PHP - Extra Secure "readfile" Image?
Circumstance:
Question:
This works by having the actual image name stored in a hidden session variable, using the following lines of code on my readfile page "label.php" like this: Since I do not want customers to be allowed to ever see the image again after logging out, is it okay to rely on a hidden session variable for the filename as I described above? (Potential hackers will be less tempted to "try different image names and numbers" like "id1.png, id2.png, id3.png" because they will have no idea if the image will be a gif, jpeg, or png, nor have any idea of a numbering sequence.) Thank you!!
Similar TutorialsCan someone please help me with an array problem i can not figure out. I need the array to be numbered from 1 to how ever many fields that are needed in the form and have a mysql field name and the title of the field also in the array. 1, "mysql_field_name", "Title of form field" 2, "", "" and so on then the form will be shown based on the array. I have the following draft code which I am working with. any suggestions on how i may do this array ? Code: [Select] <?php $options = array( '1'=> array('fieldtext'=>'option1', 'mysqlfield'=>'option1'), '2'=> array('fieldtext'=>'option2', 'mysqlfield'=>'option2'), '3'=> array('fieldtext'=>'option3', 'mysqlfield'=>'option3'), '4'=> array('fieldtext'=>'option4', 'mysqlfield'=>'option4'), ); // $options = array(1 => "option1", "option2", "option3", "option4"); // the line above works but i want to include the name of the mysql field as well. $userid = 1; ?> <div style="align: center; margin: 12px; font-family:Tahoma;"> <br><br><?php if ($_POST['Update'] != "Update") { // check if form submitted yet, if not get data from mysql. $res = db_query("SELECT * FROM `users` WHERE `userid` = '" . $userid . "'"); foreach($options as $key => $value) { $_POST[$key] = mysql_result($res, 0, $value); } $ok_to_update = "no"; } elseif ($_POST['Update'] == "Update") { // check if form submitted yet, if so get POST data. // error checking // foreach($options as $key => $value) { // $_POST[$i] = ""; // } $ok_to_update = "yes"; } if ($_POST['Update'] == "Update" && $ok_to_update == "yes") { // $res = db_query("INSERT INTO `users` () VALUES ()"); // add user details to database. ?><p><br><br><br>Thank you for updating</p><?php } else { ?><form name="form1" method="post" action=""> <?php foreach($options as $key => $value) { ?><p><?php echo($value); ?>: <input type="text" name="<?php echo($key); ?>" value="<?php echo($_POST[$key]);?>"></p> <?php } ?> <input name="Update" type="submit" value="Update"> </form> <?php } ?> </div> Hi, bit stuck on how to find and replace "<" and ">" with "<" and ">". I basically have a database record that outputs to screen and I need the code in the <code> tags to be rendered to the screen. I therefore need it to go through the whole array variable from the db and change the symbols just inside the code tags. Please be aware that the code tags might happen more than once here's an example below Code: [Select] <p>blah blah blah</p> <p>blah blah blah</p> <p>blah blah blah</p> <code> <h1>hello</h1> </code> <p>blah blah blah</p> <p>blah blah blah</p> <p>blah blah blah</p> <code> <h1>hello</h1> </code> the desired output would be: <p>blah blah blah</p> <p>blah blah blah</p> <p>blah blah blah</p> <code> <h1>hello</h1 </code> <p>blah blah blah</p> <p>blah blah blah</p> <p>blah blah blah</p> <code> <h1>hello</h1 </code> help on this would be great Cheers Rob Do I need to check both the "Image Size" AND "Image Dimensions" for files that Users upload to my website? Currently I have... // ******************** // Check File-Size. * // ******************** if (empty($errors)){ // Check File-Size in Bytes. if (filesize($tempFile)<4000){ // File too small. $errors['upload'] = 'File-size must be greater than 4 Kilobytes.'; }elseif (filesize($tempFile)>100000){ // File too big. $errors['upload'] = 'File-size must be less than 100 Kilobytes.'; }else{ // File-Size Okay. // Continue Processing Upload... } }//End of CHECK FILE-SIZE I guess I haven't been worrying about "File Dimensions" because I resize everything here... // ********************** // Set New Dimensions. * // ********************** // Capture Dimensions on Original Image. $origWidth = imageSX($origImage); $origHeight = imageSY($origImage); if ($origWidth > $origHeight){ $newWidth = 100; $multiplier = $newWidth/$origWidth; $newHeight = $origHeight * $multiplier; } if ($origWidth < $origHeight){ $newHeight = 100; $multiplier = $newHeight/$origHeight; $newWidth = $origWidth * $multiplier; } if ($origWidth == $origHeight){ $newWidth = 100; $newHeight = 100; } Thanks, Debbie Hi, I want to separate out the file name from an image url. Not sure the best way to do it? I want to basically