-		if (!isset($form->username) || empty($form->username)) {
-			Session::alert('The username is required.', 'danger');
-			Flight::redirectBack();
-			return;
-		}
-
-		if (DB::query('SELECT COUNT(*) AS `count` FROM `users` WHERE `username` = ? AND `username` <> ?', [$form->username, $user->username])->fetch()->count > 0) {
-			Session::alert('The username already taken.', 'danger');
-			Flight::redirectBack();
-			return;
-		}
-
-		if ($user->id === Session::get('user_id') && !isset($form->is_admin)) {
-			Session::alert('You cannot demote yourself.', 'danger');
-			Flight::redirectBack();
-			return;
-		}
-
-		if (isset($form->password) && !empty($form->password)) {
-			DB::query('UPDATE `users` SET `email`=?, `username`=?, `password`=?, `is_admin`=?, `active`=? WHERE `id` = ?', [
-				$form->email,
-				$form->username,
-				password_hash($form->password, PASSWORD_DEFAULT),
-				isset($form->is_admin),
-				isset($form->is_active),
-				$user->id
-			]);
-		} else {
-			DB::query('UPDATE `users` SET `email`=?, `username`=?, `is_admin`=?, `active`=? WHERE `id` = ?', [
-				$form->email,
-				$form->username,
-				isset($form->is_admin),
-				isset($form->is_active),
-				$user->id
-			]);
-		}
-
-		Session::alert("User '$form->username' updated!", 'success');
-		Log::info('User ' . Session::get('username') . " updated $user->id.", [$user, array_diff($form->getData(), ['password'])]);
-
-		Flight::redirect('/users');
-
-	}
-
-	public function delete($id): void
-	{
-		$this->checkAdmin();
-
-		$user = DB::query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-		if (!$user) {
-			Flight::error(new NotFoundException());
-			return;
-		}
-
-		if ($user->id === Session::get('user_id')) {
-			Session::alert('You cannot delete yourself.', 'danger');
-			Flight::redirectBack();
-			return;
-		}
-
-		DB::query('DELETE FROM `users` WHERE `id` = ?', $user->id);
-
-		Session::alert('User deleted.', 'success');
-		Log::info('User ' . Session::get('username') . " deleted $user->id.");
-
-		Flight::redirect('/users');
-	}
-
-	public function profile(): void
-	{
-		$this->checkLogin();
-
-		$user = DB::query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', Session::get('user_id'))->fetch();
-
-		if (!$user) {
-			Flight::error(new NotFoundException());
-			return;
-		}
-
-		if ($user->id !== Session::get('user_id') && !Session::get('admin', false)) {
-			Flight::error(new UnauthorizedException());
-			return;
-		}
-
-		Flight::render('user/profile.twig', [
-			'user' => $user
-		]);
-	}
-
-	public function profileEdit($id): void
-	{
-		$this->checkLogin();
-
-		$form = Flight::request()->data;
-
-		$user = DB::query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-		if (!$user) {
-			Flight::error(new NotFoundException());
-			return;
-		}
-
-		if ($user->id !== Session::get('user_id') && !Session::get('admin', false)) {
-			Flight::error(new UnauthorizedException());
-			return;
-		}
-
-		if (!isset($form->email) || empty($form->email)) {
-			Session::alert('The email is required.', 'danger');
-			Flight::redirectBack();
-			return;
-		}
-
-		if (isset($form->password) && !empty($form->password)) {
-			DB::query('UPDATE `users` SET `email`=?, `password`=? WHERE `id` = ?', [
-				$form->email,
-				password_hash($form->password, PASSWORD_DEFAULT),
-				$user->id
-			]);
-		} else {
-			DB::query('UPDATE `users` SET `email`=? WHERE `id` = ?', [
-				$form->email,
-				$user->id
-			]);
-		}
-
-		Session::alert('Profile updated successfully!', 'success');
-		Log::info('User ' . Session::get('username') . " updated profile of $user->id.");
-
-		Flight::redirectBack();
-	}
-
-	public function refreshToken($id): void
-	{
-		$this->checkLogin();
-
-		$user = DB::query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-		if (!$user) {
-			Flight::halt(404);
-			return;
-		}
-
-		if ($user->id !== Session::get('user_id') && !Session::get('admin', false)) {
-			Flight::halt(403);
-			return;
-		}
-
-		$token = $this->generateNewToken();
-
-		DB::query('UPDATE `users` SET `token`=? WHERE `id` = ?', [
-			$token,
-			$user->id
-		]);
-
-		Log::info('User ' . Session::get('username') . " refreshed token of user $user->id.");
-
-		echo $token;
-	}
-
-	public function getShareXconfigFile($id): void
-	{
-		$this->checkLogin();
-
-		$user = DB::query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-		if (!$user) {
-			Flight::halt(404);
-			return;
-		}
-
-		if ($user->id !== Session::get('user_id') && !Session::get('admin', false)) {
-			Flight::halt(403);
-			return;
-		}
-
-		$base_url = Flight::get('config')['base_url'];
-		$json = [
-			'DestinationType' => 'ImageUploader, TextUploader, FileUploader',
-			'RequestURL' => "$base_url/upload",
-			'FileFormName' => 'upload',
-			'Arguments' => [
-				'file' => '$filename$',
-				'text' => '$input$',
-				'token' => $user->token,
-			],
-			'URL' => '$json:url$',
-			'ThumbnailURL' => '$json:url$/raw',
-		];
-
-		Flight::response()->header('Content-Type', 'application/json');
-		Flight::response()->header('Content-Disposition', 'attachment;filename="' . $user->username . '-ShareX.sxcu"');
-		Flight::response()->sendHeaders();
-
-		echo json_encode($json, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT);
-	}
-
-	protected function generateNewToken(): string
-	{
-		do {
-			$token = 'token_' . md5(uniqid('', true));
-		} while (DB::query('SELECT COUNT(*) AS `count` FROM `users` WHERE `token` = ?', $token)->fetch()->count > 0);
-
-		return $token;
-	}
-}
+    const PER_PAGE = 15;
+
+    /**
+     * @param  Response  $response
+     * @param  int|null  $page
+     *
+     * @return Response
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     *
+     * @throws \Twig\Error\LoaderError
+     */
+    public function index(Response $response, int $page = 0): Response
+    {
+        $page = max(0, --$page);
+
+        $users = $this->database->query('SELECT * FROM `users` LIMIT ? OFFSET ?', [self::PER_PAGE, $page * self::PER_PAGE])->fetchAll();
+
+        $pages = $this->database->query('SELECT COUNT(*) AS `count` FROM `users`')->fetch()->count / self::PER_PAGE;
+
+        return view()->render(
+            $response,
+            'user/index.twig',
+            [
+                'users' => $users,
+                'next' => $page < floor($pages),
+                'previous' => $page >= 1,
+                'current_page' => ++$page,
+                'quota_enabled' => $this->getSetting('quota_enabled'),
+            ]
+        );
+    }
+
+    /**
+     * @param  Response  $response
+     *
+     * @return Response
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     *
+     * @throws \Twig\Error\LoaderError
+     */
+    public function create(Response $response): Response
+    {
+        return view()->render($response, 'user/create.twig', [
+            'default_user_quota' => humanFileSize($this->getSetting('default_user_quota'), 0, true),
+            'quota_enabled' => $this->getSetting('quota_enabled', 'off'),
+        ]);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     *
+     * @return Response
+     * @throws \Exception
+     */
+    public function store(Request $request, Response $response): Response
+    {
+        $maxUserQuota = -1;
+        $validator = $this->getUserCreateValidator($request)
+            ->callIf($this->getSetting('quota_enabled') === 'on', function ($session) use (&$maxUserQuota, &$request) {
+                $maxUserQuota = param($request, 'max_user_quota', humanFileSize($this->getSetting('default_user_quota'), 0, true));
+                if (!preg_match('/(^[0-9]+[B|K|M|G|T]$)|(^\-1$)/i', $maxUserQuota)) {
+                    $session->alert(lang('invalid_quota', 'danger'));
+                    return false;
+                }
+
+                if ($maxUserQuota !== '-1') {
+                    $maxUserQuota = stringToBytes($maxUserQuota);
+                }
+
+                return true;
+            });
+
+        if ($validator->fails()) {
+            return redirect($response, route('user.create'));
+        }
+
+        make(UserRepository::class)->create(
+            param($request, 'email'),
+            param($request, 'username'),
+            param($request, 'password'),
+            param($request, 'is_admin') !== null ? 1 : 0,
+            param($request, 'is_active') !== null ? 1 : 0,
+            $maxUserQuota,
+            false,
+            param($request, 'hide_uploads') !== null ? 1 : 0,
+            param($request, 'copy_raw') !== null ? 1 : 0
+        );
+
+        if (param($request, 'send_notification') !== null) {
+            $resetToken = null;
+            if (empty(param($request, 'password'))) {
+                $resetToken = bin2hex(random_bytes(16));
+
+                $this->database->query('UPDATE `users` SET `reset_token`=? WHERE `id` = ?', [
+                    $resetToken,
+                    $this->database->getPdo()->lastInsertId(),
+                ]);
+            }
+            $this->sendCreateNotification($request, $resetToken);
+        }
+
+        $this->session->alert(lang('user_created', [param($request, 'username')]), 'success');
+        $this->logger->info('User '.$this->session->get('username').' created a new user.', [array_diff_key($request->getParsedBody(), array_flip(['password']))]);
+
+        return redirect($response, route('user.index'));
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     *
+     * @return Response
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     */
+    public function edit(Request $request, Response $response, int $id): Response
+    {
+        $user = make(UserRepository::class)->get($request, $id);
+
+        return view()->render($response, 'user/edit.twig', [
+            'profile' => false,
+            'user' => $user,
+            'quota_enabled' => $this->getSetting('quota_enabled', 'off'),
+            'max_disk_quota' => $user->max_disk_quota > 0 ? humanFileSize($user->max_disk_quota, 0, true) : -1,
+        ]);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     *
+     * @return Response
+     */
+    public function update(Request $request, Response $response, int $id): Response
+    {
+        $user = make(UserRepository::class)->get($request, $id);
+        $user->max_disk_quota = -1;
+
+        /** @var ValidationHelper $validator */
+        $validator = make(ValidationHelper::class)
+            ->alertIf(!filter_var(param($request, 'email'), FILTER_VALIDATE_EMAIL), 'email_required')
+            ->alertIf(empty(param($request, 'username')), 'username_required')
+            ->alertIf($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `email` = ? AND `email` <> ?', [param($request, 'email'), $user->email])->fetch()->count != 0, 'email_taken')
+            ->alertIf($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `username` = ? AND `username` <> ?', [param($request, 'username'), $user->username])->fetch()->count != 0, 'username_taken')
+            ->alertIf($user->id === $this->session->get('user_id') && param($request, 'is_admin') === null, 'cannot_demote')
+            ->callIf($this->getSetting('quota_enabled') === 'on', function ($session) use (&$user, &$request) {
+                $maxUserQuota = param($request, 'max_user_quota', humanFileSize($this->getSetting('default_user_quota'), 0, true));
+                if (!preg_match('/(^[0-9]+[B|K|M|G|T]$)|(^\-1$)/i', $maxUserQuota)) {
+                    $session->alert(lang('invalid_quota', 'danger'));
+                    return false;
+                }
+
+                if ($maxUserQuota !== '-1') {
+                    $user->max_disk_quota = stringToBytes($maxUserQuota);
+                }
+
+                return true;
+            });
+
+        if ($validator->fails()) {
+            return redirect($response, route('user.edit', ['id' => $id]));
+        }
+
+        make(UserRepository::class)->update(
+            $user->id,
+            param($request, 'email'),
+            param($request, 'username'),
+            param($request, 'password'),
+            param($request, 'is_admin') !== null ? 1 : 0,
+            param($request, 'is_active') !== null ? 1 : 0,
+            $user->max_disk_quota,
+            param($request, 'ldap') !== null ? 1 : 0,
+            param($request, 'hide_uploads') !== null ? 1 : 0,
+            param($request, 'copy_raw') !== null ? 1 : 0
+        );
+
+        if ($user->id === $this->session->get('user_id')) {
+            $this->setSessionQuotaInfo($user->current_disk_quota, $user->max_disk_quota);
+        }
+
+        $this->session->alert(lang('user_updated', [param($request, 'username')]), 'success');
+        $this->logger->info('User '.$this->session->get('username')." updated $user->id.", [
+            array_diff_key((array) $user, array_flip(['password'])),
+            array_diff_key($request->getParsedBody(), array_flip(['password'])),
+        ]);
+
+        return redirect($response, route('user.index'));
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     *
+     * @return Response
+     */
+    public function delete(Request $request, Response $response, int $id): Response
+    {
+        $user = make(UserRepository::class)->get($request, $id);
+
+        if ($user->id === $this->session->get('user_id')) {
+            $this->session->alert(lang('cannot_delete'), 'danger');
+
+            return redirect($response, route('user.index'));
+        }
+
+        $this->database->query('DELETE FROM `users` WHERE `id` = ?', $user->id);
+
+        $this->session->alert(lang('user_deleted'), 'success');
+        $this->logger->info('User '.$this->session->get('username')." deleted $user->id.");
+
+        return redirect($response, route('user.index'));
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     * @return Response
+     */
+    public function clearUserMedia(Request $request, Response $response, int $id): Response
+    {
+        $user = make(UserRepository::class)->get($request, $id, true);
+
+        $medias = $this->database->query('SELECT * FROM `uploads` WHERE `user_id` = ?', $user->id);
+
+        foreach ($medias as $media) {
+            try {
+                $this->storage->delete($media->storage_path);
+            } catch (FileNotFoundException $e) {
+            }
+        }
+
+        $this->database->query('DELETE FROM `uploads` WHERE `user_id` = ?', $user->id);
+        $this->database->query('UPDATE `users` SET `current_disk_quota`=? WHERE `id` = ?', [
+            0,
+            $user->id,
+        ]);
+
+        $this->session->alert(lang('account_media_deleted'), 'success');
+        return redirect($response, route('user.edit', ['id' => $id]));
+    }
+
+    /**
+     * @param  Request  $request
+     * @param  Response  $response
+     * @param  int  $id
+     *
+     * @return Response
+     */
+    public function refreshToken(Request $request, Response $response, int $id): Response
+    {
+        $query = make(UserRepository::class);
+        $user = $query->get($request, $id, true);
+
+        $this->logger->info('User '.$this->session->get('username')." refreshed token of user $user->id.");
+
+        $response->getBody()->write($query->refreshToken($user->id));
+
+        return $response;
+    }
+
+    /**
+     * @param $request
+     * @param  null  $resetToken
+     */
+    private function sendCreateNotification($request, $resetToken = null)
+    {
+        if ($resetToken === null && !empty(param($request, 'password'))) {
+            $message = lang('mail.new_account_text_with_pw', [
+                param($request, 'username'),
+                $this->config['app_name'],
+                $this->config['base_url'],
+                $this->config['base_url'],
+                param($request, 'username'),
+                param($request, 'password'),
+                route('login.show'),
+                route('login.show'),
+            ]);
+        } else {
+            $message = lang('mail.new_account_text_with_reset', [
+                param($request, 'username'),
+                $this->config['app_name'],
+                $this->config['base_url'],
+                $this->config['base_url'],
+                route('recover.password', ['resetToken' => $resetToken]),
+                route('recover.password', ['resetToken' => $resetToken]),
+            ]);
+        }
+
+        Mail::make()
+            ->from(platform_mail(), $this->config['app_name'])
+            ->to(param($request, 'email'))
+            ->subject(lang('mail.new_account', [$this->config['app_name']]))
+            ->message($message)
+            ->send();
+    }
+}

app/Database/DB.php

@@ -2,125 +2,64 @@
 
 namespace App\Database;
 
-
 use PDO;
 
 class DB
 {
+    /** @var DB */
+    protected static $instance;
 
-	/** @var  DB */
-	protected static $instance;
+    /** @var PDO */
+    protected $pdo;
 
-	/** @var string */
-	private static $password;
+    /** @var string */
+    protected $currentDriver;
 
-	/** @var string */
-	private static $username;
+    public function __construct(string $dsn, string $username = null, string $password = null)
+    {
+        $this->pdo = new PDO($dsn, $username, $password);
+        $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+        $this->pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
 
-	/** @var PDO */
-	protected $pdo;
+        $this->currentDriver = $this->pdo->getAttribute(PDO::ATTR_DRIVER_NAME);
+        if ($this->currentDriver === 'sqlite') {
+            $this->pdo->exec('PRAGMA foreign_keys = ON');
+        }
+    }
 
-	/** @var string */
-	protected static $dsn = 'database.db';
+    public function query(string $query, $parameters = [])
+    {
+        if (!is_array($parameters)) {
+            $parameters = [$parameters];
+        }
+        $query = $this->pdo->prepare($query);
 
-	/** @var string */
-	protected $currentDriver;
+        foreach ($parameters as $index => $parameter) {
+            $query->bindValue($index + 1, $parameter, is_int($parameter) ? PDO::PARAM_INT : PDO::PARAM_STR);
+        }
 
-	public function __construct(string $dsn, $username, $password)
-	{
+        $query->execute();
 
-		$this->pdo = new PDO($dsn, $username, $password);
-		$this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-		$this->pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
+        return $query;
+    }
 
-		$this->currentDriver = $this->pdo->getAttribute(PDO::ATTR_DRIVER_NAME);
-		if ($this->currentDriver === 'sqlite') {
-			$this->pdo->exec('PRAGMA foreign_keys = ON');
-		}
-	}
+    /**
+     * Get the PDO instance.
+     *
+     * @return PDO
+     */
+    public function getPdo(): PDO
+    {
+        return $this->pdo;
+    }
 
-	public function doQuery(string $query, $parameters = [])
-	{
-		if (!is_array($parameters)) {
-			$parameters = [$parameters];
-		}
-		$query = $this->pdo->prepare($query);
-		$query->execute($parameters);
-		return $query;
-	}
-
-	/**
-	 * Get the PDO instance
-	 * @return PDO
-	 */
-	public function getPdo(): PDO
-	{
-		return $this->pdo;
-	}
-
-	/**
-	 * Get the current PDO driver
-	 * @return string
-	 */
-	public function getCurrentDriver(): string
-	{
-		return $this->currentDriver;
-	}
-
-	/**
-	 * Perform a query
-	 * @param string $query
-	 * @param array $parameters
-	 * @return bool|\PDOStatement|string
-	 */
-	public static function query(string $query, $parameters = [])
-	{
-
-		if (self::$instance === null) {
-			self::$instance = new self(self::$dsn, self::$username, self::$password);
-		}
-
-		return self::$instance->doQuery($query, $parameters);
-	}
-
-	/**
-	 * Static method to get the current driver name
-	 * @return string
-	 */
-	public static function driver(): string
-	{
-
-		if (self::$instance === null) {
-			self::$instance = new self(self::$dsn, self::$username, self::$password);
-		}
-
-		return self::$instance->getCurrentDriver();
-	}
-
-	/**
-	 * Get directly the PDO instance
-	 * @return PDO
-	 */
-	public static function raw(): PDO
-	{
-		if (self::$instance === null) {
-			self::$instance = new self(self::$dsn, self::$username, self::$password);
-		}
-
-		return self::$instance->getPdo();
-	}
-
-	/**
-	 * Set the PDO connection string
-	 * @param string $dsn
-	 * @param string|null $username
-	 * @param string|null $password
-	 */
-	public static function setDsn(string $dsn, string $username = null, string $password = null): void
-	{
-		self::$dsn = $dsn;
-		self::$username = $username;
-		self::$password = $password;
-	}
-
-}
+    /**
+     * Get the current PDO driver.
+     *
+     * @return string
+     */
+    public function getCurrentDriver(): string
+    {
+        return $this->currentDriver;
+    }
+}

app/Database/Migrator.php

@@ -0,0 +1,111 @@
+<?php
+
+namespace App\Database;
+
+use League\Flysystem\FileNotFoundException;
+use League\Flysystem\Filesystem;
+use PDOException;
+
+class Migrator
+{
+    /**
+     * @var DB
+     */
+    private $db;
+    /**
+     * @var string
+     */
+    private $schemaPath;
+
+    /**
+     * Migrator constructor.
+     *
+     * @param  DB  $db
+     * @param  string|null  $schemaPath
+     */
+    public function __construct(DB $db, ?string $schemaPath)
+    {
+        $this->db = $db;
+        $this->schemaPath = $schemaPath;
+    }
+
+    public function migrate(): void
+    {
+        $this->db->getPdo()->exec(file_get_contents($this->schemaPath.DIRECTORY_SEPARATOR.'migrations.sql'));
+
+        $files = glob($this->schemaPath.'/'.$this->db->getCurrentDriver().'/*.sql');
+
+        $names = array_map(static function ($path) {
+            return basename($path);
+        }, $files);
+
+        $in = str_repeat('?, ', count($names) - 1).'?';
+
+        $inMigrationsTable = $this->db->query("SELECT * FROM `migrations` WHERE `name` IN ($in)", $names)->fetchAll();
+
+        foreach ($files as $file) {
+            $continue = false;
+            $exists = false;
+
+            foreach ($inMigrationsTable as $migration) {
+                if (basename($file) === $migration->name && $migration->migrated) {
+                    $continue = true;
+                    break;
+                }
+
+                if (basename($file) === $migration->name && !$migration->migrated) {
+                    $exists = true;
+                    break;
+                }
+            }
+            if ($continue) {
+                continue;
+            }
+
+            $sql = file_get_contents($file);
+
+            try {
+                $this->db->getPdo()->exec($sql);
+                if (!$exists) {
+                    $this->db->query('INSERT INTO `migrations` VALUES (?,?)', [basename($file), 1]);
+                } else {
+                    $this->db->query('UPDATE `migrations` SET `migrated`=? WHERE `name`=?', [1, basename($file)]);
+                }
+            } catch (PDOException $exception) {
+                if (!$exists) {
+                    $this->db->query('INSERT INTO `migrations` VALUES (?,?)', [basename($file), 0]);
+                }
+
+                throw $exception;
+            }
+        }
+    }
+
+    /**
+     * @param  Filesystem  $filesystem
+     */
+    public function reSyncQuotas(Filesystem $filesystem)
+    {
+        $uploads = $this->db->query('SELECT `id`,`user_id`, `storage_path` FROM `uploads`')->fetchAll();
+
+        $usersQuotas = [];
+
+        foreach ($uploads as $upload) {
+            if (!array_key_exists($upload->user_id, $usersQuotas)) {
+                $usersQuotas[$upload->user_id] = 0;
+            }
+            try {
+                $usersQuotas[$upload->user_id] += $filesystem->getSize($upload->storage_path);
+            } catch (FileNotFoundException $e) {
+                $this->db->query('DELETE FROM `uploads` WHERE `id` = ?', $upload->id);
+            }
+        }
+
+        foreach ($usersQuotas as $userId => $quota) {
+            $this->db->query('UPDATE `users` SET `current_disk_quota`=? WHERE `id` = ?', [
+                $quota,
+                $userId,
+            ]);
+        }
+    }
+}

app/Database/Repositories/MediaRepository.php

@@ -0,0 +1,387 @@
+<?php
+
+namespace App\Database\Repositories;
+
+use App\Database\DB;
+use League\Flysystem\FileNotFoundException;
+use League\Flysystem\Filesystem;
+use League\Flysystem\Plugin\ListWith;
+
+class MediaRepository
+{
+    public const PER_PAGE = 21;
+    public const PER_PAGE_ADMIN = 27;
+
+    public const ORDER_TIME = 0;
+    public const ORDER_NAME = 1;
+    public const ORDER_SIZE = 2;
+
+    /** @var DB */
+    protected $db;
+
+    /** @var bool */
+    protected $isAdmin;
+
+    protected $userId;
+
+    /** @var int */
+    protected $orderBy;
+
+    /** @var string */
+    protected $orderMode;
+
+    /** @var string */
+    protected $text;
+
+    /** @var Filesystem */
+    protected $storage;
+
+    private $pages;
+    private $media;
+
+    /**
+     * @var int
+     */
+    private $tagId;
+
+    /**
+     * MediaQuery constructor.
+     *
+     * @param  DB  $db
+     * @param  bool  $isAdmin
+     * @param  Filesystem  $storage
+     */
+    public function __construct(DB $db, Filesystem $storage, bool $isAdmin)
+    {
+        $this->db = $db;
+        $this->isAdmin = $isAdmin;
+        $this->storage = $storage;
+    }
+
+    /**
+     * @param  DB  $db
+     * @param  bool  $isAdmin
+     * @param  Filesystem  $storage
+     * @return MediaRepository
+     */
+    public static function make(DB $db, Filesystem $storage, bool $isAdmin)
+    {
+        return new self($db, $storage, $isAdmin);
+    }
+
+    /**
+     * @param $id
+     *
+     * @return $this
+     */
+    public function withUserId($id): MediaRepository
+    {
+        $this->userId = $id;
+
+        return $this;
+    }
+
+    /**
+     * @param  string|null  $type
+     * @param  string  $mode
+     *
+     * @return $this
+     */
+    public function orderBy(string $type = null, $mode = 'ASC'): MediaRepository
+    {
+        $this->orderBy = $type ?? self::ORDER_TIME;
+        $this->orderMode = (strtoupper($mode) === 'ASC') ? 'ASC' : 'DESC';
+
+        return $this;
+    }
+
+    /**
+     * @param  string|null  $text
+     *
+     * @return $this
+     */
+    public function search(?string $text): MediaRepository
+    {
+        $this->text = $text;
+
+        return $this;
+    }
+
+    /**
+     * @param $tagId
+     * @return $this
+     */
+    public function filterByTag($tagId): MediaRepository
+    {
+        if ($tagId !== null) {
+            $this->tagId = (int) $tagId;
+        }
+
+        return $this;
+    }
+
+
+    /**
+     * @param  int  $page
+     * @return $this
+     */
+    public function run(int $page): MediaRepository
+    {
+        if ($this->orderBy == self::ORDER_SIZE) {
+            $this->runWithFileSort($page);
+        } else {
+            $this->runWithDbSort($page);
+        }
+
+        return $this;
+    }
+
+    /**
+     * @param  int  $page
+     * @return $this
+     */
+    public function runWithDbSort(int $page): MediaRepository
+    {
+        $params = [];
+        if ($this->isAdmin) {
+            [$queryMedia, $queryPages] = $this->buildAdminQueries();
+            $constPage = self::PER_PAGE_ADMIN;
+        } else {
+            [$queryMedia, $queryPages] = $this->buildUserQueries();
+            $params[] = $this->userId;
+            $constPage = self::PER_PAGE;
+        }
+
+        if ($this->text !== null) {
+            $params[] = '%'.htmlentities($this->text).'%';
+        }
+
+        $queryMedia .= $this->buildOrderBy().' LIMIT ? OFFSET ?';
+
+        $this->media = $this->db->query($queryMedia, array_merge($params, [$constPage, $page * $constPage]))->fetchAll();
+        $this->pages = $this->db->query($queryPages, $params)->fetch()->count / $constPage;
+
+        $tags = $this->getTags(array_column($this->media, 'id'));
+
+        foreach ($this->media as $media) {
+            try {
+                $media->size = humanFileSize($this->storage->getSize($media->storage_path));
+                $media->mimetype = $this->storage->getMimetype($media->storage_path);
+            } catch (FileNotFoundException $e) {
+                $media->size = null;
+                $media->mimetype = null;
+            }
+            $media->extension = pathinfo($media->filename, PATHINFO_EXTENSION);
+            if (array_key_exists($media->id, $tags)) {
+                $media->tags = $tags[$media->id];
+            } else {
+                $media->tags = [];
+            }
+        }
+
+        return $this;
+    }
+
+    /**
+     * @param  int  $page
+     * @return $this
+     */
+    public function runWithFileSort(int $page): MediaRepository
+    {
+        $this->storage->addPlugin(new ListWith());
+
+        if ($this->isAdmin) {
+            $files = $this->storage->listWith(['size', 'mimetype'], '/', true);
+            $offset = $page * self::PER_PAGE_ADMIN;
+            $limit = self::PER_PAGE_ADMIN;
+        } else {
+            $userCode = $this->db->query('SELECT `user_code` FROM `users` WHERE `id` = ?', $this->userId)->fetch()->user_code;
+            $files = $this->storage->listWith(['size', 'mimetype'], $userCode);
+            $offset = $page * self::PER_PAGE;
+            $limit = self::PER_PAGE;
+        }
+
+        $files = array_filter($files, function ($file) {
+            return $file['type'] !== 'dir';
+        });
+
+        array_multisort(array_column($files, 'size'), $this->buildOrderBy(), SORT_NUMERIC, $files);
+
+        $params = [];
+        $queryPagesParams = [];
+
+        if ($this->text !== null) {
+            if ($this->isAdmin) {
+                [$queryMedia, $queryPages] = $this->buildAdminQueries();
+            } else {
+                [$queryMedia, $queryPages] = $this->buildUserQueries();
+                $params[] = $this->userId;
+            }
+
+            $params[] = '%'.htmlentities($this->text).'%';
+            $queryPagesParams = $params;
+            $paths = array_column($files, 'path');
+        } elseif ($this->tagId !== null) {
+            if ($this->isAdmin) {
+                [, $queryPages] = $this->buildAdminQueries();
+            } else {
+                [, $queryPages] = $this->buildUserQueries();
+                $queryPagesParams[] = $this->userId;
+            }
+
+            $paths = array_column($files, 'path');
+            $ids = $this->getMediaIdsByTagId($this->tagId);
+            $queryMedia = 'SELECT `uploads`.*, `users`.`user_code`, `users`.`username` FROM `uploads` LEFT JOIN `users` ON `uploads`.`user_id` = `users`.`id` WHERE `uploads`.`storage_path` IN ("'.implode('","', $paths).'") AND `uploads`.`id` IN ('.implode(',', $ids).')';
+        } else {
+            if ($this->isAdmin) {
+                [, $queryPages] = $this->buildAdminQueries();
+            } else {
+                [, $queryPages] = $this->buildUserQueries();
+                $queryPagesParams[] = $this->userId;
+            }
+
+            $files = array_slice($files, $offset, $limit, true);
+            $paths = array_column($files, 'path');
+            $queryMedia = 'SELECT `uploads`.*, `users`.`user_code`, `users`.`username` FROM `uploads` LEFT JOIN `users` ON `uploads`.`user_id` = `users`.`id` WHERE `uploads`.`storage_path` IN ("'.implode('","', $paths).'")';
+        }
+
+        $medias = $this->db->query($queryMedia, $params)->fetchAll();
+
+        $paths = array_flip($paths);
+        foreach ($medias as $media) {
+            $paths[$media->storage_path] = $media;
+        }
+
+        $tags = $this->getTags(array_column($medias, 'id'));
+
+        $this->media = [];
+        foreach ($files as $file) {
+            $media = $paths[$file['path']];
+            if (is_object($media)) {
+                $media->size = humanFileSize($file['size']);
+                $media->extension = $file['extension'];
+                $media->mimetype = $file['mimetype'];
+                $this->media[] = $media;
+                if (array_key_exists($media->id, $tags)) {
+                    $media->tags = $tags[$media->id];
+                } else {
+                    $media->tags = [];
+                }
+            }
+        }
+
+        $this->pages = $this->db->query($queryPages, $queryPagesParams)->fetch()->count / $limit;
+
+        if ($this->text !== null || $this->tagId !== null) {
+            $this->media = array_slice($this->media, $offset, $limit, true);
+        }
+
+        return $this;
+    }
+
+    protected function buildAdminQueries()
+    {
+        $queryPages = 'SELECT COUNT(*) AS `count` FROM `uploads`';
+        $queryMedia = 'SELECT `uploads`.*, `users`.`user_code`, `users`.`username` FROM `uploads` LEFT JOIN `users` ON `uploads`.`user_id` = `users`.`id`';
+
+        if ($this->text !== null || $this->tagId !== null) {
+            $queryMedia .= ' WHERE';
+            $queryPages .= ' WHERE';
+        }
+
+        if ($this->text !== null) {
+            $queryMedia .= ' `uploads`.`filename` LIKE ?';
+            $queryPages .= ' `filename` LIKE ?';
+        }
+
+        if ($this->tagId !== null) {
+            if ($this->text !== null) {
+                $queryMedia .= ' AND';
+                $queryPages .= ' AND';
+            }
+
+            $ids = $this->getMediaIdsByTagId($this->tagId);
+            $queryMedia .= ' `uploads`.`id` IN ('.implode(',', $ids).')';
+            $queryPages .= ' `uploads`.`id` IN ('.implode(',', $ids).')';
+        }
+
+        return [$queryMedia, $queryPages];
+    }
+
+    protected function buildUserQueries()
+    {
+        $queryPages = 'SELECT COUNT(*) AS `count` FROM `uploads` WHERE `user_id` = ?';
+        $queryMedia = 'SELECT `uploads`.*,`users`.`user_code`, `users`.`username` FROM `uploads` INNER JOIN `users` ON `uploads`.`user_id` = `users`.`id` WHERE `user_id` = ?';
+
+        if ($this->text !== null) {
+            $queryMedia .= ' AND `uploads`.`filename` LIKE ? ';
+            $queryPages .= ' AND `filename` LIKE ?';
+        }
+
+        if ($this->tagId !== null) {
+            $ids = $this->getMediaIdsByTagId($this->tagId);
+            $queryMedia .= ' AND `uploads`.`id` IN ('.implode(',', $ids).')';
+            $queryPages .= ' AND `uploads`.`id` IN ('.implode(',', $ids).')';
+        }
+
+        return [$queryMedia, $queryPages];
+    }
+
+    protected function buildOrderBy()
+    {
+        switch ($this->orderBy) {
+            case self::ORDER_NAME:
+                return ' ORDER BY `filename` '.$this->orderMode;
+            case self::ORDER_TIME:
+                return ' ORDER BY `timestamp` '.$this->orderMode;
+            case self::ORDER_SIZE:
+                return ($this->orderMode === 'ASC') ? SORT_ASC : SORT_DESC;
+            default:
+                return '';
+        }
+    }
+
+    /**
+     * @param  array  $mediaIds
+     * @return array
+     */
+    protected function getTags(array $mediaIds)
+    {
+        $allTags = $this->db->query('SELECT `uploads_tags`.`upload_id`,`tags`.`id`, `tags`.`name` FROM `uploads_tags` INNER JOIN `tags` ON `uploads_tags`.`tag_id` = `tags`.`id` WHERE `uploads_tags`.`upload_id` IN ("'.implode('","', $mediaIds).'") ORDER BY `tags`.`timestamp`')->fetchAll();
+        $tags = [];
+        foreach ($allTags as $tag) {
+            $tags[$tag->upload_id][$tag->id] = $tag->name;
+        }
+        return $tags;
+    }
+
+    /**
+     * @param $tagId
+     * @return array
+     */
+    protected function getMediaIdsByTagId($tagId)
+    {
+        $mediaIds = $this->db->query('SELECT `upload_id` FROM `uploads_tags` WHERE `tag_id` = ?', $tagId)->fetchAll();
+        $ids = [-1];
+        foreach ($mediaIds as $pivot) {
+            $ids[] = $pivot->upload_id;
+        }
+        return $ids;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getMedia()
+    {
+        return $this->media;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPages()
+    {
+        return $this->pages;
+    }
+}

