I am making a member's management database. I want to put all the members pictures above the site root so that they wont be able to be accessed via a url but I want to show the picture of the member on the member profile. I am using php. How can I do that?! Thanks!
You could create a php file that reads the file based on some input parameters, and at the same time decide on some conditions whether the visitor is allowed to view the file.
Something like this (simplified example):
<?php
// presuming this file is in the root of your site
// define some directory where the actual images are
$dir = realpath( dirname( __FILE__ ) . '/../profile-images' );
// presuming this file is called with something like
// image.php?profileImage=fireeyedboy.jpg
if( isset( $_GET[ 'profileImage' ] ) )
{
// strip all possible redundant paths
// you should probably sanitize even more (check valid extensions etc.)
$profileImage = basename( $_GET[ 'profileImage' ] );
if( $someConditionsThatVisitorIsAllowedToViewThisImageAreMet )
{
// presuming mime type jpeg for now
header( 'Content-Type: image/jpeg' );
readfile( $dir . '/' . $profileImage );
exit();
}
else
{
// conditions are not met, dish out HTTP/1.1 403 Forbidden header
header( 'HTTP/1.1 403 Forbidden', true );
exit();
}
}
Related
My website contains some download content. I want to access download this file only for logged in user.
If user type direct file url in browser it show forbidden page if user not logged in. Am not using any CMS.
Direct File Link: localhost/files/questions/20160917070900-w2CdE9LZpE.zip
I searched on net but failed to find any good answer. Please suggest me how can I do it.
Into folder members create new folder files, move here all your songs, create new .htaccess file and add the following lines:
Order Deny,Allow
Deny from all
Into folder members create file get_file.php and add the following code:
if( !empty( $_GET['name'] ) )
{
// check if user is logged
if( is_logged() )
{
$file_name = preg_replace( '#[^-\w]#', '', $_GET['name'] );
$question_file = "{$_SERVER['DOCUMENT_ROOT']}/files/questions/{$file_name}.zip";
if( file_exists( $question_file ) )
{
header( 'Cache-Control: public' );
header( 'Content-Description: File Transfer' );
header( "Content-Disposition: attachment; filename={$question_file}" );
header( 'Content-Type: application/zip' );
header( 'Content-Transfer-Encoding: binary' );
readfile( $question_file );
exit;
}
}
}
die( "ERROR: invalid song or you don't have permissions to download it." );
URL to get the file: localhost/get_file.php?name=file_name
Put the files you want to protect in a separate directory and add an .htaccess file with the following:
Order deny,allow
Deny from all
The server and scripts that accesses files in this directory will still work but direct access by url will not.
I need to check if a folder exist in an other folder. If not, then a new folder will be created. I canĀ“t seem to get it to work. See code below.
Note: I use TCPDF.
// Create filename
$filnamnet = $id.'_'.$datum.'_'.$fornamn.'_'.$efternamn.'.pdf';
// Folder in iup_pdf
$mapparna_dir = 'iup_pdf/'.$id.'_'.$fornamn.'_'.$efternamn.'_'.$personnummer.'';
// Check if folder exist in iup_pdf
if(!is_dir($mapparna_dir) ) {
mkdir('iup_pdf/'.$id.'_'.$fornamn.'_'.$efternamn.'_'.$personnummer);
}
$pdf->Output(__DIR__ . '/iup_pdf/'.$id.'_'.$fornamn.'_'.$efternamn.'_'.$personnummer.'/'.$filnamnet.'', 'F');
The error states: TCPDF ERROR: Unable to create output file
You might find this of use.
function RecursiveMkdir( $path=NULL, $perm=0644 ) {
if( !file_exists( $path ) ) {
RecursiveMkdir( dirname( $path ) );
mkdir( $path, $perm, TRUE );
clearstatcache();
}
}
I tend to find that the fullpath works best - ie:$_SERVER['DOCUMENT_ROOT'].'/path/elements/to/folder' etc rather than the relative path. Also, is_dir() determines if a file is a directory - perhaps use file_exists as in the function.
if( !file_exists( $mapparna_dir ) ) RecursiveMKdir( $mapparna_dir );
I'm trying to write a code which would create folder based on referer - url which was form submitted from. Something like this:
if( !is_dir($_SERVER['HTTP_REFERER'] . '/gallery/') ) {
mkdir($_SERVER['HTTP_REFERER'] . '/gallery/', 0750, true );
}
Is it possible?
