I'm in the process of creating a slideshow Wordpress plugin (although this isn't really a Wordpress question). Through all its various settings, it creates a CSS file through PHP that is used to style the slideshow.
The CSS file is created from all the different styling variables the user has saved to the database and hence the need to dynamically create one.
Problem is that some hosting companies (or shared hosting) cause problems when the PHP tries to save the created file. Generally these are file permission issues. Stopping this file from saving results in the slideshow not appearing correctly and malfunctioning.
Is there anything I can do through PHP as an alternative for users with such file permission issues? As far as I am aware you can modify file permissions and file ownership through PHP but I've personally never done it before and wouldn't really be sure about the right way to go about it yet cover as many different scenarios as possible.
For a lot of users it is simply a case of informing them on how to change the appropriate file permissions, but for the odd few this is completely beyond them and it's not possible for me to log into there FTP and do it for them (often because they wouldn't even know what FTP is).
Can anyone point me in the right direction?
I guess you could have a directory in which you would hold your css file(s) and chmod it to 777 like this in php:
<?php
chmod(dirname(__FILE__) . '/stylesheets', 0777);
?>
The only problem I see here, that a company which denies you access to chmod your files is not that stupid to leave your php that permission... So, why don't you just have a kind of 'gateway'-file which will dynamically grab css values from DB, form a valid css output and serve it to the user?
Your best bet may be:
// Get your values however
$css_values = $database->get_css_values();
// Generate your CSS stylesheet string
$css_string = css_values_to_string($css_values);
// Dump it directly
header('Content-type: text/css');
echo $css_string;
And point to the PHP file as a stylesheet:
<link rel="stylesheet" type="text/css" href="path/to/generator.php" />
While this foregoes the "caching" functionality of dumping to a CSS file, surely you could leverage whatever caching support is available through Wordpress. Likely though, this approach of dynamically generating it every time will not result in bottlenecking (profile anyway, if you're concerned)
Related
For comedic purposes, I took a Wikipedia article, downloaded it, and edited the HTML so as to get the page to say particular amusing things I wanted it to. I want to link the page to other people, so I made an account on 000webhost where I uploaded it.
I made sure to upload the folder with all the resources. I checked the reference in the html and it seems to be going to the right place,
<link rel="stylesheet" href="./index_files/load.php">
but opening the page, I just get it unformatted, like the way it might look on a old phone or when dealing with extremely slow internet speeds.
I assume the error has something to do with the filepath. I tried moving the resources folder (it is, in fact, called index_files) to a couple of different locations (inside "temp", inside "public_html", and also inside the highest level of the directory, "/", which is where "temp" and "public_html" reside. None of them worked.
Just to be clear, when I try opening the webpage from the identical html file on my desktop, it works just fine (except that most of the images won't load).
Any suggestions?
Thanks a ton (I need to have figured this out by Wednesday, preferably)
Disclaimer: I know very little about HTML or CSS
Update: Some of the images (which wouldn't load from the file on my hard drive) are in fact loading when I use the link
I have a quick question if anyone could help. I am building a CMS for a client where they can log in, and change content (including pictures via upload file form) that are all stored in a database.
My question.. I have been researching, and everywhere says I need to store the image files outside the root folder. Is this necessary in my case if only a few people will be uploading files, inside an admin panel, where they must first log in to the site? I will have already taken steps client side by making sure of file type, size, extension etc... then changing the name of the file before adding it to my DB... Is this secure enough, or am I asking for trouble down the road?
Thanks
Its generally a good idea to store uploaded content someplace where it cant directly be addressed by a browser. You dont want someone uploading a .php file (or some other format you forgot to check for) and then being able execute it by pulling up the direct url. Rather, you'd have a wrapper script that delivered the file.
So yes, its a good idea, but not 'necessary' (by the dictionary definition of the word). You can certainly choose not to do so if in your judgement the admin area is otherwise secure.
That said, in the scenario you describe, as long as its only admin users who can upload images, I dont think its a huge deal either way.
btw, if you are not already, verify the images by their file headers or content, not file extension.
Before I begin, I must warn you that I'm not much of a web programmer so my methods may seem somewhat roundabout and the terminology I use may be awkward.
Here's the situation. I'm developing a website for users to visualize data.
I have a public php page sitting in /var/www/thepage/index.php path (yes, Linux server + apache). This is the main page of the site and is also where users make selections in a form.
Upon form submission, a second php page will be called and this is where the form selections from the first php page are passed to the javascript that creates the visualization. In order for that to happen, csv files are first written into this directory using a php script that queries from a MySQL database.
Thing is, I want users to be able to see the visualizations but not be able to download the csv files (unless they are admin). How I allow admin to download the files is to create a protected (.htaccess) subdirectory /var/www/thepage/secure/ which has an index html that runs a cgi script once an admin logs in (prompted when a download link is clicked). This script copies the latest files (with dynamic names) from the /var/www/thepage/ directory and moves them to the secure/ directory with static filenames. Download links pointing to these files with static names are on the protected index.html. However, if a user looks at the source code of the 2nd php page, they can also download the files as they know the paths and they are not protected.
If remove file permissions, the php script won't be able to read the files either, causing the visualization to fail (I want normal users to be able to see the visualizations). It is also important to have the files because I have a cgi script (bash + awk) running a mathematical function on the files which also requires permission
Obscuring the filenames doesn't really work either since the files are written on the fly and the source code of the html page will reveal the obscured csv filenames being written.
How can I get around this problem? I would prefer not to have to create sessions and log-ins for normal users, etc...
