uCloud – File Hosting Script – Securely Manage, Preview & Share Your Files

uCloud enables freelancers, small businesses (such as media agencies) and webmasters to easily share their files online. It’s been built to be extremely robust, secure and very fast!

Features

• NEW PHP 8.3 support
• NEW LiteSpeed support (aswell as Apache & Nginx)
• NEW 2FA integration using Google Authenticator
• NEW Video, audio, image & document embed code
• NEW Code previews & syntax highlighting
• NEW Core framework performance improvements
• Upload Files:
  • SFTP, FTP, Rackspace and Amazon S3 Storage.
  • BackBlaze storage support.
  • Use with Wasabi using this guide.
  • Scale your storage by using your own dedicated server storage (direct downloads/uploads).
  • Internally shared files & folders. Share multiple files & folders with other registered users and enable them to view, upload and download files.
  • Global sharing option.
  • Multi-file uploader with progress. 10GB+ filesize supported.
  • Images previewed before upload. File icons shown for each file before upload.
  • Percentage progress, size remaining, upload speed and time remaining.
  • Background uploading of files. Continue to manage your account while files are being uploaded.
  • Drag & Drop into the browser to begin uploading.
  • Send via email option once uploaded.
  • Copy folder url to the clipboard link.
  • Built in url shortener.
  • Support for multiple file servers.
  • File details page with the following:
    • Full path to the file.
    • HTML code to directly copy into a website.
    • Forum code to directly copy into a forum.
    • Link to view statistics for the file.
    • Link to remove the file.
    • Links to share with common social media sites; Facebook, Twitter etc.
    • Link to share via email.
• File Manager:
  • Login with your Facebook, Twitter or Google Account (optional setting via admin).
  • User registration page.
  • NEW Terms & Conditions page.
  • NEW Privacy Policy page.
  • Built using ajax so the entire file manager is lightning fast!
  • Thumbnails generated for images & pdf files (requires imagemagick)
  • File previews for a huge amount of files:
    • Images – jpg, jpeg, png, gif, wbmp
    • Documents – doc, docx, xls, xlsx, ppt, pptx, pdf, pages, ai, tiff, dxf, svg, eps, ps, ttf, otf, xps (< 15MB)
    • Videos – mp4, flv (when Flash enabled), ogg
    • Audio – mp3
  • Caching of image thumbnails for fast load times.
  • Right-click menu options on each file & folder to quickly manage the options.
  • Powerful search widget. Quickly shows you files and folders which match your search.
  • Advanced search to find files by upload date and folder.
  • Requires account to upload and manage files. (admin controlled)
  • 2 view options for files:
    • Icon view – showing file thumbnails.
    • List view.
  • Full screen mode.
  • Sort file listing by filename, file size, date uploaded, last access and total downloads.
  • Change the amount of files shown per page.
  • Download an entire folder as a zip file.
  • Duplicate file(s) option.
  • Rename, move & delete file options.
  • Watermarking of images by folder option. Upload a png watermark, set the position and padding. This can then be enabled by folder. Use this to share ‘proof’ copies of images to customers without giving the user full access to the image.
• File Downloads:
  • Built in support for xSendFile & xAccelRedirect! Big improvements on server performance if enabled.
  • Files are stored securely on your web host. They are renamed without the extension on upload and placed inside a folder which can’t be accessed directly.
  • Downloads are done using a secure access hash which expire after use. The same download link can not be used multiple times.
• Detailed File Statistics:
  • Daily, weekly, monthly downloads.
  • Referring sites.
  • Visiting countries.
  • Visiting browsers.
  • Visiting operating systems.
• Sharing:
  • Links to share files & folders via Facebook, Twitter, LinkedIn & more.
  • If a folder is set as private, generate a unique url to enable someone without an account to access it.
  • Send via email option on all files & folders.
  • Option to hide or show the download button when sharing folders.
  • Option to allow or disable downloading of all files within a shared folder.
• Security:
  • 2FA support using Google Authenticator.
  • Account password stored using SHA256 & PBKDF2 key extender.
  • Set file folders and private or public.
  • Set passwords on file folders.
  • IP blacklisting – block IP addresses from using the site.
  • Support for https.
  • Externally tested for XSS and SQL injection attacks.
• Customisations:
  • Written for PHP7.3+.
  • 100% full source code.
  • Easy installation.
  • Fully customisable.
  • Modern template. (easily customise and create additional ones)
  • Simple, clean, ajax style look and feel.
• Admin Area:
  • Redesigned admin area using Bootstrap 3.
  • Interactive bulk import tool.
  • Separate dedicated admin area.
  • Dashboard detailing downloads and active files.
  • Search files.
  • Disable files.
  • NEW Support for multiple languages. Automatic language translation via Google Translation API. Note: This may incur additional charges for using their API.
  • Manage users and filter by user files.
  • Manage blocked IPs.
  • Manage site settings.
  • Set and manage file servers.
  • Configure to use specific file server or the one with most space.
  • Set template.
  • Set user account settings:
    • Days to keep inactive files.
    • Maximum upload filesize.
    • and more.
  • Option to set the filename on the download url.
  • Modern Ajax interface.
  • Via the admin area easily set the logo, extra css and site skin.
  • Automatic language translations via Google Translate API. Translate the entire site content to another language by clicking a button. Note: Requires a Google API key. Menually edited translations can be marked as ‘locked’ so they’re not overwritten.
  • Added option in admin to block the same file from being re-uploaded. Optional on file remove and automatic after removal on abuse reports.
  • Added admin “impersonate user” option, so admin users can login as any other user account.
  • Added new admin page for backing up the database and codebase. Functionality also built in preparation for automatic upgrades at a later date.

