I'm working on a website that will have a simple image gallery page and I want to use PHP to create a file uploader instead of manually embedding all the images into my HTML. I am wondering if it is possible to make this for one single user (so that the whole world cannot upload stuff) and if it is possible without creating a login for that one user.
If you are only planning on posting from one place, and security isn't your top concern (you just want to limit so not everyone can post), you could always set the form to only show up for your external IP address.
You can get the IP address in php using:
$_SERVER['REMOTE_ADDR']
You can find your external IP at whatismyip.com
It is possible, but definitely not that secure. You could for example append a parameter to the URL: site.com/?mode=admin or request a password before doing the upload or something like this.
But as I said, according to the security, it is not a good idea.
Related
My question seems to be similar to others here in SO, I have try a few but it doesn't seem to work in my case...
I have develop a site in which you have to fill up a form and then it returns a PDF file that you can download or print, this file is saved so you can retrieve it later
public_html
|_index.php
|_<files>
| |_file_001.pdf
| |_file_002.pdf
|_<asstes> ....etc
that is how my files and folders look on the server, anyone can easily guess other files, .com/folder/file_00X.pdf, where X can be change for any other number and get access to the file... the user after finish with the form the script returns a url .com/file/file_001.pdf so he/she can click on it to download...
a year ago I did something similar an script to generate PDF's but in that case the user needed the email and a code that was sent via email in order to generate the PDF and the PDF's are generated on demand not saved like in this case...
Is there a way to protect this files as they are right now?
or, do I have to make it a little bit more hard to guess?
something like.
.com/files/HASH(MD5)(MICROTIME)/file_(MICROTIME)_001.pdf
and save the file and folder name in the DB for easy access via admin panel, the user will have to get the full URL via email...
Any ideas would be greatly appreciated.
For full security i would move the PDFs out of the public folder and have ascript in charge of delivering the content. If the form is filled correctly, you can generate a temporary hash and store that hash and the pdf path in the database. That way the user will have access to the file as a link through the retriever script, but you will control for how long he will have that link available.
Imagine the temporary link being http://yourdomain/get_pdf/THIS_IS_THE_HASH
Move the PDF's to some non-public folder (that your web server has access to but the public does not). Or you can use .htaccess to restrict access to the pdf's in their current location.
Write a php script that returns the correct pdf based on some passed in http variable.
You can secure/restrict this any way that you want to.
For example, one answer suggested using a temporary hash.
Other options for restricting access:
Store in the user's session that they submit the form and have a download pending, that way no one could direct link.
Check the referrer header. If it is a direct request then do not serve the file.
Here is a code example using the last option:
$hash_or_other_identifier = $_REQUEST["SomeVariable"];
if (!$_SERVER["HTTP_REFERER"])
{
//dont serve the file
} else {
//lookup the file path using the $hash_or_other_identifier
$pdfFile = somelogic($hash_or_other_identifier);
//serve the correct pdf
die(file_get_contents($pdfFile));
}
I don't even think that keeping the file name secret is a very big deal if all you are worried about is people typing it into the URL bar because you can simply check if it is a direct link or not. If you are also worried about bots or clever people who will create a link that points to your file so it looks like a referrer, then you will need to add stricter checks. For example, you can verify that the referrer is your own site. Of course headers can be spoofed so it all just depends how bulletproof it needs to be.
The url would be something like: http://yourdomain/pdf?SomeVariable=12345
However, you don't have to use an http variable. You can also use a url fragment with the same result, eg: http://yourdomain/pdf/12345
General guidelines:
File is not in the directory that's accessible via HTTP
Use a database or any other storage to link up file location with an identifier (an auto incremented number, guid, hash, whatever you deem fit). The location of the file could be in the server's file system or on a shared network location etc.
Instead of hashes, it's also practical to encrypt the ID generated by the database, base64 encode it and provide it back - that makes it nearly impossible to guess the valid string that one needs to send back in order to refer to a file
Use a PHP script that delivers the file if user authentication passes (in case you need authenticated users to be able to retrieve the file)
I've developed a web application in PHP and MySQL. One part of the system I've been putting on hold for a while now, is allowing my users to create a simple form inside my application, and once they're done, copy and paste some code which I generate into their existing remote websites (IE: Contact Form) where this form should appear.
