PHP - How To Load Files From Webpage Protected By Htaccess?

I have a function to read terms from an array stored in language file as
Code: [Select]
function _language($term) {
include('fr.php');
if(!empty($lang[$term])) {
$lterm=$lang[$term];
} else { $lterm = $term;}
return $lterm;
}
The problem is that I get the language code from url as ?lang=en or ?lang=fr; but I cannot bring this string into the function. How I can tell the function to read appropriate language file (fr.php or en.php or es.php) upon choosing language in ?lang=XX

hello!

in my header.php file i have the following line of code: Code: [Select]
<link rel="stylesheet" href="<?php echo $pageCSS; ?>">
in the document proper, i have the following at the top of the page: Code: [Select]
<?php $pageCSS="_css/compare.css"; ?>
this works as expected and it's clean and neat.  what i want to know is how i can adapt this to pass MULTIPLE  JavaScript files through it.  would it be best to pass an array of files and then step through the array?  would be nice to be able to pass a simple comma-delimited list.  any help would be appreciated.

WR!

I've recently made a profile system for my site, and I'm not sure if it's injectable.

I tried doing

Code: [Select]
REMOVED/index.php?page=profile&player=select * from members where username = srbuckey5266

Does this mean I'm good? It didn't work.

I've been meaning to move on to OOP for a while now that I've grasped the concept of OOP in java quite well and I'm doing good so far in PHP OOP. One question that I have floating around though is: When would protected be of any use? I understand what protected does, it's just I don't see how it could ever stop an error from happening.

Is there an example for how it would be able to stop an interference from occurring?

If i declare protected variable in a class how can i access those variable in other class inheriting that class?

Can anyone post example code?

If you use htaccess to restrict a directory can you still use the include function to include a file from that directory?

Hi,

I have built a registration and login system for a website, part of which I wish to protect certain pages.

The registration systems works well, as does the login BUT I am having difficulty with the next stage.

How do I then 'capture' the username and password that were entered by the user and get the PHP page I want to protect to check that these are valid? I guess it is a piece of code I need to put in the top of the protected page?

Here is the final piece of code (which then includes a link to the page I want to protect) from the login page which includes session_register, but then how can I use this information in the page I wish to protect?

//Now if everything is correct let's finish his/her/its login
session_register("username", $username);
session_register("password", $password);

echo "Welcome, ".$username." please continue onto our ".$sub." membership area...<a href=".$index.">click here</a>";
}


Thanks,
Simon

Hello all, i am go9090go.
Today i made a domains for a jar file people can upload from my website.
I made this to make the jar file close source and its easy to update.
Now i made a java classloader and everything i made works.
The classloader call a php document with the password and username.
The pass and name will be checked inside a databse and if its inside i use
header() to load the jar file.

But when i just go to my main domain i get the index of the site and people can easly download the jar file without have to walk thru the php pass checker.
So i want to place the jar file inside a protected folder,and i want that only way you get acces to this jar is by the php file. How can i get a file from a protected folder?

here is the php used when the jar file is not inside a protected folder:

<?php

$DBName = "name";//name database        
$DBUser = "name";//user        
$DBPassword = "pass"; //passs
$DBHost = "host"; //might be different
         
mysql_connect($DBHost, $DBUser, $DBPassword);
        mysql_select_db($DBName);

        $username = $_GET['username'];
        $password = $_GET['password'];

$IP = $_SERVER['REMOTE_ADDR'];
    
$string = "Java";
$pos = strpos($agent, $string);    
if (!strpos($_SERVER['HTTP_USER_AGENT'], "Java")) 
{        
echo("Your Auth has been banned for trying to breach security.");        
//mysql_query("delete from users where username='$username'");
exit();    
}

$query = "select * from users where name='$username' and pass='$password'";
        mysql_query($query);
        $num = mysql_affected_rows();
if ($num > 0) 
{
header('Location:script/Script.jar');
}

?>


now i want to use the header to a file inside a folder that is protected :



so how can i make the header() methode to open script.jar inside a protected folder.
The folder haves name and pass: blabla,balbla for exempel

thanks for help

Hello:

I wanted to see if I can make my password protected pages in my admin area, and the login form "more secure."
I was told I should use MD5 / SALTING / HASHING to do this.

