PHP - Allow User To Download From Site Securely ?

Hello,

I am trying to implement a remember me feature on my site, but am having problems doing so securely.  I would like the cookies that remember your info to be sent securely over ssl, but the problem is all of my pages are http.  I do not want to force everyone to be https because it is not needed.  Is there a way to tell php to check for the cookies via ssl even though the page request was http?

Thank you!
weee

I have users becoming members and allowed them to upload their own photos. But when they try to upload 5MB photos, it takes time to upload the photo, and sometimes server gives a timeout error.

I have searched and found javascripts that uploads to the server but I have noticed that it has security problems.

So how do you let users to upload photos ?

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=348558.0

Hey,

I know this questions get asked a lot but here is a different version of it.

What is a simple and secure method for storing data/passwords? I know there is a lot of debate in this subject but I run a browser game off my server and just want the data to be encrypted.

is this good enough or is this easy to crack?

Code: [Select]

<?php
 $password = 'abcdefg';
 $salt = 'whateversecrethash';
 $pw_hash = md5($salt.$password);
?>


or I just found this tutorial is this up to date and actually a good method?
http://webhole.net/2010/10/30/php-password-encryption-with-salt/

create table mimi (mimiId int(11) not null, mimiBody varchar(255) );
<?php
//connecting to database
include_once ('conn.php');
$sql ="SELECT mimiId, mimiBody FROM mimi";

$result = mysqli_query($conn, $sql );

$mimi = mysqli_fetch_assoc($result);

$mimiId ='<span>No: '.$mimi['mimiId'].'</span>';

$mimiBody ='<p class="leading text-justify">'.$mimi['mimiBody'].'</p>';
?>
//what is next?

i want to download pdf or text document after clicking button or link how to do that

the code im running is
Code: [Select]
$result = mysql_query("SELECT count(*) FROM slinks where approval='1'"); 
$do = mysql_fetch_row($result); 
$random = mt_rand(0,$do[0] - 1); 
$result = mysql_query("SELECT * FROM slinks LIMIT $random, 1");  The above is finished off into a iframe
Code: [Select]
<iframe src="<?php while ($row = mysql_fetch_array($result)){ print $row["url"];}?> "frameborder="0" width="100%" height="100%" name="surfing"id="dframe"></iframe>resulting in a random site loaded ever time the php file is ran
now all i need to figure out with a little help from the great users at phpfreaks is how i can get the random site to only be ran one time per user.

example
click = randomsite1.com
click = randomsite2.com
click = randomsite3.com
click = randomsite4.com
click = randomsite5.com
click = randomsite5.com = <--SKIP done been called so lets move along
click = randomsite6.com


I guess somehow im going to have to store the urls that are loaded into a variable and compare the variable to the the random site to make sure we dont get a match.
then again i guess i would have to some how figure out how to store the data per unique user as well .

Any suggestions would be greatly appreciated

I have had a load of people who are silly enought to forget their username and or password so wish to add in the option for them to save their details in a cookie, and break my number one rule, never to use them!!!

can anyone suggest how i can do this so it is stored safely like most websites do it.

Hi all,   I'm working on a hobby project to improve my skills and learn PHP and MySQL. Don't know if this is the right place to ask this question, so please let me know if it isn't.   I already created a single user site. It has a simple PHP login and after login information (like personal information and messages) is pulled from the database and shown. The personal information is stored in a table called settings and the messages are stored in a table called messages.   I like to go to the next level and create a multi-user login, but I have no idea were to start. I think I have to switch to another login type were both PHP and MySQL are used. How has the database be designed? Can I use the same structure as in the single user site I created? How can the right (belonging to the user) information be retrieved from the database?   Thanks in advance !    

I've got a site that requires the user to follow a well-defined workflow, corresponding to a sequence of pages. You'll have the right idea if you think of a store where the user selects items, then chooses a delivery method, then pays (although the site's actual purpose is somewhat different than that).

I just tracked down a puzzling logical failu a user followed the workflow up to a certain point, then opened a new browser window, pointed it to the site, and started a second workflow. The site stores information about the user's activities in session variables, and the two windows shared a single session, so the site got tremendously confused about what the user was doing.

