Hey there so I have sent in a support ticket to go daddy but they aren't being very helpful. In an admin panel for one of my client's websites there is an AJAX image uploader. Normally I don't work with Go Daddy and the script has always worked just fine with other hosts. However this client has forced me into dealing with Go Daddy's mess of a system and I am having trouble getting the AJAX image uploader to work.
The problem seems to be that the $_SERVER['HTTP_X_FILENAME'] is simply not defined, even when a file is posted to PHP using an HTTP request.
In my PHP code I have the following line to grab the file name:
$fn = (isset($_SERVER['HTTP_X_FILENAME']) ? $_SERVER['HTTP_X_FILENAME'] : false);
And on Go Daddy it returns false. Also if I print_r($_SERVER); HTTP_X_FILENAME isn't even defined.
I have checked permissions and everything has the correct permisssions. I have checked the error log and no error is being generated. I have checked the php.ini and file uploads is enabled with a 32mb max (way bigger than any file i'v tested with)
I have no idea where to look now as my google searches have come up with nothing. (And server admin really isn't my forte)
any help would be much appreciated.
thanks!!
Ok, I got this working. Not sure how you manage saving files on pw when using admin. Do they got saved directly to assets/files/id/ folder or is there tmp somewhere?
// We check if it is image upload
$filename = (isset($_SERVER['HTTP_X_FILENAME']) ? $_SERVER['HTTP_X_FILENAME'] : false);
if ($filename) {
$this->message("It is a file coming!");
file_put_contents(
'C:/Temp/' . $filename,
file_get_contents('php://input')
);
} else {
if(!$this->isAjaxPost) throw new WireException("This functionality may only be accessed from AJAX POST at present");
// etc etc...
}
And now I am able to save my files to C:/Temp/. Not sure about the best way to handle this from this situation? Save it to temp folder and use regular pw API and save the file? Or save it right to assets/files/id/ folder and then use API? I can easily send more data (like field name) as a http headers.
If we save it directly to right place (probably safe since this is admin usage), how I get the right path? $config->paths->files->3242 or something like that?
Related
I am using Birt 4.5 and PHP/MYSQL.
I am able to run birt reports with php. I have enabled tomcat and copied 'birt-runtime-4_5_0/WebViewerExample' to tomcat/webapps and renamed it to birt.
So I can run birt viewer with php;
<?php
$fname = "report/test.rptdesign&__showtitle=false";
$dest = "http://localhost:8081/birt/frameset?__report=";
$dest .= $fname;
header("Location: $dest" );
?>
Above code is working fine. But report connectstring already saved in test.rptdesign file.
I want to remove DB login credentials from test.rptdesign file and assign it while report open with PHP.
I have tried with report parameters. But all the parameters will display on browser address-bar.
Is there any secure way to do this? This is very important when we need to change the database location. It is very hard to change the data source of each and every .rptdesign file.
Thank You,
Supun
I don't believe using report parameters to handle a database connection is the right way. In addition to the address-bar problem you mentionned, it will cause unexpected issues: for example you won't be able to use this database to feed the dataset of another report parameter.
With Tomcat the best approach is to externalize the database connection in a connection pool: easy, robust, and reports might run significantly faster.
Alternatively the datasource can be externalized in a BIRT library (.rptlibrary) and shared across all report-designs: thus only the library needs to be updated when the database location is changing.
I agree with Dominique that sending the database parameters via the query is most likely an inappropriate solution - and you've not given any explanation of whether this is a requirement of the system.
But it is quite trivial to proxy the request via PHP and decorate the URL with the required parameters, something like...
<?php
$_GET['__showtitle']=$_GET['__showtitle'] ? $_GET['__showtitle'] : 'false';
$_GET['__report']=$fname; // NB this should be NULL in your code!
$_GET['dbuser']='a_db_user';
$_GET['passwd']='s3cr3t';
$qry=http_build_query($_GET);
$url="http://localhost:8081/birt/frameset?" . $qry;
// if its simply returning HTML, then just....
$fin=fopen($url, 'r');
while ($l=fgets($fin)) {
print $l;
}
exit;
If the returned content contains relative links the you'll need to rewrite the output stream. If the content type is unusual or you want to project other headers (e.g. for caching) to the browser, then you'll need to use Curl, capture the headers and relay them.
