PHP - File Access Restriction

I've got a question, I thought I'd be able to do this fairly easily. I don't want to do an .htaccess solution also.

I tried this,

define('ACCESS', TRUE);


// then on other page 
 if(!defined('ACCESS'){die('Direct access not allowed.');}


Need some assistance, appreciated.

I have a weird kind of problem.
I uploaded all upload-directories through FTP which have 777 permissions and owner name 'abc'
This means I can access all of them through the codes.
But while creating files inside those full permitted directories, the compiler complains for access denied.
Meanwhile, a different directory is created with same name whose owner is 'apache' itself and the previous directory is lost.
Then I cannot change the permissions of that directory through FTP.
I don't if it is apache server's problem itself or not.
Or is it a way to define user while creating/editing/deleting files and directories through php code itself?

I have solved this now.

A shipping vendor (like Stamps.Com) provides me a Printable Shipping Label to display on my website for Visitors to print.

When Visitors come to my page, my PHP code:
1.) connects to Shipping Vendor via an API,
2.) downloads and converts the base64 data to image
3.) names the image to Customer Order Number.png
4.) saves image in directory
5.) then displays image to Visitor.

$Shipping_Label_Data = $LabelVendor->data[0]->contents; // vendor's API
file_put_contents('Label-Directory/'.$Order_Number.'.png',base64_decode($Shipping_Label_Data));

echo '<img src="/Label-Directory/'.$Order_Number.'.png" />';

Later I realized the security flaw: any snooper can fish for other Visitor's labels in my Label directory.

What is the best way to prevent the display of other people's labels?

Thank you!!

I have a MS Access database file hosted on my Godaddy server.
I would like a simple php script to be able to access it and return values from it when I enter info from drop down boxes.

Eg column one is item name
Column two is price
Column three is items remaining

I want to pick an item from column one and have the appropriate values from columns two and three returned.

I have done many searches but most reveal php scripts that interrogate SQL databases.
Excuse my ignorance but are these what I want?

If not can anyone please get me going on a php script?
Ideally I don't want to change the format of the MS access database - I have it in xls and simply export and save it to access. If there is a simple way of reading directly from a specific tab in Excel that would be a better solution.

Thank you.

RewriteCond %{HTTP_HOST} !^www.example.com.au$ [NC] 
RewriteCond %{HTTP_HOST} !^https://www.example.com.au$ [NC]
RewriteRule ^(.*)$ http://www.example.com.au/$1 [R,L]

Hi All   I have my website 90% working on https, fully working on http and I have managed to redirect from none www to www     What I am looking to do it if the user happens to enter https then make them go to my www version     I have manage to get them to go to my www version if they do not put in www but I am lost in how to redirect them from https to http   here is what I have so far and I just cannot figure it out     thanks Alan

Hi!

I am trying to use the View Model Design Pattern in my application

The problem is that it is the first time I use it and I am a beginner.

So, I have the logic in the Model and the "front end" in View. I am talking about a sign up page.

In the current Html file I am trying to access an error array from the model file and display it to the user above the input field.

 

Here is the a snippet from the Model (Signup.php)

$account = new Account($con); //the account which takes as param the db connection
$error = null; //the array

// anything the user writes gets inside this array
if (isset($_POST["submitButton"])) {

 $firstName = UnifyFormInput::unifyUserFLName($_POST["firstName"]);
 $lastName = UnifyFormInput::unifyUserFLName($_POST["lastName"]);
 $username = UnifyFormInput::unifyFormUserName($_POST["username"]);
 $email = UnifyFormInput::unifyFormEmail($_POST["email"]);
 $password = UnifyFormInput::unifyFormPassword($_POST["password"]);

 //contain true or false based on the query being successful or not
 $success = $account->register($firstName, $lastName, $username, $email, $password);
 if ($success) {
  $_SESSION["userLoggedIn"] = $username;
     header("Location:index.php");
 }else{
    $error = $account->getError(Constants::$registerFailed);

 }
}
//compact — creates array containing variables and their values
//call render function from View file to show the register page content
View::render('register', compact('error'));

And here is the view:

 <?php                 
        if (!empty($error)) {
          echo  $account->getError(Constants::$loginFailed);
       }                        
?>
<input type="text" class="form-control" name="firstName" placeholder= "First Name" value="<?php getInputValue("firstName"); ?>" required>

 

I use jQuery when adding messages. However, the file can be called directly. For example: includes/add_comment.php?id=2

So, I can make a form and call this file directly to add a message. ID is user id and form can be submited with HTML form wherever are located.

