When I link directly to an uploaded file in a Zend Framework based project I get differing results depending on if I'm working in my local environment or my remote environment.
In both cases I want to link to an uploaded photo. The generated URL looks like:
http://whateverserverweareon/projectfiles/project18/photos/aphoto.jpg
On my local machine clicking that link will show me the photo, in my remote machine it gives me a warning about "invalid controller..." (as, while I do not have a "projectfiles" controller, the uploaded photos are in the projectfiles directory on the path specified in that sample url).
So how do I link to these uploaded photos? Create a controller just so I can link to them? Can I bypass the controller altogether and link directly? Is there some sort of custom route I need to create? Should I be doing this in a completely different manner? Any suggestions?
The exception means that on remote mashine your file does not exists in specified location. Standard rewrite rules in .htaccess file is written so that if your file exists (i.e. /projectfiles/project18/photos/aphoto.jpg) then index.php file of ZF will not be executed. You should check that your file exists.
ischenkodv is right.
And also, it's a better practice to put your file somewhere out of index.php's directory tree. Perhaps another subdomain.
Related
If I place video file to for example
www.myweb.com/webroot/video.mp4
I am able to play it in VLC player in streaming option. I am using CakePHP 3 framework.
Where this file is placed in
/volume1/web/myweb/webroot/video.mp4.
But my question is how do I create link to file which is in Synology NAS, its link is:
'/volume1/video/Films/video.mp4'
To be accessible from a web?
I added to open_basedir in PHP in a directory :/volume1/video;
Instead of pointing to the actual file, have you tried reading the file using a PHP script?
For example, your site could have a link such as yoursite.com/video.mp4, but instead, you could have yoursite.com/getfile.php?f=video.mp4.
This getfile.php script can securely get the file from anywhere in your file server where your www user has access.
I personally use the readfile_chunked function documented here in the comments, as well as the appropriate headers needed to be sent before.
Note: Make sure you secure your getfile.php script to prevent users from reading any files on your drive. In my case, I force my script only to accept certain keys which correspond to actual files (ex: yoursite.com/getfile.php?filekey=Ab183Fca82, where Ab183Fca82 points to video.mp4)
I am attempting to create a script in PHP which reads and includes all files from a directory which is above the domain name directory.
For example:
My domain name is example.com and located in /var/www/html/example.com/ and I want /var/www/html/example.com/file.php to be able to read from:
/var/www/html/videos/video1/ which contains index.html and the folders:
/var/www/html/videos/video1/images/ and /var/www/html/videos/video1/scripts/
e.g. www.example.com/file.php?dir=/var/www/html/videos/video1/index.html
If I use include (/var/www/html/videos/video1/index.html) it will only call the html file, which is done perfectly. However all the files in images folder and the scripts folders are not able to load.
I don't want to copy or call each file separately. I want to be able to only need to call index.html and then make the browser think it's in that directory and automatically read any file within there.
I know this works because Moodle uses this method (in file.php) to protect learning files by storing them in a moodledata folder which is one level above the public folder.
I've had a look but cannot make sense of it and I've searched the Internet to achieve the method I have explained above but have not had any success.
The reason I want to do this is to avoid having duplicate video files on the server for other sites that are hosted on the same server.
Many thanks in advance and for taking the time to assist.
$dir = realpath(dirname(__FILE__)."/../");
This would be the directory you are looking for. Require files relative to that.
To output a different file look at readfile which outputs straight to the buffer or perhaps use file_get_contents which can be held in a variable.
See if you can load an image in the browser directly, if you can it's probably a problem with your code, if you can't it may be a rights issue.
I am trying make a php script to list the files of a folder above my web directory...I follow a small thing I found here which talked about
a symlink pointing to /var/uploads
a Apache Alias directive Alias /uploads /var/uploads
I did both of these.
$myDirectory = opendir("/var/stuff/stuff/");
That directory there links to like when I go in winscp and click that folder it directs me to it....and when I run my script to list all files inside /var/stuff/stuff/ it lists what is in /home/stuff/stuff.
The thing is when I click the links that it produces I get a not found on the server
The requested URL /stuff was not found on this server.
Would someone please be able to assist me with this?
Since the files are not under the root directory, you will not be able to download them directly, but What you can use for this issue is to create a downloader gateway.
