[PHP] 404 Header Problems
I'm trying to issue a 404 header on one of my pages. But it does not redirect. I figured, with many function calls before it, that it might be outputting something to the screen before the header() command was issued. So, I tried issuing a 404 header from a new page, consisting of this code: ? header(HTTP/1.0 404 Not Found); exit(); ? or ? header(HTTP/1.0 404 Not Found); ? But neither of these work. Notice how there should also be no ouput to the screen before the header is closed. I've also tried: ? |header(Status: 404 Not Found); ? which gives the same results. The results are this: an output of htmlhead/head/html. I'm on a large shared server, and my guess is that when there is a bug with some code in php, the server chooses to ouput this instead of the actual error code(s). I've experienced this many times when I upload a page and there is a simple syntax error such as one semi-colon missing from a statment. This is probably so that the server doesn't get hacked. If I try to issue both commands, in either order, I get this: Not Found The requested URL /cgi-sys/php.cgi/testing_server/404_error.php was not found on this server. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request. Sowhat's going on here? Am I to conclude that the 404 header does not work, and that I should just use a Redirect: header() to my 404 page? Best Regards, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Extra byte added to PDF streaming file
Larry E. Ullman wrote: I've seen cases where extra buffer content gets added to the downloaded file. The problem was fixed by deleting any existing buffer before sending the file to the client. Not sure that will solve the problem but it's worth a shot. How does one delete an existing buffer? ob_end_flush();? ob_end_clean() I just figured this out myself, and after doing so, I checked my email. I suppose I could have saved my self some trouble... For future reference, you should normally reply to the entire PHP list, not just to the person replying to your message. That way you're not imposing upon a person trying to help and you're not waiting for that one person to respond. Yes, I was just about to post my answer to whole list. Thank you very much! Scott -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Extra byte added to PDF streaming file
I'm using this code to stream a PDF file:
$file = $_SERVER['DOCUMENT_ROOT'] . /file.pdf;
simple_streamfile($file);
function simple_streamfile($file)
{
$fp = fopen($file, 'rb');
// send the right headers
header(Content-Type: application/pdf);
header(Content-Length: . filesize($file));
// dump the file and stop the script
fpassthru($fp);
fclose($fp);
exit;
}
It appears as though some readers (such as adobe acrobat) can read this
file fine yet others (such as the program gv in *NIX) cannot read it.
The reason for this is that somehow a hex 0A is added before the inital
%PDF-1.2 which marks the start of the PDF file causing some readers to
not recognize it as a PDF file. Is there anything in this code which
could possibly (always) cause an extra byte (0A) to be added before the
real start of the file? And no, the file is not corrupted (I've
already tried that) - this only happens when it goes through this
script, and not loaded directly as example.com/file.pdf.
Scott
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Encrypting passwords from page to page -mcrypt question
I would like to go from page to page, submitting the password through a GET query string. Of course I wouldn't want to do this unencrypted. So is mcrypt the best option? When submitting the data, would I also need to sumit the IV as well as the encrypted data? Or am I completely off base with this one? Should I also base64_encode() this data when passing it? Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Odd Refresh Error
* Thus wrote Scott Taylor: Some people are complaining that when the visit one of my pages that the pages refeshes over and over again. One person said that it was only when he typed something in on one of the forms. How could an error like this be caused? Could this be a bug in a browser? More like a End User malfunction. Or that your form submision is causing an infinite redirect loop of some sort. Curt -- The infinite loop is what I thought at first too, but wouldn't this show up on all browsers and not just netscape 7.1? What does End User malfunction mean? That people don't know how to use their browsers/the internet? I wouldn't doubt that this is the case unless I didn't have so many people come to me with this - probably there have been at least 5-7 people who have reported this. Scott -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] odd refresh error
Some people are complaining that when the visit one of my pages that the pages refeshes over and over again. One person said that it was only when he typed something in on one of the forms. How could an error like this be caused? Could this be a bug in a browser? Scott -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] problem with downloading some pdf's
I've gotten this one report of having a problem downloading a PDF:
I have tried twice, both times its starts to download but stops about
half way or three-quarters the way complete. I get a error message that
the download was not completed. When I go to look at the message there
is just numbers. I have tried to download again but the numbers show
up and it won't let me try again.