How to prevent direct access to the file when called through a Ajax?

Hello first time poster here .

Soni have been in the proccess of designing a website that would give images to users . But only owner of an image will get thier own image .

And some people may not access thier image whom are invalid untill i make them valid users.

Si.my problem is i want to stop people from accessing these images by typing thier mysite.com/path and these files only be accessable via a php that is in my website .

How do i go about doing that .

Is it iam my new to this or there is not a convenient way to do this .

Thanks in advance

please it is very important!!
I have a script (main file is index.php) that is called into an iframe src via an url reference... http://www.xxxx.com/folder/userfolder/folderwithemailname/index.php
works perfectly!!..

How can i prevent someone getting direct url access to the file?
if someone were to take the url:    http://www.xxxx.com/folder/userfolder/folderwithemailname/index.php and place it into the address bar, they have access to the file...

points to note:
-i have no database for this script,
-the iframe is called directly into a html file,
- i dont know the userfolder or the emailfolder names,
- and the index.php is linked to several other .php and .js and .html files in different folders.... // i can add something like this to these file:(i found this on the net).
Add this to the page that you want to only be included

<?php
if(!defined('MyConst'){die('Direct access not premitted');}
?>

then on the pages that include it add

<?php
define('MyConst', TRUE);
?>

this will prevent the files being accessed, but then i cant access the file via the iframe url..

please any ideas???
best regards
Tony

Hi,
I want to restrict my registered user to see video only once per day...
Can anyone guide me how can i do this with php???
Thanks

hi once again, i got a form that uploads an image, checks  formats and all that.. i need to add the filesize restriction.
something like this:

define ("max_size","20"); //<- 20kb size
$size=filesize($_FILES['image']['tmp_name'])

if ($size > max_size*1024){
echo "too big filesize";
} else {
  //......
}



how do i put that code, into this code? :

<?php

$allowedfiletypes = array("jpeg","jpg","gif","png");
$uploadfolder = "uploads/" ;
$thumbnailheight = 100; //in pixels
$thumbnailfolder = $uploadfolder."thumbs/" ;


$action = $_POST['action'];
if ($action == "upload") {
    //echo "<p>Uploading image... " ;

    if(empty($_FILES['uploadimage']['name'])){
        echo '<script type="text/javascript"> {alert("Pasirinkite faila");} </script>';
    } else {
        $uploadfilename = $_FILES['uploadimage']['name'];
        $fileext = strtolower(substr($uploadfilename,strrpos($uploadfilename,".")+1));

        if (!in_array($fileext,$allowedfiletypes)) { 
echo '<script type="text/javascript"> {alert("Blogas failo tipas");} </script>';
} else {
            $fulluploadfilename = $uploadfolder.$uploadfilename ;


            if (move_uploaded_file($_FILES['uploadimage']['tmp_name'], $fulluploadfilename)) {
           echo '<script type="text/javascript"> {alert("Failas irasytas");} </script>';
            $im = imagecreatefromjpeg($fulluploadfilename);

                if (!$im) {
 echo '<script type="text/javascript"> {alert("Nepavyko sugeneruoti thumbnail");} </script>'; 
} else {
                    $imw = imagesx($im); // uploaded image width
                    $imh = imagesy($im); // uploaded image height
                    $nh = $thumbnailheight; // thumbnail height
                    $nw = round(($nh / $imh) * $imw); //thumnail width
                    $newim = imagecreatetruecolor ($nw, $nh);
                    imagecopyresampled ($newim,$im, 0, 0, 0, 0, $nw, $nh, $imw, $imh) ;
                    $thumbfilename = $thumbnailfolder.$uploadfilename ;
                    imagejpeg($newim, $thumbfilename) or die('<script type="text/javascript"> {alert("Nepavyko issaugoti thumbnail");} </script>');
                }
            } else { 
echo '<script type="text/javascript"> {alert("Nepavyko issaugoti failo");} </script>'; 
}
        }
    }

function watermark($original_image,$original_watermark,$destination="")
{
$image=imagecreatefromjpeg($original_image);
list($imagewidth,$imageheight)=getimagesize($original_image);

