Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 5 of 5
  1. #1
    Junior Member Hobgoblin's Avatar
    Join Date
    Sep 2003
    Location
    San Diego, CA
    Posts
    12
    Member #
    3248
    Hi.

    A member only section of my website is accessed using .htaccess and a "Require group". Access is granted using the username and password values in the URL:

    http://userassword@mysite.foo/members/dir/index.php?sql=43

    I use a PHP file that digs out the directory from the database using the "sql" variable, and prints the filenames and filesizes of the directory's contents. This works perfect when the PHP file is *in* the directory that holds the files (and is protected with .htaccess).

    However, when I run the script from another directory (root of /members/), all the file sizes come out as 0.

    My question is -- is there a way that the username and password session information can be used in the PHP file so the script can print out the file sizes wihtout the script being in one of the protected directories?

    I would also prefer to hide the directories in the link and let the database do the work by sending the username and password through the URL via query string such as:

    http://mysite.foo/members/download.php?sql=43|username|password
    (Using explode() with the "|")

    Or by using this method:
    http://usernameassword@mysite.foo/members/download.php?sql=43

    Ideally, I would also like to disable people from being able to change the id number in the query string (in this case "43") and seeing the download page for the other areas they may not have access to (even though they have to have that directory enabled for them in the passwd file - It would make the site more secure if access to the individual pages were restricted to anyone without a password for said area).

    Thanks for any help

    -H
    Michael Willey
    Southland Digital Web Design & Photography
    http://www.sldigi.com/

  2.  

  3. #2
    Senior Member nsr81's Avatar
    Join Date
    Oct 2002
    Posts
    1,132
    Member #
    250
    Liked
    15 times
    I am not sure about the reason you want to use file( ) for getting file sizes, since file() reads the contents of a file into an array. Wouldn't the filesize( ) be better to use?

    Anyway, one reason I can think of for file sizes being zero would be due to your function not seeing the file correctly, if the script is run under /members/dir/ it will see a file there, but when it is run in /members/ it won't see the file there, rather the files would be in dir/. Come to think of it, you should get an error if the file doesn't exist.

    Passing the variables between files can be done using cookies, sessions or in URLs as you have it. The simplest thing you can do is to base64 encode your query string.
    PHP Code:
    $sql=base64_encode("43|username|password"); 
    Then in your subsequent scripts, decode it and explode at "|". This is the simplest method, which by no means is fool proof. You could also use sessions or cookies to store these info.
    There and Back Again :Ogre:

  4. #3
    Junior Member Hobgoblin's Avatar
    Join Date
    Sep 2003
    Location
    San Diego, CA
    Posts
    12
    Member #
    3248
    I do use filesize();

    The script doesnt need to be in any particular directory to see the files - the query string variable pulls the directory from the database:

    PHP Code:
    $pieces explode("|""$sql");
    $user $pieces[2];
    $pass $pieces[1];
    $product $pieces[0];

    $connection mysql_connect("$dbhost","$dbuser","$dbpass");
    $db mysql_select_db("whatever"$connection);
    $quer "SELECT * FROM prod WHERE product_id = '$product'";
    $querResult mysql_query($quer,$connection);

    while (
    $row mysql_fetch_array($querResult1)) 
      {
      
    $dir $row["directory"];
      
    $title $row["title"];
      
    $sku $row["sku"];
      } 
    The directory is in the database, so no matter where this script is run, it will read the directory matching the product_id if one exists. The problem is, it won't read the filesize unless the script itself is executed within the protected directory - its reads the filenames, but it won't read the size.

    I've tried removing the .htaccess file from one of the directories, and the script still doesn't work... so does the filesize() fucntion only work within the directory the script is in?
    Michael Willey
    Southland Digital Web Design & Photography
    http://www.sldigi.com/

  5. #4
    Senior Member nsr81's Avatar
    Join Date
    Oct 2002
    Posts
    1,132
    Member #
    250
    Liked
    15 times
    can you post one or two sample directory entries from your database?
    There and Back Again :Ogre:

  6. #5
    Junior Member Hobgoblin's Avatar
    Join Date
    Sep 2003
    Location
    San Diego, CA
    Posts
    12
    Member #
    3248
    they're in there as:

    /members/x01/index.html

    $dir = row["directory"];

    The index.html file exists, and it's what is currently used, but I am trying to make a dynamic file that will read all directories based on the customer subscription. I use substr() to clear out the index.html from that entry, and leave just the directory. This leaves the directory as /members/x01/

    Here is the block of script:

    $dirName = substr($dir, 1, -13);
    $path = "/home/virtual/var/www/html";
    $current_dir = "$path$dirName";


    The goal here is to not have to put an index.php file in each and every protected directory, and thus having to edit all the entreis in the database - I find that sloppy, and this method I'm trying to do is transparent to the function of the website.
    Michael Willey
    Southland Digital Web Design & Photography
    http://www.sldigi.com/


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 04:49 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com