As previously said, it's hard to hide anything on the net, especially if you need to send it to javascript. You could try hacking it a bit, could cost you a bit of performance, but would be a deterrent against people who aren't web savvy... But could also be seen as a challenge by others :)
A rough example would be something like..
$csv = fgetcsv("/var/www/thepage/secure/file.csv");
echo "<script type'text/javascript'>";
echo json_encode($csv);
echo "</script>";
Bit rusty here, but javascript should interpret the json as an object, that you can use in your code. You could go a step further and break the php array into sections before sending it off, making it harder to know what's going on.
Like I said. It's rough, but it could be a solution.
I would have imagined the best way is to store the files in a secure directory that isn't accessible in a web browser (outside of the web root). You could then show a list of the available files to authenticated users with a download link. When they click the link you could check they are logged in and if so then begin the file download.
PHP readfile - May help
I need a simple code to upload images to mySQL using PHP... short! snippet... and is it possible to upload an html, css file to mySQL?... its reason is complicated but all answers are appreciated!... EDIT:: say I have 1000 users.. and they each have their own layout for their page.. So inside their MYSQL record will be a html file, css file(possibly), and image(s)...
I am a big fan of using a filesystem for storing physical files, i've yet to see any solid reason why they are better off in a database.
To automate this process you could have a shell script called through exec
exec("/home/some/path/my_filesystem_creator.sh ".escapeshellarg($args));
or PHP's native mkdir or anything really. If you went for a structure like:
/common/
/userdirs/1/
/userdirs/2/
essentially all i would imagine you would need to do is create a user dir, and copy into it the default versions of their site assets - images/css/html etc.
This should be easy enough to manage
Are you asking how to store a file in the database?
http://www.php-mysql-tutorial.com/wikis/mysql-tutorials/uploading-files-to-mysql-database.aspx
Or do you need to know how to upload a file to your web server in order to display it in a PHP/MySQL website?
Your page would be faster, if you generate a directory on your filespace for each user and store their css/js/image files there.
The reason for this is, that when you like to output your images to the browser, you will need to establish an own db connection for each file (since each is an own HTTP request to a PHP file, selecting the image).
You might want to take a look at http://mysqldump.azundris.com/archives/36-Serving-Images-From-A-Database.html and http://hashmysql.org/index.php?title=Storing_files_in_the_database before doing that. Storing files in mysql is generally considered a bad idea.
Just use different CSS rules for each user. Create the CSS dynamically though PHP based on user-specific variables. For example, if they have a div with an avatar or some other personal image, just create a class that uses variables for images, and then you really only need one or two files at most to do the whole thing. I would use a heredoc, but you could just use quotation marks to integrate the PHP.
php creates your css -
.useravatar{ 'background: url($baseurl.$urseridpic)'}
In the html, the div just needs the class of 'useravatar' never needing to be changed.
is there a way to load css and/or javascript files from outside of the public web directory?
for example on my hosting service i have /public_html but don't want these files to exist in the public directory and want them in a directory outside of the public directory in a sibling directory /system (i am using codeigniter) within the /system/application/view/
Ultimately, Javascript and Stylesheets are processed on the client side. For that reason, there is no solution that would truly hide your javascript or CSS from the public.
One possible solution is to load the required CSS/ Javascript file via PHP using something like file_get_contents() and then outputting that directly to the page using inline styles / scripts.
This doesn't really solve your problem of hiding the code / styles from the public though. It would give you the option of filtering all code and styles through some kind of packer or obfuscatory, although there's no reason you couldn't do that with your static files (and at much less of a processing expense)
Yes -- in a way -- and Minify [http://code.google.com/p/minify/] is one approach.
Look at line 39 of the config file [http://code.google.com/p/minify/source/browse/trunk/min/config.php]. Here you will see where your minified cache sits outside of the web root. Now, I do not know if the source JS and CSS can sit in the same directory as the cache.
Not without a public facing proxy.
You will need to file_get_contents() or include them and then serve them to your page.
You can not just do ../../system and get above the DOCROOT.
They need to be processed by the browser, so they need to be accessible.
If you want to hinder people viewing your source in a human readable way, check out CSS minify and JS packer. These of course are only obfuscating the code. Anyone determined will be able to read your JavaScript and see what it does.
Why don't you want people to read your CSS or JavaScript?
I know what you mean twmulloy, it seems inconsistent to have 'view' related information in different places. However, consider that the JS and CSS files are resources that support the views, rather than parts of the view themselves.
That said, you can achieve what you want in a number of ways. One might be to write a controller that accepts requests for your JS/CSS assets and outputs a header and data from the relevant place (a view file, the database, anywhere in fact). However, this is inefficienty compared to just accepting the 'untidiness' of popping the files in a subfolder of the root level public_html. I, like many commentors above, feel this is the best solution for its speed and appropriateness; just having an 'assets' directory at the same level as the 'system' one, with images, css, js etc inside. You could use an alias or virtual folder to make things feel better for you...
However, there is a third way. There are libraries that do something JUST like what you want, with the added benefit of Minify (from the accepted answer) and compression, or whatever you fancy. The two libraries I know of are called AssetLibPro and Carabiner, and these allow you to specify an asset path (as you want), and then you load your JS and CSS files (with groups e.g. screen, print if needed). They then serve up all related CSS/JS etc as one file; compressed, minified, cached... whatever you need.
Carabiner: http://codeigniter.com/wiki/Carabiner/
AssetLibPro: http://codeigniter.com/forums/viewthread/78931/