I'm in the process of building a site that will help to organize my business. But I'm at a roadblock. Our site is coded in PHP and MySQL and as it currently stands, our contractors can upload images to our site, our site relabels the pictures and associates them with a work order (for ability to search later, if needed), then stores the images in our database.
However, what I want to do is have the images uploaded to their respective work order on our supplier's site. I have contacted our supplier and they will not allow us to access their server directly through the POST commands. So I'm curious if there is a way to still have our images uploaded from our site to our supplier's site. Their site is password protected. On their site, I find the work order associated to the work order and manually upload the images, but I'd like to find a way to do this automatically. The work order numbers between their site and ours are the same. Any ideas?
New Info
The comment I left below just states that I have to actually manually click the upload button, choose which photos to upload, then click "upload" to have the images uploaded. FTP is not allowed either.
If by "manually" you mean all by www after logging in, you can use CURL to simulate login session to their website (access login page to obtain session cookie, then post login data with that session cookie, and then with authorized session cookie you can GET/POST whatever you want from their website as authorized user). Use Firebug to track what requests are made and what data are passed from/to their website.
Since using CURL can be painfull (it's syntax is far from user friendly) you can try grab and extract Zend_Http from Zend Framework so you will have very easy syntax and it even work without CURL if you haven't it on your servers.
if they will grant you ftp access you can programatically transfer the images to them that way
or if they have some sort of api exposing methods to upload images
By "manually upload", you mean via FTP? You can do it with PHP. Here is the documentation.
For security reasons, I suggest you create an FTP user on your client's server which only has access to the images directory, and connect trough that account.
Related
I have a folder full of images on my server where my mobile app accesses them.
www.mysite.com/images/image001.jpg
Whoever has this link now can access the files. Also can comprehend that the images are in a certain order and thus guess the pattern etc...
The image links are gotten via the php inside the app that use token to verify the user is legit and indeed the request is coming from a mobile that has downloaded the app.
What I want to do is to secure the folder from external access and prevent people from accessing the folder and seeing everything from a browser and limit its access only via the php file.
I have used the trick of .htaccess with deny from all so that it show the forbidden message whenever someone visits from the web, however, all my JSON requests also do not work now.
What can I do to accomplish this?
You will have to serve the images with a PHP script that also checks that access is permitted.
Once you've done this you can simply store the images outside the web root, which makes them inaccessible from the web, except through the PHP file that serves them.
best option is to make the pic links randomized and un-guessable
so a pic link would look like this:
www.mysite.com/images/8Md9FhD1hANdIBUz4WVCzKR227fykTByq6SKHas5FyYJDr2EjAlIn1bS0f5gPJih.jpg
youtube use this method for "private" videos
users / bots cant be accesses randomly, and you cant guess the next pic.
when the user is authenticated display the link. the worst thing that can happen is that this user can share that link, (he can download and share not matter what you do)
when you save the picture on your server just randomize the name.
We have several webapps based in Wordpress and Codeigniter, which are based on different servers but under the same domain (ie: intranet.something.local) and most of them use Active Directory login credentials.
For Wordpress, I'm using a plugin called Active Directory Integration to log in with these credentials and it's working perfectly after configuring openLDAP.
The thing is, our client asked us to have a single log on for every app, meaning that once I'm logged into Wordpress, I should be logged in when I go to another app, that uses the same login user and password.
Is there a possible way to do this? And if so, where should I start?
I believe, that is possible in multiple ways..
Setup Single Sign On in your apps
Use a script which automatically copies User data from a web app,
and then using that information creates user login to the other
apps..Idea is to let user register for one site, and based on that information, register him to other sites automatically
May be, some sort of Database sharing be possible, but that would be
really really a tough job, still Possible (I believe, in Computer
Science, nothing is impossible forever)
create a common cookie file and when user switches the app, use that
cookies to get the user login in between different apps
There are different user for my website, and for each user there are separate PDF files, I want to give users privilege to download their files(but should not see the files of others users). Now I have created a login and I have the user-id in SESSION (I am using PHP for backend). So what is the secure way of accomplishing this task? Also how should I manage many of these PDFs on my server? (currently I have kept all the PDFs in one folder, but this seems insecure and I think these can easily be extracted by the un-authenticated user)
At a high level:
Store your PDFs outside of your webserver document root. Make them completely inaccessible to direct browser access.
Write a PHP script to handle download requests. This PHP page can check the session user ID to ensure the user is requesting a file that they are allowed to access.
Use header() calls and readfile() to then send the appropriate PDF file to the user.
Feel free to come back and post a question when you've researched and worked on this, and have a specific question with code.
I am trying to build an app for a photographer. These are his requirements:
Photographer can upload photos or files (files up to 20-30mb).
Photographer can categorize photos and files by client.
Photographer can create client username and passwords.
Photographer can send email from web interface to link to download. (which requires client login)
Client can login and view and download photos and files assigned to his account.
Photographer mentioned 1-2 terabytes of data needs to be stored.
So, my questions:
Is there an open source system out there that already does this.
Is there an app already out there that does this. Photographer currently uses "yousendit" but the free solution is not sufficient since data is lost after 2 weeks.
He mentioned he could host it on a box at his office, but his connection is limited.. thaughts? At that point storage space would not be an issue. I would have to code this app.
GoDaddy hosting for example does unlimited storage with one of its plans that is reasonable. If I coded my own app, this would be perfect. I do hate GoDaddy though..
I will listen to any alternative suggestions.
Thanks!!
I'm not sure about building an app like this, but SmugMug is an existing app that hits most of your requirements.
Can upload unlimited JPGs as part of base cost, other files can be uploaded at additional cost
Photos can be categorized into galleries per client.
Galleries can be locked down, with clients getting unique user/pass to their gallery
Not 100% sure if you can email a link directly from the site, but I believe you can.
Additionally, if you get a pro account, clients can order prints online (no need to build your own payment processing), you can "theme" the galleries how you like, automatic watermarking, etc.
The base cost is $40-$150/year, depending on what level you choose, plus whatever you need for additional file storage. Not sure if it meets all your needs, but just throwing it out there. Note: I am not affiliated w/ SmugMug, just a satisfied user.
The first question you need to answer is whether you will store the files in the database or on the file system. Given the amount of data in question, I would store the file on the file system and keep meta data about the files including their location in the database. The catch to this approach is that you have to keep the two in sync with each other. It is not particularly difficult to build that system.
The second question relates to where you store the files. You could store the at the same place where you host the site or you could use a cloud storage option like Amazon's S3 (or DreamHOst mentioned by J_B). One advantage of using cloud storage is that the site can hosted anywhere without affecting the location of the files.
DreamHost might not mind. They say they will give you all the storage your site needs with all plans (+ some extra for storing whatever you want).
I don't know about an app that does that. Doesn't sound REAL hard to write.
I have an application server, a database server and a file server, with the file server has its own subdomain name (i.e., file.myexample.com)
The file server stores all the images that are used in the application, the point is that I don't want the user to view those images without obtaining proper authentication first. So in a sense the access of these image resources must be properly authenticated, which means that only login users can access those images. If a anonymous user types in the URL of an image, the web application should redirect him to the login page.
I am looking for PHP and Symfony examples.
Use a PHP page to obtain you images, i.e. image.php?id=2345
WIthin the code for this page you can check the authentication of the user, then reutnr the image if they are allowed. You will need to specify the correct mime-type.