PHP - Protect Rtsp Stream

In my javascript code i use ajax so i load a php file .. then on the success i have a function where i load a file there.. the thing is how can i secure it from direct access from the browser?

if i type the link of the file in the browser i can access it even tho it needs other files to run so it will return me errors.. how can i disable that?

Thanks.

EDIT: i have tried to put

if(!defined("MAIN")){
die('<tt>You cannot view this file directly!</tt>');
}

on the file i want to protect but then when i call the ajax on the success the file doesnt load on the page that i call it and shows the above die();

Hi,

I have a MySQL database with BLOB data (MS Word files, Excel, PowerPoint, PDF etc.). I have a show_file function that assembles the blobs to send the file to the browser. It's been working great for a decade. Now, I am looking to filter the data against XSS vulnerabilities, much like I do with strings using htmlentities(). How do you go about doing that with BLOB data? I'm assuming htmlentities() will strip out characters from the BLOB data that will render the file unusable, correct? Here is my function:

function show_file( $fileID ) {
$nodeList = array();
$fileInfo = get_record( 'FileList', 'fileID', $fileID ) or trigger_error( 'Not a valid file ID: ' . $fileID );
// Pull list of inodes
$nodes    = get_recordset( 'FileData', 'fileID', $fileID, 'blobID' );
if ( !$nodes ) { trigger_error( 'Failure to retrieve file inodes: ' . mysql_error() ); }  
while ( $node = mysql_fetch_array( $nodes ) ) { $nodeList[] = $node['blobID']; }
// Send down the header to the client
if ( strpos( $_SERVER['HTTP_USER_AGENT'], 'MSIE' ) ) { header( 'Cache-Control: public' ); }
header( 'Content-Type: ' . $fileInfo['fileType'] );
header( 'Content-Length: ' . $fileInfo['fileSize'] );
header( 'Content-Disposition: attachment; filename=' . $fileInfo['fileName'] );
// Loop thru and stream the nodes 1 by 1
for ( $z = 0; $z < count( $nodeList ); $z++ ) {
$query = 'SELECT fileData FROM FileData WHERE blobID = ' . $nodeList[$z];
if ( $result = mysql_query( $query ) ) {
echo mysql_result( $result, 0 );
} else {
trigger_error( 'Failure to retrieve file node data: ' . mysql_error() );
}
}
}


So, I am looking to do something like echo mysql_result( htmlentities($result), 0 );

Thanks for any help you may provide,
George.

hi phpfreaks,

How do I protect the php file that holds the my applications database details
any tips would be great

Hi.  I am working on a website that sells online subscriptions to premium content.  On the low end this includes articles, and on the high end guides and books.

In the back of my mind I had always planned on putting this content into MySQL for safe keeping, but in the last day or so it has occurred to me that putting an entire book into MySQL could be cumbersome at best?!

Which leads to this question...

Can you easily protect a PHP page from unauthorized users and outsiders?

My original desire to put things in MySQL was driven much more by security than any of the more obvious reasons you'd use a database.

I will be putting articles into MySQL, but the more I think about it, trying to put a 500 or 1,000 page book into MySQL could be difficult at best.

For articles, I simple have a PHP page that loads up the article from MySQL and first checks that the logged in user has the proper access rights - meaning they are a paid subscriber - before allowing the article to load.

I could do that with a guide or book, but the question becomes, "How do you put even 500 pages into a database table and easily access it?"

What do you think?

 

 

I have my IP camera with the streaming URL :   http://x.x.x.x:81/li...user=admin&pwd=   Now i want to record the streaming using PHP . Now please anyone help how to do this ? Any help would be appreciated .
Edited by ZohaibKhalid1, 17 October 2014 - 08:41 AM.

How can I decode the following contents? Thanks a lot.  
  <html><head><meta http-equiv="Pragma" content="no-cache"/> <meta http-equiv="Expires" content="-1"/>

The other day I noticed someone had post something like this, well this was actually the solution to the problem. But it got me thinking about a project of mine that I am working on and the need to pump out a downloadable file. We are storing most of the files in a database using base64 encoding the 2 key types of files we are storing are images and PDF's mostly pdf's anyway where I am wanting to go with this is, is there anyway to take the base64 encoded file and get it to download through this, or am I tackling the idea in the wrong way?

<?php
$filename = 'somename.txt'; //this would obviously be changed according to the file type we would output

$data =<<<DATA
I know my data would go here for the given file once decoded.
DATA;

header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . $filename);
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . strlen($data));
echo $data;
?>

Hi! I am having trouble reading a stream of data being sent to my PC via PHP5. It seems that my code stops when it gets to the read section and just sits there indefinately. I am somewhat new to PHP so a solution and explanation would be great!

