|
PHP - File Access
Hi guys,
I am making a site where users upload files (like images, pdfs, etc) to the server. My question is, how does Facebook handle file permissions, restricting access to files uploaded to their servers based on what a user sets? Because I need to implement a similar thing and have no idea how to do it in a clean way. I have had two thoughts on storing the files 1) in a DB or 2) in a folder out of the wwwroot, which would prevent access by anyone without knowing the path (or some such) but it is the more "real" permissions implementation I am stuck on. I obviously would like to achieve this with PHP and MySQL(i). Any help is much appreciated. Cheers in advance. Similar TutorialsIs it possible to allow a script running on another server to write/read a specific file on my server? I can set file permissions, but not having any luck with file paths due to php5 blocking http:// urls. Hello everybody , This is my first topic here and I hope I will find the solution for my problem. I want to restrict access to file (for exemple: http://www.mysite.com/files/file0000.zip) to a just a specific IP that will be read from the database. And also store all other IPs trying to access this file. Can this be done, maybe through some php and htaccess? Thank you for any help or any other ideas. I have a file that an ajax function calls on my site, and I want to make sure only the right pages access it. For example. I have page called home (home.php) and on that page i have an ajax call, which calls a file called ajax.php. I want to make sure that when ajax.php is being executed, it is being executed via an ajax call, which is coming from the home page. is this possible?
RewriteCond %{HTTP_HOST} !^www.example.com.au$ [NC]
RewriteCond %{HTTP_HOST} !^https://www.example.com.au$ [NC]
RewriteRule ^(.*)$ http://www.example.com.au/$1 [R,L]
Hi All
I have my website 90% working on https, fully working on http and I have managed to redirect from none www to www
What I am looking to do it if the user happens to enter https then make them go to my www version
I have manage to get them to go to my www version if they do not put in www but I am lost in how to redirect them from https to http
here is what I have so far and I just cannot figure it out
thanks
Alan
I have a MS Access database file hosted on my Godaddy server. I would like a simple php script to be able to access it and return values from it when I enter info from drop down boxes. Eg column one is item name Column two is price Column three is items remaining I want to pick an item from column one and have the appropriate values from columns two and three returned. I have done many searches but most reveal php scripts that interrogate SQL databases. Excuse my ignorance but are these what I want? If not can anyone please get me going on a php script? Ideally I don't want to change the format of the MS access database - I have it in xls and simply export and save it to access. If there is a simple way of reading directly from a specific tab in Excel that would be a better solution. Thank you. I have a weird kind of problem. I uploaded all upload-directories through FTP which have 777 permissions and owner name 'abc' This means I can access all of them through the codes. But while creating files inside those full permitted directories, the compiler complains for access denied. Meanwhile, a different directory is created with same name whose owner is 'apache' itself and the previous directory is lost. Then I cannot change the permissions of that directory through FTP. I don't if it is apache server's problem itself or not. Or is it a way to define user while creating/editing/deleting files and directories through php code itself? I've got a question, I thought I'd be able to do this fairly easily. I don't want to do an .htaccess solution also. I tried this, define('ACCESS', TRUE); // then on other page if(!defined('ACCESS'){die('Direct access not allowed.');} Need some assistance, appreciated. A shipping vendor (like Stamps.Com) provides me a Printable Shipping Label to display on my website for Visitors to print.
When Visitors come to my page, my PHP code:
$Shipping_Label_Data = $LabelVendor->data[0]->contents; // vendor's API echo '<img src="/Label-Directory/'.$Order_Number.'.png" />'; Later I realized the security flaw: any snooper can fish for other Visitor's labels in my Label directory. What is the best way to prevent the display of other people's labels? Thank you!! I have solved this now. Hi! I am trying to use the View Model Design Pattern in my application The problem is that it is the first time I use it and I am a beginner. So, I have the logic in the Model and the "front end" in View. I am talking about a sign up page. In the current Html file I am trying to access an error array from the model file and display it to the user above the input field.
Here is the a snippet from the Model (Signup.php)
$account = new Account($con); //the account which takes as param the db connection
$error = null; //the array
// anything the user writes gets inside this array
if (isset($_POST["submitButton"])) {
$firstName = UnifyFormInput::unifyUserFLName($_POST["firstName"]);
$lastName = UnifyFormInput::unifyUserFLName($_POST["lastName"]);
$username = UnifyFormInput::unifyFormUserName($_POST["username"]);
$email = UnifyFormInput::unifyFormEmail($_POST["email"]);
$password = UnifyFormInput::unifyFormPassword($_POST["password"]);
//contain true or false based on the query being successful or not
$success = $account->register($firstName, $lastName, $username, $email, $password);
if ($success) {
$_SESSION["userLoggedIn"] = $username;
header("Location:index.php");
}else{
$error = $account->getError(Constants::$registerFailed);
}
}
//compact — creates array containing variables and their values
//call render function from View file to show the register page content
View::render('register', compact('error'));
And here is the view:
<?php
if (!empty($error)) {
echo $account->getError(Constants::$loginFailed);
}
?>
<input type="text" class="form-control" name="firstName" placeholder= "First Name" value="<?php getInputValue("firstName"); ?>" required>