This is how I call the editor:
new nicEditor({
buttonList : ['bold','italic','underline','upload'],
iconsPath:'img/nicedit.png',
uploadURI : 'http://server.com/integracion/files/nicUpload.php'
}).panelInstance(textareaId);
And the .php file exists ( and I the one in the Docs, and I updated the target paths )
/* I want them here http://server.com/integracion/files/uploads/ so... */
define('NICUPLOAD_PATH', './uploads'); // Set the path (relative or absolute) to
// the directory to save image files
define('NICUPLOAD_URI', '/uploads'); // Set the URL (relative or absolute) to
// the directory defined above
But I on response when upload completes (and of corse an alert from nicedit..)
<script>
try {
top.nicUploadButton.statusCb({"error":"Invalid Upload ID"});
} catch(e) { alert(e.message); }
</script>
what am I missing?
-EDIT
I think the problem might be in the php file:
$id = $_POST['APC_UPLOAD_PROGRESS']; /* APC is installed and enabled */
if(empty($id)) {
$id = $_GET['id'];
}
FINAL EDIT:
I have managed to make this work!
Here is an working example:
http://simplestudio.rs/yard/nicedit/
Uploaded images are going to be stored here:
http://simplestudio.rs/yard/nicedit/images/
And here is the whole code, just unpack it and put on your server, mainly I needed to adjust nicEdit.js because it had some issues.
http://simplestudio.rs/yard/nicedit/nicedit.rar
Just make your code with that js file and by looking at my example, it will work :)
Also you need to have php APC installed so that this script can work:
http://php.net/manual/en/apc.installation.php
If you by any mean have some problems I am here to solve it.
I will not delete this example on my server so that everybody who have this issue can freely download it...
The code responsible for image upload is the method uploadFile, it is looking for uploadURI option parameter.
You will need to modify onUploaded event handler to parse your custom response instead of the imgur's one (sample). By default it expects at least {"upload": { "links": {"original": "http://..."}, "image": {"width": "123" } }}.
I'm sorry but I can't help with the FormData() handling server side with PHP.
For more information you can try out the demo page on the nicEdit web site using Firebug or WebInspector to snoop the network requests, and, of course, the source code.
I have created a test module name Mytest. While saving values from the module, I am getting a blank page and it saying "Sorry! Attempt to access restricted file. " . Do anyone know, why this happening. Any help on this is really appreciating.
The most likely cause for the vTiger error “Sorry! Attempt to access restricted file.” is the $root_directory value in the ‘config.inc.php’ is incorrect or misspelled.
In order to correct it follow the steps below:
Go to your vTigerCRM directory
Open “config.inc.php” with your favorite text editor
Go to line 86 and adjust $root_directory value to correct vTiger
directory. Note, that the directory must end with /. It should look
something like this – $root_directory = ‘/var/www/vtigercrm/’;
Also there is a problem with cache memory. So do check your cache file for template files. For that go to your vTigerCRM directory.
Then Go to Smarty->templates_c.
Here you will get list of cache files. Delete this file and check weather your problem is solved or not.
Don't worry about deletion of this file.
When trying to include files from your custom module, you will get these messages because Vtiger thinks you are including these files from a location they find rather unsafe.
To avoid this error you could use the standard way a module is used in Vtiger by navigating to it like so: ......./index.php?module=Mytest&action=index. Vtiger will include your module and now there is no need for you to include CRMEntity and other data or utils related files. It should all be available this way but make sure you are using the global statement for $current_user, $current_module etc though.
Another way is to edit the following functions located in utils/CommonUtils.php:
heckFileAccessForInclusion() and checkFileAccess()
Remove or comment out the die() in these functions to fix it.
In Save.php file, just add a line.
$focus->column_fields['assigned_user_id'] = '';
before the
if($_REQUEST['assigntype'] == 'U') {
$focus->column_fields['assigned_user_id'] = $_REQUEST['assigned_user_id'];
} elseif($_REQUEST['assigntype'] == 'T') {
$focus->column_fields['assigned_user_id'] = $_REQUEST['assigned_group_id'];
}
To second what caspersky said:
Go to /include/database/PearDatabase.php and add
$adb->setDebug(true); right after $adb->connect();
I just wrote a module and received this error and it was because the record could not save because I left out:
$moduleInstance->setEntityIdentifier($fieldInstance);
Check out file permissions and file path it's trying to refer.
If you want to debug more set $adb->setDebug(true) in your index file and checkout for the errors.
A couple of things spring to mind:
Have you actually created the modules/CustomeModule directory and populated
it? (Using the template in vtlib/ModuleDir/5.4.0 and then editing the
filenames and class of CustomeModule.php)
Check the case of your module class definition, e.g. class CustomeModule
vs. class Customemodule
If you are using any version control or symlinks in the development
of your modules/Mytest code then this can trigger the "Sorry! Attempt
to access restricted file." messages.
In module setup script make sure you have added this lines.
