Init Uploader
======================

A single-file PHP image upload server for self-hosted environments.
Supports single or bulk uploads, API key or HMAC authentication,
and returns JSON responses with file URLs and dimensions. Includes
an optional built-in image optimization and resize pipeline for
automatic compression after upload.

No SDKs, no dependencies, no database — just drop and run.

----------------------------------------------------------------------
FEATURES
----------------------------------------------------------------------

- One PHP file, no dependencies.
- Single or multiple file upload (file / files[]).
- Folder-based organization with auto-directory creation.
- Authentication options:
  * Static API Key (X-API-Key)
  * HMAC Signature (X-Timestamp + X-Signature)
- Enforces HTTPS connections for security.
- Validates file type, size, and extension.
- Optional strict MIME validation (via fileinfo or getimagesize).
- Auto-renames duplicates to prevent collisions.
- Extracts image dimensions (requires gd or imagick).
- Built-in image optimization and resize pipeline.
- Automatic JPEG/WebP compression with configurable quality.
- PNG lossless compression support.
- Optional automatic JPEG/PNG to WebP conversion.
- Cloudflare R2 upload support (S3-compatible).
- BunnyCDN Storage upload support.
- Optional local file deletion after CDN upload.
- JSON response includes URL, width, height, filename, and size.
- CORS and logging support included.

----------------------------------------------------------------------
CONFIGURATION
----------------------------------------------------------------------

Edit CONFIG section at the top of `init-uploader.php`:

API_KEY                   = 'your-secret-api-key-here'     // static API key
SECRET_KEY                = 'your-secret-hmac-key-here'    // secret for HMAC signature
USE_HMAC_AUTH             = false                          // true = HMAC mode, false = static key
HMAC_TIME_WINDOW          = 300                            // 5-minute validity window
UPLOAD_DIR                = __DIR__ . '/uploads'           // upload directory
BASE_URL                  = 'https://your-domain.com'      // public base URL
MAX_FILE_SIZE             = 10 * 1024 * 1024               // 10 MB limit
ALLOWED_EXTENSIONS        = ['jpg','jpeg','png','gif','webp']
STRICT_IMAGE_VALIDATION   = false                          // true = strict MIME check
ENABLE_LOGGING            = true                           // writes to upload.log
REQUIRE_HTTPS             = true                           // block non-HTTPS requests
OPTIMIZER_ENABLED         = false                          // enable/disable optimization
OPTIMIZER_MAX_WIDTH       = 900                            // max width in pixels (0 = disable resize)
OPTIMIZER_JPEG_QUALITY    = 80                             // JPEG/WebP quality (40–100)
OPTIMIZER_PNG_LEVEL       = 6                              // PNG compression level (0–9)
OPTIMIZER_CONVERT_TO_WEBP = false                          // convert JPEG/PNG to WebP
OPTIMIZER_WEBP_QUALITY    = 82                             // WebP quality (40–100)

R2_ENABLED                = false                          // enable/disable Cloudflare R2
R2_ACCOUNT_ID             = 'your-account-id'
R2_ACCESS_KEY_ID          = 'your-r2-access-key-id'
R2_SECRET_ACCESS_KEY      = 'your-r2-secret-access-key'
R2_BUCKET                 = 'your-bucket-name'
R2_PUBLIC_URL             = 'https://your-public-url.com'
R2_DELETE_LOCAL           = false                          // delete local file after upload

BUNNY_ENABLED             = false                          // enable/disable BunnyCDN
BUNNY_STORAGE_ZONE        = 'your-storage-zone'
BUNNY_API_KEY             = 'your-bunny-api-key'
BUNNY_STORAGE_REGION      = 'storage.bunnycdn.com'
BUNNY_PUBLIC_URL          = 'https://your-zone.b-cdn.net'
BUNNY_DELETE_LOCAL        = false                          // delete local file after upload

----------------------------------------------------------------------
USAGE
----------------------------------------------------------------------

1. Upload `init-uploader.php` to your HTTPS-enabled PHP server.
2. Edit CONFIG section with your API key and base URL.
3. Ensure `/uploads` directory is writable (chmod 755 or 775).
4. Send POST requests with either:
   - `file` field for single uploads
   - `files[]` field for multiple uploads
5. Include authentication:
   - Static key:   X-API-Key: your-secret-api-key-here
   - Or HMAC mode: X-Timestamp + X-Signature headers
6. Optional: add `path` field to specify subfolder under `/uploads`.
7. Optional: enable optimizer for automatic compression and resizing.
8. Receive JSON response with uploaded file data and image info.