app/Database/Repositories/TagRepository.php

@@ -0,0 +1,106 @@
+<?php
+
+
+namespace App\Database\Repositories;
+
+use App\Database\DB;
+use PDO;
+
+class TagRepository
+{
+    public const PER_MEDIA_LIMIT = 10;
+
+    /**
+     * @var DB
+     */
+    private $db;
+    /**
+     * @var null|bool
+     */
+    private $isAdmin;
+    /**
+     * @var null|int|string
+     */
+    private $userId;
+
+    public function __construct(DB $db, $isAdmin = null, $userId = null)
+    {
+        $this->db = $db;
+        $this->isAdmin = $isAdmin;
+        $this->userId = $userId;
+    }
+
+    /**
+     * @return array
+     */
+    public function all()
+    {
+        if ($this->isAdmin) {
+            return $this->db->query('SELECT * FROM `tags` ORDER BY `name`')->fetchAll();
+        }
+
+        return $this->db->query('SELECT DISTINCT `tags`.* FROM `tags` INNER JOIN `uploads_tags` ON `tags`.`id` = `uploads_tags`.`tag_id` INNER JOIN `uploads` ON `uploads`.`id` = `uploads_tags`.`upload_id` WHERE `uploads`.`user_id` = ? ORDER BY `tags`.`name`', $this->userId)->fetchAll();
+    }
+
+    /**
+     * @param  string  $tagName
+     * @param $mediaId
+     * @return array [id, limit]
+     */
+    public function addTag(string $tagName, $mediaId)
+    {
+        $tag = $this->db->query('SELECT * FROM `tags` WHERE `name` = ? LIMIT 1', $tagName)->fetch();
+
+        $connectedIds = $this->db->query('SELECT `tag_id` FROM `uploads_tags` WHERE `upload_id` = ?', $mediaId)->fetchAll(PDO::FETCH_COLUMN, 0);
+
+        if (!$tag && count($connectedIds) < self::PER_MEDIA_LIMIT) {
+            $this->db->query('INSERT INTO `tags`(`name`) VALUES (?)', strtolower($tagName));
+
+            $tagId = $this->db->getPdo()->lastInsertId();
+
+            $this->db->query('INSERT INTO `uploads_tags`(`upload_id`, `tag_id`) VALUES (?, ?)', [
+                $mediaId,
+                $tagId,
+            ]);
+
+            return [$tagId, false];
+        }
+
+        if (count($connectedIds) >= self::PER_MEDIA_LIMIT || in_array($tag->id, $connectedIds)) {
+            return [null, true];
+        }
+
+        $this->db->query('INSERT INTO `uploads_tags`(`upload_id`, `tag_id`) VALUES (?, ?)', [
+            $mediaId,
+            $tag->id,
+        ]);
+
+        return [$tag->id, false];
+    }
+
+    /**
+     * @param $tagId
+     * @param $mediaId
+     * @return bool
+     */
+    public function removeTag($tagId, $mediaId)
+    {
+        $tag = $this->db->query('SELECT * FROM `tags` WHERE `id` = ? LIMIT 1', $tagId)->fetch();
+
+        if ($tag) {
+            $this->db->query('DELETE FROM `uploads_tags` WHERE `upload_id` = ? AND `tag_id` = ?', [
+                $mediaId,
+                $tag->id,
+            ]);
+
+            if ($this->db->query('SELECT COUNT(*) AS `count` FROM `uploads_tags` WHERE `tag_id` = ?', $tag->id)->fetch()->count == 0) {
+                $this->db->query('DELETE FROM `tags` WHERE `id` = ? ', $tag->id);
+                return true;
+            }
+
+            return false;
+        }
+
+        return null;
+    }
+}

app/Database/Repositories/UserRepository.php

@@ -0,0 +1,181 @@
+<?php
+
+
+namespace App\Database\Repositories;
+
+use App\Database\DB;
+use App\Web\Session;
+use InvalidArgumentException;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Exception\HttpNotFoundException;
+use Slim\Exception\HttpUnauthorizedException;
+
+class UserRepository
+{
+    /**
+     * @var DB
+     */
+    private $database;
+    /**
+     * @var Session
+     */
+    private $session;
+
+    /**
+     * UserQuery constructor.
+     * @param  DB  $db
+     * @param  Session|null  $session
+     */
+    public function __construct(DB $db, ?Session $session)
+    {
+        $this->database = $db;
+        $this->session = $session;
+    }
+
+    /**
+     * @param  DB  $db
+     * @param  Session|null  $session
+     * @return UserRepository
+     */
+    public static function make(DB $db, Session $session = null)
+    {
+        return new self($db, $session);
+    }
+
+    /**
+     * @param  Request  $request
+     * @param $id
+     * @param  bool  $authorize
+     * @return mixed
+     * @throws HttpNotFoundException
+     * @throws HttpUnauthorizedException
+     */
+    public function get(Request $request, $id, $authorize = false)
+    {
+        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
+
+        if (!$user) {
+            throw new HttpNotFoundException($request);
+        }
+
+        if ($authorize) {
+            if ($this->session === null) {
+                throw new InvalidArgumentException('The session is null.');
+            }
+
+            if ($user->id !== $this->session->get('user_id') && !$this->session->get('admin', false)) {
+                throw new HttpUnauthorizedException($request);
+            }
+        }
+
+        return $user;
+    }
+
+    /**
+     * @param  string  $email
+     * @param  string  $username
+     * @param  string|null  $password
+     * @param  int  $isAdmin
+     * @param  int  $isActive
+     * @param  int  $maxUserQuota
+     * @param  string|null  $activateToken
+     * @param  int  $ldap
+     * @param  int  $hideUploads
+     * @param  int  $copyRaw
+     * @return bool|\PDOStatement|string
+     */
+    public function create(string $email, string $username, string $password = null, int $isAdmin = 0, int $isActive = 0, int $maxUserQuota = -1, string $activateToken = null, int $ldap = 0, int $hideUploads = 0, int $copyRaw = 0)
+    {
+        do {
+            $userCode = humanRandomString(5);
+        } while ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `user_code` = ?', $userCode)->fetch()->count > 0);
+
+        $token = $this->generateUserUploadToken();
+
+        return $this->database->query('INSERT INTO `users`(`email`, `username`, `password`, `is_admin`, `active`, `user_code`, `token`, `max_disk_quota`, `activate_token`, `ldap`, `hide_uploads`, `copy_raw`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', [
+            $email,
+            $username,
+            $password !== null ? password_hash($password, PASSWORD_DEFAULT) : null,
+            $isAdmin,
+            $isActive,
+            $userCode,
+            $token,
+            $maxUserQuota,
+            $activateToken,
+            $ldap,
+            $hideUploads,
+            $copyRaw,
+        ]);
+    }
+
+    /**
+     * @param $id
+     * @param  string  $email
+     * @param  string  $username
+     * @param  string|null  $password
+     * @param  int  $isAdmin
+     * @param  int  $isActive
+     * @param  int  $maxUserQuota
+     * @param  int  $ldap
+     * @param  int  $hideUploads
+     * @param  int  $copyRaw
+     * @return bool|\PDOStatement|string
+     */
+    public function update($id, string $email, string $username, string $password = null, int $isAdmin = 0, int $isActive = 0, int $maxUserQuota = -1, int $ldap = 0, int $hideUploads = 0, int $copyRaw = 0)
+    {
+        if (!empty($password)) {
+            return $this->database->query('UPDATE `users` SET `email`=?, `username`=?, `password`=?, `is_admin`=?, `active`=?, `max_disk_quota`=?, `ldap`=?, `hide_uploads`=?, `copy_raw`=? WHERE `id` = ?', [
+                $email,
+                $username,
+                password_hash($password, PASSWORD_DEFAULT),
+                $isAdmin,
+                $isActive,
+                $maxUserQuota,
+                $ldap,
+                $hideUploads,
+                $copyRaw,
+                $id,
+            ]);
+        }
+
+        return $this->database->query('UPDATE `users` SET `email`=?, `username`=?, `is_admin`=?, `active`=?, `max_disk_quota`=?, `ldap`=?, `hide_uploads`=?, `copy_raw`=? WHERE `id` = ?', [
+            $email,
+            $username,
+            $isAdmin,
+            $isActive,
+            $maxUserQuota,
+            $ldap,
+            $hideUploads,
+            $copyRaw,
+            $id,
+        ]);
+    }
+
+    /**
+     * @param $id
+     * @return string
+     */
+    public function refreshToken($id)
+    {
+        $token = $this->generateUserUploadToken();
+
+        $this->database->query('UPDATE `users` SET `token`=? WHERE `id` = ?', [
+            $token,
+            $id,
+        ]);
+
+        return $token;
+    }
+
+    /**
+     * @return string
+     */
+    protected function generateUserUploadToken(): string
+    {
+        do {
+            $token = 'token_'.md5(uniqid('', true));
+        } while ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `token` = ?', $token)->fetch()->count > 0);
+
+        return $token;
+    }
+}

app/Exceptions/AuthenticationException.php

@@ -1,15 +0,0 @@
-<?php
-
-namespace App\Exceptions;
-
-
-use Exception;
-use Throwable;
-
-class AuthenticationException extends Exception
-{
-	public function __construct(string $message = 'Not Authorized', int $code = 401, Throwable $previous = null)
-	{
-		parent::__construct($message, $code, $previous);
-	}
-}

app/Exceptions/Handlers/AppErrorHandler.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Exceptions\Handlers;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Slim\Handlers\ErrorHandler;
+use Throwable;
+
+class AppErrorHandler extends ErrorHandler
+{
+    protected function logError(string $error): void
+    {
+        resolve('logger')->error($error);
+    }
+
+    public function __invoke(ServerRequestInterface $request, Throwable $exception, bool $displayErrorDetails, bool $logErrors, bool $logErrorDetails): ResponseInterface
+    {
+        $response = parent::__invoke($request, $exception, $displayErrorDetails, $logErrors, $logErrorDetails);
+
+        if ($response->getStatusCode() !== 404) {
+            $this->writeToErrorLog();
+        }
+
+        return $response;
+    }
+}

app/Exceptions/Handlers/Renderers/HtmlErrorRenderer.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace App\Exceptions\Handlers\Renderers;
+
+use App\Exceptions\UnderMaintenanceException;
+use Slim\Exception\HttpBadRequestException;
+use Slim\Exception\HttpForbiddenException;
+use Slim\Exception\HttpMethodNotAllowedException;
+use Slim\Exception\HttpNotFoundException;
+use Slim\Exception\HttpUnauthorizedException;
+use Slim\Interfaces\ErrorRendererInterface;
+use Throwable;
+
+class HtmlErrorRenderer implements ErrorRendererInterface
+{
+    /**
+     * @param Throwable $exception
+     * @param bool      $displayErrorDetails
+     *
+     * @throws \Twig\Error\LoaderError
+     * @throws \Twig\Error\RuntimeError
+     * @throws \Twig\Error\SyntaxError
+     *
+     * @return string
+     */
+    public function __invoke(Throwable $exception, bool $displayErrorDetails): string
+    {
+        if ($exception instanceof UnderMaintenanceException) {
+            return view()->string('errors/maintenance.twig');
+        }
+
+        if ($exception instanceof HttpUnauthorizedException || $exception instanceof HttpForbiddenException) {
+            return view()->string('errors/403.twig');
+        }
+
+        if ($exception instanceof HttpMethodNotAllowedException) {
+            return view()->string('errors/405.twig');
+        }
+
+        if ($exception instanceof HttpNotFoundException) {
+            return view()->string('errors/404.twig');
+        }
+
+        if ($exception instanceof HttpBadRequestException) {
+            return view()->string('errors/400.twig');
+        }
+
+        return view()->string('errors/500.twig', ['exception' => $displayErrorDetails ? $exception : null]);
+    }
+}

app/Exceptions/NotFoundException.php

@@ -1,15 +0,0 @@
-<?php
-
-namespace App\Exceptions;
-
-
-use Exception;
-use Throwable;
-
-class NotFoundException extends Exception
-{
-	public function __construct(string $message = 'Not Found', int $code = 404, Throwable $previous = null)
-	{
-		parent::__construct($message, $code, $previous);
-	}
-}

app/Exceptions/UnauthorizedException.php

@@ -1,15 +0,0 @@
-<?php
-
-namespace App\Exceptions;
-
-
-use Exception;
-use Throwable;
-
-class UnauthorizedException extends Exception
-{
-	public function __construct(string $message = 'Forbidden', int $code = 403, Throwable $previous = null)
-	{
-		parent::__construct($message, $code, $previous);
-	}
-}

app/Exceptions/UnderMaintenanceException.php

@@ -0,0 +1,13 @@
+<?php
+
+namespace App\Exceptions;
+
+use Slim\Exception\HttpSpecializedException;
+
+class UnderMaintenanceException extends HttpSpecializedException
+{
+    protected $code = 503;
+    protected $message = 'Platform Under Maintenance.';
+    protected $title = '503 Service Unavailable';
+    protected $description = 'We\'ll be back very soon! :)';
+}

app/Exceptions/ValidationException.php

@@ -0,0 +1,30 @@
+<?php
+
+
+namespace App\Exceptions;
+
+use Exception;
+use Psr\Http\Message\ResponseInterface as Response;
+use Throwable;
+
+class ValidationException extends Exception
+{
+    /**
+     * @var Response
+     */
+    private $response;
+
+    public function __construct(Response $response, $message = "", Throwable $previous = null)
+    {
+        parent::__construct($message, $response->getStatusCode(), $previous);
+        $this->response = $response;
+    }
+
+    /**
+     * @return Response
+     */
+    public function response(): Response
+    {
+        return $this->response;
+    }
+}

app/Factories/ViewFactory.php

@@ -0,0 +1,71 @@
+<?php
+
+namespace App\Factories;
+
+use App\Web\View;
+use Psr\Container\ContainerInterface as Container;
+use Slim\Factory\ServerRequestCreatorFactory;
+use Twig\Environment;
+use Twig\Loader\FilesystemLoader;
+use Twig\TwigFunction;
+
+class ViewFactory
+{
+    public static function createAppInstance(Container $container)
+    {
+        $config = $container->get('config');
+        $loader = new FilesystemLoader(BASE_DIR.'resources/templates');
+
+        $twig = new Environment($loader, [
+            'cache'       => BASE_DIR.'resources/cache/twig',
+            'autoescape'  => 'html',
+            'debug'       => $config['debug'],
+            'auto_reload' => $config['debug'],
+        ]);
+
+        $request = ServerRequestCreatorFactory::determineServerRequestCreator()->createServerRequestFromGlobals();
+
+        $twig->addGlobal('config', $config);
+        $twig->addGlobal('request', $request);
+        $twig->addGlobal('session', $container->get('session'));
+        $twig->addGlobal('current_lang', $container->get('lang')->getLang());
+        $twig->addGlobal('maxUploadSize', stringToBytes(ini_get('post_max_size')));
+        $twig->addGlobal('PLATFORM_VERSION', PLATFORM_VERSION);
+
+        $twig->addFunction(new TwigFunction('route', 'route'));
+        $twig->addFunction(new TwigFunction('lang', 'lang'));
+        $twig->addFunction(new TwigFunction('urlFor', 'urlFor'));
+        $twig->addFunction(new TwigFunction('asset', 'asset'));
+        $twig->addFunction(new TwigFunction('mime2font', 'mime2font'));
+        $twig->addFunction(new TwigFunction('queryParams', 'queryParams'));
+        $twig->addFunction(new TwigFunction('isDisplayableImage', 'isDisplayableImage'));
+        $twig->addFunction(new TwigFunction('inPath', 'inPath'));
+        $twig->addFunction(new TwigFunction('humanFileSize', 'humanFileSize'));
+        $twig->addFunction(new TwigFunction('param', 'param'));
+        $twig->addFunction(new TwigFunction('glue', 'glue'));
+
+        return new View($twig);
+    }
+
+    public static function createInstallerInstance(Container $container)
+    {
+        $config = $container->get('config');
+        $loader = new FilesystemLoader([BASE_DIR.'install/templates', BASE_DIR.'resources/templates']);
+
+        $twig = new Environment($loader, [
+            'cache'       => false,
+            'autoescape'  => 'html',
+            'debug'       => $config['debug'],
+            'auto_reload' => $config['debug'],
+        ]);
+
+        $request = ServerRequestCreatorFactory::determineServerRequestCreator()->createServerRequestFromGlobals();
+
+        $twig->addGlobal('config', $config);
+        $twig->addGlobal('request', $request);
+        $twig->addGlobal('session', $container->get('session'));
+        $twig->addGlobal('PLATFORM_VERSION', PLATFORM_VERSION);
+
+        return new View($twig);
+    }
+}

app/Middleware/AdminMiddleware.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Middleware;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+use Slim\Exception\HttpUnauthorizedException;
+
+class AdminMiddleware extends Middleware
+{
+    /**
+     * @param Request        $request
+     * @param RequestHandler $handler
+     *
+     * @throws HttpUnauthorizedException
+     *
+     * @return ResponseInterface
+     */
+    public function __invoke(Request $request, RequestHandler $handler): ResponseInterface
+    {
+        if (!$this->database->query('SELECT `id`, `is_admin` FROM `users` WHERE `id` = ? LIMIT 1', [$this->session->get('user_id')])->fetch()->is_admin) {
+            $this->session->set('admin', false);
+
+            throw new HttpUnauthorizedException($request);
+        }
+
+        return $handler->handle($request);
+    }
+}

app/Middleware/AuthMiddleware.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace App\Middleware;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+use Slim\Psr7\Factory\ResponseFactory;
+
+class AuthMiddleware extends Middleware
+{
+    /**
+     * @param Request        $request
+     * @param RequestHandler $handler
+     *
+     * @return ResponseInterface
+     */
+    public function __invoke(Request $request, RequestHandler $handler): ResponseInterface
+    {
+        if (!$this->session->get('logged', false)) {
+            $this->session->set('redirectTo', (string) $request->getUri()->getPath());
+
+            return redirect((new ResponseFactory())->createResponse(), route('login.show'));
+        }
+
+        if (!$this->database->query('SELECT `id`, `active` FROM `users` WHERE `id` = ? LIMIT 1', [$this->session->get('user_id')])->fetch()->active) {
+            $this->session->alert(lang('account_disabled'), 'danger');
+            $this->session->set('logged', false);
+
+            return redirect((new ResponseFactory())->createResponse(), route('login.show'));
+        }
+
+        return $handler->handle($request);
+    }
+}

app/Middleware/CheckForMaintenanceMiddleware.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Middleware;
+
+use App\Exceptions\UnderMaintenanceException;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+
+class CheckForMaintenanceMiddleware extends Middleware
+{
+    /**
+     * @param Request        $request
+     * @param RequestHandler $handler
+     *
+     * @throws UnderMaintenanceException
+     *
+     * @return Response
+     */
+    public function __invoke(Request $request, RequestHandler $handler): Response
+    {
+        if ($this->config['maintenance'] && !$this->database->query('SELECT `id`, `is_admin` FROM `users` WHERE `id` = ? LIMIT 1', [$this->session->get('user_id')])->fetch()->is_admin) {
+            throw new UnderMaintenanceException($request);
+        }
+
+        return $handler->handle($request);
+    }
+}

app/Middleware/InjectMiddleware.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Middleware;
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+
+class InjectMiddleware extends Middleware
+{
+    /**
+     * @param Request        $request
+     * @param RequestHandler $handler
+     *
+     * @return Response
+     */
+    public function __invoke(Request $request, RequestHandler $handler)
+    {
+        $this->view->getTwig()->addGlobal('customHead', $this->getSetting('custom_head'));
+
+        return $handler->handle($request);
+    }
+}

app/Middleware/LangMiddleware.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Middleware;
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+
+class LangMiddleware extends Middleware
+{
+    /**
+     * @param Request        $request
+     * @param RequestHandler $handler
+     *
+     * @return Response
+     */
+    public function __invoke(Request $request, RequestHandler $handler)
+    {
+        $forcedLang = $this->getSetting('lang');
+        if ($forcedLang !== null) {
+            $this->lang::setLang($forcedLang);
+            $request = $request->withAttribute('forced_lang', $forcedLang);
+        }
+
+        return $handler->handle($request);
+    }
+}

app/Middleware/Middleware.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace App\Middleware;
+
+use App\Controllers\Controller;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+
+abstract class Middleware extends Controller
+{
+    /**
+     * @param Request        $request
+     * @param RequestHandler $handler
+     *
+     * @return Response
+     */
+    abstract public function __invoke(Request $request, RequestHandler $handler);
+}

app/Middleware/RememberMiddleware.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace App\Middleware;
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+
+class RememberMiddleware extends Middleware
+{
+    /**
+     * @param  Request  $request
+     * @param  RequestHandler  $handler
+     *
+     * @return Response
+     * @throws \Exception
+     */
+    public function __invoke(Request $request, RequestHandler $handler)
+    {
+        if (!$this->session->get('logged', false) && !empty($request->getCookieParams()['remember'])) {
+            [$selector, $token] = explode(':', $request->getCookieParams()['remember']);
+
+            $user = $this->database->query(
+                'SELECT `id`, `username`,`is_admin`, `active`, `remember_token`, `current_disk_quota`, `max_disk_quota`, `copy_raw` FROM `users` WHERE `remember_selector` = ? AND `remember_expire` > ? LIMIT 1',
+                [$selector, date('Y-m-d\TH:i:s', time())]
+            )->fetch();
+
+            if ($user && password_verify($token, $user->remember_token) && $user->active) {
+                $this->session->set('logged', true)
+                    ->set('user_id', $user->id)
+                    ->set('username', $user->username)
+                    ->set('admin', $user->is_admin)
+                    ->set('copy_raw', $user->copy_raw);
+                $this->setSessionQuotaInfo($user->current_disk_quota, $user->max_disk_quota);
+                $this->refreshRememberCookie($user->id);
+            }
+        }
+
+        return $handler->handle($request);
+    }
+}

app/Traits/SingletonController.php

@@ -1,24 +0,0 @@
-<?php
-
-namespace App\Traits;
-
-
-use App\Controllers\Controller;
-
-trait SingletonController
-{
-	protected static $instance;
-
-	/**
-	 * Return the controller instance
-	 * @return Controller
-	 */
-	public static function instance(): Controller
-	{
-		if (static::$instance === null) {
-			static::$instance = new static();
-		}
-
-		return static::$instance;
-	}
-}

app/Web/Lang.php

@@ -0,0 +1,159 @@
+<?php
+
+namespace App\Web;
+
+class Lang
+{
+    const DEFAULT_LANG = 'en';
+    const LANG_PATH = __DIR__.'../../resources/lang/';
+
+    /** @var string */
+    protected static $langPath = self::LANG_PATH;
+
+    /** @var string */
+    protected static $lang;
+
+    /** @var Lang */
+    protected static $instance;
+
+    /** @var array */
+    protected $cache = [];
+
+    /**
+     * @return Lang
+     */
+    public static function getInstance(): self
+    {
+        if (self::$instance === null) {
+            self::$instance = new self();
+        }
+
+        return self::$instance;
+    }
+
+    /**
+     * @param string $lang
+     * @param string $langPath
+     *
+     * @return Lang
+     */
+    public static function build($lang = self::DEFAULT_LANG, $langPath = null): self
+    {
+        self::$lang = $lang;
+
+        if ($langPath !== null) {
+            self::$langPath = $langPath;
+        }
+
+        self::$instance = new self();
+
+        return self::$instance;
+    }
+
+    /**
+     * Recognize the current language from the request.
+     *
+     * @return bool|string
+     */
+    public static function recognize()
+    {
+        if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
+            return locale_accept_from_http($_SERVER['HTTP_ACCEPT_LANGUAGE']);
+        }
+
+        return self::DEFAULT_LANG;
+    }
+
+    /**
+     * @return string
+     */
+    public static function getLang(): string
+    {
+        return self::$lang;
+    }
+
+    /**
+     * @param $lang
+     */
+    public static function setLang($lang)
+    {
+        self::$lang = $lang;
+    }
+
+    /**
+     * @return array
+     */
+    public static function getList()
+    {
+        $languages = [];
+
+        $default = count(include self::$langPath.self::DEFAULT_LANG.'.lang.php') - 1;
+
+        foreach (glob(self::$langPath.'*.lang.php') as $file) {
+            $dict = include $file;
+
+            if (!is_array($dict) || !isset($dict['lang'])) {
+                continue;
+            }
+
+            $count = count($dict) - 1;
+            $percent = min(round(($count / $default) * 100), 100);
+
+            $languages[str_replace('.lang.php', '', basename($file))] = "[{$percent}%] ".$dict['lang'];
+        }
+
+        return $languages;
+    }
+
+    /**
+     * @param $key
+     * @param array $args
+     *
+     * @return string
+     */
+    public function get($key, $args = []): string
+    {
+        return $this->getString($key, self::$lang, $args);
+    }
+
+    /**
+     * @param $key
+     * @param $lang
+     * @param $args
+     *
+     * @return string
+     */
+    private function getString($key, $lang, $args): string
+    {
+        $redLang = strtolower(substr($lang, 0, 2));
+
+        if (array_key_exists($lang, $this->cache)) {
+            $transDict = $this->cache[$lang];
+        } else {
+            if (file_exists(self::$langPath.$lang.'.lang.php')) {
+                $transDict = include self::$langPath.$lang.'.lang.php';
+                $this->cache[$lang] = $transDict;
+            } else {
+                if (file_exists(self::$langPath.$redLang.'.lang.php')) {
+                    $transDict = include self::$langPath.$redLang.'.lang.php';
+                    $this->cache[$lang] = $transDict;
+                } else {
+                    $transDict = [];
+                }
+            }
+        }
+
+        if (array_key_exists($key, $transDict)) {
+            $string = @vsprintf($transDict[$key], $args);
+            if ($string !== false) {
+                return $string;
+            }
+        }
+
+        if ($lang !== self::DEFAULT_LANG) {
+            return $this->getString($key, self::DEFAULT_LANG, $args);
+        }
+
+        return $key;
+    }
+}

app/Web/Log.php

@@ -1,68 +0,0 @@
-<?php
-
-namespace App\Web;
-
-use Monolog\Formatter\LineFormatter;
-use Monolog\Handler\RotatingFileHandler;
-use Monolog\Logger;
-
-class Log
-{
-	/** @var Logger */
-	protected $logger;
-
-	/** @var Log */
-	protected static $instance;
-
-	/**
-	 * @return Log
-	 * @throws \Exception
-	 */
-	public static function instance(): Log
-	{
-		if (static::$instance === null) {
-			static::$instance = new static();
-		}
-
-		return static::$instance;
-	}
-
-	/**
-	 * Log constructor.
-	 * @throws \Exception
-	 */
-	public function __construct()
-	{
-		$this->logger = new Logger(self::class);
-
-		$streamHandler = new RotatingFileHandler(__DIR__ . '/../../logs/log.txt', 10, Logger::DEBUG);
-		$streamHandler->setFormatter(new LineFormatter("[%datetime%] %channel%.%level_name%: %message% %context% %extra%\n", "Y-m-d H:i:s", true));
-
-		$this->logger->pushHandler($streamHandler);
-	}
-
-	public static function debug(string $message, array $context = [])
-	{
-		self::instance()->logger->debug($message, $context);
-	}
-
-	public static function info(string $message, array $context = [])
-	{
-		self::instance()->logger->info($message, $context);
-	}
-
-	public static function warning(string $message, array $context = [])
-	{
-		self::instance()->logger->warning($message, $context);
-	}
-
-	public static function error(string $message, array $context = [])
-	{
-		self::instance()->logger->error($message, $context);
-	}
-
-	public static function critical(string $message, array $context = [])
-	{
-		self::instance()->logger->critical($message, $context);
-	}
-}

app/Web/Mail.php

@@ -0,0 +1,152 @@
+<?php
+
+
+namespace App\Web;
+
+use InvalidArgumentException;
+
+class Mail
+{
+    /**
+     * @var bool
+     */
+    private static $testing = false;
+
+    protected $fromMail = 'no-reply@example.com';
+    protected $fromName;
+
+    protected $to;
+
+    protected $subject;
+    protected $message;
+
+    protected $additionalHeaders = '';
+    protected $headers = '';
+
+    /**
+     * @return Mail
+     */
+    public static function make()
+    {
+        return new self();
+    }
+
+    /**
+     * This will skip the email send
+     */
+    public static function fake()
+    {
+        self::$testing = true;
+    }
+
+    /**
+     * @param $mail
+     * @param $name
+     * @return $this
+     */
+    public function from(string $mail, string $name)
+    {
+        $this->fromMail = $mail;
+        $this->fromName = $name;
+        return $this;
+    }
+
+    /**
+     * @param $mail
+     * @return $this
+     */
+    public function to(string $mail)
+    {
+        if (!filter_var($mail, FILTER_VALIDATE_EMAIL)) {
+            throw new InvalidArgumentException('Mail not valid.');
+        }
+        $this->to = "<$mail>";
+        return $this;
+    }
+
+
+    /**
+     * @param $text
+     * @return $this
+     */
+    public function subject(string $text)
+    {
+        $this->subject = $text;
+        return $this;
+    }
+
+    /**
+     * @param $text
+     * @return $this
+     */
+    public function message(string $text)
+    {
+        $this->message = $text;
+        return $this;
+    }
+
+    /**
+     * @param $header
+     * @return $this
+     */
+    public function addHeader(string $header)
+    {
+        $this->additionalHeaders .= "$header\r\n";
+        return $this;
+    }
+
+    /**
+     * @param $header
+     * @return $this
+     */
+    protected function addRequiredHeader(string $header)
+    {
+        $this->headers .= "$header\r\n";
+        return $this;
+    }
+
+    /**
+     * Set headers before send
+     */
+    protected function setHeaders()
+    {
+        if ($this->fromName === null) {
+            $this->addRequiredHeader("From: $this->fromMail");
+        } else {
+            $this->addRequiredHeader("From: $this->fromName <$this->fromMail>");
+        }
+
+        $this->addRequiredHeader('X-Mailer: PHP/'.phpversion())
+            ->addRequiredHeader('MIME-Version: 1.0')
+            ->addRequiredHeader('Content-Type: text/html; charset=utf-8');
+    }
+
+    /**
+     * @return int
+     */
+    public function send()
+    {
+        if ($this->to === null) {
+            throw new InvalidArgumentException('Target email cannot be null.');
+        }
+
+        if ($this->subject === null) {
+            throw new InvalidArgumentException('Subject cannot be null.');
+        }
+
+        if ($this->message === null) {
+            throw new InvalidArgumentException('Message cannot be null.');
+        }
+
+        $this->setHeaders();
+
+        $this->headers .= $this->additionalHeaders;
+        $message = html_entity_decode($this->message);
+
+        if (self::$testing) {
+            return 1;
+        }
+
+        return (int) mail($this->to, $this->subject, "<html><body>$message</body></html>", $this->headers);
+    }
+}

app/Web/Session.php

@@ -2,106 +2,160 @@
 
 namespace App\Web;
 
