PHP - How To Restrict A User From Accessing Directory Structure By Changing The Url?

Hi,

I have created a session based logon system using php and MYSQL from some tutorials I found online which is working very successfully. I can log on and of and move through different pages with no problems.

My query is how do I output or display the information that is specific to the user which is currently logged on and block access to any other users information. I am quite sure there is a simple solution that is escaping me.

If you could point me in the right direction it would be greatly appreciated.

Thanks in advance

Hi,
I am creating an application that manages movie information. I was wondering if there was a way of letting a user navigate to a directory and select it as their default movie directory. i will then scan the sub directory names and compare them to a table in the Db. This latter part I can manage, its letting a user define their own default directory that is causing me problems.
Any examples I have found are relating to file uploading similar to this

Code: [Select]
<form name="file_uploader" action="upload.php" method="post" enctype="multipart/form-data">
<input type="file" name="data"><br />
<input type="submit" name="upload" value="Upload File">
</form>
Thanks for your time and consideration.

Ran the following but got a segfault as it doesn't seem to support php7.4.

./vendor/bin/concrete5 c5:install -i

So I changed ./vendor/bin/concrete5 from:

#!/usr/bin/env php
<?php
...

to

#!/usr/bin/env php72
<?php

...

I am sure I will forget I did this and would rather configure either the directory or the user to use php72.  Is this possible?

Also, should I be making any other changes?  For instance, maybe:

"config": {"platform": {"php": "7.2.30"}}

Thanks

Hi guys, I've got a snippet of code that's supposed to make a new directory with the user's unique ID (member_id) in the database. I have the code here but I get a myriad of errors including the infamous "at line 1 error, and the directory does not create. Please help me!!

//Create Directory
$queryString2 = $_SERVER['QUERY_STRING'];
$query2 = "SELECT member_id FROM members WHERE $queryString2 = $row[activation]"; 
$result2 = mysql_query($query2) or die(mysql_error());
mkdir("/home/gafferzo/www/members/clubs/" . mysql_result($result2,0), 0777);  

I have a page site.com/register/signup.php

I want to echo out the current directory:  register.

When I use getcwd() I get:

/home/user1234/public_html/register
instead of:
register

or if I am inside this directory   site.com/register/image/
then I want to echo out:
register/image

I have also tried the server[self] command but that too gives you the full directory.  Does anyone know how to echo out only the current directory starting AFTER the public_html?

When having different levels of directories, using relative paths will not work anymore, for example:


controller
- authentication

File 1: include('../../model/header.php')



model

File 2: header.php



view

File 3. style.css



The header.php file includes the css file with a relative path, but the problem is it includes it as follows: ../view/style.css


When now the header.php file gets included into File 1 in the folder "authentication", then the css file will not be accessible anymore, for it to be accessible you would have to go two directories up.

In this sense my question is, what would be the proper path structure for a folder structure with multiple levels? Should I rather use absolute paths, I am not so prone of absolute path. What if the folders changes a bit, or the domain changes, or the location changes?

I'm trying to write a script that changes my user passwords. I store the passwords in the DB as a md5 hash. My code is below, I keep getting error that the original username and password do not match. I require that the original credentials match so I can verify that I'm changing the password for the correct user.

I suspect my problem is here but I'm not su
Code: [Select]
$result = mysql_query("SELECT password FROM $tbl_name WHERE username='$username' and password = '".md5($pass)."'");
Code: [Select]
<?php
$username = check_input($_POST['username']);
$password = check_input($_POST['password']);
$newpassword = check_input($_POST['newpassword']);
$confirmpassword = check_input($_POST['confirmpassword']);

if (!isset($_POST['submit'])) { // if page is not submitted to itself echo the form
} else {
$result = mysql_query("SELECT password FROM $tbl_name WHERE username='$username' and password = '".md5($pass)."'");
if(mysql_num_rows($result)){
    if($newpassword==$confirmpassword){
        $sql=mysql_query("UPDATE $tbl_name SET password='$newpassword' where username='$username'");        
        if($sql) 
        { 
                echo "Password Changed";
        }
        else
        {
            // In case when problem while updating your new password
           echo "Error changing password, please email webmaster@mydomain.com";
        }       
    } else {
        // In case when new-password and retype-password do not match
        echo "New and confirmed password do not match please try again.";
    }
} else {
    // In case of you have not correct User name and password
echo "Current username and password do no match."; 
}
}
?>