This only happens for this person with one file - the rest of the files
work fine. I am streaming the file with this code:
// will return FALSE if the file is not found
// will not return anything if the file is found because the headers should
// have already been sent.
function streamfile($file)
{
if (file_exists($file))
{
$extension = strtolower(stristr($file, .));
if ($extension == .php || $extension == .html || $extension
== .htm || $extension == .shtml) {
include ($file);
}
else if ($extension == .txt)
{
?
html
body
pre
? include($file);?
/pre
/body
/html
?
}
else {
// a switch would be perfect here,
// but it just didn't work last time...it was always
// taking the 'default:' case
if ($extension == .doc){$type = application/msword;}
else if ($extension == .pdf){$type = application/pdf;}
else if ($extension == .exe){$type =
application/octet-stream;}
else if ($extension == .ppt){$type =
application/vnd.ms-powerpoint;}
else if ($extension == .xls){$type =
application/vnd.ms-excel;}
else if ($extension == .xml){$type = text/xml;}
else if ($extension == .zip){$type = application/zip;}
else if ($extension == .txt){$type = text/plain;}
else {
$type=application/octet-stream;
}
header(Content-Type: . $type);
header(Accept-Ranges: bytes);
header(Content-Length: .filesize($file));
header(Content-Disposition: attachment;
filename=.basename($file).;);
//readfile($file);
$fp = fopen($file, 'rb');
$buffer = fpassthru($fp);
fclose($fp);
exit();
}
return TRUE;
}
else
{
return FALSE;
}
}
Anyone have any ideas? It would be appreciated.
Scott
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: opening Adobe pdf's
Thus Curt Zirzow I wrote: header(Content-Type: . $type); header(Accept-Ranges: bytes); Becareful sending this header. The client can get confused and send special headers requesting a partial file, while also expecting different results than the whole file. Which header? The Accept-Ranges header? Should I just not include it? header(Content-Length: .filesize($file)); header(Content-Disposition: attachment; filename=.basename($file).;); //readfile($file); $fp = fopen($file, 'rb'); $buffer = fread($fp, filesize($file)); You'll be much better off if you use fpassthru here. This fread could kill you're machine's memory. Curt I switched my code to look like this: /*old code: fp = fopen($file, 'rb'); $buffer = fread($fp, filesize($file)); fclose($fp); print $buffer; exit(); */ $fp = fopen($file, 'rb'); $buffer = fpassthru($fp); fclose($fp); exit(); Yet in IE if I choose to 'open' the file instead of saving it, it asks me that question twice. I'm wondering if that will cause an error on an older version of i.e. or any other browser. On php.net, it gave this code: |// open the file in a binary mode $name = .\public\dev\img\ok.png; $fp = fopen($name, 'rb'); // send the right headers header(Content-Type: image/png); header(Content-Length: . filesize($name)); // dump the picture and stop the script fpassthru($fp); exit;| basically the same code, but without an fclose(); could this be doing it? Best Regards, and thank you so much for the help, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] opening Adobe pdf's
On my site I use these two blocks of code to open protected files. I
can open the files fine, and so can plenty of others. The problem is
that at least one person complained that they couldn't open the file.
This is what they had to say:
It opened Adobe, then an
Adobe Reader window opened that stated There was an error opening this
document. This file cannot be found.
So that must mean that the streamfile($file) function (see below) did not return false,
otherwise the message would have been file was not found. please send [EMAIL
PROTECTED]
Does someone know what's going on here? Since I am not experincing this problem first
handed, I really have no clue. Also, shouldn't this person get prompted if he wants
to save it or open it with Adobe Acrobat?
