Jump to content

spiderwell

Members
  • Posts

    1,008
  • Joined

  • Last visited

Posts posted by spiderwell

  1. hi all,

     

    i have researched this, and tried many variations to get this to work but it just doesnt seem to like it. I hopeing there is someone here who can fix this for me.

    I am writing my own mvc system, more as an exercise than anything . i use rewrite to pass everything through the same file. that was all working fine.

    <IfModule mod_rewrite.c>
    RewriteEngine On
    
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    
    RewriteRule ^(.*)$ index.php?url=$1 [PT,L]
    
    </IfModule>
    

     

    i wanted to add a rewrite for admin calls to go via a specific directory getting re written to a file called admin.php.

     

    so to try and put in layman terms any call starts with www.mysite.com/a/ goes to www.mysite.com/admin.php

    and anything else is covered by the original rewrite rule.

     

    i tried this but it only seems to break it

    <IfModule mod_rewrite.c>
    RewriteEngine On
    
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    
    RewriteRule ^(a/.*) admin.php?url=$1 [PT,L]
    RewriteRule ^(.*)$ index.php?url=$1 [PT,L]
    
    </IfModule>
    

     

    i spent ages on this and i know some genius out there can crack it for me in 5 mins!

     

    thanks and HNE!

  2. Not for web developers.

    i thought the same when i saw the title, then i starting thinking of making an web app with drag and drop elements from the periodic table to create compounds, to what end i wasn't sure

  3. Hi all

     

    I am really gonig mad trying this out, I have a folder which file uploads are in, and only want them to be downloadable via access from one php file, which also resides in the same folder. its a basic php forcedownload script. I dnot want the files to be able to be accessed by typing them into the browser (i have already hidden the file names, and added checks for logged users).

    My efforts have seem to be all or nothing, i.e cant access anything in the folder or you can anything.

     

    i had this in the top of the htaccess:

    # disable directory browsing

    Options All -Indexes

     

    which wouldnt let me access the php script that downloads the files (the php download script is called by updating the src of an iframe via ajax, I am using an iframe hidden to trigger the force download)

     

    if i delete the htacess it works fine but then no security.

     

    I tried adding this to the htaccess and it didnt work either:

     

     

    AuthUserFile /dev/null

    AuthGroupFile /dev/null

     

    RewriteEngine On

     

    RewriteCond %{HTTP_REFERER} !^http://www.ethickink.co.uk/geoline/.* [NC]

    RewriteCond %{HTTP_REFERER} !^http://ethickink.co.uk/geoline/.* [NC]

     

    RewriteRule /* http://www.ethickink.co.uk/geoline/pages/index.html [R,L]

     

     

    I really am not understanding htaccess very well  :'(

     

    any help would be much appreciated

  4. Hi guys

     

    This one has been trouble for me for a qhile now, and I have tried various methods and none seem to work on pdf downloads, the file downloads only 1 byte or there abouts. All other files download ok , just PDFs seem not to.

    here is my code, the $filecontrol->insertFileDownload() are  just database logs being inserted

     

     

    <?php
    ob_start();
    session_start();
    include("../classes/files.php");
    $filecontrol = new FileControl();
    $var_fileid = $_GET['fileid'];
    $userid = (isset($_SESSION['userid'])) ? $_SESSION['userid'] : 0;
    if ($userid == 0) die('you are not logged in');
    if ($filecontrol->isFilePublic($var_fileid))
    {
    $file = "../filedump/" . $filecontrol->getFileName($var_fileid);
    $filecontrol->insertFileDownload($var_fileid,$userid,true);
    
    }
    else
    {
    if ($filecontrol->doesUserHaveRights($var_fileid))
    {
    	$file = "../filedump/" . $filecontrol->getFileName($var_fileid);
    	$filecontrol->insertFileDownload($var_fileid,$userid,true);
    
    }
    else
    {
    	$file = "../filedump/" . "norights.txt";
    	$filecontrol->insertFileDownload($var_fileid,$userid,false);
    }
    }
    $file_extension = strtolower(substr(strrchr($file,"."),1));
    switch( $file_extension )
    {
      case "pdf": $ctype="application/pdf"; break;
      case "exe": $ctype="application/octet-stream"; break;
      case "zip": $ctype="application/zip"; break;
      case "doc": $ctype="application/msword"; break;
      case "xls": $ctype="application/vnd.ms-excel"; break;
      case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
      case "gif": $ctype="image/gif"; break;
      case "png": $ctype="image/png"; break;
      case "jpeg":
      case "jpg": $ctype="image/jpg"; break;
      default: $ctype="application/force-download";
    }
    
    header("Pragma: public"); // required
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Cache-Control: private",false); // required for certain browsers 
    header("Content-Type: $ctype");
    header("Content-Disposition: attachment; filename=\"".basename($file)."\";" );
    header("Content-Transfer-Encoding: binary");
    header("Content-Length: ".filesize($file));
    readfile("$file");
    exit();
    
    

     

    thanks for reading

  5. the img.php, I would assume it takes the ID and cross refernces to a database to fetch the image either as a BLOB or just  filename, and then outputs the image directly.

     

    not sure why you would want to md5() it?, maybe i mis understood that part.

     

    you could md5 values in php and have them in the querystring, not sure why you would bother personally, unless I missed something?

     

    echo "<a href='$website/click.php?id=$id&user=" . md5($user) . "'>";

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.