$watermark  =  imagecreatefrompng($original_watermark); 
list($watermarkwidth,$watermarkheight)=getimagesize($original_watermark);

if($watermarkwidth>$imagewidth || $watermarkheight>$imageheight)
{
$water_resize_factor = $imagewidth / $watermarkwidth;
$new_watermarkwidth  = $watermarkwidth * $water_resize_factor;
$new_watermarkheight = $watermarkheight * $water_resize_factor;

$new_watermark = imagecreatetruecolor($new_watermarkwidth , $new_watermarkheight);

imagealphablending($new_watermark , false);
imagecopyresampled($new_watermark , $watermark, 0, 0, 0, 0, $new_watermarkwidth, $new_watermarkheight, $watermarkwidth, $watermarkheight);

$watermarkwidth  = $new_watermarkwidth; 
$watermarkheight = $new_watermarkheight; 
$watermark       = $new_watermark;
}
$startwidth  =  ($imagewidth  -  $watermarkwidth)  / 2; 
$startheight  =  ($imageheight  -  $watermarkheight) / 2;

imagecopy($image, $watermark, $startwidth, $startheight, 0, 0, $watermarkwidth, $watermarkheight); 
if(!empty($destination))
imagejpeg($image,$destination);
else 
imagejpeg($image);
}


$original_directory = "uploads/thumbs/";
$watermarked_images = "uploads/thumbs/watermarkedthumbs/";

if ($handle = opendir($original_directory)) 
{
    while (false !== ($file = readdir($handle))) 
    {
     /*
     exif_imagetype checks if our file is
     a .jpg file. See manual for more info
     */
     if(!is_file($original_directory.$file))
     continue;
        if(exif_imagetype($original_directory.$file)==2)
        {
         watermark($original_directory.$file,"watermark.png",$watermarked_images.$file);
              }
    }
    closedir($handle);
}
}


?>
<form name="newad" method="post" enctype="multipart/form-data"  action="">
 <label for="file" id="label">Pasirinkti fail&#261;: </label>
 <input type="hidden" name="action" value="upload" />
 <input type="file" name="uploadimage" id="file">
 <input name="Submit" type="submit" value="&#303;kelti" id="submit">
</form>


i tried smth like this, but it shows some error ("Warning: filesize() [function.filesize]: stat failed for 1.jpg in")

<?php

/* $allowedfiletypes = array("jpeg","jpg","gif","png");
$uploadfolder = "uploads/" ;
$thumbnailheight = 100; //in pixels
$thumbnailfolder = $uploadfolder."thumbs/" ; */
define ("max_size","20"); 
$size=filesize($_FILES['uploadimage']['name']);

/* $action = $_POST['action'];
if ($action == "upload") {
    //echo "<p>Uploading image... " ;

    if(empty($_FILES['uploadimage']['name'])){
        echo '<script type="text/javascript"> {alert("Pasirinkite faila");} </script>';
    } else {
        $uploadfilename = $_FILES['uploadimage']['name'];
        $fileext = strtolower(substr($uploadfilename,strrpos($uploadfilename,".")+1));

        if (!in_array($fileext,$allowedfiletypes)) { 
echo '<script type="text/javascript"> {alert("Blogas failo tipas");} </script>';
} else {
            $fulluploadfilename = $uploadfolder.$uploadfilename ; */


if ($size > max_size*1024){
echo '<script type="text/javascript"> {alert("Per didelis failas");} </script>';
} else {

