|
PHP - Passing Session In Two Different Hosting
Hello, we got a site running in to different servers, the other one is a sub domain that will be use as internal pages and the other one is external. As of that I need to pass session to see if a user details.
Is there a another secure way to pass session data to other server without storing on the database?
Similar TutorialsHaving some problems with PHP session i currently use cookies to log users in, but i have decided to use php session instead but i can get it to work, it simply dose not pass the variables unless include session id in every single link on my website, can anyone tell me where i am going wrong these are the session setting from php.in session.use_cookies = 1 session.use_only_cookies = 0 session.name = usersesid session.auto_start = 1 session.cookie_lifetime = 0 session.referer_check = 1 session.cache_expire = 180 session.use_trans_sid = 1 I'm building a login page that then redirects to a new page. But it seems the session isn't working. But I don't know much about sessions, so I'm not sure what I might be doing wrong. The login page sets the session with this code: Code: [Select] // Fetch the result - This will tell us whether this user exists $userExists = mysql_fetch_assoc($doQuery); // If user exists log them in if($userExists){ mysql_free_result($doQuery); mysql_close(); // Set the SESSION variables $_SESSION['first_name'] = $userExists['first_name']; $_SESSION['id'] = $userExists['id']; The page that it redirects to is this: Code: [Select] <?php session_start(); if(isset($_SESSION['id'])) { echo "<html><body><p> You are now logged in,{$_SESSION['ID']}.</p>"; } else { echo 'something went wrong'; exit(); } ob_end_flush(); ?> I have my php pages set up like this: 1. log in with login.php 2. that sends you to main.php 3. in main.php, there are links to page-a.php, page-b.php, page-c.php, etc. when you type in a password at login.php, it passes your input to main.php. the correct password is hardcoded in main.php. if it matches, a session variable is set, which should be able to be used on page-a.php, page-b.php, page-c.php, etc. to verify that whoever accesses those pages has gone through the login process. if the session variable doesn't match (or null) the user is redirected to the login page. also the session variable is checked (recursively) when accessing main.php, just like the other pages. the problem is, it's as if each page starts over. the session variable does not make it beyond the page that sets it. it should be passed on to the next page but it's not. I used an echo statement in page-a.php to verify and rem'd out the rest of the code. no echo because session value is null, page goes on to load the html. without the code rem'd out it redirects the user to login.php. code: LOGIN.PHP <? session_start(); if(isset($_SESSION['aaa'])) unset($_SESSION['aaa']); ?> <html> <head> <title>title</title> </head> <body> <table width="400" align="center" border="0" bordercolor="#000099" bordercolordark="#000066" bordercolorlight="#6666FF"> <tr bgcolor="#B0C4DE"> <td> <form action="main.php" method="POST"> <p align="center"><strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#FFFFFF"><br> Password</font></strong> <input name="pwfield" type="password" value size="20" maxlength=20> <input type="submit" value="Login"></p> </form> </td></tr></table> </body></html> MAIN.PHP <? if ($_SESSION['aaa']!="abcdef") { $password="twinkies"; if ($_POST["pwfield"]==$password) $_SESSION['aaa']="abcdef"; // successful login else {header("Location: login.php"); exit();} } ?> <html> <head> <title>title</title> </head> <body> <a href="page-a.php">Page A</a> <a href="page-b.php">Page B</a> <a href="page-c.php">Page C</a> </body></html> PAGE-A.PHP <? echo $_SESSION['aaa']; //if ($_SESSION['aaa']!="abcdef") //header("Location: login.php"); //exit(); ?> <html> <head> <title>title</title> </head> <body> ... Hi, I have a user/password protected page that displays a list of clients. When clicking on them you're redirected to the client record update page. This is how I am linking to taht page now: Code: [Select] <a href="DIST_clientes_update.php?id_cliente=<?php echo $row_clients_RS['id_cliente']; ?