Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by OJB

  1. awesome.. I shall give that a go... thanks andy!!
  2. Hello everyone, I am currently installing my new website on the new server I bought but during my local development I never really bothered fixing a problem I knew the site had. Basically, I allow users to upload stuff to folders like this: public_html/upload/1 public_html/upload/2 public_html/upload/3 they are dependant on their user_id... so in effect, user_id 1 uploads to public_html/upload/1 etc These folders are created dynamically in PHP, but I also want to restrict access so users can't get the directory listing of those created folders. The problem is, PHP allows you only (i think) to create files in the directory of the script, which is not going to be in those folders... I had planned on when i created a new folder i would also create a blank index.html to hide the dir. listing. I imagine I can block directory listing etc using a .htaccess file somewhere, problem is that I am a complete tool when it comes to .htaccess. Could someone point me in the direction of how to about doing this?
  3. thanks everyone.... TCH does indeed rock....
  4. you could always load the IP into a log database table and do a cron job every so often to email you the latest visitors... If you get a lot of visitors to a certain page you are going to get a lot of emails Why do you want to know the IP's of those accessing the page though? What are you planning to do with that data?
  5. As Bruce said if you put the CSS link in your header.php file it will be accessible to the rest of your php files that are included what you need to think of is that when you include a file in PHP it is basically making one bigger file with all the separate file elements in one... they are essentially no longer separate pages. so if you include your CSS in the header.php and use one of your CSS styles in your footer, then it will work
  6. I just bought my 3rd hosting package with TCH.... I have been waiting to do so for a while, needed my pay slip to come through, and it did, so here I am today with 3 virtual hosting packages to my name... 2 deluxe and 1 starter So, how many TCH packages do you own? Always remember people
  7. sorry i missed this I would have helped you out the %s symbol basically tells the sprintf function to "replace this symbol with a string" so then what the sprintf function does is looks at the end of function and replaces it with the string it finds (in this case mysql_real_escape_string($id)) but for every %s you need a substitution at the end of the sprintf, and they have to be in the order that the %s's were in the query string I take it as well there is a typo in your query and it should actually say: AND genreid=genre.id.... not AND genreid-genre.id but yea... feel free to PM me if you have any more PHP/mysql related questions and I will see if I can help
  8. just had a look at this, i know the thread is slightly old... but there seems to be a security issue: >$id = $_GET['id']; $titleinfo = @mysql_query("SELECT title, year, edition, hddvd FROM dvd_reviews WHERE id='$id'"); What this will allow anyone to do is put whatever they want into the query you would execute a mysql statement for whatever they put after ID... this is a big risk because it could result in some variety of sql-injection I would suggest first of all doing the following: >$id = $_GET['id']; $safequery = sprintf("SELECT title, year, edition, hddvd FROM dvd_reviews WHERE id='%s'", mysql_real_escape_string($id)); $titleinfo = @mysql_query($safequery); mysql_real_escape_string() will stop any dodgy SQL statements from being executed! as an additional security measure you could do a regular expression on the $id and strip out any non-alphanumeric characters... (unless some of your id's contain them)
  9. try running a foreach() or the $cat_array instead of imploding it! like >foreach($cat_array as $value) { echo $value . '<br/>'; }
  10. As TCH-Dick said MySQL do two nice ones, MySQL Query Browser (for executing queries etc) and MySQL Administrator (i think its called, for managing the structure of the DB itself) I also use PHPMyAdmin (which is what you get in CPanel) on my localhost
  11. I was just about to write back saying "no there is no space" but then I hit delete just in case and there was one... For some reason when writing in Notepad++ the spaces are really small and I couldn't see it!!! HAHAHAH I feel thick now!!! All is working and I am no longer bleeding at the knuckles for punching the screen Thanks alot Bruce, much appreciated. I guess it often takes someone elses eye to spot little mistakes like that
  12. I had this exact error the other day on my IPB 1.3 forum heres the fix: In sources/Board.php find the entire of this query: >SELECT f.*, c.id as cat_id, c.position as cat_position, c.state as cat_state, c.name as cat_name, c.description as cat_desc change it to: >$DB->query("SELECT f.*, c.id as cat_id, c.position as cat_position, c.state as cat_state, c.name as cat_name, c.description as cat_desc, c.image, c.url, m.member_name as mod_name, m.member_id as mod_id, m.is_group, m.group_id, m.group_name, m.mid FROM ( ibf_forums f, ibf_categories c ) LEFT JOIN ibf_moderators m ON (f.id=m.forum_id) WHERE c.id=f.category ORDER BY c.position, f.position"); The only change is actually putting parenthesis around ibf_forums f, ibf_categories c
