PHP - Header_location File Serving Question

I have a login system that uses a flat file database.  The flat file is in a directory outside the public_html.  My questions;

1- Is is still possible to hack into that file?

Currently I do not encrypt the passwords as I have been told that having the file outside the public_html makes the file unavailable to the public.  This allows me the advantage of sending the Username and Password to the user in an email if they forget there password or username.  Otherwise- I would have to set up a more complicated method to allow them to change their password to re-gain access to the site.  I have an SSL on the site also so I am not worried about packet sniffing.

Thanks

Hey guys I don't know if this is possible but here is what I need to do.

I have a log (txt file)  on my computer I need it to automatically upload itself to my server every X minutes.

Is this possible at all?

So I really don't think I need to paste the code but

Code: [Select]
<?php
session_start();
?>
<?php
$new_thread_page_path = 'general_discussion_threads/' . $_POST['thread_title'] . '.php';
$new_table_link = '<a href="' . $new_thread_page_path . '"' . 'class="hover" border="0" style="text-decoration:none">' . $_POST['thread_title'] . '</a>';
?>
<?php
date_default_timezone_set('EST');
$date = date("m/d/y");
$hour = date("g");
$minute = date("i");
$second = date("s");
$am_pm = date("a");
$full_date = $date . '  ' . $hour . ":" . $minute . ":" . $second . $am_pm;
$place_holder = '<!--the_place_holder-->';
$current_page_path = 'general_discussion_home.php';
$open_current_page = fopen($current_page_path, 'rb');
$contents_of_current_page = fread($open_current_page, filesize($current_page_path));
$template_path = 'general_discussion_threads/template.php';
$open_template = fopen($template_path, 'rb');
$template_contents = fread($open_template, filesize($template_path)); 
$new_thread_page_path = 'general_discussion_threads/' . $_POST['thread_title'] . '.php';
$list_file_path = 'general_discussion_threads/thread_list.txt';
$list_open = fopen($list_file_path, 'rb');
$list_open_write = fopen($list_file_path, 'a');
$open_new_thread_page = fopen($new_thread_page_path, 'w+');
$list_contents = fread($list_open, filesize($list_file_path));
$thread_exists_test = substr_count($list_contents, '<' . strtolower($_POST['thread_title'] . '>'));
$invalid_character_test = substr_count($_POST['thread_title'], '<');
$invalid_character_test1 = substr_count($_POST['thread_title'], '>');
$the_users_info = $_SESSION['the_user'];
$the_username1 = strstr($_SESSION['the_user'], '.');
$the_username1_wipe = str_replace($the_username1, '', $the_users_info);
$the_username = str_replace('.', '', $the_username1_wipe);
if (isset($_POST['new_thread_post'])) {
if (($_SESSION['logged_in'] == '1') && ($invalid_character_test1 == '0') && ($invalid_character_test == '0') && ($thread_exists_test == '0') && ($_POST['thread_title'] != '') && ($_POST['thread_title'] != 'Enter the title of your Thread...')) {
fwrite($open_new_thread_page, '<?php $the_thread_title = ' . '\'' . $_POST['thread_title'] . '\'' . '; ?>' . $template_contents);
fclose($open_new_thread_page);
fwrite($list_open_write, '<' . strtolower($_POST['thread_title']) . '>');
fclose($list_open_write);
$new_contents =str_replace($place_holder, '<tr><td align="center">' . $new_table_link . '</td>' . '<td align="center">' . '<font color="#66CC00">' . $full_date . '</font>' . '</td>' . '<td align="center">' . '<font color="#66CC00">' . $the_username . '<font>' . '</td>' . '</tr>' . $place_holder, $contents_of_current_page);
$open_current_page = fopen($current_page_path, 'w');
fwrite($open_current_page, $new_contents);
fclose($open_current_page);
$_SESSION['gd_error'] = 'Thread created succesfully!';
} elseif ($_SESSION['logged_in'] != '1') {
$_SESSION['gd_error'] = 'You need to be logged in!';
} elseif ($invalid_character_test != '0') {
$_SESSION['gd_error'] = 'Thread title contains invalid characters!';
} elseif ($invalid_character_test1 != '0') {
$_SESSION['gd_error'] = 'Thread title contains invalid characters!';
} elseif ($thread_exists_test != '0') {
$_SESSION['gd_error'] = 'Thread title unavailable!';
} elseif ($_POST['thread_title'] == '') {
$_SESSION['gd_error'] = 'You must make a thread title!';
} elseif ($_POST['thread_title'] == 'Enter the title of your Thread...') {
$_SESSION['gd_error'] = 'You must make a thread title!';
}
}
?>