>The problem with this is that the client id is appended to the url and so if the user chnges it will be able to access records from a different user...and I dont want that. So I have created a session: Code: [Select] $_SESSION["idCliente"] = $row_clients_RS['id_cliente'];but how do I pass it to the update page without showing in the url? Thanks I have a script that was written and tested on another server, but now when I transferred it to the live server, session values are not being passed. I made a couple test pages to check and confirmed that the only issue is the session variables. Here is the test I performed. Please tell me what I'm missing: page1.php <? session_start(); $_SESSION['var1'] = 'testing'; print_r($_SESSION); ?> Returns: Array ( [var1] => testing ) page2.php <? session_start(); print_r($_SESSION); ?> Returns: Array () Hi All, I am using the uploadify script available at http://uploadify.com/ Now I can get the file uploads working fine with the script below: Code: [Select] <?php session_start(); ?> <link href="/uploadify/uploadify.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="/uploadify/jquery-1.3.2.min.js"></script> <script type="text/javascript" src="/uploadify/swfobject.js"></script> <script type="text/javascript" src="/uploadify/jquery.uploadify.v2.1.0.min.js"></script> <input id="fileInput" name="fileInput" type="file" /> <script type="text/javascript">// <![CDATA[ $(document).ready(function() { $('#fileInput').uploadify({ 'uploader' : '/uploadify/uploadify.swf', 'script' : '/uploadify/uploadify.php', 'cancelImg' : '/uploadify/cancel.png', 'auto' : true, 'folder' : '<?php echo $_SESSION['filepath']."/downloads/"; ?>', 'multi' : true }); }); // ]]></script> The problem that I am having is that I also store the mysql connection details in session vars (they change depending on who logs in). I have tried a number of ways of "passing" these session vars to the uploadify.php file which does the grunt work of the uploading, but I can never seem to access them. I obviously dont want to pass them to the uploadify.php script through the js because that will show my credentials in the source code. So, the question is, how can I access these session vars in the called file. I assume its a combination of session_write_end() and session_start() but I havent got the right combination yet. Alright, So i want to pass a session from www.mysite.com to mobile.mysite.com And i'm doing so by calling this on the top of every page on each site: <?php session_set_cookie_params(360000, "/",".mysite.com"); session_start(); print_r($_SESSION); ?> yet, the session data that is set on one subdomain is NOT printed on the other subdomain. I've even tried destroying the sessions several times to start over. But it won't work. What could be up? Thanks Hola, I'm trying to create a web form to insert info into my database using session variables. I'm at my wits end at this point. The reset button does its job but when you click submit it doesn't do anything. I'm using the template from the lynda.com essential php web form tutorials. Any help would be appreciated Here is the client-side header code I'm working with, <?php header("Expires: Thu, 17 May 2001 10:17:17 GMT"); // Date in the past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0 session_start(); if (!isset($_SESSION['SESSION'])) require ( "include/session_init.php"); $arVal = array(); require_once("include/session_funcs1.php"); // make sure the seesion vars are initialized... reset ($arVal); while (list ($key, $val) = each ($arVal)) { if (!isset($_SESSION[$key])) $_SESSION[$key] = ""; } if ($_SESSION["eventgenre_sel"] == "") $_SESSION["eventgenre_sel"] = 0; // if the bFlg is true then some validation problems in the data. // namely a blank field or a submission without the feedback page. // just present a general error... $flg = ""; $error = ""; if (isset($HTTP_GET_VARS["flg"])) $flg = $HTTP_GET_VARS["flg"]; switch ($flg) { case "red": $error = "<br><font class=\"txt12_red\">Please fill out all the required fields.<br>Please Try Again.<BR></font>"; break; case "blue": $error = "<br><font class=\"txt12_red\">Your Session has Expired.<br>Please Try Again.</font><BR>"; break; case "pink": $error = "<br><font class=\"txt12_red\"><BR>The Special Code you entered is not valid.<br>Please Try Again or Leave that field blank.</font><BR>"; break; case "white": $error = "<br><font class=\"txt12_red\"><BR>The fields are too long for our Database.<br>Please correct your data via this form.</font><BR>"; break; default: $error = ""; } ?> <?php echo $_SERVER['SCRIPT_NAME']."