$module->initTables();
$module->initWebservice();
Check that all language files exist.
The user module allows the admin user to configure a user's language even though the language file is not present on disk.
To quickly verify this is indeed the issue :-
- Edit the include/utils/CommonUtils.php and print the $realfilepath variable ,and comment out the die();
- In the database, "select distinct language from xxx_users";
You can fix this by downloading the required files.
As a quick fix (read:hack):-
- go to the include/language directory
- copy an existing language file as the required one. (may not always work - for example en_us to en_gb is great, but en_us to sp_es is not)
It seems you did not set write permission for Smarty folder
Probably a file is missing in your vtiger install.
To find out which one is mission you would need to edit the include/utils/CommonUtils.php file. Open it with a text editor, go around line 2755 and add the following
echo “REAL: $realfilepath, ROOT: $rootdirpath”;
Before die(Sorry....)
This would print on the screen which one is the missing file.
Sometimes this error is caused by an nonexistent module, what I mean here is that vtiger thinks you have a module but the files are not in there (might be caused by a bad migration to a new server).
Disable some modules and try again until you find which module is broken.
In my case the broken module was VGS.
I solved this on vtiger 7.3.. (maybe it works for other vesion)
I went to users permission on vtiger inside configuration settings and update tham all again with the same settings .. and got them to a more default settings .. them all users appeared back and I was able to create new users ..change password again.
I suggest logging out and maybe forcing refresh and waiting a little to make it work .
I have a script that displays images based on certain conditions. When none of the conditions are met, I want to randomly display one of the standard (backup) images. Those other images are on a remote server. I have read that you can't read a directory on a remote server, which makes sense.
Is my best bet to place a file into the remote server's image directory that outputs all of the image file names so I can parse it with the other server? Is there an easier way?
I prefer not to use FTP (http://php.net/manual/en/book.ftp.php).
What are my options for basically just getting the names of the images in that folder?
Thanks,
Ryan
UPDATE:
#mario's answer is lightweight and works like a charm. It is exactly the solution I thought I wanted, but after thinking about it some more, and reading that even #mario would do it differently, I decided to go with #bensiu's answer, because to me, control and security are more important than convenience. With #mario's method, it's very hard to know if the data you're getting is any good (lack of control) and you're exposing your directory / some server information (security). #bensiu's suggestion involves a second file (inconvenience), but provides the control and security I'm ultimately deciding to go with!
Thank you both!
-Ryan
I would prefer an exact and dedicated handler script like #bensiu pointed out.
But an alternative would be to read out a directory listing. A simple Apache generated mod_index listing would be sufficient for:
$html = file_get_contents("http://example.com/images/");
preg_match_all('/<a href="([-\w\d.]+\.(jpeg|png|gif))"/', $html, $uu);
$files = $uu[1];
I hope you at least have access to remote server...
You can place there script "A" that will do the job locally, return list of images in preffered format ( raw text, JSON, XML... ), and this script will be remotly called by curl form your server....
It also wise to make sure that when you call script "A" you at least passing some secret key to prevent unathorised access (not perfect solution but could be enought)
if you have PHP5 and the HTTP stream wrapper enabled on your server, it's very easy and simple to copy it to a local file:
copy('http://somedomain.com/file.jpeg', '/tmp/file.jpeg');
ome hosts disable copy() function then you can make your own -
<?php
function copyemz($file1,$file2){
$contentx =#file_get_contents($file1);
$openedfile = fopen($file2, "w");
fwrite($openedfile, $contentx);
fclose($openedfile);
if ($contentx === FALSE) {
$status=false;
}else $status=true;
return $status;
}
?>
Can I programmatically upload a file to the server (without client's interference) ? I know this is not possible in normal (.html) files. Is there anyway I can do it from .hta file? or any server side or plug-gin solution?
from an HTA, you can use the shell object to run commands just as if you were running from the command line - including FTP - but of course you'll need FTP credentials. since you said you'll be able to hardcode the files to be uploaded, i assume you have full access...
var shell = new ActiveXObject('wscript.shell');
var params = // this should be a string of ftp commands, like OPEN ftp.example.com USER PASS CWD somedir PUT c:\whatever.txt BYE
shell.run("%comspec% /c ftp.exe -i -s:" + params, 1, true);
Short answer is no.
It may be possible on some machines using a signed java applet - but from the wording of the question, that's going to be a very long juorney for you.
Based on your last comment, you might atleast need the user to load a web page. So based on an onload function, you can use an ajax hidden form to submit whatever files that you'd want to.
But getting information from your user without their knowledge might put you in a legal situation.
Good luck!!