  13. Hey guys I am currently building a site in PHP/MySQL and I am skinning the site in CSS. I have a menu at the top of my page which has a darkish gradient background, so I have the following CSS code to control the links in it: >a{ color: #FFFFFF; text-decoration: none; } a:hover { color:#FFFFFF; text-decoration: underline; } pretty simple... Now, The main background of my site is actually white, which means links within the main block will of course not be visible. So I created the following CSS code for the links: >a .tablelink{ color: #000000; text-decoration: none; } a.tablelink:hover { color:#000000; text-decoration: underline; } i.e. black instead of white. Then in my PHP code for the links to be in the body (in a table) I have this: >echo "<td width = \"12%\" align = center><a class=\"tablelink\" href=\"editusers.php?ID=".$stickerdetails[$x]['UserID']. "\">".$stickerdetails[$x]['UserID']."</td>"; Now the problem that I am having is that on hover the link is fine, it is black and underlined as it should be... But when not hovering over the link it seems to be taking the other CSS anchor class, in other words the font is white and not visible against a white background. I thought that a way around it may be to create a separate CSS anchor class for my menu items and leave my table links to use the regular anchor class, but when I do that the menu wrecks my gradient background of the page... I have attached three images... One shows the result of the table when there is no mouse over one of the links in the table (i.e. the user ID column appears blank) One shows when hovering over one of the links it shows up black and underlined The final image shows what happens if I change my CSS to: >a.menu{ color: #FFFFFF; text-decoration: none; } a.menu:hover { color:#FFFFFF; text-decoration: underline; } for the menu CSS and hence my HTML changes to: ><div class="menu"> <span><a class="menu" href="users.php">Edit User</a></span> <span><a class="menu" href="merge.php">Merge Accounts</a></span> <span><a class="menu" href="findsticker.php">Find Sticker Code</a></span> </div> As you should be able to see there is a blue rectangle around the menu item and hence it disrupts the look of my gradient background Any help would be much appreciated!!!!
  14. I thought I would update this in case someone else has the same problem. Today I finally solved the problem. As mentioned before it was setting the folder ownership to be "nobody" In order to over come this I used umask() >if (!is_dir($dir)) { $oldumask = umask(0); mkdir($dir, 0777); umask($oldumask); } Now the folders and files created within them I can remove via FTP, which is a relief.
  15. Cheers bruce!!! Could anyone explain why this was happening because despite solving the problem I still don't fully understand why it did what it did!
  16. I think I have solved the problem now... I removed the hashes (#) from the .htaccess file lines and now it works fine... I guess those were comments.
  17. Hey guys I have done quite a bit of looking around on google to try and solve this issue I am having with one of my sites that im developing. It is written in PHP and dynamically creates links to the 3 newest news articles so the user can read the article in full, as on the main page only a short description of each article is displayed. For some reason though the PHPSESSID keeps getting appended to the end of these links, but to no others. This results in my site failing its W3C validation, which is something I really don't want to happen. As I said, all my other links don't get the ID appended to the end but these 3 links do. news.php?ID=13&PHPSESSID=0fe9e55786ed4e3dd36e682edd0554 is an example of what is happening. There is nothing written into my code which should do this so I imagine it is in fact a server related issue??? I don't really know to be honest. I read somewhere to create a .htaccess file with the following lines in: # php_value session.use_only_cookies 1 # php_value session.use_trans_sid 0 I tried that, and nothing at all seemed to happen?? Other than this little error on the front page, my entire site is W3C compliant and I would really like to get over this little hurdle if anyone knows how?? Here's the code where I display the short description and article title, author and posted date as well as the link to the main article: This is all in a for loop which runs through the latest 3 articles in the database: > <div class="newstitle"> <?php // Print out the title echo $newsdetails[$i][1]; ?> </div> <div class="newsbody"> <?php // Print out the short description of the article echo $newsdetails[$i][2]; echo "<br/>"; ?> <?php // Print out the read more link with the dynamically created URL echo "<a href=\"news.php?ID=" .$newsdetails[$i][0]."\"><b>Read more...</b></a>"; echo "<br/>"; ?></div> <div class="newsauthor"> <?php] // Print out the author and posted date echo "Posted by <b>".$authorname. "</b>"; echo " on ".$newsdetails[$i][4]; ?> </div> <?php echo "<br/><br/>"; Any help would be spectacular.