+use Exception;
 
 class Session
 {
+    /**
+     * Session constructor.
+     *
+     * @param  string  $name
+     * @param  string  $path
+     *
+     * @throws Exception
+     */
+    public function __construct(string $name, $path = '')
+    {
+        if (session_status() === PHP_SESSION_NONE) {
+            if (!is_writable($path) && $path !== '') {
+                throw new Exception("The given path '{$path}' is not writable.");
+            }
 
-	/**
-	 * Start a session if is not already started in the current context
-	 */
-	public static function init(): void
-	{
-		if (session_status() === PHP_SESSION_NONE) {
-			session_start([
-				'name' => 'xbackbone_session',
-				'save_path' => 'resources/sessions'
-			]);
-		}
-	}
+            // Workaround for php <= 7.3
+            if (PHP_VERSION_ID < 70300) {
+                $params = session_get_cookie_params();
+                session_set_cookie_params(
+                    $params['lifetime'],
+                    $params['path'].'; SameSite=Strict',
+                    $params['domain'],
+                    isSecure(),
+                    $params['httponly']
+                );
+            }
 
-	/**
-	 * Destroy the current session
-	 * @return bool
-	 */
-	public static function destroy(): bool
-	{
-		return session_destroy();
-	}
+            $started = @session_start([
+                'name' => $name,
+                'save_path' => $path,
+                'cookie_httponly' => true,
+                'gc_probability' => 25,
+                'cookie_samesite' => 'Strict', // works only for php  >= 7.3
+                'cookie_secure' => isSecure(),
+            ]);
 
-	/**
-	 * Clear all session stored values
-	 */
-	public static function clear(): void
-	{
-		self::init();
-		$_SESSION = [];
-	}
+            if (!$started) {
+                throw new Exception("Cannot start the HTTP session. The session path '{$path}' is not writable.");
+            }
+        }
+    }
 
-	/**
-	 * Check if session has a stored key
-	 * @param $key
-	 * @return bool
-	 */
-	public static function has($key): bool
-	{
-		self::init();
-		return isset($_SESSION[$key]);
-	}
+    /**
+     * @return string
+     */
+    public function getId()
+    {
+        return session_id();
+    }
 
-	/**
-	 * Get the content of the current session
-	 * @return array
-	 */
-	public static function all(): array
-	{
-		self::init();
-		return $_SESSION;
-	}
+    /**
+     * Destroy the current session.
+     *
+     * @return bool
+     */
+    public function destroy(): bool
+    {
+        return session_destroy();
+    }
 
-	/**
-	 * Returned a value given a key
-	 * @param $key
-	 * @param null $default
-	 * @return mixed
-	 */
-	public static function get($key, $default = null)
-	{
-		self::init();
-		return self::has($key) ? $_SESSION[$key] : $default;
-	}
+    /**
+     * Clear all session stored values.
+     */
+    public function clear(): Session
+    {
+        $_SESSION = [];
+        return $this;
+    }
 
-	/**
-	 * Add a key-value pair to the session
-	 * @param $key
-	 * @param $value
-	 */
-	public static function set($key, $value): void
-	{
-		self::init();
-		$_SESSION[$key] = $value;
-	}
+    /**
+     * Check if session has a stored key.
+     *
+     * @param $key
+     *
+     * @return bool
+     */
+    public function has($key): bool
+    {
+        return isset($_SESSION[$key]);
+    }
 
-	/**
-	 * Set a flash alert
-	 * @param $message
-	 * @param string $type
-	 */
-	public static function alert($message, string $type = 'info'): void
-	{
-		self::init();
-		$_SESSION['_flash'] = [$type => $message];
-	}
+    /**
+     * Get the content of the current session.
+     *
+     * @return array
+     */
+    public function all(): array
+    {
+        return $_SESSION;
+    }
 
+    /**
+     * Returned a value given a key.
+     *
+     * @param $key
+     * @param  null  $default
+     *
+     * @return mixed
+     */
+    public function get($key, $default = null)
+    {
+        return self::has($key) ? $_SESSION[$key] : $default;
+    }
 
-	/**
-	 * Retrieve flash alerts
-	 * @return array
-	 */
-	public static function getAlert()
-	{
-		$flash = self::get('_flash');
-		self::set('_flash', []);
-		return $flash;
-	}
+    /**
+     * Add a key-value pair to the session.
+     *
+     * @param $key
+     * @param $value
+     * @return Session
+     */
+    public function set($key, $value): Session
+    {
+        $_SESSION[$key] = $value;
+        return $this;
+    }
 
-}
+    /**
+     * Set a flash alert.
+     *
+     * @param $message
+     * @param  string  $type
+     * @return Session
+     */
+    public function alert($message, string $type = 'info'): Session
+    {
+        $_SESSION['_flash'][] = [$type => $message];
+        return $this;
+    }
+
+    /**
+     * Closes the current session
+     *
+     * @return bool|void
+     */
+    public function close()
+    {
+        return session_write_close();
+    }
+
+    /**
+     * Retrieve flash alerts.
+     *
+     * @return array
+     */
+    public function getAlert(): ?array
+    {
+        $flash = self::get('_flash');
+        self::set('_flash', []);
+
+        return $flash;
+    }
+}

app/Web/Theme.php

@@ -0,0 +1,67 @@
+<?php
+
+namespace App\Web;
+
+class Theme
+{
+    public const DEFAULT_THEME_URL = 'https://bootswatch.com/4/_vendor/bootstrap/dist/css/bootstrap.min.css';
+
+    /**
+     * @return array
+     */
+    public function availableThemes(): array
+    {
+        $apiJson = json_decode(file_get_contents('https://bootswatch.com/api/4.json'));
+
+        $default = [];
+        $default['Default - Bootstrap 4 default theme'] = self::DEFAULT_THEME_URL;
+
+        $bootswatch = [];
+        foreach ($apiJson->themes as $theme) {
+            $bootswatch["{$theme->name} - {$theme->description}"] = $theme->cssMin;
+        }
+
+        $apiJson = json_decode(file_get_contents('https://theme-park.dev/themes.json'));
+        $base = $apiJson->applications->xbackbone->base_css;
+
+        $themepark = [];
+        foreach ($apiJson->themes as $name => $urls) {
+            $themepark[$name] = "{$base},{$urls->url}";
+        }
+
+        return [
+            'default' => $default,
+            'bootswatch.com' => $bootswatch,
+            'theme-park.dev' => $themepark
+        ];
+    }
+
+    /**
+     * @param  string  $input
+     * @return bool
+     */
+    public function applyTheme(string $input): bool
+    {
+        [$vendor, $css] = explode('|', $input, 2);
+
+        if ($vendor === 'theme-park.dev') {
+            [$base, $theme] = explode(',', $css);
+            $data = file_get_contents(self::DEFAULT_THEME_URL).file_get_contents($base).file_get_contents($theme);
+        } else {
+            $data = file_get_contents($css ?? self::DEFAULT_THEME_URL);
+        }
+
+        return (bool) file_put_contents(
+            BASE_DIR.'static/bootstrap/css/bootstrap.min.css',
+            $data
+        );
+    }
+
+    /**
+     * @return string
+     */
+    public static function default(): string
+    {
+        return 'default|'.self::DEFAULT_THEME_URL;
+    }
+}

app/Web/UA.php

@@ -0,0 +1,55 @@
+<?php
+
+namespace App\Web;
+
+class UA
+{
+    /**
+     * bot user agent => perform link embed
+     * @var string[]
+     */
+    private static $bots = [
+        'TelegramBot' => false,
+        'facebookexternalhit/' => false,
+        'Facebot' => false,
+        'curl/' => false,
+        'wget/' => false,
+        'WhatsApp/' => false,
+        'Slack' => false,
+        'Twitterbot/' => false,
+        'discord' => true,
+        // discord image bot
+        'Mozilla/5.0 (Macintosh; Intel Mac OS X 11.6; rv:92.0) Gecko/20100101 Firefox/92.0' => true,
+        'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0' => true,
+    ];
+
+    /**
+     * @param  string  $userAgent
+     * @return bool
+     */
+    public static function isBot(string $userAgent): bool
+    {
+        foreach (self::$bots as $bot => $embedsLink) {
+            if (stripos($userAgent, $bot) !== false) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * @param  string  $userAgent
+     * @return false|string
+     */
+    public static function embedsLinks(string $userAgent)
+    {
+        foreach (self::$bots as $bot => $embedsLink) {
+            if (stripos($userAgent, $bot) !== false) {
+                return $embedsLink;
+            }
+        }
+
+        return false;
+    }
+}

app/Web/ValidationHelper.php

@@ -0,0 +1,66 @@
+<?php
+
+
+namespace App\Web;
+
+class ValidationHelper
+{
+    /**
+     * @var Session
+     */
+    protected $session;
+    /**
+     * @var bool
+     */
+    protected $failed;
+
+    /**
+     * Validator constructor.
+     * @param  Session  $session
+     */
+    public function __construct(Session $session)
+    {
+        $this->session = $session;
+
+        $this->failed = false;
+    }
+
+    public function alertIf(bool $condition, string $alert, string $type = 'danger')
+    {
+        if (!$this->failed && $condition) {
+            $this->failed = true;
+            $this->session->alert(lang($alert), $type);
+        }
+
+        return $this;
+    }
+
+    public function failIf(bool $condition)
+    {
+        if (!$this->failed && $condition) {
+            $this->failed = true;
+        }
+
+        return $this;
+    }
+
+    public function callIf(bool $condition, callable $closure)
+    {
+        if (!$this->failed && $condition) {
+            do {
+                $result = $closure($this->session);
+                if (is_callable($result)) {
+                    $closure = $result;
+                }
+            } while (!is_bool($result));
+            $this->failed = !$result;
+        }
+
+        return $this;
+    }
+
+    public function fails()
+    {
+        return $this->failed;
+    }
+}

app/Web/View.php

@@ -0,0 +1,69 @@
+<?php
+
+namespace App\Web;
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Twig\Environment;
+use Twig\Error\LoaderError;
+use Twig\Error\RuntimeError;
+use Twig\Error\SyntaxError;
+
+class View
+{
+    /**
+     * @var Environment
+     */
+    private $twig;
+
+    /**
+     * View constructor.
+     *
+     * @param Environment $twig
+     */
+    public function __construct(Environment $twig)
+    {
+        $this->twig = $twig;
+    }
+
+    /**
+     * @param Response   $response
+     * @param string     $view
+     * @param array|null $parameters
+     *
+     * @throws LoaderError
+     * @throws RuntimeError
+     * @throws SyntaxError
+     *
+     * @return Response
+     */
+    public function render(Response $response, string $view, ?array $parameters = [])
+    {
+        $body = $this->twig->render($view, $parameters);
+        $response->getBody()->write($body);
+
+        return $response;
+    }
+
+    /**
+     * @param string     $view
+     * @param array|null $parameters
+     *
+     * @throws LoaderError
+     * @throws RuntimeError
+     * @throws SyntaxError
+     *
+     * @return string
+     */
+    public function string(string $view, ?array $parameters = [])
+    {
+        return $this->twig->render($view, $parameters);
+    }
+
+    /**
+     * @return Environment
+     */
+    public function getTwig(): Environment
+    {
+        return $this->twig;
+    }
+}

app/helpers.php

@@ -0,0 +1,530 @@
+<?php
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Factory\ServerRequestCreatorFactory;
+
+if (!defined('HUMAN_RANDOM_CHARS')) {
+    define('HUMAN_RANDOM_CHARS', 'bcdfghjklmnpqrstvwxyzBCDFGHJKLMNPQRSTVWXYZaeiouAEIOU');
+}
+
+if (!function_exists('humanFileSize')) {
+    /**
+     * Generate a human readable file size.
+     *
+     * @param $size
+     * @param  int  $precision
+     *
+     * @param  bool  $iniMode
+     * @return string
+     */
+    function humanFileSize($size, $precision = 2, $iniMode = false): string
+    {
+        for ($i = 0; ($size / 1024) > 0.9; $i++, $size /= 1024) {
+        }
+
+        if ($iniMode) {
+            return round($size, $precision).['B', 'K', 'M', 'G', 'T'][$i];
+        }
+
+        return round($size, $precision).' '.['B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'][$i];
+    }
+}
+
+if (!function_exists('humanRandomString')) {
+    /**
+     * @param  int  $length
+     *
+     * @return string
+     */
+    function humanRandomString(int $length = 10): string
+    {
+        $result = '';
+        $numberOffset = round($length * 0.2);
+        for ($x = 0; $x < $length - $numberOffset; $x++) {
+            $result .= ($x % 2) ? HUMAN_RANDOM_CHARS[rand(42, 51)] : HUMAN_RANDOM_CHARS[rand(0, 41)];
+        }
+        for ($x = 0; $x < $numberOffset; $x++) {
+            $result .= rand(0, 9);
+        }
+
+        return $result;
+    }
+}
+
+if (!function_exists('isDisplayableImage')) {
+    /**
+     * @param  string  $mime
+     *
+     * @return bool
+     */
+    function isDisplayableImage(?string $mime): bool
+    {
+        return in_array($mime, [
+            'image/apng',
+            'image/bmp',
+            'image/gif',
+            'image/x-icon',
+            'image/jpeg',
+            'image/png',
+            'image/tiff',
+            'image/webp',
+        ]);
+    }
+}
+
+if (!function_exists('isEmbeddable')) {
+    /**
+     * @param  ?string  $mime
+     *
+     * @return bool
+     */
+    function isEmbeddable(?string $mime): bool
+    {
+        return in_array($mime, [
+            'image/apng',
+            'image/bmp',
+            'image/gif',
+            'image/x-icon',
+            'image/jpeg',
+            'image/png',
+            'image/tiff',
+            'image/webp',
+            'video/mp4',
+            'video/ogg',
+            'video/webm',
+        ]);
+    }
+}
+
+if (!function_exists('stringToBytes')) {
+    /**
+     * @param $str
+     *
+     * @return float
+     */
+    function stringToBytes(string $str): float
+    {
+        $val = trim($str);
+        if (is_numeric($val)) {
+            return (float) $val;
+        }
+
+        $last = strtolower($val[strlen($val) - 1]);
+        $val = substr($val, 0, -1);
+
+        $val = (float) $val;
+        switch ($last) {
+            case 't':
+                $val *= 1024;
+                // no break
+            case 'g':
+                $val *= 1024;
+                // no break
+            case 'm':
+                $val *= 1024;
+                // no break
+            case 'k':
+                $val *= 1024;
+        }
+
+        return $val;
+    }
+}
+
+if (!function_exists('removeDirectory')) {
+    /**
+     * Remove a directory and it's content.
+     *
+     * @param $path
+     */
+    function removeDirectory($path)
+    {
+        cleanDirectory($path, true);
+        rmdir($path);
+    }
+}
+
+if (!function_exists('cleanDirectory')) {
+    /**
+     * Removes all directory contents.
+     *
+     * @param $path
+     * @param  bool  $all
+     */
+    function cleanDirectory($path, $all = false)
+    {
+        $directoryIterator = new RecursiveDirectoryIterator($path, FilesystemIterator::SKIP_DOTS);
+        $iteratorIterator = new RecursiveIteratorIterator($directoryIterator, RecursiveIteratorIterator::CHILD_FIRST);
+        foreach ($iteratorIterator as $file) {
+            if ($all || $file->getFilename() !== '.gitkeep') {
+                $file->isDir() ? rmdir($file) : unlink($file);
+            }
+        }
+    }
+}
+
+if (!function_exists('resolve')) {
+    /**
+     * Resolve a service from de DI container.
+     *
+     * @param  string  $service
+     *
+     * @return mixed
+     */
+    function resolve(string $service)
+    {
+        global $app;
+
+        return $app->getContainer()->get($service);
+    }
+}
+
+if (!function_exists('make')) {
+    /**
+     * Resolve a service from de DI container.
+     *
+     * @param  string  $class
+     * @param  array  $params
+     * @return mixed
+     */
+    function make(string $class, array $params = [])
+    {
+        global $app;
+
+        return $app->getContainer()->make($class, $params);
+    }
+}
+
+if (!function_exists('view')) {
+    /**
+     * Render a view to the response body.
+     *
+     * @return \App\Web\View
+     */
+    function view()
+    {
+        return resolve('view');
+    }
+}
+
+if (!function_exists('redirect')) {
+    /**
+     * Set the redirect response.
+     *
+     * @param  Response  $response
+     * @param  string  $url
+     * @param  int  $status
+     *
+     * @return Response
+     */
+    function redirect(Response $response, string $url, $status = 302)
+    {
+        return $response
+            ->withHeader('Location', $url)
+            ->withStatus($status);
+    }
+}
+
+if (!function_exists('asset')) {
+    /**
+     * Get the asset link with timestamp.
+     *
+     * @param  string  $path
+     *
+     * @return string
+     */
+    function asset(string $path): string
+    {
+        return urlFor($path, '?'.filemtime(realpath(BASE_DIR.$path)));
+    }
+}
+
+if (!function_exists('urlFor')) {
+    /**
+     * Generate the app url given a path.
+     *
+     * @param  string  $path
+     * @param  string  $append
+     *
+     * @return string
+     */
+    function urlFor(string $path = '', string $append = ''): string
+    {
+        $baseUrl = resolve('config')['base_url'];
+
+        return $baseUrl.$path.$append;
+    }
+}
+
+if (!function_exists('route')) {
+    /**
+     * Generate the app url given a path.
+     *
+     * @param  string  $path
+     * @param  array  $args
+     * @param  string  $append
+     *
+     * @return string
+     */
+    function route(string $path, array $args = [], string $append = ''): string
+    {
+        global $app;
+        $uri = $app->getRouteCollector()->getRouteParser()->relativeUrlFor($path, $args);
+
+        return urlFor($uri, $append);
+    }
+}
+
+if (!function_exists('param')) {
+    /**
+     * Get a parameter from the request.
+     *
+     * @param  Request  $request
+     * @param  string  $name
+     * @param  null  $default
+     *
+     * @return mixed
+     */
+    function param(Request $request, string $name, $default = null)
+    {
+        if ($request->getMethod() === 'GET') {
+            $params = $request->getQueryParams();
+        } else {
+            $params = $request->getParsedBody();
+        }
+
+        return $params[$name] ?? $default;
+    }
+}
+
+if (!function_exists('json')) {
+    /**
+     * Return a json response.
+     *
+     * @param  Response  $response
+     * @param $data
+     * @param  int  $status
+     * @param  int  $options
+     *
+     * @return Response
+     */
+    function json(Response $response, $data, int $status = 200, $options = 0): Response
+    {
+        $response->getBody()->write(json_encode($data, $options));
+
+        return $response
+            ->withStatus($status)
+            ->withHeader('Content-Type', 'application/json');
+    }
+}
+
+if (!function_exists('lang')) {
+    /**
+     * @param  string  $key
+     * @param  array  $args
+     *
+     * @return string
+     */
+    function lang(string $key, $args = []): string
+    {
+        return resolve('lang')->get($key, $args);
+    }
+}
+
+if (!function_exists('mime2font')) {
+    /**
+     * Convert get the icon from the file mimetype.
+     *
+     * @param $mime
+     *
+     * @return mixed|string
+     */
+    function mime2font($mime)
+    {
+        $classes = [
+            'image' => 'fa-file-image',
+            'audio' => 'fa-file-audio',
+            'video' => 'fa-file-video',
+            'application/pdf' => 'fa-file-pdf',
+            'application/msword' => 'fa-file-word',
+            'application/vnd.ms-word' => 'fa-file-word',
+            'application/vnd.oasis.opendocument.text' => 'fa-file-word',
+            'application/vnd.openxmlformats-officedocument.wordprocessingml' => 'fa-file-word',
+            'application/vnd.ms-excel' => 'fa-file-excel',
+            'application/vnd.openxmlformats-officedocument.spreadsheetml' => 'fa-file-excel',
+            'application/vnd.oasis.opendocument.spreadsheet' => 'fa-file-excel',
+            'application/vnd.ms-powerpoint' => 'fa-file-powerpoint',
+            'application/vnd.openxmlformats-officedocument.presentationml' => 'fa-file-powerpoint',
+            'application/vnd.oasis.opendocument.presentation' => 'fa-file-powerpoint',
+            'text/plain' => 'fa-file-alt',
+            'text/html' => 'fa-file-code',
+            'text/x-php' => 'fa-file-code',
+            'application/json' => 'fa-file-code',
+            'application/gzip' => 'fa-file-archive',
+            'application/zip' => 'fa-file-archive',
+            'application/octet-stream' => 'fa-file-alt',
+        ];
+
+        foreach ($classes as $fullMime => $class) {
+            if (strpos($mime, $fullMime) === 0) {
+                return $class;
+            }
+        }
+
+        return 'fa-file';
+    }
+}
+
+if (!function_exists('dd')) {
+    /**
+     * Dumps all the given vars and halt the execution.
+     */
+    function dd()
+    {
+        array_map(function ($x) {
+            echo '<pre>';
+            print_r($x);
+            echo '</pre>';
+        }, func_get_args());
+        die();
+    }
+}
+
+if (!function_exists('queryParams')) {
+    /**
+     * Get the query parameters of the current request.
+     *
+     * @param  array  $replace
+     *
+     * @return string
+     */
+    function queryParams(array $replace = [])
+    {
+        $request = ServerRequestCreatorFactory::determineServerRequestCreator()->createServerRequestFromGlobals();
+
+        $params = array_replace_recursive($request->getQueryParams(), $replace);
+
+        return !empty($params) ? '?'.http_build_query($params) : '';
+    }
+}
+
+if (!function_exists('inPath')) {
+    /**
+     * Check if uri start with a path.
+     *
+     * @param  string  $uri
+     * @param  string  $path
+     *
+     * @return bool
+     */
+    function inPath(string $uri, string $path): bool
+    {
+        $path = parse_url(urlFor($path), PHP_URL_PATH);
+
+        return substr($uri, 0, strlen($path)) === $path;
+    }
+}
+
+if (!function_exists('glob_recursive')) {
+    /**
+     * Does not support flag GLOB_BRACE.
+     *
+     * @param $pattern
+     * @param  int  $flags
+     *
+     * @return array|false
+     */
+    function glob_recursive($pattern, $flags = 0)
+    {
+        $files = glob($pattern, $flags);
+        foreach (glob(dirname($pattern).'/*', GLOB_ONLYDIR | GLOB_NOSORT) as $dir) {
+            $files = array_merge($files, glob_recursive($dir.'/'.basename($pattern), $flags));
+        }
+
+        return $files;
+    }
+}
+
+if (!function_exists('dsnFromConfig')) {
+    /**
+     * Return the database DSN from config.
+     *
+     * @param  array  $config
+     *
+     * @return string
+     */
+    function dsnFromConfig(array $config): string
+    {
+        $dsn = $config['db']['dsn'];
+        if ($config['db']['connection'] === 'sqlite') {
+            if (getcwd() !== BASE_DIR) { // if in installer, change the working dir to the app dir
+                chdir(BASE_DIR);
+            }
+            if (file_exists($config['db']['dsn'])) {
+                $dsn = realpath($config['db']['dsn']);
+            }
+        }
+
+        return $config['db']['connection'].':'.$dsn;
+    }
+}
+
+if (!function_exists('platform_mail')) {
+    /**
+     * Return the system no-reply mail.
+     *
+     * @param  string  $mailbox
+     * @return string
+     */
+    function platform_mail($mailbox = 'no-reply'): string
+    {
+        return $mailbox.'@'.str_ireplace('www.', '', parse_url(resolve('config')['base_url'], PHP_URL_HOST));
+    }
+}
+
+if (!function_exists('must_be_escaped')) {
+    /**
+     * Return the system no-reply mail.
+     *
+     * @param $mime
+     * @return bool
+     */
+    function must_be_escaped($mime): bool
+    {
+        $mimes = [
+            'text/htm',
+            'image/svg',
+        ];
+
+        foreach ($mimes as $m) {
+            if (stripos($mime, $m) !== false) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}
+
+if (!function_exists('isSecure')) {
+    /**
+     * @return bool
+     */
+    function isSecure(): bool
+    {
+        return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
+            || (!empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] === 443);
+    }
+}
+
+if (!function_exists('glue')) {
+    /**
+     * @param  mixed  ...$pieces
+     * @return string
+     */
+    function glue(...$pieces): string
+    {
+        return '/'.implode('/', $pieces);
+    }
+}

app/routes.php

@@ -1,29 +1,93 @@
 <?php
 
-Flight::route('GET /login', [\App\Controllers\LoginController::instance(), 'show']);
-Flight::route('POST /login', [\App\Controllers\LoginController::instance(), 'login']);
-Flight::route('GET|POST /logout', [\App\Controllers\LoginController::instance(), 'logout']);
+use App\Controllers\AdminController;
+use App\Controllers\Auth\LoginController;
+use App\Controllers\Auth\PasswordRecoveryController;
+use App\Controllers\Auth\RegisterController;
+use App\Controllers\ClientController;
+use App\Controllers\DashboardController;
+use App\Controllers\ExportController;
+use App\Controllers\MediaController;
+use App\Controllers\ProfileController;
+use App\Controllers\SettingController;
+use App\Controllers\TagController;
+use App\Controllers\UpgradeController;
+use App\Controllers\UploadController;
+use App\Controllers\UserController;
+use App\Middleware\AdminMiddleware;
+use App\Middleware\AuthMiddleware;
+use App\Middleware\CheckForMaintenanceMiddleware;
+use Slim\Routing\RouteCollectorProxy;
 
-Flight::route('GET /', [\App\Controllers\DashboardController::instance(), 'redirects']);
-Flight::route('GET /home(/page/@page)', [\App\Controllers\DashboardController::instance(), 'home']);
-Flight::route('GET /system', [\App\Controllers\DashboardController::instance(), 'system']);
+global $app;
+$app->group('', function (RouteCollectorProxy $group) {
+    $group->get('/home[/page/{page}]', [DashboardController::class, 'home'])->setName('home');
+    $group->get('/upload', [UploadController::class, 'uploadWebPage'])->setName('upload.web.show');
+    $group->post('/upload/web', [UploadController::class, 'uploadWeb'])->setName('upload.web');
+    $group->get('/home/switchView', [DashboardController::class, 'switchView'])->setName('switchView');
 
-Flight::route('GET /users(/page/@page)', [\App\Controllers\UserController::instance(), 'index']);
-Flight::route('GET /user/add', [\App\Controllers\UserController::instance(), 'create']);
-Flight::route('POST /user/add', [\App\Controllers\UserController::instance(), 'store']);
-Flight::route('GET /user/@id/edit', [\App\Controllers\UserController::instance(), 'edit']);
-Flight::route('POST /user/@id', [\App\Controllers\UserController::instance(), 'update']);
-Flight::route('GET /user/@id/delete', [\App\Controllers\UserController::instance(), 'delete']);
-Flight::route('GET /profile', [\App\Controllers\UserController::instance(), 'profile']);
-Flight::route('POST /profile/@id/edit', [\App\Controllers\UserController::instance(), 'profileEdit']);
-Flight::route('POST /user/@id/refreshToken', [\App\Controllers\UserController::instance(), 'refreshToken']);
-Flight::route('GET /user/@id/config/sharex', [\App\Controllers\UserController::instance(), 'getShareXconfigFile']);
+    $group->group('', function (RouteCollectorProxy $group) {
+        $group->get('/system/deleteOrphanFiles', [AdminController::class, 'deleteOrphanFiles'])->setName('system.deleteOrphanFiles');
+        $group->get('/system/recalculateUserQuota', [AdminController::class, 'recalculateUserQuota'])->setName('system.recalculateUserQuota');
 
