connectcase

The subject does not quite cover it, so a little elaboration below: There is this existing PHP application, containing order information, which needs to be extended with an uploadmodule (PDF files accompanying orders). Logging in is done via the database and an include file (login.php), that sets a session ("if empty(SESSION["userid"]) then" or something like that) I can't include this login.php into the uploaded PDF's, meaning that if someone would know the actual filename, it would be easy to just type it in the address bar of their browser and download/open the PDF. First I thought I'd place the PDF's inside a folder outside the reach of the webroot and then stream them to the browser, when requested. But since I am on shared hosting, I cannot access the filesystem. Anyone with suggestions? I am not looking for codesnippets (would be nice though), just a sort of "push in the right direction". I'm not too eager to put the whole PDF into the database (because of the exponential growth), but if that's the only solution, so be it. Thanks in advance!

I am trying to write a php command into a (new) php-file. <?php $fn = "/var/www/vhosts/mydomain.nl/httpdocs/newfile.php"; $fh = fopen($fn, 'w'); fwrite($fh, "<?php require_once('_config.php'); ?>"); fclose($fh); ?> The file gets (over)written successfully AND the _config.php exists (with perms 777), but when I try to run it (www.mydomain.nl/newfile.php), I get the error message: Warning: require_once(_config.php) [function.require-once]: failed to open stream: Inappropriate ioctl for device in /var/www/vhosts/mydomain.nl/httpdocs/newfile.php on line 1 The "failed to open stream"-bit I understand. But what's a "Inappropriate ioctl"??? Any suggestions welcome! Cheers, Cees

Wildteen, believe me when I say I have double checked phpinfo. All the magic quotes settings are on off. Any other suggestions (all input welcome!!). Thanks, Cees

That's what the guys at php.net said. But as stated in the initial post: magic quotes are (all) OFF. So they should not have any influence whatsoever right? Cheers, Cees

Not sure if this is Apache or PHP related, but the guys at php.net told me it is not a bug but a feature, emphasizing I should read the section on "magic quotes" (which I did over and over again, but no answer). Anyway, magic quotes are OFF in the example below: Adding the following to your .htaccess file: "AddHandler application/x-httpd-php .php" parses all php files correctly regarding "slash-involved" functions like addslashes, mysql_real_escape_string etc.: addslashes("O'Brien") results in "O\'Brien" (as it should be, right?) Adding the 5 to the PHP handler in your .htaccess file: "AddHandler application/x-httpd-php5 .php" results in 2 extra slashes: addslashes("O'Brien") will now become "O\\\'Brien" According to the documentation a function like mysql_real_escape_string should only add just 1 slash and not insert it into your database. There are no other changes to configuration or php.ini whatsoever. I am on shared hosting, so can't change much anyway. Searched the php.net bugreports, searched the manual, searched phpfreaks, Google etc. but no luck of finding an explanation..... Thanks guys!