Best Regards,
Scott Taylor
?php
include(subscriber_functions.php);
session_name(miningstocks_subscribers);
session_set_cookie_params(TIMEOUT_SUBSCRIBERS);
session_start();
if (isset($_SESSION['email']))
{
$file = $_SERVER['DOCUMENT_ROOT'] . /subscribers/archive/ .
$_GET['file'];
if (streamfile($file) == FALSE)
{
include ($_SERVER['DOCUMENT_ROOT'] . /nonindex_header.shtml);
?
div id=headlineh1File not found/h1/div
div id=mainpThe File was not found. Please send a
href=mailto:[EMAIL PROTECTED][EMAIL PROTECTED]/a
an email with error code 1000 - file not found./p/div
?
include ($_SERVER['DOCUMENT_ROOT'] . /footer.shtml);
}
}
else
{
header(Location:
http://www.miningstocks.com/error_docs2/problem_browser.php;);
exit();
}
?
---
in subscriber_functions.php:
// will return FALSE if the file is not found
// will not return anything if the file is found because the headers should
// have already been sent.
function streamfile($file)
{
if (file_exists($file))
{
//find the extension. hopefully there are no directories with
periods in them!
$extension = stristr($_POST['file'], .);
$extension = strtolower($extension);
//now it streams the file
if ($extension == .php)
{
include($file);
}
else if ($extension == .html || $extension == .htm ||
$extension == .shtml)
{
include($file);
}
else
{
// a switch would be perfect here,
// but it just didn't work last time...it was always
// taking the 'default:' case
if ($extension == .doc){$type = application/msword;}
else if ($extension == .pdf){$type = application/pdf;}
else if ($extension == .exe){$type =
application/octet-stream;}
else if ($extension == .ppt){$type =
application/vnd.ms-powerpoint;}
else if ($extension == .xls){$type =
application/vnd.ms-excel;}
else if ($extension == .xml){$type = text/xml;}
else if ($extension == .zip){$type = application/zip;}
else if ($extension == .txt){$type = text/plain;}
else {
$type=application/octet-stream;
}
header(Content-Type: . $type);
header(Accept-Ranges: bytes);
header(Content-Length: .filesize($file));
header(Content-Disposition: attachment;
filename=.basename($file).;);
//readfile($file);
$fp = fopen($file, 'rb');
$buffer = fread($fp, filesize($file));
fclose($fp);
print $buffer;
exit();
}
}
else
{
return FALSE;
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sessions cookies
How exactly do sessions work? I've heard that if cookies are disabled that a session will then pass it's variables in the url (through GET). Yet when I manually disable cookies none of my pages work (because the $_SESSION variables do not seem to be working). Any ideas? Best Regards, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] virtual() include path problems
I've been trying to use virtual to include a .shtml file that is outside of my current directory (one level up). I've tried the following: a) virtual(../header.shtml); b) virtual($_SERVER['DOCUMENT_ROOT'] . /header.shtml); c) virtual(/usr/local/psa/home/vhosts/miningstocks.com/httpdocs/header.shtml/); b c should be equivalent, because $_SERVER['DOCUMENT_ROOT'] should be the same as /usr/local/psa/home/vhosts/miningstocks.com/httpdocs. With that in mind, both bc do not work at all. But a does work. Is virtual not supposed to use absolute paths? The documentation on php.net doesn't say either way, but for the include() fuction it says that it should work... Best Regards, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] odd acrobat reaction to streaming files
I have been using a php file to stream pdf (and various other sorts of
files)... Here's my code.