The problem is, that the HTTP_REFERER is a full URL and not a file path. So you have to convert it to a path and strip some problematic characters. Something like this should do the trick:
// convert HTTP_REFERER from a URL to a path
$referer = str_replace('http://'.$_SERVER['HTTP_HOST'].'/', '', $_SERVER['HTTP_REFERER']);
// replace all unwanted characters with underscores
$referer_folder = preg_replace('/[^\w\/]+/', '_', $referer);
// set the absolute dir path
$dir = __DIR__ . '/' . $referer_folder . '/gallery/';
if( !is_dir($dir) ) {
mkdir($dir, 0750, true );
}
Months ago, I have placed a 301 redirect rule in my .htaccess file to redirect all the www request to a non-www request.
The problem is two days ago, when I tried to access my example.net site using www.example.net I get the following warnings in the page and website is not loaded.
http://i.stack.imgur.com/nXBMF.png
Here are the corresponding lines:
1. Plugin.php Line 647 = if ( strpos( $file, $realdir ) === 0 ){
Full function:
/**
* Gets the basename of a plugin.
*
* This method extracts the name of a plugin from its filename.
*
* #since 1.5.0
*
* #param string $file The filename of plugin.
* #return string The name of a plugin.
*/
function plugin_basename( $file ) {
global $wp_plugin_paths;
foreach ( $wp_plugin_paths as $dir => $realdir ) {
if ( strpos( $file, $realdir ) === 0 ) { /** LINE 646 */
$file = $dir . substr( $file, strlen( $realdir ) );
}
}
$file = wp_normalize_path( $file );
$plugin_dir = wp_normalize_path( WP_PLUGIN_DIR );
$mu_plugin_dir = wp_normalize_path( WPMU_PLUGIN_DIR );
$file = preg_replace('#^' . preg_quote($plugin_dir, '#') . '/|^' . preg_quote($mu_plugin_dir, '#') . '/#','',$file); // get relative path from plugins dir
$file = trim($file, '/');
return $file;
}
2. Pluggable.php Line 1178 = header("Location: $location", true, $status);
Full file: http://pastebin.com/0zMJZxV0
I use WordPress only to write some articles. My PHP knowledge is very basic and limited only to locate errors.
Please help me figure out the problem with this. As I have read from the Codex FAQ, they say that empty strings may be a culprit for the pluggable.php error. But I have no idea how to locate it and I have attached the file for your reference.
Please provide your suggestions to avoid this error in the future. Thanks in advance.
3. EDIT - wp setting file: (the error line - include_once( $plugin ); )
// Load active plugins.
foreach ( wp_get_active_and_valid_plugins() as $plugin ) {
wp_register_plugin_realpath( $plugin );
include_once( $plugin );
}
unset( $plugin );
The issue with the header information has been discussed in here: Cannot modify header information error in Wordpress. Could you give this a try and see whether this solves this part of your problem?.
On the other issue:
try var_dump ($file) (for instance -- or echo $file ) to see what they actually contain.
Check your configuration path of plugins :
var_dump($wp_plugin_paths);
You've got an error because $realdir is empty.
$path = realpath( dirname( __FILE__ ) ) . '/Uploads/'; // Upload directory
// Decode content array.
$ContentArray = json_decode( stripslashes( $_POST['content'] ) );
foreach( $ContentArray as $ContentIndividualFilename )
{
echo $path.$ContentIndividualFilename;
// Move uploaded files.
if( copy( $_FILES["files"]["tmp_name"][$ContentIndividualFilename], $path.$ContentIndividualFilename) )
{
}
}
this is wrong $_FILES["files"]["tmp_name"][$ContentIndividualFilename] because i get here through ajax function without page refresh. $ContentIndividualFilename contains filenames of the files.How do i transfer the file to the required folder?