select all text after the last / slash. eg - image.jpg would be the result from http://www.google.com/images/image.jpg What's the best way to do it? Cheers Rob Hi guys I am a newbie with PHP and I have been trying to solve this problem for 3 days.. Ive set up a booking form on my website to be sent directly to my email once the client clicked on the send button.. The problem I am having while checking these pages on wamp is that the booking form is ok but when I click on the send button the following message error appears "Warning: mail() [function.mail]: Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set() in C:\wamp\www\fluffy_paws\booking_form2.php on line 27" When I check online I have this message "500 - Internal server error. There is a problem with the resource you are looking for, and it cannot be displayed." Are my codes wrong??? My webhosting is Blacknight.com , Im on Windows Vista, my internet is a dongle with O2 ireland Thanks for your help! Hi guys I'm struggling a bit, I need to replace a word that occurs multiple times in text with an array("up","down","forward","backwards") of words. $find = "left"; $replace = array("up","down","forward","backwards"); $text = "left left left left"; echo str_replace($find,$replace,$text); The Output is: array array array array Did try this with a foreach statement as well, but no luck. Is there a better way of doing this? Thanks A Code: [Select] <?php echo "names/new_batch/DataSheet.pdf"; ?> B Code: [Select] <?php $link = require( dirname( __FILE__ ) . '/../../../../essentials/myData.php' ); echo ($link); ?> when i call B the result is is shown with an extra "1" at the end names/new_batch/DataSheet.pdf1 What am I doing wrong? How can I get the output as "names/new_batch/DataSheet.pdf" cant work out this mysql syntax error "operation":"medupdate","medid":"","name":"ibo","medyear":"5","medmonth":"21","medday":"1","recuser":1,"SuccFail":"fail","SuccFailMessage":"error occured You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''WHERE med_id=' at line 2","ResultData":""} Code: [Select] $sql="update metodology set med_description='".$req['name']."', med_year='".$req['medyear']."', med_month='".$req['medmonth']."', med_day='".$req['medday']."', med_recorddate= now(), med_recorduserid= 1'"; $sql.= " WHERE med_id=".$req['medid']; I am getting the following error when using composer: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? Just started. I am pretty sure composer.json wasn't changed. journalctl doesn't show anything. Maybe Doctrine related, however, nothing seems to help.
Any ideas? [michael@devserver www]$ php -v PHP 7.3.4 (cli) (built: Apr 2 2019 13:48:50) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.4, Copyright (c) 1998-2018 Zend Technologies with DBG v9.1.9, (C) 2000,2018, by Dmitri Dmitrienko [michael@devserver www]$ composer -V Composer version 1.4.2 2017-05-17 08:17:52 [michael@devserver www]$ yum info composer Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.us.oneandone.net * epel: mirror.rnet.missouri.edu * extras: mirror.us.oneandone.net * remi-php73: mirror.bebout.net * remi-safe: mirror.bebout.net * updates: mirror.us.oneandone.net Installed Packages Name : composer Arch : noarch Version : 1.8.4 Release : 1.el7 Size : 1.8 M Repo : installed From repo : epel Summary : Dependency Manager for PHP URL : https://getcomposer.org/ License : MIT Description : Composer helps you declare, manage and install dependencies of PHP projects, : ensuring you have the right stack everywhere. : : Documentation: https://getcomposer.org/doc/ [michael@devserver www]$ composer update Loading composer repositories with package information Updating dependencies (including require-dev) [ErrorException] "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? update [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [--no-suggest] [--with-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|--interactive] [--root-reqs] [--] [<packages>]... [michael@devserver www]$
This topic has been moved to Linux. http://www.phpfreaks.com/forums/index.php?topic=318175.0 Which is better? if(!isset($_SESSION['user'])) { exit; } if($_SESSION['user'] !== 'SiteOwner') { exit; } - or - if(!isset($_SESSION['user'])) { exit; } else { if($_SESSION['user'] !== 'SiteOwner') { exit; } }