I have tried some online tutorials, but am not understanding it, so I wanted to start from what I have and build upon it>

This is my database table storing the myAdmins data (when I initially insert it into the database):
Code: [Select]
CREATE TABLE `myAdmins` (
  `id` int(4) NOT NULL auto_increment,
  `myUserName` varchar(65) NOT NULL default '',
  `myPassword` varchar(65) NOT NULL default '',
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;

INSERT INTO myAdmins VALUES("1","abc","123");

This is the login form I use:
Code: [Select]
<?php

include('../include/myConn.php');
include('include/myAdminNav.php');

session_start();
session_destroy();

$message="";

$Login=$_POST['Login'];
if($Login){
$myUserName=$_POST['myUserName'];
$myPassword=$_POST['myPassword'];

$result=mysql_query("select * from myAdmins where myUserName='$myUserName' and myPassword='$myPassword'");
if(mysql_num_rows($result)!='0'){
session_register("myUserName");
header("location:a_Home.php");
exit;
}else{
$message="<div class=\"myAdminLoginError\">Incorrect Username or Password</div>";
}

}
?>

<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">

<? echo $message; ?>

Username: <input name="myUserName" type="text" id="myUserName" size="40" />
Password: <input name="myPassword" type="password" id="myPassword" size="40" />

<input name="Login" type="submit" id="Login" value="Login" />

</form>



This is the code on top of each page I password protect:
Code: [Select]
<?
session_start();
if(!session_is_registered(myUserName)){
header("location:Login.php");
}
?>

Works well, but can it be "better"??

And, if I am allowing the admin to update his/her username or password, I do it this way:
Code: [Select]
<?php

include('../include/myConn.php');
include('include/myCheckLogin.php');

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$myUserName = mysql_real_escape_string($_POST['myUserName']);
$myPassword = mysql_real_escape_string($_POST['myPassword']);

$sql = "

UPDATE myAdmins
   SET
      myUserName = '$myUserName',
      myPassword = '$myPassword'
  ";
mysql_query($sql) && mysql_affected_rows()

?>

<?php
}

$query=mysql_query("SELECT * FROM myAdmins") or die("Could not get data from db: ".mysql_error());

while($result=mysql_fetch_array($query))

{
  $myUserName=$result['myUserName'];
  $myPassword=$result['myPassword'];
}

?>


<form method="post" action="<?php echo $PHP_SELF;?>">
<input type="hidden" name="POSTBACK" value="EDIT">

Username: <input type="text" size="60" maxlength="60" name="myUserName" value="<?php echo $myUserName; ?>">
Password: <input type="password" size="60" maxlength="60" name="myPassword" value="<?php echo $myPassword; ?>">

<input type="submit" value="Submit" />
         
</form>


Should it be "better" .. ??

I don't seem to understand how to "encrypt" all of this to make it "stronger" ..

Ideas? Improvements?

try {
echo "<br>";
foreach($dbh->query("SELECT * FROM test_shot WHERE sold=1 ORDER BY year ASC") as $row) {
	
						if($row['picture'] != "" && $row['picture'] != null)
						{
						echo "<div class='image-holder'><img src ='".$row['picture']."' width=300px /><br>";  
            			}
						if($row['year'] != "" && $row['year'] != null)
						{
							echo $row['year'];
						}
						if($row['description'] != "" && $row['description'] != null)
						{
							echo $row['description'];
						}
						if($row['sold'] == 1) {
							echo "<img src='images/sold1.png'><br>";//Add your image code here
							}
							elseif ($row['sold'] == 0) {
							
							echo "</div><br>";
						}
					}

	}	

catch (PDOException $e) {
  print $e->getMessage();
}

?>

 

Hello everyone:

I wanted to see how I can make a simple login page (user name and password) that redirects to a page(s) if the login is correct. Also, I wanted to put protection on the page(s) that will send the user back to the login page if the credentials are nor correct.

I would imagine the username/password would be stored in a database table (Admins), and the correct login info would be stored in a session ..?

I am use to doing this with ASP, but never PHP. I want to make sure I understand how to do this properly and securely so I can use this as a model for other systems.

In ASP I would do a protected page like this:
a_login_check.asp
Code: [Select]
<%
if session("admin_user_name") = "" then
session.abandon
response.redirect "login.asp"
end if
%>

Protected-Page.asp
Code: [Select]
<!-- #include file="include/a_check_login.asp" -->
<html>
...
CONTENT

...
</html>

And of course there is the login page itself ...
(I thought it would be nice to add a "Forgot Password" link on the login page, but if that is too complicated I can do that later .. or is it easy ??)

Anyway, can someone point-out to me how to do this.