?php
if ($extension == .doc){$type = application/msword;}
else if ($extension == .pdf){$type = application/pdf;}
else if ($extension == .exe){$type =
application/octet-stream;}
else if ($extension == .ppt){$type =
application/vnd.ms-powerpoint;}
else if ($extension == .xls){$type =
application/vnd.ms-excel;}
else if ($extension == .xml){$type = text/xml;}
else if ($extension == .zip){$type = application/zip;}
else if ($extension == .txt){$type = text/plain;}
else {
$type=application/octet-stream;
}
header(Content-type: . $type);
header(Accept-Ranges: bytes);
header(Content-Length: .filesize($file));
readfile($file);
?
And so this worked perfectly well when I did something like this:
loadfile.php?file=name.pdf (where name.pdf is the file I am loading and
loadfile.php is the name of the script). But
loadfile.php?file=directory/name.pdf (when launching Adobe acrobat)
would give me the error 'File Does not begin with '%PDF' .
I was able to add this header line:
header(Content-Disposition: attachment;
filename=.basename($file).;);
which forced the user to be prompted if he wanted acrobat to be loaded
or to save the file. Both options worked flawlessly.
So why did it not work before I added this header line? Is it a flaw in
Adobe Acrobat?
Best Regards,
Scott Taylor
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] time delay function?
I am wondering if there is a time delay function, one that will cause the program to be inactive for a number of seconds (something like delay(10) ). I am doing this because I am setting up a mass mailing program (this is not spam), and I don't want to be targeted as spam. Best Regards, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: extra breaks in sent out emails
Thank you Ben. Using either str_replace(\n, , $string); or str_replace(\r, , $string); solves the problem. My guess is that when I submit the data there is both the \r and the \n in there (for there showed 2 white space characters in between the broken text lines). My guess is that the server converts all \r's into \n's, and for this reason when a piece of mail goes out it has two breaks instead of one. Best Regards, and thank you for the help, Scott Taylor Ben Ramsey wrote: Scott Taylor wrote: What I really don't understand is why there are any line breaks at all, because the trim is supposed to take out all \r \n 's. Is there another type of line break? trim() actually only strips whitespace (including \r and \n) from the beginning and ending of strings. See http://www.php.net/trim for more information. If you want to completely remove line breaks from your string, use str_replace() to do something like: str_replace(\n, , $string); and str_replace(\r, , $string); See http://www.php.net/str-replace Finally, have you tried echoing $body just before the message is sent so that you can see exactly what is being sent to the mail() function? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] extra breaks in sent out emails
I am entering some text into a webpage, then using $_POST on the next page to recieve it. It then should email the $_POST to an email address. The problem that I am encountering is that I am getting an extra line break on every line. If I enter a b into the textarea (which is the variable through POST) and do a character count it only shows 3 - the a, the \n, the b. Yet in the email address it comes out as: a b Why is this? BTW: I am on a windows computer but the server is a unix server. Best Regards, Scott -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: extra breaks in sent out emails
on Page One form action=pagetwo.php method=post textarea cols=100 rows=40 name=email_body a b /textareabrbr /form On Page Two: $to = $row['email_address']; $body = stripslashes(trim($_POST['email_body'])); mail($to, $subject, $body, $headers); What I really don't understand is why there are any line breaks at all, because the trim is supposed to take out all \r \n 's. Is there another type of line break? Best Regards, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] path problems