So what all this does is based on user input it creates a new html page based off of the template with a few different variables based on input. Then it makes a new row  and 3 cells in the home pages thread table that link to the page say who made it and what time they made it. Now it all works PERFECT (Im suprised how perfect on the first try actually) except for 1 tiny flaw which i think might be php not me but im not sure. The fwrite creates a new file but if the input contains any question marks (?) the link will work but no file will be created. For everyother character on teh standard keyboard its fine but not the question mark. What gives? thanks yall!

MOD EDIT: <code></code> tags changed to proper [code] . . . [/code] BBCode tags.

How can I use an include file that has a list of links in any directory at my website without breaking those links?

You can see it in action here...

The links in this directory work...

https://www.billelgin.com/primary-directory/

The links in this directory (being created from the same include file) do not work...

https://www.billelgin.com/primary-directory/subsection-one/

Obviously the problem is the include file is being called from different directories, so it's breaking the relative path links in the include file, but what can I do to fix it?

You can download the example directory structure here...

https://www.billelgin.com/EXAMPLE.zip

I'm very fresh to php coding, and embedding it in html, so I'm a bit lost here.
I have made a script for doing backups of mysql on the QNAP box, I want to make a page to set the variables in it, so the users don't have to change directly in the script like they do now.

First the page should read in the current config, and display that in the form, and then users can change the values, and press save, quite simple I'm sure for the experienced php coder :-)

I'm not sure if it's a HTML or PHP question, so here goes, if it's in the wrong forum, maybe the moderator will forgive me, and move the topic to the right one.

THe page I've currently created looks like this:

Code: [Select]
<html><body>
<h1>Mysql Backup Script</h1>
<?php
$config=parse_ini_file("config.txt");
?>
<form action="writeconfig.php" method="post">
<p>Days to save config: <input type="text" name="configdays" value="<?php echo $config('configdays'); ?>"/>
<br>
<p>Name of Backup location (share): <input type="text" name="share" value="<?php echo $config('share'); ?>"/>
<br>
<p>MySQL Backup User: <input type="text" name="user" value=<?php echo $config('user'); ?>"/>
<p>Errorlevel (0=off, 1=error, 2=error+warn, 3=error+warn+info: <select name="error">
<option>0</option>
<option>1</option>
<option>2</option>
<option>3</option>
</select>
<br>
<p><input type="submit" value="Save" />
</form>
</body></html>


The problem is that it doesn't show the variables in the value fields, but rather the php code

And the writeconfig.php looks like this:
Code: [Select]
<?php
$configdays = $_POST['configdays'];
$share = $_POST['share'];
$user = $_POST['user'];
$error = $_POST['error'];                 

$int_options = array("options"=>array("min_range"=>1, "max_range"=>100));
if (!filter_var($configdays, FILTER_VALIDATE_INT, $int_options)) die("Value for number of config days is incorrect allowed value is 1-100");

$fp = fopen("config.txt", "w");
fwrite($fp, "configdays=" . $configdays . "\r\n" . "share=". $share . "\r\n" . "user=". $user . "\r\n" . "error=". $error . "\r\n");
fclose($fp);

echo "Config file successfully written"

?>

It's all still very raw, but the write part works ok, still needs a lot of input validation of course.
As you can see, I'm still in the beginning part of this, so if I'm doing something wrong, or there's another way to do it properly, let me know!

I am very new to php and am trying to create a simple application that uploads a PDF file to a database. I have one field for the Volume Number and on file field for the PDF to be uploaded. My issue is i can't get the PDF to upload or insert the name of the pdf (eg volume1.pdf) into the data base.

I would also like to point out that I know i have a low post count, but i only seek help when i truly need it and have exhausted all other resources...

Here is what i have, please go easy on me this is my first round at php:
Code: [Select]
<?php
if(isset($_POST['submit'])){
$vol_num = $_POST['vol_num'];
$pdf = $_FILES['pdf']['name'];
$path = '../pdf/'.$_FILES['pdf']['name'];
move_uploaded_file($_FILES["pdf"]["tmp_name"], $path);
        mysql_query("INSERT INTO volumes set vol_num='$vol_num', vol_link='$pdf'") or die (mysql_error());
echo "<script>location.href='add_volume.php'</script>";
}
?>
what am i doing wrong here?

