I need to access an Excel file on a Windows Share using PHP but seem to be running into what looks like an authentication issue.
I'm using PHP-ExcelReader to open and read the file. Works fine on my local machine but the server I'm putting it on doesn't have the rights to access this share, and so its telling me that the path is unreadable!
I'm not even sure the path I have for accessing this share is correct:
$file_to_include = "\\\\10.9.8.7\depts$\ExcelFile.xls";
But it works on my machine, as I said so I'm happy with that.
Is there any way I can add my credentials in here somewhere?
Path \\10.9.8.7\depts$\ExcelFile.xls must be locally accessible to the client, since PHP has no SMB support.
EDIT: At least not natively, try smb4php
Your path is correct.
One thing you could try is to share the drive on the server, then map the shared drive on each users computer (make sure they are all the same drive letter, or name), or just your computer. If it's not too many, the users computers would be better, in case you're out, or forget to authenticate. This way, when the user authenticates, it opens the drive up. You can then call the drive via something like:
$file_to_include = '\\\\'.$_SERVER['REMOTE_ADDR'].'\mappedDrive\file.xls';
You path is correct, but keep in mind, that $ amd backslash is a special-char in php when using double quotes.
So you could either write:
$file_to_include = '\\10.9.8.7\depts$\ExcelFile.xls';
or you use double quotes but you add a extra backslash before the special signs
$file_to_include = "\\\\10.9.8.7\depts\\\$\\ExcelFile.xls";
or you yust use forward slashes as directory separator, but the dollar still must be escaped
$file_to_include = "\\\\10.9.8.7/depts/\$/ExcelFile.xls";
About the authdata: if you are running a php file, it usually inherits the permissions of the starting process.
What means, if you already saved the auth for this share in your explorer and you are starting a php, the php file inherits this already saved permissions.
But dont forget, when you run a php in a webserver, this webserver is maybe running in a different user, which dont has the same permissions like your currently logged in user.
Related
I'm loading a html file hosted on the OS X built in Apache server, within that file I am linking to another html file in the same directory as follows:
<a href="2ndFile.html"><button type="submit">Local file</button>
This works. However (for reasons too lengthy to go into) I am experimenting using the file: scheme instead, however I cannot get anything to work. Here is how I am re-writing the above line using file:
<a href="file://192.168.1.57/~User/2ndFile.html"><button type="submit">Local file</button>
(192.168.1.57 is my current IP address)
Changing it to the following does also not work:
<a href="file://Name-Of-MacBookPro/~User/2ndFile.html"><button type="submit">Local file</button>
But the file cannot be found, how should it be specified using the file: scheme?
The file: URL scheme refers to a file on the client machine. There is no hostname in the file: scheme; you just provide the path of the file. So, the file on your local machine would be file:///~User/2ndFile.html. Notice the three slashes; the hostname part of the URL is empty, so the slash at the beginning of the path immediately follows the double slash at the beginning of the URL. You will also need to expand the user's path; ~ does no expand in a file: URL. So you would need file:///home/User/2ndFile.html (on most Unixes), file:///Users/User/2ndFile.html (on Mac OS X), or file:///C:/Users/User/2ndFile.html (on Windows).
Many browsers, for security reasons, do not allow linking from a file that is loaded from a server to a local file. So, you may not be able to do this from a page loaded via HTTP; you may only be able to link to file: URLs from other local pages.
the "file://" url protocol can only be used to locate files in the file system of the local machine. since this html code is interpreted by a browser, the "local machine" is the machine that is running the browser.
if you are getting file not found errors, i suspect it is because the file is not found. however, it could also be a security limitation of the browser. some browsers will not let you reference a filesystem file from a non-filesystem html page. you could try using the file path from the command line on the machine running the browser to confirm that this is a browser limitation and not a legitimate missing file.
The 'file' protocol is not a network protocol. Therefore file://192.168.1.57/~User/2ndFile.html simply does not make much sense.
Question is how you load the first file. Is that really done using a web server? Does not really sound like. If it is, then why not use the same protocol, most likely http? You cannot expect to simply switch the protocol and use two different protocols the same way...