Yes, the error I get is a pop-up box saying This is not a valid %PDF file Here is my code: $file_two = 'archive/newsletters/Dec03PostPress.pdf'; //now view the PDF file header(Content-Type: application/pdf); header(Accept-Ranges: bytes); header(Content-Length: .filesize($file_two)); readfile($file_two); Now I would think that I wasn't using the correct headers or that the file didn't exist or something of that nature, but since I get no error with the full url, I have more or less figured it was problem with loading a file from the local file system instead of the file itself being corrupt, etc. Thanks for the help, Scott Taylor - Edwin - wrote: On Tue, 27 Jan 2004 20:22:46 -0500 Scott Taylor [EMAIL PROTECTED] wrote: I understand all of the file size ones. What I really don't understand is why neither of the following examples work: /* example 1 */ /* where $_SERVER['DOCUMENT_ROOT'] = /usr/local/psa/home/vhosts/domain.com/httpdocs */$file = $_SERVER['DOCUMENT_ROOT'] . '/archive/newsletters/Dec03.pdf'; readfile($file); /* example 2 */ $file = 'archive/newsletters/Dec03.pdf'; readfile($file); How does it not work? Errors, anything? -- - E - __ Do You Yahoo!? Yahoo! BB is Broadband by Yahoo! http://bb.yahoo.co.jp/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] path problems
Stuart wrote: Scott Taylor wrote: $file_two = 'archive/newsletters/Dec03PostPress.pdf'; Try replacing this line with... $file_two = $_SERVER['DOCUMENT_ROOT'].'/archive/newsletters/Dec03PostPress.pdf'; As my first posts states, I've tried that. And no, that doesn't work either. And on another note: the exact error is File does not begin with '%PDF-' I believe this would be the same error you would obtain if your tried opening a non-pdf file in adobe acrobat. Best Regards, Scott -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] path problems
I have the following file: http://domain.com/archive/newsletters/Dec03.pdf
For some reason this works: filesize('archive/newsletters/Dec03.pdf');
but this does not: filesize('/archive/newsletters/Dec03.pdf');
nor does this filesize('http://domain.com/archive/newsletters/Dec03.pdf');
For some reason this works:
readfile('http://domain.com/archive/newsletters/Dec03.pdf');
but this does not: readfile('/archive/newsletters/Dec03.pdf');
nor does this: readfile('archive/newsletters/Dec03.pdf');
Can someone explain this to me?
Thanks for all the help,
Scott Taylor
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] path problems
I understand all of the file size ones. What I really don't understand
is why neither of the following examples work:
/* example 1 */
/* where $_SERVER['DOCUMENT_ROOT'] = /usr/local/psa/home/vhosts/domain.com/httpdocs */
$file = $_SERVER['DOCUMENT_ROOT'] . '/archive/newsletters/Dec03.pdf';
readfile($file);
/* example 2 */
$file = 'archive/newsletters/Dec03.pdf';
readfile($file);
Thanks for the help so far,
Best Regards,
Scott
-Original Message-
From: Scott Taylor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 27, 2004 12:34 PM
To: [EMAIL PROTECTED]
Subject: [PHP] path problems
I have the following file:
http://domain.com/archive/newsletters/Dec03.pdf
For some reason this works: filesize('archive/newsletters/Dec03.pdf');
but this does not: filesize('/archive/newsletters/Dec03.pdf');
nor does this
filesize('http://domain.com/archive/newsletters/Dec03.pdf');
For some reason this works:
readfile('http://domain.com/archive/newsletters/Dec03.pdf');
but this does not: readfile('/archive/newsletters/Dec03.pdf');
nor does this: readfile('archive/newsletters/Dec03.pdf');
Can someone explain this to me?
Thanks for all the help,
Scott Taylor
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] authentication problems!
Do you mean using $file = '/protected/file.pdf'; or using an absolute path on the server? Best Regards, Scott Subject: Re: [PHP] authentication problems! From: Luke [EMAIL PROTECTED] Date: Wed, 21 Jan 2004 14:24:11 +1100 To: [EMAIL PROTECTED] Yeah, i think i mentioned the same thing(or was going to :/ ) you should be able to use the local filesystem, and reffer to it relatively! and then you can stream it and you wont need any authentication, and noone will be able to directly link to the file -- Luke Jason Wong [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Wednesday 21 January 2004 05:49, Scott Taylor wrote: Please trim your posts! Of course there is not problem if the user is entering the information him or her self. But just using this code: $file = 'http://miningstocks.com/protected/Dec03PostPress.pdf'; //now view the PDF file header(Content-Type: application/pdf); header(Accept-Ranges: bytes); header(Content-Length: .filesize($file)); readfile($file); from a PHP page where no authentication has occured does not work at all. Did you not read my reply to your previous thread about this? Use a local filesystem path to read the file. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* A dirty mind is a joy forever. -- Randy Kunkee */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] authentication problems!
