|
PHP - Suppressing Browser Security Warning Pop-up
I have a php program that presents a form which is hosted on a secure site. Once the form is submitted, I have a "Continue" button to open a new browser window which is not on a secure site. When that happens Windows pops up a security warning with some scary text. Users have freaked out and thought the data they just submitted on the form was now seen by everybody on the Internet.
I understand there are security settings in the different browsers and I'm guessing I have no control over those, but... how can I move from an https: site to an http: site without my users getting that warning box? How can I code my own pop-up message instead of the Windows pop-up? Similar TutorialsHi friends,
Another security issue but this time its regarding outputting data from a DB to a browser. Please have a look at the code below which displays some output fetched from a DB and sends it to a browser.
1. If I just wish to display this output on a screen and not provide the user with any buttons or hyperlinks to interact with the information, would I still need to sanitize the output before echoing it to the screen ?
2. If I was to make at least one of the fields a hyperlink, so that I could then display some related information on another webpage, what security concerns would I need to address in my code?
3. If I was to add a button against each of these records, on each row, and then select some related information on another webpage after processing the button handler, what would be the security concerns that I should address for the code below.
Thanks very much.
<table>
<tr>
<th> S.No. </th>
<th> Name </th>
<th> Age </th>
<th> City </th>
<th> Cell </th>
<th> Email</th>
</tr>
<?php
$cnt = 1;
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
{
echo "<tr>";
echo "<td>".$cnt++."</td>";
echo "<td>".$row['Name']. "</td>";
echo "<td>".$row['Age']. "</td>";
echo "<td>".$row['City']. "</td>";
echo "<td>".$row['Cell']. "</td>";
echo "<td>".$row['Email']. "</td>";
echo "</tr>";
}
?>
</table>
The bit of code I'm using it on is: if((@include("languages/".LANGUAGE.".php")) != 1) { require("languages/".DEFAULT_LANG.".php"); } But the error is still be produced. I'm using a custom error handler, is there anyway to include the @ in the custom error handler? Hi Everyone I am having a few issues with my website. I have developed in on my xampp local host and it works ok but when I upload the files and try to renew a membership using stripe I get the following messages. Warning: session_start(): Cannot start session when headers already sent in /customers/a/d/f/mywebsite.co.uk/httpd.www/mywebsite/inc/settings.php on line 2 Warning: Cannot modify header information - headers already sent by (output started at /customers/a/d/f/mywebsite.co.uk/httpd.www/mywebsite/procedures/payments/charge.php:1) in /customers/a/d/f/mywebsite.co.uk/httpd.www/mywebsite/procedures/payments/charge.php on line 141 I have some includes that appear on every page. This is the bootstrap.php file. This file holds the settings.php which connects to my database and other function files. In this settings page I call the session_start() php function and then connect to my database. I call the bootstrap.php file on every page to there for call the session_start() on every page. I am using sessions alot so is this the right thing to do? I have attached the renew_membership payment page which holds the form. The user fills out the payment page and the form data gets sent to a script called charge.php which uses the stripe objects to make the payment. I then want to do a redirect to the paymentSuccess.php page to output to the user that the payment was made successfully. This is where the issues arrise. I have split the charge file into 3 screen shots so it is more readable. Hope someone can help me. Thanks a lot David
Edited April 26 by Irish_Dave I am running to an issue that I have never delt with before and am not sure if there is even a possible solution: I have two files: fileA and fileB fileA contains a loop that loops 30 times each time its called. in the loop there is a 2second delay $i = 1; do { $i++; sleep(2); if(!isset($_SESSION['user']) { break; } } while($i < 31); if fileB i have a simple destroy session $_SESSION = array(); session_destroy(); I call both files via ajax, and that is where i run into my problem. if I call fileA first, then call fileB through ajax, the code in FileB does not execute until fileA has run its course. Is it possible to get around this? Like set the priority of one over the other?