<BR>"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="detect800.css"/> <link rel="stylesheet" type="text/css" href="detect1024.css"/> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript" src="detect.js"></script> <link href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/themes/base/ui.all.css" rel="stylesheet" type="text/css" /> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script> <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.0/jquery-ui.min.js" type="text/javascript"></script> <script src="jquery.ui.datetimepicker.js" type="text/javascript"></script> <script type="text/javascript"> $(function() { $('#eventdate').datetimepicker(); }); </script> <script src="imageflow.js" type="text/javascript"></script> <script src="highslide-full.js" type="text/javascript"></script> <script src="autosuggest.js" type="text/javascript"></script> <script type="text/javascript"> hs.graphicsDir = 'graphics/'; </script> <script language="javascript"> function SubmitForm() { var form = document.forms[0]; var bRequired = true; if((form.eventname.value.length < 1) || (form.eventvenue.value.length < 1) || (form.eventdate.value.length < 1) || (form.eventgenre.value.length < 1) || (form.eventprice.value.length < 1) || (form.eventpromoter.value.length < 1) || (form.eventflyer.value.length < 1)) { alert("Please fill out all the required fields."); bRequired = false; } if (!bRequired) return false; form.eventgenre_sel.value = form.state.selectedIndex; form.submit(); } function ResetForm() { var form = document.forms[0]; form.eventname.value = ""; form.eventvenue.value = ""; form.eventdate.value = ""; form.eventgenre.value = ""; form.eventprice.value = ""; form.eventpromoter.value = ""; form.eventflyer.value = ""; form.eventgenre_sel.value = ""; } </script> </head> This is the client side form code <form action="scripts/register.php" method="post" name="userevent" id="userevent"> <input name="eventgenre_sel" type="hidden" id="eventgenre_sel" value="<?php echo $_SESSION['eventgenre_sel'] ?>" /> <?php echo $error; ?> <fieldset> <label for="eventname" accesskey="n" ><span>Event Name</span> <input type="text" name="eventname" id="eventname" value="<?php echo $_SESSION['eventname_sel'] ?>" size="32" maxlength="30" /></label> <div id="autosuggest"><ul><li></li></ul></div> <label for="eventvenue" accesskey="v" ><span>Event Venue</span> <input type="text" name="eventvenue" id="eventvenue" size="32" value="<?php echo $_SESSION['eventvenue'] ?>" maxlength="30" /></label> <script type="text/javascript"> var venues = new Array("Republik", "HiFi Club", "Bamboo Tiki Room", "Tantra", "Jubilee Auditorium", "Ironwood Stage & Grill", "Broken City", "Soda", "Amsterdam Rhino", "Olympic Plaza", "Stampede Casino", "Habitat Living Sound", "Cantos Music Foundation", "Flames Central", "Prince's Island Park", "Beat Niq Jazz & Social Club", "Giuseppe's Italian Market", "BLVD", "Fourth on 4th", "Opus on 8th", "Local 510", "Local 522", "Raw Bar", "Jupiter Restaurant & Bar", "Vern's", "Lord Nelson's", "Kings Head Pub", "Blind Beggar Pub", "Viscous Circle", "Milk Tiger Lounge", "Pengrowth Saddledome", "Tubby Dog", "Marquee Room", "Distillery Public House", "Cafe Koi", "Mikey's Juke Joint & Eatery", "Palomino", "Atlantic Trap & Gill", "Drake Inn", "Radiopark Music Room", "Rusty Cage South", "Big Al's Good Times Bar", "Rose & Crown", "Tudor Rose Pub", "Elbow River Casino & Lounge", "Rusty Cage Central", "Rusty Cage South", "Rusty Cage North", "Olive Grove", "Shamrock Hotel", "Woody's Taphouse Southland", "Woody's Taphouse Country Hills", "Murrieta's West Coast Bar & Grill", "Stageline Saloon", "Pig & Pint", "Ranchman's", "Red Pepper Pub", "Stavro's Steak House & Lounge Ranchlands", "Stageline Saloon", "Whiskey"); new AutoSuggest(document.getElementById("eventvenue"),venues); </script> <label for="eventdate" accesskey="d" ><span>Event Date</span> <input type="text" name="eventdate" id="eventdate" value="<?php echo $_SESSION['eventdate'] ?>" size="32" maxlength="30" /></label> <label for="eventgenre" accesskey="g" ><span>Event Genre</span> <select name="eventgenre" id="eventgenre"> <option value="none">--select one--</option> <option value="HipHop">Hip-Hop</option> <option value="Funk">Funk</option> <option value="Soul">Soul</option> <option value="Metal">Metal</option> <option value="Punk">Punk</option> <option value="Blues">Blues</option> <option value="Jazz">Jazz</option> <option value="Trance">Trance</option> <option value="Breaks">Breaks</option> <option value="Electro">Electro</option> <option value="House">House</option> <option value="DNB">Drum'N'Bass</option> <option value="Dubstep">Dubstep</option> <option value="Lounge">Lounge</option> <option value="Top40">Top 40</option> </select> </label> <label for="eventprice" accesskey="p" ><span id="eventprice">Event Price</span> <input type="text" name="eventprice" id="eventprice" value="<?php echo $_SESSION['eventprice'] ?