|
PHP - Is It Bad For A Photos Folder To Be Publicly Accessible?
I'm talking like /uploads at the main folder where index.php or index.html goes
These photos theoretically are meant to be publicly viewed anyway so what is bad about that?
Let's say profile pictures.
I mean couldn't anyone scrape facebook and "steal" profile pictures? I don't know why but I'm just wondering.
Similar TutorialsHi guys, I hope you may be able to shed some light on a problem I am having. I am fairly new to PHP although do understand bits and peices such as login system. Basically - I have a website with lets say 10 users (more like 500 but that will do for now!) - Each user has their own page wich is password protected. Each month - I want to be able to upload PDF files to the server - which CAN ONLY BE ACCESSED BY THE RELEVANT user. They must not be able to see each others PDF files. To do this I have been advised to have a non-web accessible folder on my server to put the PDF's in and then use PHP to handle the operation. Therefore my path would be: 1/ User logs into page 2/ User clicks the PDF link 3/ PF link goes to PHP page that checks they are logged in and then the PDF they want before delivering to the server. I do actually understand the theory but my PHP is not at the stage where I can just write the code that will handle the operation. I am also very confused over how to access the non-web accessible files! Could anyone please give me an example of the code I will need to use to a) check the user is logged in (I guess I can use the same code I used for the login) and then b) call the relevant PDF and display it? I have been given a path of c:\blahblahblah to access my PDF files but don't even know how to begin implimenting this! Here is the code I use for my login system. Could anyone show me how to adapt it to get what I need? Thank so much for anyone that can help - hopefully I will be in a position to give back one day! -------------------------------------------- if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM mydb WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; header("Location:" . strtolower($username) . ".php"); AND THEN IN THE HEADER OF THE PAGES <?php session_start(); if(!isset($_SESSION['loggedin'])) { header('Location: /login.php'); } elseif ($_SESSION['username'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) { // Logged in user attempting to view someone else's page header("Location:" . strtolower($_SESSION['username']) . ".php"); exit; } ?> Again - any help would be truly appreciated. I will say now that the last person I asked said "Use the open() function - that'll work!" ...... answers like that are a bit lost on me at the moment and leave me even more confused! Cheers in advance How can I make my PHP script non accessible to users? I am wanting to cron the script and don't want anybody to spam the script as it would cause performance issues if it was constantly spammed by a user. Can I put the PHP file anywhere that only the server can run it?
Thanks any info would be awesome.
I got this script: But it give me error, file_get_contents cannot open stream. I need to add the FTP connection with user/pass paramaters. then look in set http url, to get the file contents(images) and transfer to ftp server location. Can Anyone take alook and tell me if I am going down the right path and how to get there. Please Code: [Select] function postToHost($host, $port, $path, $postdata = array(), $filedata = array()) { $data = ""; $boundary = "---------------------".substr(md5(rand(0,32000)),0,10); $fp = fsockopen($host, $port); fputs($fp, "POST $path HTTP/1.0\n"); fputs($fp, "Host: $host\n"); fputs($fp, "Content-type: multipart/form-data; boundary=".$boundary."\n"); // Ab dieser Stelle sammeln wir erstmal alle Daten in einem String // Sammeln der POST Daten foreach($postdata as $key => $val){ $data .= "--$boundary\n"; $data .= "Content-Disposition: form-data; name=\"".$key."\"\n\n".$val."\n"; } // Sammeln der FILE Daten if($filedata) { $data .= "--$boundary\n"; $data .= "Content-Disposition: form-data; name=\"".$filedata['name']."\"; filename=\"".$filedata['name']."\"\n"; $data .= "Content-Type: ".$filedata['type']."\n"; $data .= "Content-Transfer-Encoding: binary\n\n"; $data .= $filedata['data']."\n"; $data .= "--$boundary--\n"; } // Senden aller Informationen fputs($fp, "Content-length: ".strlen($data)."\n\n"); fputs($fp, $data); // Auslesen der Antwort while(!feof($fp)) { $res .= fread($fp, 1); } fclose($fp); return $res; } $postdata = array('var1'=>'today', 'var2'=>'yesterday'); $filedata = array( 'type' => 'image/png', 'data' => file_get_contents('http://xxx/tdr-images/images/mapping/dynamic/deals/spot_map') ); echo '<pre>'.postToHost ("localhost", 80, "/test3.php", $postdata, $filedata).'</pre>'; I'm storing website files online and each user can upload their own files and admin can upload files for that user specifically. How would I go about making sure nobody else can download their PDF file? Would it be a case of assigning a folder for each user's documents and not allowing access to any other user to that folder?
Thanks in advance.