<?php
if(isset($_POST['submit'])){
$name = $_POST['name'];
}
?>
<form method="POST" action="hist1.php">
<br />
<input type="hidden" name="name" value="<?php echo $name ?>" />
<?php
$q = mysql_query("SELECT * FROM histact1 ORDER BY RAND() LIMIT 1");
while ($r1 = mysql_fetch_array($q)){
$id = $r1[0];
$question1 = $r1[1];
$opt1 = $r1[3];
$opt2 = $r1[4];
$opt3 = $r1[5];
?>
<div class="Qset" id="q1"><br /><br />
<label class="items">1st Question :</label> <br />
<center>
<textarea class="textareaQ" name="question1" readonly><?php echo $question1; ?></textarea>
</center>
<br /><br />
<p class="marA">
<input type="radio" name="rad1" value="<?php echo $opt1; ?>" />
<label class="lbl"><?php echo $opt1 ?></label><br />
<input type="radio" name="rad1" value="<?php echo $opt2; ?>" />
<label class="lbl"><?php echo $opt2 ?></label><br />
<input type="radio" name="rad1" value="<?php echo $opt3; ?>" />
<label class="lbl"><?php echo $opt3 ?></label><br />
</p>
</div>
<div class="lr">
<center>
<br /><br /><br /><br />
<a class="nxt" href="#q2"><label title="Proceed to 2nd Question">Next</label></a>
</center>
</div>
<br /><br /><br />
<center><hr width="90%" /></center><br />
<?php } ?>
<br /><br />
<?php
$q = mysql_query("SELECT * FROM histact1 ORDER BY RAND() LIMIT 1");
while ($r1 = mysql_fetch_array($q)){
$id = $r1[0];
$question2 = $r1[1];
$opt1 = $r1[3];
$opt2 = $r1[4];
$opt3 = $r1[5];
?>
<div class="Qset" id="q2"><br /><br />
<label class="items">2nd Question :</label> <br />
<center>
<textarea class="textareaQ" name="q2" readonly><?php echo $question2; ?></textarea>
</center>
<br /><br />
<p class="marA">
<input type="radio" name="rad2" value="<?php echo $opt1; ?>" />
<label class="lbl"><?php echo $opt1 ?></label><br />
<input type="radio" name="rad2" value="<?php echo $opt2; ?>" />
<label class="lbl"><?php echo $opt2 ?></label><br />
<input type="radio" name="rad2" value="<?php echo $opt3; ?>" />
<label class="lbl"><?php echo $opt3 ?></label><br />
</p>
</div>
<div class="lr">
<center>
<br /><br /><br /><br />
<a class="nxt" href="#q1"><label title="Proceed to 1st Question">Back</label></a> |
<a class="nxt" href="#q3"><label title="Proceed to 3rd Question">Next</label></a>
</center>
</div>
<br /><br /><br />
<center><hr width="90%" /></center><br />
<?php } ?>
<br /><br />
<?php
$q = mysql_query("SELECT * FROM histact1 ORDER BY RAND() LIMIT 1");
while ($r1 = mysql_fetch_array($q)){
$id = $r1[0];
$question3 = $r1[1];
$opt1 = $r1[3];
$opt2 = $r1[4];
$opt3 = $r1[5];
?>
<div class="Qset" id="q3"><br /><br />
<label class="items">3rd Question :</label> <br />
<center>
<textarea class="textareaQ" name="q3" readonly><?php echo $question3; ?></textarea>
</center>
<br /><br />
<p class="marA">
<input type="radio" name="rad3" value="<?php echo $opt1; ?>" />
<label class="lbl"><?php echo $opt1 ?></label><br />
<input type="radio" name="rad3" value="<?php echo $opt2; ?>" />
<label class="lbl"><?php echo $opt2 ?></label><br />
<input type="radio" name="rad3" value="<?php echo $opt3; ?>" />
<label class="lbl"><?php echo $opt3 ?></label><br />
</p>
</div>
<div class="lr">
<center>
<br /><br /><br /><br />
<a class="nxt" href="#q2"><label title="Proceed to 2nd Question">Back</label></a> |
<a class="nxt" href="#q4"><label title="Proceed to 4th Question">Next</label></a>
</center>
</div>
<br /><br /><br />
<center><hr width="90%" /></center><br />
<?php } ?>
<br /><br />
<?php
$q = mysql_query("SELECT * FROM histact1 ORDER BY RAND() LIMIT 1");
while ($r1 = mysql_fetch_array($q)){
$id = $r1[0];
$question4 = $r1[1];
$opt1 = $r1[3];
$opt2 = $r1[4];
$opt3 = $r1[5];
?>
<div class="Qset" id="q4"><br /><br />
<label class="items">4th Question :</label> <br />
<center>
<textarea class="textareaQ" name="q4" readonly><?php echo $question4; ?></textarea>
</center>
<br /><br />
<p class="marA">
<input type="radio" name="rad4" value="<?php echo $opt1; ?>" />
<label class="lbl"><?php echo $opt1 ?></label><br />
<input type="radio" name="rad4" value="<?php echo $opt2; ?>" />
<label class="lbl"><?php echo $opt2 ?></label><br />
<input type="radio" name="rad4" value="<?php echo $opt3; ?>" />