<div class="pageContent">
    <div id="main">
<div class="container">
<h1></h1>
               <h2>More text goes here.</h2>
</div>
   
<div class="container">
<!-- All protected data goes in here -->
<?php
if($_SESSION['id']){
echo '<form action="" method="post">';
echo '<h2>Username: </h2><input type="text" name="username" size="50" maxlength="255"><br/>';
echo '<h2>Password: </h2><input type="text" name="password" size="50" maxlength="255"><br/>';
echo '<h2>New Password: </h2><input type="text" name="newpassword" size="50" maxlength="255"><br/>';
echo '<h2>Confirm Password: </h2><input type="text" name="confirmpassword" size="50" maxlength="255"><br/>';
echo '<input type="submit" name="submit" value="Change Password">';
echo '</form>';
} else {
echo '<h1>Please, <a href="index.php">login</a> and come back later!</h1>';
}
?>
<!-- End: All protected data goes in here -->
</div>
       
      <div class="container tutorial-info">
      Footer goes here. 
  </div>
    </div>
</div>

Any ideas?

hi im new to php   im using a script that i found at the link below:   http://forums.devshe...sql-891201.html   It works fine but i have added a couple of fields to the database : telephone    and   mobile_telephone   Ive change the register.php to include these fields but im struggling with the edit_account   Could anyone help please

Hi guys,

I've been working on a script for a while now,
and I'm sure it doesn't look great and all, and it's probably really messed up..
But right now I've finally got it working!
There's only 1 thing I'd really like to add..
Searching through & listing of remote directories!
The directories I'm trying to list have directory listings enabled,
and I think it *should* be possible.
I just have no clue how.

Here's my current code in a beautiful mix of HTML and PHP:


<?
$border_size = "0";

function returner($what) {
$what=explode("/",$what);
$tps=count($what);
$what=$what[$tps-1];
return $what;
}

$page_url= "";
$home_url=returner(__FILE__);
if(isset($_GET['q'])) {
$qtext=$_GET['q'];
} else {
$qtext="";
}
function getdirsize($directory, $format=FALSE) {
$size = 0;
if(substr($directory,-1) == '/') {
$directory = substr($directory,0,-1);
}
if(!file_exists($directory) || !is_dir($directory) || !is_readable($directory)) {
return -1;
}
if($handle = opendir($directory)) {
while(($file = readdir($handle)) !== false) {
$path = $directory.'/'.$file;
if($file != '.' && $file != '..') {
if(is_file($path)) {
$size += filesize($path);
}
elseif(is_dir($path)) {
$handlesize = getdirsize($path);
if($handlesize >= 0) {
$size += $handlesize;
} else {
return -1;
}
}
}
}
closedir($handle);
}
if($format == TRUE) {
if($size / 1048576 > 1) {
return round($size / 1048576, 1).' MB';
}
elseif($size / 1024 > 1) {
return round($size / 1024, 1).' KB';
} else {
return round($size, 1).' bytes';
}
} else {
return $size;
}
}

if(isset($_GET['type'])){
  $type=$_GET['type'];
} else {
  $type="new";
}

$textures=0;
$models=0;
$avatars=0;
$seqs=0;
$sounds=0;

foreach (glob("textures/*.jpg") as $texture){
$textures++;
}
foreach (glob("models/*.zip") as $model){
$models++;
}
foreach (glob("avatars/*.zip") as $avatar){
$avatars++;
}
foreach (glob("seqs/*.zip") as $seq){
$seqs++;
}
foreach (glob("sounds/*.zip") as $sound){
$sounds++;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>ObjectPath Search</title>
<style type="text/css">
#wrapper {
width: 850px;
margin: 30px auto 30px auto;
padding: 10px;
}

body 
{
color:#C6C6C6;
background:#1E1E1E;
/* margin:0; padding:0; */
overflow-x:hidden;
}

