In my website, the user can upload a profile image. The website structure is as follows:
C:\xampp\htdocs
C:\xampp\upload\user1
For security reason, the upload file has been moved into folder C:\xampp\upload\user1\.
The question is how I can serve this image later to the user. In other words, after uploading the image, the user should be able to see the upload image on the web page. What should I do?
Here is what I can figure out
Introduce a new folder C:\xampp\htdocs\picture\randomimagename
which is used to temporarily save the user's picture.
Use the link to C:\xampp\htdocs\picture\randomimagename and serve it to the user.
Now the problem is when should I delete this image?
when the user logouts out. yes, I know how to do this.
when the user closes the browser. how do I know this?
any other cases.
Save the image to C:\xampp\htdocs\picture\randomimagename and then every once in a while, have a Windows Scheduled Task clean it out (e.g. when it's been more than 15 minutes since it was created).
That way you don't have to worry about doing it when the user logs out, or when the user closes the browser, or anything else. Tweak how frequently the job runs depending on how much you care about disk space vs how much you care about CPU usage/IO.
By the way, I hope you're not doing things like:
<img src="C:\xampp\htdocs\picture\randomimagename.jpg" />
that will only work when run on the server which Apache is running on. You want to use a proper path, relative to your site's root.
Related
I'm looking for a way to make a web server cache and provide resized images from another remote server.
Let's say there's Site A located somewhere in Africa. On Site A are JPEG images that are refreshed every five minutes (they're webcams). If you visit Site A from the US, the images take quite a while to load since the server is in Africa.
I have Site B. I would like Site B to display the four images from Site A, but I would like them to be served from a server here in the US (which is also where Site B is hosted). That way, they'll, of course, load much quicker.
I'm not familiar with script creation. I tried a few PHP scripts from CodeCanyon and the concept works, but there always seems to be a few minor bugs that cause the entire system to fail.
They work by providing the remote image URL after the local site URL (i.e. http://www.SiteB.com/image_cacher.php?=http://www.SiteA.com/image1.jpg). That's exactly what I want to do.
I'd like the cached images to be stored on the Site B server in a folder called "cache." That way, I can use a cron job to automatically delete the cached images every five minutes; the same frequency the webcam images are updated.
I've solved the cron job issue though, so my only dilemma now is creating some type of script (preferably PHP) that can achieve this.
There are many similar questions like this here, but they're all minutely different and I unfortunately haven't been able to find anything that can perform this task.
Thanks!
Background: I have a website where people can store transactions. As part of this transaction, they could attached a receipt if they wanted.
Question: Is there any security risk if a user is allowed to upload any type of file extension to my website?
Info:
The user will be only person to ever re-download the same file
There will be no opportunity for the user to "run" the file
They will only be able to download it back to themselves.
No other user will ever have access to another users files
There will be a size restriction on the say (say 2mb)
More info: I was originally going to restrict the files to "pdf/doc/docx" - but then realised some people might want to store a jpg, or a .xls etc - and realised the list of files they "might" want to store is quite large...
edit: The file will be stored outside public_html - and served via a "readfile()" function that accepts a filename (not a path) - so is there anything that can 'upset' readfile()?
Yes, it is definitely a security risk unless you take precautions. Lets say, to re-download the file, the use has to go to example.com/uploads/{filename}. The user could upload a malicious PHP file, and then 'redownload' it by going to example.com/uploads/malicious.php. This would, of course, cause the PHP script to execute on your server giving him enough power to completely wreck everything.
To prevent this, create a page that receives the filename as a parameter, and then serve the page to the user with the correct content-type.
Something like, example.com/files?filename=malicious.php
"There will be no opportunity for the user to "run" the file"
As long as you are 100% sure that that will hold true, it is secure. However, make sure the file will not be able to be executed by the webserver. For example, if the user uploads a .php file, make sure the server does not execute it.
Computers don't run programs magically by themselves, so basically you just need to ensure that the user has no ability to trick your server into running the file. This means making sure the proper handlers are disabled if the files are under the web root, or passing them through a proxy script if they are not (basically echo file_get_contents('/path/to/upload') with some other logic)
Another option would be to store the file like name.upload but this would require keeping a list of original names that map to the storage names.
I'm creating a website that generates a text file. I would like for the user to save the file to a specific folder (it's a backup file for a video game).
Is it possible to change the default folder the file is saved to via PHP or HTML? C#, while not my first pick, would also be acceptable.
If I understand correctly, NO you cannot default to a location on the users computer. This is just a security piece that you cannot get around.
Try educating the user before they download. That's the best way.
No file download locations are handle at the browser level
You could probably package the text file in an installer / extractor that loads it to the location you want, but I don't think you want to go that far ^.^
You cannot prompt the user to save the file to a specific place on his/her computer, you can however save some stuff on the users pc by the use of Web Storage, that is a part of the HTML5 spec. You will not be able to control where it will be saved though.
It would not be a smart move to store backups for your game on the users pc, as it would open a endless world of cheating and hacking.
HI,
I have a flash application (working demo here) which I'm using to let users take pictures of themselves on my website. The application takes the picture, then lets the user save it by invoking a PHP script located in the same directory as the Flash file.
Testing this on my local machine works fine - the picture saves as intended. However, once on my server, the saving no longer works. The flash runs fine - pictures can be taken, however the save button does not work. Why would the environments differ in such a specific way, and what might be preventing the save function from working?
You might just need to make the permissions on the directory you want to save the image into writeable. Typically, the default setting for most hosting companies is read only. This will probably be in your hosting companies control panel.
I have created a website.In that scaling an image option is created.. Now i want to store that scaled image in users desktop..But its saving in code existing folder..
Please help me by sending php script to store that file in desktop
If your website is going to actually live on the web instead of on people's computers locally then you can't directly save it to their computer. You can serve it to them with php as a file download by setting the proper mime-type and content headers (using header()) followed by the file itself, or better yet offer the user a download link so they can choose to download it themselves.
If your website is going to be used locally (a little odd, but it could happen), then you can use fopen(), fwrite() and fclose() in php to work with local files.
I don't think it is possible to do this without asking for user intervention on where to save the processed file. If you think about it, it would be a significant security flaw if a web server could arbitrarily save files to user desktops!
The best you could do is set the content header of the generated file to have a content disposition of attachment and then the browser will prompt the user where to save the file.