Code: [Select]
<?php
$host = "129.000.00.01"; // host IP address
$port = 40000; // port to listen to

// sets script execution limit
set_time_limit(30); // 0 means unlimited execution time (constant running)

// create UDP socket
$socket = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP) 
or die("Could not create UDP socket!\n");

// reset socket for binding
if(!socket_set_option($socket, SOL_SOCKET, SO_REUSEADDR, 1)) {
echo "Failed to reset socket!\n";
} 
else echo "Reset socket successfully!\n";

// bind socket
socket_bind($socket, $host, $port);

// connect
if (!socket_connect($socket, $host, $port)) {
echo "Failed to connect to port!\n";
}
else echo "Connected to port successfully!\n";

while (1) {
echo socket_read($socket, 1024, PHP_NORMAL_READ)."\n";
}

// close sockets
socket_close($socket);
echo "\nDone";

I am trying to display an image stream from my pond cam... The stream generated by my ip video server is a jpeg stream without boundaries. Causeur of this the normal mime replace isn't working. I need php to read a picture from the stream, and display the picture in the browser while reading the next picture in the background.

I've got to the point that I am able to connect to the stream, read the first image, and display it in the browser as can be seen in the link below
(cam is only on from 09:00 until 16:00)

http://cam.xsiteit.nl/readstream_test.php

From this point I need to read the second image and replace the image in the browser with the new one.  This process has to continu until the browser is closed.

Any help would be great!

Regards, Peter

Does any one have a better idea to protect PHP files so that you can distribute a 'release' without the customer being able to read the source files. There are tools on the internet which costs money, BUT your are dependant on their software and if its not open source, its not trustworthy.

What I've done so far is writing an ISAPI DLL in borland cpp and installed it under iis6. Basically you call this isappi dll and it decrypts the encrypted php files and executes them respectively. It is thread safe (as is php). There are other methods available on the net that you use to encrypt your pages, BUT the decryption algorithm is found in your main php file and duh, if you can read the main file, you can easily decrypt all other files, so that is a bad idea. Any other ideas? Possibly to write a PHP extension perhaps but I have not been able to get that working on borland cpp.

Hi guys,

I need your help with my php script. On my script, I'm currently working with image where I can hot-link them from another website while it is on protected. when you click right-mouse button on firefox, you could see something like "view page source" which is disabled. when you click on "save page as", you can save the image as "image.php". when you open them, you would not be able to read due to the image but you can find the real image link in image.php where i want to protect them.

here's the currently code:

Code: [Select]
<?php
session_start();
    define('DB_HOST', 'localhost');
    define('DB_USER', 'myusername');
    define('DB_PASSWORD', 'mypassword');
    define('DB_DATABASE', 'mydbname');

$id = (int)$_GET['id'];

$errmsg_arr = array();
$errflag = false;

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
    die('Failed to connect to server: ' . mysql_error());
}

$db = mysql_select_db(DB_DATABASE);
if(!$db) {
    die("Unable to select database");
}   

function clean($var)
{
    return mysql_real_escape_string(strip_tags($var));
}
  $qrytable1="SELECT images FROM image_list WHERE id=$id";
  $result1=mysql_query($qrytable1) or die('Error:<br />' . $qry . '<br />' . mysql_error());

while ($row = mysql_fetch_array($result1)) {
   $image = $row['images'];
   $details = getimagesize($image); 
   header ('Content-Type: ' . image_type_to_mime_type($details[2]));
   echo readfile($image), "<p id='images'>",  $row['images'] . "</p>";
 } 
?>

I guess that there must be a way to protected the url in the php script where i can hide them. It should be easy to modify but I am not sure what line I need to adjust to make it protected.

Can you please help me in what line I need to modify in order to protected the hot-linking in my php?

Hi,

I have the code below:
<?
/*
* search.php
*
* Script for searching a datbase populated with keywords by the
* populate.php-script.
*/
print "<html><head><title>[Squashy] Search! NOT MESSED UP.</title></head><body>\n";
if( $_POST['keyword'] )
{
    /* Connect to the database: */
    mysql_pconnect("www.freesqldatabase.com","sql01_44052","censored")
        or die("ERROR: Could not connect to database!");
    mysql_select_db("sql01_4405hahamo1");
    /* Get timestamp before executing the query: */
    $start_time = getmicrotime();
    /* Execute the query that performs the actual search in the DB: */
   $query = ' SELECT
   p.page_url AS url,
   COUNT(*) AS occurrences
   FROM
   page p,
   word w,
   occurrence o
   WHERE
   p.page_id = o.page_id AND
   w.word_id = o.word_id AND (false ';
$words = explode(' ', $_POST['keyword']);
foreach ($words as $word) {
    $query .= 'OR w.word_word = "' . $word . '" ';
}
$query .= ')
   GROUP BY
   p.page_id
   ORDER BY
   occurrences DESC
   LIMIT ' . $_POST['results'];
$result = mysql_query($query);