Thanks in advance

how to get the name of the file including a file from the included file,

This one has me mixed up a bit.. I am trying to record site activity information from a common.php file using a user object. But since the file is included into different php files based on different situations I need a dynamic way of finding the file name that is including it. I could be over complicating things but right now this seems like the best solution other wise I'll have to rewrite the code on every page i write. Is there a function for doing this? Or if someone gets what I'm trying to do if they could point me to the direction of some more information on it.

Thanks.

In this multi file upload form, choose three images, click submit and preview the images on the preview page. If the user wishes to delete or replace an image, click edit and the form will go back to the previous page. Select the replace radio button for example on one of the three images and select a new image from the file input prompt and click submit. The form will go to the preview page again to display the images. During this process the image names are being input into a table and the images are being moved to a directory.

The table is

  `id`  AUTO_INCREMENT,
  `image0`
  `image1`
  `image2`
  `status`

So input name='image[image0]' can be directed to table `image0` and so on.

The code for keep and delete work fine, but how do I replace an image?
I have two foreach blocks. The first one deletes the image file from the directory and deletes the image name from the table, but the second foreach dose not move the new image file into the directory.
Thanks.

<input type='radio' name='image[image0]' value='keep' checked='checked'/>
<input type='radio' name='image[image0]' value='delete' />
<input type='radio' name='image[image0]' value='replace' />
<input type="file" name="image[]" />

<input type='radio' name='image[image1]' value='keep' checked='checked'/>
<input type='radio' name='image[image1]' value='delete' />
<input type='radio' name='image[image1]' value='replace' />
<input type="file" name="image[]" />

<input type='radio' name='image[image2]' value='keep' checked='checked'/>
<input type='radio' name='image[image2]' value='delete' />
<input type='radio' name='image[image2]' value='replace' />
<input type="file" name="image[]" />

<?php
if (isset($_POST['status'])) {

$status = $_POST['status'];
$confirm_code = $status;

#--------------------------- replace --------------------------------------------

if (isset($_POST['submitted']) &&
($image = $_POST['image'])) {

foreach($image as $imageKey => $imageValue) {
if ($imageValue == 'replace') {
$query = "SELECT $imageKey FROM table WHERE status = '$status' ";
if($result = $db->query( $query )){
$row = $result->fetch_array();
}

unlink( UPLOAD_DIR.$row[0] );

$query = "UPDATE table SET $imageKey = '' WHERE status = '$status' ";
}
}

foreach($image as $imageKey => $imageValue) {
if ($imageValue == 'replace') {

$filenm = $_FILES['image']['name']; 
$file = $_FILES['image']['tmp_name'];

move_uploaded_file($file, UPLOAD_DIR . $filenm);
$filename[] = $filenm; 

$query = "INSERT INTO table VALUES ('','$filename[0]','$filename[1]','$filename[2]','$confirm_code')";
}
}
}
}
?>

Hiya,

Firstly, I'm a complete novice, apologies! But I have got my upload.php working which is nice. I will post the code below.

However, I would now like to restrict the file size and file type to only word documents.

I currently have a restriction of 200KB but it's not working - no idea why as I've looked at other similar codes and they look the same.

Also, just to complicate things - can I stop files overwriting each other when uploaded? At the moment, if 2 people upload files with the same name one will overwrite the other.

Is this too many questions in 1?

Any help is very much appreciated!

Code below:

Code: [Select]
<form enctype="multipart/form-data" action="careers.php" method="POST">
        Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>

<?php 
 $target = "upload/"; 
 $target = $target . basename( $_FILES['uploaded']['name']) ; 
 $ok=1; 
 
 //This is our size condition 
 if ($uploaded_size > 200) 
 { 
 echo "Your file is too large.<br>"; 
 $ok=0; 
 } 
 
 //This is our limit file type condition 
 if ($uploaded_type =="text/php") 
 { 
 echo "No PHP files<br>"; 
 $ok=0; 
 } 
 
 //Here we check that $ok was not set to 0 by an error 
 if ($ok==0) 
 { 
 Echo "Sorry your file was not uploaded"; 
 } 
 
 //If everything is ok we try to upload it 
 else 
 { 
 if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) 
 { 
 echo "Your file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded."; 
 } 
 else 
 { 
 echo "Sorry, there was a problem uploading your file."; 
 } 
 } 
 ?>

Hey everyone, I'm pretty new to this, not my full time job, but just something I thought I'd give a shot...