Given the site's design, visiting the site in two windows at once is a legitimate thing for a user to do. I'm darned if I see how I can accommodate it, though.

Other designers must have dealt with this problem many times. What ways of solving it have been found effective?

In this case, the simplest and most effective solution would be to create a new session for each window in which the user visits the site. Is there any way to do that?

Basically I would like to place a link on my website and have the user download a file, but rather than just right clicking and choosing save target as, the link must be clicked, on the next page the file is fetched and then the client can download the file. How would I go about setting this up please?

When the download appears the link that is produced doesn't show the actual download either, so users can't leech of it.

Thanks

I have made a Php program that downloads an Inno setup installation file for installing a program. However, if I for one or another reason want to make a new download of the same Inno setup installation file, the previous file will still be found in the Download folder. Each of the downloads get a number in parenthesis, setup(1), setup(2), setup(3) etc. However, I wondered if it is posible to erase the previous file in the same process as I download a new one, so that however many downloads I do, there will all the time only be one occurence of this file in the Download folder.

The download code is as follows:

$exe = "Inno script/Test_setup.exe";
	header("Content-Type: application/octet-stream"); 
	header("Content-Disposition: attachment; filename=\"Test_setup.exe\""); 
	header("Content-Length: " . filesize($exe)); 
	readfile($exe); 

Thanks in advance.

Sincerely

 

hi,

i have made a website where people resgister their details of them and products.

they have to enter the following details in form

Name of company

name of the product

company address

email id 

password 

mobile number contact

and 

brief details about their company 

after filling all details user is registered on website.

user can then login with email id and pwd.

now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.

thanks in advance .

I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others.

FIRST THE ONE script the member logges in here to the one table in MSQL:
<?php
   session_start();
   
   require_once('config.php');
   
   $errmsg_arr = array();
   
   $errflag = false;
   
   $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
   if(!$link) {
      die('Failed to connect to server: ' . mysql_error());
   }
   
   $db = mysql_select_db(DB_DATABASE);
   if(!$db) {
      die("Unable to select database");
   }
   
   function clean($str) {
      $str = @trim($str);
      if(get_magic_quotes_gpc()) {
         $str = stripslashes($str);
      }
      return mysql_real_escape_string($str);
   }
   
   $login = clean($_POST['login']);
   $password = clean($_POST['password']);
   
   if($login == '') {
      $errmsg_arr[] = 'Login ID missing';
      $errflag = true;
   }
   if($password == '') {
      $errmsg_arr[] = 'Password missing';
      $errflag = true;
   }
   
   if($errflag) {
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
      session_write_close();
      header("location: login-form.php");
      exit();
   }
   
   $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
   $result=mysql_query($qry);
   
   if($result) {
      if(mysql_num_rows($result) == 1) {
         session_regenerate_id();
         $member = mysql_fetch_assoc($result);
         $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
         $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
         $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
         session_write_close();
         header("location: member-index.php");
         exit();
      }else {
         header("location: login-failed.php");
         exit();
      }
   }else {
      die("Query failed");
   }
?>

................................................. ................................
Now I need the person who logged in to the table above to be able to make multiple entries to the table below

<?
$ID=$_POST['ID'];
$title=$_POST['title'];
$cost=$_POST['cost'];
$activity=$_POST['activity'];
$ayear=$_POST['aday'];
$aday=$_POST['ayear'];
$seats=$_POST['special'];
$special=$_POST['seats'];
mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error());
mysql_select_db("xxxx") or die(mysql_error());
mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')");
Print "Your information has been successfully added to the database!"
?>
Click <a href="member-profile.php">HERE</a> to return to the main menu
  <?php      
?>

Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after

Hi,

so far I have managed to set up a somewhat basic login website with a mysql database backend.

Once they have logged on they go to a "main menu" page.

What I need to define is that user A sees button A but only that button, etc.

(Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login).

If anyone has any tutorials or sample code I would much appreciate it.

Thanks,