-Flight::route('POST /upload', [\App\Controllers\UploadController::instance(), 'upload']);
-Flight::route('POST /upload/@id/publish', [\App\Controllers\UploadController::instance(), 'togglePublish']);
-Flight::route('POST /upload/@id/unpublish', [\App\Controllers\UploadController::instance(), 'togglePublish']);
-Flight::route('GET /upload/@id/raw', [\App\Controllers\UploadController::instance(), 'getRawById']);
-Flight::route('POST /upload/@id/delete', [\App\Controllers\UploadController::instance(), 'delete']);
-Flight::route('GET /@userCode/@filename', [\App\Controllers\UploadController::instance(), 'show']);
-Flight::route('GET /@userCode/@filename/raw', [\App\Controllers\UploadController::instance(), 'showRaw']);
-Flight::route('GET /@userCode/@filename/download', [\App\Controllers\UploadController::instance(), 'download']);
+        $group->get('/system/themes', [AdminController::class, 'getThemes'])->setName('theme');
+
+        $group->post('/system/settings/save', [SettingController::class, 'saveSettings'])->setName('settings.save');
+
+        $group->post('/system/upgrade', [UpgradeController::class, 'upgrade'])->setName('system.upgrade');
+        $group->get('/system/checkForUpdates', [UpgradeController::class, 'checkForUpdates'])->setName('system.checkForUpdates');
+        $group->get('/system/changelog', [UpgradeController::class, 'changelog'])->setName('system.changelog');
+
+        $group->get('/system', [AdminController::class, 'system'])->setName('system');
+
+        $group->get('/users[/page/{page}]', [UserController::class, 'index'])->setName('user.index');
+    })->add(AdminMiddleware::class);
+
+    $group->group('/user', function (RouteCollectorProxy $group) {
+        $group->get('/create', [UserController::class, 'create'])->setName('user.create');
+        $group->post('/create', [UserController::class, 'store'])->setName('user.store');
+        $group->get('/{id}/edit', [UserController::class, 'edit'])->setName('user.edit');
+        $group->post('/{id}', [UserController::class, 'update'])->setName('user.update');
+        $group->get('/{id}/delete', [UserController::class, 'delete'])->setName('user.delete');
+        $group->get('/{id}/clear', [UserController::class, 'clearUserMedia'])->setName('user.clear');
+    })->add(AdminMiddleware::class);
+
+    $group->get('/profile', [ProfileController::class, 'profile'])->setName('profile');
+    $group->post('/profile/{id}', [ProfileController::class, 'profileEdit'])->setName('profile.update');
+    $group->post('/user/{id}/refreshToken', [UserController::class, 'refreshToken'])->setName('refreshToken');
+    $group->get('/user/{id}/config/sharex', [ClientController::class, 'getShareXConfig'])->setName('config.sharex');
+    $group->get('/user/{id}/config/script', [ClientController::class, 'getBashScript'])->setName('config.script');
+    $group->get('/user/{id}/config/kde_script', [ClientController::class, 'getKDEScript'])->setName('kde_config.script');
+
+    $group->get('/user/{id}/export', [ExportController::class, 'downloadData'])->setName('export.data');
+
+    $group->post('/upload/{id}/publish', [MediaController::class, 'togglePublish'])->setName('upload.publish');
+    $group->post('/upload/{id}/unpublish', [MediaController::class, 'togglePublish'])->setName('upload.unpublish');
+    $group->post('/upload/{id}/vanity', [MediaController::class, 'createVanity'])->setName('upload.vanity');
+    $group->get('/upload/{id}/raw', [MediaController::class, 'getRawById'])->add(AdminMiddleware::class)->setName('upload.raw');
+    $group->map(['GET', 'POST'], '/upload/{id}/delete', [MediaController::class, 'delete'])->setName('upload.delete');
+
+    $group->post('/tag/add', [TagController::class, 'addTag'])->setName('tag.add');
+    $group->post('/tag/remove', [TagController::class, 'removeTag'])->setName('tag.remove');
+})->add(App\Middleware\CheckForMaintenanceMiddleware::class)->add(AuthMiddleware::class);
+
+$app->get('/', [DashboardController::class, 'redirects'])->setName('root');
+$app->get('/register', [RegisterController::class, 'registerForm'])->setName('register.show');
+$app->post('/register', [RegisterController::class, 'register'])->setName('register');
+$app->get('/activate/{activateToken}', [RegisterController::class, 'activateUser'])->setName('activate');
+$app->get('/recover', [PasswordRecoveryController::class, 'recover'])->setName('recover');
+$app->post('/recover/mail', [PasswordRecoveryController::class, 'recoverMail'])->setName('recover.mail');
+$app->get('/recover/password/{resetToken}', [PasswordRecoveryController::class, 'recoverPasswordForm'])->setName('recover.password.view');
+$app->post('/recover/password/{resetToken}', [PasswordRecoveryController::class, 'recoverPassword'])->setName('recover.password');
+$app->get('/login', [LoginController::class, 'show'])->setName('login.show');
+$app->post('/login', [LoginController::class, 'login'])->setName('login');
+$app->map(['GET', 'POST'], '/logout', [LoginController::class, 'logout'])->setName('logout');
+
+$app->post('/upload', [UploadController::class, 'uploadEndpoint'])->setName('upload');
+
+$app->get('/user/{token}/config/screencloud', [ClientController::class, 'getScreenCloudConfig'])->setName('config.screencloud')->add(CheckForMaintenanceMiddleware::class);
+$app->get('/{userCode}/{mediaCode}', [MediaController::class, 'show'])->setName('public');
+$app->get('/{userCode}/{mediaCode}/delete/{token}', [MediaController::class, 'show'])->setName('public.delete.show')->add(CheckForMaintenanceMiddleware::class);
+$app->post('/{userCode}/{mediaCode}/delete/{token}', [MediaController::class, 'deleteByToken'])->setName('public.delete')->add(CheckForMaintenanceMiddleware::class);
+$app->get('/{userCode}/{mediaCode}/raw[.{ext}]', [MediaController::class, 'getRaw'])->setName('public.raw');
+$app->get('/{userCode}/{mediaCode}/download', [MediaController::class, 'download'])->setName('public.download');

bin/clean

@@ -1,35 +1,24 @@
 #!/usr/bin/env php
 <?php
-
-require 'vendor/autoload.php';
-
-if (php_sapi_name() !== 'cli') {
+((PHP_MAJOR_VERSION >= 7 && PHP_MINOR_VERSION >= 3) || PHP_MAJOR_VERSION > 7) ?: die('Sorry, PHP 7.3 or above is required to run XBackBone.');
+if (PHP_SAPI !== 'cli') {
 	die();
 }
 
-function cleanDir($path)
-{
-	$directoryIterator = new RecursiveDirectoryIterator($path, FilesystemIterator::SKIP_DOTS);
-	$iteratorIterator = new RecursiveIteratorIterator($directoryIterator, RecursiveIteratorIterator::CHILD_FIRST);
-	foreach ($iteratorIterator as $file) {
-		if ($file->getFilename() !== '.gitkeep') {
-			$file->isDir() ? rmdir($file) : unlink($file);
-		}
-	}
-}
+require __DIR__ . '/../vendor/autoload.php';
 
 $action = isset($argv[1]) ? $argv[1] : 'all';
 
 switch ($action) {
 	case 'cache':
-		cleanDir('resources/cache');
+		cleanDirectory(__DIR__ . '/../resources/cache');
 		break;
 	case 'sessions':
-		cleanDir('resources/sessions');
+		cleanDirectory(__DIR__ . '/../resources/sessions');
 		break;
 	case 'all':
-		cleanDir('resources/cache');
-		cleanDir('resources/sessions');
+		cleanDirectory(__DIR__ . '/../resources/cache');
+		cleanDirectory(__DIR__ . '/../resources/sessions');
 		break;
 	case 'help':
 	default:

bin/migrate

@@ -1,89 +1,45 @@
 #!/usr/bin/env php
 <?php
-
-use App\Database\DB;
-
-require 'vendor/autoload.php';
-
-if (php_sapi_name() !== 'cli') {
-	die();
+((PHP_MAJOR_VERSION >= 7 && PHP_MINOR_VERSION >= 3) || PHP_MAJOR_VERSION > 7) ?: die('Sorry, PHP 7.3 or above is required to run XBackBone.');
+if (PHP_SAPI !== 'cli') {
+    die();
 }
 
-$config = include 'config.php';
+use App\Database\Migrator;
+use DI\ContainerBuilder;
+
+require __DIR__.'/../vendor/autoload.php';
+
+define('BASE_DIR', realpath(__DIR__.'/../').DIRECTORY_SEPARATOR);
+
+$config = include __DIR__.'/../config.php';
 
 if (!$config) {
-	die('config.php not found. Please create a new one.');
+    die('config.php not found. Please create a new one.');
 }
 
-DB::setDsn($config['db']['connection'] . ':' . $config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+chdir(BASE_DIR);
 
-$firstMigrate = false;
-if (!file_exists($config['db']['dsn']) && DB::driver() === 'sqlite') {
-	touch($config['db']['dsn']);
-	$firstMigrate = true;
-}
+$builder = new ContainerBuilder();
+$builder->addDefinitions(BASE_DIR.'bootstrap/container.php');
 
-try {
-	DB::query('SELECT 1 FROM `migrations` LIMIT 1');
-} catch (PDOException $exception) {
-	$firstMigrate = true;
-}
+$container = $builder->build();
+$container->set('config', $config);
 
-echo 'Connected.' . PHP_EOL;
+$db = $container->get('database');
 
-if ($firstMigrate) {
-	echo 'Creating migrations table...' . PHP_EOL;
-	DB::raw()->exec(file_get_contents('resources/schemas/migrations.sql'));
-}
-
-$files = glob('resources/schemas/' . DB::driver() . '/*.sql');
-
-$names = array_map(function ($path) {
-	return basename($path);
-}, $files);
-
-$in = str_repeat('?, ', count($names) - 1) . '?';
-
-$inMigrationsTable = DB::query("SELECT * FROM `migrations` WHERE `name` IN ($in)", $names)->fetchAll();
-
-
-foreach ($files as $file) {
-
-	$continue = false;
-	$exists = false;
-
-	foreach ($inMigrationsTable as $migration) {
-		if (basename($file) === $migration->name && $migration->migrated) {
-			$continue = true;
-			break;
-		} elseif (basename($file) === $migration->name && !$migration->migrated) {
-			$exists = true;
-			break;
-		}
-	}
-	if ($continue) continue;
-
-	$sql = file_get_contents($file);
-	try {
-		DB::raw()->exec($sql);
-		if (!$exists) {
-			DB::query('INSERT INTO `migrations` VALUES (?,?)', [basename($file), 1]);
-		} else {
-			DB::query('UPDATE `migrations` SET `migrated`=? WHERE `name`=?', [1, basename($file)]);
-		}
-		echo "Migrated '$file'" . PHP_EOL;
-	} catch (PDOException $exception) {
-		if (!$exists) {
-			DB::query('INSERT INTO `migrations` VALUES (?,?)', [basename($file), 0]);
-		}
-		echo "Error migrating '$file' (" . $exception->getMessage() . ')' . PHP_EOL;
-		echo $exception->getTraceAsString() . PHP_EOL;
-
-	}
-}
+$migrator = new Migrator($db, 'resources/schemas');
+$migrator->migrate();
+$migrator->reSyncQuotas($container->get('storage'));
 
 if (isset($argv[1]) && $argv[1] === '--install') {
-	DB::query("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES ('admin@example.com', 'admin', ?, 1, ?)", [password_hash('admin', PASSWORD_DEFAULT), substr(md5(microtime()), rand(0, 26), 5)]);
+    $db->query("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES ('admin@example.com', 'admin', ?, 1, ?)", [password_hash('admin', PASSWORD_DEFAULT), humanRandomString(5)]);
 }
 
-echo 'Done.' . PHP_EOL;
+if (file_exists(__DIR__.'/../install') && (!isset($config['debug']) || !$config['debug'])) {
+    removeDirectory(__DIR__.'/../install');
+}
+
+echo 'If you are upgrading from a previous version, please run a "php bin' . DIRECTORY_SEPARATOR . 'clean".'.PHP_EOL;
+echo 'Done.'.PHP_EOL;
+exit(0);

bin/theme

@@ -1,29 +0,0 @@
-#!/usr/bin/env php
-<?php
-
-require 'vendor/autoload.php';
-
-if (php_sapi_name() !== 'cli') {
-	die();
-}
-
-$json = json_decode(file_get_contents('https://bootswatch.com/api/4.json'));
-
-if (!isset($argv[1])) {
-	echo 'Usage: php bin\\theme <theme-name>' . PHP_EOL;
-	echo 'Here a list of available Bootswatch themes:' . PHP_EOL;
-}
-
-foreach ($json->themes as $theme) {
-	if (isset($argv[1]) && strtolower($argv[1]) === strtolower($theme->name)) {
-        file_put_contents('static/bootstrap/css/bootstrap.min.css', file_get_contents($theme->cssMin));
-		echo "Installed theme {$theme->name}." . PHP_EOL;
-		break;
-	}
-
-	if (!isset($argv[1])) {
-		echo "  - {$theme->name} ({$theme->description})[Preview: {$theme->preview}]" . PHP_EOL;
-	}
-}
-
-exit(0);

bootstrap/app.php

@@ -1,83 +1,121 @@
 <?php
 
-use App\Database\DB;
+use App\Exceptions\Handlers\AppErrorHandler;
+use App\Exceptions\Handlers\Renderers\HtmlErrorRenderer;
+use App\Factories\ViewFactory;
+use App\Middleware\InjectMiddleware;
+use App\Middleware\LangMiddleware;
+use App\Middleware\RememberMiddleware;
+use App\Web\Session;
+use App\Web\View;
+use DI\Bridge\Slim\Bridge;
+use DI\ContainerBuilder;
+use Psr\Container\ContainerInterface as Container;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
+use function DI\factory;
+use function DI\get;
+
+if (!file_exists(CONFIG_FILE) && is_dir(BASE_DIR.'install/')) {
+    header('Location: ./install/');
+    exit();
+}
+
+if (!file_exists(CONFIG_FILE) && !is_dir(BASE_DIR.'install/')) {
+    exit('Cannot find the config file.');
+}
 
 // Load the config
 $config = array_replace_recursive([
-	'app_name' => 'XBackBone',
-	'base_url' => isset($_SERVER['HTTPS']) ? 'https://' . $_SERVER['HTTP_HOST'] : 'http://' . $_SERVER['HTTP_HOST'],
-	'storage_dir' => 'storage',
-	'debug' => false,
-	'db' => [
-		'connection' => 'sqlite',
-		'dsn' => 'resources/database/xbackbone.db',
-		'username' => null,
-		'password' => null,
-	],
-], require 'config.php');
+    'app_name' => 'XBackBone',
+    'base_url' => isSecure() ? 'https://'.$_SERVER['HTTP_HOST'] : 'http://'.$_SERVER['HTTP_HOST'],
+    'debug' => false,
+    'maintenance' => false,
+    'db' => [
+        'connection' => 'sqlite',
+        'dsn' => BASE_DIR.implode(DIRECTORY_SEPARATOR, ['resources', 'database', 'xbackbone.db']),
+        'username' => null,
+        'password' => null,
+    ],
+    'storage' => [
+        'driver' => 'local',
+        'path' => realpath(__DIR__.'/').DIRECTORY_SEPARATOR.'storage',
+    ],
+    'ldap' => [
+        'enabled' => false,
+        'host' => null,
+        'port' => null,
+        'base_domain' => null,
+        'user_domain' => null,
+    ],
+], require CONFIG_FILE);
 
-// Set flight parameters
-Flight::set('flight.base_url', $config['base_url']);
-Flight::set('flight.log_errors', false);
-Flight::set('config', $config);
+$builder = new ContainerBuilder();
 
-// Set the database dsn
-DB::setDsn($config['db']['connection'] . ':' . $config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+if (!$config['debug']) {
+    $builder->enableCompilation(BASE_DIR.'/resources/cache/di');
+    $builder->writeProxiesToFile(true, BASE_DIR.'/resources/cache/di');
+}
 
-// Register the Twig instance
-Flight::register('view', 'Twig_Environment',
-	[new Twig_Loader_Filesystem('resources/templates'),
-		[
-			'cache' => 'resources/cache',
-			'autoescape' => 'html',
-			'debug' => $config['debug'],
-			'auto_reload' => $config['debug'],
-		]
-	]
-);
+$builder->addDefinitions([
+    Session::class => factory(function () {
+        return new Session('xbackbone_session', BASE_DIR.'resources/sessions');
+    }),
+    'session' => get(Session::class),
+    View::class => factory(function (Container $container) {
+        return ViewFactory::createAppInstance($container);
+    }),
+    'view' => get(View::class),
+]);
 
-// Redirect back helper
-Flight::register('redirectBack', function () {
-	Flight::redirect(Flight::request()->referrer);
+$builder->addDefinitions(__DIR__.'/container.php');
+
+global $app;
+$app = Bridge::create($builder->build());
+$app->getContainer()->set('config', $config);
+$app->setBasePath(parse_url($config['base_url'], PHP_URL_PATH) ?: '');
+
+if (!$config['debug']) {
+    $app->getRouteCollector()->setCacheFile(BASE_DIR.'resources/cache/routes.cache.php');
+}
+
+$app->add(InjectMiddleware::class);
+$app->add(LangMiddleware::class);
+$app->add(RememberMiddleware::class);
+
+// Permanently redirect paths with a trailing slash to their non-trailing counterpart
+$app->add(function (Request $request, RequestHandler $handler) use (&$app, &$config) {
+    $uri = $request->getUri();
+    $path = $uri->getPath();
+
+    if ($path !== $app->getBasePath().'/' && substr($path, -1) === '/') {
+        // permanently redirect paths with a trailing slash
+        // to their non-trailing counterpart
+        $uri = $uri->withPath(substr($path, 0, -1));
+
+        if ($request->getMethod() === 'GET') {
+            return $app->getResponseFactory()
+                ->createResponse(301)
+                ->withHeader('Location', (string) $uri);
+        } else {
+            $request = $request->withUri($uri);
+        }
+    }
+
+    return $handler->handle($request);
 });
 
-// Map the render call to the Twig view instance
-Flight::map('render', function (string $template, array $data = []) use (&$config) {
-	Flight::view()->addGlobal('config', $config);
-	Flight::view()->addGlobal('request', Flight::request());
-	Flight::view()->addGlobal('alerts', App\Web\Session::getAlert());
-	Flight::view()->addGlobal('session', App\Web\Session::all());
-	Flight::view()->addGlobal('PLATFORM_VERSION', PLATFORM_VERSION);
-	Flight::view()->display($template, $data);
-});
+$app->addRoutingMiddleware();
 
-// The application error handler
-Flight::map('error', function (Exception $exception) {
-	if ($exception instanceof \App\Exceptions\AuthenticationException) {
-		Flight::redirect('/login');
-		return;
-	}
+// Configure the error handler
+$errorHandler = new AppErrorHandler($app->getCallableResolver(), $app->getResponseFactory());
+$errorHandler->registerErrorRenderer('text/html', HtmlErrorRenderer::class);
 
-	if ($exception instanceof \App\Exceptions\UnauthorizedException) {
-		Flight::response()->status(403);
-		Flight::render('errors/403.twig');
-		return;
-	}
-
-	if ($exception instanceof \App\Exceptions\NotFoundException) {
-		Flight::response()->status(404);
-		Flight::render('errors/404.twig');
-		return;
-	}
-
-	Flight::response()->status(500);
-	\App\Web\Log::critical('Fatal error during app execution', [$exception->getTraceAsString()]);
-	Flight::render('errors/500.twig', ['exception' => $exception]);
-});
-
-Flight::map('notFound', function () {
-	Flight::render('errors/404.twig');
-});
+// Add Error Middleware
+$errorMiddleware = $app->addErrorMiddleware($config['debug'], false, true);
+$errorMiddleware->setDefaultErrorHandler($errorHandler);
 
 // Load the application routes
-require 'app/routes.php';
+require BASE_DIR.'app/routes.php';
+
+return $app;

bootstrap/container.php

@@ -0,0 +1,113 @@
+<?php
+
+use App\Database\DB;
+use App\Web\Lang;
+use Aws\S3\S3Client;
+use League\Flysystem\Cached\CachedAdapter;
+use League\Flysystem\Cached\Storage\Adapter;
+use function DI\factory;
+use function DI\get;
+use Google\Cloud\Storage\StorageClient;
+use League\Flysystem\Adapter\Ftp as FtpAdapter;
+use League\Flysystem\Adapter\Local;
+use League\Flysystem\AwsS3v3\AwsS3Adapter;
+use League\Flysystem\AzureBlobStorage\AzureBlobStorageAdapter;
+use MicrosoftAzure\Storage\Blob\BlobRestProxy;
+use League\Flysystem\Filesystem;
+use Monolog\Formatter\LineFormatter;
+use Monolog\Handler\RotatingFileHandler;
+use Monolog\Logger;
+use Psr\Container\ContainerInterface as Container;
+use Spatie\Dropbox\Client as DropboxClient;
+use Spatie\FlysystemDropbox\DropboxAdapter;
+use Superbalist\Flysystem\GoogleStorage\GoogleStorageAdapter;
+
+return [
+    Logger::class => factory(function () {
+        $logger = new Logger('app');
+
+        $streamHandler = new RotatingFileHandler(BASE_DIR.'logs/log.txt', 10, Logger::DEBUG);
+
+        $lineFormatter = new LineFormatter("[%datetime%] %channel%.%level_name%: %message% %context% %extra%\n", 'Y-m-d H:i:s');
+        $lineFormatter->includeStacktraces(true);
+
+        $streamHandler->setFormatter($lineFormatter);
+
+        $logger->pushHandler($streamHandler);
+
+        return $logger;
+    }),
+    'logger' => get(Logger::class),
+
+    DB::class => factory(function (Container $container) {
+        $config = $container->get('config');
+
+        return new DB(dsnFromConfig($config), $config['db']['username'], $config['db']['password']);
+    }),
+    'database' => get(DB::class),
+
+    Filesystem::class => factory(function (Container $container) {
+        $config = $container->get('config');
+        $driver = $config['storage']['driver'];
+        if ($driver === 'local') {
+            return new Filesystem(new Local($config['storage']['path']));
+        } elseif ($driver === 's3') {
+            $client = new S3Client([
+                'credentials' => [
+                    'key' => $config['storage']['key'],
+                    'secret' => $config['storage']['secret'],
+                ],
+                'region' => $config['storage']['region'],
+                'endpoint' => $config['storage']['endpoint'],
+                'version' => 'latest',
+                'use_path_style_endpoint' => $config['storage']['use_path_style_endpoint'] ?? false,
+                '@http' => ['stream' => true],
+            ]);
+
+            $adapter = new AwsS3Adapter($client, $config['storage']['bucket'], $config['storage']['path']);
+        } elseif ($driver === 'dropbox') {
+            $client = new DropboxClient($config['storage']['token']);
+
+            $adapter = new DropboxAdapter($client);
+        } elseif ($driver === 'ftp') {
+            $adapter = new FtpAdapter([
+                'host' => $config['storage']['host'],
+                'username' => $config['storage']['username'],
+                'password' => $config['storage']['password'],
+                'port' => $config['storage']['port'],
+                'root' => $config['storage']['path'],
+                'passive' => $config['storage']['passive'],
+                'ssl' => $config['storage']['ssl'],
+                'timeout' => 30,
+            ]);
+        } elseif ($driver === 'google-cloud') {
+            $client = new StorageClient([
+                'projectId' => $config['storage']['project_id'],
+                'keyFilePath' => $config['storage']['key_path'],
+            ]);
+
+            $adapter = new GoogleStorageAdapter($client, $client->bucket($config['storage']['bucket']));
+        } elseif ($driver === 'azure') {
+            $client = BlobRestProxy::createBlobService(
+                sprintf(
+                    'DefaultEndpointsProtocol=https;AccountName=%s;AccountKey=%s;',
+                    $config['storage']['account_name'],
+                    $config['storage']['account_key']
+                )
+            );
+
+            $adapter = new AzureBlobStorageAdapter($client, $config['storage']['container_name']);
+        } else {
+            throw new InvalidArgumentException('The driver specified is not supported.');
+        }
+
+        $cache = new Adapter(new Local(BASE_DIR.'resources/cache/fs'), 'file', 300); // 5min
+        return new Filesystem(new CachedAdapter($adapter, $cache));
+    }),
+    'storage' => get(Filesystem::class),
+
+    Lang::class => factory(function () {
+        return Lang::build(Lang::recognize(), BASE_DIR.'resources/lang/');
+    }),
+    'lang' => get(Lang::class),
+];

composer.json

@@ -1,28 +1,59 @@
 {
   "name": "sergix44/xbackbone",
-  "version": "1.3",
+  "license": "AGPL-3.0-only",
+  "version": "3.7.0",
   "description": "A lightweight ShareX PHP backend",
   "type": "project",
   "require": {
-    "mikecao/flight": "^1.3",
-    "league/flysystem": "^1.0.45",
-    "twig/twig": "~2.0",
-    "monolog/monolog": "^1.23",
-    "php": ">=7.1",
-    "ext-json": "*",
+    "php": ">=7.3",
+    "ext-filter": "*",
     "ext-gd": "*",
-    "ext-pdo": "*"
+    "ext-intl": "*",
+    "ext-json": "*",
+    "ext-pdo": "*",
+    "ext-zip": "*",
+    "erusev/parsedown": "^1.7",
+    "intervention/image": "^2.6",
+    "league/flysystem": "^1.1.4",
+    "league/flysystem-aws-s3-v3": "^1.0",
+    "league/flysystem-cached-adapter": "^1.1",
+    "maennchen/zipstream-php": "^2.0",
+    "monolog/monolog": "^1.23",
+    "php-di/slim-bridge": "^3.0",
+    "sapphirecat/slim4-http-interop-adapter": "^1.0",
+    "slim/psr7": "^1.5",
+    "slim/slim": "^4.0",
+    "spatie/flysystem-dropbox": "^1.0",
+    "superbalist/flysystem-google-storage": "^7.2",
+    "twig/twig": "^2.14"
+  },
+  "config": {
+    "optimize-autoloader": true,
+    "preferred-install": "dist",
+    "sort-packages": true,
+    "platform": {
+      "php": "7.3.33"
+    }
   },
   "autoload": {
+    "files": [
+      "app/helpers.php"
+    ],
     "psr-4": {
       "App\\": "app/"
     }
   },
-  "extra": {
-    "violinist": {
-      "allow_updates_beyond_constraint": 1,
-      "blacklist": [],
-      "update_with_dependencies": 1
+  "autoload-dev": {
+    "psr-4": {
+      "Tests\\": "tests/"
     }
+  },
+  "minimum-stability": "dev",
+  "prefer-stable": true,
+  "require-dev": {
+    "roave/security-advisories": "dev-latest",
+    "phpstan/phpstan": "^0.11.5",
+    "phpunit/phpunit": "^9.0",
+    "symfony/dom-crawler": "^4.4"
   }
 }

config.example.php

@@ -1,11 +1,15 @@
 <?php
+
 return [
-	'base_url' => 'http://localhost',
-	'storage_dir' => 'storage',
-	'db' => [
-		'connection' => 'sqlite',
-		'dsn' => 'resources/database/xbackbone.db',
-		'username' => null,
-		'password' => null,
-	]
+    'base_url' => 'https://localhost', // no trailing slash
+    'db'       => [
+        'connection' => 'sqlite',
+        'dsn'        => realpath(__DIR__).'/resources/database/xbackbone.db',
+        'username'   => null,
+        'password'   => null,
+    ],
+    'storage' => [
+        'driver' => 'local',
+        'path'   => realpath(__DIR__).'/storage',
+    ],
 ];

docs/CNAME

@@ -0,0 +1 @@
+xbackbone.app

docs/_config.yml

@@ -0,0 +1,8 @@
+remote_theme: pmarsceill/just-the-docs
+logo: "img/xbackbone.png"
+title: "XBackBone"
+aux_links:
+  "Star me on GitHub":
+    - "//github.com/SergiX44/XBackBone"
+footer_content: "Copyright &copy; 2020 Sergio Brighenti. Distributed under <a href=\"https://github.com/SergiX44/XBackBone/blob/master/LICENSE\">AGPL v3.0 license.</a>"
+ga_tracking: UA-55470316-7

docs/_includes/head_custom.html

@@ -0,0 +1 @@
+<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1835087833720665" crossorigin="anonymous"></script>

docs/ads.txt

@@ -0,0 +1 @@
+google.com, pub-1835087833720665, DIRECT, f08c47fec0942fa0

docs/basic_usage.md

@@ -0,0 +1,31 @@
+---
+layout: default
+title: Basic Usage
+nav_order: 6
+---
+
+# Basic Usage
+
+## Users
+Some functions that every user that use XBackBone should know:
++ You can hide/publish every upload, once it's hidden, it's visible only by yourself.
++ You can download your ShareX configuration file from your profile page.
++ You can upload files directly from the upload page.
++ You can change you upload token anytime.
++ You can export all your uploads in a single zip files in your profile page.
++ (`v3.1`+) With the right click on the uploaded media, you can select them, and then remove them in bulk.
++ (`v3.1`+) You can add additional tag to your uploads, clicking on the **+** button on the media.
++ (`v3.1`+) You can add you can delete tags, by right-click on them.
++ (`v3.1`+) You can choose in your profile options if hide the uploads by default.
++ (`v3.1`+) You can choose in your profile options if always copy the raw url (from the web interface).
+
+## Administrator
+In addition, from the system page, and administrator can:
++ Perform maintenance actions.
++ Change theme.
++ Force system languages.
++ Enabled recaptcha.
++ Enable user disk quota.
++ ... and more.
+
+In the users page, it can add/remove users, and edit per user configurations.

