Is there any way to save a external web page to folder on server but with all webpage elements (JS files,images,css... etc.). Like you can do at browser with option save-complete-page but I need this to save with php on my server folder. And when include this folder to show the page as original. Maybe with curl or some php function ... ???
HOW TO DO THAT. please HELP!
p.s.I doing this for good reason not for stealing content!
and when I finising with operation and function I will empty the folder.
Are you saying that you want to visit a php site as a client (whether in a browser or via wget/curl/etc) and then save all related server-side files?
Without access to the server, that is not possible. The server-side content (e.g. the PHP pages and possibly some other parts of the site) are interpretted by the server before you as a client see any part of the site. You need server-side access to the files in order to see what is there before the code is interpretted.
Related
Is it possible to hide the .php file on the server...?
I have a website which sometimes calls php files inside iframes, now I wouldn't like it if somebody copied that code, so how would I hide it?
Or do I have to encrypt it?
Speed is a huge matter in my case, so anything that doesn't affect performance is appreciated!
Thanks
With a correctly configured web server, the PHP code isn't visible to your website visitors. For the PHP code to be accessible by people who visit your website, the server would have to be configured to display it as text instead of processing it as PHP code.
So, in other words, if you visit your website and you see a HTML page and not PHP code, your server is working correctly and no one can get to the PHP code.
Which code? Your PHP source code? The only code a user see is your html code, PHP is processed on the server side!
If your php-files are parsed by the http server, nobody can get them.
If you're still paranoid after the assurances provided here, you can make your code much more difficult for someone else to read by "obfuscating" it (Wikipedia link).
If you Google "php obfuscator", you'll find tons of PHP obfuscator products, many of them free.
Some examples:
PHP Obfuscator
Code Eclipse
Professional PHP Obfuscator/Encoder
Obfuscation does not affect performance. Only readability for humans.
If someone access a php file on your site all they will see is the code output by the PHP script (e.g. any HTML, or Javascript) - they won't see the source for the PHP page itself (and will have no way to access it).
If you are concerned about them seeing the output (e.g. the HTML the PHP script generates) from a practical point of view, there isn't anything you can do about that (the most you can do is obfuscate it, but that is largely pointless).
I have a website which sometimes calls
php files inside iframes, now I
wouldn't like it if somebody copied
that code, so how would I hide it? Or
do I have to encrypt it?
No, that makes no sense and would not work. You have to realize that the PHP code is executed on your server to serve a HTTP request, and that the iframe results in a separate HTTP request from the main page.
If you want to prevent others from including the iframe in their own page, you could check the referrer header and have the iframe page show an error if the referrer is not from your site, but that could cause problems for some legimitate users and can also be circumvented.
Alternative solution: do not use iframes; instead, integrate the PHP code that currently displays the iframe's content in your main page. This will work for all users and cannot be circumvented.
Of course, you still can't prevent others from requesting your page, extracting the content from the HTML and displaying it on their page - that's just how the internet works.
Put your important files like passwords login etc into a folder outside the web folder. E.g. under C: you can set this include path in php ini file. Then you are pretty safe. Definitely you should store your mysql access code outside the htdocs folders. I think The php code is "includes". So check yourself. Good luck
So I'm a bit confused about what crafty users can and can't see on a site.
If I have a file with a bunch of php script, the user cant see it just by clicking "view source." But is there a way they can "download" the entire page including the php?
If permission settings should pages be set to, if there is php script that must execute on load but that I dont want anyone to see?
Thanks
2 steps.
Step 1: So long as your PHP is being processed properly this is nothing to worry about...do that.
Step 2: As an insurance measure move the majority of your PHP code outside of the Web server directory and then just include it from the PHP files that are in the directory. PHP will include on the file system and therefore have access to the files, but the Web server will not. On the off chance that the Web server gets messed up and serves your raw PHP code (happened to Facebook at one point), the user won't see anything but a reference to a file they can't access.
PHP files are processed by the server before being sent to your web browser. That is, the actual PHP code, comments, etc. cannot be seen by the client. For someone to access your php files, they have to hack into your server through FTP or SSH or something similar, and you have bigger problems than just your PHP.
It depends entirely on your web server and its configuration. It's the web server's job to take a url and decide whether to run a script or send back a file. Commonly, the suffix of a filename, file's directory, or the file's permission attributes in the filesystem are used to make this decision.
PHP is a server side scripting language that is executed on server. There is no way it can be accessed client side.
If PHP is enabled, and if the programs are well tagged, none of the PHP code will go past your web server. To make things further secure, disable directory browsing, and put an empty index.php or index.html in all the folders.
Ensure that you adhere to secure coding practices too. There are quite a number of articles in the web. Here is one http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html
There is a webpage based on PHP which use a swf flash file.
inside .swf flash file there is a link connection to a website like
something.com
How can i write a code for preventing it to connect to something.com from inside PHP file?
