|
PHP - Denying Access To Folder Of Website Except Thru A Specific Php File
Hello first time poster here . Soni have been in the proccess of designing a website that would give images to users . But only owner of an image will get thier own image . And some people may not access thier image whom are invalid untill i make them valid users. Si.my problem is i want to stop people from accessing these images by typing thier mysite.com/path and these files only be accessable via a php that is in my website . How do i go about doing that . Is it iam my new to this or there is not a convenient way to do this . Thanks in advance Similar TutorialsHi guys, I hope you may be able to shed some light on a problem I am having. I am fairly new to PHP although do understand bits and peices such as login system. Basically - I have a website with lets say 10 users (more like 500 but that will do for now!) - Each user has their own page wich is password protected. Each month - I want to be able to upload PDF files to the server - which CAN ONLY BE ACCESSED BY THE RELEVANT user. They must not be able to see each others PDF files. To do this I have been advised to have a non-web accessible folder on my server to put the PDF's in and then use PHP to handle the operation. Therefore my path would be: 1/ User logs into page 2/ User clicks the PDF link 3/ PF link goes to PHP page that checks they are logged in and then the PDF they want before delivering to the server. I do actually understand the theory but my PHP is not at the stage where I can just write the code that will handle the operation. I am also very confused over how to access the non-web accessible files! Could anyone please give me an example of the code I will need to use to a) check the user is logged in (I guess I can use the same code I used for the login) and then b) call the relevant PDF and display it? I have been given a path of c:\blahblahblah to access my PDF files but don't even know how to begin implimenting this! Here is the code I use for my login system. Could anyone show me how to adapt it to get what I need? Thank so much for anyone that can help - hopefully I will be in a position to give back one day! -------------------------------------------- if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM mydb WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; header("Location:" . strtolower($username) . ".php"); AND THEN IN THE HEADER OF THE PAGES <?php session_start(); if(!isset($_SESSION['loggedin'])) { header('Location: /login.php'); } elseif ($_SESSION['username'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) { // Logged in user attempting to view someone else's page header("Location:" . strtolower($_SESSION['username']) . ".php"); exit; } ?> Again - any help would be truly appreciated. I will say now that the last person I asked said "Use the open() function - that'll work!" ...... answers like that are a bit lost on me at the moment and leave me even more confused! Cheers in advance I have searched around and found this code that suggests that I should be able to read an image file and echo it directly in to the page without hyperlinking to the file that is outside the public folder, but i get the error message that it is not there even though the file is. Warning: getimagesize() [function.getimagesize]: Unable to access "/home/****/upload/AAABBBCCC.JPG" in /home/****/public_html/client.php on line 40 Code: [Select] $image = "AAABBBCCC.JPG"; $path= "/home/****/upload/"; $details = getimagesize($path . $image); header ('Content-Type: ' . $details['mime']); echo file_get_contents($path . $image); Hi I am trying to create a dynamic gallery in php with specific order of pictures on the page, but I can't find the function or piece of php code to do so.
Conditions: My code:
$files = glob("layout/gallery/*.jpg");
rsort($files, SORT_NATURAL);
for ($i=0; $i < count($files); $i++) {
for( ; $i<5; $i++){
$one = $files[$i];
echo '<img src="'.$one.'">' . '<br><br>';
}
echo "<br>";
for( ; $i<9; $i++){
$two = $files[$i];
echo '<img src="'.$two.'">' . '<br><br>';
}
}
The code works well, but it just displays 9 pictures obviously. I was unable to make it dynamic displaying 5 pictures first, 4 pictures after and stay this way in a loop till displays all pictures from that folder. Hey all. another quick question. here is the output of my 2D array: Code: [Select] array(2) { ["folder.jpg"]=> array(2) { ["valid"]=> bool(true) ["error"]=> bool(false) } ["file.mp3"]=> array(2) { ["valid"]=> bool(true) ["error"]=> bool(false) } } how can i foreach my way into getting an iterator that points to the folder.jpg and file.mp3? as is now, i have something that looks like this: foreach($arr as $val){ var_dump($val) } the var_dump of $val is an *array*. Thanks for your help! Hi guys, in my database i have the table called users, where i have 5 fields (id, username, email, password, user_level) - for the user_level field i have 2 options administrator and editor.