docs/changelog.md

@@ -0,0 +1,451 @@
+---
+layout: default
+title: Changelog
+nav_order: 9
+---
+# Changelog
+
+## [3.7.0] - 2024-01-14
+### Added
+- Added support for vanity urls.
+- Added KDE integration for linux script.
+
+### Changed
+- Updated translations.
+- File preview is now clickable to open the file.
+
+### Fixed
+- Fixes for LDAP authentication.
+
+## [3.6.3] - 2023-05-27
+### Fixed
+- Fix LDAP for php >= 8.1
+
+## [3.6.2] - 2023-05-24
+### Changed
+- Support for PHP 8.2
+
+### Removed
+- Azure blob storage driver
+
+## [3.6.1] - 2022-11-27
+### Changed
+- Upgraded dependencies
+- Updated translations
+
+### Fixed
+- Fixed error in export data (#499)
+- Fixed issues with reverse proxies (#495)
+- Fixed duplicated twitter tags (#496)
+
+## [3.6.0] - 2022-06-20
+### Changed
+- Improved embedding on discord of large videos.
+- Releases are now compressed for faster downloads
+- Updated translations
+
+### Fixed
+- Fixed deprecation notices on php >= 8
+- Fixed embed UA for Discord.
+- Fixed error with post_max_size = 0
+
+### Removed
+- Support for php 7.2
+
+## [3.5.1] - 2021-10-22
+### Changed
+- Fixed embed UA for Discord.
+- Updated translations.
+
+## [3.5.0] - 2021-09-05
+### Added
+- Support for theme-park.dev themes.
+- Updated translations.
+
+### Fixed
+- Wrong css when reapplying the default theme.
+
+### Removed
+- Dropped theme cli command.
+
+
+## [3.4.1] - 2021-08-11
+### Added
+- Toggle to disable embeds.
+
+### Changed
+- Raw url copying now contains also the file extension.
+
+## [3.4.0] - 2021-08-01
+### Added
+- Added image support for OG for Discord only.
+
+### Changed
+- Updated translations.
+- Dropped support for PHP 7.1
+
+### Fixed
+- Fixed possible XSS and CSRF attacks.
+
+## [3.3.5] - 2021-04-25
+### Fixed
+- Removed OG integration for discord.
+
+### Changed
+- Updated translations.
+
+## [3.3.4] - 2021-03-07
+### Added
+- Login failed logging.
+- User identifier option for LDAP configurations.
+
+### Fixed
+- Fixed open graph meta tags for Discord.
+- Fixed custom html tags are not displayed back in the admin setting.
+- Fixed python plugin for newer version of Screencloud.
+- Fixed accented chars in email subject.
+- Fixed error on PHP 8.
+
+## [3.3.3] - 2020-11-13
+### Fixed
+- Fixed issue with responsive menu on mobile.
+
+## [3.3.2] - 2020-11-12
+### Fixed
+- Fixed switch not works for the first time for normal users.
+
+## [3.3.1] - 2020-11-12
+### Fixed
+- Formatting error on the check for updates.
+- Fixed default view for normal users.
+
+## [3.3.0] - 2020-11-12
+### Added
+- Enabled PHP 8 support.
+- Added Screencloud client support (https://screencloud.net).
+- OpenGraph image tag (issue #269).
+- Start adding unit tests.
+
+### Changed
+- The list mode is now available also for non-admin accounts (issue #226).
+
+### Fixed
+- Linux script strange response code in headless mode.
+
+### Removed
+- Dropped Telegram share button.
+
+## [3.2.0] - 2020-09-05
+### Added
+- Added support to use Azure Blob Storage account as storage location.
+- Support for other S3-compatible storage endpoint.
+- Line number when showing text files.
+
+### Fixed
+- S3 driver file streaming not working properly.
+- Fixed Slack image preview.
+
+## [3.1.4] - 2020-04-13
+### Changed
+- Now the migrate command resync the system quota for each user.
+
+### Fixed
+- Fixed error with the migrate command.
+
+## [3.1.3] - 2020-04-13
+### Changed
+- Added changelog page.
+- Updated translations.
+
+## [3.1.2] - 2020-04-12
+### Changed
+- Improved installer storage checks.
+
+### Fixed
+- Fixed upload table lost when updating very old instances.
+
+## [3.1.1] - 2020-04-11
+### Fixed
+- Fixed error during a fresh installation with sqlite.
+
+## [3.1] - 2020-04-10
+### Added
+- Added tagging system (add, delete, search of tagged files).
+- Added basic media auto-tagging on upload.
+- Added registration system.
+- Added password recovery system.
+- Added ability to export all media of an account.
+- Added ability to choose between default and raw url on copy.
+- Added hide by default option.
+- Added user disk quota.
+- Added reCAPTCHA login protection.
+- Added bulk delete.
+- Added account clean function.
+- Added user disk quota system.
+- Added notification option on account create.
+- Added LDAP authentication.
+
+### Changed
+- The theme is now re-applied after every system update.
+- Updated system settings page.
+- Updated translations.
+- Improved grid layout.
+
+### Fixed
+- Fixed bug html files raws are rendered in a browser.
+- Fixes and improvements.
+
+## [3.0.2] - 2019-12-04
+### Changed
+- Updated translations.
+
+### Fixed
+- Fixed error with migrate command.
+
+## [3.0.1] - 2019-11-25
+### Changed
+- Small installer update.
+
+### Fixed
+- Fixed error with older mysql versions.
+- Fixed config is compiled with the di container.
+
+## [3.0] - 2019-11-23
+### Added
+- Added web upload.
+- Added ability to add custom HTML in \<head\> tag.
+- Added ability to show a preview of PDF files.
+- Added remember me functionality.
+- Added delete button on the preview page if the user is logged in.
+- New project icon (by [@SerenaItalia](https://www.deviantart.com/serenaitalia)).
+- The linux script can be used on headless systems.
+- Raw URL now accept file extensions.
+- Implemented SameSite XSS protection.
+
+### Changed
+- Upgraded from Slim3 to Slim 4.
+- Replaced videojs player with Plyr.
+- Improved installer.
+- Improved thumbnail generation.
+- Small fixes and improvements.
+
+## [2.6.6] - 2019-10-23
+### Added
+- Ability to choose between releases and prereleases with the web updater.
+
+### Changed
+- Updated translations.
+
+## [2.6.5] - 2019-09-17
+### Changed
+- Changed color to some buttons to address visibility with some themes.
+
+### Fixed
+- Fixed error after orphaned files removal #74.
+- Fixed update password not correctly removed from log files (#74).
+
+## [2.6.4] - 2019-09-15
+### Added
+- Filter on displayable images.
+
+### Changed
+- The generated random strings are now more human readable.
+
+### Fixed
+- Fixed during upload error on php compiled for 32 bit.
+- Fixed icons on the installer page.
+
+## [2.6.3] - 2019-09-14
+### Fixed
+- Fixed #67.
+- Fixed bad preload statement.
+- Fixed wrong redirect after install in subdirs.
+
+## [2.6.2] - 2019-09-06
+### Added
+- Added method for cache busting when updating/change theme.
+- Added russian translation from [Weblate](https://hosted.weblate.org/projects/xbackbone/xbackbone/).
+
+### Changed
+- Changed background default color.
+- Use the Font Awesome web font for better performances.
+
+## [2.6.1] - 2019-09-04
+### Added
+- Added alert if required extensions are not loaded.
+
+### Changed
+- Improved shell commands.
+- Updated translations.
+
+### Fixed
+- Fixed bad redirects on the web installer (#62).
+- Fixed login page with dark themes.
+
+## [2.6] - 2019-08-20
+### Added
+- Added support to use AWS S3, Google Cloud Storage, Dropbox and FTP(s) accounts as storage location.
+- Added german and norwegian translations from [Weblate](https://hosted.weblate.org/projects/xbackbone/xbackbone/).
+- Added ability to force system language.
+
+### Changed
+- Improved lang detection.
+
+### Fixed
+- Fixed missing icon.
+
+## [2.5.3] - 2019-05-12
+### Changed
+- Improved exception stacktrace logging.
+
+### Fixed
+- Fixed bad css loading on Firefox (#35).
+- Fixed wrong style for publish/unpublish button.
+
+## [2.5.2] - 2019-05-09
+### Added
+- Added preloading for some resources to improve performances.
+- Added check for block execution on EOL and unsupported PHP versions.
+
+### Changed
+- Improved session handling.
+- Other minor improvements.
+
+### Fixed
+- Fixed telegram share not working.
+- Fix for big text file now are not rendered in the browser.
+
+## [2.5.1] - 2019-04-10
+### Changed
+- Improved HTTP partial content implementation for large files.
+
+### Fixed
+- Fixed bad redirect if the theme folder is not writable. (#27)
+
+## [2.5] - 2019-02-10
+### Added
+- Added partial content implementation (stream seeking on chromium based browsers).
+- **[BETA]** Added self update feature.
+- Added project favicon.
+
+### Changed
+- Updated project license to [AGPL v3.0](https://choosealicense.com/licenses/agpl-3.0/) (now releases ships with the new license).
+- Improved video.js alignment with large videos.
+- Optimized output zip release size.
+- Templates cleanup and optimizations.
+- Improved error handling.
+
+## [2.4.1] - 2019-01-24
+### Fixed
+- Fixed error message when the file is too large. (#15)
+- Fixed button alignment.
+
+## [2.4] - 2019-01-22
+### Added
+- Added function to remove orphaned files.
+- Multiple uploads sorting methods.
+- Switch between tab and gallery mode using an admin account.
+- Search in uploads.
+
+### Changed
+- Updated js dependencies.
+- Internal refactoring and improvements
+
+## [2.3.1] - 2018-12-09
+### Added
+- Added checks during the installation wizard.
+- cURL and Wget can now directly download the file.
+
+### Fixed
+- Fixed english language.
+- Fixed forced background with dark themes.
+
+## [2.3] - 2018-11-30
+### Added
+- Added overlay on user gallery images.
+- Added linux script to allow uploads from linux screenshot tools.
+- Enable audio player with video.js.
+- Font Awesome icon match the single file mime-type.
+
+### Changed
+- Improved image scaling in user gallery.
+- Video and audio now starts with volume at 50%.
+- Minor layout fixes.
+
+### Fixed
+- Fixed IT translation.
+
+## [2.2] - 2018-11-20
+### Added
+- Added multi-language support.
+
+### Fixed
+- Improved routing.
+- Minor improvements and bug fixes.
+- Fixed HTTP/2 push is resetting the current session.
+
+## [2.1] - 2018-11-20
+### Added
+- Added video.js support.
+- Allow e-mail login.
+- Support for ShareX deletion URL.
+
+### Changed
+- Improved theme style.
+- Improved page redirecting.
+
+### Fixed
+- Fixed HTTP/2 push preload.
+
+## [2.0] - 2018-11-13
+### Added
+- Added install wizard (using the CLI is no longer required).
+- Added used space indicator per user.
+- Allow discord bot to display the preview.
+- Theme switcher on the web UI.
+- MySQL support.
+
+### Changed
+- Migrated from Flight to Slim 3 framework.
+- Improvements under the hood.
+
+## [1.3] - 2018-10-14
+### Added
+- Added command to switch between bootswatch.com themes.
+- Added popover to write the telegram message when sharing.
+- Allow Facebook bots to display the preview.
+
+### Changed
+- Packaging improvements.
+- Updated some dependencies.
+
+## [1.2] - 2018-05-01
+### Added
+- Added auto config generator for ShareX.
+- Show upload file size on the dashboard.
+
+### Changed
+- Previews are now scaled for better page load.
+
+### Removed
+- Removed HTTP2 push from the dashboard to improve loading time.
+
+### Fixed
+- Fixed insert for admin user (running `php bin\migrate --install`).
+
+## [1.1] - 2018-04-28
+### Added
+- Added logging.
+- Added share to Telegram.
+
+### Changed
+- Improved migrate system.
+- Updated Bootstrap theme.
+
+### Fixed
+- Fixed back to top when click delete or publish/unpublish.
+- Login redirect back to the requested page.
+
+## [1.0] - 2018-04-28
+### Added
+- Initial version.

docs/clients.md

@@ -0,0 +1,48 @@
+---
+layout: default
+title: Client Configuration
+nav_order: 5
+---
+
+# Clients Configuration
+
+## ShareX (Windows)
+Once you are logged in, just go in your profile settings and download the ShareX config file for your account.
+
+## Screencloud (Windows, Mac and Linux)
+Once you are logged in, go in your profile account and click on the Screencloud button.
+Now open Screencloud, open "Preferences" > "Online Services" tab > click "More Services" > and "Install from URL"
+and paste the URL copied from XBackBone, and all should work out-of-the-box.
+
+If for whatever reason you need to change the instance url or the token, just edit the settings of the XBackBone plugin.
+
+## MagicCap (Mac and Linux)
+MagicCap supports the same file format used by ShareX.
+
+Just download the ShareX config file from your profile, and then on MagicCap open the Preferences > Uploader settings and choose ShareX.
+Set the path to the file you have downloaded, and you are good to go!
+
+## uPic (Mac)
+This tool does not support plugins or custom configuration, but you can configure it manually:
+In preferences, you should add "Custom" host and configure it as follows:
+- **API URL:** Your instance upload url, like `http://example.com/upload`
+- **Request method:** POST
+- **File field:** file
+- **URL Path:** ["url"]
+- In "Other fields", in the body section, you should add the field `token`, with your upload token.
+- In "Other fields", in the headers section, you should add the field `Content-Type`, with the value `application/x-www-form-urlencoded`.
+
+## Bash Script (Linux, Mac, WSL)
+XBackBone can generate a script that allows you to share an item from any tool, even headless servers:
++ Login into your account
++ Navigate to your profile and download the Linux script for your account.
++ Place the script where you want (ex. in your user home: `/home/<username>`).
++ Add execution permissions (`chmod +x xbackbone_uploader_XXX.sh`)
++ Run the script for the first time to create the desktop entry: `./xbackbone_uploader_XXX.sh -desktop-entry`.
+
+Now, to upload a media, just use the right click on the file > "Open with ..." > search XBackBone Uploader (XXX) in the app list.
+You can use this feature in combination with tools like [Flameshot](https://github.com/lupoDharkael/flameshot), just use the "Open with ..." button once you have done the screenshot.
+
+The script requires `xclip`, `curl`, and `notify-send` on a desktop distribution.
+
+*Note: XXX is the username of your XBackBone account.*

docs/common_issues.md

@@ -0,0 +1,20 @@
+---
+layout: default
+title: Common Issues
+nav_order: 7
+---
+
+# Common Issues
+
+### Error 404 after installation
+If you have Apache web server, check if it's reading the file `.htaccess` and the module `mod_rewrite` is enabled.
+
+<hr>
+
+### [Discord, Telegram, ...] is not showing the image/video preview of the link.
+If you use Cloudflare, check if the setting that blocks access to bots is active. If enabled, the bots of the respective platforms will not be able to access to download the preview.
+
+<hr>
+
+### How to increase the upload max file size?
+Increase the `post_max_size` and `upload_max_filesize` in your `php.ini`.

docs/configuration.md

@@ -0,0 +1,214 @@
+---
+layout: default
+title: Configuration
+nav_order: 3
+---
+# Configuration
+
+## Web Server
+*Apache need the `mod_rewrite` extension to make XBackBone work properly*.
+
+If you do not use Apache, or the Apache `.htaccess` is not enabled, set your web server so that the `static/` folder is the only one accessible from the outside, otherwise even private uploads and logs will be accessible!
+
+If you are using NGINX, you can find an example configuration [`nginx.conf`](https://github.com/SergiX44/XBackBone/blob/master/nginx.conf) in the project repository.
+
+## Maintenance Mode
+Maintenance mode is automatically enabled during an upgrade using the upgrade manager. You can activate it manually by editing the `config.php`, and adding this line:
+
+```php
+return array(
+    ...
+    'maintenance' => true,
+);
+```
+
+## Database support
+
+Currently, is supported `MySQL/MariaDB` and `SQLite3`.
+
+For big installations, `MySQL/MariaDB` is recommended.
+
+Example config:
+```php
+return array(
+    ...,
+    'db' => array (
+        'connection' => 'mysql', // sqlite or mysql
+        'dsn' => 'host=localhost;port=3306;dbname=xbackbone', // the path to db, if sqlite
+        'username' => 'xbackbone', // null, if sqlite
+        'password' => 's3cr3t', // null, if sqlite
+    ),
+);
+```
+
+## LDAP Authentication
+
+Since the release 3.1, the LDAP integration can be configured.
+
+Edit the `config.php`, and add the following lines:
+This configuration requires anonymous LDAP access
+```php
+return array(
+    ...
+    'ldap' => array(
+        'enabled' => true, // enable it
+        'host' => 'ad.example.com', // set the ldap host
+        'port' => 389, // ldap port
+        'base_domain' => 'dc=example,dc=com', // the base_dn string
+        'user_domain' => 'ou=Users', // the user dn string
+        'rdn_attribute' => 'uid=', // the attribute to identify the user
+    ),
+);
+```
+
+The following configuration snippet enables authenticated LDAP user lookups
+```php
+return array(
+    ...
+    'ldap' => array(
+        'enabled' => true, // enable it
+        'schema' => 'ldap', // use 'ldap' or 'ldaps' Default is 'ldap'
+        'host' => 'ad.example.com', // set the ldap host
+        'port' => 389, // ldap port
+        'base_domain' => 'dc=example,dc=com', // the base_dn string
+        'search_filter' => '(&(objectClass=user)(sAMAccountName=????))', // ???? is replaced with user provided username
+        'rdn_attribute' => 'sAMAccountName', // the attribute to use as username
+        'service_account_dn' => 'cn=xbackbone,cn=Users,dc=example,dc=com', // LDAP Service Account Full DN
+        'service_account_password' => 'examplepassword',
+    ),
+);
+```
+
+Enabling LDAP over TLS. Make sure to update port number. Merge with your current LDAP configuration.
+```php
+return array(
+    ...
+    'ldap' => array(
+    	'schema' => 'ldaps',  //defaults to 'ldap'
+    	'port' => 636, 
+    ),
+);
+```
+
+Enabling StartTLS upgrade. Merge with your current LDAP configuration.
+```php
+return array(
+    ...
+    'ldap' => array(
+    	...
+    	'useStartTLS' => true,  //defaults to false 
+    ),
+);
+```
+The 'schema' => 'ldaps' and 'useStartTLS'=> true configuration directives are mutually exclusive. Do no use them together.  
+
+By activating this function, it will not be possible for users logging in via LDAP to reset the password from the application (for obvious reasons), and it will also be possible to bring existing users under LDAP authentication.
+
+
+## Storage drivers
+
+XBackBone supports these storage drivers (with some configuration examples):
+
++ Local Storage (default)
+```php
+return array(
+    ...
+    'storage' => array (
+        'driver' => 'local',
+        'path' => '/path/to/storage/folder',
+    ),
+);
+```
+
++ Amazon S3
+```php
+return array(
+    ...
+    'storage' => array (
+        'driver' => 's3',
+        'key' => 'the-key',
+        'secret' => 'the-secret',
+        'region' => 'the-region',
+        'bucket' => 'bucket-name',
+        'path' => 'optional/path/prefix',
+    ),
+);
+```
+For any filesystem S3-compatible, it's possible to specify an `endpoint` (for i.e. Minio)
+```php
+return array(
+    ...
+    'storage' => array (
+        'driver' => 's3',
+        'endpoint' => 'my-custom-endpoint',
+        'key' => 'the-key',
+        'secret' => 'the-secret',
+        'region' => 'the-region',
+        'bucket' => 'bucket-name',
+        'path' => 'optional/path/prefix',
+    ),
+);
+```
+
++ Dropbox
+```php
+return array(
+    ...
+    'storage' => array (
+        'driver' => 'dropbox',
+        'token' => 'the-token',
+    ),
+);
+```
+
++ FTP(s)
+```php
+return array(
+    ...
+    'storage' => array (
+        'driver' => 'ftp',
+        'host' => 'ftp.example.com',
+        'port' => 21,
+        'username' => 'the-username',
+        'password' => 'the-password',
+        'path' => 'the/prefix/path/',
+        'passive' => true/false,
+        'ssl' => true/false,
+    ),
+);
+```
+
++ Google Cloud Storage
+```php
+return array(
+    ...
+    'storage' => array (
+        'driver' => 'google-cloud',
+        'project_id' => 'the-project-id',
+        'key_path' => 'the-key-path',
+        'bucket' => 'bucket-name',
+    ),
+);
+```
+
+## Changing themes
+XBackBone supports all [bootswatch.com](https://bootswatch.com/) themes.
+
+From the web UI:
++ Navigate to the web interface as admin -> System Menu -> Choose a theme from the dropdown.
+
+From the CLI:
++ Run the command `php bin/theme` to see the available themes.
++ Use the same command with the argument name (`php bin/theme <THEME-NAME>`) to choose a theme.
++ If you want to revert back to the original bootstrap theme, run the command `php bin/theme default`.
+
+*Clear the browser cache once you have applied.*
+
+## Change app install name
+Add to the `config.php` file an array element like this:
+```php
+return array(
+    'app_name' => 'This line will overwrite "XBackBone"',
+    ...
+);
+```

docs/index.md

@@ -0,0 +1,57 @@
+---
+layout: default
+title: Home
+nav_order: 1
+---
+
+<p class="text-center">
+  <img src="img/xbackbone.png" width="400px">
+</p>
+
+XBackBone is a simple and lightweight PHP file manager that support the instant sharing tool ShareX and *NIX systems. It supports uploading and displaying images, GIF, video, code, formatted text, pdf, and file downloading and uploading. Also have a web UI with multi user management, media gallery and search support.
+{: .fs-5 .fw-300 }
+
+<p class="text-center">
+    <a href="https://github.com/SergiX44/XBackBone/releases/latest" class="btn btn-green">Download</a>
+    <a href="https://github.com/SergiX44/XBackBone" class="btn btn-blue">GitHub</a>
+    <a href="sponsor.html" class="btn btn-purple" style="background-color: #e7af06; background-image: linear-gradient(#f7d12e, #e7af06);">Sponsor</a>
+</p>
+
+## Main Features
++ Multiple clients supported: ShareX, Screencloud, uPic, ...
++ Config generator for ShareX, Screencloud.
++ Low memory footprint.
++ Multiple backends support: Local storage, AWS S3, Google Cloud, Azure Blob Storage, Dropbox, FTP(s).
++ Web file upload.
++ Code uploads syntax highlighting.
++ Video and audio uploads webplayer.
++ PDF viewer.
++ Files preview page.
++ Bootswatch themes support.
++ Responsive theme for mobile use.
++ Multi language support.
++ User management, multi user features, roles and disk quota.
++ Public and private uploads.
++ Logging system.
++ Share to Telegram.
++ Linux supported via a per-user custom generated script (server and desktop).
++ Direct downloads using curl or wget commands.
++ Direct images links support on Discord, Telegram, Facebook, etc.
++ System updates without FTP or CLI.
++ Easy web installer.
++ LDAP authentication.
++ Registration system.
++ Automatic uploads tagging system.
++ Tag uploads with custom tags for categorization.
++ ... and more.
+
+### Demo GIF
+
+![img](https://i.imgur.com/iV8Rirn.gif)
+
+## Translations
+You can help translating the project on [Weblate](https://hosted.weblate.org/projects/xbackbone/xbackbone/).
+
+<a href="https://hosted.weblate.org/engage/xbackbone/?utm_source=widget">
+<img src="https://hosted.weblate.org/widgets/xbackbone/-/xbackbone/multi-auto.svg" alt="Stato traduzione" />
+</a>

docs/installation.md

@@ -0,0 +1,68 @@
+---
+layout: default
+title: Installation
+nav_order: 2
+---
+
+# Installation
+
+### Prerequisites
+XBackBone require PHP >= `7.3`, with installed the required extensions:
++ `php-sqlite3` for SQLite.
++ `php-mysql` for MariaDB/MySQL.
++ `php-gd` image manipualtion library.
++ `php-json` json file support.
++ `php-intl` internationalization functions.
++ `php-fileinfo` file related functions.
++ `php-zip` compressed files related functions.
++ (optional) `php-ftp` to use the FTP remote storage driver.
++ (optional) `php-ldap` to use LDAP authentication.
+
+## Web installation
++ Download latest release from GitHub: [Latest Release](https://github.com/SergiX44/XBackBone/releases/latest)
++ Extract the release zip to your document root.
++ Navigate to the webspace root (ex. `http://example.com/xbackbone`, this should auto redirect your browser to the install page `http://example.com/xbackbone/install/`)
++ Follow the instructions.
+
+For futher and advanced configurations, see the [configuration page](configuration.md).
+
+## Manual installation
++ Download latest release from GitHub: [Latest Release](https://github.com/SergiX44/XBackBone/releases/latest)
++ Extract the release zip to your document root.
++ Copy and edit the config file:
+```sh
+cp config.example.php config.php && nano config.php
+```
+By default, XBackBone will use Sqlite3 as DB engine, and a `storage` dir in the main directory. You can leave these settings unchanged for a simple personal installation.
+You must set the `base_url`, or remove it for get dynamically the url from request (not recommended).
+
+```php
+return [
+	'base_url' => 'https://example.com', // no trailing slash
+	'storage' => [
+		'driver' => 'local',
+		'path' => 'absolute/path/to/storage',
+	],
+	'db' => [
+		'connection' => 'sqlite', // current support for sqlite and mysql
+		'dsn' => 'absolute/path/to/resources/database/xbackbone.db', // if sqlite should be an absolute path
+		'username' => null, // username and password not needed for sqlite
+		'password' => null,
+	]
+];
+```
++ Finally, run the migrate script to setup the database
+
+```sh
+php bin/migrate --install
+```
++ Delete the `/install` directory.
++ Now just login with `admin/admin`, **be sure to change these credentials after your first login**.
+
+
+For futher and advanced configurations, see the [configuration page](configuration.md).
+
+## Docker deployment
+Alternatively, a docker container is available.
+
+[Docker container](https://fleet.linuxserver.io/image?name=linuxserver/xbackbone){: .btn .btn-purple }

docs/license.md

@@ -0,0 +1,21 @@
+---
+layout: default
+title: License & Credits
+nav_order: 10
+---
+
+# License
+This software is licensed under the <a href="https://choosealicense.com/licenses/agpl-3.0/">GNU Affero General Public License v3.0</a>, available in this repository.
+As a "copyright notice" it is sufficient to keep the small footer at the bottom of the page, also to help other people to learn about this project!
+
+# Built with
++ Project logo by [@Sere](https://www.deviantart.com/serenaitalia)
++ Slim 3 since `v2.0`, and Slim 4 since `v3.0` (https://www.slimframework.com/) and some great PHP packages (Flysystem, Intervention Image, Twig, etc)
++ FlightPHP, up to `v1.x` (http://flightphp.com/)
++ Bootstrap 4 (https://getbootstrap.com/)
++ Font Awesome 5 (http://fontawesome.com)
++ ClipboardJS (https://clipboardjs.com/)
++ HighlightJS (https://highlightjs.org/)
++ JQuery (https://jquery.com/)
++ Plyr.io (https://plyr.io/)
++ Dropzone.js (https://www.dropzonejs.com/)

docs/sponsor.md

@@ -0,0 +1,22 @@
+---
+layout: default
+title: Sponsorship
+nav_order: 8
+---
+
+# Sponsor this project
+
+You can give your contribution to this project thanks to a small sponsorship, through GitHub Sponsors, or as a single donation on PayPal.
+All those who make the recurring donations, the names or logos will be inserted in this page, if they wish.
+
+
+[<img src="https://www.gravatar.com/avatar/98b8d56f4a193e3f7154f236c16930b2?s=160" alt="SergiX44" height="100">](https://github.com/SergiX44) |
+---|
+[SergiX44](https://github.com/SergiX44) |
+[GitHub Sponsors](https://github.com/sponsors/SergiX44) |
+[PayPal for XBackBone](http://bit.ly/XBackBonePaypal) |
+{: .text-center}
+
+## Sponsors
+
++ [@philw95](https://github.com/philw95)

docs/upgrading.md

@@ -0,0 +1,34 @@
+---
+layout: default
+title: Upgrading
+nav_order: 4
+---
+
+# Upgrading
+
+The system updates can be applied via the web interface by an administrator, or manually via CLI.
+
+## Self-update (since v2.5)
++ Navigate to the system page as administrator.
++ Click the check for update button, and finally the upgrade button.
++ Wait until the browser redirect to the install page.
++ Click the update button.
++ Done.
+
+
+## Manual update
++ Download and extract the release zip to your document root, overwriting any file.
++ Navigate to the `/install` path (es: `http://example.com/` -> `http://example.com/install/`)
++ Click the update button.
++ Done.
+
+## CLI update
+If, for whatever reason, the web UI is not accessible, you can upgrade from CLI:
++ Download and extract the release zip to your document root, overwriting any file.
++ Run the command `php\migrate`.
++ Run the command `php\clean`.
++ Done.
+
+### Pre-release channel
+
+From the system page, you can also choose to check from beta/RC releases, these are NOT considered stable enough for every day use, but only for testing purposes, **take a backup before upgrading to these versions**.

index.php

@@ -1,8 +1,11 @@
 <?php
-require 'vendor/autoload.php';
 
+((PHP_MAJOR_VERSION >= 7 && PHP_MINOR_VERSION >= 3) || PHP_MAJOR_VERSION > 7) ?: die('Sorry, PHP 7.3 or above is required to run XBackBone.');
+require __DIR__.'/vendor/autoload.php';
+
+define('BASE_DIR', realpath(__DIR__).DIRECTORY_SEPARATOR);
 define('PLATFORM_VERSION', json_decode(file_get_contents('composer.json'))->version);
+define('CONFIG_FILE', BASE_DIR.'config.php');
 
-require 'bootstrap/app.php';
-
-Flight::start();
+$app = require __DIR__.'/bootstrap/app.php';
+$app->run();

install/index.php

@@ -0,0 +1,248 @@
+<?php
+
+((PHP_MAJOR_VERSION >= 7 && PHP_MINOR_VERSION >= 3) || PHP_MAJOR_VERSION > 7) ?: die('Sorry, PHP 7.3 or above is required to run XBackBone.');
+require __DIR__.'/../vendor/autoload.php';
+
+use App\Database\Migrator;
+use App\Factories\ViewFactory;
+use App\Web\Session;
+use App\Web\View;
+use DI\Bridge\Slim\Bridge;
+use DI\ContainerBuilder;
+use League\Flysystem\FileExistsException;
+use Psr\Container\ContainerInterface as Container;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use function DI\factory;
+use function DI\get;
+use function DI\value;
+
+define('PLATFORM_VERSION', json_decode(file_get_contents(__DIR__.'/../composer.json'))->version);
+define('BASE_DIR', realpath(__DIR__.'/../').DIRECTORY_SEPARATOR);
+
+// default config
+$config = [
+    'base_url' => str_replace('/install/', '', (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http')."://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"),
+    'debug' => true,
+    'db' => [
+        'connection' => 'sqlite',
+        'dsn' => BASE_DIR.implode(DIRECTORY_SEPARATOR, ['resources', 'database', 'xbackbone.db']),
+        'username' => null,
+        'password' => null,
+    ],
+    'storage' => [
+        'driver' => 'local',
+        'path' => realpath(__DIR__.'/../').DIRECTORY_SEPARATOR.'storage',
+    ],
+];
+
+$installed = false;
+if (file_exists(__DIR__.'/../config.php')) {
+    $installed = true;
+    $config = array_replace_recursive($config, require __DIR__.'/../config.php');
+
+    if (isset($config['storage_dir'])) { // if from older installations with no support of other than local driver
+        $config['storage']['driver'] = 'local';
+        $config['storage']['path'] = $config['storage_dir'];
+        unset($config['storage_dir']);
+    }
+
+    if ($config['storage']['driver'] === 'local' && !is_dir($config['storage']['path'])) { // if installed with local driver, and the storage dir don't exists
+        $realPath = realpath(BASE_DIR.$config['storage']['path']);
+        if (is_dir($realPath) && is_writable($realPath)) { // and was a path relative to the upper folder
+            $config['storage']['path'] = $realPath; // update the config
+        }
+    }
+}
+
+$builder = new ContainerBuilder();
+
+$builder->addDefinitions([
+    'config' => value($config),
+    View::class => factory(function (Container $container) {
+        return ViewFactory::createInstallerInstance($container);
+    }),
+    'view' => get(View::class),
+    Session::class => factory(function () {
+        return new Session('xbackbone_session');
+    }),
+    'session' => get(Session::class),
+]);
+$builder->addDefinitions(__DIR__.'/../bootstrap/container.php');
+
+$app = Bridge::create($builder->build());
+$app->setBasePath(parse_url($config['base_url'].'/install', PHP_URL_PATH));
+$app->addRoutingMiddleware();
+
+$app->get('/', function (Response $response, View $view, Session $session) {
+    if (!extension_loaded('gd')) {
+        $session->alert('The required "gd" extension is not loaded.', 'danger');
+    }
+
+    if (!extension_loaded('intl')) {
+        $session->alert('The required "intl" extension is not loaded.', 'danger');
+    }
+
+    if (!extension_loaded('json')) {
+        $session->alert('The required "json" extension is not loaded.', 'danger');
+    }
+
+    if (!extension_loaded('fileinfo')) {
+        $session->alert('The required "fileinfo" extension is not loaded.', 'danger');
+    }
+
+    if (!extension_loaded('zip')) {
+        $session->alert('The required "zip" extension is not loaded.', 'danger');
+    }
+
+    if (!is_writable(__DIR__.'/../resources/cache')) {
+        $session->alert('The cache folder is not writable ('.__DIR__.'/../resources/cache'.')', 'danger');
+    }
+
+    if (!is_writable(__DIR__.'/../resources/database')) {
+        $session->alert('The database folder is not writable ('.__DIR__.'/../resources/database'.')', 'danger');
+    }
+
+    if (!is_writable(__DIR__.'/../resources/sessions')) {
+        $session->alert('The sessions folder is not writable ('.__DIR__.'/../resources/sessions'.')', 'danger');
+    }
+
+    $installed = file_exists(__DIR__.'/../config.php');
+
+    return $view->render($response, 'install.twig', [
+        'installed' => $installed,
+    ]);
+})->setName('install');
+
+$app->post('/', function (Request $request, Response $response, \DI\Container $container, Session $session) use (&$config, &$installed) {
+    // disable debug in production
+    unset($config['debug']);
+
+    // Check if there is a previous installation, if not, setup the config file
+    if (!$installed) {
+        // config file setup
+        $config['base_url'] = param($request, 'base_url');
+        $config['storage']['driver'] = param($request, 'storage_driver');
+        $config['db']['connection'] = param($request, 'connection');
+        $config['db']['dsn'] = param($request, 'dsn');
+        $config['db']['username'] = param($request, 'db_user');
+        $config['db']['password'] = param($request, 'db_password');
+
+        // setup storage configuration
+        switch ($config['storage']['driver']) {
+            case 's3':
+                $config['storage']['key'] = param($request, 'storage_key');
+                $config['storage']['secret'] = param($request, 'storage_secret');
+                $config['storage']['region'] = param($request, 'storage_region');
+                $config['storage']['endpoint'] = !empty(param($request, 'storage_endpoint')) ? param($request, 'storage_endpoint') : null;
+                $config['storage']['bucket'] = param($request, 'storage_bucket');
+                $config['storage']['path'] = param($request, 'storage_path');
+                break;
+            case 'dropbox':
+                $config['storage']['token'] = param($request, 'storage_token');
+                break;
+            case 'ftp':
+                if (!extension_loaded('ftp')) {
+                    $session->alert('The "ftp" extension is not loaded.', 'danger');
+
+                    return redirect($response, urlFor('/'));
+                }
+                $config['storage']['host'] = param($request, 'storage_host');
+                $config['storage']['username'] = param($request, 'storage_username');
+                $config['storage']['password'] = param($request, 'storage_password');
+                $config['storage']['port'] = param($request, 'storage_port');
+                $config['storage']['path'] = param($request, 'storage_path');
+                $config['storage']['passive'] = param($request, 'storage_passive') === '1';
+                $config['storage']['ssl'] = param($request, 'storage_ssl') === '1';
+                break;
+            case 'google-cloud':
+                $config['storage']['project_id'] = param($request, 'storage_project_id');
+                $config['storage']['key_path'] = param($request, 'storage_key_path');
+                $config['storage']['bucket'] = param($request, 'storage_bucket');
+                break;
+            case 'azure':
+                $config['storage']['account_name'] = param($request, 'storage_account_name');
+                $config['storage']['account_key'] = param($request, 'storage_account_key');
+                $config['storage']['container_name'] = param($request, 'storage_container_name');
+                break;
+            case 'local':
+            default:
+                $config['storage']['path'] = param($request, 'storage_path');
+                break;
+        }
+        $container->set('config', value($config));
+    }
+
+    $storage = $container->get('storage');
+    // check if the storage is valid
+    $storageTestFile = 'storage_test.txt';
+    try {
+        try {
+            $success = $storage->write($storageTestFile, 'TEST_FILE');
+        } catch (FileExistsException $fileExistsException) {
+            $success = $storage->update($storageTestFile, 'TEST_FILE');
+        }
+
+        if (!$success) {
+            throw new Exception('The storage is not writable.');
+        }
+        $storage->readAndDelete($storageTestFile);
+    } catch (Exception $e) {
+        $session->alert("Storage setup error: {$e->getMessage()} [{$e->getCode()}]", 'danger');
+
+        return redirect($response, urlFor('/install'));
+    }
+
+    // Get the db instance and run migrations
+    $db = $container->get('database');
+    try {
+        $migrator = new Migrator($db, __DIR__.'/../resources/schemas');
+        $migrator->migrate();
+        $migrator->reSyncQuotas($storage);
+    } catch (PDOException $e) {
+        $session->alert("Cannot connect to the database: {$e->getMessage()} [{$e->getCode()}]", 'danger');
+
+        return redirect($response, urlFor('/install'));
+    }
+
+    // if not installed, create the default admin account
+    if (!$installed) {
+        $db->query("INSERT INTO `users` (`email`, `username`, `password`, `is_admin`, `user_code`) VALUES (?, 'admin', ?, 1, ?)", [param($request, 'email'), password_hash(param($request, 'password'), PASSWORD_DEFAULT), humanRandomString(5)]);
+    }
+
+    // re-apply the previous theme if is present
+    $css = $db->query('SELECT `value` FROM `settings` WHERE `key` = \'css\'')->fetch()->value ?? null;
+    if ($css && strpos($css, '|') !== false) {
+        $container->make(\App\Web\Theme::class)->applyTheme($css);
+    }
+
+    // if is upgrading and existing installation, put it out maintenance
+    if ($installed) {
+        unset($config['maintenance']);
+
+        // remove old config from old versions
+        unset($config['lang']);
+        unset($config['displayErrorDetails']);
+    }
+
+    // Finally write the config
+    $ret = file_put_contents(__DIR__.'/../config.php', '<?php'.PHP_EOL.'return '.var_export($config, true).';');
+    if ($ret === false) {
+        $session->alert('The config folder is not writable ('.__DIR__.'/../config.php'.')', 'danger');
+
+        return redirect($response, '/install');
+    }
+
+    // post install cleanup
+    cleanDirectory(__DIR__.'/../resources/cache');
+    cleanDirectory(__DIR__.'/../resources/sessions');
+
+    removeDirectory(__DIR__.'/../install');
+
+    // Installed successfully, destroy the installer session
+    $session->destroy();
+
+    return redirect($response, urlFor('/?afterInstall=true'));
+});
+
+$app->run();