>" size="6" maxlength="4"/></label> <label for="eventpromoter" accesskey="c" ><span id="eventpromoter">Event Promoter</span> <input type="text" name="eventpromoter" id="eventpromoter" value="<?php echo $_SESSION['eventpromoter'] ?>" size="25" maxlength="23"/></label> <label for="eventflyer" accesskey="f" ><span id="eventflyer">Event Flyer (jpg or png MAX 300kb)</span> <input type="file" name="eventflyer" id="eventflyer" value="<?php echo $_SESSION['eventflyer'] ?>" size="25" maxlength="23"/></label> <input type="button" name="Reset" value="Reset" onclick="ResetForm();"> <input type="button" name="Submit" value="Submit" onsubmit="return validateForm(this);" onclick="SubmitForm(); return false; " > </fieldset> </form> <script language="javascript"> // set the selection box values... var form = document.forms[0]; form.eventgenre.selectedIndex = parseInt("<?php echo $_SESSION['eventgenre_sel'] ?>"); </script> And this is the server-side code. <?php $debug = FALSE; /************************************************************ Adjust the headers... ************************************************************/ header("Expires: Thu, 17 May 2001 10:17:17 GMT"); // Date in the past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0 /***************************************************************************** Check the session details. we will store all the post variables in session variables this will make it easier to work with the verification routines *****************************************************************************/ session_start(); if (!isset($_SESSION['SESSION'])) require_once( "include/session_init.php" ); $arVal = array(); require_once("include/session_funcs1.php"); reset ($_POST); while (list ($key, $val) = each ($_POST)) { if ($val == "") $val = "NULL"; $arVals[$key] = (get_magic_quotes_gpc()) ? $val : addslashes($val); if ($val == "NULL") $_SESSION[$key] = NULL; else $_SESSION[$key] = $val; if ($debug) echo $key . " : " . $arVals[$key] . "<br>"; } /********************************************************************************************** Make sure session variables have been set and then check for required fields otherwise return to the registration form to fix the errors. **********************************************************************************************/ // check to see if these variables have been set... if ((!isset($_SESSION["eventname"])) || (!isset($_SESSION["eventvenue"])) || (!isset($_SESSION["eventdate"])) || (!isset($_SESSION["eventgenre"])) || (!isset($_SESSION["eventprice"])) || (!isset($_SESSION["eventpromoter"])) || (!isset($_SESSION["eventflyer"]))) { resendToForm("?flg=red"); } // form variables must have something in them... if ($_SESSION['eventname'] == "" || $_SESSION['eventvenue'] == "" || $_SESSION['eventdate'] == "" || $_SESSION['eventgenre'] == "" || $_SESSION['eventprice'] == "" || $_SESSION['eventpromoter'] == "" || $_SESSION['eventflyer'] == "") { resendToForm("?flg=red"); } // make sure fields are within the proper range... if (strlen($_SESSION['eventname']) > 35 || strlen($_SESSION['eventvenue']) > 35 || strlen($_SESSION['eventdate']) > 35 || strlen($_SESSION['eventgenre']) > 35 || strlen($_SESSION['eventprice']) > 35 || strlen($_SESSION['eventpromoter']) > 35 || strlen($_SESSION['eventflyer']) > 35 ) { resendToForm("?flg=white"); } /********************************************************************************************** Insert into the database... **********************************************************************************************/ $query = "INSERT INTO td_events (seventname, seventvenue, seventdate, seventgenre, seventprice, seventpromoter, seventflyer) " ."VALUES (".$arVals['eventname'].", ".$arVals['eventvenue'].", ".$arVals['eventdate'].", ".$arVals['eventgenre'] .", ".$arVals['eventprice'].", ".$arVals['eventpromoter'].", ".$arVals['eventflyer'].")"; //echo $query; $result = mysql_query($query) or die("Invalid query: " . mysql_error() . "<br><br>". $query); $insertid = mysql_insert_id(); /*** This following function will update session variables and resend to the form so the user can fix errors ***/ function resendToForm($flags) { reset ($_POST); // store variables in session... while (list ($key, $val) = each ($_POST)) { $_SESSION[$key] = $val; } // go back to the form... //echo $flags; header("Location: ./user_registration.php".$flags); exit; } ?> <p>SUCCESS!<br> The event was entered in the database!