My website contains some download content. I want to access download this file only for logged in user.
If user type direct file url in browser it show forbidden page if user not logged in. Am not using any CMS.
Direct File Link: localhost/files/questions/20160917070900-w2CdE9LZpE.zip
I searched on net but failed to find any good answer. Please suggest me how can I do it.
Into folder members create new folder files, move here all your songs, create new .htaccess file and add the following lines:
Order Deny,Allow
Deny from all
Into folder members create file get_file.php and add the following code:
if( !empty( $_GET['name'] ) )
{
// check if user is logged
if( is_logged() )
{
$file_name = preg_replace( '#[^-\w]#', '', $_GET['name'] );
$question_file = "{$_SERVER['DOCUMENT_ROOT']}/files/questions/{$file_name}.zip";
if( file_exists( $question_file ) )
{
header( 'Cache-Control: public' );
header( 'Content-Description: File Transfer' );
header( "Content-Disposition: attachment; filename={$question_file}" );
header( 'Content-Type: application/zip' );
header( 'Content-Transfer-Encoding: binary' );
readfile( $question_file );
exit;
}
}
}
die( "ERROR: invalid song or you don't have permissions to download it." );
URL to get the file: localhost/get_file.php?name=file_name
Put the files you want to protect in a separate directory and add an .htaccess file with the following:
Order deny,allow
Deny from all
The server and scripts that accesses files in this directory will still work but direct access by url will not.
Related
I am using an index.php file to include the header, navigation and footer on all pages on my site, however I have an issue with my php which is showing all pages within the pages folder at once, rather than just showing the page I'm currently on.
Here is the PHP I am using, any advice would be appreciated!
<?php
$files = scandir( __DIR__ . '/pages' );
unset( $files[0] );
unset( $files[1] );
foreach($files as $file){
include __DIR__ . '/pages/' . $file;
}
?>
Then just remove the whole script and use <?php include('yourDesiredfile.php'); ?> for the files you would like to include.
I'm trying to delete a given file from a directory using PHP. Here is the code I've tried:
// Get the file name
$id = '61514';
// Get the folder path
$uploads_folder_dir = 'some/dir';
// Check if the directory exists
if ( ! file_exists( $uploads_folder_dir ) )
return false;
// Open the directory
if ( $dir = opendir( $uploads_folder_dir ) ) {
// Loop through each file in the directory
while ( false !== ( $file = readdir( $dir ) ) ) {
// Target the file to be deleted and delete. All files in folder are .png
if ( $file == ( $id . '.png' ) )
#unlink( $uploads_folder_dir . '/' . $file );
}
}
// Housekeeping
closedir( $dir );
#rmdir( $uploads_folder_dir );
Each time I run the code, the particular file I'm trying to delete is not deleted.
My guess is when I'm looping through the directory, my logic to find the file isn't working. I can confirm that file 61514.png is definitely in directory some/dir
Hoping someone can spot where I'm going wrong here?
First debug your file path is ok or not just by printing whole file path like
// Target the file to be deleted and delete. All files in folder are .png
if ( $file == ( $id . '.png' ) ){
echo $uploads_folder_dir . '/' . $file; die;
#unlink( $uploads_folder_dir . '/' . $file );
}
}
Why do you loop through the files? This one would be much easier:
// Get the file name
$id = '61514';
// Get the folder path
$uploads_folder_dir = 'some/dir';
// Check if the directory exists
if ( ! file_exists( $uploads_folder_dir ) )
return false;
unlink("$uploads_folder_dir/$id.png");
// Housekeeping
#rmdir( $uploads_folder_dir );
#unlink -> use unlink and if you don't see permission denied problem, the file and "dir" should be removed.
Months ago, I have placed a 301 redirect rule in my .htaccess file to redirect all the www request to a non-www request.
The problem is two days ago, when I tried to access my example.net site using www.example.net I get the following warnings in the page and website is not loaded.
http://i.stack.imgur.com/nXBMF.png
Here are the corresponding lines:
1. Plugin.php Line 647 = if ( strpos( $file, $realdir ) === 0 ){
Full function:
/**
* Gets the basename of a plugin.
*
* This method extracts the name of a plugin from its filename.
*
* #since 1.5.0
*
* #param string $file The filename of plugin.
* #return string The name of a plugin.
*/
function plugin_basename( $file ) {
global $wp_plugin_paths;
foreach ( $wp_plugin_paths as $dir => $realdir ) {
if ( strpos( $file, $realdir ) === 0 ) { /** LINE 646 */
$file = $dir . substr( $file, strlen( $realdir ) );
}
}
$file = wp_normalize_path( $file );
$plugin_dir = wp_normalize_path( WP_PLUGIN_DIR );
$mu_plugin_dir = wp_normalize_path( WPMU_PLUGIN_DIR );
$file = preg_replace('#^' . preg_quote($plugin_dir, '#') . '/|^' . preg_quote($mu_plugin_dir, '#') . '/#','',$file); // get relative path from plugins dir
$file = trim($file, '/');
return $file;
}
2. Pluggable.php Line 1178 = header("Location: $location", true, $status);
Full file: http://pastebin.com/0zMJZxV0
I use WordPress only to write some articles. My PHP knowledge is very basic and limited only to locate errors.
Please help me figure out the problem with this. As I have read from the Codex FAQ, they say that empty strings may be a culprit for the pluggable.php error. But I have no idea how to locate it and I have attached the file for your reference.
Please provide your suggestions to avoid this error in the future. Thanks in advance.