----------------------------------------------------------------------
SECURITY
----------------------------------------------------------------------

- HTTPS enforced if REQUIRE_HTTPS = true.
- Static key: simplest form for trusted environments.
- HMAC mode: signs each request with timestamp to prevent replay.
- Timestamp must be within HMAC_TIME_WINDOW seconds.
- Sign using HMAC_SHA256(timestamp, SECRET_KEY).
- Restrict file extensions and MIME types for production use.
- Logging records all upload attempts to upload.log.

----------------------------------------------------------------------
IMAGE OPTIMIZER
----------------------------------------------------------------------

The built-in optimizer can automatically resize and compress uploaded
images after successful upload.

Supported formats:
- JPEG
- PNG
- WebP

Features:
- Automatic image resizing while preserving aspect ratio.
- JPEG/WebP quality compression.
- PNG lossless compression.
- Alpha transparency preservation for PNG/WebP.
- In-place optimization without temporary files.

Notes:
- Requires PHP GD extension.
- Images smaller than OPTIMIZER_MAX_WIDTH are not resized.
- Optimization runs immediately after upload completes.

----------------------------------------------------------------------
WEBP CONVERSION
----------------------------------------------------------------------

The optimizer can automatically convert uploaded JPEG and PNG images
to WebP format after upload.

Features:
- JPEG and PNG automatic WebP conversion.
- GIF files are always skipped entirely.
- Separate WebP quality configuration.
- Replaces original file extension with .webp.
- Falls back to normal optimization if imagewebp() fails.

Notes:
- Requires OPTIMIZER_ENABLED = true.
- Existing WebP uploads are preserved as WebP.
- Uses PHP GD imagewebp() internally.

----------------------------------------------------------------------
CLOUDFLARE R2
----------------------------------------------------------------------

Built-in Cloudflare R2 upload support using AWS Signature Version 4.

Features:
- No AWS SDK required.
- Pure PHP + cURL implementation.
- S3-compatible object storage support.
- Optional automatic local file deletion after upload.
- Supports custom domains and .r2.dev URLs.

Required configuration:
- R2_ACCOUNT_ID
- R2_ACCESS_KEY_ID
- R2_SECRET_ACCESS_KEY
- R2_BUCKET
- R2_PUBLIC_URL

Notes:
- Requires cURL extension.
- Requires valid R2 API credentials.
- Files are uploaded after local optimization completes.
- Falls back to local URLs if R2 upload fails.

----------------------------------------------------------------------
BUNNYCDN STORAGE
----------------------------------------------------------------------

Built-in BunnyCDN Storage Zone upload support.

Features:
- Direct HTTP API upload.
- No external SDK required.
- Supports regional storage endpoints.
- Optional automatic local file deletion after upload.
- Compatible with Pull Zones and custom CDN domains.

Required configuration:
- BUNNY_STORAGE_ZONE
- BUNNY_API_KEY
- BUNNY_STORAGE_REGION
- BUNNY_PUBLIC_URL

Examples:
- storage.bunnycdn.com
- ny.storage.bunnycdn.com
- sg.storage.bunnycdn.com

Notes:
- Requires cURL extension.
- Files are uploaded after local optimization completes.
- Falls back to local URLs if BunnyCDN upload fails.

----------------------------------------------------------------------
NOTES
----------------------------------------------------------------------

- No external dependencies or SDKs required.
- Cloudflare R2 and BunnyCDN integrations use native HTTP APIs.
- CDN upload failures automatically fall back to local URLs.
- WebP conversion only applies to JPEG and PNG images.
- Your server never stores credentials or temporary copies.
- Works on PHP 7.4+ (recommended 8.0 or higher).
- Compatible with Linux and Windows file systems.
- Returns consistent JSON for easy client-side parsing.

----------------------------------------------------------------------
CREDIT
----------------------------------------------------------------------

© Init HTML
https://inithtml.com