I am about at my wits end trying to find a good solution to this problem. I've asked various portions of this question to this mail list and still have not found exactly what it is I am looking for, but here it goes. I'm looking for a way to protect my files (this would be pdf files, image files, etc...other things then text/php files) so that for someone to see a current file they will have to enter in their email address and name. Seems fairly simple, and yet I can not figure out how to do it. I've been told of the following alternatives: Protect the files with HTTP auth (basic, or use SSL if very paranoid), then, after entering the info into a database: 1. just link to http://username:[EMAIL PROTECTED]/protect/file.pdf (either directly using html, or use headers). The problem: if using HTML, the username password is easily seen. If using headers, this does not work (it is not seen as a PDF file) - my best guess is that the auth headers get passed along and so it does not work. Of course, I can load a PDF using headers if the file is not in a protected directory without any problems at all. But then again it wouldn't be protected to begin with. 1.b. It was later suggested that I could link to http://username:[EMAIL PROTECTED]/protect/file.pdf and use an apache rewrite statement to change every protected file to exclude the username password. But I've posted to an apache group and they have said that this CAN NOT be done. 2. link to something outside of my httpdocs directory. Unfortunately, I am on a shared server and do not have a private folder (or at least my _private directory which is contained with httpdocs will not work - I get the same problem that I do with authentication - it does not recognize the file as a PDF at all). 3. use a prebuilt class (such as snoopy or Emanuel Lemos). This looks as though it is the only option available to me at this time, but It doesn't look as though it as a good one as it will add a lot of code to something that seems as though it should be VERY simple, and it means that I will have to go through the documentation to use this. If anyone has any ideas it will be much appreciated. Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] authentication problems!
by using HTML I meant, typing the address in to the broswer as http://username:[EMAIL PROTECTED]/protected/file.pdf or as using the HTML: a href=http://username:[EMAIL PROTECTED]/protected/file.pdfLink.../a or using the header: header(Location: http://username:[EMAIL PROTECTED]/protected/file.pdf); also, there is no problem retrieving a pdf after passing http basic authentication (I just double checked this on a client's site and was appropriately prompted with a pdf handling dialog box after I authenticated). Of course there is not problem if the user is entering the information him or her self. But just using this code: $file = 'http://miningstocks.com/protected/Dec03PostPress.pdf'; //now view the PDF file header(Content-Type: application/pdf); header(Accept-Ranges: bytes); header(Content-Length: .filesize($file)); readfile($file); from a PHP page where no authentication has occured does not work at all. Let me say, if this is not clear, that I do not want unique usernames and passwords for users. I want one username and password that WILL NEVER BE SEEN by the user. The way that I had planned was to keep ONE username and password which would allow access to all the files in a MySql database. After the user entered his name and email address, the username and password would be fetched off the database, and then authentication would occur with this username and password and the user would be served the file. The authentication would be completely transparent to the user. But the different ways to authenticate transparent to the user either do not work or reveal the username and password (making it pointless to even protect the files in the first place). Best Regards, Scott Taylor [EMAIL PROTECTED] wrote: there are a couple of different ways to do this. the http basic approach will work just fine. with http basic the id/pw are passed in the headers in an encoded string, so i'm not certain about your: if using HTML, the username password is easily seen statement. also, there is no problem retrieving a pdf after passing http basic authentication (I just double checked this on a client's site and was appropriately prompted with a pdf handling