install/templates/install.twig

@@ -0,0 +1,246 @@
+<!doctype html>
+<html lang="en">
+<head>
+    <title>XBackBone Installer</title>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <meta name="description" content="XBackBone Installer">
+
+    <link href="../static/bootstrap/css/bootstrap.min.css?{{ 'now'|date('U') }}" rel="stylesheet">
+    <link href="../static/fontawesome/css/all.min.css?{{ 'now'|date('U') }}" rel="stylesheet">
+    <link href="../static/app/app.css?{{ 'now'|date('U') }}" rel="stylesheet">
+
+    <script src="../static/jquery/jquery.min.js?{{ 'now'|date('U') }}"></script>
+    <script src="../static/bootstrap/js/bootstrap.bundle.min.js?{{ 'now'|date('U') }}"></script>
+    <script src="installer.js?{{ 'now'|date('U') }}"></script>
+</head>
+<body class="bg-light">
+<div class="container">
+    <div class="mt-4">
+        {% include 'comp/alert.twig' %}
+    </div>
+    <div class="row justify-content-center">
+        <div class="col-md-8">
+            <div class="card mt-3 shadow-sm">
+                <div class="card-header">Install XBackBone</div>
+                <div class="card-body">
+                    <form method="post" onsubmit="$('#modalLoading').modal({backdrop: 'static', keyboard: false})">
+                        {% if not installed %}
+                            <div class="form-group row">
+                                <label for="base_url" class="col-sm-3 col-form-label">Base URL</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control" id="base_url" name="base_url" value="{{ config.base_url }}" autocomplete="off" required>
+                                    <small>No trailing slash.</small>
+                                </div>
+                            </div>
+                            <hr>
+                            <div class="form-group row">
+                                <label for="connection" class="col-sm-3 col-form-label">SQL Engine</label>
+                                <div class="col-sm-9">
+                                    <select name="connection" id="connection" required class="form-control">
+                                        <option value="sqlite" selected>SQLite</option>
+                                        <option value="mysql">MySQL</option>
+                                    </select>
+                                </div>
+                            </div>
+
+                            <div class="form-group row">
+                                <label for="dsn" class="col-sm-3 col-form-label">Database Source Name (DSN)</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control" id="dsn" name="dsn" value="{{ config.db.dsn }}" autocomplete="off" required>
+                                </div>
+                            </div>
+
+                            <div class="form-group row hook-database">
+                                <label for="db_user" class="col-sm-3 col-form-label">Database Username</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-database-input" id="db_user" name="db_user" value="db_user" autocomplete="off">
+                                </div>
+                            </div>
+
+                            <div class="form-group row hook-database">
+                                <label for="db_password" class="col-sm-3 col-form-label">Database Password</label>
+                                <div class="col-sm-9">
+                                    <input type="password" class="form-control hook-database-input" id="db_password" name="db_password" autocomplete="off">
+                                </div>
+                            </div>
+                            <hr>
+                            <div class="form-group row">
+                                <label for="storage_driver" class="col-sm-3 col-form-label">Storage Driver</label>
+                                <div class="col-sm-9">
+                                    <select id="storage_driver" name="storage_driver" class="form-control" required>
+                                        <option value="local">Local Storage</option>
+                                        <option value="ftp">FTP/FTPS</option>
+                                        <option value="s3">Amazon S3 (or compatible)</option>
+                                        <option value="google-cloud">Google Cloud Storage</option>
+                                        <option value="azure">Azure Blob Storage</option>
+                                        <option value="dropbox">Dropbox</option>
+                                    </select>
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_path" class="col-sm-3 col-form-label">Storage path root</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_path" name="storage_path" autocomplete="off" data-default-local="{{ config.storage.path }}">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_key" class="col-sm-3 col-form-label">AWS S3 key</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_key" name="storage_key" placeholder="your-key" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_secret" class="col-sm-3 col-form-label">AWS S3 secret</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_secret" name="storage_secret" placeholder="your-secret" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_region" class="col-sm-3 col-form-label">AWS S3 region</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_region" name="storage_region" placeholder="your-region" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_region" class="col-sm-3 col-form-label">AWS S3 endpoint</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_endpoint" name="storage_endpoint" placeholder="optional (for S3-compatible services)" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_token" class="col-sm-3 col-form-label">Dropbox token</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_token" name="storage_token" placeholder="authorization-token" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_host" class="col-sm-3 col-form-label">FTP host</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_host" name="storage_host" placeholder="127.0.0.1" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_username" class="col-sm-3 col-form-label">FTP username</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_username" name="storage_username" placeholder="username" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_password" class="col-sm-3 col-form-label">FTP password</label>
+                                <div class="col-sm-9">
+                                    <input type="password" class="form-control hook-storage-input" id="storage_password" name="storage_password" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_port" class="col-sm-3 col-form-label">FTP port</label>
+                                <div class="col-sm-9">
+                                    <input type="number" min="0" max="65535" class="form-control hook-storage-input" id="storage_port" name="storage_port" placeholder="21" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_passive" class="col-sm-3 col-form-label">FTP passive mode</label>
+                                <div class="col-sm-9">
+                                    <select name="storage_passive" id="storage_passive" class="form-control hook-storage-input">
+                                        <option value="1" selected>Yes</option>
+                                        <option value="0">No</option>
+                                    </select>
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_ssl" class="col-sm-3 col-form-label">FTP SSL enabled</label>
+                                <div class="col-sm-9">
+                                    <select name="storage_ssl" id="storage_ssl" class="form-control hook-storage-input">
+                                        <option value="1">Yes</option>
+                                        <option value="0" selected>No</option>
+                                    </select>
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_project_id" class="col-sm-3 col-form-label">Google project id</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_project_id" name="storage_project_id" placeholder="your-project-id" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_key_path" class="col-sm-3 col-form-label">Google key path</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_key_path" name="storage_key_path" placeholder="/path/to/service-account.json" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_account_name" class="col-sm-3 col-form-label">Azure storage account name</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_account_name" name="storage_account_name" placeholder="your-storage-account-name" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_account_key" class="col-sm-3 col-form-label">Azure storage account key</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_account_key" name="storage_account_key" placeholder="Account (Access) Key" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_container_name" class="col-sm-3 col-form-label">Azure storage container name</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_container_name" name="storage_container_name" placeholder="your-blob-container-name" autocomplete="off">
+                                </div>
+                            </div>
+                            <div class="form-group row hook-storage">
+                                <label for="storage_bucket" class="col-sm-3 col-form-label">Storage bucket</label>
+                                <div class="col-sm-9">
+                                    <input type="text" class="form-control hook-storage-input" id="storage_bucket" name="storage_bucket" placeholder="your-bucket-name" autocomplete="off">
+                                </div>
+                            </div>
+                            <hr>
+                            <div class="form-group row">
+                                <label for="email" class="col-sm-3 col-form-label">Admin email</label>
+                                <div class="col-sm-9">
+                                    <input type="email" class="form-control" id="email" placeholder="email@example.com" name="email" autocomplete="off" required>
+                                </div>
+                            </div>
+
+                            <div class="form-group row">
+                                <label for="password" class="col-sm-3 col-form-label">Admin password</label>
+                                <div class="col-sm-9">
+                                    <input type="password" class="form-control" id="password" placeholder="Password" name="password" autocomplete="off" required>
+                                </div>
+                            </div>
+
+                            <div class="form-group row justify-content-md-end">
+                                <div class="col-sm-9">
+                                    <button type="submit" class="btn btn-outline-success">
+                                        <i class="fas fa-save fa-fw"></i> Install
+                                    </button>
+                                </div>
+                            </div>
+
+                        {% else %}
+                            <div class="form-group row">
+                                <div class="col-sm-12 d-flex justify-content-center">
+                                    <button type="submit" class="btn btn-lg btn-outline-primary">
+                                        <i class="fas fa-sync fa-fw"></i> Finalize update
+                                    </button>
+                                </div>
+                            </div>
+                        {% endif %}
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+<div class="modal" id="modalLoading" tabindex="-1" role="dialog" aria-hidden="true">
+    <div class="modal-dialog modal-sm">
+        <div class="modal-content">
+            <div class="modal-header">
+                <h6 class="modal-title">Please wait...</h6>
+            </div>
+            <div class="modal-body text-center">
+                <i class="fas fa-10x fa-spinner fa-pulse"></i>
+            </div>
+        </div>
+    </div>
+</div>
+</body>
+</html>

nginx.conf

@@ -0,0 +1,52 @@
+autoindex off;
+
+location /app {
+  return 403;
+}
+
+location /bin {
+  return 403;
+}
+
+location /bootstrap {
+  return 403;
+}
+
+location /resources {
+  return 403;
+}
+
+location /storage {
+  return 403;
+}
+
+location /vendor {
+  return 403;
+}
+
+location /logs {
+  return 403;
+}
+
+location CHANGELOG.md {
+  return 403;
+}
+
+index index.html index.htm index.php;
+
+charset utf-8;
+
+location / {
+    try_files $uri $uri/ /index.php?$query_string;
+}
+
+error_page 404 /index.php;
+
+location ~ \.php$ {
+    fastcgi_pass 127.0.0.1:9000;
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+    fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+    include fastcgi_params;
+}

package.json

@@ -1,21 +1,26 @@
 {
   "dependencies": {
-    "bootstrap": "^4.1.3",
-    "clipboard": "^2.0.1",
-    "highlightjs": "^9.10.0",
-    "jquery": "^3.3.1",
-    "popper.js": "^1.14.4",
-    "tooltip.js": "^1.3.0",
-    "@fortawesome/fontawesome-free": "^5.4.1"
+    "@fortawesome/fontawesome-free": "^5.15.2",
+    "bootstrap": "^4.6.1",
+    "bootstrap4-toggle": "^3.6.1",
+    "clipboard": "^2.0.10",
+    "dropzone": "^5.9.3",
+    "highlightjs": "^9.16.2",
+    "highlightjs-line-numbers.js": "^2.8.0",
+    "jquery": "^3.6.0",
+    "plyr": "^3.6.12",
+    "popper.js": "^1.16.1",
+    "tooltip.js": "^1.3.3"
   },
   "devDependencies": {
-    "grunt": "^1.0",
+    "grunt": "^1.5.3",
+    "grunt-contrib-compress": "^2.0.0",
     "grunt-contrib-copy": "^1.0.0",
-    "grunt-contrib-cssmin": "^2.2.1",
-    "grunt-contrib-jshint": "^1.1.0",
-    "grunt-contrib-uglify": "^3.3.0",
+    "grunt-contrib-cssmin": "^3.0.0",
+    "grunt-contrib-jshint": "^3.1.1",
+    "grunt-contrib-uglify": "^4.0.1",
     "grunt-contrib-watch": "^1.1.0",
-    "grunt-zip": "^0.17.1",
+    "grunt-shell": "^3.0.1",
     "load-grunt-tasks": "^4.0.0"
   }
 }

phpunit.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit bootstrap="tests/bootstrap.php"
+         colors="true"
+         backupGlobals="false"
+         backupStaticAttributes="false"
+         stopOnFailure="false"
+         cacheResult="false"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true">
+    <testsuites>
+        <testsuite name="Feature">
+            <directory suffix="Test.php">tests/Feature</directory>
+        </testsuite>
+    </testsuites>
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">app</directory>
+            <exclude>
+                <file>app/routes.php</file>
+            </exclude>
+        </whitelist>
+    </filter>
+    <logging>
+        <log type="coverage-html" target="./coverage"
+             lowUpperBound="70"
+             highLowerBound="90"/>
+    </logging>
+    <php>
+        <server name="HTTP_HOST" value="localhost"/>
+        <server name="HTTPS" value="false"/>
+    </php>
+</phpunit>

resources/lang/ar.lang.php

@@ -0,0 +1,165 @@
+<?php
+return [
+    'lang' => 'Arabian',
+    'yes' => 'نعم',
+    'no' => 'لا',
+    'send' => 'إرسال',
+    'no_media' => 'لا توجد أي وسائط.',
+    'login.username' => 'اسم المستخدم أو البريد الإلكتروني',
+    'password' => 'كلمة المرور',
+    'login' => 'تسجيل الدخول',
+    'username' => 'اسم المستخدم',
+    'home' => 'الرئيسية',
+    'users' => 'مستخدمون',
+    'system' => 'نظام',
+    'profile' => 'ملف شخصي',
+    'logout' => 'تسجيل الخروج',
+    'pager.next' => 'التالي',
+    'pager.previous' => 'السابق',
+    'copy_link' => 'نسخ الرابط',
+    'public.telegram' => 'شارك على تيليجرام',
+    'public.delete_text' => 'هل أنت متأكد من أنك تريد حذف هذا العنصر؟ لن تتمكن من استعادته',
+    'preview' => 'استعراض',
+    'filename' => 'اسم الملف',
+    'size' => 'حجم',
+    'public' => 'عام',
+    'owner' => 'مالك',
+    'date' => 'تاريخ',
+    'raw' => 'عرض الخام',
+    'download' => 'تنزيل',
+    'upload' => 'رفع',
+    'delete' => 'حذف',
+    'publish' => 'نشر',
+    'hide' => 'إخفاء',
+    'files' => 'ملفات',
+    'theme' => 'سمة',
+    'click_to_load' => 'انقر للتحميل…',
+    'apply' => 'تطبيق',
+    'save' => 'حفظ',
+    'used' => 'مستخدَم',
+    'system_settings' => 'إعدادات النظام',
+    'user.create' => 'إنشاء مستخدم',
+    'user.edit' => 'تعديل مستخدم',
+    'is_active' => 'نشط؟',
+    'is_admin' => 'مسؤول؟',
+    'your_profile' => 'ملفك الشخصي',
+    'copy' => 'نسخ',
+    'update' => 'تحديث',
+    'edit' => 'تعديل',
+    'user_code' => 'رمز المستخدم',
+    'active' => 'نشط',
+    'admin' => 'مسؤول',
+    'reg_date' => 'تاريخ التسجيل',
+    'none' => 'بلا',
+    'open' => 'فتح',
+    'confirm' => 'تأكيد',
+    'confirm_string' => 'هل أنت متأكد؟',
+    'installed' => 'اكتمل التنصيب بنجاح!',
+    'bad_login' => 'اعتمادات خاطئة.',
+    'account_disabled' => 'حسابك معطل.',
+    'welcome' => 'مرحبا، %s!',
+    'goodbye' => 'وداعا!',
+    'email_required' => 'عنوان البريد الإلكتروني مطلوب.',
+    'email_taken' => 'عنوان البريد الإلكتروني قيد الاستخدام بالفعل.',
+    'username_required' => 'اسم المستخدم مطلوب.',
+    'username_taken' => 'اسم المستخدم قيد الاستخدام.',
+    'password_required' => 'كلمة المرور مطلوبة.',
+    'user_created' => 'تم إنشاء المستخدم "٪s"!',
+    'user_updated' => 'تم تحديث المستخدم "%s"!',
+    'profile_updated' => 'تم تحديث الملف الشخصي بنجاح!',
+    'user_deleted' => 'تم حذف المستخدم.',
+    'cannot_delete' => 'لا يمكنك حذف نفسك.',
+    'cannot_write_file' => 'مسار الوجهة غير قابل للكتابة.',
+    'switch_to' => 'تبديل إلى',
+    'gallery' => 'معرض',
+    'table' => 'جدول',
+    'dotted_search' => 'بحث…',
+    'order_by' => 'ترتيب حسب…',
+    'time' => 'وقت',
+    'name' => 'اسم',
+    'maintenance' => 'صيانة',
+    'path_not_writable' => 'مسار الإخراج غير قابل للكتابة.',
+    'already_latest_version' => 'لديك الإصدار الأخير حاليا.',
+    'new_version_available' => 'إصدار جديد %s متوفر!',
+    'cannot_retrieve_file' => 'لا يمكن استلام الملف.',
+    'file_size_no_match' => 'الملف المنزل لا يطابق الحجم الصحيح.',
+    'check_for_updates' => 'تحقق من التحديثات',
+    'upgrade' => 'ترقية',
+    'updates' => 'تحديثات',
+    'cancel' => 'إلغاء',
+    'auto_set' => 'حدد تلقائيا',
+    'prerelease_channel' => 'قناة ما قبل الإصدار',
+    'drop_to_upload' => 'انقر أو اسحب ملفاتك هنا للرفع.',
+    'donation' => 'تبرع',
+    'remember_me' => 'تذكرني',
+    'please_wait' => 'انتظر رجاء…',
+    'dont_close' => 'لا تغلق هذا اللسان حتى الاكتمال.',
+    'register_enabled' => 'التسجيلات مفعلة',
+    'hide_by_default' => 'أخف الوسائط افتراضيا',
+    'settings_saved' => 'تم حفظ إعدادات النظام!',
+    'export_data' => 'استخراج البيانات',
+    'password_recovery' => 'استعادة كلمة المرور',
+    'no_account' => 'لا تملك حسابا؟',
+    'register' => 'تسجيل',
+    'register_success' => 'تم إنشاء الحساب، تم إرسال رسالة تأكيد عبر البريد الإلكتروني.',
+    'mail.activate_account' => '%s - تفعيل الحساب',
+    'mail.recover_password' => '%s - استعادة كلمة المرور',
+    'recover_email_sent' => 'إن وجد، سيتم إرسال رسالة إلكترونية لاستعادة كلمة المرور إلى الحساب المحدد.',
+    'account_activated' => 'تم تفعيل الحساب، الآن يمكنك الدخول!',
+    'password_repeat' => 'تكرار كلمة المرور',
+    'password_match' => 'يجب أن تتطابق كلمة المرور وتكراره كلمة المرور.',
+    'password_restored' => 'استعادة كلمة المرور.',
+    'used_space' => 'مساحة مستخدمة',
+    'delete_selected' => 'حذف المحدد',
+    'delete_all' => 'حذف الكل',
+    'clear_account' => 'مسح الحساب',
+    'account_media_deleted' => 'كل الوسائط في الحساب تم حذفها.',
+    'danger_zone' => 'منطقة خطرة',
+    'send_notification' => 'إرسال إشعار بالبريد الإلكتروني',
+    'mail.new_account' => '%s - إنشاء حساب جديد',
+    'php_info' => 'معلومات الPHP',
+    'enforce_language' => 'فرض اللغة',
+    'image_embeds' => 'تضمين الصور',
+    'token_not_found' => 'لم يتم العثور على الرمز المميز المحدد.',
+    'clean_orphaned_uploads' => 'تنظيف التحميلات المعزولة',
+    'show_all_tags' => 'إظهار جميع العلامات',
+    'cannot_demote' => 'لا يمكنك تخفيض رتبتك.',
+    'recaptcha_secret_key' => 'المفتاح السري reCAPTCHA',
+    'recaptcha_failed' => 'فشل reCAPTCHA',
+    'recaptcha_enabled' => 'تم تفعيل reCAPTCHA',
+    'default_user_quota' => 'الحصة الافتراضية للمستخدم',
+    'invalid_quota' => 'قيم غير صالحة كحصة مستخدم افتراضية.',
+    'copy_url_behavior' => 'نسخ وضع الرابط',
+    'token' => 'الرمز المميز',
+    'vanity_url' => 'رابط مخصص',
+    'orphaned_files' => 'الملفات المعزولة',
+    'copied' => 'تم النسخ إلى الحافظة!',
+    'client_config' => 'إعدادات العميل',
+    'deleted_orphans' => 'تم حذف %d من الملفات المعزولة بنجاح.',
+    'maintenance_in_progress' => 'المنصة تحت الصيانة، حاول مرة أخرى لاحقاً…',
+    'default_lang_behavior' => 'سيحاول XBackBone مطابقة لغة المتصفح افتراضيا (الاحتياطي هو الإنجليزية).',
+    'no_upload_token' => 'ليس لديك رمز مميز شخصي للتحميل. (قم بإنشاء واحد وحاول مرة أخرى.)',
+    'donate_text' => 'إذا كنت تحب XBackBone، ففكر في التبرع لدعم التطوير!',
+    'custom_head_html' => 'محتوى رأس HTML مخصص',
+    'custom_head_html_hint' => 'ستتم إضافة هذا المحتوى عند علامة <head> في كل صفحة.',
+    'custom_head_set' => 'تم تطبيق رأس HTML المخصص.',
+    'max_user_quota' => 'الحد الأقصى لحصة المستخدم',
+    'quota_enabled' => 'تفعيل حصة المستخدم',
+    'recalculate_user_quota' => 'إعادة حساب حصة المستخدم من القرص',
+    'mail.activate_text' => 'مرحبًا %s!<br>شكرًا لك على إنشاء حسابك على %s (<a href="%s">%s</a>)، انقر على الرابط التالي لتفعيله:<br><br><a href="%s">%s</a>',
+    'quota_recalculated' => 'تمت إعادة حساب حصة المستخدم من القرص بنجاح.',
+    'only_recaptcha_v3' => 'يتم دعم reCAPTCHA v3 فقط.',
+    'recaptcha_site_key' => 'مفتاح موقع reCAPTCHA',
+    'ldap_cant_connect' => 'لا يمكن الاتصال بخادم مصادقة LDAP.',
+    'upload_max_file_size' => 'الحد الأقصى لحجم الملف حاليًا هو %s.',
+    'zip_ext_not_loaded' => 'لم يتم تحميل الامتداد "zip" المطلوب',
+    'no_tags' => 'لم تتم إضافة أي علامات',
+    'changelog' => 'سجل التغيير',
+    'show_changelog' => 'عرض سجل التغيير',
+    'auto_tagging' => 'تحميل العلامات تلقائيًا',
+    'recaptcha_keys_required' => 'جميع مفاتيح reCAPTCHA مطلوبة.',
+    'user_create_password' => 'إذا تركت فارغة، فقد تحتاج إلى إرسال إعلام إلى عنوان البريد الإلكتروني للمستخدم.',
+    'mail.recover_text' => 'مرحبًا %s،<br>لقد تم طلب إعادة تعيين كلمة المرور لحسابك. لإكمال الإجراء انقر على الرابط التالي:<br><br><a href="%s">%s</a><br><br>إذا لم تكن أنت من طلب إعادة تعيين كلمة المرور، فما عليك سوى تجاهل هذا البريد الإلكتروني.',
+    'mail.new_account_text_with_reset' => 'مرحبًا %s!<br>تم إنشاء حساب جديد لك على %s (<a href="%s">%s</a>)، انقر على الرابط التالي لتعيين كلمة مرور وتنشيطها:<br ><br><a href="%s">%s</a>',
+    'mail.new_account_text_with_pw' => 'مرحبًا %s!<br>تم إنشاء حساب جديد لك على %s (<a href="%s">%s</a>)، باستخدام بيانات الاعتماد التالية:<br><br>اسم المستخدم: %s <br>كلمة المرور: %s<br><br>انقر على الرابط التالي للانتقال إلى صفحة تسجيل الدخول:<br><a href="%s">%s</a>',
+];

resources/lang/bg.lang.php

@@ -0,0 +1,164 @@
+<?php
+return [
+    'lang' => 'Bulgarian',
+    'enforce_language' => 'Изберете език',
+    'yes' => 'Да',
+    'no' => 'Не',
+    'send' => 'Изпрати',
+    'no_media' => 'Не бяха намерени файлове.',
+    'login.username' => 'Потребителско име или е-поща',
+    'password' => 'Парола',
+    'login' => 'Влезте',
+    'username' => 'Потребителско име',
+    'home' => 'Начална страница',
+    'users' => 'Потребители',
+    'system' => 'Система',
+    'profile' => 'Профил',
+    'logout' => 'Излезте',
+    'pager.next' => 'Следващо',
+    'pager.previous' => 'Предишно',
+    'copy_link' => 'Копирай линк',
+    'public.telegram' => 'Сподели по Telegram',
+    'public.delete_text' => 'Наистина ли искате да изтриете този елемент? Няма да можете да го възстановите',
+    'preview' => 'Предварителен преглед',
+    'filename' => 'Файлово име',
+    'size' => 'Размер',
+    'public' => 'Публично',
+    'owner' => 'Собственик',
+    'date' => 'Дата',
+    'raw' => 'Покажи оригинал',
+    'download' => 'Изтегли',
+    'delete' => 'Изтрий',
+    'publish' => 'Публикувай',
+    'hide' => 'Скрий',
+    'files' => 'Файлове',
+    'orphaned_files' => 'Загубени файлове',
+    'theme' => 'Тема',
+    'click_to_load' => 'Щракнете за зареждане…',
+    'apply' => 'Приложи',
+    'save' => 'Запомни',
+    'used' => 'Използвано',
+    'system_info' => 'Системна информация',
+    'user.create' => 'Създай потребител',
+    'user.edit' => 'Редактирай потребител',
+    'is_active' => 'Е активен',
+    'is_admin' => 'Е администратор',
+    'your_profile' => 'Вашия профил',
+    'token' => 'Ключ',
+    'copy' => 'Копирай',
+    'update' => 'Обнови',
+    'edit' => 'Редактирай',
+    'client_config' => 'Конфигурация на клиента',
+    'user_code' => 'Потребителски код',
+    'active' => 'Активен',
+    'admin' => 'Админ',
+    'reg_date' => 'Дата на регистрация',
+    'confirm' => 'Потвърждение',
+    'confirm_string' => 'Сигурни ли сте?',
+    'installed' => 'Инсталацията завърши успешно!',
+    'welcome' => 'Добре дошли, %s!',
+    'goodbye' => 'Довиждане!',
+    'email_required' => 'Изисква се имейл адрес.',
+    'email_taken' => 'Имейл адресът вече се използва.',
+    'username_required' => 'Потребителското име е необходимо.',
+    'username_taken' => 'Потребителското име вече е заето.',
+    'password_required' => 'Паролата е задължителна.',
+    'user_created' => 'Потребител „%s“ бе създаден!',
+    'user_updated' => 'Потребител „%s“ бе обновен!',
+    'profile_updated' => 'Профилът бе обновен успешно!',
+    'user_deleted' => 'Потребителят бе изтрит.',
+    'cannot_delete' => 'Не можете да изтриете себе си.',
+    'gallery' => 'Галерия',
+    'image_embeds' => 'Вграждане на изображения',
+    'bad_login' => 'Грешни идентификационни данни.',
+    'account_disabled' => 'Вашият акаунт е деактивиран.',
+    'copied' => 'Копирано в клипборда!',
+    'none' => 'Нито един',
+    'open' => 'Отвори',
+    'token_not_found' => 'Посоченият токен не е намерен.',
+    'cannot_demote' => 'Не можете да се понижавате.',
+    'cannot_write_file' => 'Пътят на дестинацията не е за запис.',
+    'deleted_orphans' => 'Успешно изтрити %d осиротели файла.',
+    'switch_to' => 'Преминат към',
+    'table' => 'Таблица',
+    'time' => 'Време',
+    'name' => 'Име',
+    'maintenance' => 'Поддръжка',
+    'clean_orphaned_uploads' => 'Изчистване на остарели качвания',
+    'path_not_writable' => 'Изходният път не е за запис.',
+    'already_latest_version' => 'Вече имате най-новата версия.',
+    'new_version_available' => 'Налична е нова версия %s!',
+    'cannot_retrieve_file' => 'Файлът не може да бъде извлечен.',
+    'upgrade' => 'Подобряване',
+    'updates' => 'Надстройки',
+    'auto_set' => 'Задайте автоматично',
+    'default_lang_behavior' => 'XBackBone ще се опита да съвпадне с езика на браузъра по подразбиране (резервният вариант е английски).',
+    'donation' => 'Дарение',
+    'donate_text' => 'Ако харесвате XBackBone, помислете за дарение в подкрепа на развитието!',
+    'custom_head_html' => 'Персонализирано съдържание на HTML Head',
+    'custom_head_html_hint' => 'Това съдържание ще бъде добавено към маркера <head> на всяка страница.',
+    'custom_head_set' => 'Приложена е персонализирана HTML Head.',
+    'remember_me' => 'Помни ме',
+    'please_wait' => 'Моля изчакай…',
+    'dont_close' => 'Не затваряйте този раздел до приключване.',
+    'copy_url_behavior' => 'Режим на копиране на URL',
+    'dotted_search' => 'Търсене…',
+    'order_by' => 'Подредени по…',
+    'file_size_no_match' => 'Изтегленият файл не съответства на правилния размер на файла.',
+    'check_for_updates' => 'Провери за актуализации',
+    'no_account' => 'Нямате акаунт?',
+    'default_user_quota' => 'Потребителска квота по подразбиране',
+    'register' => 'Регистрация',
+    'max_user_quota' => 'Максимална потребителска квота',
+    'invalid_quota' => 'Невалидни стойности като потребителска квота по подразбиране.',
+    'account_activated' => 'Акаунтът е активиран, сега можете да влезете!',
+    'quota_enabled' => 'Активиране на потребителска квота',
+    'password_restored' => 'Нулиране на паролата.',
+    'quota_recalculated' => 'Потребителската квота е преизчислена от диска успешно.',
+    'delete_selected' => 'Изтрий избраното',
+    'delete_all' => 'Изтриване на всички',
+    'account_media_deleted' => 'Всички медии в акаунта са изтрити.',
+    'danger_zone' => 'Опасна зона',
+    'recaptcha_failed' => 'reCAPTCHA неуспешно',
+    'recaptcha_enabled' => 'reCAPTCHA е активирана',
+    'recaptcha_keys_required' => 'Всички ключове reCAPTCHA са задължителни.',
+    'recaptcha_site_key' => 'Ключ на сайта reCAPTCHA',
+    'send_notification' => 'Изпращане на известие по имейл',
+    'mail.new_account' => '%s - Създаване на нов акаунт',
+    'user_create_password' => 'Ако се остави празно, може да искате да изпратите известие до имейл адреса на потребителя.',
+    'ldap_cant_connect' => 'Не може да се свърже към LDAP сървъра за удостоверяване.',
+    'upload_max_file_size' => 'Максималният размер на файла в момента е %s.',
+    'no_tags' => 'Няма добавени тагове',
+    'auto_tagging' => 'Маркиране за автоматично качване',
+    'zip_ext_not_loaded' => 'Необходимото разширение "zip" не е заредено',
+    'changelog' => 'Регистър на промените',
+    'show_changelog' => 'Показване на регистъра на промените',
+    'register_success' => 'Акаунтът е създаден, изпратен е имейл за потвърждение.',
+    'recover_email_sent' => 'Ако е налице, имейл за възстановяване е изпратен до посочения акаунт.',
+    'mail.recover_password' => '%s - Възстановяване на парола',
+    'php_info' => 'PHP информация',
+    'system_settings' => 'Системни настройки',
+    'upload' => 'Качване',
+    'prerelease_channel' => 'Предварителен канал',
+    'settings_saved' => 'Системните настройки са запазени!',
+    'export_data' => 'Експортиране на данни',
+    'cancel' => 'Отмяна',
+    'no_upload_token' => 'Нямате личен токен за качване. (Генерирайте един и опитайте отново.)',
+    'maintenance_in_progress' => 'Платформата е в процес на поддръжка, опитайте отново по-късно…',
+    'drop_to_upload' => 'Щракнете или пуснете вашите файлове тук, за да ги качите.',
+    'register_enabled' => 'Регистрациите са активирани',
+    'hide_by_default' => 'Скриване на медиите по подразбиране',
+    'password_recovery' => 'Възстановяване на парола',
+    'mail.activate_text' => 'Здравейте %s!<br>благодаря ви, че създадохте своя акаунт в %s (<a href="%s">%s</a>), щракнете върху следната връзка, за да го активирате:<br><br>< a href="%s">%s</a>',
+    'mail.activate_account' => '%s - Активиране на акаунт',
+    'mail.recover_text' => 'Здравейте %s,<br>за вашия акаунт бе поискано нулиране на паролата. За да завършите процедурата, щракнете върху следната връзка:<br><br><a href="%s">%s</a><br><br>Ако не вие сте поискали нулирането на паролата, просто игнорирайте този имейл.',
+    'password_match' => 'Паролата и повторната парола трябва да са еднакви.',
+    'recalculate_user_quota' => 'Преизчисляване на потребителската квота от диска',
+    'password_repeat' => 'Повтори паролата',
+    'recaptcha_secret_key' => 'Секретен ключ на reCAPTCHA',
+    'mail.new_account_text_with_reset' => 'Здравейте %s!<br>за вас беше създаден нов акаунт на %s (<a href="%s">%s</a>), щракнете върху следната връзка, за да зададете парола и да я активирате:<br ><br><a href="%s">%s</a>',
+    'used_space' => 'Използвано пространство',
+    'clear_account' => 'Изчистване на акаунта',
+    'only_recaptcha_v3' => 'Поддържа се само reCAPTCHA v3.',
+    'mail.new_account_text_with_pw' => 'Здравейте %s!<br>за вас бе създаден нов акаунт на %s (<a href="%s">%s</a>) със следните идентификационни данни:<br><br>Потребителско име: %s <br>Парола: %s<br><br>Щракнете върху следната връзка, за да отидете на страницата за вход:<br><a href="%s">%s</a>',
+];

