188 comments

[ 3.3 ms ] story [ 271 ms ] thread
single .php file…
It doesn't mean they do all development in a single file.
I’m not sure if you’re implying it isn’t, that’s bad, or something else. The download link does take you to a single php file. It’s a mess, but it’s also kinda interesting. I’ve been doing PHP dev professionally for more than 20 years and I don’t think I’ve ever seen some of the conventions used. Even the PHP close tag inside a function like this.

function login_page($is_login_attempt, $sidx, $is_logout, $client_hash){ ?> <!doctype html> <html> <head> <meta charset="utf-8"> … </html> <?php exit; // end form and exit }

This is precisely the kind of thing that should be a single file CGI-like script. It's a much better view than the stock file listing Apache would spit out. There is no need to complicate it with microservices, high availability, event-based architecture, etc. It takes a single HTTP GET request and spits out HTML that nicely renders the content. That's all it needs to do. One file is perfect.
Why does the demo have a folder of just girls?
This is an MVP. The guys folder will be added later.
wild guess: the person who make this likes girls
(comment deleted)
I needed this for hosting an archive of documents and images that I didn't want to sort and create html pages for. Without something like this, I'd get an ugly directory view that's different browser by browser.

This solves the problem and it looks elegant. Great work.

As somebody who recently spent two weekends trying to figure out a self hosted photo solution that actually for my needs and was easy to install, this looks fantastic.

(I ended up using PhotoView, which works fine, but this looks like it might have been better.)

Hey thanks for sharing with us https://photoview.github.io It's worth a look :-)
Had a look, and it was worth it! Will consider using for sure
Your demo has a login and has no default values for the credentials.
The credentials demo /demo are directly above the button that says "Demo-Site".
Somehow, I missed that. Thanks! I did not realize logging was part of the demo. :D
Annoyingly, the demo broke the back button of my Safari on iOS
Very nice tool indeed, funny how the world works. I'm writing an Electron/React/PouchDB application that works kinda like this called "Filebase", you create a library and name it like "pictures", you pick a directory / or single file on your PC and it scans/indexes it, this allows you to tag individual files and folders so you remember what's in it (you can search these tags). you can search and filter by type. The last feature will be archiving but keeping the directory info handy so you can search for items that are archived. I came up with this idea after watching my partner try and organize Cricket art and PDF's. I realized that Windows Explorer kinda sucked for organizing. I wanted to build something that did not modify or touch files itself. It's been a great way to learn Electron. I have to say Electron makes building UI's easy for applications.
My first thought when seeing this was whether I could run it as a docker image… I don’t know what’s wrong with me :P
Nothing. My first thought as well. I have a NAS and a bunch of self hosted apps running on kubernetes. Something like this will be really useful.
There's a rehab app for that.
Great idea. I wish someone creates this in Go that way we don't even need to install php. Just run binary in directory and start browsing.
Most shared web hosting already runs PHP, but anything newer like Node or Go won't generally work unless you have a more expensive hosting plan or cloud offering.
I am still looking for a simple tool to deduplicate, organize, and tag all the photos I have accumulated over the years. Old laptop hard drives, old cell phones, iPhoto libraries, aperture libraries, etc. I want to dump them into a staging area, remove all dupes, and start organizing and tagging them into a folder structure.
Have you looked at DigiKam? It offers directories, tagging (with custom tag hierarchies), deduplication and also face recognition. I think it can do quite a bit more, but I'm not a heavy user, at all. I just use it for keeping track of my modest library and it works great for that.
I will check it out
Another (paid) solution is Imageranger.com (don't have anything to do with them, but installed it for my father). I really like the import function that gets rid of duplicates (dedupes) and that put files into directories (video, photos, etc) and year/months based on how you have set up the import function.

The image viewing interface itself is okay although it might not be as smooth as e.g. Apple Photo (which I feel has its own challenges with how convoluted its image directories are e.g). ImageRanger has also tags and Face Detection and Recognition.

I have only installed the Home edition, and it seems to re-index the images to create thumbnails (relatively fast) if you have stored images on an external disk that is detached/attached between openings of the program. From what I understand, the Professional version does not have this issue as the images are cached (not tested out this myself). I don't think the face Detection and Recognition is on par with e.g. Apple Photo, but haven't tested it extensively enough to say that with 100% certainty.