           /* if (move_uploaded_file($_FILES['uploadimage']['tmp_name'], $fulluploadfilename)) {
           echo '<script type="text/javascript"> {alert("Failas irasytas");} </script>';
            $im = imagecreatefromjpeg($fulluploadfilename);

                if (!$im) {
 echo '<script type="text/javascript"> {alert("Nepavyko sugeneruoti thumbnail");} </script>'; 
} else {
                    $imw = imagesx($im); // uploaded image width
                    $imh = imagesy($im); // uploaded image height
                    $nh = $thumbnailheight; // thumbnail height
                    $nw = round(($nh / $imh) * $imw); //thumnail width
                    $newim = imagecreatetruecolor ($nw, $nh);
                    imagecopyresampled ($newim,$im, 0, 0, 0, 0, $nw, $nh, $imw, $imh) ;
                    $thumbfilename = $thumbnailfolder.$uploadfilename ;
                    imagejpeg($newim, $thumbfilename) or die('<script type="text/javascript"> {alert("Nepavyko issaugoti thumbnail");} </script>');
                }
            } else { 
echo '<script type="text/javascript"> {alert("Nepavyko issaugoti failo");} </script>'; 
}
        }
    }
}
function watermark($original_image,$original_watermark,$destination="")
{
$image=imagecreatefromjpeg($original_image);
list($imagewidth,$imageheight)=getimagesize($original_image);

$watermark  =  imagecreatefrompng($original_watermark); 
list($watermarkwidth,$watermarkheight)=getimagesize($original_watermark);

if($watermarkwidth>$imagewidth || $watermarkheight>$imageheight)
{
$water_resize_factor = $imagewidth / $watermarkwidth;
$new_watermarkwidth  = $watermarkwidth * $water_resize_factor;
$new_watermarkheight = $watermarkheight * $water_resize_factor;

$new_watermark = imagecreatetruecolor($new_watermarkwidth , $new_watermarkheight);

imagealphablending($new_watermark , false);
imagecopyresampled($new_watermark , $watermark, 0, 0, 0, 0, $new_watermarkwidth, $new_watermarkheight, $watermarkwidth, $watermarkheight);

$watermarkwidth  = $new_watermarkwidth; 
$watermarkheight = $new_watermarkheight; 
$watermark       = $new_watermark;
}
$startwidth  =  ($imagewidth  -  $watermarkwidth)  / 2; 
$startheight  =  ($imageheight  -  $watermarkheight) / 2;

imagecopy($image, $watermark, $startwidth, $startheight, 0, 0, $watermarkwidth, $watermarkheight); 
if(!empty($destination))
imagejpeg($image,$destination);
else 
imagejpeg($image);
}


$original_directory = "uploads/thumbs/";
$watermarked_images = "uploads/thumbs/watermarkedthumbs/";

if ($handle = opendir($original_directory)) 
{
    while (false !== ($file = readdir($handle))) 
    {
     /*
     exif_imagetype checks if our file is
     a .jpg file. See manual for more info
     */ /*
     if(!is_file($original_directory.$file))
     continue;
        if(exif_imagetype($original_directory.$file)==2)
        {
         watermark($original_directory.$file,"watermark.png",$watermarked_images.$file);
              }
    }
    closedir($handle);
}
}

*/
?>


any ideas?
thanks

How do I make it so if I get the question right, I have access to view the next page?
For example, if I get this question right in index-1.php correct, it would take me to index-2.php (like in the script below),
but if you don't get the question correct in index-1.php, you cannot have access/view index-2.php.

Why I need this?  Well, if you change the URL http://--------/index-1.php to http://--------/index-2.php, you can easily go from index-1.php to index-2.php without having to answer the question correctly.

index-1.php:
<?php
if(isset($_POST['submit'])){

$number = $_POST['number'];
if ($number == "elephant"){
header("Location: http://localhost/index-2.php");
exit();}
}
?> 

<html>
 <head>
  <title>PHP Test</title>
 </head>
 <b>LEVEL 1</b>
 <body>
 <p>
<font face="Courier New">c291cmNl</font>
</p>
 <br/></body>
</html>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
  Answer: <!-- "elephant" --> <input type="text" name="number" /><br />
</select>
<input name="submit" type="submit">
</form>

Thanks

i want to share my problem in my website

For the better understandng of my website, I want to tell all the details.

1. I have a database and i has a 2 tables 1 for the tbllogin which consist of Username and Department, and the second table is caltbl which i use for the calendar events.

2.When my website run the first webpage is the login form. If the Username and Department is correct she can browse the other webpages, like the calendar event.