#tabs {
font: 85% "Trebuchet MS", sans-serif;
}

.left {
float: left;
}

.right {
float: right;
}

a:link, a:visited, a:active {
color: #3DB015;
text-decoration: none;
}

a:hover {
color: #00E0FF;
}

h2 {
color: #3DB015;
padding-bottom: 0.2em;
font-size: 110%;
}
ul#icon {margin: 0; padding: 0;}
ul#icon li {margin: 1px; position: relative; padding: 1px 0; cursor: pointer; float: left;  list-style: none;}
ul#icon span.ui-icon {float: left; margin: 0 1px;}
</style>
<link type="text/css" href="http://objects.jk-hosting.com/search/css/black-tie/jquery-ui-1.8.2.custom.css" rel="stylesheet" />
<script type="text/javascript" src="http://objects.jk-hosting.com/search/js/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="http://objects.jk-hosting.com/search/js/jquery-ui-1.8.2.custom.min.js"></script>
<script type="text/javascript">
function formHandler(form){
var URL = document.form.site.options[document.form.site.selectedIndex].value;
window.location.href = URL;
};

$(function(){
// Tabs
$('#tabs').tabs();
});
</script>
</head>
<body>
<div id="wrapper">
<div id="tabs"> <!-- Tabs start -->
<ul>
<li><a href="#tab-search">Search</a></li>
<li><a href="#tab-list">List Objects</a></li>
<li><a href="#tab-info">OP info</a></li>
</ul>

<div id="tab-search"><!-- Searchtab start -->
Please enter a string to search for, and choose a folder to search in. <br /><br />
<form name="Search">
<input type='hidden' value='search' name='type'>
<input value='<? print $qtext; ?>' type='text' name='q'> 
<select name='map'>
<option selected='selected' value='models'>Models</option>
<option value='avatars'>Avatars</option>
<option value='textures'>Textures</option>
<option value='seqs'>Seqs</option>
<option value='sounds'>Sounds</option></select> <input type='submit' value='Search'>
</form>
</div> <!-- Searchtab end -->

<div id="tab-list"><!-- Listtab start -->
Please pick a folder to browse. <br /><br />
<form name="form">
<select name="site" onChange="javascript:formHandler()">
<option value="#">Look in folder...</option>
<option value="<? print $page_url; ?>?type=list&map=models">Models</option>
<option value="<? print $page_url; ?>?type=list&map=avatars">Avatars</option>
<option value="<? print $page_url; ?>?type=list&map=textures">Textures</option>
<option value="<? print $page_url; ?>?type=list&map=seqs">Seqs</option>
<option value="<? print $page_url; ?>?type=list&map=sounds">Sounds</option>
</select>
</form>
</div> <!-- Listtab end -->

<div id="tab-info"><!-- Info tab start -->  
The OP currently contains: <br /><br />
<table>
<tr><td><b><? echo $models; ?></b></td> <td>Models</td></tr>
<tr><td><b><? echo $avatars; ?></b></td> <td>Avatars</td></tr>
<tr><td><b><? echo $textures; ?></b></td> <td>Textures</td></tr>
<tr><td><b><? echo $seqs; ?></b></td> <td>Seqs</td></tr>
<tr><td><b><? echo $sounds; ?></b></td> <td>Sounds</td></tr>
</table>
</div> <!-- Info tab end -->
</div> <!-- Tabs end -->
</div>