Admin Account/Area

You can see a demo of admin area by logging in with username: admin and password: Password@Demo, note that destructive actions like deleting and editing are disabled on demo site and admin account will be reset every day.

Requirements

• PHP 7.3+ including PHP 8.0+
• Linux OS (standard on most shared hosts)
• MySQL 5+ with 1 empty database
• PHP PDO MySQL Extension
• PHP GD & FTP Extension (normally enabled as standard)
• Apache with Rewrite Module or Nginx
• A Web Browser that supports HTML5/Javascript (IE9+, FireFox, Safari, Chrome)

Change History

17th April 2024 – v2.1.2 – Minor updates and fixes.

- Replaced usage of deprecated Psr7stream_for() function call in Backblaze storage

7th February 2024 – v2.1.1 – Minor updates and fixes.

- Added download as zip option on publicly shared folders
- Fixed bug on admin language CSV import
- Fixed missing site settings which can trigger exceptions on later PHP versions

Release Notes: There are database changes within this release. See /install/resources/upgrade_sql_statements/v2.1.1.sql - Please review the installation documentation for guidance on how to upgrade.

16th May 2022 – v2.1.0 – PHP 8+ support, LiteSpeed support, 2FA, syntax highlighting, performance improvements & lots more.

- PHP v8.1 support.
- LiteSpeed webserver support.
--- X-Litespeed-Location improved downloads option on LiteSpeed file servers.
- 2FA integration for site login.
--- New admin site settings option to enable the feature.
--- User can enable/disable 2FA via account settings.
--- Admin area option to reset 2FA by user.
--- User login process updated to prompt for 2FA, if enabled.
--- Admin login has separate prompt for 2FA, if enabled.
--- Social login updated to request 2FA, if enabled.
- File Previewer Plugin:
--- Support for previewing text based files. Including syntax highlighting on code such as JS, CSS, HTML and PHP.
--- Added support for ImageMagick image file types - AI, PSD, Animated GIF and 100's more.
--- Added support for resized animated GIF images when using ImageMagick.
--- Added global image watermark option.
--- Added image embed html code option.
--- Added background image thumbnail creator script.
--- Added document embed html code option.
--- Added option to autoplay videos (browser support dependant).
--- Added video embed html code option.
--- Added option to autoplay audio files (browser support dependant).
--- Added audio embed html code option.
--- Improvement to the document viewer so it continues to work even when downloads are locked down by IP address.
- Performance improvements:
--- Improved core framework load times by reducing database queries on each load.
--- Removed IP ban for 'Whole Site' option to improve core load times. These should be managed via your web server going forward.
--- Additional database indexes based on queries within the core framework.
--- Moved caching of used server storage space value into cron task, rather than each file upload.
--- Improved memory usage on banned ip data purge.
--- Performance improvement to md5 hash generation for large files.
- Added cancel upload option within file manager. Options to cancel any pending file or the entire upload.
- Added extra OpenGraph headers for links shared via Facebook.
- Geo-targeting for file servers. Direct traffic from countries to specific storage servers.
- Upgraded core GeoIP library to use GeoLite2 by Maxmind. IP database updated to the latest.
- Removed local server fallback when no storage servers available on upload. The user now sees an error message and uploading is blocked.