When visitors to their site enter their data into that "contact form" or whatever they've created, it should save the info into my application database where the users will be able to access it. It must be unobtrusive.
Is there anyone who can give me a good starting point on how to achieve this?
Im a little confused on what youre asking. Are you asking if there is a way to automatically copy the generated form to the clipboard, or how you set the form up to allow it to post data back to your own server?
If its the former, Bradley above pretty much explained it. If its the latter, then there are a couple of ways that you can go about doing it.
If you want it to submit the form without actually redirecting back to your own site, then you need to submit the form via AJAX (read XMLHttpRequest, or the $.ajax() function if youre using jQuery). The only problem here is that it violates the same origin policy since youd be submitting from a different domain. To fix this, you need to setup your webserver to allow cross domain requests so that it'll actually work.
JavaScript cannot access the clipboard to save (copy) text to memory. A general way around this is to use an invisible flash movie and place it over an input button so that 'clicking' the button triggers the flash script, which can utilize the clipboard.
I've used ZeroClipBoard in the past to do this, and I believe some of the syntax highlighting plugins out there use it as well.
http://code.google.com/p/zeroclipboard/
I'm looking to make a simple PHP microsite that allows the download of one of my bands tracks in exchange for an email address. I know I could use Bandcamp but I want to do it myself ;)
I found a microsite from a band I like that does exactly what I want so I tried to pick it to pieces. The site is http://threetrappedtigers.heroku.com. This site basically gets you to enter your email address which it then must put in a database (unless it finds a match for that email address in the DB).
You can then view the download button and downloads the file without revealing the source url of the file. The href for that button is "download/" leading me to assume that there is an index.php in the download directory, which must require some sort of session id (presumably set up when submitting your email) to stop people linking directly to it. However the file also does some work that I don't know about in order to obscure the link.
The other aspect I don't understand is that on the page where the email is inputted there is a hidden input that submits a random authenticity_token when submitting the email address. I can't quite work out why that is necessary either.
Apologies for this horribly specific question but I've been trying to work it out all morning and can't quite get my head around.
Thanks,
Rich
What you can do is this:
User enters an email address
Verify (or not, depends on your wishes) by sending an email with a link that contains a token. i.e.: http://myawesomband.com/downloadtrack.php?token=asd#%$dhj123
downloadtrack.php validates the token and loads the sample track with file_get_contents() and offers it as a download (see specific headers on the php.net site)
The advantage is that the user doesn't know where the file is located (it is best if you place the sample track outside of the webroot.
[EDIT]
For your hidden input field token: This might be used to confuse bots and other scripts that will only post the 'email' field in large quantities. If the token isn't sent and doesn't match the $_SESSION['token'] value the request isn't handled. This works because scripts that do these kinds of attack generally don't accept cookies so their $_SESSION array is never reloaded.
you can have a look at this as it does what you want, either use cake or take some ideas
http://book.cakephp.org/view/1094/Media-Views
https://github.com/cakephp/cakephp/blob/master/cake/libs/view/media.php
you can see in the render() function its mostly about setting the correct header
I want my files to be secure in my web server. Only authenticated users to access those files should be able to access those files. I thought of storing files in database as "Long BLOB" but it supports only upto 2MB of data. The file size may exceed beyond 50MB. is there any other better way to secure the files? please help me.thanks in advance.
Don't store them in a database. Put them in your web directory and secure them using .htaccess.
If you want to authenticate via other means, then store the files in a directory that isn't web-accessible but is readable by the user php runs as.
Discussion
If you opt to keep high value downloadable content files directly on the filesystem, the best thing to do is to keep them outside of the webroot.
Then, your application will have to solve the problem of creating URLs (url encoding when necessary) for content (PDF's, Word Docs, Songs, etc..).
Generally, this can be achieved by using a query to retrieve the file path, then using the file path to send content to the user (with header() etc ..) when he or she clicks on an anchor (all of this without the user ever seeing the true, server side file path).
If you do not want user A sharing URLs for high value downloadable content to user B, then your application must somehow make the links exclusively tied to user A. What can be done? Where should I start?
Obviously, you want to make sure user A is logged in during a session before he or she can download a file. What is not so obvious is how to prevent a logged in user B from using a URL sent from user A (to user B) to download A's digital content.
