Is it possible in PHP to configure it to somehow not save files to disk at all? As a matter of fact, the best thing would be to get the script going before even reading the entire POST body. (Keeping my hopes high ;))
You can turn off file uploads via a configuration setting in PHP.
http://php.net/manual/en/ini.core.php#ini.file-uploads
PHP needs a place to temporarily store the files content for you to be able to interact with it through PHP - although, you don't have to do anything else other then access the temporary file to get the data:
$content = file_get_contents($_FILES["user_file"]["tmp_name"]);
From here on you can manipulate with the files content without having to move the uploaded file to another location before accessing it.
You can use HTTP PUT requests to directly upload a file. PHP will not handle the upload directly (e.g. set it up in $_FILES). Instead, you have to read the raw bytes from the php://input pseudo-url and from there can do whatever you want.
There's some details and examples here.
Related
We are using Zend_Form inside a PHP application for building an input file html element. We can set the 'destination' of this element, and when calling receive() the file will be saved to the specified location.
We want to be able not to save the file to disc at all, but grab the file as a byte array and do something else with it.
Is this possible? If it is not possible with Zend_Form(), can it be done any other way?
EDIT: The reason why we cannot write to disc is because the application runs on Azure, and it seems that it does not have write access rights anywhere, not even in the temp folder. We get an exception from Zend saying that 'The given destination is not writeable'.
The only thing that seems viable would be to save the file using the php://memory protocol.
I've never had reason to implement but it looks a simple as setting the save location of the file to php://memory here is the link to the manual page PHP I/O Wrappers.
All PHP uploads are written to the file system regardless of using Zend or not (see upload_tmp_dir and POST method uploads).
Files will, by default be stored in the server's default temporary
directory, unless another location has been given with the
upload_tmp_dir directive in php.ini.
Instead of using receive to process the upload, try accessing it directly using the $_FILES array which would let you read the file into a string using file_get_contents() or similar functions. You can however, still use Zend_Form to create and handle the form in general.
You could set up shared memory upload_tmp_dir to map a filesystem to memory where uploaded files are held. Be cautious with this as if someone attempts to upload a very large file, it will go into memory which could affect performance or your cost of service.
Ultimately, Zend_File_Transfer_Adapter_Http::receive() calls move_uploaded_file() to move the file from its temporary location to the permanent location. In addition it makes sure the upload is valid and filters it, and marks it as received so it cannot be moved again (as that would fail).
So I know how to upload a file to a web-server with PHP. Instead of uploading it though, I just want to read the data from the file and use it, WITHOUT the upload part. Could someone link me up or give me an example plz?
from HTML, the file is always uploaded to the server, to a temp directory. if from PHP you don't move it to another directory, it will be deleted later, but you can still use it and read it on the script that handles the upload, as shown in the example of is_uploaded_file()
The only way to do that is to send the data of the file via POST and work with it via something like
$postData = file_get_contents( 'php://input' );
PHP is a server-side language, which means it either needs a server-side copy of the file (since it can't access the client) or you need to send parts of the file via common HTTP request methods that PHP can work with (POST or even GET)
There may be a way using JavaScript, but I can't think of any
a javascript possible solution:
https://developer.mozilla.org/en/DOM/FileReader
not cross-browser, works only in firefox and webkit html5 api compatible versions
How to use PHP or any other language to read an uploading-file to allow download of the uploading-file while it is uploading?
Example sites that does this are:
http://www.filesovermiles.com/
http://host03.pipebytes.com/
Use this: http://www.php.net/manual/en/apc.configuration.php#ini.apc.rfc1867
In the array the file name is included as temp_filename - so you can pass that to your other program, which can read from the file and stream it live. The array also includes a file size so that program can make sure not to try to read beyond the end of the file.
I don't think this is possible in PHP because PHP takes care of receiving the download and only hands over control when it has the complete file. When writing CGI programs or Java servlets you read the upload from the socket so you are in control while receiving the file and you can administer if it is still uploading and how much has been received so another process could read this data and start sending what is already there.
One of the site's you've given as an example is just downloading a file from an URL or from the client computer, stores it temporarily and assigns a code to that file to make it identifiable.
After uploading, any other user who has the code can then download that file again.
This is more a question how you operate a server system then writing the code.
You can download files to the local system by making use of file_get_contents and file_put_contents.
If you want to stream file-data from the server to the browser, you can make use of readfile PHP Manual.
If i had a text file on my web server, which contains full PHP code, all properly formatted, could i use PHP fopen to read the text file and echo the output of the PHP to the browser. Ie. Run PHP code that is held in a text file rather than hard coded?
Thanks
It's perfectly possible to do this (it's just another file after all), although I'd be tempted to directly include it rather that messing around with fopen/eval, etc. (N.B.: The file would of course have to be "fully formed" and begin with "<?php", etc. for the include to work.)
However, I'd be very wary of naming the file with a .txt extension as this will mean that it'll be possible to browse the contents of this file directly from the browser if it exists in the public HTTP docs area. As such, why not simply write the data into a .php file - this will be no more difficult than a .txt file and offers the advantage that it always be parsed by the web server if someone attempts to access it.
You can read in the file as you suggested using fopen you can then execute the string that is read in using eval. I wouldn't recommend this. Try another solution to what ever the actual problem is.
I want to allow users to put in am img url instead of uploading an image, the image would then go through my thumbnailing class.
Is file_put_contents the best method?
Yep, you can get the contents of a file given its url using file_get_contents, and then just write that to disk, or pass the contents to your thumbnail class to save. There might be safe_mode restrictions on this, but usually it's fine.
file_get_contents will work fine for pulling an external image.
Just bare in mind that some hosts put restrictions on fopen and fopen's wrappers (like file_get_contents and file_put_contents). These can be an all out block on fopen or restricting what it can access (like external files).
Beware of security implications!!! If you aren't careful, users will be able to put ARBITRARY STUFF on your server - including an evil PHP script, renamed as an image! All that they'll have to do to pwn your server when that's done is to rename the file to .php... Be careful.