- Better error responses on failed/blocked uploads.
- Added download count to file manager file listing view.
- Limit upload speed by account package using Nginx. You can now set an "Upload Url Slug" via the account package settings. When using Nginx, you can configure this to be speed limited.
- Limit concurrent downloads better in Nginx. You can now set a "Download Url Slug" via the account package settings. On Nginx this can be configured to limit connections or download speed.
- Fixed issue with zipping files when downloads are locked down by IP address.
- Added site settings to disable chunked uploads and the chunked upload file size. (recommend for advanced setups only)
- Added admin option to enable concurrent uploads to improve upload performance.
- Added admin option to set how many concurrent uploads to process at the same time.
- Admin option to purge application cache on file servers aswell as the main local server.
- Admin area site setting option to disable md5 file hashing over certain file sizes. Resolves md5_file() performance issues on low resource hosts.
- Added reason for file removal on delete. For example, admin/user removed, copyright claim or system expired. Shown when trying to access the download url.
- Added UID to each log session to simplify reviewing log history.
- Ensured all "direct" file servers route file urls via the main site url.
- Fixed issue where file preview cache files sometimes not being scheduled for removal within the file action queue.
- Added fileHash and whether a file is a duplicate on admin, edit file popup.
- Added option in file preview settings to not show the details page when not logged in. i.e. file urls will trigger a download.
- Improved system logging within the upload process.
- Added support for SSH keys aswell as passwords, in file server SSH connection details.
- Updated token download urls for media so they always include the filename, for third party player compatibility.
- Added catch in core database class for "SQLSTATE[HY000]: General error: 2006 MySQL server has gone away" errors. Attempts to reconnect rather than exiting.
- Fix to video playback on Safari when not using XSendFile or XAccelRedirect.
- Fix to enforce UTF8 character encoding on email sending.
- Fixed issue which caused some cache files to not be queued for deletion on 'direct' file servers.
- Fixed issue with admin area delete user function, which sometimes caused uploaded files not to be removed.
- Fixed double icon issue when file preview "Show Thumbnails" option disabled.
- Fixed issue with erroneous HTML being output on uploader when file previewer plugin disabled.
- Fixed issue with "download as zip" to ensure the zip file name on the server is always unique.
- Resolved issue with crypto functions where data sometimes fails to encrypt fully.
- Improvements to ipv6 validation and login logs.
- Ensured folderHash is set on folder creation within the file import plugin.

Release Notes: There are database changes within this release. See /install/resources/upgrade_sql_statements/v2.1.0.sql - Please review the installation documentation for guidance on how to upgrade.

9th February 2021 – v2.0.2 – Security fix.

- Fix to Server-Side Request Forgery on remote url download.

Release notes: To apply the update from v2.0.1, simply upload the following files to your install:

/app/services/Uploader.class.php
/app/core/Framework.class.php

27th August 2020 – v2.0.1 – Minor fixes and improvements.