I suspect the first file is not really loaded using an apache http server at all, but simply by opening the file? href="2ndFile.html" simply works because it uses a "relative url". This makes the browser use the same protocol and path as where he got the first (current) file from.
I had similar issue before and in my case the file was in another machine
so i have mapped network drive z to the folder location where my file is
then i created a context in tomcat
so in my web project i could access the HTML file via context
For apache look up SymLink or you can solve via the OS with Symbolic Links or on linux set up a library link/etc
My answer is one method specifically to windows 10.
So my method involves mapping a network drive to U:/ (e.g. I use G:/ for Google Drive)
open cmd and type hostname (example result: LAPTOP-G666P000, you could use your ip instead, but using a static hostname for identifying yourself makes more sense if your network stops)
Press Windows_key + E > right click 'This PC' > press N
(It's Map Network drive, NOT add a network location)
If you are right clicking the shortcut on the desktop you need to press N then enter
Fill out U: or G: or Z: or whatever you want
Example Address: \\LAPTOP-G666P000\c$\Users\username\
Then you can use <a href="file:///u:/2ndFile.html"><button type="submit">Local file</button> like in your question
related: You can also use this method for FTPs, and setup multiple drives for different relative paths on that same network.
related2: I have used http://localhost/c$ etc before on some WAMP/apache servers too before, you can use .htaccess for control/security but I recommend to not do so on a live/production machine -- or any other symlink documentroot example you can google
Good day! I have hit a wall.
I'm trying to get PHP to load a file from a folder on another server and have tried so many methods and variations of permissions (IIS/PHP use Windows Authentication) but have yet to find a solution. I am so close I can taste it.
The files are in a folder on the other server e.g. \\otherServer\my_photos
In order to access them this I have created a symbolic link on the server hosting the PHP site, e.g.
C:\my_photos > \\otherServer\my_photos
I am then doing various tests to determine whether or not the page has access, e.g:
$path = 'C:\\my_photos';
$isReadable = is_readable($path);
var_dump($isReadable);
The above returns TRUE.
However, if I do this:
$path = 'C:\\my_photos\photo_1.jpg';
$isReadable = is_readable($path);
var_dump($isReadable);
It returns FALSE.
The permissions on the file photo_1.jpg are identical to the folder my_photos so I suspect the cause is something else, such as some sort of security restricting affecting access to files on other servers, but I am out of ideas. I will reward any assistance with virtual gratitude and am even willing to draw you a picture with a personal message.
UPDATE:
If we switch Windows Authentication off and Anonymous Authentication on (running under the ApplicationPoolIdentity) it works, which seems to suggest that a) it's not some confusing cross-server security issue and b) the problem may relate more to the way PHP/fastCGI impersonates Windows users. Will switch back to Windows auth and keep testing!
I managed to get this working (after three days of head-scratching) by changing the FastCGI 'protocol' from NamedPipe to TCP, as detailed in this answer:
https://stackoverflow.com/a/41367358/1358231
I'm still not entirely sure why this works but will keep looking. In the end there was no need for a symbolic link (or mapped drive) - we could access the remote file directly via the UNC path.
You forgot to escape the slash preceding the directory name. It should look like this.
$path = 'C:\\my_photos\\photo_1.jpg';
$isReadable = is_readable($path);
var_dump($isReadable);
Every slash gets escaped, so, \otherServer\my_photos would become:
$path = '\\\\otherServer\\my_photos';
Note the four slashes before the server name, and the two slashes before the directory name.
I'm using Symfony, and the component Finder. I want to get a file whose name begins with dot (".file.txt") and this file is in other server.
If I do this:
$finder
->files()
->ignoreDotFiles(false)
->in("ftp://user:pass#exmple.example:/myDir/")
;
I don't get any file but, if I rename the file and remove dot
("file.txt") then I can find it.
If I try to find files that start with dot in my local computer then
it finds it well. Like here
So my question is: Why the method ignoreDotsFile doesn't works when is ftp address?
