Hi,
I think the best way is to start with what I am doing. I have a form on my website and they fill it in and upload a picture. The main problem here is that i need to upload a the picture to there website (different domain & server). There is quite a big permisions problem with this.
As a work around what I done was direct the form directly to there domain then put my script that processed it on there server. Thing is im not really that happy with it because any changes means i need to change the file on there server.
Is that any way I can perhaps process it on my server put the image into a session or something that go to there server and upload the image. I dont mind a file on there server but i would like to be able to validate the image (size) and the fields on my server still.
Any ideas would be great.
Thanks
k0r54
[code=php]
// Check the validation
if(isset($_POST) && is_array($_POST) && ($_POST['val'] == 'true')) {
// Validation via validation page
$error_msg = validate();
if($_SESSION['VAL_TRUE'] == true) {
// Put all the post data into a session //
$_SESSION['POST_DATA'] = validate();
header('Location:' . FILENAME_CHECKOUT_INVOICE . '.php');
} else {
$errors = true;
}
}
[/code]
fopen("http://www.remoteserver.com/scriptToBeTriggered.php?file=".urlencode("uploadedImg.jp"), "r");
<?php
// copied from the usercomments on <a href="http://www.php.net/fopen">http://www.php.net/fopen</a>
function download($file_source, $file_target) {
$rh = fopen($file_source, 'rb');
$wh = fopen($file_target, 'wb');
if ($rh===false || $wh===false) {
// error reading or opening file
return true;
}
while (!feof($rh)) {
if (fwrite($wh, fread($rh, 1024)) === FALSE) {
// 'Download error: Cannot write to file ('.$file_target.')';
return true;
}
}
fclose($rh);
fclose($wh);
// No error
return false;
}
if (download("http://www.yourserver.com/uploaddir/".urldecode($_GET['file']), "whereverYouWantIt")
{
echo "Yeah!";
}
else
{
echo "Damn!";
}
?>
[code=php]
fopen("http://www.xxxxx.com/ImgUploadfile.php?file=" . urlencode("www.myserver.com") . "&pID=" . urlencode("an id"), "r");
[/code]
[code=php]
if (strpos(urldecode($_GET['file']), "www.myserver.com") === true) {
echo "Thank you";
} else {
echo "You do not have permision to this file";
}
[/code]
[code=php]if (download("http://SERVER B/uploaded_files/".urldecode($_GET['file']), "images/".urldecode($_GET['file']))
{
echo "Yeah!";
}
else
{
echo "Damn!";
}[/code]
[code=php]fopen("http://SERVER A/download.php?file=".$_FILES['file']['name'], "r");[/code]
i think any solution is gonna be dirty, but what you could do is trigger a script on the remote server (after the upload is completed), that copies it form your server to that one.[/QUOTE]Ok... but I believe you've got it wrong. The script on the remote server could be as simple as:
[code=php]<?php require_once('http://www.yourdomain.com/yourscript'); ?>[/code]
No more code than that is required on their server. On your server have a file called [I]yourscript[/I] (no extension needed) that contains your PHP script. Now you have complete control of everything directly from a script on your own server.[code=php]<?php
if ($rh = fopen("http://www.webdeveloper.com/forum/showthread.php?p=576869", "r"))
{
echo "Retrieved url succesfully!<br><br>";
$content = "";
while (!feof($rh))
{
$content .= fread($rh, 1024);
}
echo "Sourcecode:<pre>".htmlspecialchars($content)."</pre>";
}
else
{
echo "Retrieving the url failed";
}
?>[/code]
Ok... but I believe you've got it wrong.[/QUOTE]
remote includes are prone to security issues.[/QUOTE]The only time there would be a security issue is if the remote location were not hard coded into the script. Therefore the following is pretty safe:
[code=php]<?php require_once('http://www.yourdomain.com/yourscript'); ?> [/code]
While the second example has a major security problem as it allows anyone to include anything and run it:[code=php]<?php require_once($_REQUEST['include']); ?> [/code]
if someone can spoof your domain they can then run code direct on the servers doing the remote include.[/QUOTE]What is the chance of that? First of all they would need to know the contents of your script in the first place which would mean your server had already been seriously been comprimised. Also bar DNS poisoning how would it be possible to spoof a domain. If you understand how DNS work you would realise this is next to impossible.
[code=php]
fopen("http://www.xxxxxx.com/ImgUpload.php, "r");
[/code]
[code=php]
<?PHP
require_once('http://www.mydomain.com/myscript');
?>
[/code]
[code=php]
<?PHP
echo "YES";
?>
[/code]
What is the chance of that? First of all they would need to know the contents of your script in the first place which would mean your server had already been seriously been comprimised. Also bar DNS poisoning how would it be possible to spoof a domain. If you understand how DNS work you would realise this is next to impossible.[/QUOTE]
Argumentative much?[/QUOTE]Maybe so, but can you provide any foundation for your [I]spoofing a domain [/I] argument?
[code=php]
<?PHP
function download($file_source, $file_target) {
$rh = fopen($file_source, 'rb');
$wh = fopen($file_target, 'wb');
if ($rh===false || $wh===false) {
// error reading or opening file
return true;
}
while (!feof($rh)) {
if (fwrite($wh, fread($rh, filesize($rh))) === FALSE) {
// 'Download error: Cannot write to file ('.$file_target.')';
return true;
}
}
fclose($rh);
fclose($wh);
// No error
return false;
}
download(urldecode($_GET['file']), "../../images/products/me.jpg");
?>
[/code]
[code=php]fread($rh, filesize($rh))[/code]
The argument to [I]filesize()[/I] is [I]string filename[/I]. You are feeding it the [I]resource id[/I].[code=php]function download($file_source, $file_target) {
if(!($handle = fopen($file_target, 'wb'))
{
return false;
}
if (fwrite($handle, file_get_contents($file_source)) === FALSE)
{
// 'Download error: Cannot write to file ('.$file_target.')';
fclose($handle;
return false;
}
fclose($handle);
return true;
} [/code]
wrapping the url in a fopen[/QUOTE]But you are not opening a URL, are you?
[code=php]
function download($file_source, $file_target) {
if(!($handle = fopen($file_target, 'wb'))) {
return false;
}
if (fwrite($handle, file_get_contents($file_source)) === FALSE) {
// 'Download error: Cannot write to file ('.$file_target.')';
fclose($handle);
return false;
}
fclose($handle);
return true;
}
[/code]
Just one last thing :-Exists? You mean check a url is good right? Or do you want to check it is an image and the image is good?
Is there a way i can quickly check that an image exists on the remote server?
Thanks
k0r54[/QUOTE]
[code=php]function download($file_source, $file_target)
{
@getimagesize($image = @file_get_contents($file_source)) or die('not a valid image');
if(!($handle = fopen($file_target, 'wb')))
{
return false;
}
fwrite($handle, $image)
fclose($handle);
return true;
}[/code]
0.1.9 — BETA 5.18