Thanks
You can't. You are going to have to change the fla file and compile it and then use the new swf. Why? Because the swf runs on the client side. So, when the swf tries to open a page, the client will decide whether to allow or deny it, and in most cases, clients allow.
Remember, the swf will not poll your php asking if it has permission (unless it is so designed) so you don't have much of a choice, really.
So if you have a PHP page, while if someone loads that page they may not see the server side run PHP code; if they grab the source, the file itself is still publicly available, because if you make it not publicly available the person would not be able to load that page.
Thus someone could with the right knowledge 'grab' that file and then read the serverside script stuff.
So is it not safer to make a 'proxy'. for example, AJAX post call to a PHP page (called script handler) and pass a string with the first 2 char being the id to the PHP script to run and the rest of the string being the data for that script, then the script handler runs and include based on the number and returns the echoed back HTML that is then displayed.
What do you guys think? I have done this and it works quite nice, if I grab source all I get is an HTML page with a div container and a javascript file with ajax calls to script handler.
No. Your 'workaround' does not fix the problem, if there ever was one.
If a client (a browser) asks a 'resource' (a page, for example) from a webserver, the webserver won't just serve the resource as it finds it on disk.
If you configured your webserver well, it will know that
An .html, .gif, .png, .css, .js file can just be served as-is.
A .php, .php5, .cgi, .pl file has to be executed first, and the resulting output has to be served.
So with a properly configured server (and most decent webservers are properly configured by default), grabbing the PHP source just by calling the page is impossible - the webserver will know to execute the source and return the result.
But
One of the most encountered bugs when writing your own 'upload/download script' is allowing users to upload/download .php (or other executable) files. If your own script 'serves' the .php file by reading it from disk and writing it to the net, users will be able to see your code.
Solution:
Don't write scripts unless you know what you are doing.
Avoid the not-invented-here syndrome (don't reinvent the wheel unless you are sure you NEED a better wheel AND can MAKE a better wheel)
Don't solve problems that don't exist!
By the by:
if your webserver was mal-configured and is just serving .php files as viewable/downloadable files, your 'solution' of calling it by ajax would not change this... Ajax still is client-side, so any client could bypass the ajax and fetch the script itself.
If your web server is configured correctly, users should never be able to view the actual contents of the PHP file. If they try, they should see the actual output of the PHP script as your web server reads and executes it, then passes that as the response to the HTTP request.
Furthermore, you need to understand that users can easily still look at the file the AJAX request is fetching; all they need to do is install Firebug, or use the Chrome developer tools, and they'll be able to see the full URL the file is fetched from.
So to sum up, firstly you shouldn't need to use this kind of 'security technique' for PHP files, and secondly, the 'security technique' will not stop anyone with more than a passing interest in your data.
i am facing the problem in coping the images from one folder to another . It is possible through JS means please guide me, i had the image path (eg : C:\Program Files\xampp\htdocs\gallary\images\addnew.gif ) just i want to copy the images to another folder using js .thanks in advance.
You cannot use javascript to do this within the web browser. Javascript can only execute code in the browser of the person viewing the web page, not on the web server. Even then, javascript is "sandboxed" for security so it cannot access the users files, etc. Imagine the privacy problems if every webpage you visited had access to your My Documents folder!
PHP, however, can do this on the web server (I assume you have PHP instaled because you have XAMPP in the path to your image). The relevant PHP function is copy:
bool copy ( string $source , string $dest [, resource $context ] )
In your case, you probably want to call it like this:
success = copy('C:\\Program Files\\xampp\\htdocs\\gallary\\images\\addnew.gif', 'C:\\images\\addnew.gif')
if (!success){
echo "Could not copy!"
}
The simplest way to trigger this file copy is when a PHP web page is loaded. However, if you want to trigger this file-copy via javascript, you might want to look into using an AJAX style technique, where a javascript event sends an HTTP request to your web-server in the background. The web-server can then do the file copy in PHP. If you do take this approach, I would recommend that you:
Use a javascript API like jQuery which has built in functions to make this easier.
Be very very careful about security. You don't want someone snooping around on your website to be able to delete or copy arbitrary files.
You could use MS JScript http://msdn.microsoft.com/en-us/library/e1wf9e7w(VS.85).aspx
fso = new ActiveXObject("Scripting.FileSystemObject");
fso.CopyFile ("c:\\mydocuments\\letters\\*.doc", "c:\\tempfolder\\")
this can't be done from a browser, but you can run it in windows (using the windows script host) directly. You could also do it with node.js (server side javascript) which would be a more cross platform way. If you're trying to do it from in the browser on the client side it is not possible from any language for obvious security reasons.