3. EDIT - wp setting file: (the error line - include_once( $plugin ); )
// Load active plugins.
foreach ( wp_get_active_and_valid_plugins() as $plugin ) {
wp_register_plugin_realpath( $plugin );
include_once( $plugin );
}
unset( $plugin );
The issue with the header information has been discussed in here: Cannot modify header information error in Wordpress. Could you give this a try and see whether this solves this part of your problem?.
On the other issue:
try var_dump ($file) (for instance -- or echo $file ) to see what they actually contain.
Check your configuration path of plugins :
var_dump($wp_plugin_paths);
You've got an error because $realdir is empty.
I'm stuck and I was hoping somebody here could help me.
I want to create a link to a file in a php script (the file is actually an image, a .tif image). I have Google d this relentlessly, to no avail.
The firewall is blocking external connections but I am running this query on a machine that mimics an internal connection. I currently use this machine to allow external user to run queries that hit the internal database so I know this works…
For instance this part works just fine:
$result = pg_query($conn, $query);
while($row=pg_fetch_assoc($result))
{
echo "<p>image details:<br />image: <u>" . $row['field'] . "</u> image date: <u>" . $row['field'] . "</u> image path: <u>" . $row['filename'] . "</u></p>";
The part of the query that I want to turn into a link is the $row[‘filename’], which is returned as
//host\path\path\path\path\path\path\path.TIF
… but now I want access to certain files associated with those queries. I want to turn this filename into a url that, when put into a link, goes to this file and opens it:
$imageURL = $row['filename'];
echo "<p>Using imageURL: <a href='$imageURL' border='0' target='_blank'>Click Here</a></p>";
Maybe this isn't possible.
I just can't seem to figure out how to fetch the image.
I do not have imagemagick or imagick and I don't want to go that route. Thanks in advance for any help.
EDIT
The machine I am running the query on is http://webapps.example.com
The machine I am querying (where the image resides) is not - the image path I am trying to return (as a link) is //hostipaddress\path\path\path\path\path\path\filename.TIF
You can use a proxy page which you can link to normally which does the job of rendering the image.
Let's call the proxy page readimage.php and it takes the filename or path as an argument.
Your link would look something like this:
<?php
$imageURL = $row['filename'];
echo "<p>Using imageURL: <a href='readimage.php?image=$imageURL' border='0' target='_blank'>Click Here</a></p>";
?>
readimage.php
<?php
$img = isset( $_GET['image'] ) ? $_GET['image'] : null;
if ( !$img )
return;
// Build internal file path
//$filepath = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'myimages' . DIRECTORY_SEPARATOR . $img;
$filepath = $img;
//==========================
// VERY IMPORTANT TO WHITELIST THE PATH OR RESULT to make sure you're not showing unintended data
//==========================
if ( file_exists( $filepath ) ) {
// Find mime type
$mime = '';
// Try using the fileinfo functions. Requires PHP >= 5.3 and PECL 1.0
if ( function_exists( 'finfo' ) ) {
$finfo = new finfo( FILEINFO_MIME ); // return mime type ala mimetype extension
/* get mime-type for a specific file */
$mime = $finfo->file( $filepath );
}
// No mime yet? Try to use the deprecated mime_content_type() function
if ( !$mime && function_exists( 'mime_content_type' ) ) {
$mime = mime_content_type( $filepath );
}
// Not yet? Fallback to extensions :(
if ( !$mime ) {
$ext = pathinfo( $filepath, PATHINFO_EXTENSION );
switch ( $ext ) {
case "jpg" :
case "jpeg" :
case "jpe" :
$mime = "image/jpg";
break;
case "png" :
case "gif" :
case "bmp" :
case "tiff" :
$mime = "image/" . strtolower( $ext );
break;
}
}
if ( $mime ) {
header( 'Content-type: ' . $mime );
readfile( $filepath );
}
}
?>
If you can have a proxy address that would allow you to send request outside, you could do it using curl.
** update 2
Image from curl
Save image from url with curl PHP
Curl behind a proxy:
curl_setopt($ch, CURLOPT_PROXY, "http://to.the.proxy.address");
curl_setopt($ch, CURLOPT_PROXYPORT, 8080);
curl_setopt ($ch, CURLOPT_PROXYUSERPWD, "your password");
I am making a member's management database. I want to put all the members pictures above the site root so that they wont be able to be accessed via a url but I want to show the picture of the member on the member profile. I am using php. How can I do that?! Thanks!
You could create a php file that reads the file based on some input parameters, and at the same time decide on some conditions whether the visitor is allowed to view the file.
Something like this (simplified example):
<?php
// presuming this file is in the root of your site
// define some directory where the actual images are
$dir = realpath( dirname( __FILE__ ) . '/../profile-images' );
// presuming this file is called with something like
// image.php?profileImage=fireeyedboy.jpg
if( isset( $_GET[ 'profileImage' ] ) )
{
// strip all possible redundant paths
// you should probably sanitize even more (check valid extensions etc.)
$profileImage = basename( $_GET[ 'profileImage' ] );
if( $someConditionsThatVisitorIsAllowedToViewThisImageAreMet )
{
// presuming mime type jpeg for now
header( 'Content-Type: image/jpeg' );
readfile( $dir . '/' . $profileImage );
exit();
}
else
{
// conditions are not met, dish out HTTP/1.1 403 Forbidden header
header( 'HTTP/1.1 403 Forbidden', true );
exit();
}
}