Storing a post image.

@k0r54May 23.2006

Hi,

I think the best way is to start with what I am doing. I have a form on my website and they fill it in and upload a picture. The main problem here is that i need to upload a the picture to there website (different domain & server). There is quite a big permisions problem with this.

As a work around what I done was direct the form directly to there domain then put my script that processed it on there server. Thing is im not really that happy with it because any changes means i need to change the file on there server.

Is that any way I can perhaps process it on my server put the image into a session or something that go to there server and upload the image. I dont mind a file on there server but i would like to be able to validate the image (size) and the fields on my server still.

Any ideas would be great.

Thanks
k0r54

to post a comment

PHP

34 Comments(s) _↴

@themartyMay 23.2006 — #i think any solution is gonna be dirty, but what you could do is trigger a script on the remote server (after the upload is completed), that copies it form your server to that one.

@k0r54authorMay 23.2006 — #thats not a bad idea. I know its a little dirty and im not really that happy I have to do it like that. Again though, wont I still get a permision problem just the other way round?

Thanks

Adam

@themartyMay 23.2006 — #nopes. it's just a matter of retrieving an image from a server

if permission problems would be an issue, then your browser would have the same problem.

@k0r54authorMay 23.2006 — #ok then,

Well i suppose the next step now is how can i trigger a script from another server?

Thanks

k0r54

@themartyMay 23.2006 — #for example:

http://www.php.net/fopen

you could even make it give output that you can read with the upload-script, to determine whether is was succesful or not

@k0r54authorMay 23.2006 — #I have read through it, i cant say i fully understand it but i get the drift.

So i would run that from there server and i would be able to copy the image?

Any help on that function would be great.

Thanks

k0r54

@k0r54authorMay 23.2006 — #Hi Well the way i currently validate my form is to direct the form to itself and at the top of the page use this code: -

[code=php]
 // Check the validation
 if(isset($_POST) && is_array($_POST) && ($_POST['val'] == 'true')) { 
 
 // Validation via validation page
 $error_msg = validate(); 
 
 if($_SESSION['VAL_TRUE'] == true) { 
 
  // Put all the post data into a session //
  $_SESSION['POST_DATA'] = validate();
  header('Location:' . FILENAME_CHECKOUT_INVOICE . '.php');
 
 } else {
 $errors = true; 
 }
 }
 [/code]

The validate functions checks all the post variables and then returns an error msg which i display further on but if its fine and everything has valiadate properly i go to the header location.

How could i put that function into this situation?

Thanks

k0r54

@themartyMay 23.2006 — #this is how you could do it:

to trigger the script:
fopen("http://www.remoteserver.com/scriptToBeTriggered.php?file=".urlencode("uploadedImg.jp"), "r");

-------

scriptToBeTriggered.php

&lt;?php
 // copied from the usercomments on <a href="http://www.php.net/fopen">http://www.php.net/fopen</a>
 function download($file_source, $file_target) {
 $rh = fopen($file_source, 'rb');
 $wh = fopen($file_target, 'wb');
 if ($rh===false || $wh===false) {
 // error reading or opening file
 return true;
 }
 while (!feof($rh)) {
 if (fwrite($wh, fread($rh, 1024)) === FALSE) {
 // 'Download error: Cannot write to file ('.$file_target.')';
 return true;
 }
 }
 fclose($rh);
 fclose($wh);
 // No error
 return false;
 }
 
 if (download("http://www.yourserver.com/uploaddir/".urldecode($_GET['file']), "whereverYouWantIt")
 {
 echo "Yeah!";
 }
 else
 {
 echo "Damn!";
 }
 ?&gt;

That's basically the idea

Of course you need to add some security precautions here and there, so other people can not abuse the script

@k0r54authorMay 23.2006 — #Ahhh ok great ?

I will try that. Thanks very much ?

@k0r54authorMay 31.2006 — #Hi,

Using the fopen is there a way i can pull pack some code. You have echo Yeah and echo damn but neither of them actually display anything on the page.

so you know what im doing.

I have simple (at the moment) got: -

page 1

[code=php]
 fopen("http://www.xxxxx.com/ImgUploadfile.php?file=" . urlencode("www.myserver.com") . "&pID=" . urlencode("an id"), "r");
 [/code]

http://www.xxxxx.com/ImgUploadfile.php

[code=php]
 if (strpos(urldecode($_GET['file']), "www.myserver.com") === true) {
 echo "Thank you"; 
 } else {
 echo "You do not have permision to this file";
 }
 [/code]

This display nothing??

Thanks

k0r54

@themartyMay 31.2006 — #the download script can only download remote files to the local server on which the script is running, so what you have to do is put the script on the server where on which you want to download the files. This is in your case the remote server.