<label class="lbl"><?php echo $opt3 ?></label><br />
</p>
</div>
<div class="lr">
<center>
<br /><br /><br /><br />
<a class="nxt" href="#q3"><label title="Proceed to 3rd Question">Back</label></a> |
<a class="nxt" href="#q5"><label title="Proceed to 5th Question">Next</label></a>
</center>
</div>
<br /><br /><br />
<center><hr width="90%" /></center><br />
<?php } ?>
<br /><br />
<?php
$q = mysql_query("SELECT * FROM histact1 WHERE question != '$question1' AND question != '$question2' AND question != '$question3' AND question != '$question4' ORDER BY RAND() LIMIT 1");
while ($r1 = mysql_fetch_array($q)){
$id = $r1[0];
$question5 = $r1[1];
$opt1 = $r1[3];
$opt2 = $r1[4];
$opt3 = $r1[5];
?>
<div class="Qset" id="q5"><br /><br />
<label class="items">5th Question :</label> <br />
<center>
<textarea class="textareaQ" name="q5" readonly><?php echo $question5; ?></textarea>
</center>
<br /><br />
<p class="marA">
<input type="radio" name="rad5" value="<?php echo $opt1; ?>" />
<label class="lbl"><?php echo $opt1 ?></label><br />
<input type="radio" name="rad5" value="<?php echo $opt2; ?>" />
<label class="lbl"><?php echo $opt2 ?></label><br />
<input type="radio" name="rad5" value="<?php echo $opt3; ?>" />
<label class="lbl"><?php echo $opt3 ?></label><br />
</p>
</div>
<div class="lr">
<center>
<br /><br /><br /><br />
<a class="nxt" href="#q4"><label title="Proceed to 4th Question">Back</label></a> |
<input type="submit" title="Submit Answers" name="submit" class="submit" value=" Submit " onclick="return confirm('Are you sure you want to submit your answers?\nYou can review your answer by click the Back link')" />
</center>
</div>
<br /><br /><br />
<center><hr width="90%" /></center><br />
<?php } ?>
</form>
Edited by mac_gyver, 09 October 2014 - 10:51 AM. code in code tags please So I am tryting to create a script to upload a CSV file into a MySql DB. It has like 10K records into SQL
My Code is copy below ...
I get the following errors.
Line 16 is the $handle
line 18 is the While Statement
Error:
Warning: fopen(): Filename cannot be empty in C:\local\htdocs\ADPStorage\DemandCSV.php on line 16 Warning: fopen()expects parameter 1 to be resource, boolean given in C:\local\htdocs\ADPStorage\DemandCSV.php on line 18 I use my script for another table and it worked like a charm. Less data and less colums do. Bad Code: (good Code sample below. this one)
<?php
$today = date("m.d.y.h.m.s");
echo $today;
$BPTD_fy = '2014';
$BPTD_updatedate = $today;
$conn = mysql_connect("Localhost","root","password") or die (mysql_error());
mysql_select_db("ds_storage",$conn);
if(isset($_POST['submit']))
{
$file = $_FILES['file']['tmp_name'];
$handle = fopen($file, "r");
while(($fileop = fgetcsv($handle, 100000, ",")) !==FALSE)
{
$BPTD_fy = $fileop[0];
$BPTD_Status = $fileop[1];
$BPTD_Classification = $fileop[2];
$BPTD_ProcureCat = $fileop[3];
$BPTD_Product = $fileop[4];
$BPTD_Project = $fileop[5];
$BPTD_DSCategory = $fileop[6];
$BPTD_Calculated = $fileop[7];
$BPTD_CapacityType = $fileop[8];
$BPTD_Amount = $fileop[9];
$BPTD_Jul = $fileop[10];
$BPTD_Aug = $fileop[11];
$BPTD_Sep = $fileop[12];
$BPTD_Oct = $fileop[13];
$BPTD_Nov = $fileop[14];
$BPTD_Dec = $fileop[15];
$BPTD_Jan = $fileop[16];
$BPTD_Feb = $fileop[17];
$BPTD_Mar = $fileop[18];
$BPTD_Apr = $fileop[19];
$BPTD_May = $fileop[20];
$BPTD_Jun = $fileop[21];
$BPTD_Location = $fileop[22];
$BPTD_Env = $fileop[23];
$BPTD_Requester = $fileop[24];
$BPTD_ServiceArea = $fileop[25];
$BPTD_ServiceGroup = $fileop[26];
$BPTD_DepHead = $fileop[27];
$BPTD_Recgroup = $fileop[28];
$BPTD_RecOwner = $fileop[29];
$BPTD_Entrydate = $fileop[30];
$BPTD_updatedate = $fileop[31];
$sql = mysql_query("INSERT INTO inv_bpt_demand (Status, Classification, ProcureCat, Product, Project, DSCategory, Calculated, CapacityType, Amount, Jul, Aug, Sep, Oct, Nov, Dec,
Jan, Feb, Mar, Apr, May, Jun, Location, Env, Requester, ServiceArea, ServiceGroup, DepHead, Recgroup, RecOwner, Entrydate, updatedate)
VALUES ('$BPTD_Status', '$BPTD_Classification', '$BPTD_ProcureCat', '$BPTD_Product', '$BPTD_Project', '$BPTD_DSCategory', '$BPTD_Calculated', '$BPTD_CapacityType', '$BPTD_Amount',
