All calls to the API are going through the api.php where every $_POST gets escaped. I'm not an expert when it comes to SQL injection, but I think this should prevent it. See line 61 in php/api.php. It would be great to know if this actually helps or not.

Having read your code and quickly brushing up the little bits of PHP knowledge from years ago, I'd say it helps only a little. mysqli_real_escape_string alone doesn't protect you completely from sql injection attacks, it just makes it harder - see the second answer at http://stackoverflow.com/questions/5741187/sql-injection-tha... for an example. Also, the homegrown $albumID validation allows bad payload to reach mysqli_real_escape_string().

Thanks! Good to know.

i haven't looked at the code, but you really should switch to prepared statements. they make your code cleaner and more secure (and maybe faster, but that's pretty negligible in this case). have a look at PDO.

I will. Thanks for the notice!

Thanks! Donations are welcome :)

No - you didn't read what (s)he wrote. You should charge. Charging people real money gets you real users who give you real feedback. It allows you to allocate more money to the development of the project.

Providing this tool for free is a cost to you.

Sure, allow a certain number of photos free of charge and charge for more.

I also agree. I want to pay for this, not donate. This can be very important for my personal needs and I want to rely on it. If I donate, I don't get the feeling that the project is moving forward.

Simple solution, they provide a package that is the program and a friendly service contract which provide help setting it up or adding customization.

OK, seems everybody wants to pay per copy, am I rite? I think that is a pretty bad idea that will slow down adoption and development. Yes, this is an open-source project and more developers could help out. I think developers are less likely to jump on the wagon to help out a duo that gets all the money. Instead, don't try to monetize this now. Make adoption and interest grow. Then sell a hosted variant at lychee.io, Wordpress stylee. Or be more imaginative than that and come up with a better idea.

Great software anyways! Thanks!

Make something of value -> now sell it.

Why be more imaginative? It sounds a pretty simple offering to me, and is highly transparent.

A hosted variant isn't a bad idea (I was going to ask if there were recipes for EC2, Docker etc... some people might want to "self" host on a machine they control) but it's more "value added" than the original codebase.

Many developers have been selling support for WordPress for a long time. Even back when it wasn't as massively popular as it is now. I wouldn't mind contributing to an open source project where some developers sell support as long as I can fork away when there is a disagreement (read: permissive license).

That's ok, but that's a services business. That means committing time. It's difficult to build a fly-wheel that way. I guess you could outsource on oDesk or similar.

I do not think anyone should sell products without understanding the service part of doing business.

if you buy something, people expect someone to be responsible for the product. This mean you got to spend time on providing service, or it get defined by most people as a cash grab.

Oh, of course, provide support (great support at that) by all means. I thought you meant getting into the murky world of custom installations.

1. If the image is to tall/wide it will be scaled to fit into your browser. This happens via CSS. Photos won't be compressed or scaled, Lychee keeps their original quality and dimensions. You can click the 'Full Photo' button on the top right to see the file.

2. Nope. Not at the moment.

3. Does this happen only sometimes or always? Which browser and OS are you using?

I also have the same problem (3). It happens when using chrome 32 on windows 8.0 with full screen mode enabled. The scroll bars appear when I open an image and click the right arrow on my keyboard to switch to the next. For me it doesn't happen if I don't navigate to another image or if I'm not browsing in full-screen mode (f11).

Thanks for the report! I will look into it.

3. Firefox on Linux, but only when I click next to go to the next photo, then it's permanent.

I developed this project in my spare time. It's a self-hosted photo-management-system and a great place to share, store and manage your photos and inspiration. I hope you guys here on HN like it. If you have any questions or feedback, just write it here :) Thanks!

I didn't just like it, I'm really stunned by it. Great attention to details.

Please keep it open source but make it paid (libre but not free as in free beer), so you can develop more features.

Thanks for sharing.

Private albums with a random access token in the url would be awesome (instead of passwords).

On a side note, I'd donate 100 bucks for a Lightroom Sync Plugin any minute.

I second that - I have been looking for something like this, but it would be extremenly conventient to be able to upload directly from LR.

Another request - I love the free flow, tiled display of images a la Flickr photostream - any chance that could be an option?

Otherwise, great job! - I was pleasently surprised at the quality of this applications.

Based on playing with the demo, I'd move to this in a heartbeat if there was a Lightroom sync plugin. (and would donate!)

Lightroom Plugin would be fantastic, I agree.

Hey I had sent you an email to the email address listed in your domain's WHOIS. Is there a better way to get a hold of you?

This looks really good. A couple questions:

1) Is there any kind of RAW file support? 2) Does the software de-duplicate uploaded images?

RAW files are not support and every photo is uploaded and stored with its own copy.