File: /home/mmickelson/view-once.com/handlers/create.php
<?php
require_once __DIR__ . '/../src/config.php';
require_once __DIR__ . '/../src/helpers.php';
require_once __DIR__ . '/../src/db.php';
$db = $db ?? get_db();
if (invalid_csrf()) { show_error('Invalid Request', 'Security token mismatch. Please try again.'); }
$body = trim($_POST['body'] ?? '');
$is_file = 0; $filename = null; $mime_type = null; $file_size = null;
if (isset($_FILES['file']) && $_FILES['file']['error'] === UPLOAD_ERR_OK) {
  $is_file = 1;
  $filename = $_FILES['file']['name'];
  $mime_type = $_FILES['file']['type'];
  $file_size = $_FILES['file']['size'];
  if ($file_size > MAX_FILE_SIZE) { header('Location: ' . base_url() . '/?e=file_large'); exit; }
  if (!in_array($mime_type, ALLOWED_TYPES)) { header('Location: ' . base_url() . '/?e=file_type'); exit; }
  $body = file_get_contents($_FILES['file']['tmp_name']);
  if ($body === false) { show_error('File Error', 'Unable to read the uploaded file.'); }
} else {
  if ($body === '') { header('Location: ' . base_url() . '/?e=empty'); exit; }
  if (strlen($body) > 100000) { header('Location: ' . base_url() . '/?e=large'); exit; }
}
$expire_option = $_POST['expire'] ?? DEFAULT_EXPIRE;
if (!isset(EXPIRE_OPTIONS[$expire_option])) { $expire_option = DEFAULT_EXPIRE; }
$expires_at = time() + EXPIRE_OPTIONS[$expire_option];
$t = token();
try {
  $stmt = $db->prepare('INSERT INTO secrets (token, body, created_at, expires_at, is_file, filename, mime_type, file_size) VALUES (:t, :b, :c, :e, :f, :fn, :mt, :fs)');
  $stmt->execute([
    ':t' => $t,
    ':b' => $body,
    ':c' => time(),
    ':e' => $expires_at,
    ':f' => $is_file,
    ':fn' => $filename,
    ':mt' => $mime_type,
    ':fs' => $file_size
  ]);
  if ($is_file) {
    $file_path = FILES_DIR . '/' . $t;
    if (file_put_contents($file_path, $body) === false) {
      $db->prepare('DELETE FROM secrets WHERE token = :t')->execute([':t' => $t]);
      show_error('File Error', 'Unable to save the uploaded file.');
    }
  }
} catch (PDOException $e) {
  show_error('Database Error', 'Unable to save your note. Please try again.');
}
$link = base_url() . '/s/' . $t;
$expire_label = get_expire_label($expire_option);
?>
<!doctype html><meta charset="utf-8">
<title>One-time link created</title>
<link rel="stylesheet" href="<?php echo h(base_url()) ?>/assets/style.css">
<link rel="icon" href="<?php echo h(base_url()) ?>/assets/favicon.svg" type="image/svg+xml">
<script src="<?php echo h(base_url()) ?>/assets/app.js" defer></script>
<h1>Link ready</h1>
<div class="box success">
  <p>Share this URL. It can be opened <strong>once</strong>, then it’s deleted:</p>
  <p><code id="u"><?php echo h($link) ?></code></p>
  <button onclick="navigator.clipboard.writeText(document.getElementById('u').innerText);this.innerText='Copied!';setTimeout(()=>this.innerText='Copy link',2000)">Copy link</button>
  <div class="meta">
    <?php if ($is_file): ?>
      File: <?php echo h($filename) ?> (<?php echo h(format_file_size($file_size)) ?>)<br>
    <?php endif; ?>
    Expires in <?php echo h($expire_label) ?>
  </div>
</div>
<p><a href="<?php echo h(base_url()) ?>">Create another</a></p>