Hello first time poster here . Soni have been in the proccess of designing a website that would give images to users . But only owner of an image will get thier own image . And some people may not access thier image whom are invalid untill i make them valid users. Si.my problem is i want to stop people from accessing these images by typing thier mysite.com/path and these files only be accessable via a php that is in my website . How do i go about doing that . Is it iam my new to this or there is not a convenient way to do this . Thanks in advance I use jQuery when adding messages. However, the file can be called directly. For example: includes/add_comment.php?id=2 So, I can make a form and call this file directly to add a message. ID is user id and form can be submited with HTML form wherever are located. How to prevent direct access to the file when called through a Ajax? please it is very important!! I have a script (main file is index.php) that is called into an iframe src via an url reference... http://www.xxxx.com/folder/userfolder/folderwithemailname/index.php works perfectly!!.. How can i prevent someone getting direct url access to the file? if someone were to take the url: http://www.xxxx.com/folder/userfolder/folderwithemailname/index.php and place it into the address bar, they have access to the file... points to note: -i have no database for this script, -the iframe is called directly into a html file, - i dont know the userfolder or the emailfolder names, - and the index.php is linked to several other .php and .js and .html files in different folders.... // i can add something like this to these file:(i found this on the net). Add this to the page that you want to only be included <?php if(!defined('MyConst'){die('Direct access not premitted');} ?> then on the pages that include it add <?php define('MyConst', TRUE); ?> this will prevent the files being accessed, but then i cant access the file via the iframe url.. please any ideas??? best regards Tony I run a dev site locally on Windows and the real site on a hosting provider on LINUX. PHP5, XAMP, etc. Locally my fopen works. On the web server it throws an error: "Warning: fopen() [function.fopen]: Unable to access" filepath/name The file exists on both servers; upper/lower case is correct; so are access rights. I noticed the error only today; this was working for the last 7 months; the function serves a range of content-types; just tested XLS and it works. Now I am stuck This line throws the error: $handle = fopen($strPathFileName, 'rb'); $strPathFileName uses / only Any pointers appreciated... thanks. Hello, folks. I am having a little trouble with this script. I want it to be able to read a directory, not just a file, and list all files in the directory along with their id3 tags. I can't get it to read all the files, it reads only the first file in the directory. Here, I'm posting the basic (stripped down) script, without mods or add-ons. I would appreciate any help. Thanks. Code: [Select] <?php require('error.inc.php'); require('id3.class.php'); $nome_arq = 'music.mp3'; $myId3 = new ID3($nome_arq); if ($myId3->getInfo()){ echo('<HTML>'); echo('<a href= "'.$nome_arq.'">Click to play: </a><br>'); echo('<table border=1> <tr> <td><strong>Artist</strong></td> <td><strong>Title</strong></font></div></td> <td><strong>Track</strong></font></div></td> <td><strong>Album/Year</strong></font></div></td> <td><strong>Genre</strong></font></div></td> <td><strong>Comments</strong></font></div></td> </tr> <tr> <td>'. $myId3->getArtist() . ' </td> <td>'. $myId3->getTitle() . ' </td> <td>'. $myId3->getTrack() . ' </td> <td>'. $myId3->getAlbum() . '/'.$myId3->getYear().' </td> <td>'. $myId3->getGender() . ' </td> <td>'. $myId3->tags['COMM']. ' </td> </tr> </table>'); echo('</HTML>'); }else{ echo($errors[$myId3->last_error_num]); } ?> Hi I'm after a solution to a problem I have. I'm building a small site for charity which the the client wants to email(with a url link) to say 1000 selected companies but only wants them to be able to view the site and register interest and not anyone else or if they forward the mail to a non prefered client? Any help to point me in the right direction would be good thank-you. I've got data in a mySql database which is updated daily. I would like to allow webmasters to place this data in a form of a widget on their websites provided they pay for access. If not payment comes through we should be able to block access.
Any suggestions how this project would be designed?
Hi, i am learning WordPress and have just started, but i have a problem....when i try to access my site i get this: Warning: Cannot modify header information - headers already sent by (output started at /home/smra9/public_html/wp-content/themes/evanescence/functions.php:6) in /home/smra9/public_html/wp-includes/pluggable.php on line 890 when i open pluggable.php and i go to the line 890 it says: header("Location: $location", true, $status); i will also copy a text from line 885 to 890 so maybe you will understand better: if ( $is_IIS ) { header("Refresh: 0;url=$location"); } else { if ( php_sapi_name() != 'cgi-fcgi' ) status_header($status); // This causes problems on IIS and some FastCGI setups header("Location: $location", true, $status); } Can anyone help me, i don't know what to do I'm currently learning PHP and I think I have a decent grasp of procedural programming so I'm trying to set it up a little bit and get a hang of OOP. I'm finding it a little tough going but I am making progress, the syntax and coding of it is fine but I don't quite get some theory and the best way to use it yet. It's only my third day in but I have a question relating to access modifiers. It's a simple one, but what is the point? That may sound a bit narky but I keep hearing and reading that it's good programming convention but it's never really explained why. What am I missing? I get how they work but I don't really get why to use them. I've even read that private should only be rarely used, if at all as it makes testing harder and it stops you from being able to extend your classes. I'm not against using them - I want to learn to program to the very best of my ability but I'm eager to learn what benefits it actually has. Is there a technical reason, for example? Hi, I want to control a variable (decide whether to track click if coming from a specific site oppose to hitting the final site (destination) directly. For example: www.portal.com - this will be a management site that will redirect viewers to the the final destination based on variable info - for exmample $a=123 or $a= 567 - which would come in as www.portal.com?a=123 or www.portal.com?a=567 Note: 123 would redirect to www.abc.com?a=123 and/or 567 would redirect to www.xyz.com?a=567 with said variable(s). ------ My question is this: What is the best method to authenticate (both on) www.abc.com and/or www.xyz.com that the referred viewer came from www.portal.com? I know about the super globals (HTTP_REFERER) but want to know if there are other (more) secure method to manage this interaction between external domains /websites? Any insight on this appreciated - thanks! |
|||||||