If I use blob with a relative path I would use something like this:
$files = glob("../uploads/*");
If I want to check if another website (but in the same hosting account) has the files, can I use this?:
$files = glob("http://myothersite.com/uploads/*");
I also want to know if it is possible to delete files in another domain, like the example above but using:
unlink("http://myotherwebsite.com/uploads/file.jpg");
EDIT:
Thinking about it, if I want to delete files in another domain, I would have to create a webservice or something with the proper validation so it knows the deletion is being requested by a safe source.
For example a php file that receives GET or POST parameters to know what file will be removed, then do the unlink() process. But that function, for obvious reasons, does not work from foreign apps.
First thing. I assume you talk about glob() function and not blob(). If so please correct your question.
If website is at the same hosting account, you probably may navigate to other paths in your account.
Let's assume you have files inside:
/home/yourname/site1
/home/yourname/site2
/home/yourname/site3
Then you can simple use glob('/home/yourname/site3'); when you run it at your site1 url. You simple don't need to use urls firm glob() and in fact you can't:
Note: This function will not work on remote files as the file to be examined must be accessible via the server's filesystem.
Related
I have files in a directory, "w", and I want to have those same files accessible from a different directory.
I have a MediaWiki installation in the directory 'w', creating a short url to link to the url 'wiki'. I have the files in the 'w' directory but it can be accessed from http://example.com/wiki. I want to have a second wiki entirely with the url format of http://example.com/second-wiki.
Since MediaWiki uses the content of files from a database the code never actually needs to change, even the LocalSettings.php. I set up a database system, modified the MediaWiki system, and created multi wiki support in a single database, by using a database table with input information such as the url to use. Or even use the same files and add a localsettings.php file to a directory 'w2' but use everything else from the original directory, 'w'. Is this possible? Preferably using .htaccess, or some other equally easy to edit. I don't want any changes to php configuration though.
I believe this may help...... - it is a simple redirect done in PHP so it is easy to edit later, etc.
I'll work with the fact you have a 'w' directory accessed by http://example.com/wiki and you want to access that through http://example.com/second-wiki (where 'magic' will be done to actually open the other URL).
In the 'w2' folder, make an index.php file with the following contents:
<?php
header("Location: ../w");
// NOTE: you may need to make that w/index.php or other pointer
exit();
Now, any time you access http://example.com/second-wiki, you will actually see http://example.com/wiki
Simple and easy to change later if you need to!
Not sure from the question that this is the solution (it fits the topic and some of the question text, though the question text does 'jump around' a bit...) - if it isn't, please rephrase the question to be more clear on just what you are looking for (in one place you say "the code never actually needs to change, even the LocalSettings.php" - then in another you talk about needing separate settings.....) - however, if you are looking for the 'simplest' (IMHO) way to make multiple URLs point to the same folder, this is the way to go - pure PHP and easy to mod later!
I am very curious on how to make a site built using php and mysql. When i try to retrieve username from mysql how can i format it like this, very similar to facebook or twitter (note: i am not making social networking site here, i just like the idea and i think it is very helpful)..
mydomain.com/username
at first, i thought i should make a sub-directory to all the usernames.. but wait, what if i have tons of usernames in the database how can i make directories in each usernames? so i think somebody might help me here..
or like on a blog.. how can i make the title of the post like this:
mydomain.com/title-of-the-post
i'm new to php..
you can freely edit this question if this is ambiguous or not easy to understand i just can't find the exact word for this..
You need a router [e.g. klein], and to apply the Front Controller Pattern in order to route all incoming requests to the entrance of your application.
No directory nor filesystem should be involved at all.
You write a PHP routine to parse the URL.
So that the URL reaches the PHP routine, you make all /username, /title-of-post etc point to this routine using .htaccess - typically directing all traffic for anything that doesn't exist as a file or directory to your index.php file.
I have a site complete with CMS etc all working under one domain name. It turns out for legal reasons one page on this site has to sit on a different domain name. The page is hooked into the same CMS as the rest of the site (built using codeigniter). I don't want to have to do another installation just for this page.
Is there any simple way to display just this page under a different domain name without taking it out of the current application?
Thanks a lot
You should look at either (in order):
an include()with correct php.ini configuration
a file_get_content() and printing the variable into your page
an <iframe src="yoururl"> wich would be the easy peasy but unsafe way
using the on-purprose curllibrary
using fopen() wich theorically allows distant files to be opened, but based on my experience, it's not that reliable
Look at this site, it seems rather exhaustive regarding your problem.
Try including the file
<?php include 'http://www.domain.com/url/to/file/page.html' ?>
I think what you need here is a symlink, which is something I don't know too much about. My understanding is that the path displayed to the user does not in fact have to have anything to do with where the file is actually stored, meaning you can set this up to have a completely different URL while keeping it as part of your original application.
A simpler thing is doing a redirect...it's one line of code in your .htaccess file and you're good to go.
include is a possible solution depending on the format of the remote page (ie, this won't work very well if the remote page has a full DOM structure, and you're trying to include the remote page within the DOM structure of your CMS page), however more information about that remote page would be needed to help determine if include() alone would be enough.
Regardless, if include() does, work, you must make sure allow_url_include in php.ini is enabled, as by default script execution will terminate when encoutering a remote URL include statement.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I am using a GoDaddy web hosting plan on a Windows platform. This was not my choice -- it has to do with a different part of the actual site using ASP.NET (also not my choice).
