Live Stats
12
PHP Files
6,717
Lines of Code
11
Gallery Images
8
DB Tables
8287 kB
Database Size
8.7 MB
Upload Storage
Architecture
A traditional LAMP-style stack with PostgreSQL instead of MySQL. Zero external PHP dependencies — everything runs on PHP's standard library.
Client
HTML5
CSS3 Custom Props
Vanilla JS ES5
Plus Jakarta Sans Google Fonts
Web Server
Apache 2.4.58
mod_php
mod_rewrite
mod_ssl
mod_headers
mod_proxy_wstunnel
Runtime
PHP 8.3.6
PDO pgsql
fileinfo
mbstring
OPcache
OpenSSL
Data
PostgreSQL 16.11
pgcrypto
Filesystem uploads/
OS
Ubuntu 24.04 LTS
Linux 6.8
QEMU TCG
noVNC websockify
Project Structure
crowdprompt.clodhost.com/
├── config.php # DB config, validation, gallery helpers
├── public/ # Document root (Apache)
│ ├── .htaccess # Rewrites, HTTPS, PHP config
│ ├── index.php # Landing page
│ ├── chat.php # Chat session viewer
│ ├── gallery.php # Paginated image gallery
│ ├── upload.php # Upload & delete handler
│ ├── serve.php # Secure image serving
│ ├── privacy.php # Privacy policy
│ ├── stack.php # This page
│ ├── vibe.php # Hall of Vibe (project showcase)
│ ├── status.php # System health & status
│ ├── style.css # Stylesheet (dark mode, a11y)
│ └── particles.js # Canvas particle background
└── uploads/ # Image storage (outside doc root)
Database Schema
Five tables in a PostgreSQL 16 database with pgcrypto enabled.
| Table | Column | Type | Notes |
|---|---|---|---|
chat_sessions |
chat_id |
TEXT PK | Alphanumeric identifier |
title |
TEXT | Session display name | |
message_count |
INTEGER | Denormalized counter | |
created_at |
TIMESTAMP | Auto-set on insert | |
updated_at |
TIMESTAMP | Updated on new message | |
chat_messages |
id |
SERIAL PK | Auto-increment |
chat_id |
TEXT FK | References chat_sessions | |
message_type |
VARCHAR | user | assistant | system | |
content |
TEXT | Message body | |
created_at |
TIMESTAMP | Message timestamp | |
gallery_images |
id |
SERIAL PK | Auto-increment |
file_token |
TEXT UNIQUE | 128-bit hex, public ID | |
original_name |
VARCHAR(255) | User-supplied filename | |
stored_name |
VARCHAR | token.ext on disk | |
mime_type |
VARCHAR | JPEG / PNG / GIF / WebP | |
file_size |
INTEGER | Bytes | |
width / height |
INTEGER | Pixels | |
delete_token |
TEXT UNIQUE | 128-bit hex, for deletion | |
created_at |
TIMESTAMP | Upload timestamp | |
vibe_projects |
id |
SERIAL PK | Auto-increment |
project_name |
VARCHAR(255) | Project display name | |
description |
TEXT | Project description | |
project_url |
VARCHAR(512) | Project link | |
author_name |
VARCHAR(100) | Submitter name | |
vote_count |
INTEGER | Denormalized vote total | |
created_at |
TIMESTAMP | Submission timestamp | |
vibe_votes |
id |
SERIAL PK | Auto-increment |
project_id |
INTEGER FK | References vibe_projects | |
voter_ip |
INET | Voter IP (unique per project) | |
created_at |
TIMESTAMP | Vote timestamp |
Software Bill of Materials
Complete inventory of every software component in the stack. This project uses zero third-party PHP packages — no Composer, no npm.
| Component | Version | Category | Purpose |
|---|---|---|---|
Ubuntu |
24.04.3 LTS | OS | Base operating system |
Linux Kernel |
6.8.0-87 | OS | Kernel |
Apache HTTP Server |
2.4.58 | Web | Web server, URL rewriting, TLS termination |
mod_php |
8.3 | Web | Apache-PHP integration module |
mod_rewrite |
— | Web | Clean URL routing |
mod_ssl |
— | Security | HTTPS / TLS support |
mod_headers |
— | Security | Security response headers |
PHP |
8.3.6 | Language | Application runtime |
php-pgsql |
8.3.6 | Extension | PostgreSQL PDO driver |
php-mbstring |
8.3.6 | Extension | Multibyte string handling |
php-curl |
8.3.6 | Extension | HTTP client (available) |
php-xml |
8.3.6 | Extension | XML/DOM support |
php-opcache |
8.3.6 | Extension | Bytecode caching |
OpenSSL |
3.0.13 | Security | Cryptography, TLS, random_bytes() |
PostgreSQL |
16.11 | Database | Primary data store |
pgcrypto |
— | Database | Cryptographic functions (gen_random_bytes) |
Plus Jakarta Sans |
— | Font | Primary typeface (Google Fonts CDN) |
No Composer packages. No npm packages. No build tools. The entire application is hand-written PHP with the standard library.
Security Features
Defense-in-depth approach across input, output, and transport layers.
| Layer | Mechanism | Implementation |
|---|---|---|
| Input | SQL injection prevention | PDO prepared statements (emulated prepares disabled) |
| Input | File upload validation | finfo magic bytes + getimagesize() double check |
| Input | Token format validation | Regex: /^[a-f0-9]{32}$/ |
| Output | XSS prevention | htmlspecialchars(ENT_QUOTES, UTF-8) |
| Transport | HTTPS enforcement | .htaccess 301 redirect + Apache SSL vhost |
| Headers | Clickjacking | X-Frame-Options: SAMEORIGIN |
| Headers | MIME sniffing | X-Content-Type-Options: nosniff |
| Auth | Image deletion | 128-bit random delete tokens (unguessable) |
| Privacy | No tracking | Zero cookies, zero analytics, zero PII |
URL Routes
| URL Pattern | Handler | Method | Description |
|---|---|---|---|
/ | index.php | GET | Landing page |
/gallery | gallery.php | GET | Paginated image gallery |
/upload | upload.php | GET/POST | Upload & delete images |
/chat/{id} | chat.php | GET/POST | Chat session viewer |
/image/{token} | serve.php | GET | Inline image display |
/download/{token} | serve.php | GET | Image download |
/privacy | privacy.php | GET | Privacy policy |
/stack | stack.php | GET | This page |
/vibe | vibe.php | GET/POST | Hall of Vibe (project showcase + voting) |
/status | status.php | GET | System health & status |