What I like most about ImageRanger is its import functions and the way it stores the images in common folders and subfolders based on preferences and not in a convoluted DB.

I'm writing PhotoStructure to do exactly this task!

My to-do list is still long, but I'm plugging through it and I believe PhotoStructure already has the most robust tag extraction, inference, and image deduplication heuristics around, and has a novel browsing approach that scales well to very large (100k+ - 1mm+) libraries.

https://photostructure.com/faq/why-photostructure/

(Disclaimers: I'm the solo author, and although I am an open source author, PhotoStructure is commercial software. There are both a free and paid tiers of functionality: details are on the pricing page.)

I use https://sye.dk/sfpg/ myself, another single-file PHP photo gallery.

It's less polished, but it's free.

There are plenty of these.

This submission is notable is because it's free and polished.

    --- Edit ---
AH, DAMN. It is NOT indeed free, at least not as demoed.

The child comment below is 100% correct.

It also pulls piles of stuff from cdn.jsdelivr.net and can't function without it. That's no bueno.

> the original submission is free and polished

No, it's not free. Every time you load up the page to view your own files with files.gallery, a big honkin' pop-up shows up instructing you to buy a $40 license for additional features:

Purchase a license [$39] to unlock features and support dev! - Remove this popup - Upload - Download folder - Code and text editor - Create new file - Create new folder - Rename - Delete - Duplicate file - Dedicated support - Multi-user, panorama and much more coming soon! [payment button]

The files.gallery website only hints at this restriction at the very bottom of the page in the "License" section, which devs would expect to mean an OSS license: "Files is free to use with basic features. To remove the license-popup and unlock additional features, you may purchase a license [$39] from within the app."

Now if you look at the rest of the landing page you can see it very carefully does not mention the ability to use basic file browsing features so that it's not technically a lie to present a tool that can "browse files and folders without complicated installations" that doesn't allow you to do anything more than download your own files without opening your wallet.

The dev is just another hustler.

... and you are correct! Edited my comment above to reflect that.

> The dev is just another hustler.

But this was really uncalled for even if this does look kinda deceiving and dark-pattern-ish.

> The dev is just another hustler.

Are you working for free or do you ask for a salary from your employer?

When you try and obfuscate the fact that it is a purchased product, it makes one a hustler. This is no different than the many click-bait sites that offer -free- stuff that are actually purchased items.
It's not obfuscated, the landing page says the following under the section "License".

> Files is free to use with basic features. To remove the license-popup and unlock additional features, you may purchase a license [$39] from within the app.

"Free download": pity that phrase can't be erased from the Internet.
Maybe the dev isn't very clear about this. I agree it could be more clear up front.

But does this mean devaluing their work by calling them "just another hustler"? I believe this isn't necessary.

And sadly it totally devalues your comment for me.

> I agree it could be more clear up front.

More upfront than under the "License" section on the landing page?

Which is at the bottom? It's like that by design.
I think what is worse is the fact that it is not a "one file app", and rather a php script that pulls in many js scripts of the net.
I just want to say that the minimal design of the site feels very pleasant to me. Some days I struggle to make the simplest things feel right even with tools like Tailwind. Well done!
I like what I see on the site and in the comments here. Im looking forward to checking this out more maybe.

Im kind of surprised that as a species we dont have a conclusive ubiquitous solution to the foggy problem of digital photo storage / management. So many of my photos are just in drawers on old hard drives and phones.

Anyway maybe its getting better. Or maybe Im just stupid.

I understand the risks of this approach, but I just dumped everything into google photos and I'm very happy with how it's working for now. I do not miss the days of keeping track of those devices at all.
The thing about Google photos that explodes my brain is that if I use albums to share with family members, Google prioritizes the use case of the recipients _joining_ the album and _adding_ my photos to their own albums. Google is trying to use me as a way to get my family members signed up for Google photos.

Then my family is confused about where photos live, etc.

Yeah, I made a Google Photos album to send a link to various potential contractors to show where I want some work done on my house, and since the Photos app for Android has the relevant URI registered, the link gets opened with it instead of just the browser, and the first thing the app does is a very prominent "join" CTA. Then the next person to view the album sees them as a member, gross. It works great incognito though, where the browser doesn't hand off links to any apps regardless of URI registration.

Might try something like this instead.