Is the "if else" version more secure? Thank you. Edited June 18 by ChenXiuHi, I currently have an if, elseif, else program that starts off with Code: [Select] if( $v_name == "" || $v_msg == "" ) echo "something" how do I turn this into a switch? but the very next elseif I have Code: [Select] elseif( strcspn( $_REQUEST['msg'], '0123456789' ) == strlen( $_REQUEST['msg'] ) ) echo "something" is it possible to turn this into a switch with 2 different strings like that to evaluate? I have a registration form on my website and after Registration I want the user to activate first his account. I don't have problem on sending this email to the user. What I want to appear is like this.. GoodDay "username", Blah Blah! how can you actually do that? I know that you can do that through session variables but the thing is email's can't accept scripts on sending emails. how can I get the value from a session variable for example and convert it to plain html text so that i can OUTPUT it to the email.. HELP PLEASE! This topic has been moved to PHP Installation & Configuration. http://www.phpfreaks.com/forums/index.php?topic=347922.0 Hi all, Using a form with check boxes divided into different categories, I collect data selected by the user. I now want to combine each choice in each category with each choice in the other categories and list the combinations to the user. If the user chooses one or more options in each category, it is relatively easy to nest foreach loops, since the number of categories will always be the same. For example, if the form contains three categories of options, the code will be: Code: [Select] foreach ($form['cat_1'] as $k1 => $val1) { foreach ($form['cat_2'] as $k2 => $val2) { foreach ($form['cat_3'] as $k3 => $val3) { echo $val1.' _ '.$val2.' _ '.$val3.'<br/>'; } } } Things get complicated if the user does not select options within a given category. More generally, I want to be able to generate the list regardless of the number of categories in which the user selects options. Thank you in advance for your advice. Hey guys! I have the following doubt: I have a php file that does the following alongside with other code not displayed he $fp = fopen("emails.txt", "w"); It opens a txt file called emails.txt that is in the same folder where the php is saved but how do I tell $fp = fopen("/folderbefore/emails.txt", "w"); ?? In other words, how do I write the path on the script that the emails.txt is located in a previous folder where the php file is located?? Thanks in advance for your help Cheers! hello, I was wondering what is the point of writing for a dropdown: <?php if ($_POST[inputfieldID] == "value") { echo "selected"; } ?> or for a checkbox/ radio button: <?php if ($_POST['cb/radioID'] == "value") { echo "checked"; } ?> I guess it's for after submit, if there is any error, the values filled will still be echoed in the inputfield, or am i wrong? But then if that is true, i have a php search box where i use AJAX object to to send all the input they filled in after submit. But after pushing submit the inputted values remain. I guess when using AJAX to send the information i don't need <?php if ($_POST[inputfieldID] == "value") { echo "selected"; } ?> in my html forms? Little confused Can maybe somebody bring clearness Been just trying to test out some basic code that utilizes gd. In Chrome i receive a blank page. In firefox I get "The image "image.php" cannot be displayed because it contains errors". There is no whitespace before or after the php tags, which seems to cause this error sometimes. $image = imagecreate(200,20); $background = imagecolorallocate($image, 0, 0, 0); $foreground = imagecolorallocate($image,255,255,255); imagestring($image, 5, 5, 1, "Test", $foreground); header("Content-type: image/jpeg"); $imagejpeg($image); I am just following a tutorial, and at this point in the tutorial i should get at least some garbled text, if not an image. I looked at other common causes. gd2 is un-commented in php.ini. phpinfo shows: GD Support enabled GD Version bundled (2.0.34 compatible) FreeType Support enabled FreeType Linkage with freetype FreeType Version 2.4.3 GIF Read Support enabled GIF Create Support enabled JPEG Support enabled libJPEG Version 6b PNG Support enabled libPNG Version 1.2.46 WBMP Support enabled XBM Support enabled gd.jpeg_ignore_warning 0 0 I have not found any other solutions to try, or maybe I have made an error is checking these solutions. Any advice with be great! Thank you for your time. Weird question. I am using a captcha class which creates the code/image simply by doing this: Code: [Select] <img src="captcha.php"> The captcha.php file has lots of code of course, but this being key to my question: Code: [Select] header("Content-Type: image/jpeg"); ImageJpeg($image); Can I do it so I can create the image in the PHP of the actual script executing, so I don't have to call captcha.php in the image? - So it would look like this: (well no, but I think this explains what I want) Code: [Select] <img src="<?php echo $captchaCreated; ?>"> I am using a MVC design and don't see why the captcha should try and change this. Hi All, Just wondering whether it is possible to resize a jpg image to a specific size in bytes (while preserving height/width ratio). Thanks for any clues! |