Then, when the script is working OK, you access it from your own server using for example fopen.

So,

REMOTE SERVER [b]A[/b]:

- /htdocs/download.php

- /htdocs/images/

LOCAL SERVER [b]B[/b]:

- htdocs/activate.php

- htdocs/uploaded_files/

download.php contains the script that does the downloading:

[code=php]if (download("http://SERVER B/uploaded_files/".urldecode($_GET['file']), "images/".urldecode($_GET['file']))
 {
 echo "Yeah!";
 }
 else
 {
 echo "Damn!";
 }[/code]

activate.php is the script that you trigger after the file is uploaded and does the following:
[code=php]fopen("http://SERVER A/download.php?file=".$_FILES['file']['name'], "r");[/code]

in this situation i've assumed that all the uploaded files are stored in the dir [b]/uploaded_files[/b]

check also http://www.php.net/fopen to see how to retrieve the response Yeah! or Damn

@k0r54authorMay 31.2006 — #Hi,

Thanks for the break down. I went to the fopen section on php.net before i done posted back up here but cannot seem to see how to retrieve the response?

Thanks

k0r54

@bokehMay 31.2006 — #i think any solution is gonna be dirty, but what you could do is trigger a script on the remote server (after the upload is completed), that copies it form your server to that one.[/QUOTE]Ok... but I believe you've got it wrong. The script on the remote server could be as simple as:[code=php]<?php require_once('http://www.yourdomain.com/yourscript'); ?>[/code]No more code than that is required on their server. On your server have a file called [I]yourscript[/I] (no extension needed) that contains your PHP script. Now you have complete control of everything directly from a script on your own server.

@themartyMay 31.2006 — #basically everything is already in the download function.

so, try this for example:

[code=php]<?php
 if ($rh = fopen("http://www.webdeveloper.com/forum/showthread.php?p=576869", "r"))
 {
 echo "Retrieved url succesfully!<br><br>";
 $content = "";
 while (!feof($rh))
 {
 $content .= fread($rh, 1024);
 }
 echo "Sourcecode:<pre>".htmlspecialchars($content)."</pre>";
 }
 else
 {
 echo "Retrieving the url failed";
 }
 ?>[/code]

@themartyMay 31.2006 — #Ok... but I believe you've got it wrong.[/QUOTE]

That is very possible.

But i don't see how your script [i]copies[/i] the file to the remote server ....

@DaiWelshMay 31.2006 — #I [B]think[/B] what bokeh is saying is that to avoid having any code on the remote servers that may need to be updated later, each remote server just has a script that includes a script from the OP's server. The included script rather than executing the copy, outputs valid PHP code to do the copy which then gets executed on the remote server (that is how remote includes work).

This allows all code to be on OP server for easy maintenance, though remote includes are prone to security issues.

@bokehMay 31.2006 — #remote includes are prone to security issues.[/QUOTE]The only time there would be a security issue is if the remote location were not hard coded into the script. Therefore the following is pretty safe:[code=php]<?php require_once('http://www.yourdomain.com/yourscript'); ?> [/code]While the second example has a major security problem as it allows anyone to include anything and run it:[code=php]<?php require_once($_REQUEST['include']); ?> [/code]

@DaiWelshMay 31.2006 — #Mostly true, though if someone can spoof your domain they can then run code direct on the servers doing the remote include.

However I was not suggesting your solution was not a good one, just wanted the OP and others to know that remote includes are something to be handled with care ?

@bokehMay 31.2006 — #if someone can spoof your domain they can then run code direct on the servers doing the remote include.[/QUOTE]What is the chance of that? First of all they would need to know the contents of your script in the first place which would mean your server had already been seriously been comprimised. Also bar DNS poisoning how would it be possible to spoof a domain. If you understand how DNS work you would realise this is next to impossible.

@k0r54authorMay 31.2006 — #Hi,

Thank you for all your help

Ok i now have: -

form - page 1 - my server

[code=php]
 fopen("http://www.xxxxxx.com/ImgUpload.php, "r");
 [/code]

page 2 - remote server (http://www.xxxxxx.com/ImgUpload.php)

[code=php]
 <?PHP
 require_once('http://www.mydomain.com/myscript');
 ?>
 [/code]

page 3 - mydomain/myscript

[code=php]
 <?PHP
 echo "YES";
 ?>
 [/code]

Ok it doesn't seem to echo YES; I have the code i need to copy the image from one server to another. but it would be nice to be able to return a msg or something?

