How is it possible to run an ftp server, using php? - php

I would like to host az FTP server on: mywebsite.domain/ftpserver.php
The XAMPP server runs on my computer.
The php is important, because I would like to authenticate the users using their passwords in the mysql database, and their directory's name is also stored in the database.
Or if there is a free ftp server, then how could I create ftp users from the php?

I know that this question is some years old, but for my opinion, the accepted answer is not correct.
You can omit the webserver (XAMPP / Apache) and run a PHP script from command line. This PHP scripts can listen to a tcp port (e. g. port 22, https://www.php.net/manual/en/function.socket-listen.php) and so it can receive (FTP) requests directly from a client. You will reach the server via mywebsite.domain. mywebsite.domain/yourscript.php is not necessary because PHP will listen directly to the given port.
But there's a big backdraw: You have to implement the complete FTP protocol by yourself in PHP. And that's a quite big task and you have to know what you do.

This can not easily be done. PHP works, almost always, with a webserver, serving HTTP and HTTPS request, not FTP requests. You could configure it to answer to FTP requests on port 22, as said in the other answer, but then you still have to process all the FTP requests.
A second point would be; Why FTP? You can serve files with the HTTP and HTTPS protocol as well. The only limitation is that users cannot use a custom client, they have to use a browser.

Related

Why do local test servers open a "save file" dialog?

I have been trying to develop web pages locally (in Windows 10) and running in my local browser (chrome, vivaldi). Right now I have 3 different ways to run simple servers locally: php's built in server, python's http.server module, and vscode's LiveServer. When I run the php server, I can execute php code properly, as one would expect. But calling php urls using the other two, I get a "Save File" dialog! Where is that coming from? Instead of a simple "not found" I get the dialog. So I have two questions: (1) Why am I getting the save file dialog? (2) Is it possible to process php files using LiveServer or python's http.server module (which I don't expect can ever support php)
if the save dialog is being shown it's cause the server can't interpret php code. You have to check these servers configs to check their integration with PHP (if they they can do that).
Good questions. Erick has answered the 1st one. I'll just elaborate more on it and then answer the 2nd one.
Why do you get save file dialog?
At a high level, a web server is serving files. When serving HTML/CSS/JS files to the browser, life is easy. Your browser understands HTML/CSS/JS and knows how to render it for the user. If your browser was sent unprocessed PHP file (assuming that file was present), the browser won't know what to do with <?php .. ?> tags and such. So, the browser offers the user to download the file. Same thing with a zip file. If you went to http://someurl.com/abc.zip, if the webserver found that file under the root of someurl.com, it'll send it to the browser and the browser will offer the user to download it. There's more to it than just that.
So, how does a web server process PHP files? It depends on the web server, but the common thing is that they need help in processing PHP files. Web server is configured to send the request to php.exe or some other system such as PHP-FPM, which processes the file and returns back to the web server to send it to the user. Processing of the file converts echo "<div>$variable</div>"; to clean HTML <div>I am awesome</div>. This processing system (php.exe or PHP-FPM) tag team with web server to serve to the browser what it can render.
Is it possible to cross-render languages?
Yes, you can in multiple ways. One of the common ways is to find the best processing system for the language of choice. For example, PHP can be processed with PHP-FPM running as a service. So, http://someurl.com/test/index.php could run through PHP-FPM. Python may use WSGI and you may choose gunicorn to process Python files. In that case, your webserver can be asked to send python-related directories/subdomains directly to gunicorn (essentially a proxy).
Reverse proxy
Let's say you have multiple sites with multiple language needs.
http://py.someurl.com serves Python/Django
http://someurl.com serves straight HTML
http://ph.someurl.com services PHP
http://js.someurl.com is powered by NodeJS
py.someurl.com could run on the server using gunicorn web server (or other wsgi-friendly servers) on port 8000. Node could be serving using Express web server on port 9000.
You could run NGINX server that serves straight HTML and also serves ph.someurl.com by sending requests to PHP-FPM service. It can also be configured to take all requests to js.someurl.com and hand it off to http://localhost:9000 where Node will service the request and send output back to NGINX and NGINX can send the request to the browser. Similarly, requests to py.someurl.com can be sent to localhost:8000 where gunicorn processes the request and sends the request back to NGINX, which forwards the request to the browser.
From a user's perspective, all they know is the NGINX server. All the other things in the background are known to NGINX. NGINX, in that case, serves as a web server and a proxy.