resources/lang/ca.lang.php

@@ -0,0 +1,163 @@
+<?php
+return [
+    'no_media' => 'Sense medis.',
+    'raw' => 'Mostra raw',
+    'lang' => 'Anglès',
+    'enforce_language' => 'Aplicar idioma',
+    'no' => 'No',
+    'send' => 'Envia',
+    'login.username' => 'Nom d\'usuari o Email',
+    'password' => 'Contrasenya',
+    'login' => 'Registre',
+    'username' => 'Nom Usuari',
+    'home' => 'Casa',
+    'copy_link' => 'Copiar Link',
+    'public.telegram' => 'Compartir a Telegram',
+    'public.delete_text' => 'Segur que vols esborrar l\'element? No el podràs recuperar',
+    'preview' => 'Vista prèvia',
+    'filename' => 'Nom Arxiu',
+    'size' => 'Mida',
+    'public' => 'Public',
+    'owner' => 'Propietari',
+    'date' => 'Data',
+    'upload' => 'Puja',
+    'delete' => 'Esborra',
+    'hide' => 'Oculta',
+    'files' => 'Arxius',
+    'orphaned_files' => 'Arxius orfes',
+    'theme' => 'Tema',
+    'click_to_load' => 'Click per pujar…',
+    'apply' => 'Aplicar',
+    'save' => 'Guardar',
+    'used' => 'Usat',
+    'php_info' => 'Informació PHP',
+    'system_settings' => 'Opcions de Sistema',
+    'user.create' => 'Crear Usuari',
+    'user.edit' => 'Editar Usuari',
+    'is_active' => 'Està Actiu',
+    'is_admin' => 'és administrador',
+    'your_profile' => 'el teu perfil',
+    'token' => 'Token',
+    'copy' => 'Copiar',
+    'copied' => 'Copiat al portaretalls!',
+    'client_config' => 'Configuració Client',
+    'user_code' => 'Codi Usuari',
+    'active' => 'Actiu',
+    'reg_date' => 'Data Registre',
+    'none' => 'Cap',
+    'open' => 'Obert',
+    'confirm' => 'Confirmació',
+    'confirm_string' => 'Estàs segur?',
+    'installed' => 'Instal·lació satisfactòria!',
+    'bad_login' => 'Credencials Errònies.',
+    'account_disabled' => 'Compte Deshabilitat.',
+    'goodbye' => 'Adéu!',
+    'token_not_found' => 'Token no trobat.',
+    'email_taken' => 'Compte de correu en ús.',
+    'username_required' => 'Nom usuari Requerit.',
+    'username_taken' => 'Nom d\'usuari ja en ús.',
+    'password_required' => 'Contrasenya requerida.',
+    'user_created' => 'Usuari "%s" creat!',
+    'user_updated' => 'Usuari "%s" actualitzat!',
+    'profile_updated' => 'Perfil Actualitzat!',
+    'user_deleted' => 'Usuari esborrat.',
+    'cannot_delete' => 'No pots esborrar.-te.',
+    'cannot_demote' => 'No et pots degradar.',
+    'cannot_write_file' => 'No es pot escriure al path.',
+    'deleted_orphans' => '%d Fitxers orfes esborrats.',
+    'dotted_search' => 'Cerca…',
+    'order_by' => 'Endreça per.…',
+    'time' => 'Temps',
+    'name' => 'Nom',
+    'maintenance' => 'Manteniment',
+    'clean_orphaned_uploads' => 'Neteja càrregues orfes',
+    'path_not_writable' => 'No es pot escriure al path de sortida.',
+    'already_latest_version' => 'Ja estàs a la darrera versió.',
+    'new_version_available' => 'Nova versió %s disponible!',
+    'cannot_retrieve_file' => 'No es pot recuperar el fitxer.',
+    'file_size_no_match' => 'El fitxer baixat no coincideix amb la mida correcta del fitxer.',
+    'upgrade' => 'Actualitza',
+    'maintenance_in_progress' => 'En manteniment, torna-ho a provar més tard…',
+    'cancel' => 'Cancel·la',
+    'auto_set' => 'Estableix automàticament',
+    'default_lang_behavior' => 'XBackBone intentarà fer coincidir l\'idioma del navegador de manera predeterminada (la alternativa és l\'anglès).',
+    'prerelease_channel' => 'Canal de preestrena',
+    'drop_to_upload' => 'Feu clic o deixeu anar els vostres fitxers aquí per carregar-los.',
+    'donation' => 'Donatiu',
+    'custom_head_html' => 'Contingut de capçalera HTML personalitzat',
+    'custom_head_set' => 'Capçalera HTML personalitzada aplicada.',
+    'remember_me' => 'Recorda\'m',
+    'please_wait' => 'Esperi…',
+    'dont_close' => 'No tanquis la pestanya.',
+    'register_enabled' => 'Registres habilitats',
+    'hide_by_default' => 'Amaga medis per defecte',
+    'copy_url_behavior' => 'Mode copia URL',
+    'password_recovery' => 'Recupera password',
+    'no_account' => 'No tens compte?',
+    'register' => 'Registre',
+    'register_success' => 'S\'ha creat el compte, s\'ha enviat un correu electrònic de confirmació.',
+    'default_user_quota' => 'Quota d\'usuari per defecte',
+    'max_user_quota' => 'Quota màxima d\'usuari',
+    'invalid_quota' => 'Valors no vàlids com a quota d\'usuari predeterminada.',
+    'mail.activate_account' => '%s - Activació del compte',
+    'mail.recover_password' => '%s - Recuperació de la contrasenya',
+    'recover_email_sent' => 'Si existeix, s\'enviarà un correu electrònic de recuperació al compte especificat.',
+    'account_activated' => 'Compte activat, ara pots iniciar sessió!',
+    'quota_enabled' => 'Activa la quota d\'usuari',
+    'password_repeat' => 'Repeteix Contrasenya',
+    'password_match' => 'Les contrasenyes han de coincidir.',
+    'password_restored' => 'Contrasenya restablerta.',
+    'recalculate_user_quota' => 'Torneu a calcular la quota d\'usuari del disc',
+    'quota_recalculated' => 'La quota d\'usuari s\'ha recalculat des del disc correctament.',
+    'used_space' => 'Espai Utilitzat',
+    'delete_selected' => 'Esborra seleccionat',
+    'delete_all' => 'Esborra Tot',
+    'clear_account' => 'Esborra el compte',
+    'account_media_deleted' => 'S\'han suprimit tots els mitjans del compte.',
+    'danger_zone' => 'Zona Perillosa',
+    'recaptcha_failed' => 'reCAPTCHA Erroni',
+    'recaptcha_keys_required' => 'Calen totes les claus reCAPTCHA.',
+    'only_recaptcha_v3' => 'Només s\'admet reCAPTCHA v3.',
+    'recaptcha_site_key' => 'Clau del lloc reCAPTCHA',
+    'recaptcha_secret_key' => 'Clau secreta reCAPTCHA',
+    'send_notification' => 'Envia notificació per e-mail',
+    'mail.new_account' => '%s - Creació nou Compte',
+    'users' => 'Usuaris',
+    'system' => 'Sistema',
+    'mail.new_account_text_with_pw' => 'Hola, %s!<br>s\'ha creat un compte nou a %s (<a href="%s">%s</a>), amb les credencials següents:<br><br>Nom d\'usuari: %s <br>Contrasenya: %s<br><br>Feu clic a l\'enllaç següent per anar a la pàgina d\'inici de sessió:<br><a href="%s">%s</a>',
+    'user_create_password' => 'Si es deixa buit, és possible que vulgueu enviar una notificació a l\'adreça de correu electrònic de l\'usuari.',
+    'ldap_cant_connect' => 'No es pot connectar al servidor d\'autenticació LDAP.',
+    'upload_max_file_size' => 'La mida màxima del fitxer és actualment %s.',
+    'no_tags' => 'Sense Etiquetes',
+    'auto_tagging' => 'Etiquetatge de càrrega automàtica',
+    'zip_ext_not_loaded' => 'L\'extensió "zip" necessària no està carregada',
+    'changelog' => 'Codi de canvis',
+    'show_changelog' => 'Mostra canvis',
+    'image_embeds' => 'Insereix imatges',
+    'yes' => 'Sí',
+    'profile' => 'Perfil',
+    'pager.previous' => 'Anterior',
+    'logout' => 'Tancar Sessió',
+    'pager.next' => 'Següent',
+    'publish' => 'Publica',
+    'download' => 'Descarrega',
+    'update' => 'Actualitza',
+    'admin' => 'Admin',
+    'edit' => 'Edita',
+    'welcome' => 'Benvolgut, %s!',
+    'email_required' => 'Adreça email requerida.',
+    'gallery' => 'Galeria',
+    'switch_to' => 'Canvia a',
+    'no_upload_token' => 'No tens cap testimoni de càrrega personal. (Genereu-ne un i torneu-ho a provar.)',
+    'table' => 'Taula',
+    'check_for_updates' => 'Comprova actualitzacions',
+    'updates' => 'Actualitzacions',
+    'donate_text' => 'Si t\'agrada XBackBone, considera una donació per donar suport al desenvolupament!',
+    'settings_saved' => 'Opcions de sistema gravades!',
+    'export_data' => 'Exporta dades',
+    'custom_head_html_hint' => 'Aquest contingut s\'afegirà a l\'etiqueta <head> de cada pàgina.',
+    'mail.activate_text' => 'Hola, %s!<br>gràcies per crear el vostre compte a %s (<a href="%s">%s</a>), feu clic a l\'enllaç següent per activar-lo:<br><br>< a href="%s">%s</a>',
+    'mail.recover_text' => 'Hola %s,<br>s\'ha sol·licitat un restabliment de la contrasenya per al vostre compte. Per completar el procediment, feu clic a l\'enllaç següent:<br><br><a href="%s">%s</a><br><br>Si no heu estat vosaltres qui heu sol·licitat la restabliment de la contrasenya, simplement ignora aquest correu electrònic.',
+    'recaptcha_enabled' => 'reCAPTCHA Habilitat',
+    'mail.new_account_text_with_reset' => 'Hola, %s!<br>s\'ha creat un compte nou a %s (<a href="%s">%s</a>), feu clic a l\'enllaç següent per establir una contrasenya i activar-la:<br ><br><a href="%s">%s</a>',
+];

resources/lang/cs.lang.php

@@ -0,0 +1,163 @@
+<?php
+return [
+    'prerelease_channel' => 'Kanál předběžného vydání',
+    'default_lang_behavior' => 'XBackBone se pokusí ve výchozím nastavení použít jazyk prohlížeče (záloha je angličtina).',
+    'auto_set' => 'Nastavit automaticky',
+    'cancel' => 'Zrušit',
+    'maintenance_in_progress' => 'Platforma je v údržbě, zkuste to znovu později…',
+    'updates' => 'Aktualizace',
+    'upgrade' => 'Aktualizovat',
+    'check_for_updates' => 'Zkontrolovat aktualizace',
+    'file_size_no_match' => 'Stažený soubor nemá správnou velikost.',
+    'cannot_retrieve_file' => 'Nemohu získat soubor.',
+    'new_version_available' => 'Je dostupná nová verze %s!',
+    'already_latest_version' => 'Již máte nejnovější verzi.',
+    'path_not_writable' => 'Výstupová cesta není zapisovatelná.',
+    'clean_orphaned_uploads' => 'Vymazat samostatné nahrávky',
+    'maintenance' => 'Údržba',
+    'name' => 'Jméno',
+    'time' => 'Čas',
+    'order_by' => 'Řadit podle…',
+    'dotted_search' => 'Hledat…',
+    'table' => 'Tabulka',
+    'gallery' => 'Galerie',
+    'switch_to' => 'Přepnout na',
+    'deleted_orphans' => 'Úspěšně odstraněno %d samostatných souborů.',
+    'cannot_write_file' => 'Cílová cesta není zapisovatelná.',
+    'cannot_demote' => 'Nemůžete sami sobě snížit role.',
+    'cannot_delete' => 'Nemůžete odstranit sami sebe.',
+    'user_deleted' => 'Uživatel odstraněn.',
+    'profile_updated' => 'Profil úspěšně aktualizován!',
+    'user_updated' => 'Uživatel "%s" aktualizován!',
+    'user_created' => 'Uživatel "%s" vytvořen!',
+    'password_required' => 'Je vyžadováno heslo.',
+    'username_taken' => 'Uživatelské jméno je již zabrané.',
+    'username_required' => 'Je vyžadováno uživatelské jméno.',
+    'email_taken' => 'Daná e-mailová adresa se již používá.',
+    'email_required' => 'Je vyžadována e-mailová adresa.',
+    'token_not_found' => 'Zadaný token nenalezen.',
+    'goodbye' => 'Mějte se!',
+    'welcome' => 'Vítejte, %s!',
+    'account_disabled' => 'Váš účet je pozastaven.',
+    'bad_login' => 'Špatné údaje.',
+    'installed' => 'Instalace úspěšně dokončena!',
+    'confirm_string' => 'Jste si jisti?',
+    'confirm' => 'Potvrzení',
+    'open' => 'Otevřený',
+    'none' => 'Žádný',
+    'reg_date' => 'Datum registrace',
+    'admin' => 'Admin',
+    'active' => 'Aktivní',
+    'user_code' => 'Uživatelský kód',
+    'client_config' => 'Konfigurace klienta',
+    'edit' => 'Upravit',
+    'update' => 'Aktualizovat',
+    'copied' => 'Zkopírováno do schránky!',
+    'copy' => 'Zkopírovat',
+    'token' => 'Token',
+    'your_profile' => 'Váš profil',
+    'is_admin' => 'Je administrátor',
+    'is_active' => 'Je aktivní',
+    'user.edit' => 'Upravit uživatele',
+    'user.create' => 'Vytvořit uživatele',
+    'system_settings' => 'Systémová nastavení',
+    'php_info' => 'Informace o PHP',
+    'used' => 'Použito',
+    'save' => 'Uložit',
+    'apply' => 'Použít',
+    'click_to_load' => 'Klikněte pro načtení…',
+    'theme' => 'Téma',
+    'orphaned_files' => 'Samotné soubory',
+    'files' => 'Soubory',
+    'hide' => 'Skrýt',
+    'publish' => 'Zveřejnit',
+    'delete' => 'Odstranit',
+    'upload' => 'Nahrát',
+    'download' => 'Stáhnout',
+    'raw' => 'Zobrazit základní',
+    'date' => 'Datum',
+    'owner' => 'Majitel',
+    'public' => 'Veřejné',
+    'size' => 'Velikost',
+    'filename' => 'Název souboru',
+    'preview' => 'Náhled',
+    'public.delete_text' => 'Opravdu chcete odstranit tuto položku? Nebudete ji moci později obnovit',
+    'public.telegram' => 'Sdílet na Telegramu',
+    'copy_link' => 'Zkopírovat odkaz',
+    'pager.previous' => 'Předchozí',
+    'pager.next' => 'Další',
+    'logout' => 'Odhlásit se',
+    'profile' => 'Profil',
+    'system' => 'Systém',
+    'users' => 'Uživatelé',
+    'home' => 'Domů',
+    'username' => 'Uživatelské jméno',
+    'login' => 'Přihlásit se',
+    'password' => 'Heslo',
+    'login.username' => 'Uživatelské jméno nebo e-mail',
+    'no_media' => 'Nenalezena žádná média.',
+    'send' => 'Poslat',
+    'no' => 'Ne',
+    'yes' => 'Ano',
+    'enforce_language' => 'Vynutit jazyk',
+    'lang' => 'Čeština',
+    'show_changelog' => 'Zobrazit seznam změn',
+    'changelog' => 'Seznam změn',
+    'zip_ext_not_loaded' => 'Vyžadované "zip" rozšíření není načteno',
+    'auto_tagging' => 'Automatické štítkování nahrání',
+    'no_tags' => 'Nebyly přidány žádné štítky',
+    'upload_max_file_size' => 'Maximální velikost souboru je momentálně %s.',
+    'ldap_cant_connect' => 'Nemohu se připojit k ověřovacímu serveru LDAP.',
+    'user_create_password' => 'Pokud bude ponecháno prázdné, budete možná chtít poslat oznámení na uživatelovu e-mailovou adresu.',
+    'mail.new_account_text_with_pw' => 'Zdravíme, %s!<br>Byl pro vás vytvořen nový účet na %s (<a href="%s">%s</a>) s následujícími údaji:<br><br>Uživatelské jméno: %s<br>Heslo: %s<br><br>Klikněte na následující odkaz pro vstup na přihlašovací stránku:<br><a href="%s">%s</a>',
+    'mail.new_account_text_with_reset' => 'Zdravíme, %s!<br>Byl pro vás vytvořen nový účet na %s (<a href="%s">%s</a>). Klikněte na následující odkaz pro nastavení hesla a aktivaci účtu:<br><br><a href="%s">%s</a>',
+    'mail.new_account' => '%s - tvorba nového účtu',
+    'send_notification' => 'Poslat e-mailové oznámení',
+    'recaptcha_secret_key' => 'reCAPTCHA Tajný klíč',
+    'recaptcha_site_key' => 'reCAPTCHA Webový Klíč',
+    'only_recaptcha_v3' => 'Je podporována pouze reCAPTCHA v3.',
+    'recaptcha_keys_required' => 'Jsou vyžadovány všechny klíče reCAPTCHA.',
+    'recaptcha_enabled' => 'reCAPTCHA povolena',
+    'recaptcha_failed' => 'reCAPTCHA selhala',
+    'danger_zone' => 'Nebezpečná oblast',
+    'account_media_deleted' => 'Všechna média na účtu byla odstraněna.',
+    'clear_account' => 'Promazat účet',
+    'delete_all' => 'Odstranit vše',
+    'delete_selected' => 'Odstranit vybrané',
+    'used_space' => 'Využitý prostor',
+    'quota_recalculated' => 'Uživatelská kvóta úspěšně přepočítána z disku.',
+    'recalculate_user_quota' => 'Přepočítat uživatelskou kvótu z disku',
+    'password_restored' => 'Heslo obnoveno.',
+    'password_match' => 'Pole Heslo a Heslo znovu se musí shodovat.',
+    'password_repeat' => 'Heslo znovu',
+    'quota_enabled' => 'Povolit uživatelskou kvótu',
+    'account_activated' => 'Účet aktivován, nyní se můžete přihlásit!',
+    'recover_email_sent' => 'Pokud existuje, byl odeslán obnovovací e-mail na zadaný účet.',
+    'mail.recover_password' => '%s - obnova hesla',
+    'mail.recover_text' => 'Zdravíme, %s,<br>u vašeho účtu bylo zažádáno obnovení hesla. Pro dokončení akce klikněte na následující odkaz:<br><br><a href="%s">%s</a><br><br>Pokud jste o obnovení hesla nezažádali vy, jednoduše ignorujte tento e-mail.',
+    'mail.activate_account' => '%s - aktivace účtu',
+    'mail.activate_text' => 'Zdravíme, %s!<br>Děkujeme za vytvoření účtu na %s (<a href="%s">%s</a>), klikněte na následující odkaz pro jeho aktivaci:<br><br><a href="%s">%s</a>',
+    'invalid_quota' => 'Neplatné hodnoty jako výchozí uživatelská kvóta.',
+    'max_user_quota' => 'Maximální uživatelská kvóta',
+    'default_user_quota' => 'Výchozí uživatelská kvóta',
+    'register_success' => 'Účet byl vytvořen a potvrzovací e-mail odeslán.',
+    'register' => 'Zaregistrovat se',
+    'no_account' => 'Nemáte účet?',
+    'password_recovery' => 'Obnovit heslo',
+    'export_data' => 'Exportovat data',
+    'settings_saved' => 'Nastavení systému uložena!',
+    'copy_url_behavior' => 'Režim kopírování URL',
+    'hide_by_default' => 'Skrýt média ve výchozím nastavení',
+    'register_enabled' => 'Registrace povoleny',
+    'dont_close' => 'Nezavírejte tuto kartu před dokončením.',
+    'please_wait' => 'Čekejte prosím…',
+    'remember_me' => 'Pamatovat si mě',
+    'custom_head_set' => 'Vlastní hlavička HTML použita.',
+    'custom_head_html_hint' => 'Tento obsah bude přidán do tagu <head> na každé stránce.',
+    'custom_head_html' => 'Vlastní obsah hlavičky HTML',
+    'donate_text' => 'Pokud se vám líbí XBackBone, zvažte příspěvek na podporu vývoje!',
+    'donation' => 'Přispět',
+    'drop_to_upload' => 'Klikněte nebo sem přetáhněte soubory pro nahrání.',
+    'no_upload_token' => 'Nemáte osobní nahrávací token. (Vygenerujte si jej a zkuste to znovu.)',
+    'image_embeds' => 'Vložené obrázky',
+];

resources/lang/da.lang.php

@@ -0,0 +1,164 @@
+<?php
+return [
+    'lang' => 'Danish',
+    'yes' => 'Ja',
+    'no' => 'Nej',
+    'send' => 'Send',
+    'no_media' => 'Intet media fundet.',
+    'login.username' => 'Brugernavn eller e-mail',
+    'password' => 'Adgangskode',
+    'login' => 'Log på',
+    'username' => 'Brugernavn',
+    'home' => 'Hjem',
+    'users' => 'Brugere',
+    'system' => 'System',
+    'profile' => 'Profil',
+    'logout' => 'Log ud',
+    'pager.next' => 'Næste',
+    'pager.previous' => 'Forrige',
+    'copy_link' => 'Kopier link',
+    'public.telegram' => 'Del på Telegram',
+    'public.delete_text' => 'Er du sikker på, at du vil slette dette element? Du vil ikke være i stand til at gendanne den',
+    'preview' => 'Forhåndsvisning',
+    'filename' => 'Filnavn',
+    'size' => 'Størrelse',
+    'public' => 'Offentligt',
+    'owner' => 'Ejer',
+    'date' => 'Dato',
+    'raw' => 'Vis rå',
+    'download' => 'Hent',
+    'delete' => 'Slet',
+    'publish' => 'Offentliggøre',
+    'hide' => 'Skjul',
+    'files' => 'Filer',
+    'orphaned_files' => 'Forældreløse filer',
+    'theme' => 'Tema',
+    'click_to_load' => 'Klik for at indlæse…',
+    'apply' => 'Anvend',
+    'save' => 'Gem',
+    'used' => 'Brugt',
+    'system_info' => 'System information',
+    'user.create' => 'Ny bruger',
+    'user.edit' => 'Rediger bruger',
+    'is_active' => 'Er aktiv',
+    'is_admin' => 'Er administrator',
+    'your_profile' => 'Din Profil',
+    'user_updated' => 'Bruger »%s« er opdateret!',
+    'user_created' => 'Bruger »%s« oprettet!',
+    'email_taken' => 'E-mail-adressen er allerede i brug.',
+    'email_required' => 'E-mail er påkrævet.',
+    'mail.new_account' => '%s - Oprettelse af ny konto',
+    'send_notification' => 'Send e-mail notifikation',
+    'recaptcha_enabled' => 'reCAPTCHA slået til',
+    'recaptcha_failed' => 'reCAPTCHA fejlede',
+    'delete_all' => 'Slet alt',
+    'delete_selected' => 'Slet valgte',
+    'used_space' => 'Brugt plads',
+    'password_repeat' => 'Gentag adgangskode',
+    'account_activated' => 'Konto aktiveret, du kan nu logge ind!',
+    'register' => 'Tilmeld',
+    'no_account' => 'Har du ikke en konto?',
+    'password_recovery' => 'Gendan adgangskode',
+    'export_data' => 'Eksporter data',
+    'settings_saved' => 'Systemindstillinger gemt!',
+    'copy_url_behavior' => 'Kopier URL tilstand',
+    'hide_by_default' => 'Skjul medie som standard',
+    'register_enabled' => 'Registreringer slået til',
+    'please_wait' => 'Vent venligst…',
+    'remember_me' => 'Husk mig',
+    'custom_head_html' => 'Tilpasset HTML Head indhold',
+    'donate_text' => 'Hvis du kan lide XBackBone, kan du overveje en donation for at støtte udviklingen!',
+    'donation' => 'Donering',
+    'drop_to_upload' => 'Klik eller slip dine filer her for at uploade.',
+    'auto_set' => 'Sæt automatisk',
+    'cancel' => 'Annuller',
+    'maintenance_in_progress' => 'Platformen er under vedligeholdelse, prøv igen senere…',
+    'updates' => 'Opdateringer',
+    'upgrade' => 'Opgrader',
+    'check_for_updates' => 'Søg efter opdateringer',
+    'file_size_no_match' => 'Den downloadede fil matcher ikke den korrekte filstørrelse.',
+    'cannot_retrieve_file' => 'Filen kan ikke hentes.',
+    'new_version_available' => 'Ny version %s tilgængelig!',
+    'already_latest_version' => 'Du har allerede den seneste version.',
+    'maintenance' => 'Vedligeholdelse',
+    'name' => 'Navn',
+    'time' => 'Tid',
+    'order_by' => 'Sorter efter…',
+    'dotted_search' => 'Søg…',
+    'table' => 'Tabel',
+    'gallery' => 'Galleri',
+    'switch_to' => 'Skift til',
+    'cannot_write_file' => 'Destinationsstien er ikke skrivbar.',
+    'cannot_demote' => 'Du kan ikke degradere dig selv.',
+    'cannot_delete' => 'Du kan ikke slette dig selv.',
+    'user_deleted' => 'Bruger slettet.',
+    'profile_updated' => 'Profilen blev opdateret!',
+    'password_required' => 'Adgangskoden er påkrævet.',
+    'username_taken' => 'Brugernavnet er allerede i brug.',
+    'username_required' => 'Brugernavnet er påkrævet.',
+    'goodbye' => 'Farvel!',
+    'welcome' => 'Velkommen, %s!',
+    'account_disabled' => 'Din konto er deaktiveret.',
+    'bad_login' => 'Forkerte loginoplysninger.',
+    'installed' => 'Installationen blev gennemført!',
+    'confirm_string' => 'Er du sikker?',
+    'confirm' => 'Bekræftelse',
+    'open' => 'Åbn',
+    'none' => 'Ingen',
+    'reg_date' => 'Registreringsdato',
+    'admin' => 'Admin',
+    'active' => 'Aktiv',
+    'user_code' => 'Bruger kode',
+    'client_config' => 'Klientkonfiguration',
+    'edit' => 'Rediger',
+    'update' => 'Opdater',
+    'copied' => 'Kopieret til udklipsholderen!',
+    'copy' => 'Kopier',
+    'token' => 'Nøgle',
+    'system_settings' => 'Systemindstillinger',
+    'php_info' => 'PHP Informationer',
+    'upload' => 'Overfør',
+    'enforce_language' => 'Håndhæve sproget',
+    'deleted_orphans' => 'Slettet %d forældreløse filer.',
+    'default_lang_behavior' => 'XBackBone vil prøve at matche browsersproget som standard (tilbagefaldet er Engelsk).',
+    'prerelease_channel' => 'Forhåndsudgivelse Kanal',
+    'token_not_found' => 'Den angivne token blev ikke fundet.',
+    'clean_orphaned_uploads' => 'Fjern forældreløse overførsler',
+    'custom_head_set' => 'Brugerdefineret HTML-hoved anvendt.',
+    'dont_close' => 'Luk ikke denne fane, før den er færdig.',
+    'default_user_quota' => 'Standard bruger plads',
+    'max_user_quota' => 'Max bruger plads',
+    'invalid_quota' => 'Ugyldige værdier som standard bruger plads.',
+    'mail.activate_account' => '%s - Aktivering af konto',
+    'mail.recover_password' => '%s - Gendan adgangskode',
+    'password_restored' => 'Nulstil kodeord.',
+    'recalculate_user_quota' => 'Genberegn bruger plads fra disk',
+    'quota_recalculated' => 'Bruger pladsen genberegnet fra disken med succes.',
+    'account_media_deleted' => 'Alle medier på kontoen er blevet slettet.',
+    'danger_zone' => 'Farligt område',
+    'recaptcha_keys_required' => 'Alle reCAPTCHA nøgler er påkrævet.',
+    'recaptcha_site_key' => 'reCAPTCHA webstedsnøgle',
+    'recaptcha_secret_key' => 'reCAPTCHA hemmelig nøgle',
+    'mail.new_account_text_with_reset' => 'Hej %s!<br>en ny konto blev oprettet til dig den %s (<a href="%s">%s</a>), klik på følgende link for at indstille en adgangskode og aktivere den:<br><br><a href="%s">%s</a>',
+    'user_create_password' => 'Hvis den efterlades tom, vil det være en god idé selv at sende en meddelelse til brugerens e-mailadresse.',
+    'ldap_cant_connect' => 'Kan ikke oprette forbindelse til LDAP-godkendelsesserveren.',
+    'upload_max_file_size' => 'Den maksimale filstørrelse er i øjeblikket %s.',
+    'no_tags' => 'Ingen tags tilføjet',
+    'auto_tagging' => 'Automatisk upload tagging',
+    'zip_ext_not_loaded' => 'Den nødvendige "zip"-udvidelse er ikke indlæst',
+    'changelog' => 'Ændringslog',
+    'show_changelog' => 'Vis ændringslog',
+    'no_upload_token' => 'Du har ikke et personligt upload token. (Generer en og prøv igen.)',
+    'custom_head_html_hint' => 'Dette indhold vil blive tilføjet ved <head> tagget på hver side.',
+    'register_success' => 'Kontoen er oprettet, en bekræftelses-e-mail er blevet sendt.',
+    'quota_enabled' => 'Aktiver brugerkvote',
+    'mail.activate_text' => 'Hej %s!<br>tak fordi du oprettede din konto på %s (<a href="%s">%s</a>), klik på følgende link for at aktivere den:<br><br><a href="%s">%s</a>',
+    'mail.recover_text' => 'Hej %s,<br>der er blevet anmodet om en nulstilling af adgangskoden til din konto. For at fuldføre proceduren, klik på følgende link:<br><br><a href="%s">%s</a><br><br>Hvis det ikke var dig, der anmodede om nulstilling af adgangskoden, skal du blot ignorere denne e-mail.',
+    'recover_email_sent' => 'Hvis tilstede, blev der sendt en gendannelses-e-mail til den angivne konto.',
+    'password_match' => 'Adgangskode og den gentaget adgangskode skal være ens.',
+    'clear_account' => 'Ryd Konto',
+    'only_recaptcha_v3' => 'Kun reCAPTCHA v3 understøttes.',
+    'image_embeds' => 'Integrer billeder',
+    'mail.new_account_text_with_pw' => 'Hej %s!<br>en ny konto blev oprettet til dig den %s (<a href="%s">%s</a>), med følgende oplysninger:<br><br>Brugernavn: %s<br>Adgangskode: %s<br><br>Klik på følgende link for at gå til login-siden:<br><a href="%s">%s</a>',
+    'path_not_writable' => 'Outputstien er ikke skrivbar.',
+];