I have a database, in postgres, in which I make my query and I go fetch all the info I need.
What I need to do next is the tricky part for me.

For each line of results received, I have to output to a text file (.txt) but I have to respect a format that was given to me from the person requesting the info.

Example:
Character 1 must be G or N.
Character 2 to to 11 will be a result from my database search, which is a 10 digit string.
Character 12 to 14 must be spaces.

Another rule is:
start at character 78: input a value from my database search but it must not exceed 20 characters and if it is less then 20 character, fill the remaining with spaces.


If anyways has a code I can copy and work off of I would really appreciate it....thanks!

I'm using an Upload Script, and I've been working on trying to style the 'Choose File Button' (input file button)

Hello, all: been trying to convert this little single-file upload to multiple by naming each file form-field as "userfile[]" as it's supposed to automatically treat them as an array.. but no luck!  Can you guide me as to what am I doing wrong??
appreciate the help!


Code: [Select]
<?php

if (!isset($_REQUEST["seenform"])) {
?>
   <form enctype="multipart/form-data" action="#" method="post">
   Upload file: <input name="userfile[]" type="file" id="userfile[]">
   Upload file: <input name="userfile[]" type="file" id="userfile[]">
   <input type="submit" value="Upload">
   <input type="hidden" name="seenform">
   </form>
<?php
} 
else 
{ // upload begins
$userfiles = array($_FILES['userfile']);
foreach ($userfiles as $userfile)
{ // foreach begins
   $uploaded_dir = "uploads/";
   $userfile = $_FILES['userfile']["name"];
   $path = $uploaded_dir . $userfile;
   if (move_uploaded_file($_FILES['userfile']["tmp_name"], $path)) 
     {
   print "$userfile file moved";
   // do something with the file here
    } else 
{
   print "Move failed";
}
} // foreach ends
} // upload ends

?>

<td><label for='images'> <b>File to upload:</b> </label></td>
            <td><input type='file'  name = 'drama_image' '<?php echo $row['drama_image']; ?>'/></
                       </tr>
         
   <?php
            $target_path = "images/";
            $target_path = $target_path . basename( $_FILES['images']['name']);

            if(move_uploaded_file($_FILES['images']['tmp_name'], $target_path)) {
                echo "The file ".  basename( $_FILES['images']['name']).
             " has been uploaded";
            } else{
                echo $row['drama_image'];
            }
         
     ?>

['drama_image'] is the name of the file

I wanna echo it out in the box of file upload so when I save , the default picture will still be there instead of being overwritten as the box does not have any value in it.

Hi everybody. 

I use flash 8 and actionscript 2.0. I am trying to create a small program that needs communication between php / HTML and flash. I have found ( after much frustration and having wasted days on this ) that no matter what - if i make a change to my program and re publish the HTMl AND SWF files after I have deleted the old HTML and swf files , even then when i run the NEW PUBLISHED html / php file, the movie that runs is the old one. I have tried all that I know, like checking paths and stuff to ensure that everything is ok. I am unable to shed the chached old swf file and so the old movie continues to run. 

Is there any one who has encountered anything like this? Please help me. This is driving me nuts. Thanks loads in anticipation of a reply from the nerds on this !

I have a page using forms to help build listing templates for eBay. I have a folder where I have hundreds of logos stored. I know the logo names but not their extensions. . . . I have to test each potential (jpg, jpeg, gif, png, etc.) until I guess right. Here is an example code for the web form: <form action="extension_test2.php" method="post">
<p>Logo: <input name="e" value="" type="text" size="15" maxlength="30" /><p>
<input name="Submit" type="Submit"/>
</form>   and the form's result: <?

$e =$_POST['e'];

if(!empty($e)) {
echo '<img src="http://www.gbamedica...ebayimg/logos/'.$e.'">';
};

?>   Here is a link to the example: http://www.gbamedica...ension_test.php Use "olympus.jpg" for test. I am looking for code that can determine the file type and dynamically add the extension. Can it be done?