<!-- Start PHP generated content -->

<?
if($type=="search" || $type=="list") {
$M=$_GET['map'];
if($type=="search") {
$Q=$_GET['q'];
$empty="Nothing found with <b>\"" . $Q . "\"</b> in it's name.<br />\nPlease make a more general search query, or try a different folder.\n\n";
} else {
$Q="";
$empty='This folder is empty';
}
if($M=="textures") {
$ext="jpg";
} else {
$ext="zip";
}
$i=0;
print "<hr>\n";
$endfile=array();
$endsize=array();
$endsize2=array();
    foreach (glob($M."/*".$Q."*.".$ext) as $filename) {
$filename = explode(".", $filename);
$filename=$filename[0];
$filename = explode("/", $filename);
$filename=$filename[1];
$i++;
$endfile[$i]=$filename;
if($ext=="jpg") {
$endfile[$i]="<a name='".$endfile[$i]."' href='".$pageurl."?type=view&name=".$endfile[$i]."&folder=".$M."&from=".$type."&addon=".$Q."'>".$endfile[$i]."</a>";
}
$endsize[$i]=$size;
$endsize2[$i]=$size2;
}
if($i != 1) {
print "<b>".$i."</b> items were found.\n<hr>\n";
} else {
print "<b>".$i."</b> item was found.\n<hr>\n";
}
    echo("<table width='100%' border='" . $border_size . "' cellspacing='0' cellpadding='0' >\n");
if($i!=0) {
for ($t = 1; $t < $i; $t++) {
$thumbfile = $M."/".$endfile[$t].'.jpg';
if(file_exists($thumbfile)) {
$thumbnail = "<a name='".$endfile[$t]."' href='".$page_url."?type=view&name=".$endfile[$t]."&folder=".$M."&from=".$type."&addon=".$Q."'><ul id='icon'><li class='ui-state-default ui-corner-all' title='".$endfile[$t]."'><span class='ui-icon ui-icon-image'></span></li></ul></a>";
} else {
$thumbnail = "";
}
if($t=="1") {
echo("<tr><td width='10%'>Number</td><td width='3%'><ul id='icon'><li class='ui-state-default ui-corner-all' title='".$endfile[$t]."'><span class='ui-icon ui-icon-image'></span></li></ul></td><td width='60%'>Name</td></tr>\n");
}
echo("<tr><td>" . $t . "</td><td>".$thumbnail."</td><td>" . $endfile[$t] . "</td></tr>\n");
flush();
}
$thumbfile = $M."/".$endfile[$t].'.jpg';
if(file_exists($thumbfile)) {
$thumbnail = "<a name='".$endfile[$t]."' href='".$page_url."?type=view&name=".$endfile[$t]."&folder=".$M."&from=".$type."&addon=".$Q."'><ul id='icon'><li class='ui-state-default ui-corner-all' title='".$endfile[$t]."'><span class='ui-icon ui-icon-image'></span></li></ul></a>";
} else {
$thumbnail = "";
}
echo("<tr><td>" . $t . "</td><td>".$thumbnail."</td><td>" . $endfile[$t] . "</td></tr>\n");
}
print "</table>\n";     
if($i=="0") {
print $empty;
}
} elseif($type=="view") {
$filename=$_GET['name'];
$folder=$_GET['folder'];
  
if($_GET['from']=="list"){
$addon="?type=list&map=".$folder."#".$filename;
}

if($_GET['from']=="search"){
$addon="?type=search&q=".$filename."&map=".$folder."#".$filename;
}
print"<center><a href='".$home_url."'>Home</a></center>";
print "<hr>\n<center><img src='".$folder."/".$filename.".jpg'></img></center>\n<hr>\n<br />\n<a href='".$page_url."".$addon."'>Previous Page</a>\n";
}
$htmlshow="";
if($_GET['type']=="returnOPfile") {
if(isset($_GET['split'])) {
$splitter=$_GET['split'];
} else {
$splitter=" | ";
}
if(isset($_GET['html'])) {
$htmlshow="<br />";
}
foreach (glob("textures/*.jpg") as $texture){
if(isset($_GET['size'])) {
$size=$splitter.filesize($texture);
}
    $texture = explode("/", $texture);
$texture=$texture[1];
print "textures".$splitter.$texture.$size."\n".$htmlshow;
}
  
foreach (glob("models/*.zip") as $model){
if(isset($_GET['size'])) {
$size=$splitter.filesize($model);
}
    $model = explode("/", $model);
$model=$model[1];
print "models".$splitter.$model.$size."\n".$htmlshow;
}
  