dialog box after I authenticated). now, http basic assumes that the id/pw are in a file/database/etc. the password is generally encrypted (des or md5) but can be in clear text. so, for this to work, you'd probably need some type of registration page that will store the id/pw info that the apache server will query against. [i strongly recommend using a database, not a file, due to file locking issues.] other approaches to this general issue include a URL mapping scheme. e.g., the public URL would drive the user through a one-time email/name collection process. when the user passes that they are served the document from the actual storage location. they can be done in a way that the true document URL is never shown. obviously you'd have to do this in a way that would give the fake URL as a .pdf so that the client will handle things correctly. -- Original Message -- From: Scott Taylor [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Tuesday, January 20, 2004 03:17:21 PM -0500 Subject: [PHP] authentication problems! I am about at my wits end trying to find a good solution to this problem. I've asked various portions of this question to this mail list and still have not found exactly what it is I am looking for, but here it goes. I'm looking for a way to protect my files (this would be pdf files, image files, etc...other things then text/php files) so that for someone to see a current file they will have to enter in their email address and name. Seems fairly simple, and yet I can not figure out how to do it. I've been told of the following alternatives: Protect the files with HTTP auth (basic, or use SSL if very paranoid), then, after entering the info into a database: 1. just link to http://username:[EMAIL PROTECTED]/protect/file.pdf (either directly using html, or use headers). The problem: if using HTML, the username password is easily seen. If using headers, this does not work (it is not seen as a PDF file) - my best guess is that the auth headers get passed along and so it does not work. Of course, I can load a PDF using headers if the file is not in a protected directory without any problems at all. But then again it wouldn't be protected to begin with. 1.b. It was later suggested that I could link to http://username:[EMAIL PROTECTED]/protect/file.pdf and use an apache rewrite statement to change every protected file to exclude the username password. But I've posted to an apache group and they have said that this CAN NOT be done. 2. link to something outside of my httpdocs directory. Unfortunately, I am on a shared server and do not have a private folder (or at least my _private directory which is contained
Re: [PHP] Re: alternative to protecting files through http auth.
Subject: Re: [PHP] Re: alternative to protecting files through http auth. From: Jason Wong [EMAIL PROTECTED] Date: Sat, 17 Jan 2004 05:08:29 +0800 To: [EMAIL PROTECTED] On Saturday 17 January 2004 04:03, Scott Taylor wrote: Alternately, if you aren't able to create directories or access files outside the DocumentRoot for your site, you can create an unbrowsable storage directory protected with a .htaccess file. If the filesystem permissions are correct, your PHP script will be able to read content from that directory, because PHP code isn't subject to .htaccess rules. It actually does not work. Could you explain what, exactly, does not work? I am trying to load a PDF file. I've tried to load it from a protected directory loading it with headers, but this fails if the protection is on. Does this make sense to you? The above outlines a scheme which is workable. Could you describe the steps you took to implement said scheme which lead you to the conclusion that It actually does not work ? Yes, sorry. Here is the code: $file = 'http://miningstocks.com/protected/archive/Dec03PostPress.pdf'; //now view the PDF file header(Content-Type: application/pdf); header(Accept-Ranges: bytes); header(Content-Length: .filesize($file)); readfile($file); I can send the rest if necessary. You can see the results yourself of this: http://miningstocks.com/enteremail.php (just enter [EMAIL PROTECTED] for an email address). Yet, when I have changed the $file to hold a path that is not protected through http auth. it works perfectly fine and loads the file. Best Regards, Scott -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: alternative to protecting files through http auth.