  18. I am doing it via CPanel, going into Backups then downloading the MySQL backups individually. My usual backup routine involves downloading the home directory, plus the aliases/filters and MySQL databases individually (as opposed to the full backup) Thanks for the response, I shall contact the help desk in a few minutes.
  19. Hey guys, Recently I have had a few issues which I didnt have before when it comes to backing up. The problem occurs when I backup my forum database. From the period between starting the backup and it finishing I am unable to access the forum itself, and occasionally I will even get a too many connections MySQL error at which point I contact the help desk to get them to reset the connections for me. Is there any reason why EVERY time I backup my forum (which is the main aspect of my site and the .gz file is 26MB) it becomes inaccessible?? I understand that taking a backup uses up SQL queries and connections but I would not have thought it would stop my forum from working every time I do it. I am going to try install the dbsender script that I just read when searching the forums to see if this works without freezing my forum. Any ideas of why its doing this and/or what I can do to fix it because sooner or later the help desk are going to get fed up of me.
  20. ^ How would I go about setting a suitable owner upon file upload then? And what should the owner and group ID be set to? This is all rather new to me so has me a bit confused. Sorry!
  21. I downloaded that upload script you suggested bruce. It looks good, but instead of just using it as is I wanted to try get my head around the code and make sure I understand what is going on. The problem I have at the moment is that I have managed to change the permissions on my uploaded files successfully to 666 (and whatever else I wanted them to be) but I still can't delete the files. The reason for this is not permissions but rather file ownership. All the files I upload have the ownership set to UID: 99 GID:99 Basically I think this means they are set to "nobody". I already contacted the help desk once and they changed the ownership of the files I had already uploaded and I deleted them. I would rather not contact them again until I have properly sorted this issue and it won't happen again because I don't want to pester them. Anyway, can anyone explain how to set the ownership of a file when you upload it? I have tried to use chown() to change the ownership to a different user id AFTER uploading, but I am not permitted to do so. I can't see where this occurs in that script you have linked me to, Bruce. If I could find this out, I think I could even write my own script, or at least tweak that one to my own tastes. At the bottom of this post I have pasted the PHP part of the upload script you linked me to. I can see the file permissions being set here: > $result = move_uploaded_file($temp_name, $file_path); if (!chmod($file_path,0777)) and the permissions of the folder here: >if (!chmod($upload_dir,0755)) die ("change permission to 755 failed."); But have no idea where the ownership is done. Any help would be awesome. Cheers guys. >$site_name = $_SERVER['HTTP_HOST']; $url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']); $url_this = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; $upload_dir = "files/"; $upload_url = $url_dir."/files/"; $message =""; /************************************************************ * Create Upload Directory ************************************************************/ if (!is_dir("files")) { if (!mkdir($upload_dir)) die ("upload_files directory doesn't exist and creation failed"); if (!chmod($upload_dir,0755)) die ("change permission to 755 failed."); } /************************************************************ * Process User's Request ************************************************************/ if ($_REQUEST[del] && $DELETABLE) { $resource = fopen("log.txt","a"); fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n"); fclose($resource); if (strpos($_REQUEST[del],"/.")>0); //possible hacking else if (strpos($_REQUEST[del],$upload_dir) === false); //possible hacking else if (substr($_REQUEST[del],0,6)==$upload_dir) { unlink($_REQUEST[del]); print "<script>window.location.href='$url_this?message=deleted successfully'</script>"; } } else if ($_FILES['userfile']) { $resource = fopen("log.txt","a"); fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]" .$_FILES['userfile']['name']." " .$_FILES['userfile']['type']."