Using $_SESSION to store the logged in user's ID (numerical, or string) and making that part of the eventual query (assuming content is tied to user purchases or something) will prevent a logged in user B from downloading things they have not purchased, but you will still incur the resource hit for processing the SQL empty set for items they have not purchased. This sounds like a good step two.
What about step one? Is there something that can prevent the need to do a query to begin with?
Well, let us see. In HTML forms, one might use a XSRF token in a hidden field to verify that a submitted form actually originated from the web server that receives the POST/GET request. One token is used for the entire form.
Given a page of user specific things to download (anchors), one could embed a single token (the same token, but different per page request) into each anchor's href attribute in the form of a query string parameter and store a copy of this token in $_SESSION.
Now, when a logged in user B attempts to use a logged in user A's shared URL, the whole thing fails because user A and user B have different sessions (or, no session at all), and thus different tokens. In other words, "My link is the same as yours, but different." Anchors would be tied to the session, not just to the page, user, or content.
With that system in place, PHP can determine if a request for content is valid without getting the database involved (by comparing the submitted token to the one in $_SESSION). What is more, a time limit can be established in $_SESSION to limit the duration/lifetime of a valid XSRF token. Just use the time() function and basic math. Sixty minutes might be an ideal token lifetime for an anchor in this situation. Have the user login again if the token for a clicked anchor has expired.
Summary
If you use files on a filesystem and store the paths in the database, make sure you do the following (at minimum), too.
Apply proper file permissions to your content directory (outside of webroot).
Use random names for uploaded files.
Check for duplicate file names before saving a file from an upload.
Only logged in users should be able to download high value content.
Have an effective $_SESSION system that deters session fixation.
Make URLs for high value downloadable content unique per page by using hashed XSRF tokens.
XSRF tokens cover more scenarios when they have a terminal life time.
Make SQL queries for user content based on the logged in user's ID, not the product exclusively.
Filter and validate all user input.
Use prepared statements with SQL queries.
A few options come to mind.
If you are using Apache you can use htaccess to password protect directories. (first googled link : http://www.javascriptkit.com/howto/htaccess3.shtml)
or
Store the files above the web server.
Create a script in php that will allow authorised users to access them.
If you want to do it Via FTP, and you are running cpanel you may be able to create new ftp accounts. check yourdomain.com/cpanel to determine if you have it installed.
Storing files in DB is very bad practice. Very good practice to store only information about file. Name, extension. Files save on server like $id.$ext. It will be a good architecture. And when user download file, he take file with name in DB.Sorry for my english.
The best way is to store the file reference in Database. The file itself will be stored in the server filesystem. The complexity of this is making sure there is reference integrity between the database file reference and the existing file in the server filesystem. Some database such as sql server 2008 have feature that maintain the integrity of the file references to the actual file itself.
Other than that securing the file itself in the server depends on the OS where permissions can be configured to the specific folder where the file reside.
If the files are purely static you could use read-only or WORM media to store the data files or indeed run the complete web server from a "LiveCD". It's certainly not suited to everyone's needs but for limited cases where the integrity of the data is paramount it works.
Downloadable files can be stored in htaccess protected folder/s. A script like the one below can be used to generate dynamic links for downloadable files.
for ex. Secure download links. http://codecanyon.net/item/secure-download-links/309295
Well, I encountered this new term in programming. What is it? How does it works and how to use it? Can somebody illustrate in php?
I have a website, full flash. That site is for signup, enter username and email. The button is in flash.
An user visit my site, www.domain.com/index.php?var=string
Can I use pixel tracking method to pass this URL variable($var) to another php page (email subscibe processing php page) together with username and email from Flash/AS3??
The more common term is Web bug: an invisible (i.e. 1x1 transparent pixel) image embedded in a web page or email, with its URL containing parameter data. When the page/email is displayed, it will load the image, thereby causing a request containing the parameter data on the server, which can then do things with that data.
Edit: I don't think the technique would work for what you want to do, since it sounds like the username and email address are entered into the flash app only after the page is fully loaded and displayed, i.e. after the request generated by a hypothetical web bug has already been sent. Can't you make the request to your signup page from the Flash code? Then all you need to do is somehow pass the URL parameter to the Flash app. I think that should be possible.
Is there anything wrong with simply passing your information via querystring from your Flash application to the PHP script?
If its just username and email then I don't think you need to do anything more than that.
Is there a reason you want to use this pixel tracking other than to simply learn how to do it?