<br> You probably want to redirect to a thank you page or send an email to the user for confirmation.<br> <br> <br> Here are the variables...<br> <?php reset ($arVals); while (list ($key, $val) = each ($arVals)) { echo $key . " : " . $arVals[$key] . "<br>"; } echo "<br><br>The SQL Statment was:<br>"; echo $query."<br><br><br><br>"; ?> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <?php /********************************************************************************************** CREATES THUMBNAIL **********************************************************************************************/ //define a maxim size for the uploaded images define ("MAX_SIZE","1024"); // define the width and height for the thumbnail // note that theese dimmensions are considered the maximum dimmension and are not fixed, // because we have to keep the image ratio intact or it will be deformed define ("WIDTH","500"); define ("HEIGHT","650"); // this is the function that will create the thumbnail image from the uploaded image // the resize will be done considering the width and height defined, but without deforming the image function make_thumb($img_name,$filename,$new_w,$new_h) { //get image extension. $ext=getExtension($img_name); //creates the new image using the appropriate function from gd library if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext) || !strcmp("JPG",$ext)) $src_img=imagecreatefromjpeg($img_name); if(!strcmp("png",$ext) || !strcmp("PNG",$ext)) $src_img=imagecreatefrompng($img_name); //gets the dimmensions of the image $old_x=imageSX($src_img); $old_y=imageSY($src_img); // next we will calculate the new dimmensions for the thumbnail image // the next steps will be taken: // 1. calculate the ratio by dividing the old dimmensions with the new ones // 2. if the ratio for the width is higher, the width will remain the one define in WIDTH variable // and the height will be calculated so the image ratio will not change // 3. otherwise we will use the height ratio for the image // as a result, only one of the dimmensions will be from the fixed ones $ratio1=$old_x/$new_w; $ratio2=$old_y/$new_h; if($ratio1>$ratio2) { $thumb_w=$new_w; $thumb_h=$old_y/$ratio1; } else { $thumb_h=$new_h; $thumb_w=$old_x/$ratio2; } // we create a new image with the new dimmensions $dst_img=ImageCreateTrueColor($thumb_w,$thumb_h); // resize the big image to the new created one imagecopyresampled($dst_img,$src_img,0,0,0,0,$thumb_w,$thumb_h,$old_x,$old_y); // output the created image to the file. Now we will have the thumbnail into the file named by $filename if(!strcmp("png",$ext)) imagepng($dst_img,$filename); else imagejpeg($dst_img,$filename); //destroys source and destination images. imagedestroy($dst_img); imagedestroy($src_img); } // This function reads the extension of the file. // It is used to determine if the file is an image by checking the extension. function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } // This variable is used as a flag. The value is initialized with 0 (meaning no error found) // and it will be changed to 1 if an error occurs. If the error occurs the file will not be uploaded. $errors=0; // checks if the form has been submitted if(isset($_POST['Submit'])) { //reads the name of the file the user submitted for uploading $image=$_FILES['eventflyer']['name']; // if it is not empty if ($image) { // get the original name of the file from the clients machine $filename = stripslashes($_FILES['eventflyer']['name']); // get the extension of the file in a lower case format $extension = getExtension($filename); $extension = strtolower($extension); // if it is not a known extension, we will suppose it is an error, print an error message // and will not upload the file, otherwise we continue if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "JPG") && ($extension != "PNG") && ($extension != "png")) { echo '<h1>Unknown extension!</h1>'; $errors=1; } else { // get the size of the image in bytes // $_FILES[\'image\'][\'tmp_name\'] is the temporary filename of the file in which // the uploaded file was stored on the server $size=getimagesize($_FILES['eventflyer']['tmp_name']); $sizekb=filesize($_FILES['eventflyer']['tmp_name']); //compare the size with the maxim size we defined and print error if bigger if ($sizekb > MAX_SIZE*500) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; } //we will give an unique name, for example the time in unix time format $image_name=$filename; //the new name will be containing the full path where will be stored (images folder) $newname="flyers/".