'$BPTD_Jul', '$BPTD_Aug', '$BPTD_Sep', '$BPTD_Oct', '$BPTD_Nov', '$BPTD_Dec', '$BPTD_Jan', '$BPTD_Feb', '$BPTD_Mar', '$BPTD_Apr','$BPTD_May', '$BPTD_Jun','$BPTD_Location',
'$BPTD_Env','$BPTD_Requester', '$BPTD_ServiceArea', '$BPTD_ServiceGroup','$BPTD_DepHead', '$BPTD_Recgroup','$BPTD_RecOwner','$BPTD_Entrydate','$BPTD_updatedate')");
if($sql)
{
echo 'Data Uploaded Successfully';
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>BPT Demand CSV</title>
<link rel="stylesheet" type="text/css" href="file:///C|/local/htdocs/style/style.css" />
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
</head>
<body>
<div id="mainWrapper">
<form method="post" action="https://localhost/Storage/DemandCSV.php" enctype="multipart/form-data">
<input type="file" name="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</div><!--end mainWrapper-->
</body>
</html>
Similar Working code (good)
<?php
$conn = mysql_connect("Localhost","root","password") or die (mysql_error());
mysql_select_db("ds_storage",$conn);
if(isset($_POST['submit']))
{
$file = $_FILES['file']['tmp_name'];
$handle = fopen($file, "r");
while(($fileop = fgetcsv($handle,1000,",")) !==FALSE)
{
$PC_Num = $fileop[0];
$PC_Name = $fileop[1];
$PC_BPTNUM = $fileop[2];
$PC_busclass = $fileop[3];
$PC_Note = $fileop[4];
$PC_Acro = $fileop[5];
$PC_type = $fileop[6];
///echo $fileop[1];
$sql = mysql_query("INSERT INTO inv_names (PC_Num, PC_Name, PC_BPTNUM, PC_busclass, PC_Note, PC_Acro, PC_type)
VALUES ('$PC_Num', '$PC_Name', '$PC_BPTNUM', '$PC_busclass', '$PC_Note', '$PC_Acro', '$PC_type')");
if($sql)
{
echo 'Data Uploaded Successfully';
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Upload CSV</title>
<link rel="stylesheet" type="text/css" href="file:///C|/local/htdocs/style/style.css" />
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
</head>
<body>
<div id="mainWrapper">
<form method="post" action="https://localhost/Storage/Storage_CSV.php" enctype="multipart/form-data">
<input type="file" name="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</div><!--end mainWrapper-->
</body>
</html>
Please help and thx in advance
~J
I'd like to use an application that's not browser based, on Internet Explorer. I've read somewhere that this is possible with a PHP script, but which one? If you can get me on the right track, I'd really appreciate it. Cheers. Hey, so basically this is what im trying to do: I'm writing an mp3 store, and want the user to be able to play the whole track before purchase. Currently all the music files are in a protected folder with permissions set so access isnt possible. The mp3 player calls play.php?fid=encryptedfileid rather than the direct music link. This is all working perfectly. The bit i am now stuck on is stopping the users going to play.php?fid=encryptedfileid directly and downloading the mp3 directly. How do I make it so the server can execute the play.php file, but the user cannot? I attempted to set a cookie in play.php and deny access if cookie was present, however the server also set the cookie, so this didnt work. See play.php code (in this example, fid is just the filename, but it will be more encrypted, calling to a special md5 hash, albumid and artistid). <?PHP // Define the path to file $filename=$_GET[fid]; $file = "music/$filename.mp3"; if(!$file) { // File doesn't exist, output error die('file not occupied'); } elseif(!file_exists($file)) { die('Error: File not found.'); } else { // Set headers header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=$file"); header("Content-Type: application/octet-stream"); header("Content-Transfer-Encoding: binary"); // Read the file from disk readfile($file); } ?> So to clarify, I need the server to access and execute this script with the mp3 player (simple javascript player) and the server not be able to visit play.php?fid=xxx directly to download. Thanks Hi everyone I'm kinda new to PHP and have a couple of questions; 1: How secure is PHP, is it very hackable? Are there things you recommend to make it more secure? 