foreach (glob("avatars/*.zip") as $avatar){
if(isset($_GET['size'])) {
$size=$splitter.filesize($avatar);
}
    $avatar = explode("/", $avatar);
$avatar=$avatar[1];
print "avatars".$splitter.$avatar.$size."\n".$htmlshow;
}
  
foreach (glob("seqs/*.zip") as $seq){
if(isset($_GET['size'])) {
$size=$splitter.filesize($seq);
}
    $seq = explode("/", $seq);
$seq=$seq[1];
print "seqs".$splitter.$seq.$size."\n".$htmlshow;
}
    foreach (glob("sounds/*.zip") as $sound){
if(isset($_GET['size'])) {
$size=$splitter.filesize($sound);
}
      $sound = explode("/", $sound);
$sound=$sound[1];
print "sounds".$splitter.$sound.$size."\n".$htmlshow;
}
}
?>

<!-- End PHP generated content -->

</body>
</html>


So right now my question to you PHP freaks is,
can you please help me edit my script so I can search through a remote directory?

*This* is one of the directories I wish to be able to search through & list..

Thanks in advance. 

Edit;
It might help if you know what the site currently looks like.
*Click*

Hey guys i have a script that i made with multiple permissions..

i need to add in the pages restitutions for diffrent levels..


so i got the level


$query = "SELECT * FROM users WHERE `username`='$username_from_cookie'"; 

$numresults=mysql_query($query);
$numrows=mysql_num_rows($numresults); 

// get results
$result = mysql_query($query) or die("Couldn't execute query");

// now you can display the results returned
while ($row10= mysql_fetch_array($result)) {

$permissions= $row10["permissions"];

echo '$permissions';

}


Now to restick im ok with like to but more then that i get confused..

this shows navigation on levels of permissions..


if ($row10['permissions'] == 2) {
print "<a href=\"U.php\"><img src=\"./Icons/Users.png\" title=\"Prof\" /></a>";
}
else {
print "<img src=\"./Icons/Users_o.png\"/>";
}


2 levels


 if ($row10['permissions'] == 5) {
print "<a href=\"Prof_1.php\"><img src=\"./Icons/sec.png\" title=\"Enseignant(e)\"/></a>";
} elseif ($row10['permissions'] == 2) {
print "<a href=\"Prof_1.php\"><img src=\"./Icons/sec.png\" title=\"Enseignant(e)\"/></a>";
} else {
print "<img src=\"./Icons/sec_o.png\" title=\"Enseignant(e)\"/>";
}


ok so instead of have 10 lines of codes can i

$row10['permissions'] == 5&2&3   ???

and can i do if not permissions ==5 redirect to loggin..
thanks

i have made an delete files script which works for only one directory but not sub directory so i want to delete files of same extention from directory and subdirectory.

My current code is

Code: [Select]

<?

$dir = 'hmm/';

function scanr($dir){

$arr = glob($dir.'/*.jpg');
foreach($arr as $vv){



//check if $vv is a file
if(is_file($vv)){

//if file, get the filename
$vx=explode('/',$vv);
$file=$vx[count($vx)-1];


// if no extension delete the file
unlink($vv);
// print the deletion message
echo $vv." deleted!<br>";}else{
// if $vv is a dir then scan it again for files
scanr($vv);
}}
}

scanr($dir);
?>

What is the best way to force a user to input numeric value into a form, with the following condition:
Either the number is an integer (positive or negative or zero), or non integer but limited to the one digit behind the dot (e.g. 1.2 is valid, but 1.21 is not)?
I know I can test it in the server side, but I prefer it to be on the form side.

Can it be in the HTML level?

I am trying to find a workaround for people using bookmarks and executing them simultaneously forcing a script to run thousands of times in just a second. Is there a way I can implement a token or a short bit of javascript that would force the user to use the link vs bookmarked URL pages?

Sorry if I am being vague here but its really causing me issues having people doing this on my site.

Hi, I have been searching everywhere to try to figure out how to restrict the number of chararacters shown when I do a while loop of data. The one I want to restrict is Property_Short_Description here -

<?php
echo "2.gif vspace=5 border=0><br />";
echo $row['Property_Short_Description'];}
?>

Thanks so much