    /* Get timestamp when the query is finished: */
    $end_time = getmicrotime();
    /* Present the search-results: */
    print "<h2>[Squashy] Search Results For '".$_POST['keyword']."':</h2>\n";
    for( $i = 1; $row = mysql_fetch_array($result) or die(mysql_error()); $i++ )
    {
        print "$i. <a href='".$row['url']."'>".$row['url']."</a>\n";
        print "(occurrences: ".$row['occurrences'].")<br><br>\n";
    }
    /* Present how long it took the execute the query: */
    print "This search took: ".(substr($end_time-$start_time,0,5))." seconds.";
}
else
{
    /* If no keyword is defined, present the search-page instead: */
    print "<form method='post'>[Squashy Search] <input type='text' size='20' name='keyword'>\n";
    print "Results: <select name='results'><option value='5'>5</option>\n";
    print "<option value='10'>10</option><option value='15'>15</option>\n";
    print "<option value='20'>20</option></select>\n";
    print "<input type='submit' value='Search [Squashy]'></form>\n";
}
print "</body></html>\n";
/* Simple function for retrieving the currenct timestamp in microseconds: */
function getmicrotime()
{
    list($usec, $sec) = explode(" ",microtime());
    return ((float)$usec + (float)$sec);
}
?>

How do I:

a) Center the search box and title and add an image above it like in google, the code for the search box and title is (taken from the code above)


{
    /* If no keyword is defined, present the search-page instead: */
    print "<form method='post'>[Squashy Search] <input type='text' size='20' name='keyword'>\n";
    print "Results: <select name='results'><option value='5'>5</option>\n";
    print "<option value='10'>10</option><option value='15'>15</option>\n";
    print "<option value='20'>20</option></select>\n";
    print "<input type='submit' value='Search [Squashy]'></form>\n";
}


b) How do I protect the code so that people can't see the database name and password?

Thanks,

Will

Hey, nooby here

I am looking for a PHP solution for password protect pages.
I have successfully implemented this code which check a user name and password to grant access.
The problem is that each user needs a different (password protected) page.

What I would like to do is take it a step further and have each user directed to a specific page.

visitor1 => www.mysite.com/visitor1.com
visitor2 => www.mysite.com/visitor2.com

Since I am not going to have anymore than three users I don't want the complication of a database and keep everything PHP.

Any idea please?

Cheers,   This is the login page:

<?php
$LOGIN_INFORMATION = array(
  'visitor1' => 'password1',
  'visitor2' => 'password2'
);


define('USE_USERNAME', true);

define('LOGOUT_URL', 'http://www.mysite.com/logout.php');

define('TIMEOUT_MINUTES', 0);

define('TIMEOUT_CHECK_ACTIVITY', true);

if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
}


$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);


if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}

if(!function_exists('showLoginPasswordProtect')) {


function showLoginPasswordProtect($error_msg) {
?>
<!DOCTYPE HTML>
<html>
	<head>
	</head>
	<body class="loading">
		<div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
			<form method="post">
				<p>Please enter password</p><br />
				<font color="red"><?php echo $error_msg; ?></font><br />
				<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
				<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
			</form>
		</div>
	</body>
</html>
<?php

  die();
}
}


if (isset($_POST['access_password'])) {

  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("Incorrect password.");
  }
  else {

    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
    

    unset($_POST['access_login']);
    unset($_POST['access_password']);
    unset($_POST['Submit']);
  }

}

else {


  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }


  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }

}

?>

And here is the code I used at the top of each protected page:

<?php include("/home/user/public_html/clients/login.php"); ?>[/code]

I'm not sure if this is a php or Apache question but here goes anyways. 

I have my Apache web server set up so I can access it from anywhere which obviously means anyone else can access it too. I have my index page which is basically a menu for the site password protected with a simple php script. 

The problem is the index.php password page can be bypassed by just typing the name or path of any of the pages on the site. I don't want to have to password protect or enter a session variable onto every page.

Is there a practical way to make it where no page can be accessed without being routed from the index.php page ?   

hi all i have a code that i am trying to password to protect my webpage and i cant seen to get it to coonect to mysql DB.

here is the code

$c_username = "root";
   $c_password = "Steph1989";
   $c_host = "localhost";
   $c_database = "eclipse_media";

   // Connect.
   $connection = mysql_connect($c_host, $c_username, $c_password)
   or die ("It seems this site's database isn't responding.");

   mysql_select_db($c_database)
   or die ("It seems this site's database isn't responding.");