2: I am building a little employee system for staff at a friends company and they can view personal information when they login, as well as ordering stuff with online payment through WorldPay. What is therefore the best and most secure way of handling passwords, logins, data, insert statements etc. I basically want to make it as secure as possible and hopefully learn some new skills Any tips or help would be great Thanks I'm building an e-commerce website using php and mysql and I'm a bit worried about security issues. The website is going to be handling personal information so I want to make sure that it's secure and that no-one can get hold of it. I don't really have any idea about and security issues or problems that I could run into and perhaps you could point me in the direction or some tutorials that would be really great. Also if anyone here has been in the same situation what did you do to make your site as secure as possible? Thanks for any help. Hi, I am currently working on an Invoice System using PHP and MySQL. However I was just wondering if the system I am using is secure enough. The Client gets a link like this: Code: [Select] mysite.com/?customerid=b3e470c55aad30eb38ee52eec1d8cb52 Each client has a unique "id" I also have an ID for the administrative back-end. I do clean the GET variable before querying the database though. Do I need to secure this with anything else or is this enough, as this is my first time creating anything with PHP and MySQL together. Thanks, mme hi php freaks I am using pdo as the driver for my new app the issue is I can't seem to find a clear answer. I want to sanise the vars that are coming into the database but pdo is suppose to fix all the issues. Is this true what other things do I need to watch for when using pdo they must have some flaws. Thanks I really have less idea about website security. Yesterday for the first time I learned website hacking and applied that method to my web page. My webpage was completely down after applying that. Q) To free a site from hacking what techniques are followed? I have nearly finished a website that i am making for my local community, they will be registering on the site and i am wandering what sort of security for the site i should be thinking about. I just dont want someone out there doing something to cause problem with the site and ruining it for everyone else. I want to create an ADMIN directory with several directory under that. I want to be certain that the user cannot log into any of the directory unless they have confirmed login. Is $_session id's the best way to go? Should I create on the flyer and attached to username? What is the best practice for this? Regards, DED Hi everyone, So, like my name says, I'm just a hobbyist PHPer, but I write the occassional PHP application for people, I've been doing it for quite a while and I fear that perhaps my way of securing my applications may be a bit antiquated... I was hoping that you guys/gals might be able to take a look and give me some help with perhaps how I could go about making these apps more secure... So, without further ado, here it is... standard application page, e.g. index.php Code: [Select] <? session_start(); if(!$_SESSION['Condition'] == 'Logged') { header("Location: login.php"); } elseif($_SESSION['Condition'] == 'Logged') { require "connection.inc"; ?> <? } ?> login.php page Code: [Select] <? if(isset($_POST['Login'])) { include_once 'connection.inc'; $count = 0; $query = "SELECT UserID FROM Users WHERE UserName = '$_POST[username]' AND UserPassword = '$_POST[password]'"; $results = mysql_query($query)or die(mysql_error()); $count = mysql_num_rows($results); while($row = mysql_fetch_array($results)) { $UserID = $row['UserID']; } if ($count == 1) { header("Location: loginaction.php?UserID=$UserID"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title></title> <link rel="stylesheet" type="text/css" href="StyleSheet.css" /> <script language="javascript" type="text/javascript"> function loginValidate(form) { if (form.username.value == '') { alert('You must supply a Username.'); form.username.focus(); return false; } if (form.password.value == '') { alert('You must supply a Password.'); form.password.focus(); return false; } else { return true; } } </script> </head> <body> <? include_once 'header.inc'; ?