Kwalbum exists as a way to document life through pictures and other media. When you add pictures, you fill in the location they were taken and that's all you need. The date and time are taken from the jpeg's EXIF data along with any GPS data found. People, tags, and descriptions can easily be added later if desired.

A working version can be found on TJShikes.com. Please note that the website is in the middle of being redesigned so not all pages will appear as intended. Another version is at http://forgothow.happyforever.com/. That site has around 12,000 pictures and is running on a 600Mhz Pentium 3 home PC.

The first version was started in 2003 as a way to simulate having pictures in several photo albums with multiple albums having some of the same pictures. All pages were created using a single template file. Albums had the option of including a different file if they wanted to overwrite the default theme. It was written in an object oriented way, but was created with very little advanced planning and in an “add features as I need them and have free time” way. It also offered the ability for users to be given special permissions for each album and for albums to be publicly accessible to anyone that knew the album's password.

The current version was rewritten from scratch in 2008 after Tim grew tired of having to decide what album(s) to put the pictures in when adding them. It was designed with the thought that memory is based on when in the past something happened and where it happened. In memory, a location can be a city visited, a river traveled down, or an event attended, not just the physical location. Kwalbum also uses a Google Map for images that have been geotagged.

being designed

1. Download the latest version from SourceForge.net and unzip it
2. Make sure ImageMagick is installed on the server to create thumbnails
3. Make sure the GD library for PHP is installed on the server if you want people to be able to register
4. Edit config.php in the subdirectory include/
5. Edit setup.php
6. Upload the Kwalbum directory and all files in it
7. Make the Kwalbum directory writable by the web server if needed.
8. Open setup.php in your web browser to create the item directory and the tables in the database
9. Make the Kwalbum directory unwritable by the web server if you had changed it earlier
10. Delete setup.php
11. Log in

Versions 2.0 to 2.0.4 were listed as having an Arbitary File Upload Vulnerability. All file types were intentionally allowed to be added as items. If PICS_PATH was located in the web root and the wrong person was accidentally given upload permission or gained access to an account with that permission, they could upload a PHP file and cause a world of trouble. Version 2.1 and above removed the potential threat by reverting back to version 1's rule of only allowing certain file extensions. Also, some sites list the problem as being related to the ReplaceBadFilenameChars() function, when in reality that function's only purpose is to “Remove characters that may cause errors when resizing.” Some sites also list all versions before 2.0 as vulnerable which is incorrect.

Before anyone can add pictures to your album, you have to give them permission. The page to change user permissions is linked to from the Admin page. The user permission page allows you to set users to four levels and delete their accounts. The four levels are regular, can view, can add, and is admin. Regular is the same as when someone is not logged in except that they can create an album of their favorite items and can view items marked as only visible to members. Can view sets the user as privileged so that they can see items marked as only visible to privileged members. Can add sets the user to privileged and gives them permission to upload files and edit anything they have added. Administrator gives permission to do everything.

Items can be set to four levels of visibility: public, members only, priviliged only, and admin only. Public is visible to everyone including search engines. Members only is visible to anyone that registers and logs in. It's main purpose is to keep pictures off of search engines. Privileged is only visible to members set as can view. Admin only can only be set by users set as admin and is only visible to other admins.

This entity relationship diagram is of the database for version 2.2 and was created with MySQL Workbench