The code is very simple and clear, so if does not work is by a bug of Finder + FTP component.
In fact FTP causes a lot of bugs like these:
Options not working
Bad performance
More
If connects with a windows machine this code would work fine but the problem was with linux server.
Answer provided by: Javier Eguiluz
I would like to ensure that any scripts that are trying to "include" my database connection file are located under my own domain. I don't want a hacker to include the database connection file to their malicious script and gain access to my database that way. My connection file's name is pretty easy to guess, it's called "connect.php". So without renaming it and taking the security through obscurity route, how can I protect it by making sure all connection requests are made by scripts residing under my own domain name? How can this be checked using PHP?
Generally speaking if someone tries to include a file on your domain, they will see the results of the execution of that file. What do you see when you load the connect.php script in your web browser? Thats what they'll see as well if they try to include a remote file.
That said, its generally a good idea to keep important files inaccessible from the outside of your public web space. So, if your website is /var/www/yoursite/ then keep your connect.php in /some/dev/dir/yoursite and include the files from your pages using require_once '/some/dev/dir/yoursite/connect.php';
thetaiko's answer addresses the fundamental issues here - but if anyone else has access to run code on the server (i.e. its a shared server) then access to the file will depend on how the server is configured.
There are lots of ways that access might be constrained - e.g. suphp, base_opendir, multiple chrooted servers. The only way to find out what's going on for sure is to casr yourself in the role of the hacker and see if you can access files outside your designated area.
C.
What do you mean by including your connection file? If a script does include "connect.php" then they can see the source code of the file, so whatever security measures you add to that file will be pointless, as it will be like:
if($notFromHostname)
{
echo "DONT LOOK AT THIS";
die();
}
define('DB_PASS',"myPassword");
...
And the "hacker" will clearly be able to see your password. You are probably better off using something like iptables to deny hosts that are not from a specific domain.
Are you on a shared server and don't want other users of the same server instance to be able to get at your files? That'd be up to your server provider, then, to provide some sort of chroot or virtual system to keep your things in. For Apache, mod_suid can accomplish this nicely, and each vhost gets its own userid and permissions set.
If you want external users to not be able to get at your files, then unless you've badly munged your code, or the server's badly misconfigured, then all they'll get when they visit http://yourserver.com/connect.php is a blank page
No other user than yourself should have access to your PHP files in any way, as Felix mentioned. However, this is how you'd check in PHP:
if($_SERVER['SERVER_NAME'] != "example.com")
die("I've been kidnapped!");
I'm trying to write a PHP script to copy the files from your local machine to a server:
$destination_directory = 'I:\path\to\file\' . $theme_number;
if(!#opendir($desination_directory)) {
echo 'Sorry, the destination directory could not be found.';
die();
}
I check the access to the destination folder with that process, and I keep getting the error return. Anyone know what I'm doing wrong? I pretty much have everything else in place. I just don't know how to access this other server.
Addendum: I accepted an answer below, because it is technically correct, and I was able to get the Apache server to be accepted by the IIS server, however, for what I was trying to accomplish (giving anyone who used the script unfettered ability to move files to the server), it was infeasible. I would've had to set up specific functionality on each of their computers. It seems the best workaround would be to establish the script on the server to which you would like to copy your files, and then move them from your local drive to that location in a more traditional means. That would mean a file server with CGI-exec capabilities, though, which our server did not possess.
I'd guess that you are on windows and that you have I: mapped to a share such as \\server2\files ...
If so, that's your problem. These mappings are only avaialble to the current users (eg, the admin account), not to the IUSR account that your php is probably running as (assuming IIS). Solution, don't use mappings, instead use the full 'unc' path name, ie '\\server\share\folder\file.ext', also remember that the IUSR account will need access to these shares/folders/files
Is this other server accessible via I:\path\to\file\\?
If PHP is reporting an error opening the directory, you might want to make sure it exists and you have access permissions to it.
Also, the two slashes (\\) may be causing problems too. Try checking that.
$destination_directory = 'I:/path/to/file/' . $theme_number;
You might also want to look at the FTP functions.