← Back to Home

About XENDrop

A modern file-sharing platform built for speed, security, and temporary collaboration.

What Is XENDrop?

XENDrop is a file-sharing platform designed for individuals, teams, and organizations that need to move documents quickly without long-term cloud storage commitments. It combines a Flutter Web frontend with a PHP API backend and MySQL database — delivering a SaaS-grade experience with minimal friction.

Whether you are sending a report across town or collecting CVs from applicants, XENDrop gives you a dedicated session with a unique ID, optional password protection, and automatic cleanup after 48 hours.

How Remote Sharing Works

When you create a session, the API generates a unique identifier (for example, NRD-8F3K9A21) and stores it in the database with an expiry timestamp. Uploaded files are linked to that session and stored in an isolated server directory.

  • Recipients access files via the session ID and share URL.
  • If a password was set, it must be supplied for upload and download.
  • The Flutter Web app and API communicate over HTTPS JSON endpoints.
  • Multiple files can be listed or downloaded as a single ZIP archive.

48-Hour Expiry System

Every session is created with an expires_at timestamp set to 48 hours from creation. After expiry:

  • Upload and download requests are rejected with a clear expired status.
  • The delete_expired.php cron job removes database records and physical files.
  • No manual intervention is required — reducing data retention risk.

This design supports compliance-friendly workflows in healthcare, HR, and legal contexts where documents should not persist indefinitely.

Security Design

Session-Based Access

Files are only reachable through valid session IDs. Random alphanumeric IDs reduce guessability.

Password Protection

Session passwords are hashed with PHP password_hash() before storage. Plain text is never saved.

Input Validation

File types, sizes (50MB max), and session fields are validated on every API request.

Upload Isolation

Each session has its own folder. Script execution is blocked in the uploads directory via .htaccess.

API Endpoints

  • create_session.php — Create a named session with optional password
    POST JSON
  • upload.php — Attach files to a session
    POST multipart
  • download.php — List files, download single file, or ZIP
    GET / POST
  • delete_expired.php — Scheduled cleanup of expired data
    Cron

Future Features

XENDrop Phase 1 establishes the core remote-sharing infrastructure. Planned enhancements include:

  • Local network sharing — Direct device-to-device transfers without internet.
  • Native mobile apps — Android APK and iOS builds with background sync.
  • Enhanced admin dashboard — Session analytics and usage insights.
  • End-to-end encryption option — Client-side encryption before upload.
  • Custom expiry windows — Configurable 24h / 48h / 72h per session.
Launch XENDrop Web App →