[File downloading not working]

Tried that, same problem - however I just tried using the fopen and nothing else - and it takes more than 30 seconds... I believe the problem is here.

[File downloading not working]

Thats actually not the problem... It doesn't download to myself, only to the server- I have absolutely no interaction with the file - and besides, I download larger files through another script without any problems.

And its definitely not a server download speed problem, since its downloading from a site hosted on the same server.

[File downloading not working]

Thats an option, however theres a serious reason why my server (Which is dual core) won't download a 300kB file and I'd like to find out what it is, then fix it properly instead of hacking it.

 

I just increased the length in fread to 65536 and it didn't change anything.

[File downloading not working]

For some odd reason, my script that worked on my previous server does not work on my new server - both are FreeBSD, both use the latest version of PHP... The only difference is, the new one is cPanel.

Anyways, needless to say I'm completely stumped and am hoping someone here can help me figure out why my code has stopped working:

	$handle = fopen("http://www.filesite.com/file.jpg", "rb"); //Changed URL
	$file_contents = '';
	while (!feof($handle)) {
	  $file_contents .= fread($handle, 8192);
	}
	fclose($handle);
	$handle = "";
	if (!$handle = fopen($filename, 'w')) {
		 exit;
	}
	if (fwrite($handle, $file_contents) === FALSE) {
		exit;
	}

	fclose($handle);

$Filename is defined above that, and that part works, as it saves the following to the file:

<br />

<b>Fatal error</b>:  Maximum execution time of 30 seconds exceeded in <b>/download.php</b> on line <b>51</b><br />

 

Line 51: $file_contents .= fread($handle, 8192);

 

 

The file its trying to download is 334kB, so that may be part of it, seeing as a 18kB test file worked.

[PHP-cgi breaks my mod_rewrite]

On the advice of a few people on another forum, I had my sysadmin install SuPHP - so that my upload script would work properly, however now my mod_rewrite is broken.

 

You can view the problem here: http://www.eyesoute.com/gallery/view-29

 

It is supposed to show the item with id 29, as you can see. However it shows the gallery index (As if /gallery/ was typed in without the view-29)

 

The .htaccess file:

#.htaccess


RewriteEngine On
#This will force trailing slashes
   RewriteCond %{SCRIPT_FILENAME} -f [OR]
   RewriteCond %{SCRIPT_FILENAME} -d
   RewriteRule .* - [L]

#RewriteCond %{REQUEST_URI} !^*(css|png|jpe?g|gif)



RewriteRule ^(.+)/(.+)/?$         $1.php?args=$2  [QSA,L]
RewriteRule ^(.+)$  $1.php [QSA,L,NC]

 

My very framework relies on the .htaccess working this way... I can turn it off, however I would really rather not - so if you have any idea how I can fix this, please do tell.

 

 

And on a related note, is it possible to run PHP under a user and not use cgi_php?

 

Would also like to note that my Mediawiki wiki is now completely broken, and refuses to load - as it relies on similar rewrite rules.

[[SOLVED] Uploaded files are owned by apache user, and still chmod 600]

Seeing as I have had this problem for over a week, I decided to post it on multiple forums. It was answered on another forum.

 

(Suphp, and suexec were not installed)

[[SOLVED] Uploaded files are owned by apache user, and still chmod 600]

I've recently moved to a new server in which I don't have root, so bare with me.

 

For some reason when I upload a file with 'move_uploaded_file($tmpName,$new_filename)', it seems to work fine - but when I check it, try to download it (http or ftp), or change the permission - I can't, because its set to 600 for some odd reason, and owned by the user Apache is setup on.

 

Any ideas what is causing this, and how I can fix it?

[My custom CMS]

Thanks for pointing that out... I don't really have that much experience with XSS, but I suppose a simple regex could fix that.

[Force cache image]

Yes I want the user to be forced to cache the image... I'm sucking up a lot of bandwidth by having it non-cacheable, and I realize my code is setup this way... However I can't just take these lines out as a lot of browsers don't cache dynamic images unless they're specifically told to... I want to know how to tell a browser to cache it regardless of the settings.

[Force cache image]

Oh come on

[Force cache image]

Bump

[Force cache image]

Bump

[Force cache image]

Anyone?

[New company/portal site]

Thanks for the input, however what do you mean by a selection of images?

And image verification is to prevent bots... I've had a lot of them on my forums lately and am tired of dealing with their spam.

[Force cache image]

Anyone?

[Force cache image]

I'm curious as to the best way to force users to cache images that are downloaded with readfile? Currently I'm using:

 

		header("Pragma: public");
		header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
		header("Cache-Control: private",false);
		header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
		header("Content-Transfer-Encoding: binary");
		header("Content-length: ".filesize($filethumb));
		//header("Content-type: $file[mime]");
		header("Content-Disposition: attachment; filename=$file[name]");
		set_time_limit(0);

		@readfile($filethumb);

 

To make sure they don't cache it... However I don't need this for thumbnails or downloading of files (The files will never change, as they can't be changed... You have to reupload a new ID inorder to change a file)

[New company/portal site]

I need reviews on the design on various elements of my site...

Here it is: http://www.eyesoute.com/

 

I would like reviews on every aspect... The design on every single page you're willing to look at (I am as far from a designer as you can get, and I did most of the content design... The core design was done by my web designer)

[My custom CMS]

I have spent the past month and a half writing well over 15,000 lines of code to get my new site up and running... And, well - I need reviews.

