PixlKey is a secure PHP-based platform for digital artists and content creators to upload, watermark, license, and register their digital artwork. The system ensures verifiable ownership, metadata preservation, and flexible licensing—tying these not just to the artwork file, but to its unique cryptographic fingerprint (SHA-256 hash).
The core goal of PixlKey is to create a searchable, decentralized registry of digital images, ownership rights, and licensing, anchored by each image's cryptographic fingerprint rather than just file content or metadata. This enables:
- Verifiable proof of authorship and modification history.
- Immutable links between artwork, metadata, and license.
- A decentralized-friendly, off-chain registry system for provenance.
- Rights management that is resilient across formats, platforms, and duplicates.
- Upload high-resolution artwork (PNG, JPG, WebP up to 200MB).
- Apply dynamic or default watermarking via user controls.
- Embed metadata and author statements using ExifTool.
- Generate markdown certificates of authenticity.
- Package processed image, thumbnail, metadata, and cert into a ZIP.
- Persist image fingerprint, metadata, license ID, and ownership to a relational database.
- Allow users to manage watermark and license templates.
- Extract and publish signed metadata reports from processed files.
- ✅ Regenerate session ID on login to mitigate fixation attacks. (Implemented in
auth.phpandlogout.php) - Strict
runIdsanitization and ownership checks in download & store logic. - Rate limiting and brute-force protection on login/registration endpoints.
- CSRF failure, login, and download event logging for audit and security.
- Validate required environment variables (
DB_PASS,DB_NAME, etc.) at runtime. - MIME-type validation for uploads (
mime_content_type) in addition to file extension checks. - Restrict watermark and upload directories to correct permissions (
0700,0750). - Centralize config values like
$allowedExtensions, watermark paths, and max file size into.envorconfig.php.
- Refactor monolithic
store_data.phpinto modular handlers per table (e.g.,Artworks,Images,Submissions). - Replace silent errors (
@unlink,die()) with structured logging and exception handling.
- Backend: PHP 8+, ImageMagick, ExifTool, MySQL/MariaDB
- Frontend: Vanilla JS, dynamic HTML form generation, live processing feedback
- Security: Session hardening, CSRF protection, XSS filtering, SQL injection prevention
- Persistence: UUID-based relational schema with SHA-256 image fingerprinting
- Optional:
.envconfiguration viaphp-dotenv
- ✅ Session ID regeneration on login and logout to prevent fixation.
- ✅ Secure cookie flags:
HttpOnly,Secure,SameSite=Strict. - ✅ CSRF token protection on all forms.
- ✅ Passwords hashed with
password_hash()and verified withpassword_verify().
- Core upload, watermark, and metadata functions complete.
- Testing phase: security, concurrency, and error handling enhancements in progress.
- Stable builds pending rollout after roadmap completion.
| Path | Description |
|---|---|
/app/auth.php |
Session, login, and CSRF helpers |
/app/jobs/store_data.php |
Database ingestion from processed image package |
/app/tools/metadata_extractor.php |
CLI markdown metadata export |
/app/functions.php |
Watermarking, cleanup, and UI helpers |
/public/my_licenses.php |
License management interface |
/public/my_watermarks.php |
Watermark upload and default selection |
/public/process.php |
Core upload → watermark → ZIP pipeline |
MIT License — see LICENSE.md for details.
For issues, contributions, or inquiries, contact jweese74@gmail.com or open an issue in this repository.
This project is the product of passion, experimentation, and late-night coffee—not professional software engineering. If you're a developer with experience in PHP, image processing, security, or UI/UX and want to contribute, your help is welcome.
- Audit or improve security (sessions, uploads, input validation).
- Refactor monolithic logic into modular components.
- Help build a REST API for interoperability.
- Enhance frontend UI/UX or make it mobile-friendly.
- Add unit or integration tests.
- Improve accessibility or error handling.
Whether you're seasoned or still learning, your input could help transform PixlKey into something lasting and resilient.
🛠 “I’ve fumbled it this far—now I’m calling in the pros.”
— Jeff Weese, Project Maintainer
- Fork the repo
- Check open issues or roadmap items
- Submit a pull request with a short description
- Or just open a discussion—we’re friendly!