Paul Chvostek wrote: On Wed, Jan 14, 2004 at 04:17:06PM -0500, Scott Taylor wrote: Is there no other way to protect your (non PHP) files than through authentication? I've been trying to set up a system that will protect files. Those trying to access the files would only be able to do so after entering their email address. So I set up a form that submits the email to my database. But then the problem is: how to access the files? Put the files in a directory somewhere outside the DocumentRoot of the web site in which the PHP code lives. Have the PHP code do whatever authentication you want (even if it's just collecting an email address), and upon success, use file() or readfile() or include() or file_get_contents() or equivalent to pull the file contents from their location on the server. Alternately, if you aren't able to create directories or access files outside the DocumentRoot for your site, you can create an unbrowsable storage directory protected with a .htaccess file. If the filesystem permissions are correct, your PHP script will be able to read content from that directory, because PHP code isn't subject to .htaccess rules. It actually does not work. I am trying to load a PDF file. I've tried to load it from a protected directory loading it with headers, but this fails if the protection is on. Does this make sense to you? Unfortunately, I do not have access to the .htaccess file (I am on a shared server where I am not the administrator) and I can not store documents outside of my http document directory. Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] simple mod_rewrite question
What is the simplist way to do change http://username:[EMAIL PROTECTED]/protected/archive/$file to http://miningstocks.com/protected/archive/$file where $file is a variable (indicating any file in that directory or any subdirectory)? Best Regards and thank you for all the help, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] alternative to protecting files through http auth.
Is there no other way to protect your (non PHP) files than through authentication? I've been trying to set up a system that will protect files. Those trying to access the files would only be able to do so after entering their email address. So I set up a form that submits the email to my database. But then the problem is: how to access the files? I could just use http://username:password/test.com/test.jpg method, but then what would be the point of trying to protect the files in the first place? It would simply be the same as with holding the link to begin with. So is there an alternative to using http basic authentication to protect files? Or is there a simple way to authenticate the pages themselves without using something like Manuel Lemos' PHP HTTP class? Best Regards, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: alternative to protecting files through http auth.
Paul Chvostek wrote: On Wed, Jan 14, 2004 at 04:17:06PM -0500, Scott Taylor wrote: Is there no other way to protect your (non PHP) files than through authentication? I've been trying to set up a system that will protect files. Those trying to access the files would only be able to do so after entering their email address. So I set up a form that submits the email to my database. But then the problem is: how to access the files? Put the files in a directory somewhere outside the DocumentRoot of the web site in which the PHP code lives. Have the PHP code do whatever authentication you want (even if it's just collecting an email address), and upon success, use file() or readfile() or include() or file_get_contents() or equivalent to pull the file contents from their location on the server. Alternately, if you aren't able to create directories or access files outside the DocumentRoot for your site, you can create an unbrowsable storage directory protected with a .htaccess file. If the filesystem permissions are correct, your PHP script will be able to read content from that directory, because PHP code isn't subject to .htaccess rules. Thank you very much. That is exactly what I was looking for. Best Regards, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] view outputed headers?
What is the easiest way to view the headers that a PHP page has put out? I've seen the |var_dump(headers_list()); on php.net but this always gives me an error (such as: | bFatal error/b: Call to undefined function: headers_list() in /usr/local/psa/home/vhosts/a.com/httpdocs/my/page.php/b on line b79/bbr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] http authentication through PHP
What is the easiest way to access a page that is protected by HTTP basic authentication through PHP? In other words, I have a PHP page that will get the username and password off a database and will then login through HTTP authentication to access a second page (say an HTML page). Best regards, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] newbie question about header()
I am simply trying to redirect users from one page to another. Yet when
I use this code I get the following error:
*Warning*: Cannot add header information - headers already sent by
(output started at
/usr/local/psa/home/vhosts/miningstocks.com/httpdocs/etc/php/login/admin/test.php:8)
in
*/usr/local/psa/home/vhosts/miningstocks.com/httpdocs/etc/php/login/admin/test.php*
on line *9*
*
*
html
head
/head
body
?php
header('Location: http://www.slashdot.org/'); /* Redirect browser */
/* Make sure that code below does not get executed when we redirect. */
exit;
?
/body
/html
I know the workaround with the meta tag (meta http-equiv=REFRESH
content=0; URL=http://www.slashdot.org/;, but I just don't understand
what I am doing wrong here. I'm sure someone here knows
Thank you in advance,
Scott Taylor
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
