This is a simple web application for storing and managing images in a user's gallery.
- User registration and login system. (using uuid to prevent ID guessing that leads to IDOR vulnerability).
- Upload images to the user's gallery. (Image encyrption for the next version)
- View uploaded images in a gallery.
- Delete uploaded images from the gallery.
- Python
- Flask (Python web framework)
- SQLAlchemy (Python SQL toolkit and Object-Relational Mapping)
- MySQL (Relational Database Management System)
- HTML/CSS (Frontend)
- JavaScript (Frontend)
- Clone this repository to your local machine:
git clone <repository-url>- Install the required dependencies using pip:
pip3 install -r requiremenets.txt-
Set up a MySQL database:
- Create a new MySQL database for the application.
- Update the database connection details in
database.pywith your MySQL database credentials.
# database.py db_username = 'your_database_username' db_password = 'your_database_password' db_name = 'your_database_name'
-
Make 2 tables for users and images
user table scheme:
CREATE TABLE 'users' ( uuid varchar(36) NOT NULL, username varchar(50) NOT NULL, email varchar(100) NOT NULL, password_hash varchar(100) NOT NULL, salt varchar(100) NOT NULL, created_at timestamp NULL DEFAULT current_timestamp(), PRIMARY KEY ('uuid')
images table scheme:
CREATE TABLE images ( id int(11) NOT NULL AUTO_INCREMENT, user_id varchar(36) NOT NULL, username varchar(255) NOT NULL, filename varchar(255) NOT NULL, created_at timestamp NULL DEFAULT current_timestamp(), PRIMARY KEY ('id'), KEY 'user_id` ('user_id'), CONSTRAINT 'images_ibfk_1' FOREIGN KEY ('user_id') REFERENCES 'users' ('uuid')
-
Run the flask application:
python3 app.py