What i want to do is that when the user who is logged in have administrator in the user_level field to see all the pages from backend, and the user who have in the user_level field editor to see only some of the pages from the backend such as newsletter, or messages.
I hope you understand what i'm asking if not fell free to ask me if you need more specific details.
I tried to make a php page called access.php wher i put the following code, but not working
<?php
session_start();
$sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id");
$user_level = $mysqli->query($sql);
echo $user_level;
if ($user_level !="administrator") {
echo "You are not the proper user type to view this page";
die();
}
?>
Hope you can help me. Thx in advance for help.
I have a page using forms to help build listing templates for eBay. I have a folder where I have hundreds of logos stored. I know the logo names but not their extensions. . . . I have to test each potential (jpg, jpeg, gif, png, etc.) until I guess right. Here is an example code for the web form:
<form action="extension_test2.php" method="post"> <p>Logo: <input name="e" value="" type="text" size="15" maxlength="30" /><p> <input name="Submit" type="Submit"/> </form> and the form's result: <? $e =$_POST['e']; if(!empty($e)) { echo '<img src="http://www.gbamedica...ebayimg/logos/'.$e.'">'; }; ?> Here is a link to the example: http://www.gbamedica...ension_test.php Use "olympus.jpg" for test. I am looking for code that can determine the file type and dynamically add the extension. Can it be done? Hi I'm after a solution to a problem I have. I'm building a small site for charity which the the client wants to email(with a url link) to say 1000 selected companies but only wants them to be able to view the site and register interest and not anyone else or if they forward the mail to a non prefered client? Any help to point me in the right direction would be good thank-you. Hey everyone, I'm pretty new to this, not my full time job, but just something I thought I'd give a shot... I have a database, in postgres, in which I make my query and I go fetch all the info I need. What I need to do next is the tricky part for me. For each line of results received, I have to output to a text file (.txt) but I have to respect a format that was given to me from the person requesting the info. Example: Character 1 must be G or N. Character 2 to to 11 will be a result from my database search, which is a 10 digit string. Character 12 to 14 must be spaces. Another rule is: start at character 78: input a value from my database search but it must not exceed 20 characters and if it is less then 20 character, fill the remaining with spaces. If anyways has a code I can copy and work off of I would really appreciate it....thanks! same with trivago Welcome to www.trivago.com. trivago is available locally: Continue to trivago Australia or Stay on www.trivago.com Hello from the UK! We want to make sure you get to the right place, and noticed you appear to be visiting us from Australia. If you would prefer to visit our Australian site, please just follow the link below. Go to our Australian site comparethemarket.com.auhi professionals I was not sure where to exactly post this as I am not to sure if it is a php question. We are developing a new website for another country and are looking to geo target people with the country in mind for instance if I visit comparethemarket .com or comparethemarket uk from here in Australia a pop up window appears saying the following I am wondering if it's possible to get some data from another website via PHP? I would like to get data from website http://www.gamersfirst.com/warrock/?q=Player&nickname=soldier, and the exact data which I need is "Level" which is in this case 2. Can this value be grabbed and if it can, where can I get some info about how to do it? Hi, I have a challenging dilema. A client keeps track of his stock using a microsoft access database in store. His ecommerce website which is hosted elsewhere uses php and mysql. Is it possible to to integrate the 2 so that when someone buys a product from the website, the store MS access database is updated to reflect this and vice versa? If so how would I go about it? Thanks in advance. P.S: I'm extremely tempted to suggest that he should stop using his ms access db and instead reccommend that I set him up a suitable backend on his website for keeping stock control, then he just login to that in the store. Hey guys, total newb when it comes to php. any help