When login in (in login.php), the script is assigning user information to scalar variables like so: $user_name = $assoc['user_name']; $user_id = $assoc['user_id']; Now I'd like to make use of those variables on other pages like this for example: echo "Posted by " . $user_name; I want that to be visible for everybody, even if the user logs out. Any ideas? I want to copy everything in templates/blue to the folder code/ However: shell_exec("cp -r 'templates/blue' 'code'"); Creates a folder called blue inside code. I tried cp -r 'templates/blue/*' 'code', but that didn't do anything. Any ideas? How should I go about keeping track of photos that a user has rated, since I only want the user to rate the photo once? Can I store arrays in a mysql database? thanks, George I have some thousands of photos about nature I ll let visitors/members to see them one by one, but I dont want to show them the same photo again after they visit 1 week later How can I do this ? What I think as a solution is; For members; I can store the ids (like "everest01") of the photos that member has visited , and show user the most visited photos that he/she has not see for next visit. But what I m wondering is, how will I take the photos from DB ? select * from photos WHERE id not in ( $thousandsofvisitedphotoids ) ?? I m stuck here ? For visitors ( not members ) ; I can set a cookie that keeps the ids of visited photos.. when visitor visits the website again, I take the cookie and sent to $thousandsofvisitedphotoids and make a query again ? I m stuck here, How you guys do this ? what's the logic of this ? Hi! I am creating a small project somewhat like a photo gallery as my first practice page. I just would like to know how can I alter photos or file in php. Or should I just do a delete and then upload a new one? Thanks in advance... My photo files are not being displayed in my table? They get sent to the mySQL database, then the server and it does grab all the other variables in the table and displays them, but the .jpg's are not shown, instead theres just the file name?? Code: [Select] <?php error_reporting(E_ALL); ini_set("display_errors", 1); echo '<pre>' . print_r($_FILES, true) . '</pre>'; //This is the directory where images will be saved $target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES"; $target = $target . basename( $_FILES['upload']['name']); //This gets all the other information from the form $company_name=$_POST['company_name']; $basicpackage_description=$_POST['basicpackage_description']; $location=$_POST['location']; $postcode=$_POST['postcode']; $upload=($_FILES['upload']['name']); // Connects to your Database mysql_connect("server****", "username***", "password****") or die(mysql_error()) ; mysql_select_db("DB") or die(mysql_error()) ; //Writes the information to the database mysql_query("INSERT INTO `Companies` (company_name, basicpackage_description, location, postcode, upload) VALUES ('$company_name', '$basicpackage_description', '$location', '$postcode', '$upload')") ; echo mysql_error(); //Writes the photo to the server if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { //Tells you if its all ok echo "The file ". basename( $_FILES['upload']['name']). " has been uploaded, and your information has been added to the directory"; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file."; } ?> "upload" is the variable that isnt displaying in my table how i want it to? Have you guys any ideas how to get it displayed correctly? This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=354562.0 I was thinking of a board where you can bookmark the photos from Facebook.
It may require an App and a "Facebook Login" for the website, so one can bookmark photos from Facebook. The website would have additional features for the photos.
I thought of an "Add to ..." function.
Is this possible with the Facebook API?
Edited by glassfish, 07 October 2014 - 02:31 PM. Hi friends, I have two mysql db tables, photos and album, I would like to list photos by album how do i do that ? CREATE TABLE `album` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `album_name` varchar(95) NOT NULL, `album_desc` text NOT NULL, PRIMARY KEY (`id`) ); CREATE TABLE `photos` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `album_id` int(11) NOT NULL, `thumb_name` varchar(255) NOT NULL, `photo_name` varchar(250) NOT NULL, PRIMARY KEY (`id`) ) Hello. My website has a photo gallery of thumbnails that is created by reading all photo files in a specified directory. Here is my function that builds the array which is ultimately displayed in the gallery...
<?php
function getPhotoFilesArray($photoPath){
/**
* Takes path to photo-directory, and returns an array containing photo-filenames.
*/
// Initialize Array.
$photoFiles = array();
// Check for Photo-Directory.
if (is_dir($photoPath)){
// Photo-Directory Found.
// Open Directory-Handle.
$handle = opendir($photoPath);
// Open Photo-Directory.
if($handle){
// Initialize Key.
$i = 1001;
// Iterate through Photo-Directory items.
while(($file = readdir($handle)) !== FALSE){
// Return next Filename in Directory.
// Define fullpath to file/folder.
$fullPath = $photoPath . $file;
// Populate Array.
if(!is_dir($fullPath)
&& preg_match("#^[^\.].*$#", $file)){
// Not Directory.
// Not Hidden File.
// Add to array.
$photoFiles[$i] = $file;
$i++;
}//End of POPULATE ARRAY.
}//End of ITERATE THROUGH PHOTO-DIRECTORY ITEMS
closedir($handle);
}//End of OPEN PHOTO-DIRECTORY
}else{
// Photo-Directory Not Found.
// Redirect to Page-Not-Found.
header("Location: " . BASE_URL . "/utilities/page-not-found");
// End script.
exit();
}//End of CHECK FOR PHOTO-DIRECTORY
return $photoFiles;
}//End of getPhotoFilesArray
?>
Everything works fine locally in DEV, but when I uploaded my website (and photos) onto a webserver, the photos are appearing in a backwards order in PROD. This is annoying, because I want the photos displayed chronologically from oldest (first) to newest (last). I'm not sure where the problem is happening, because each photo was taken with my camera and by nature of the camera, photo names are incremented by one, so IMG_001.jpg would have been taken FIRST, followed by IMG_002.jpg, IMG_003.jpg, and so on. How can I fix things so the photos are displayed in the order they were physically taken AND match how things display locally in DEV? Thanks!