 

Here it is: http://www.eyesoute.com/

 

I would like reviews on every aspect... The functionality, what you think it's missing, what's broken, and so on.

[Slashes disappear after adding/getting something from mysql]

So in otherwords mysql doesn't take \' as a literal string but rather as an escaped string, and I need to add an EXTRA layer of addslashes()?...

How exactly am I going to do this... ? I can't addslashes() to a serialized string, since it'll mess with the formatting... And I can't just addslashes() to the array entries, and str_replace() wouldn't account for everything....

 

Is there some function in php that already handles this kind of stuff for serialization + mysql?

[Slashes disappear after adding/getting something from mysql]

For some reason my slashes seem to disappear from my serialized array upon adding it into the database... According to the string count, its 133 characters long when I add it into the db, but when I take it out - its 128 characters long... And considering theres 5 's, and the slashes that were previously added prior to committing to the database, I'd say these slashes have been automatically taken out when I try to get the data...

 

So whats going on here? WHY are my slashes that I add with mysql_real_escape_string() being removed automatically? And how do I stop it... Because unless the array count is exact, you can't unserialize an array

[serialize()/unserialize() not working with strings that have ']

Well... I've figured out that its not my $_POST parsing code, but rather serialization...

 

I looked into it more and its not the $_POST portion, its the serialization portion... It doesn't see slashes when it tries to serialize, possibly because of magical_quotes.... I can clearly see the slashes when I print, but when I serialize it, it doesn't save them... It just counts them when it serializes, so the count is always 1 higher for every escapable character, then the actual value.

 

So basically... A string like:

I'm annoyed

 

Would be counted as 12 instead of 11, since theres a '... Serialize's count sees ' as \', but saves it as '

 

So... Er, how do I fix this?

[serialize()/unserialize() not working with strings that have ']

I can't seem to unserialize an array I had previously serialized, that had 's in it... It doesn't do anything, just makes the variable I assign it to blank....

The string:

a:6:{s:4:"name";s:14:"asd'f'asdf'";s:5:"alias";s:14:"'asdf'asdf'";s:5:"hours";s:14:"'asdf'asdf'";s:10:"experience";s:12:"as'dfas'df";s:8:"why_hire";s:14:"'asdf'asdf'";s:9:"positions";a:1:{i:0;s:1:"3";}}

 

I've tried walking through the array prior to serialization, but that doesn't help...

[[SOLVED] 'exactract()'ing functions, classes, etc. into a template system]

Well I ditched my idea to load, store, and eval() templates from files as it has some [b]serious[/b] security issues, and decided to go with a much simpler approach:
[code]
class template {
public $theme = "default";
public $theme_dir = "themes/";
private $templates = array();
private $vars = array();
private $errors = array();
private $cwd = "";


function template() {
$this->cwd = getcwd();
}

function assign($var_name, $var_value) {
if (!get_magic_quotes_gpc()) {
$var_value = addslashes(&$var_value);
}
$var_value = str_replace(";","",$var_value);
$var_value = preg_replace("/[^A-Za-z0-9_-]\n\t\r/","",$var_value);
$this->vars[$var_name] = $var_value;
}

function display($file) {
//chdir("../".$this->theme_dir);
//Takes about 20 milliseconds to chdir
$filename = $this->theme_dir.$this->theme."/".$file.".tpl.php"; //Add "../". to test locally
extract($this->vars);
ob_start();
include($filename);
$contents = ob_get_contents();
ob_end_clean();
print $contents;
return 1;
}
}
[/code]

However, I'm having some troubles... How can I access functions from this class inside my templates? I obviously can't extract() the class itself seeing as its not an array... And I can't exactly use $this-> or $template, seeing as ... Well, I honestly have no idea why I can't do this.

So whats a solution? What about accessing other classes? What about accessing [b]just[/b] a function, completely outside of a class?

[Sanitizing eval() correctly]

I'm currently working on a template engine, and I need to know what needs to be escape before a string is considered safe for eval... Right now I'm placing anything that will be executed into a print, in quotes... And before that, I use addslashes()... And [b]just[/b] in case, I remove any ;'s when a variable is added into the variable array...

Is this enough? Or do I need more. The variables the templates will have access to may contain user editable content.

All this aside, I'm not sure if I even need sanitation, as I'm just reading a template, replacing any {$variable}'s with $template->vars[variable]... Could this be at all exploited?

[mysql_real_escape_string breaking \n]

Since the moderators found it necassary to delete my new thread, and I am unable to edit this thread... I need someone to edit the title and content to reflect this new problem that has surfaced....

Title: Need to fix Mysql_real_escape_string's \n to work with nl2br
Content:
I am having a bit of a problem with mysql_real_escap_string, it seems it converts \n and the like to special mysql safe strings that php doesn't read correctly, and I need to figure out how to convert these back to something PHP understands so nl2br isn't broken.

[quote]
Note that mysql_real_escape_string doesn't prepend backslashes to \x00, \n, \r, and and \x1a as mentionned in the documentation, but actually replaces the character with a MySQL acceptable representation for queries (e.g. \n is replaced with the '\n' litteral). (\, ', and " are escaped as documented) This doesn't change how you should use this function, but I think it's good to know.
[/quote]