
JenniferLawrence
Members-
Posts
24 -
Joined
-
Last visited
Everything posted by JenniferLawrence
-
Problem with my secure login system.
JenniferLawrence replied to DrewBurston's topic in PHP Coding Help
Well, the first mistake I look for in people's code is if they use isset($_POST['']); to check for form submission. I don't get why people think this is actually secure. If you don't actually have that specific HTML element in your code base, your "isset($_POST['']);" will fail despite how secure your actual code base is. If someone is smart enough, they can actually test to see how horribly put together your code is by just entering random junk data using your website. It's kind of like a beta tester for games, they test to see what works and what doesn't, what breaks and what doesn't. If you don't have volunteer debuggers or have any knowledge in the PHP programming, it is recommended that you should search what is the best practice before actually copy&paste codes off the internet and seenig if they work or not. I know that I may sound pretty rude, but I see this stuff so much times, I feel like all these new PHP users aren't actually looking at the codes they copy&paste. The second thing I see a lot in people's PHP codes is stripping or escaping the user's password. I can't........ I just can't....... If you modify someone's password, you limit the possiblity of how secure it actually is. If I came across a website that didn't let me choose special characters as my passwords, I would probably delete my account on there and write a review on how bad their code base is. Let's say your user inputs Php/freak+sistheb,est!@#$^*~(~`\ Your whole "escape_string($_POST['password'])" fails entirly. It will turn a secure as booty password such as the above to something like this. Phpfreaksisthebest How secure is this? If you haven't heard of the rainbow table, you should really look into it. It will make you want to change your way of importing and exporting data. You should also look into brute force. Save upi some time on how secure someone's password really is. Someone once said to me. And I wonder why SQL Injections exists. -
Extract .zip file from other server to current server
JenniferLawrence replied to JenniferLawrence's topic in PHP Coding Help
Thanks for all your help. It worked. Part of it wasn't actually the downloading and storing I guess. I just looked at the source code where the zip files were being stored and I guess I had the headers do something like. header('Content-disposition: attachment; filename=' . dirname(__DIR__) . '/random_zip_file.zip'); header('Content-type: application/zip'); Which was wrong because the first header is not needed. I got it to work now. Thanks for you help. -
Extract .zip file from other server to current server
JenniferLawrence replied to JenniferLawrence's topic in PHP Coding Help
Same thing is happening. sys_get_temp_dir() doesn't like Windows temp folder because I guess it's write protected so I changed the folder it's pointing to a writeable folder and same thing happens. The file is corrupted and can't be opened. The problem isn't really storing the file. It's more of getting the file with its original tribute. May I see screenshots or video clips of this working example? I don't know why it isn't working for me. Again, the folder storing isn't the problem, it's getting the file and keeping the original tribute on it. If I was to compare this example and they example reguinix had made (my modification version of hers), they do practically the same exact thing except yours uses cURL and hers just uses the copy command. The files are corrupted for both methods. If it doesn't work at all, I might have to just forget about this topic and do the actual download/ upload .zip file thing. -
Extract .zip file from other server to current server
JenniferLawrence replied to JenniferLawrence's topic in PHP Coding Help
I'm using xampp. It's enabled automatically. The problem I'm running into isn't whether things are enabled or not. When my script copies over files. The file gets copied, however only parts of it are copied and therefore the file won't open. Same thing with images. Since it isn't properly downloaded, the file is corrupted. I see bits of filesize being added and taken from the file, but not the actual filesize of the orginal file. I'm starting to think this is impossible so I'm probably going to just make a download link so that the clients can download it and upload them to their server. I think this is the best possible way because this auto download/ extract seems to not be working at all. -
Extract .zip file from other server to current server
JenniferLawrence replied to JenniferLawrence's topic in PHP Coding Help