- Added file manager actions buttons to mobile view.
- Added option on public sharing page to download all share as zip or just the current folder.
- Significant performance improvements on download as zip feature.
- Increased max supported filesize on the document viewer to 50MB (from 10MB).
- Better fallback handling if file is greater than 50MB on document viewer.
- Moved script version number into /app/core/Framework.class.php.
- Minor fix to folder paging when no files.
- Minor fix to edit file, folder dropdown not always listing all folders.
- Minor improvement to JS translation function.
- Minor fix to empty trash function.
- Captcha code output fix, due to the way Twig handles HTML they were not always rendered as expected.
- Minor fix to add user account type admin function.
- Removal of various PHP notices.
- Minor fix to auto scan of any newly added themes. Previously this was not automatically showing in admin.
- Improvements to file import script (import.php within the file import plugin).
- 404 page spelling fix.
- Other minor fixes and performance improvements.

Release notes: To upgrade from 2.x, backup, then upload the files from /app, /plugins & /themes to your
install. Then apply the database patch in /install/resources/upgrade_sql_statements/v2.0.1.sql.
Then clear your application cache (via the admin area, site configuration). See the upgrade
guidance in the documentation for more information.

20th August 2020 – v2.0.0 – Core Script Rewrite.

- Support for uploading additional files without reloading the browser.
- Complete core rewrite:
--- New MVC script framework.
--- Separation of business logic (PHP) and views.
--- Custom page url routing.
--- Friendly urls throughout main site and admin area.
--- Twig templating engine - True separation of PHP logic and views.
--- Javascript translations moved to external JS file rather than embedded in the page source.
--- Application cache for increased performance - Routing Cache & Twig Template Cache.
--- New MVC structure for both plugins and themes.
--- Controllers and templates and be overridden at plugin and theme level.
--- Added support for transparent pngs on avatars.
--- Friendlier urls on direct file links. (removal of view.php)
--- Moved towards object based data updates (ORM).
--- New terms & privacy pages.
--- Admin test tools.
- Backblaze cloud file storage support.
- New media player for videos and audio type files.
--- Includes playback speed control, chromecast support and audio visualisation.
- Social login plugin upgrade, including refreshing guidance.
- Improved Sharing Functionality:
--- Share files aswell as folders now.
--- Select multiple files/folders to share at once, rather than folder only level.
--- Admin manage sharing pages.
--- Globally shared folders - admin can set folders to be accessed by all accounts.
--- Moved shared folders/files into dedicated left navigation item.
--- Email notification added on internal sharing.
- Added option to set keywords and description on files.
--- Keywords displayed on file details view, linked to search.
--- Search feature now includes keywords and description.
- Improvements to drop & drop uploads directly into file manager without loading the uploader popup.
- Site setting option to use local sessions rather than database based sessions.
- Site settings to control min/max length of account usernames.
- Site setting to enable download tokens to be limited by IP address.
- Minor formatting changes to file details page, including adding a back button.
- Added sharing page and trash page links on mobile view.
- Enabled 'enter' key submission on add/edit file/folder popups.
- Minor fix to avoid reloading page if upload completes when viewing file details.
- Minor fix to script update notification checker.

Release notes: This release is a major upgrade to the codebase. To upgrade existing installs,
please see the "Upgrade from v1.x" tab in the /install/ folder.

11th December 2019 – v1.5.2 – Security Improvements And Fixes.

- Fix for remote download vulnerability when gopher protocol installed.
- Fix for SQLi vulnerability within admin area datatable scripts.
- Fix for XSS in admin 'log file viewer' and 'get all file server paths' script.
- Improved uniqueness of password reset hash.

Release notes: There are no database changes in this release. To upgrade an existing install,
simply copy the following files to your installation:

/admin/ajax/ - Entire folder
/admin/log_file_viewer.php
/core/includes/coreFunctions.class.php
/core/includes/uploader.class.php
/core/includes/userPeer.class.php

29th May 2018 – v1.5.1 – Minor bug fixes.

- Minor fix to resolve duplicate folders on sharing.
- Minor fix to file action queue processing.

Release Notes - There are no database changes in this release. To upgrade an existing install,
simply copy the following files to your installation:

/themes/cloudable/templates/ajax/_load_album.ajax.php
/core/includes/fileAction.class.php

1st April 2018 – v1.5 – Direct File Links, PHP7.2 Support, CDN Support, API Changes and lots of other improvements.