“Open this link in incognito mode” is a tall order for my family, much less a contractor.
Oh yeah it's totally not happening. I'm going to play around with framing or reverse proxying it so the URL in the address bar isn't a registered one.
That was my solution since 2011, but just a few months ago I bought a nas that came with a Google Photos clone and moved everything over to that. Too scary knowing that Google can and will lock me out of my account at any time and forever.
I did the same, but with Apple Photos. I have a hard drive that holds an offline copy of the library too, which is nice.
The answer is simple, it's just kind of says an ugly thing about how computing has shifted; it's essentially the same reason e.g. the iPad didn't have a file manager.

Interfaces got really good and slick at the same time it became profitable/useful to alienate people from their own data for profit.

Files have some drawbacks... they're difficult for multiple people to work on together (slides). They're often not easy to organize, and they're often not available where you want them.
If you use something like Syncthing[0] (great, can recommend) you'll get them available exactly where you want them: on all your devices.

The only real problem with it is conflicts, where one file is edited simultaneously on two devices. I think Dropbox has solved that (?), but I'd rather keep my data on my own computers.

Syncthing handles conflicts about as elegantly as possible, I think?
They do, but it's still a PITA when one comes up. It's great with KeepassXC database files because you can use the Merge databases function to manually merge the two databases (then delete the .sync-conflict).
You can have other interfaces in addition to the files, that discourage, perhaps strongly, getting to them directly.

But it's always been straight up evil to completely remove all meaningful access to them, and yet Apple et al chose to go in this direction.

"Et al"? Google provides a file manager for Android.
Google's definitely better, but let's not pretend that the file manager experience is equivalent to any of the desktop OSs.
It seems that the default desktop file managers haven't received a lot of developer love in the past two decades either.

Android has good third party file managers though, like Solid Explorer.

I've been using Xplore on Android for ages. It's an amazing file manager.

With it's SSH, SMB, and Wifi-Filetransfer it has so far outclasses most desktop filemanagers that I have tried.

It might not be stock, but it's easy to get from the app store.

Thats really interesting, I never thought about the fact that restrictive seeming mobile apps shift focus from local file storage to remote db file storage via apps.
> Instructions > Simply download index.php, drop into any folder and view from browser

This is really where PHP shines. I find it really sad to see what PHP has become, just because people keep wanting to use it for complex stuff…

Yes, the Second Coming Of Java that was PHP5 was where PHP lost its DIY magic.
The magic of PHP is it’s fantastic backwards compatibility. You can still execute PHP4 spaghetti code in PHP8.

As side effect it even executes faster and uses less resources for it.

Executes faster and uses less resources for probably providing remote exploit opportunities :-))
Name one remote exploit hole in PHP that can't just as easily be replicated in Python, Node or Ruby.
This one:

> PHP4 spaghetti code

If your spaghetti code has a good test coverage -> no problemo.
In your experience, how much PHP4 spaghetti code still alive has good test coverage? :-)
Does anyone know any open source library that provides this feature as a widget for a web app?

I’d love to use Rails active storage + S3 to allow users to have a “mini Dropbox” inside my web App; the only one I could find that was nice enough was CKFinder, but it’s not open source and it’s tied to a Java or PHP backend as well.

This is the Flickr-style photo layout that I love, but I want it in a static site generator. Does such a generator exist?
`php index.php > index.html` should work, or from your browser “Save As…” index.html
That's a work-around, but not ideal. What I'd love to find is some CSS/JS that can build the beautiful Flickr-style[0] photo grids that I could integrate into a Hugo generator.

[0] Flickr, for those who haven't used it much, came up with a unique way of displaying photos in a "justified" view so that there are no gaps between photos in a page full of images of various dimensions and orientations and so that all images stretch all the way to both edges and and are organized into neat rows with no vertical gaps. Example: https://www.flickr.com/photos/defender90/albums/721576700986...

The output is very polished and fast, I like it a lot. Unfortunately it's not technically a single file as it depends on code downloaded from their server, therefore it can't be deployed locally without Internet connection.

From the forum:

"In terms of license, you don't need an internet connection. However, Files app loads it's own Javascript, CSS and several plugins from CDN (jsdelivr.com), and this requires internet. We already have a request to allow serving all assets locally (as an option), although in your case that might not be practical as this means Files app is essentially no longer a"single file", but multiple files that you need to be included with each installation (although you could assign a global path perhaps). In any case, for now it's not possible to load Files app without internet."