I'll explain:
create a php script somewhere in your app, lets call it downloader.php
the downloader script would get a parameter, lets say: filename
now we could call the script like: http://YOUR-URL/downloder.php?filename=file-to-download
in your downloader.php file you can get the file name, read it from the file system, then force it to be downloaded by out puting its content and configure the correct headers
I'm not sure if you still need that but, if you need more assistance I can help you more with some code samples
ideally you can use .htaccess to hide your downloader gateway script
I'm developing a very simple PHP upload feature in my site to permit users to upload JUST images. Apart from checking the mime-type through php I wanted a .htaccess file to rule what can be uploaded and what can't.
I want to insert the .htaccess in my root folder and from there writing the rules for all the folders I need to be ruled.
It's the first time I work with .htaccess and from the internet I was able to find this:
http://pastebin.com/0KNHEbw0
But it doesn't work. I'm testing it locally with my xampp on win7 and I see that I can upload any type of files in the "oggetti" folder.
What's that is wrong?
And then, to rule other folders should I write something like this?
http://pastebin.com/dFMUu1g0
Thank you in advance!
You can't control what files are uploaded through a .htaccess file: Apache, the web server parsing those commands, deals with serving the files only.
You will need to do these checks in the PHP script that handles the upload process. Note that checking the MIME type sent with the file is not a reliable method to determine a file's type! The value sent can be manipulated by an attacker. To ensure a file is an image file, you could e.g. use getimagesize().
This cannot be accomplished using .htaccess. I'm guessing what you're trying to do is prevent malicious scripts from accidentally being executed on the server. The way I normally handle file uploads like this is:
Insert filename, mime-type, etc., into a database with an auto_increment ID.
Use the ID as the file name - no extension, and place the file in a directory outside of your webroot. This way you're certain nobody can execute the file.
When a file is requested, query the database for filename mime-type and id, and send the file to the user with readfile() (follow the link for an example).
I have read the following tutorial "Uploading Files To the Server Using PHP"
and have several questions related to the topics.
Q1> The tutorial mentions that
"Note that PHP must have write access
to $uploadDir or else the upload will
fail"
For me, I only allow the user to upload the file after the user has login to the website.
If we set that $uploadDir permission as 777, then everyone can have written permission to that folder. How to avoid this problems?
Also I am using WAMP as my testing bed, can I simulate the same case as a real web server?
Q2> In order to prevent Preventing direct access, the tutorial mentions:
"A better approach is to move the
upload directory away from your web
root. For example, the web root for
this site is:
/home/arman198/public_html/ to prevent
direct listing i can set the upload
directory to /home/arman198/upload/."
Now my problem is that how can I display the uploaded images on other website pages. Since, the upload is not accessible directly anymore? I need to display the uploaded image save personal headshot dynamically on other website page. Is it possible?
Thank you
It's a common problem.
All modern computers have a temporary files directory. On Linux/Unix it's /tmp, on Windows it's usually c:\temp. The OS install will have set permissions on that directory so that anyone can write files there but only privileged users can delete files that don't belong to them. This is where PHP will want to put an uploaded file; your application then has to move it elsewhere (this is the purpose of the move_uploaded_file() function). PHP under Windows may need upload_tmp_dir actually set in the php.ini file.
Once you have an uploaded file, you can shift it whereever you like, including to where the webserver can read it to serve it. The biggest problem with that it is awfully easy to put this directory inside your codebase. Don't do that. As soon as you do anything beyond editing the files inside the directory they are served from, it will be problematic. Trust me: I've dealt with a few times this in code I've inherited. It's easy to let your webserver load files from a location outside your codebase.
The other alternative is to produce a download script. That way the file need not be servable by the webserver at all. One disadvantage is that you don't get to leverage the web server's MIME translation, but then, that lets you control which types of image files are permitted.
For the second question, you can use a PHP script intead of direct access to the directory. Lets name it image.php. Lets assume that it can take a parameter id, like image.php?id=image_id. In that file you can get the id using superglobal array $_GET. Then you can search for images with that Id and just send it as response.
First one I'm not sure, but maybe play with .htaccess file.
And for the first question, try setting your permissions to 775. That should allow PHP to write the file to the directory without giving the general public write access.