3. In the calendar event you can see the calendar and when you click the date theirs a link "new event" appear and if theirs no existing event theres a text saying "No Events", when you click the link you can add events. I want that theirs a specific person that can only add events for the restriction of adding events. I want to happen that if the user is xxx and her department is yyy the link shoud appear and she can add events. i want that only to her the link should be appear..

here is my code:

<?php 
$host = "localhost"; 
  
    $username = ""; 
  
    $password = ""; 
  
    $dbCnx = @mysql_connect($host, $username, $password) or die('Could not Connect to the database'); 
  
    $dbName = 'dspi'; 
  
    mysql_select_db($dbName);     
?> 
<script> 
function goLastMonth(month, year){ 
// If the month is January, decrement the year 
if(month == 1){ 
--year; 
month = 13; 
} 
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month-1)+'&year='+year; 
} 
//next function 
function goNextMonth(month, year){ 
// If the month is December, increment the year 
if(month == 12){ 
++year; 
month = 0; 
} 
document.location.href = '<?=$_SERVER['PHP_SELF'];?>?month='+(month+1)+'&year='+year; 
}  
  
function remChars(txtControl, txtCount, intMaxLength) 
{ 
if(txtControl.value.length > intMaxLength) 
txtControl.value = txtControl.value.substring(0, (intMaxLength-1)); 
else 
txtCount.value = intMaxLength - txtControl.value.length; 
} 
  
function checkFilled() { 
var filled = 0 
var x = document.form1.calName.value; 
//x = x.replace(/^\s+/,""); // strip leading spaces 
if (x.length > 0) {filled ++} 
  
var y = document.form1.calDesc.value; 
//y = y.replace(/^s+/,""); // strip leading spaces 
if (y.length > 0) {filled ++} 
  
if (filled == 2) { 
document.getElementById("Submit").disabled = false; 
} 
else {document.getElementById("Submit").disabled = true} // in case a field is filled then erased 
  
} 
  
</script> 
<html> 
<body> 
<?php 
//$todaysDate = date("n/j/Y"); 
//echo $todaysDate; 
// Get values from query string 
$day = (isset($_GET["day"])) ? $_GET['day'] : ""; 
$month = (isset($_GET["month"])) ? $_GET['month'] : ""; 
$year = (isset($_GET["year"])) ? $_GET['year'] : ""; 
//comparaters for today's date 
//$todaysDate = date("n/j/Y"); 
//$sel = (isset($_GET["sel"])) ? $_GET['sel'] : ""; 
//$what = (isset($_GET["what"])) ? $_GET['what'] : ""; 
  
//$day = (!isset($day)) ? $day = date("j") : $day = ""; 
if(empty($day)){ $day = date("j"); } 
  