- Replacement of mcrypt functions with OpenSSL for PHP7.2+.
- API changes - New admin only endpoints:
--- /account/create
--- /account/edit
--- /account/delete
--- /package/listing
- Added optional CDN support for image previews and thumbnails. (via file server management)
- Added optional captcha to user login screen.
- Added optional captcha to admin login screen.
- Big changes to how the delete file process works within the code:
--- All deletes are now scheduled within the file action queue, including FTP, S3 and Flysystem adapters.
--- Better management of file server paths - stored against the file server in the admin area.
--- Removal of ajax calls to remote storage server on delete, significant performance improvement.
- User file manager changes:
--- Added folder ordering.
--- Added select folder option, support for multiple as per files.
--- Added multi folder delete & drag and drop to move.
--- Added empty trash button to trash toolbar.
--- Hold ctrl+click to select folders.
--- Direct file link option for all files.
- Admin area changes:
--- Moved "Max File Uploads Per Day" into account packages.
--- Moved "Accepted Upload File Types" into account packages.
--- Moved "Blocked Upload File Types" into account packages.
--- Addedn option to auto clear trash items older than x days in account packages.
- Better feedback on login failures for the admin area.
- Better handling of core FTP storage when passive mode is enabled.
- Improvements to how the account avatar is loaded to avoid restrictions on certain servers.
- Fix to Amazon S3 storage configuration issue.
- File server option to download over different protocol compared with main site.
- Moved the local storage path from _config.inc.php into the file server admin.
- All database tables changed to 'InnoDB' & 'utf8mb4_general_ci' to allow for MySQL clustering support.

Release Notes: There are database changes within this release. See /install/resources/upgrade_sql_statements/v1.4.2 - v1.5.sql.

24th June 2017 – v1.4

- Core script initial support for file storage on:
--- SFTP
--- Amazon S3
--- Rackspace Cloud Files
--- FTP (improved integration, possible future replacement of core FTP storage)
- File Upload API:
--- Account Operations: Get account info, get account package info (max upload size, account limits etc).
--- File Operations: Upload, Download, Get info, Edit meta data, Delete, Move, Copy.
--- Folder Operations: Create, List (Files and Folders), Get info, Edit meta data, Delete, Move.
- Admin Area:
--- Admin area interface rewrite so it's now using Bootstrap 3.
--- Bulk import tool. Within the admin area bulk import files into an account from on a folder on your server.
--- Added user avatar to manage users page.
--- Added option to remove or set avatar on add/edit user.
--- Fix to add/edit user password setting. Now uses the global password rules.
- Better support for prepared arguments in the database layer.
- Fix to search widget not always displaying the correct file results.
- Fix to ordering of files in file manager.
- Updated social login plugin - Fixed Facebook not working due to API changes.
- Facebook login - removed the request for date or birth, town and about me, in permissions.
- Added additional database indexes to improve performance.
- Fixed session notice in later versions of PHP - session_write_close(): Failed to write session data (user).
- Fixed SMTP sending issues caused by debug being enabled within email sending library.
- Fixed issue with folder zip download not being fully recursive.
Release Notes: There are database changes within this release. See /install/resources/upgrade_sql_statements/v1.3.4 - v1.4.sql.

18th January 2017 – v1.3.4

- Update of PHPMailer to fix recently announced security issue - https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.22

17th November 2016 – v1.3.2

- Minor fix for issues with FTP storage server sometimes not selecting on upload.
- Minor fix for the default upload view after creating a folder in the root.