here would be much apreciated, what i am trying to achieve is to allow a person to upload a jpg image that he wants displayed on a dynamic flash site, but seeing as the flash is looking for xx.jpg, is it possible that any jpg file he uploads , say its called golf.jpg, is automatically uploaded/renamed to xx.jpg ? so i dont have to get him to rename the files before uploading. i attempted to understand a short tutorial on doing this but failed, here is what code i used. ( i added that rename line, looking at it now sorta seems like a really lame attempt lol ) Code: [Select] <?php $target = "upload/"; $target = $target . basename( $_FILES['uploaded']['name']) ; $ok=1; rename ("*.jpg", "xx.jpg"); //This is our size condition if ($uploaded_size > 350000) { echo "Your file is too large.<br>"; $ok=0; } //This is our limit file type condition if ($uploaded_type =="text/php") { echo "No PHP files<br>"; $ok=0; } //Here we check that $ok was not set to 0 by an error if ($ok==0) { Echo "Sorry your file was not uploaded"; } //If everything is ok we try to upload it else { if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else { echo "Sorry, there was a problem uploading your file."; } } ?> <body> <form enctype="multipart/form-data" action="upload.php" method="POST"> Please choose a file: <input name="uploaded" type="file" /><br /> <input type="submit" value="Upload" /> </form> cheers I need to add these lines to my .htaccess file via PHP Code: [Select] RewriteCond %{REQUEST_URI} checkout RewriteRule ^(.*)$ https://myurl.com/checkout/$1 [R,L] RIGHT after this line: Code: [Select] RewriteBase / AND before this line: Code: [Select] RewriteCond %{REQUEST_FILENAME} !-f This is how the current file looks w/o the new line addition: Code: [Select] RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.+)$ index.php [L,QSA] It needs to look like this when the new lines are added(extra line breaks not necessary): Code: [Select] RewriteBase / RewriteCond %{REQUEST_URI} checkout RewriteRule ^(.*)$ https://myurl.com/checkout/$1 [R,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.+)$ index.php [L,QSA] The line numbers may not match up, so I cannot use the line number. I am following along in a PHP, MySQL book and the way they clear session variables is by: Code: [Select] session_start(); session_unset(); session_destroy(); They clear session variables like that in that exact order. My question is that this apparently clears ALL session variables for the browser in use. Every website I have visited when you click a LOGOUT button ONLY logs you out of their specific site and DOES NOT seem to clear ALL session variables as this would log you out of any other websites that you might be logged into with that same browser. So, I went to the PHP website and found out that instead of using the session_unset () function you can clear individual session variables using the unset ($_SESSION['varname']) function. Is this a good way of clearing session variables ONLY for a PARTICULAR website and NOT clearing session variables for the WHOLE browser? If so, would I then NOT use the session_destroy () function after clearing each individual session variable specific to that ONE website using unset ($_SESSION['varname'])? Thank you in advance! When I use require('../config.php'); It does not works on my machine but it works on shared hosting Can someone help me what must be the issue? Thanks in advance CSJakharia if (!file_exists('../images/flags/imNum.txt')) { $file1 = fopen('../images/flags/imNum.txt','c'); fclose($file1); } why won't that work =\ it makes no sense to me The root directory:
header.php
stylesheet.css
In the following example I am trying to include the header.php file in a sub folder.
When I include the header.php like in the following example then the stylesheet.css file will not work anymo
<?php
include("../header.php");
?>
The stylesheet.css file is included in the head tags of the header.php file.
Is the above example the right way to do it? If yes, how can I do it so the stylesheet.css file will work too.
This topic has been moved to HTML Help. http://www.phpfreaks.com/forums/index.php?topic=308625.0 I upload an image and put every information inside $_SESSION['tmp'] and $_SESSION['path'] then once user click on button then i use move_uploaded_file($_SESSION['tmp'],$_SESSION['path']) but file uploaded not appeared in my upload folder, and again i try to echo everything but all information still kept well in $_SESSION is there something missing here? thanks |
|||||||