$image_name; $copied = copy($_FILES['eventflyer']['tmp_name'], $newname); //we verify if the image has been uploaded, and print error instead if (!$copied) { echo '<h1>Copy unsuccessfull!</h1>'; $errors=1; } else { // the new thumbnail image will be placed in images/thumbs/ folder $thumb_name='flyers/thumb_'.$image_name; // call the function that will create the thumbnail. The function will get as parameters // the image name, the thumbnail name and the width and height desired for the thumbnail $thumb=make_thumb($newname,$thumb_name,WIDTH,HEIGHT); }} }} //If no errors registred, print the success message and show the thumbnail image created if(isset($_POST['Submit']) && !$errors) { echo "<h1>Thumbnail created Successfully!</h1>"; echo '<img src="'.$thumb_name.'">'; } ?> Hello, I am new. I have created a very simple webpage that has content the changes when a link is clicked. The site works perfectly on my "localhost". I am running Apache 2.2 and PHP 5.3 on localhost. When I upload to my GoDaddy shared hosting, ( I beleive Apahe 1.3 and PHP 5.2) my "index.php" displays fine on load. However, when any of the links are clicked the content area where it is supposed to change disapeears. Here is a sample of the code that I am using: // These are the links in the index.php html code... <li><a href="index.php?id='home'" id="home" name="home">Home</a></li> <li><a href="index.php?id='form'" id="form" name="form">Register</a></li> <?php include("form1.php"); getPage(); ?> html.... Then on the form1.php page is the following code... function getPage() { $linkID = $_GET['id']; if ($linkID == NULL) { changeBool("'home'"); } else changeBool($linkID); } //end example The function "changeBool()" has a switch structure that is determined by the $_GET[] var. I beleive this has something to do with the php.ini settings, possibly the apache settings...any ideas would be greatly appreciated. Hello - I have usually run my own servers, and always drop my .php files with MYSQL connection strings in a directory like /var, with webroot being /var/www/mysite. I now find myself in a shared hosting environment for a client and wondering the safety of my connection string .php files. Unfortunately they are sitting in a folder in the root of my hosting directory right now, and they feel vulnerable. It seems the only thing I could do would be to put the root of my hosting into a subdirectory, point the site there, and then put my connection strings on directory back. But seems the problem is they are still in my shared hosting. What's the best way to secure this type of sensitive info in a shared environment? I'm also getting ready to explore credit card processing via an API, and wondering if shared hosting is even worth it. Thanks!! Hi; I had an email from my hosting company which said that my account was hacked and one script in images folder is trying to send thousands of spams(file name : "/public_html/images/sm5vy7.php"). they blocked my account and asked me to check if there is any script or code that may cause this problem. The only server side page I had was a contact.php file that has mail() function in it. the code is like this; "if( isset($_POST['submit'])) { $name=$_POST['name']; $comment=$_POST['comment']; $email=$_POST['email']; $phone=$_POST['phone']; $to = "sample@gmail.com"; $subject = "sample"; $message = "sample"; $from = "$email"; $headers = "Content-type:text;charset=utf-8" . "\r\n"; $headers .= "From: $from" . "\r\n"; mail($to,$subject,$message,$headers); }" My question is "can the code I used cause any security problem that someone be able to create a php file in my images folder or someone has accessed my account?" Thank you in advance I'm really in a big trouble Hello guys, I have created a mini image hosting website. Well, I have successfully coded the file upload, including security to allow certain image extensions and size as a beginner in PHP. However, only one thing remains is the image link. You can view the website on this address http://mini-image-hosting.99k.org/ where it is currently hosting on a free web hosting account with a free sub-domain. Right now, only the image can be uploaded and is being stored in a directory. Nevertheless, I want that when the person uploads an image, he gets also the link, for example: http://mini-image-hosting.99k.org/xxx.jpg something like that. Can you help me for this? I launched my new website about a month ago. I switched from one web host to another due to poor hosting performance. Now I'm running into the same issue again -- poor web hosting performance.