I would appreciate it!

I'm having a problem and need an answer to why its happening and how to prevent it.

Scenario:

I begin load my home page which starts with a session_start(); .... Before it FULLY completes loading I try to navigate to another page and BOOM, that page will not load and any other page that begins with session_start(); will not load unless I close and restart the entire browser or wait about 10 minutes....

I will note my website makes ajax calls every 5 seconds or so, but I use setTimeout for them.

 

Any help??? Thanks ahead!

So far I have managed to create an upload process which uploads a picture, updates the database on file location and then tries to upload the db a 2nd time to update the Thumbnails file location (i tried updating the thumbnails location in one go and for some reason this causes failure)

But the main problem is that it doesn't upload some files

Here is my upload.php

<?php
include 'dbconnect.php';

$statusMsg = '';

$Title = $conn -> real_escape_string($_POST['Title']) ; 
$BodyText = $conn -> real_escape_string($_POST['ThreadBody']) ; 
	 

// File upload path
$targetDir = "upload/";
$fileName = basename($_FILES["file"]["name"]);
$targetFilePath = $targetDir . $fileName;
$fileType = pathinfo($targetFilePath,PATHINFO_EXTENSION);
$Thumbnail = "upload/Thumbnails/'$fileName'";

if(isset($_POST["submit"]) && !empty($_FILES["file"]["name"])){
    // Allow certain file formats
    $allowTypes = array('jpg','png','jpeg','gif','pdf', "webm", "mp4");
    if(in_array($fileType, $allowTypes)){

        // Upload file to server
        if(move_uploaded_file($_FILES["file"]["tmp_name"], $targetFilePath)){

            // Insert image file name into database
            $insert = $conn->query("INSERT into Threads (Title, ThreadBody, filename) VALUES ('$Title', '$BodyText', '$fileName')");
            if($insert){
               $statusMsg = "The file ".$fileName. " has been uploaded successfully."; 

		$targetFilePathArg = escapeshellarg($targetFilePath);
		$output=null;
		$retval=null;
		 //exec("convert $targetFilePathArg -resize 300x200 ./upload/Thumbnails/'$fileName'", $output, $retval);
		 exec("convert $targetFilePathArg -resize 200x200 $Thumbnail", $output, $retval);
		echo "REturned with status $retval and output:\n" ; 
		if ($retval == null) { 
		echo "Retval is null\n" ;
		echo "Thumbnail equals $Thumbnail\n" ; 
		}

            }else{
                $statusMsg = "File upload failed, please try again.";
            } 
        }else{
            $statusMsg = "Sorry, there was an error uploading your file.";
        }
    }else{
        $statusMsg = 'Sorry, only JPG, JPEG, PNG, GIF, mp4, webm & PDF files are allowed to upload.';
    }
}else{
    $statusMsg = 'Please select a file to upload.';
}

//Update SQL db by setting the thumbnail column to equal $Thumbnail
$update = $conn->query("update Threads set thumbnail = '$Thumbnail' where filename = '$fileName'");
            if($update){
               $statusMsg = "Updated the thumbnail to sql correctly.";
		echo $statusMsg ;  } 
else 
{ echo "\n Failed to update Thumbnail. Thumbnail equals $Thumbnail" ; } 


// Display status message
echo $statusMsg;
?>

And this does work on most files however it is not working on a 9.9mb png file  which is named "test.png" I tested on another 3.3 mb gif file and that failed too?

For some reason it returns the following

Updated the thumbnail to sql correctly.Updated the thumbnail to sql correctly.

Whereas on the files it works on it returns

REturned with status 0 and output: Retval is null Thumbnail equals upload/Thumbnails/'rainbow-trh-stache.gif' Failed to update Thumbnail. Thumbnail equals upload/Thumbnails/'rainbow-trh-stache.gif'The file rainbow-trh-stache.gif has been uploaded successfully.

Any idea on why this is?

Hello


I have a simple question about file handling...


Is it possible to list all files in directories / subdirectories, and then read ALL files in those dirs,
and put the content of their file into an array?

Like this:

array:
[SomePath/test.php] = "All In this php file is being read by a new smart function!";
[SomePath/Weird/hello.txt = "Hello world. This is me and im just trying to get some help!";

and so on, until no further files exists in that rootdir.

All my attempts went totally crazy and none of them works... therefore i need to ask you for help.


Do you have any ideas how to do this?
If so, how can I be able to do it?


Thanks in Advance, pros