I have a SQL database with a bunch of entries with some non-sensitive customer information. The primary key on this is an AutoIncrement integer, and I have a series of PDF files that match up with each of those integers (e.g. 555.pdf, 7891.pdf, etc).
My goal is to restrict direct access to these files, I want users to have to go through a search and login process (PHP) first. Originally I planned to put the files above the PUBLIC_HTML folder, but GoDaddy refuses to give me root access without a dedicated server ($20 a month from them).
The next thing I looked into was HTACCESS. I was going to restrict access to the files to only PHP scripts by only allowing access to the Server's IP Address (or localhost/127.0.0.1). Unfortunately this doesn't work because GoDaddy does not run Apache on its Windows servers.
I could put the files into BLOBs in the database, but that gets really messy when I need to work with them quickly (plus I have had some trouble with that approach).
Any suggestions to restrict access to the files only to a PHP script (readfile())?
Since you can't put the files anywhere but in your public_html directory, you'll have to go for the feared/hated "security by obscurity" method
Create a randomly named sub-directory to store the files in: public_html/RANDOMGARBAGE
Make sure the directory is not browseable. Disable directory browsing (if you can), and put a default document (index.html?) in there as well, so even if browsing is on, you won't get the directory listing.
Don't store your files with guessable names. Instead of storing them with the database ID, store them with a salted+hashed name instead: $crypted_filename = sha1($real_filename . 'some hard-to-guess salt text'); (of course, make this more complex if you need to). Store the original filename in your database. So you end up with something like:
public_html/RANDOMGARBAGE/5bf1fd927dfb8679496a2e6cf00cbe50c1c87145
public_html/RANDOMGARBAGE/7ec1f0eb9119d48eb6a3176ca47380c6496304c8
Serve up the files via a PHP script - never link to the hashed filename directly
Download
which then does:
<?php
$fileID = (int)$_GET['fileID'];
$crypted_file = sha1($fileID . 'some hard-to-guess salt text');
$full_path = 'public_html/RANDOMGARBAGE/' . $crypted_file;
if (is_readable($full_path)) {
if(user_is_allowed_to_see_this_file()) {
/// send file to user with readfile()
header("Content-disposition: attachment; filename=$ORIGINAL_FILENAME");
readfile($full_path);
} else {
die("Permission denied");
}
} else {
/// handle problems here
die("Uh-oh. Can't find/read file");
}
This way the user will never see what your "s00per seekrit" filename is, they'll just see their browser hit ...php?fileID=37 and start a download of secret file.pdf
On top of this, you can occasionally rename the special sub-directory to something else on a regular basis, as well as change the salt text (which then requires you update all the hashed filenames with the new sha1 values).
You can simply hide them. It's security-through-obscurity, but it sounds like your best option if you can't either keep them out of the web-root, or find a way to tell the server not to serve them directly.
So stick them in some randomly-named directory:
asd8b8asd8327bh/123.pdf
asd8b8asd8327bh/124.pdf
asd8b8asd8327bh/125.pdf
...
Then write yourself a little PHP script that will send appropriate headers, and pass the file contents through.
for example:
<?PHP
//pdf.php
$id = $_GET['id'];
//make sure nobody is doing anything sneaky. is_numeric() might do the trick if the IDs are always integers.
if (!some_validation_passes($id)){
die();
}
<?php
header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename="'.$id.'.pdf"');
readfile('asd8b8asd8327bh'.$id.'pdf');
Now, the above is really no better than just serving the files directly (yet), since people can still increment the id parameter in the query string.
But you ought to be able to figure out how to handle authorization pretty easily.
Because PHP uses the web server user's permissions, there is no way to restrict access to the files without either:
Placing them outside the DOCROOT
Changing the web server configuration to disallow access to those files
Changing the file so it will be interpreted by the web server, thus hiding its contents
Putting them in a database counts as outside the DOCROOT. For the third option, you could make the PDFs PHP files, but honestly, that would be pretty convoluted.
I recommend you contact GoDaddy and see if they have some way to configure per-directory file permissions.
Make a folder web inaccessable via chmod. PHP will still be able to include/require whatever is on the server, but users will not be able to navigate to the files ever.
Example:
This is set to 770, IE User and Group can Read/Write/Execute, Other can do nothing.
Ok so this is my situation...a web application in PHP uses a "config" file for various parameters. This config file is nothing but a php file, say config.php with a global array of the form
$config['param_name'] = 'param_value';
$config['param_name2'] = 'param_value2';
Now I am currently writing an admin app that I want to use to control the main app. One of the things I want the admin app to be able to do is change the config values. So my use case will be something like change the value through an html form element and it should change the config.php replacing the value of the corresponding array index.
This is obviously not specific to php; but I'd love to hear some ideas on how one would go about editing this file. Any ideas?
Thanks!
I have another suggestion: have the configuration parameters sit in a database. Have your admin console work on the database instead.
If you are worried about performance, use APC to cache the parameters.
This way, you can add this configuration database to your other database backup procedure you have already in place.
I would suggest moving all configurable options out of the PHP file and into an external storage (INI file, database, xml, anything). Then you can initialize all the variables you read from the external file in your application's bootstrap file
Another option is to modify the PHP configuration file so it reads its information from an easy-to-access format like YAML.
That way the config file could be accessed by just about any language. A good alternative if you don't want yo use a database.