A zip package containing all the files will be a single file as well :-)
Weird, they could embed all of this in the php file and echo it, keeping it one file.
They sure could with a build script that just dumped all those resources into the single PHP file. It looks generated anyway.
> In any case, for now it's not possible to load Files app without internet

This is a major turn-off IMO. One of the main points of self-hosting is that you don't rely on the outer internet. If a self-hosted service relies on externally hosted resources, does this make it partially self-hosted?

Well, they can simply embed the static resources in the PHP file itself, why not?
Or even simpler just download the JS and put it next to the script if single file isn't a hard requirement (which I don't see a use case for besides simplicity)
> which I don't see a use case for besides simplicity

There is a use case for that. Maintainability. Drop one file to start. To delete, delete the file. To upgrade, replace the file.

For example, I really like tiddlywiki because no matter where or what, I only have to deal with and track 1 file.

It’s impressive what they’ve accomplished with just one file full of custom content. Even upgrading is possible.

I suppose? Replace "file" with "non nested folder" and you get the same result. An html doc + 2-3 javascript files isn't a nightmare to deal with.
Yeah. There are easy tools to use to automate it as well if they're relying on it to be updateable from other JS build tools and so on.
> though in your case that might not be practical as this means Files app is essentially no longer a"single file"

First off, its already not a "single file" you need a PHP interpreter.

Secondly, you can cram the JS and CSS into a .phar file, the performance is horrible, but it's probably not noticeable in this scenario.

It is a single file—that you need an interpreter does not change that fact. It's assumed that the user already has the interpreter.

You can cram the JS and CSS into the PHP file itself, no phar needed. Performance change is unnoticeable on any modern machine.

I don't understand the marketing behind "single file" projects like this anymore. Sure, it was a very neat and useful thing to have back when everyone was deploying their sites by uploading in Filezilla. But today we have everything in a single container which seems far more useful and maintainable.
What do you mean "have everything in a single container"? Many users want to view or manage some files in a folder, and then delete the app shortly after. It doesn't get easier than dropping a single file, and then deleting it afterwards.
When I’m working on something and need to poke around in a MySQL database, one of the things I rely on is adminer. One wget and I can log in graphically and see the database.

Afterwards, I just delete and that’s it.

I think it makes sense in this particular case. I was actually looking for something like this for a while.

I just want a glorified `autoindex on`. I don't want to manage an extra container just for that.

(I'm speaking in regards to the file viewer option, looks like there's also a file manager option on the pro version and I have a bit more mixed feeling regarding that)

I think there's problem but it's elsewhere. Sure it's a single file, yes. However in order to run it you need a php interpreter, which I for example, do not have installed and an internet connection. But that would go for just about every scripting language in one form or another. Sure, just about every linux distribution has python for instance and same goes for macos afaik. This isn't the case for windows however(again afaik). Package it into a single binary file and I'd be all up for it: I do love AppImages.
> that would go for just about every scripting language in one form or another

You could use bash and be supported on almost every unix-a-like OS¹, or plain-'ol sh for even wider compatibility. You'd need to configure CGI/FCGI as well as dropping the script(s) in, but you have to do similar work for PHP/python/other if you don't already have them installed and configured for the site/directory in question.

[1] and others: it'll work with IIS if the server has a bash/sh interpreter² available

[2] plus any externals that the script relies upon, of course

> back when everyone was deploying their sites by uploading in Filezilla

There are a lot of people still doing this. Some of us have gotten away from it, but I support some people on the side that have multiple projects that still manage it this way and it works for them.

I would not want to be the one to explain to them what docker is, how it works and how to use it.

Oh boy, this may have solved one of my problems. Will try it asap!

Edit: oh, it's not free... I mean, $40 isn't bad, but then I expect a decent level of support. Also, $40 for... a year, a life?

As per [1] from below -

Apparently it's a nag-based paid software with an otherwise restricted feature set. This is not clearly explained on the page.

In fact, it looks like the site goes out of its way to try and pass for free software - the Demo is NOT of what you are actually downloading, no pricing info, no mention of Basic vs Full versions anywhere, including the Docs, except for an dull looking blurb at the very bottom on the home page -

    License

    Files is free to use with basic features. To remove the 
    license-popup and unlock additional features, you may 
    purchase a license [$39] from within the app.
The page also pulls a lot of scripts off the Internet on every load, so that too is not explained anywhere clearly and it's absolutely not good for hosting private photo archives.