> <div id="LoginBox"> <div id="SubFormBoxHeading"> Log In </div> <form id="thisform" action="<? echo $_SERVER['PHP_SELF']; ?>" onsubmit="return loginValidate(this)" method="post"> <table> <tr> <td colspan="2"> <? if (isset($_POST['Login']) && !$count == 1) { echo '<h3>Wrong Username and/or Password</h3>'; } ?> </td> </tr> <tr> <td class="Labels">Username:</td> <td><input type="input" id="username" name="username" size="20" /></td> </tr> <tr> <td class="Labels">Password:</td> <td><input type="password" id="password" name="password" size="20" /></td> </tr> <tr> <td colspan="2"> <div style="text-align: center; margin-top: 20px; margin-bottom: 20px;"> <input type="submit" id="Login" name="Login" value="Log In" /> </div> </td> </tr> </table> </form> </div> <? include_once 'footer.inc'; ?> </body> </html> loginaction.php page Code: [Select] <? session_start(); $_SESSION['Condition'] = 'Logged'; $_SESSION['UserID'] = $_GET['UserID']; header("Location: index.php"); ?> and finally, the logout.php page Code: [Select] <? session_start(); unset($_SESSION['Condition']); unset($_SESSION['UserID']); session_destroy(); header("Location: index.php"); ?> I have been working on a website for some time now. My work is now 95% finished and now I am starting to look at security, as I am using PHP. My webpage uses HTML FORMS. When most of these forms get send back to the server, 50% of the time PHP is inserting the value of the FORM inputs into MySQL. To give a basic run down, I have a newsletter sign up system. "Enter your e-mail address"... and then the user enters their e-mail and submits.. PHP runs a MySQL query to insert that FORM value into the database along the lines of this: Quote insert into newsletters (email) values ('.$POST['email'].') I fear this is very vulnerable to injection attack as it means a trouble maker can come along and enter anything they want into my database, potentially wiping it out. I believe I need to "sanitize" my input with a MySQL "real_escape_string" or something? Is there anything real obvious I should look out for when it comes to PHP security? Is there a way to forbid all strings/arguments except the few I need or something perhaps? Besides "mysql_real_escape_string"ing all the user input what other security strings should you definitely include n your site? Hi, I am looking to create a directory that can not be accessed using .htaccess and neither can files directly. But I want to make it so when you are signed into joomla you can access the files via a mp3 player on the sight. My mp3 extention is joomline player flplayer. And I heard that if I cange the name of the file in joomla fomr lovelove.com/audio/love/abc.mp3 to lovelove.com/audio/love/abc.php?name=abc and then that abc.php script (inside the script it checks if you are logged in) will retrieve the file name, and the joomline will play it it will work. is this possible? Also, if not what can I do for this to work? Right now my script is not working as the joomline looks up all the mp3 files as one big string. this is the abc.php which on my site its calld psp.php
<?php
define( '_JEXEC', 1 );
define( 'JPATH_BASE', realpath(dirname(__FILE__).'/../../' ));
require_once ( JPATH_BASE .'/includes/defines.php' );
require_once ( JPATH_BASE .'/includes/framework.php' );
$mainframe =& JFactory::getApplication('site');
if( !empty( $_GET['name'] ) )
{
// check if user is logged
if(JFactory::getUser()->guest) {
die( "ERROR: invalid song or you don't have permissions to download it." );
}
else {
$psp = preg_replace( '#[^-\w]#', '', $_GET['name'] );
$psp_file = "{$_SERVER['DOCUMENT_ROOT']}/audio/live/{$psp}.mp3";
if( file_exists( $psp_file ) )
{
header( 'Cache-Control: public' );
header( 'Content-Description: File Transfer' );
header( "Content-Disposition: attachment; filename={$psp_file}" );
header( 'Content-Type: application/mp3' );
header( 'Content-Transfer-Encoding: binary' );
readfile( $psp_file );
exit;
}
}
}
?>
then I have joomline player jlplayer
<?php
/**
* JoomLine mp3 player - Joomla mp3 player
*