NOTE: To apply this patch copy these files to your install:
/core/includes/uploader.class.php
/themes/cloudable/templates/ajax/_account_add_edit_folder.process.ajax.php

2nd November 2016 – v1.3.1

- Minor fix for duplicate folder listing on internally shared folders.
NOTE: To apply this patch copy this file to your install: /themes/cloudable/templates/ajax/_load_album.php

14th October 2016 – v1.3

- Internally shared folders. Share any folder with other registered users and enable them to view, upload and download files.
- Added support for default albums on new account creation/registration. Can be set via the admin, site settings.
- Improvements to stats logging performance and sync between the stats count and file.visits value.
- Admin Area:
--- Added option to bulk remove files by copying and pasting a list of urls.
--- Fix to add/edit user password setting. Now uses the global password rules.
- Fixed admin area 12 months new files chart.
- Improvement to ipToCountry checking for larger IP ranges.
- Better support for prepared arguments in the database layer.
- Various improvements and minor bug fixes.
NOTE: There are database changes in this release. See installresourcesupgrade_sql_statementsv1.2.3 - v1.3.sql

29th May 2016 – v1.2.3

- Changed name of script to uCloud. There are no code changes in this release.

11th April 2016 – v1.2.1

- Fix to issue with sharing on private folders not working.
- Fix to remove use of depreciated function within coreFunctions.class.php for PHP7.
- Fix to admin add/edit user password setting. Now uses the global password rules.
- Added sql commands to enable captcha api keys within site settings.
NOTE: There are database changes in this release. See installresourcesupgrade_sql_statementsv1.2 - v1.2.1.sql

18th March 2016 – v1.2

- PHP7 support.
- Login with your Facebook, Twitter or Google+ Account (optional setting via admin).
- User registration page and relating admin settings:
--- Whether to enable or disable the registration form.
--- Whether to display the captcha on the site registration form.
--- Block email address domains from registering. Comma separated list of domains.
--- Block usernames from the registration page.
- Automatic language translations via Google Translate API. Translate the entire site content to another language by clicking a button. Note: Requires a Google API key. Menually edited translations can be marked as 'locked' so they're not overwritten.
- Added support for username and password protected http & ftp urls. In the format ftp://user:[email protected]/filename.txt.
- Improved session handling and how regularly the sessions are cleared from the database.
- Reduced the amount of data stored in each session for bettter performance, from (up to) 65k to just over 1k.
- Updated IP to Country data and added admin script to update the data as needed. (see the top of /core/includes/ip2Country.class.php)
- Improved right 'next page' arrow positioning when viewing files. Allows for easier scrolling of documents.
- Allowed for files to be dragged into folder icons on the main view.
- Added menu down arrow on folder icons.
- Admin Area:
--- Added option in admin to block the same file from being re-uploaded. Optional on file remove and automatic after removal on abuse reports.
--- Added admin "impersonate user" option, so admin users can login as any other user account.
--- Added new admin page for backing up the database and codebase. Functionality also built in preparation for automatic upgrades at a later date.
--- Admin option to set blocked keywords within the filename on file uploads.
--- Added option to temporarily disable file uploads globally via the admin area, site settings. Uploads will still function for admin accounts.
--- Added option to temporarily disable file downloads globally via the admin area, site settings. Downloads will still function for admin accounts.
- Fixed issue with file move between external file servers.
- Various other UI fixes and improvements.
NOTE: There are database changes in this release. See installresourcesupgrade_sql_statementsv1.1 - v1.2.sql

21st January 2016 – v1.1

- Added watermarking of images by folder option. Upload a png watermark, set the position and padding. This can then be enabled by folder. Use this to share 'proof' copies of images to customers without giving the user full access to the image.
- Added an option to hide or show the download button when sharing folders.
- Automatic language translations via Google Translate API. Translate the entire site content to another language by clicking a button. Note: Requires a Google API key.
- Added admin, theme settings option to add custom CSS code. This is kept between upgrades of the code.
- Added admin, theme settings option to set the logo on the publicly shared pages.
- Support for previewing animated gifs.
- Added 'download all images' as zip file option when folder is shared.
- Fix to hide OG image if file is set as private or requires a password.
- Reduced the maximum size of portrait images when previewing, better fit for common screen resolutions.
- Improved UI layout on mobile preview of images.
- Other minor updates and improvements.
NOTE: There are database changes in this release. See installresourcesupgrade_sql_statementsv1.0 - v1.1.sql

8th January 2016 – v1.0

- Initial release.