My first web host was Hostgator. My current web host is AT&T. I hate the thought of switching to a different web host every month trying to find one that will reliably host my site. Does anyone here have a reliable web host that they use and would recommend?
My question is relative since what is reliable for a simple web site, may not be reliable for one that is more complex. For this reason, I can't simply trust web host reviews.
My website isn't overly complicated, but it's more complex than just basic HTML. It uses a lot of PHP, as well as a MySQL database that only has two small tables. The website uploads and downloads small text files regularly. It also sends E-mail attatchments quite often.
Because I just launched, my website isn't getting a ton of traffic -- about 10 users per day. However, I'm beginning to run into the same problem as before. My web host's server is starting to show itself as being unreliable. As with my first web host, it seems as if it may be due to overcrowding on the shared server.
Do any of you run any moderately complex websites? If so, who do you use for a reliable web host?
I've considered setting up my own server with a LAMP configuration and hosting the site myself. However, I don't know a lot about Linux or Apache, and so would like to avoid this. But because the computer would only be hosting my own website, and no one else's, I have to believe that a LAMP setup would be more reliable than a shared server that is overcrowded.
A reliable web host is really what I'm looking for. But I don't want to keep going down the road of trial and error. If anyone uses a web host that reliably supports their moderately-complex website, then I would love to hear from you. I'm sick of my site failing due to server issues. Like the Duracel commercial says, "It just has to work!"
Please forgive me if you feel that my post doesn't correctly fit the forum category. I tried to figure out which category best fits this topic, but none of them seemed to be perfectly suitable.
Thank you for your time, as well as for any suggestions.
I'm running about 50 domains on a private host that's going out of business, so I need to move providers soon. The Amazon or Google cloud platforms are intriguing. Does anyone have any experience using either for website hosting?
My current solution is a Plesk management interface. So, I'm hoping to install the same wherever I go (because migrating 50 domains manually ...)
Code: [Select] <div id="recent"> <p class="title"><?php echo "Staff Picks"; ?></p> <div id="gallery"> <?php $i = 0; while($album = mysql_fetch_row($recent)): ?> <?php if(++$i%4 == 1): ?><div><?php endif; ?> <?php $image = mysql_fetch_row(mysql_query('SELECT `id`, `extension` FROM `image` WHERE `album_id`='.$album[0].' ORDER BY `id` DESC LIMIT 0,1')); ?> <a href="<?php echo WEB; ?>a/<?php echo alphaID($album[0]); ?>"> <img src="<?php echo WEB; ?>small/<?php echo alphaID($image[0]); ?>.<?php echo $image[1]; ?>" alt=""/> </a> <?php if($i%4 == 0): ?></div><?php endif; ?> <?php endwhile; ?> <?php if($i%4 != 0): ?></div><?php endif; ?> </div> I have this code, which on my image hosting website, displays a grid of the latest albums of images that users upload. I really have no experience in Php. I to change this code to simply display a grid of albums that i choose, not the latest. Like 'staff picks' instead of 'most recent'. Any help would be greatly appreciated. Hey Friends,
I am new to this forum, and does not know anything about programming. And I require very small help from the experts of forum. I have downloaded free image hosting script from web & it is not working fine, it gets stuck at basic.php (one of the file in script). I am sharing the script here also sharing the website. My website : bsm1313.5gbfree.com
Note : I have uploaded a rar file. Kindly change extension to .rar from .php. as it was not allowing me to upload the rar file.
Any kind of help is highly highly appreciated. Thanks a ton in advance.
Attached Files
easyimagehoster_1.32.php 35.46KB
5 downloads Forbidden You don't have permission to access /cgi-bin/sendmail.php on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Hi: I have a site hosted (shared) on 1and1.com hosting, and they seem to have a file upload limit of 2MB. Is there a way to overwrite this? I have been trying a .htaccess and php.ini file, but can't get it to work. The folder with the upload form is called "admin," in the ROOT of the site. Been trying (in both the ROOT and the "admin" folder): php.ini Code: [Select] ; Maximum size of POST data that PHP will accept. post_max_size = 8M ; Maximum allowed size for uploaded files. upload_max_filesize = 8M ini_set('memory_limit','128M'); .htaccess (in both the ROOT and the "admin" folder): Code: [Select] php_value memory_limit 24M That is all the code in each file - am I missing some code? Can this be done? Thank you. I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated |
|||||||