* @version 1.5
* @package JoomLine mp3 player
* @author Anton Voynov (anton@joomline.ru), Sergii Gaievskiy (shturman.kh@gmail.com)
* @copyright (C) 2010 by Anton Voynov(http://www.joomline.ru)
* @license GNU/GPL: http://www.gnu.org/copyleft/gpl.html
*
* If you fork this to create your own project,
* please make a reference to JoomLine someplace in your code
* and provide a link to http://www.joomline.ru
**/
defined('_JEXEC') or die('Restricted access');
function ascii2hex($ascii, $reverse = false) {
$hex = array();
for ($i = 0; $i < strlen($ascii); $i++) {
$byte = strtoupper(dechex(ord($ascii{$i})));
$byte = str_repeat('0', 2 - strlen($byte)).$byte;
$hex[] = $byte;
}
if ($reverse) $hex = array_reverse($hex);
return implode(" ",$hex);
}
function read_frame (&$f, &$tagdata, $frame) {
$pos = strpos($tagdata,$frame);
if ( $pos !== FALSE) {
// frame found. read length of this frame
fseek($f, 10+$pos+4);
$frame2len = hexdec(ascii2hex(fread($f,4)));
if (($frame2len-1) > 0) {
// read frame data
fseek($f, 10+$pos+4+2+4+1);
$data = trim(fread($f,$frame2len-1));
$hexfdata = ascii2hex($data);
if ( substr($hexfdata,0,5) == 'FF FE' or substr($hexfdata,0,5) == 'FE FF' ) {
$data = iconv("UCS-2","UTF-8",$data);
} else {
if (!preg_match('//u', $data)) {
$data = iconv("cp1251", "UTF-8",$data);
}
}
return $data;
} else {
return false;
}
} else {
return false;
}
}
function readmp3tag($file) {
$f = fopen($file, 'rb');
rewind($f);
fseek($f, -128, SEEK_END);
$tmp = fread($f,128);
if ($tmp[125] == Chr(0) and $tmp[126] != Chr(0)) {
// ID3 v1.1
$format = 'a3TAG/a30NAME/a30ARTISTS/a30ALBUM/a4YEAR/a28COMMENT/x1/C1TRACK/C1GENRENO';
} else {
// ID3 v1
$format = 'a3TAG/a30NAME/a30ARTISTS/a30ALBUM/a4YEAR/a30COMMENT/C1GENRENO';
}
$id3v1tag = unpack($format, $tmp);
// read tag length
fseek($f, 8);
$tmp = fread($f,2);
$tmp = ascii2hex($tmp);
$taglen= hexdec($tmp);
$tagdata = "";
if ($taglen > 0) {
//read tag data
fseek($f, 10);
$tagdata = fread($f,$taglen);
}
// find song title frame
$title = read_frame ($f, $tagdata, "TIT2");
if (!$title) {
if ($id3v1tag['TAG']== 'TAG' && ascii2hex(substr($id3v1tag['NAME'],0,1)) != '00' ) {
$title = $id3v1tag['NAME'];
} else {
$title = explode(DS,$file);
$title = $title[count($title)-1];
$title = explode('.',$title);
$title=$title[0];
}
if (!preg_match('//u', $title)) $title = iconv("cp1251", "UTF-8",$title);
}
$artist = read_frame ($f, $tagdata, "TPE1");
if (!$artist) {
if ($id3v1tag['TAG']== 'TAG' && ascii2hex(substr($id3v1tag['ARTISTS'],0,1)) != '00') {
$artist = $id3v1tag['ARTISTS'];
} else {
$artist = "";
}
}
if (!preg_match('//u', $artist)) $artist = iconv("cp1251", "UTF-8//TRANSLIT",$artist);
$id3tag['NAME'] = $title;
$id3tag['ARTIST'] = $artist;
return $id3tag;
}
if (DS == "/")
$dir = str_replace("\\",DS,$music_dir);
else
$dir = str_replace("/",DS,$music_dir);
$dir = JPATH_ROOT.DS.$dir;
if (!is_dir($dir)) {
echo "Wrong dir in settings";
} else {
$files = glob($dir.DS."*.{mp3,MP3}",GLOB_BRACE);
if (count($files) > 0) {
sort($files);
$host = $base_uri;
foreach ($files as $file) {
$tags = readmp3tag($file);
$file = explode (DS, $file);
if ($server_utf8 == 1) {
$fname = rawurlencode($file[count($file)-1]);
} else {
$fname = rawurlencode($file[count($file)-1]);
}
$fname = substr($fname, 0, -4);
$file = $host."/".$music_dir."/psp.php?name=".$fname;
echo $file;
$artist = trim($tags['ARTIST']);
$artist = $artist == "" ? "" : "{$tags['ARTIST']} - ";
$playlist[] = '{name:"'.$artist.$tags['NAME'].'",mp3:"'.$file.'"}';
}
}
/*
*
//if(!window.jQuery) {
document.write(unescape('<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jq.js">%3C/script%3E'));
document.write(unescape('<script type="text/javascript">jQuery.noConflict();%3C/script%3E'));
//}
*
*/
?>
<script type="text/javascript">
var myPlayList = [
<?php
echo implode(",\n ",$playlist)."\n";
?>
];
Array.prototype.find=function(v){
for (i=0;i<this.length;i++){
if (this[i]==v) return i;
}
return 0;
}
var plIndex = [];
for (i=0;i<myPlayList.length;i++) {
plIndex[i] = i;
}
<?php if ($shfl == 1) : ?>
//shuffle
function randOrd(){
return (Math.round(Math.random())-0.5);
}
plIndex.sort(randOrd);
<?php endif; ?>