if(empty($month)){ $month = date("n"); } 
  
if(empty($year)){ $year = date("Y"); }  
//set up vars for calendar etc 
$currentTimeStamp = strtotime("$year-$month-$day"); 
$monthName = date("F", $currentTimeStamp); 
$numDays = date("t", $currentTimeStamp); 
$counter = 0; 
//$numEventsThisMonth = 0; 
//$hasEvent = false; 
//$todaysEvents = "";  
//run a selec statement to hi-light the days 
function hiLightEvt($eMonth,$eDay,$eYear){ 
//$tDayName = date("l"); 
$todaysDate = date("n/j/Y"); 
$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear; 
if($todaysDate == $dateToCompare){ 
//$aClass = '<span>' . $tDayName . '</span>'; 
$aClass='class="today"'; 
}else{ 
//$dateToCompare = $eMonth . '/' . $eDay . '/' . $eYear; 
//echo $todaysDate; 
//return; 
$sql="select count(calDate) as eCount from calTbl where calDate = '" . $eMonth . '/' . $eDay . '/' . $eYear . "'"; 
//echo $sql; 
//return; 
$result = mysql_query($sql); 
while($row= mysql_fetch_array($result)){ 
if($row['eCount'] >=1){ 
$aClass = 'class="event"'; 
}elseif($row['eCount'] ==0){ 
$aClass ='class="normal"'; 
} 
} 
} 
return $aClass; 
} 
?> 
<div id="Calendar_Event"> 
<table width="350" cellpadding="0" cellspacing="0"> 
<tr> 
<td width="50" colspan="1"> 
<input type="button" value=" < " onClick="goLastMonth(<?php echo $month . ", " . $year; ?>);"> 
</td> 
<td width="250" colspan="5"> 
<span class="title" style="color:#FFFFFF"><?php echo $monthName . " " . $year; ?></span><br> 
</td> 
<td width="50" colspan="1" align="right"> 
<input type="button" value=" > " onClick="goNextMonth(<?php echo $month . ", " . $year; ?>);"> 
</td> 
</tr>  
<tr> 
<th>M</td> 
<th>T</td> 
<th>W</td> 
<th>T</td> 
<th>F</td> 
<th>S</td> 
<th>S</td> 
</tr> 
<tr> 
<?php 
for($i = 1; $i < $numDays+1; $i++, $counter++){ 
$dateToCompare = $month . '/' . $i . '/' . $year; 
$timeStamp = strtotime("$year-$month-$i"); 
//echo $timeStamp . '<br/>'; 
if($i == 1){ 
// Workout when the first day of the month is 
$firstDay = date("N", $timeStamp); 
for($j = 1; $j < $firstDay; $j++, $counter++){ 
echo "<td>&nbsp;</td>"; 
}  
} 
if($counter % 7 == 0 ){ 
?> 
</tr><tr> 
<?php 
} 
?> 
<!--right here--><td width="50" <?=hiLightEvt($month,$i,$year);?>><a href="<?=$_SERVER['PHP_SELF'] . '?month='. $month . '&day=' . $i . '&year=' . $year;?>&v=1"><?=$i;?></a></td>  
<?php 
} 
?> 
</table> 
</div> 
<div id="New_Event"> 
<?php 
if(isset($_GET['v'])){ 
if(isset($_POST['Submit'])){ 
$sql="insert into calTbl(calName,calDesc,calDate,calStamp) values('" . $_POST['calName'] ."','" . $_POST['calDesc'] . "','" . $_POST['calDate'] . "',now())"; 
mysql_query($sql); 
} 
$sql="select calName,calDesc, DATE_FORMAT(calStamp, '%a %b %e %Y') as calStamp from calTbl where calDate = '" . $month . '/' . $day . '/' . $year . "'"; 
//echo $sql; 
//return; 
$result = mysql_query($sql); 
$numRows = mysql_num_rows($result); 
  
$check=mysql_query("SELECT * FROM tbllogin WHERE Username='rhoda.barrera@dunlop.ph' AND Department='MIS'"); 
if (mysql_num_rows($check)>0){  
?> 
<a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">Add Even</a><a href="<?=$_SERVER['PHP_SELF'];?>?month=<?=$_GET['month'] . '&day=' . $_GET['day'] . '&year=' . $_GET['year'];?>&v=1&f=true">t</a><?php 
}else{ 
echo 'You cannot Add New Event'; 
}?> 
</div> 
<div id="Cal_Event"> 
<?php 
if(isset($_GET['f'])){ 
include 'calForm.php'; 
} 
if($numRows == 0 ){ 
echo ''; 
}else{ 
//echo '<ul>'; 
echo '<h3>Event Listed</h3>'; 
while($row = mysql_fetch_array($result)){ 
?> 
  
<h5><?=$row['calName'];?></h5> 
<?=$row['calDesc'];?><br/> 
Listed On: <?=$row['calStamp'];?> 
<?php 
} 
} 
} 
?> 
</div> 
</body> 
</html> 

I run a dev site locally on Windows and the real site on a hosting provider on LINUX. PHP5, XAMP, etc.

Locally my fopen works.
On the web server it throws an error: "Warning: fopen() [function.fopen]: Unable to access" filepath/name

The file exists on both servers; upper/lower case is correct; so are access rights.

I noticed the error only today; this was working for the last 7 months; the function serves a range of content-types; just tested XLS and it works.

Now I am stuck 

This line throws the error:
$handle = fopen($strPathFileName, 'rb');

$strPathFileName uses / only

Any pointers appreciated... thanks.