\n"); fclose($resource); $file_type = $_FILES['userfile']['type']; $file_name = $_FILES['userfile']['name']; $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); //File Size Check if ( $_FILES['userfile']['size'] > $MAX_SIZE) $message = "The file size is over 2MB."; //File Extension Check else if (!in_array($file_ext, $FILE_EXTS)) $message = "Sorry, $file_name($file_type) is not allowed to be uploaded."; else $message = do_upload($upload_dir, $upload_url); print "<script>window.location.href='$url_this?message=$message'</script>"; } else if (!$_FILES['userfile']); else $message = "Invalid File Specified."; /************************************************************ * List Files ************************************************************/ $handle=opendir($upload_dir); $filelist = ""; while ($file = readdir($handle)) { if(!is_dir($file) && !is_link($file)) { $filelist .= "<a href='$upload_dir$file'>".$file."</a> - URL: <b>$upload_url$file</b>"; if ($DELETABLE) $filelist .= " Added at ".date("d-m H:i", filemtime($upload_dir.$file)) .""; $filelist .= " <a style='text-decoration:none; font-weight:bold' href='?del=$upload_dir".urlencode($file)."' title='delete'>x</a>"; $filelist .="<br>"; } } function do_upload($upload_dir, $upload_url) { $temp_name = $_FILES['userfile']['tmp_name']; $file_name = $_FILES['userfile']['name']; $file_name = str_replace("\\","",$file_name); $file_name = str_replace("'","",$file_name); $file_path = $upload_dir.$file_name; //File Name Check if ( $file_name =="") { $message = "Invalid File Name Specified"; return $message; } $result = move_uploaded_file($temp_name, $file_path); if (!chmod($file_path,0777)) $message = "change permission to 777 failed."; else $message = ($result)?"$file_name was uploaded successfully." : "Something is wrong with uploading the file."; return $message; }
  22. thanks again bruce I have also had the help desk CHMOD my files so I can now remove them
  23. Thanks for the info Bruce. I shall contact the help-desk and get them to delete the files for me for now.. The mime-type check I actually got from the w3 school site: http://www.w3schools.com/php/php_file_upload.asp most of my upload script is the same, but obviously modified to suit my particular needs. I shall browse hotscripts for a more suitable upload script Cheers again
  24. Hey all I am currently developing a PHP/MySQL site whereby clients are able to upload certain file types (.zip and .rar) for a specific use. I have written an upload script but first of all it doesn't seem to be limiting the file types to just zip and rar Basically what the code does is creates a directory for each client (if there isnt one already) based on their user ID which is stored in their session header.... then from a form on a different page it is supposed to upload the file they choose to their directory. It is working correctly in the sense that the files are going to the correct folder but I can upload any file type at the moment. ><?php $dir = "/home/*******/public_html/******/upload/"; $dir .= $_SESSION['userID']; if (($_FILES["thefile"]["type"] == "application/zip") || ($_FILES["thefile"]["type"] == "application/x-rar-compressed") || ($_FILES["thefile"]["type"] == "application/x-zip-compressed" || ($_FILES["thefile"]["type"] == "application/octet-stream") && ($_FILES["thefile"]["size"] < 20000000)) { if ($_FILES["thefile"]["error"] > 0) { echo "Return Code: " . $_FILES["thefile"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["thefile"]["name"] . "<br />"; echo "Type: " . $_FILES["thefile"]["type"] . "<br />"; echo "Size: " . ($_FILES["thefile"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["thefile"]["tmp_name"] . "<br />"; if (file_exists($dir. "/" . $_FILES["thefile"]["name"])) { echo $_FILES["thefile"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["thefile"]["tmp_name"], $dir. "/" . $_FILES["thefile"]["name"]); echo "Stored in: " . $dir. "/" . $_FILES["thefile"]["name"]; } } } else { echo "Invalid file"; } ?> however even when I upload MP3s or other file types it still allows the upload Secondly, Having created the folder and now having uploaded some files I don't actually want I can't seem to delete either the folder or the files within. I keep getting a permission denied error in SmartFTP, and nothing happens when I try to delete them through CPanel (legacy) file manager. Surely this shouldnt be happening. When I create the folders I am CHMODing them to 0777 so I should be able to remove the files and directories. Any help for a confused little man would go down a charm...
  25. I agree, I only use FTP for uploading personally I just thought that if I had clients who had to upload large files it would be easiest if it was browser based and I didnt have to explain to them FTP and make them download an FTP client. Does anyone else know of a way to do this from the browser?
  • Create New...