Despite its good looks it kinda leaves bad aftertaste because of all these shady shenanigans.

[1] https://news.ycombinator.com/item?id=30235138

Shareware
Hidden shareware. Kind of bad.
Most shareware was nagware
WinRAR was a great example. Now we have 7zip and PeaZip. Things evolve.
Before that, we had WinZip, which is still around and trying to sell its program suite.
Most shareware was upfront about being paid.
No pricing info?

"Files is free to use with basic features. To remove the license-popup and unlock additional features, you may purchase a license [$39] from within the app."

I've not tried this but as it's php, couldn't you just edit the file?
Not really. This index.php is just a wrapper as it will refer their .js/.php which you have no control of. To use it fully you'll have to write those as well, at which point you can just start from scratch on your own terms.
So is it running arbitrary PHP on my server if I run this?
Of course not. Index PHP contains ALL the PHP, while CSS and Javascript are loaded into the browser for the interface.
> No pricing info?

Not clearly visible until you scroll down to the very bottom, no. Most paid projects like this (that I have seen, anyway) have clear pricing info on the front page, or at least a Pricing item in the navigation bar. This site has neither. I feel like this is a bit misleading as you're immediately told to download the file, then perhaps discover that it is paid software later (or once you've already installed it), but I am willing to assume incompetence on the developer's part here.

There is also this gem.

> Add username and password to protect your Files app by login. You can encrypt your password by using our md5() hash tool if you don't want the password to be exposed in the PHP file.

Now I realize it's probably not using md5, but it does not bode well.

[1] https://www.files.gallery/docs/config/#password

It looks like it links down to the PHP `password_hash` function, and there's this gem in the documentation [0]:

> If your pepper contains 128 bits of entropy, and so long as hmac-sha256 remains secure (even MD5 is technically secure for use in hmac: only its collision resistance is broken, but of course nobody would use MD5 because more and more flaws are found)...

Which means whoever developed this file photo app may have read this clear shot at MD5, and still used it anyways. That's kinda funny.

[0] https://www.php.net/manual/en/function.password-hash.php

I checked, they use md5 extensively.
md5() is used to hash names for cache, not for anything security related. For login, it uses PHP password_verify()
For most of the 2000’s shareware was the default software revenue model. I vastly prefer it to today’s subscription soup.
Then maybe put a 'Purchase' button in the navbar. It's very easy to miss the 'license' portion at the bottom of the page.
> The page also pulls a lot of scripts off the Internet on every load, so that too is not explained anywhere clearly and it's absolutely not good for hosting private photo archives.

Well to be fair, that can be explained by the whole 'drop this PHP file in and wham' model they are going for. Personally I would not advertise / make something like this as the single-file model becomes more and more of a constraint as the project evolves. It feels needlessly limited just to fit the single-file goal.

They could bundle all the JS into the PHP file, though.

In my more noobie days, I had PHP _generate_ JS.

> The page also pulls a lot of scripts off the Internet on every load

It loads 14 resources from https://cdn.jsdelivr.net/npm/

Does that make it a 15-file photo gallery and file manager?
Absolutely.

This also makes it completely broken if these dependencies are inaccessible or go missing.

Or, god forbid, a supply chain attack on your file manager. Thankfully, it's using pinned versions, so it's not as bad as if could be.
(comment deleted)
(comment deleted)
* Not free (mostly crippleware)

* Requires a server to run (you don't just 'open from browser' as instructed

* CDN-dependent

This...is not terribly good or useful.

(comment deleted)
I only get this when loading the page:

This page crashed. Cannot read properties of undefined (reading 'destroy')

These were the knees beeswax back in the day.

I’m sure there are still dozens of open source alternatives floating around - some surely even maintained!

I really don't mind charging for software, as developers need to eat as much as the next person. $39 for something like this is really not excessive.

But I think it could have been made clearer that (1) you only download one file but it loads more from their CDN, it's not truly "single file" and (2) the free version is heavily limited and gated with a pop-up.

That said, I like the demo - it looks really slick and has a lot of features.

Does it at least specify hashes for files from CDN?