Securely passing database updates to a server outside a vpn

I've spent quite some time now trying to figure out how to pass a few rows from a server inside a SonicWall VPN to a remote VPS cloud server. The server inside the VPN is Microsoft 2003 running SQL Server 2005, the destination server is a CentOS 6 with MySQL. I've been unable to find a way for the CentOS to easily and securely access the MSSql server from outside the VPN. I have extremely limited knowledge of SonicWall or other firewalls in general and I really don't want to open the door to security risks. So in light of this I've come up with the following solution:
1) A scheduled PHP script extracts the rows and encrypts them in AES-256 inside a password protected excel file
2) The script then uploads the excel file to my remote server using FTP
3) The remote server, having the same encryption keys, decrypts the file and uploads the rows to the MySQL database.
Two questions:
1) Is this a safe method of moving sensitive data from one server to another?
2) Is there an easier way to access the data that I have not thought of?
You're involving FTP and files for what is essentially a system-to-system transfer which can result in trouble due to file locks and just looks ugly.
A better approach would be to have the remote CentOS box expose a port / web service that is exposed by HTTPS which requires client side authentication :
Your script retrieves the rows from some source
The script converts the rows to a form the server can read
The script calls the port exposed by the client, this is an outgoing connection so should be easier to get outside the VPN (based on the fact that getting an FTP connection outside the VPN is possible)
The script verifies the server side certificate and provides it's own client side certificate and transmits the rows over SSL
The CentOS host receives the rows and processes them as required.
With your current approach you will need to secure the FTP connection somehow, to do so securely will require both the service and client to authenticate themselves to one another and SSL does most of the heavy lifting in that regard in terms of connection negotiation and protocol flow.

run .exe file from web application

I have application called unistat installed on my pc. I want to pass an argument from a web page and retrieve output from that program.
Is this possible?
How i can connect the website based on PHP to a remote desktop? ask to run .exe file by passing data and send output to specific location?
In order to access your local machine from the remote server, you're going to have to open up your router configuration settings and port forward all incoming port 80 traffic to your local web server's IP.
On your local machine, install PHP and set up an endpoint that runs the exec command, calling the .exe you wish to run.
You'd be wise to put this behind an authentication system, as it will be exposed to the www.
On the remote site, just fire a request off to the local machine's endpoint and the exec command will be run. Of course, if you have a dynamic IP, it's going to require constant maintenance.
See the following link about setting up custom protocols on Windows:
https://support.shotgunsoftware.com/entries/86754-launching-external-applications-using-custom-protocols-rock-instead-of-http
The idea would be that your web site could direct the browser to a special URL, i.e. unistat://my-data-goes-here and the application would be triggered with this data.
edit: better, MSDN link on the subject. http://msdn.microsoft.com/en-us/library/ie/aa767914(v=vs.85).aspx
edit2: Just realized you want to pipe the output from the EXE back to the webserver.... You may be better off building a browser extension. That, or writing a wrapper around unistat which can trap the output and submit it to a web service.

Write transparent HTTP Proxy script in PHP

Is there an easy forwarding/transparent php proxy script that I can host on my web server? These are my conditions:
I'm using free web hosting, so I have pretty much no control over my machine. Otherwise I could use Perl's HTTP::Proxy module. This means no root password. It does run php though.
I already have a server running on port 80. What I mean is I would like to put a php script as index.php on my server that will forward all requests.
I don't want a script like PHProxy or Glype where I go to the site, then enter a URL. I want a server so I can enter proxy.example.com:80 in Firefox's or IE's or whatever's proxy settings and it will forward all requests to the server.
Preferably (though not fatal if not possible) I would like for it to pass on the USER_AGENT environmental variable (That's the browser) instead of setting itself to be the USER_AGENT
I can't start a new Daemon. My server won't allow it.
Is there a script that will do this? If so, which?
No, I'm fairly sure this is not possible on shared hosting. It will fail your condition number 3. This needs support on web server level (e.g. using Apache's mod_proxy)
For this to work, you would have to set up the remote server to be able to deal with proxied requests. No sane web server will offer that possibility.

Creating a file on another server using PHP file functionality

I have a script on my one server and I want that script to create a file on another server of mine using PHP, NOT VIA FTP?
There are many ways to do this. I'd pick the first one myself because it's easiest to set up:
If you have PHP+Apache on another server, just call some script on the other server using file_get_contents with http URL as filename or use cURL if you need to POST file contents as well.
If the servers are in same network (LAN, VPN) you can use Windows shares/Samba or NFS to mount a remote directory to you local filesystem and simply write to file directly using fopen/fwrite functions
Use SSH via SCP or SFTP
PHP allows sending files across SSH - see the ssh2* family of functions, in particular ssh2_scp_send and ssh2_scp_recv.
I've never used them myself, but the infrastructure is there in Linux, just like SMB in Windows.
In general, FTP is the only regularly and easily available way (in PHP) to create a file on another server.
There are of course other protocols that enable you to create a file, but they all require installation of software on either one or both servers:
Samba (would enable access to the remote server through an absolute file path)
WebDaV (PHP client libraries available)
SCP (Finding a PHP client is probably going to be hard)
If both servers run PHP, it's probably the easiest to set up a PHP script on the remote server that accepts file data trough POST, and writes it out to a local file. Not a perfect solution, though, due to the limits usually imposed on POST uploads.
You could always use DAV, but it might require some configuration on the receiving server. There is also SSHFS, which lets you easily mount the remote directory locally over a SSH tunnel, or just use the ssh2_* family of functions as Andy Shellam suggested.
Really, there are lots of ways to accomplish this.

Categories