Sorry, my mistake. I forgot to add the zip file for the temp variable in this comment. I already had it in my code, but it still doesn't work. I tried it with an image and the image seems to have file sizes, but the image as well can't be opened or displayed. Umm, that's what we are doing here already. If you didn't read Ch0cu3r and requinix's response. They said the same thing. No need to repeat what is already said. She is already helping me achieve that. I have also Google searched how to download zip files to remote servers and extract them. They all give them same exact answer. None of them seems to be working. They achieve the same results, but all of them can't download the right bytes in order for the zip file to not be corrupted nor unable to be opened. -
Extract .zip file from other server to current server
JenniferLawrence replied to JenniferLawrence's topic in PHP Coding Help
Ok so I got the copying the zip file to a local server with the right name all set up. The problem now is that it has 0 bytes in it. I know it has something to do with the header content-type and what not. Here's my code. $remote_file_location = 'http://docs.google.com/random_zip_file.zip'; $temp = '/root_of_the_directory/extracted_files/'; if(copy($remote_file_location, $temp)) { // extract $temp print($temp); die(); } else { print('error'); die(); } It seems that if I took away the error checking for the file size, I get the temp file. If I add in the file size checking, I get an error. What seems to be the problem? -
Extract .zip file from other server to current server
JenniferLawrence replied to JenniferLawrence's topic in PHP Coding Help
Tried that. Filesize always ends up being 0 and coping to local temp folder doesn't work. Would just copying the file to a folder within the local server work? And then just extract the zip file from the local folder. EDIT: Nvm, seems like we were on the same page, just that I thought of it differently. Seems to work now. Probably going to extract all of the content first before I delete the zip folder. -
Extract .zip file from other server to current server
JenniferLawrence replied to JenniferLawrence's topic in PHP Coding Help
The weird part is that it actually works for only zip folders within the server. If it is located on a different server, it won't open. I've tried this many times on my localhost and it seems to work. I'm looking to store zip folders in which I can use my code to download and extract without actually downloading the zip folder to my actual computer and re-uploading the zip folder and extracting it to the appropriate folder. This makes it take too much time and it is a hassel for some of my users. I would like to make it kind of like SMF where you can extract the zip folder straight from their website and extract it to your themes folder making it easier for users to use. -
What I did was check to see if the installation folder existed first. If it did, it would proceed to the installation process. If the database configuration does not exist in the configuration file, I would redirect the client back to the installation folder. If they happen to remove the installation folder, it would tell them that they are missing the installation folder and that the configuration database does not exist.
-
Is it possible to get a .zip file without downloading it to a computer and just extract the file into a remote server? So something like this http://docs.google.com/random_zip_file.zip --------------> Extract using PHP | | V http://domain.com/extracted_files/ If I do something like this <?php $extract = new ZipArchive(); if($extract->open('/root_of_the_directory/directory_where_the_zip_file_exists/') === TRUE) { $extract->extractTo('/root_of_the_directory/extracted_files/'); if($extract->close() === TRUE) { print('Extraction was a success!'); } else { print('Something went wrong with extracting the file.'); } } else { print('Could not find the .zip file'); } It works, but then if I do something like this. <?php $extract = new ZipArchive(); if($extract->open('http://docs.google.com/random_zip_file.zip') === TRUE) { $extract->extractTo('/root_of_the_directory/extracted_files/'); if($extract->close() === TRUE) { print('Extraction was a success!'); } else { print('Something went wrong with extracting the file.'); } } else { print('Could not find the .zip file'); } It doesn't work because I was thinking that $extract->open only works for files on the same server. If it's on a different server, I would need to use file_get_contents. However, with file_get_contents along with $extract->open like so. <?php $extract = new ZipArchive(); $get_file = file_get_contents('http://docs.google.com/random_zip_file.zip'); if($extract->open($get_file) === TRUE) { $extract->extractTo('/root_of_the_directory/extracted_files/'); if($extract->close() === TRUE) { print('Extraction was a success!'); } else { print('Something went wrong with extracting the file.'); } } else { print('Could not find the .zip file'); } I get this error. Warning: ZipArchive::open(): Empty string as source in /root_of_the_directory/extract.php on line 102 What is the best approach to extract files to a remote server without actually downloading the .zip file to a desktop?