function setCookie (name, value) {
document.cookie = name + "=" + escape(value) + "; expires=Thu, 01-Jan-2055 00:00:01 GMT; path=/";
}
function getCookie(name) {
var cookie = " " + document.cookie;
var search = " " + name + "=";
var setStr = null;
var offset = 0;
var end = 0;
if (cookie.length > 0) {
offset = cookie.indexOf(search);
if (offset != -1) {
offset += search.length;
end = cookie.indexOf(";", offset)
if (end == -1) {
end = cookie.length;
}
setStr = unescape(cookie.substring(offset, end));
}
}
return(setStr);
}
function changeShflStatus(el) {
nowPlay = plIndex[playItem];
if (el.checked) {
setCookie("jlp_shfl","shuffle");
plIndex.sort(randOrd);
} else {
setCookie("jlp_shfl","notshuffle");
plIndex.sort();
}
playItem = plIndex.find(nowPlay);
}
</script>
<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jq.js"></script>
<script type="text/javascript">jQuery.noConflict();</script>
<link href="<?=$base_uri?>/modules/mod_jlplayer/skin/skin.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jquery.jplayer.min.js"></script>
<script type="text/javascript">
var playItem = 0;
jQuery(function(){
var jpPlayTime = jQuery("#jplayer_play_time");
var jpTotalTime = jQuery("#jplayer_total_time");
var jlp_shfl = getCookie("jlp_shfl");
if (jlp_shfl == "shuffle") {
document.getElementById('jlp_shfl').checked = true;
} else if (jlp_shfl == "notshuffle") {
document.getElementById('jlp_shfl').checked = false;
}
jsuri = baseuri+"/modules/mod_jlplayer/js/";
jQuery("#jquery_jplayer").jPlayer({
ready: function() {
displayPlayList();
playListInit(enable_autoplay); // Parameter is a boolean for autoplay.
},
errorAlerts:true,
warningAlerts:true,
swfPath: jsuri
})
.jPlayer("onProgressChange", function(loadPercent, playedPercentRelative, playedPercentAbsolute, playedTime, totalTime) {
jpPlayTime.text(jQuery.jPlayer.convertTime(playedTime));
jpTotalTime.text(jQuery.jPlayer.convertTime(totalTime));
})
.jPlayer("onSoundComplete", function() {
playListNext();
});
jQuery("#jplayer_previous").click( function() {
playListPrev();
return false;
});
jQuery("#jplayer_next").click( function() {
playListNext();
return false;
});
});
function displayPlayList() {
for (i=0; i < myPlayList.length; i++) {
jQuery("#jplayer_playlist").append("<div id='jplayer_playlist_item_"+i+"'>"+ myPlayList[i].name +"</div>");
jQuery("#jplayer_playlist_item_"+i).data( "index", i ).click( function() {
var index = jQuery(this).data("index");
if (plIndex[playItem] != index) {
_index = plIndex.find(index);
playListChange( _index, index );
} else {
jQuery("#jquery_jplayer").jPlayer("play");
}
});
}
}
function playListInit(autoplay) {
if(autoplay) {
playListChange(0, plIndex[0] );
} else {
playListConfig(0, plIndex[0] );
}
}
function playListConfig(_index, index ) {
jQuery("#jplayer_playlist_item_"+plIndex[playItem]).removeClass("jplayer_playlist_current");
jQuery("#jplayer_playlist_item_"+index).addClass("jplayer_playlist_current");
playItem = _index;
jQuery("#jquery_jplayer").jPlayer("setFile", myPlayList[plIndex[playItem]].mp3);
}
function playListChange(_index, index ) {
playListConfig(_index, index );
jQuery("#jquery_jplayer").jPlayer("play");
}
function playListNext() {
var _index = (playItem+1 < myPlayList.length) ? playItem+1 : 0;
var index = plIndex[_index];
playListChange(_index, index );
}
function playListPrev() {
var _index = (playItem-1 >= 0) ? playItem-1 : myPlayList.length-1;
var index = plIndex[_index];
playListChange(_index, index );
}
</script>
<?php include_once(JPATH_ROOT.DS.'modules/mod_jlplayer/skin/tpl.php'); ?>
<?php
}
I was messing around in there with $file
if ($server_utf8 == 1) {
$fname = rawurlencode($file[count($file)-1]);
} else {
$fname = rawurlencode($file[count($file)-1]);
}
$fname = substr($fname, 0, -4);
$file = $host."/".$music_dir."/psp.php?name=".$fname;
echo $file;
I am unsure how to retreive a file title only, with out the whole path, just the name and not even the file ext.It comes up with all the files names in the echo. Also I am not sure how joomline chooses just one file. I am not a php designer and I am quite confused lol Any help would be appreciated! Thank you. |
|||||||