resources/lang/de.lang.php

@@ -0,0 +1,170 @@
+<?php
+return [
+    'lang' => 'Deutsch',
+    'yes' => 'Ja',
+    'no' => 'Nein',
+    'send' => 'Senden',
+    'no_media' => 'Datei nicht gefunden.',
+    'login.username' => 'Benutzername oder E-Mail',
+    'password' => 'Passwort',
+    'login' => 'Anmelden',
+    'username' => 'Benutzername',
+    'home' => 'Startseite',
+    'users' => 'Benutzer',
+    'system' => 'System',
+    'profile' => 'Profil',
+    'logout' => 'Abmelden',
+    'pager.next' => 'Nächste',
+    'pager.previous' => 'Zurück',
+    'copy_link' => 'Kopiere Link',
+    'public.telegram' => 'Teile auf Telegram',
+    'public.delete_text' => 'Möchtest du das wirklich löschen? Es wird dann für immer weg sein',
+    'preview' => 'Vorschau',
+    'filename' => 'Dateiname',
+    'size' => 'Größe aller Dateien',
+    'public' => 'Öffentlich',
+    'owner' => 'Besitzer',
+    'date' => 'Datum',
+    'raw' => 'zeige RAW',
+    'download' => 'Herunterladen',
+    'delete' => 'Löschen',
+    'publish' => 'Veröffentlichen',
+    'hide' => 'Verstecken',
+    'files' => 'Datei(n)',
+    'orphaned_files' => 'verwaiste Dateien',
+    'theme' => 'Design',
+    'click_to_load' => 'Zum Laden klicken …',
+    'apply' => 'Sichern',
+    'save' => 'Speichern',
+    'used' => 'Benutzt',
+    'system_info' => 'System Informationen',
+    'user.create' => 'Benutzer erstellen',
+    'user.edit' => 'Benutzer bearbeiten',
+    'is_active' => 'ist aktiviert',
+    'is_admin' => 'ist Administrator',
+    'your_profile' => 'Dein Profil',
+    'token' => 'Schlüssel',
+    'copy' => 'Kopieren',
+    'update' => 'Aktualisieren',
+    'edit' => 'Bearbeiten',
+    'client_config' => 'Benutzereinstellungen',
+    'user_code' => 'Benutzer-ID',
+    'active' => 'Aktiv',
+    'admin' => 'Administrator',
+    'reg_date' => 'Registrierungsdatum',
+    'none' => 'keine',
+    'open' => 'Öffnen',
+    'confirm' => 'Bestätigen',
+    'confirm_string' => 'Bist du sicher?',
+    'installed' => 'Installation erfolgreich abgeschlossen!',
+    'bad_login' => 'Falsche Anmeldeinformationen.',
+    'account_disabled' => 'Dein Account ist deaktiviert.',
+    'welcome' => 'Willkommen, %s!',
+    'goodbye' => 'Auf Wiedersehen!',
+    'token_not_found' => 'Das angegebene Schlüssel wurde nicht gefunden.',
+    'email_required' => 'E-Mail-Adresse erforderlich.',
+    'email_taken' => 'Die E-Mail-Adresse wird bereits verwendet.',
+    'username_required' => 'Der Benutzername ist erforderlich.',
+    'username_taken' => 'Der Benutzername ist bereits vergeben.',
+    'password_required' => 'Das Passwort ist erforderlich.',
+    'user_created' => 'Benutzer „%s“ wurde erstellt!',
+    'user_updated' => 'Benutzer „%s“ wurde aktualisiert!',
+    'profile_updated' => 'Profil erfolgreich aktualisiert!',
+    'user_deleted' => 'Benutzer gelöscht.',
+    'cannot_delete' => 'Du kannst dich nicht selbst löschen.',
+    'cannot_demote' => 'Du kannst dich nicht selber degradieren.',
+    'cannot_write_file' => 'Der Ordner hat keine Schreibrechte.',
+    'switch_to' => 'Wechseln zu',
+    'gallery' => 'Galerie',
+    'table' => 'Tabelle',
+    'dotted_search' => 'Suche …',
+    'order_by' => 'Sortieren nach …',
+    'time' => 'Zeit',
+    'name' => 'Name',
+    'maintenance' => 'Wartungsarbeiten',
+    'clean_orphaned_uploads' => 'Leere verwaiste Uploads',
+    'path_not_writable' => 'Der Speicherort ist nicht beschreibbar.',
+    'already_latest_version' => 'Du hast bereits die neueste Version.',
+    'new_version_available' => 'Neue Version %s ist verfügbar!',
+    'cannot_retrieve_file' => 'Die Datei kann nicht abgerufen werden.',
+    'file_size_no_match' => 'Die heruntergeladene Datei stimmt mit der richtigen Dateigröße nicht überein.',
+    'check_for_updates' => 'Auf Aktualisierungen prüfen',
+    'upgrade' => 'Aktualisierung',
+    'updates' => 'Aktualisierungen',
+    'maintenance_in_progress' => 'Plattform wird gewartet, versuchen Sie es später erneut …',
+    'cancel' => 'Abbruch',
+    'deleted_orphans' => '%d verwaiste Dateie(n) wurden erfolgreich gelöscht.',
+    'enforce_language' => 'Sprache erzwingen',
+    'auto_set' => 'Automatisch einstellen',
+    'translated_strings' => 'übersetzte Zeichen',
+    'total_strings' => 'Übersetzt',
+    'lang_name' => 'Name von der Sprache',
+    'default_lang_behavior' => 'XBackBone wird versuchen die Sprache deines Browsers herauszufinden (Standardsprache is Englisch).',
+    'lang_set' => 'Sprache ist jetzt "%s"',
+    'prerelease_channel' => 'Beta Channel',
+    'upload' => 'Hochladen',
+    'no_upload_token' => 'Du hast keinen persönlichen Token. (Erstelle einen und versuche es erneut.)',
+    'drop_to_upload' => 'Hier klicken oder Dateien hierher ziehen.',
+    'donation' => 'Spenden',
+    'donate_text' => 'Wenn dir XBackBone gefällt und du die Entwicklung unterstützen möchtest, spende einen kleinen Beitrag!',
+    'custom_head_html' => 'Eigenes HTML Head Content',
+    'custom_head_html_hint' => 'Dieser Inhalt wird auf jeder Seite am Tag <head> hinzugefügt.',
+    'custom_head_set' => 'Benutzerdefinierter HTML Head wurde angewendet.',
+    'remember_me' => 'Merken',
+    'please_wait' => 'Bitte warten …',
+    'dont_close' => 'Schließe diesen Tab erst wenn fertig.',
+    'php_info' => 'PHP Informationen',
+    'system_settings' => 'Systemeinstellungen',
+    'register_enabled' => 'Registrierungen aktiviert',
+    'hide_by_default' => 'Medien standardmäßig ausblenden',
+    'copy_url_behavior' => 'URL kopieren Mode',
+    'settings_saved' => 'Systemeinstellungen gespeichert!',
+    'export_data' => 'Daten exportieren',
+    'password_recovery' => 'Passwort wiederherstellen',
+    'no_account' => 'Haben Sie kein Konto?',
+    'register' => 'Registrieren',
+    'default_user_quota' => 'Standard Speicherplatz',
+    'invalid_quota' => 'Ungültiger Wert für den Speicherplatz.',
+    'register_success' => 'Das Konto wurde erstellt, eine Bestätigungs-E-Mail wurde gesendet.',
+    'mail.activate_account' => '%s – Aktivierung des Kontos',
+    'mail.recover_password' => '%s – Zurücksetzung des Passworts',
+    'recover_email_sent' => 'Falls vorhanden, wurde eine Wiederherstellungs-E-Mail an das angegebene Konto gesendet.',
+    'account_activated' => 'Konto wurde aktiviert, du kannst dich jetzt anmelden!',
+    'quota_enabled' => 'Aktiviere Speicherlimit',
+    'password_repeat' => 'Passwort wiederholen',
+    'password_match' => 'Das Passwort und das wiederholte Passwort muss das gleiche sein.',
+    'password_restored' => 'Passwort wurde zurückgesetzt.',
+    'recalculate_user_quota' => 'Benutzer Speicher neu berechnen',
+    'quota_recalculated' => 'Die Berechnung vom Benutzer Speicher war erfolgreich.',
+    'used_space' => 'Belegter Speicherplatz',
+    'max_user_quota' => 'Max. Benutzerkontingent',
+    'delete_selected' => 'Ausgewähltes löschen',
+    'delete_all' => 'Alle löschen',
+    'clear_account' => 'Konto löschen',
+    'account_media_deleted' => 'Alle Medien in dem Konto wurden gelöscht.',
+    'danger_zone' => 'Gefahrenzone',
+    'recaptcha_failed' => 'reCAPTCHA Fehlgeschlagen',
+    'recaptcha_enabled' => 'reCAPTCHA Aktiviert',
+    'recaptcha_keys_required' => 'reCAPTCHA-Schlüssel ist erforderlich.',
+    'only_recaptcha_v3' => 'Es wird nur reCAPTCHA v3 unterstützt.',
+    'recaptcha_site_key' => 'reCAPTCHA Websiteschlüssel',
+    'recaptcha_secret_key' => 'reCAPTCHA geheimen Schlüssel',
+    'send_notification' => 'E-Mail-Benachrichtigung senden',
+    'mail.new_account' => '%s – Erstellung von Konto',
+    'user_create_password' => 'Wenn das leer bleibt, wollen Sie vielleicht eine Benachrichtigung an die Benutzer per E-Mail senden.',
+    'no_tags' => 'Keine Tags hinzugefügt',
+    'show_all_tags' => 'Alle Tags anzeigen',
+    'upload_max_file_size' => 'Die maximale Dateigröße beträgt derzeit %s.',
+    'ldap_cant_connect' => 'Es kann keine Verbindung zum LDAP-Auth-Server hergestellt werden.',
+    'zip_ext_not_loaded' => 'Die zip-Erweiterung ist erforderlich',
+    'auto_tagging' => 'Automatische Markierung des Hochladen',
+    'mail.new_account_text_with_pw' => 'Hallo %s! <br>ein neues Konto wurde für Dich auf %s (<a href="%s">%s</a>) erstellt, mit den folgenden Anmeldeinformationen:<br><br>Benutzername: %s<br>Password: %s<br><br>Klicken Sie auf den folgenden Link, um zur Anmeldeseite zu gelangen:<br><a href="%s">%s</a>',
+    'mail.new_account_text_with_reset' => 'Hallo %s! <br>ein neues Konto wurde für dich auf %s erstellt (<a href="%s">%s</a>), klicken auf den folgenden Link, um ein Passwort festzulegen und es zu aktivieren:<br><br><a href="%s">%s</a>',
+    'mail.recover_text' => 'Hallo %s,<br>für Ihr Konto wurde eine Zurücksetzung des Passworts angefordert. Um das Verfahren abzuschließen, klicken Sie auf den folgenden Link:<br><br><a href="%s">%s</a><br><br>Wenn Sie keine Zurücksetzung Ihres Passworts angefordert haben, ignorieren Sie diese E-Mail einfach.',
+    'mail.activate_text' => 'Hallo %s! <br>Vielen Dank fürs Registrieren auf %s (\'a href="%s">%s</a>), klicken Sie auf den folgenden Link, um es zu aktivieren:<br><br>\'a href="%s">%s</a>',
+    'show_changelog' => 'Änderungsprotokoll ansehen',
+    'changelog' => 'Änderungsprotokoll',
+    'copied' => 'In Zwischenablage kopiert!',
+    'image_embeds' => 'Bilder einbetten',
+    'vanity_url' => 'Benutzerdefinierte URL',
+];

resources/lang/en.lang.php

@@ -0,0 +1,165 @@
+<?php
+return [
+    'lang' => 'English',
+    'enforce_language' => 'Enforce language',
+    'yes' => 'Yes',
+    'no' => 'No',
+    'send' => 'Send',
+    'no_media' => 'No media found.',
+    'login.username' => 'Username or E-Mail',
+    'password' => 'Password',
+    'login' => 'Login',
+    'username' => 'Username',
+    'home' => 'Home',
+    'users' => 'Users',
+    'system' => 'System',
+    'profile' => 'Profile',
+    'logout' => 'Logout',
+    'pager.next' => 'Next',
+    'pager.previous' => 'Previous',
+    'copy_link' => 'Copy link',
+    'public.telegram' => 'Share on Telegram',
+    'public.delete_text' => 'Are you sure you want to delete this item? You will not be able to recover it',
+    'preview' => 'Preview',
+    'filename' => 'Filename',
+    'size' => 'Size',
+    'public' => 'Public',
+    'owner' => 'Owner',
+    'date' => 'Date',
+    'raw' => 'Show raw',
+    'download' => 'Download',
+    'upload' => 'Upload',
+    'delete' => 'Delete',
+    'confirm' => 'Confirm',
+    'vanity_url' => 'Custom URL',
+    'publish' => 'Publish',
+    'hide' => 'Hide',
+    'files' => 'Files',
+    'orphaned_files' => 'Orphaned Files',
+    'theme' => 'Theme',
+    'click_to_load' => 'Click to load…',
+    'apply' => 'Apply',
+    'save' => 'Save',
+    'used' => 'Used',
+    'php_info' => 'PHP Informations',
+    'system_settings' => 'System Settings',
+    'user.create' => 'Create User',
+    'user.edit' => 'Edit User',
+    'is_active' => 'Is active',
+    'is_admin' => 'Is administrator',
+    'your_profile' => 'Your Profile',
+    'token' => 'Token',
+    'copy' => 'Copy',
+    'copied' => 'Copied to clipboard!',
+    'update' => 'Update',
+    'edit' => 'Edit',
+    'client_config' => 'Client Configuration',
+    'user_code' => 'User Code',
+    'active' => 'Active',
+    'admin' => 'Admin',
+    'reg_date' => 'Registration Date',
+    'none' => 'None',
+    'open' => 'Open',
+    'confirm_string' => 'Are you sure?',
+    'installed' => 'Installation completed successfully!',
+    'bad_login' => 'Wrong credentials.',
+    'account_disabled' => 'Your account is disabled.',
+    'welcome' => 'Welcome, %s!',
+    'goodbye' => 'Goodbye!',
+    'token_not_found' => 'Token specified not found.',
+    'email_required' => 'E-mail address required.',
+    'email_taken' => 'The e-mail address is already in use.',
+    'username_required' => 'The username is required.',
+    'username_taken' => 'The username is already taken.',
+    'password_required' => 'The password is required.',
+    'user_created' => 'User "%s" created!',
+    'user_updated' => 'User "%s" updated!',
+    'profile_updated' => 'Profile updated successfully!',
+    'user_deleted' => 'User deleted.',
+    'cannot_delete' => 'You cannot delete yourself.',
+    'cannot_demote' => 'You cannot demote yourself.',
+    'cannot_write_file' => 'The destination path is not writable.',
+    'deleted_orphans' => 'Successfully deleted %d orphaned files.',
+    'switch_to' => 'Switch to',
+    'gallery' => 'Gallery',
+    'table' => 'Table',
+    'dotted_search' => 'Search…',
+    'order_by' => 'Order by…',
+    'time' => 'Time',
+    'name' => 'Name',
+    'maintenance' => 'Maintenance',
+    'clean_orphaned_uploads' => 'Clean Orphaned Uploads',
+    'path_not_writable' => 'The output path is not writable.',
+    'already_latest_version' => 'You already have the latest version.',
+    'new_version_available' => 'New version %s available!',
+    'cannot_retrieve_file' => 'Cannot retrieve the file.',
+    'file_size_no_match' => 'The downloaded file doesn\'t match the correct file size.',
+    'check_for_updates' => 'Check for updates',
+    'upgrade' => 'Upgrade',
+    'updates' => 'Updates',
+    'maintenance_in_progress' => 'Platform under maintenance, try again later…',
+    'cancel' => 'Cancel',
+    'auto_set' => 'Set automatically',
+    'default_lang_behavior' => 'XBackBone will try to match the browser language by default (the fallback is English).',
+    'prerelease_channel' => 'Prerelease Channel',
+    'no_upload_token' => 'You don\'t have a personal upload token. (Generate one and try again.)',
+    'drop_to_upload' => 'Click or drop your files here to upload.',
+    'donation' => 'Donation',
+    'donate_text' => 'If you like XBackBone, consider a donation to support development!',
+    'custom_head_html' => 'Custom HTML Head content',
+    'custom_head_html_hint' => 'This content will be added at the <head> tag on every page.',
+    'custom_head_set' => 'Custom HTML head applied.',
+    'remember_me' => 'Remember me',
+    'please_wait' => 'Please wait…',
+    'dont_close' => 'Do not close this tab until completion.',
+    'register_enabled' => 'Registrations enabled',
+    'hide_by_default' => 'Hide media by default',
+    'copy_url_behavior' => 'Copy URL mode',
+    'settings_saved' => 'System settings saved!',
+    'export_data' => 'Export data',
+    'password_recovery' => 'Recover password',
+    'no_account' => 'Don\'t have an account?',
+    'register' => 'Register',
+    'register_success' => 'The account has been created, a confirmation e-mail has been sent.',
+    'default_user_quota' => 'Default User Quota',
+    'max_user_quota' => 'Max User Quota',
+    'invalid_quota' => 'Invalid values as default user quota.',
+    'mail.activate_text' => 'Hi %s!<br>thank you for creating your account on %s (<a href="%s">%s</a>), click on the following link to activate it:<br><br><a href="%s">%s</a>',
+    'mail.activate_account' => '%s - Account Activation',
+    'mail.recover_text' => 'Hi %s,<br>a password reset has been requested for your account. To complete the procedure click on the following link:<br><br><a href="%s">%s</a><br><br>If it wasn\'t you who requested the password reset, simply ignore this e-mail.',
+    'mail.recover_password' => '%s - Password Recovery',
+    'recover_email_sent' => 'If present, a recovery e-mail was sent to the specified account.',
+    'account_activated' => 'Account activated, now you can login!',
+    'quota_enabled' => 'Enable user quota',
+    'password_repeat' => 'Repeat Password',
+    'password_match' => 'Password and repeat password must be the same.',
+    'password_restored' => 'Password reset.',
+    'recalculate_user_quota' => 'Recalculate user quota from disk',
+    'quota_recalculated' => 'User quota recalculated from the disk successfully.',
+    'used_space' => 'Used Space',
+    'delete_selected' => 'Delete Selected',
+    'delete_all' => 'Delete All',
+    'clear_account' => 'Clear Account',
+    'account_media_deleted' => 'All media in the account have been deleted.',
+    'danger_zone' => 'Danger Zone',
+    'recaptcha_failed' => 'reCAPTCHA Failed',
+    'recaptcha_enabled' => 'reCAPTCHA Enabled',
+    'recaptcha_keys_required' => 'All reCAPTCHA keys are required.',
+    'only_recaptcha_v3' => 'Only reCAPTCHA v3 is supported.',
+    'recaptcha_site_key' => 'reCAPTCHA Site Key',
+    'recaptcha_secret_key' => 'reCAPTCHA Secret Key',
+    'send_notification' => 'Send E-mail Notification',
+    'mail.new_account' => '%s - New Account Creation',
+    'mail.new_account_text_with_reset' => 'Hi %s!<br>a new account was created for you on %s (<a href="%s">%s</a>), click on the following link to set a password and activate it:<br><br><a href="%s">%s</a>',
+    'mail.new_account_text_with_pw' => 'Hi %s!<br>a new account was created for you on %s (<a href="%s">%s</a>), with the following credentials:<br><br>Username: %s<br>Password: %s<br><br>Click on the following link to go to the login page:<br><a href="%s">%s</a>',
+    'user_create_password' => 'If leaved empty, you might want to send a notification to the user e-mail address.',
+    'ldap_cant_connect' => 'Can\'t connect to the LDAP auth server.',
+    'upload_max_file_size' => 'The max file size is currently %s.',
+    'no_tags' => 'No tags added',
+    'show_all_tags' => 'Show all tags',
+    'auto_tagging' => 'Auto upload tagging',
+    'zip_ext_not_loaded' => 'The required "zip" extension is not loaded',
+    'changelog' => 'Changelog',
+    'show_changelog' => 'Show changelog',
+    'image_embeds' => 'Embed images'
+];

resources/lang/es.lang.php

@@ -0,0 +1,170 @@
+<?php
+return [
+    'lang' => 'Español',
+    'yes' => 'Sí',
+    'no' => 'No',
+    'send' => 'Enviar',
+    'no_media' => 'Contenido no encontrado.',
+    'login.username' => 'Nombre de usuario o correo electrónico',
+    'password' => 'Contraseña',
+    'login' => 'Iniciar sesión',
+    'username' => 'Nombre de usuario',
+    'home' => 'Inicio',
+    'users' => 'Usuarios',
+    'system' => 'Sistema',
+    'profile' => 'Perfil',
+    'logout' => 'Cerrar sesión',
+    'pager.next' => 'Siguiente',
+    'pager.previous' => 'Previo',
+    'copy_link' => 'Copiar enlace',
+    'public.telegram' => 'Compartir en Telegram',
+    'public.delete_text' => '¿Está seguro que desea borrar este elemento? No vas a poder recuperarlo',
+    'preview' => 'Vista previa',
+    'filename' => 'Nombre del archivo',
+    'size' => 'Tamaño',
+    'public' => 'Público',
+    'owner' => 'Dueño',
+    'date' => 'Fecha',
+    'raw' => 'Mostrar archivo sin formato',
+    'download' => 'Descargar',
+    'delete' => 'Borrar',
+    'publish' => 'Publicar',
+    'hide' => 'Esconder',
+    'files' => 'Archivos',
+    'orphaned_files' => 'Archivos huérfanos',
+    'theme' => 'Tema',
+    'click_to_load' => 'Clic para cargar…',
+    'apply' => 'Aplicar',
+    'save' => 'Guardar',
+    'used' => 'Usado',
+    'system_info' => 'Información del Sistema',
+    'user.create' => 'Crear Usuario',
+    'user.edit' => 'Editar Usuario',
+    'is_active' => 'Es activo',
+    'is_admin' => 'Es administrador',
+    'your_profile' => 'Tu Perfil',
+    'token' => 'Ficha',
+    'copy' => 'Copiar',
+    'update' => 'Actualizar',
+    'edit' => 'Editar',
+    'client_config' => 'Configuración del Cliente',
+    'user_code' => 'Código de Usuario',
+    'active' => 'Activo',
+    'admin' => 'Administrador',
+    'reg_date' => 'Fecha de Registración',
+    'none' => 'Ninguno',
+    'open' => 'Abrir',
+    'confirm' => 'Confirmar',
+    'confirm_string' => '¿Está seguro?',
+    'installed' => '¡Instalación completa!',
+    'bad_login' => 'Credenciales incorrectas.',
+    'account_disabled' => 'Su cuenta está desactivada.',
+    'welcome' => '¡Bienvenido, %s!',
+    'goodbye' => '¡Adiós!',
+    'token_not_found' => 'Ficha indicada No encontrada.',
+    'email_required' => 'El correo electrónico es requisito.',
+    'email_taken' => 'El correo electrónico ya está en uso.',
+    'username_required' => 'El Nombre de Usuario es requisito.',
+    'username_taken' => 'El Nombre de Usuario ya está en uso.',
+    'password_required' => 'La Contraseña es requisito.',
+    'user_created' => '¡Usuario «%s» creado!',
+    'user_updated' => '¡Usuario «%s» actualizado!',
+    'profile_updated' => '¡Perfil actualizado con éxito!',
+    'user_deleted' => 'Usuario borrado.',
+    'cannot_delete' => 'No puede borrarse a usted mismo.',
+    'cannot_write_file' => 'La ruta de destino no se puede escribir.',
+    'deleted_orphans' => 'Borró los archivos huérfanos %d con éxito.',
+    'switch_to' => 'Cambiar a',
+    'gallery' => 'Galería',
+    'table' => 'Tabla',
+    'dotted_search' => 'Búsqueda…',
+    'order_by' => 'Ordenar por…',
+    'time' => 'Tiempo',
+    'name' => 'Nombre',
+    'maintenance' => 'Mantenimiento',
+    'path_not_writable' => 'La ruta de salida no se puede escribir.',
+    'already_latest_version' => 'Ya tiene la última versión.',
+    'new_version_available' => '¡Nueva versión %s disponible!',
+    'cannot_retrieve_file' => 'No se puede recuperar el archivo.',
+    'file_size_no_match' => 'El archivo descargado no coincide con el tamaño de archivo correcto.',
+    'check_for_updates' => 'Buscar actualizaciones',
+    'upgrade' => 'Mejorar',
+    'updates' => 'Actualizaciones',
+    'maintenance_in_progress' => 'Plataforma en mantenimiento, inténtelo más tarde…',
+    'cancel' => 'Cancelar',
+    'enforce_language' => 'Afirmar lenguaje',
+    'auto_set' => 'Establecer automáticamente',
+    'translated_strings' => 'cadenas de texto traducidas',
+    'total_strings' => 'total de cadenas de texto',
+    'lang_name' => 'nombre del lenguaje',
+    'default_lang_behavior' => 'XBackBone tratará de coincidir con el lenguaje predeterminado del navegador (recurrimos al Inglés automáticamente).',
+    'lang_set' => 'Lenguaje del sistema impuesto a "%s"',
+    'upload' => 'Subir',
+    'delete_all' => 'Borrar Todo',
+    'danger_zone' => 'Zona De Peligro',
+    'recaptcha_failed' => 'reCAPTCHA Falló',
+    'php_info' => 'Información PHP',
+    'system_settings' => 'Configuracion de Systema',
+    'mail.new_account' => '% s – Creación de nueva cuenta',
+    'send_notification' => 'Enviar notificación por correo electrónico',
+    'mail.recover_password' => '% s – Recuperación de contraseña',
+    'mail.activate_account' => '%s – Activación de la cuenta',
+    'register_success' => 'La cuenta ha sido creada, se ha enviado un correo electrónico de confirmación.',
+    'donate_text' => 'Si te gusta XBackBone, considera una donación para apoyar el desarrollo!',
+    'donation' => 'Donación',
+    'drop_to_upload' => 'Haz clic o arrastra tus archivos aquí para subirlos.',
+    'no_upload_token' => 'No tienes una clave personal de carga. (Genera uno e inténtalo de nuevo.)',
+    'prerelease_channel' => 'Canal de prelanzamiento',
+    'clean_orphaned_uploads' => 'Limpiar las cargas de los huéspedes',
+    'cannot_demote' => 'No puedes degradarte.',
+    'copied' => '¡Copiado en el portapapeles!',
+    'quota_recalculated' => 'Cuota de usuario recalculada desde el disco con éxito.',
+    'recalculate_user_quota' => 'Recalcular la cuota de usuarios desde el disco',
+    'quota_enabled' => 'Activar la cuota de usuarios',
+    'show_changelog' => 'Mostrar el registro de cambios',
+    'changelog' => 'Registro de cambios',
+    'zip_ext_not_loaded' => 'La extensión zip requerida no está cargada',
+    'auto_tagging' => 'Carga automática de etiquetas',
+    'no_tags' => 'No se han añadido etiquetas',
+    'upload_max_file_size' => 'El tamaño máximo del archivo es actualmente %s.',
+    'ldap_cant_connect' => 'No se puede conectar con el servidor de autentificación LDAP.',
+    'user_create_password' => 'Si se deja vacío, es posible que desee enviar una notificación a la dirección de correo electrónico del usuario.',
+    'mail.new_account_text_with_pw' => '¡Hola %s!<br>se ha creado una nueva cuenta para ti en %s (<a href="%s">%s</a>), haz clic en el siguiente enlace para establecer una contraseña y activarla:<br><br><a href="%s">%s</a>',
+    'mail.new_account_text_with_reset' => '¡Hola, %s!<br>Se creó una nueva cuenta para ti en %s (<a href="%s">%s</a>), haz clic en el siguiente enlace para establecer una contraseña y activarla:<br ><br><a href="%s">%s</a>',
+    'recaptcha_enabled' => 'reCAPTCHA activado',
+    'account_media_deleted' => 'Se han eliminado todos los archivos de la cuenta.',
+    'clear_account' => 'Limpiar cuenta',
+    'delete_selected' => 'Eliminar seleccionado',
+    'used_space' => 'Espacio usado',
+    'password_restored' => 'Restablecimiento de la contraseña.',
+    'password_match' => 'La contraseña y la contraseña repetida deben ser las mismas.',
+    'password_repeat' => 'Repite la contraseñá',
+    'account_activated' => 'Cuenta activada, ¡ahora puedes iniciar sesión!',
+    'recover_email_sent' => 'Si está presente, se ha enviado un correo electrónico de recuperación a la cuenta especificada.',
+    'mail.recover_text' => 'Hola %s,<br>se ha solicitado el restablecimiento de la contraseña de su cuenta. Para completar el procedimiento haga clic en el siguiente enlace:<br><br><a href="%s">%s</a><br>Si no fue usted quien solicitó el restablecimiento de la contraseña, simplemente ignore este correo electrónico.',
+    'mail.activate_text' => 'Hola %s!<br>gracias por crear tu cuenta en %s (<a href="%s">%s</a>), haz clic en el siguiente enlace para activarla:<br><br><a href="%s">%s</a>',
+    'invalid_quota' => 'Valores no válidos como cuota de usuario por defecto.',
+    'max_user_quota' => 'Cuota máxima del usuario',
+    'default_user_quota' => 'Cuota de usuarios por defecto',
+    'register' => 'Registrarse',
+    'no_account' => '¿No tienes cuenta?',
+    'password_recovery' => 'Recuperar contraseña',
+    'export_data' => 'Exportar datos',
+    'settings_saved' => '¡Configuración del sistema guardada!',
+    'copy_url_behavior' => 'Modo copiar URL',
+    'hide_by_default' => 'Ocultar media por defecto',
+    'register_enabled' => 'Registros abiertos',
+    'dont_close' => 'No cierres esta pestaña hasta que se haya completado.',
+    'please_wait' => 'Por favor, espera…',
+    'remember_me' => 'Recuerdame',
+    'custom_head_html_hint' => 'Este contenido se añadirá en la etiqueta <head> de cada página.',
+    'custom_head_html' => 'Contenido personalizado del encabezado HTML',
+    'image_embeds' => 'Incrustar imágenes',
+    'recaptcha_keys_required' => 'Todas las claves reCAPTCHA son requeridas.',
+    'recaptcha_secret_key' => 'Clave secreta de reCAPTCHA',
+    'recaptcha_site_key' => 'Clave del sitio reCAPTCHA',
+    'only_recaptcha_v3' => 'Solo reCAPTCHA v3 está soportado.',
+    'custom_head_set' => 'Cabecera HTML personalizada aplicada.',
+    'vanity_url' => 'URL personalizada',
+    'show_all_tags' => 'Mostrar todas las etiquetas',
+];