I have users becoming members and allowed them to upload their own photos. But when they try to upload 5MB photos, it takes time to upload the photo, and sometimes server gives a timeout error. I have searched and found javascripts that uploads to the server but I have noticed that it has security problems. So how do you let users to upload photos ? Does anyone know of a good tutorial on uploading a picture file to a folder using php and copying the name to the database in mysql? Resizing photos on upload is helpful also...If you know it works...some I have tried do not work. Not asking for someone to write code for me but info or tutorial would be nice. Or maybe a code that has worked for you that is similar that I could learn from and edit... I can upload the actual photo into the database but it slows it way down. I have heard of loading the name only and resizing the photo and sending the actual photo to a file folder on the server. The few codes I have tried were not successful. Thanks for any guidance. I appreciate it. I have a page for image uploads and I just realized it will only work if a user already has on picture uploaded. If they don't it won't work. The ones that do fail some photos anyway which is probably that they don't pass the image check but when I put echoes in there to trace what happens any user with an empty gallery can't upload a photo because the page says there is no file in the $_FILES['image']['name'] variable. Here are the initial conditions and the form (leaving out the image processing etc since that works): Code: [Select] if (!isset($_SESSION['user'])) die("<br /><br /> You need to log in to view this page"); $user = sanitizeString($_SESSION['user']); $view = sanitizeString($_GET['view']); $dir = './grafik/users/'.$user.'/big/'; $files = scandir($dir); $len = count($files); $nr= $len-1; $maxPhotos = 8; if ($view == $user) { echo "view is user"; if(!file_exists("grafik/users/$user")) { mkdir("grafik/users/$user"); mkdir("grafik/users/$user/big/");} } if (!isset($_FILES['image']['name'])) echo "There is no file <br />$dir - $user - $nr"; if (isset($_FILES['image']['name'])) { echo "<br />...is a file <br />$dir - $user - $nr"; $photoName="$dir$user$nr.jpg"; move_uploaded_file($_FILES['image']['tmp_name'], $photoName); $typeok = TRUE; .... <form method='post' action='gallery.php?view=$user' enctype='multipart/form-data'> Upload another photo: <br /> Max $maxPhotos allowed, max filesize 2Mb <br /> <input type='file' name='image' size='10' /><br /> <input type='submit' value='Upload' /> </form> I can't see why it wouldn't let me but I have a feeling someone here knows why. I need help with my webpage here, how do you get so if you are at http://www.blabla.com/account.php and then click on a photo, it will go to www.blabla.com/photo.php?id=1 but still be at account.php? Just like facebook shows their photos. I dont know how to think nor to get it work. Would appreciate some help! ThNXX 1n 4dv4nc3 // Machram! I have a php page that creates a photo gallery with thumbnails. It is populated by code that reads all photo files from a specified photo directory. This was working fine in DEV, but now that I have uploaded to my test web server, the pictures are in reverse order. Not the end of the world, yet annoying, because they should be in chronological order. Files names are straight off my iPhone (e.g. IMG_2203.jpg, IMG_2204.jpg, IMG_2207.jpg) What is happening, and how can I fix this? Thanks! If you goto http://www.actionfx.net/bfd/photos.php you will see that im trying to show an rss feed from http://picasaweb.google.com/data/feed/base/user/114565750484201639035?alt=rss&kind=album&hl=en_US&access=public My code works well if its just text on the rss but it does not work on this particular rss. I want the photos to show up on my page also. Im hoping someone here can be so kind to help me out with this coding. Below is my code. Code: [Select] <?php $feed_url = "http://picasaweb.google.com/data/feed/base/user/114565750484201639035?alt=rss&kind=album&hl=en_US&access=public"; // INITIATE CURL. $curl = curl_init(); // CURL SETTINGS. curl_setopt($curl, CURLOPT_URL,"$feed_url"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 0); // GRAB THE XML FILE. $xmlTwitter = curl_exec($curl); curl_close($curl); // SET UP XML OBJECT. // Use either one of these, depending on revision of PHP. // Comment-out the line you are not using. //$xml = new SimpleXMLElement($xmlTwitter); $xml = simplexml_load_string($xmlTwitter); // How many items to display $count = 10; // How many characters from each item // 0 (zero) will show them all. $char = 100; foreach ($xml->channel->item as $item) { if($char == 0){ $newstring = $item->description; } else{ $newstring = substr($item->description, 0, $char); } if($count > 0){ //in case they have non-closed italics or bold, etc ... echo"</i></b></u></a>\n"; echo" <div style='font-family:verdana; font-size:.12;'> <b>{$item->title}</b><br /> $newstring ... <span class='redlink' id='redlink' style='redlink'> <a href='{$item->guid}'>read more</a> </span> <br /><br /> </div> "; } $count--; } ?> |
|||||||