Thanks

k0r54

@DaiWelshMay 31.2006 — #What is the chance of that? First of all they would need to know the contents of your script in the first place which would mean your server had already been seriously been comprimised. Also bar DNS poisoning how would it be possible to spoof a domain. If you understand how DNS work you would realise this is next to impossible.[/QUOTE]

Argumentative much? :rolleyes:

@bokehMay 31.2006 — #First of all call page two directly. It should work. The error is in the first step. You would submit your images to page two on their server but the point is you control everything from your box.

@bokehMay 31.2006 — #Argumentative much?[/QUOTE]Maybe so, but can you provide any foundation for your [I]spoofing a domain [/I] argument?

@k0r54authorJun 01.2006 — #Hi,

Sorry i know this post is going on for a bit. Got a problem though. I need to keep the form action going to itself because of the way i validate. I have added the fopen and located to the file on the remote server.

Remote server code: -

[code=php]
 <?PHP
 function download($file_source, $file_target) {
 $rh = fopen($file_source, 'rb');
 $wh = fopen($file_target, 'wb');
 if ($rh===false || $wh===false) {
 // error reading or opening file
 return true;
 }
 
 while (!feof($rh)) {
 if (fwrite($wh, fread($rh, filesize($rh))) === FALSE) {
 // 'Download error: Cannot write to file ('.$file_target.')';
 return true;
 }
 }
 
 fclose($rh);
 fclose($wh);
 // No error
 return false;
 }
 
 download(urldecode($_GET['file']), "../../images/products/me.jpg");
 ?>
 [/code]

The problem i get: -

It copies the file fine. When i go to "../../images/products/me.jpg" the image is there at me.jpg. I click to view it and this is the strange bit. It knows there is an image as it trys to load it it even knows the size of the image but the actual picture doesn't show. It just shows as if the image is missing. But its not?

Any idea's why this is happening?

Thanks

k0r54

@bokehJun 01.2006 — #Your problem is here:[code=php]fread($rh, filesize($rh))[/code]The argument to [I]filesize()[/I] is [I]string filename[/I]. You are feeding it the [I]resource id[/I].

[B]

Not tested: [/B]

[code=php]function download($file_source, $file_target) {
 if(!($handle = fopen($file_target, 'wb'))
 {
 return false;
 }
 if (fwrite($handle, file_get_contents($file_source)) === FALSE)
 {
 // 'Download error: Cannot write to file ('.$file_target.')';
 fclose($handle;
 return false;
 }
 fclose($handle);
 return true;
 } [/code]

@k0r54authorJun 01.2006 — #Hi,

I replaced the function with bokeh code and it didn't work? nothing copied at all?

I put my code back and changed the filesize($rh) to filesize($file_source) but it still didn't work?

I really appreciate all the help.

Thanks

k0r54

@bokehJun 01.2006 — #In theory all you should need for that is [URL=http://www.php.net/copy]copy()[/URL].

@k0r54authorJun 01.2006 — #Hi,

I looked into that but im not sure what it means by wrapping the url in a fopen?

Isn't that what we are doing?

Thanks

k0r54

@bokehJun 01.2006 — #wrapping the url in a fopen[/QUOTE]But you are not opening a URL, are you?

@k0r54authorJun 01.2006 — #It's ok

I just has a proper look at your code :- just missing a couple of brackets and stuff but because it was in a dif. ser it didn't error out. It just didn't copy. It is working very well and extremly fast.

[code=php]
 function download($file_source, $file_target) { 
 if(!($handle = fopen($file_target, 'wb'))) { 
 return false; 
 } 
 if (fwrite($handle, file_get_contents($file_source)) === FALSE) { 
 // 'Download error: Cannot write to file ('.$file_target.')'; 
 fclose($handle); 
 return false; 
 } 
 fclose($handle); 
 return true; 
 }
 [/code]

Thanks

k0r54

@k0r54authorJun 01.2006 — #Just one last thing :-

Is there a way i can quickly check that an image exists on the remote server?

Thanks

k0r54

@bokehJun 01.2006 — #Just one last thing :-

Is there a way i can quickly check that an image exists on the remote server?

Thanks

k0r54[/QUOTE]Exists? You mean check a url is good right? Or do you want to check it is an image and the image is good?

@k0r54authorJun 01.2006 — #yeah, just want to check it is an image and that it is good.

Thanks

k0r54

@bokehJun 01.2006 — #Like this possibly:

[code=php]function download($file_source, $file_target) 
 {
 @getimagesize($image = @file_get_contents($file_source)) or die('not a valid image');
 if(!($handle = fopen($file_target, 'wb'))) 
 {
 return false;
 }
 fwrite($handle, $image)
 fclose($handle);
 return true;
 }[/code]

Also in #PHP _↴

another error Converting HTML text to 1337 with PHP Help with search function

Success!

Help @k0r54 spread the word by sharing this article on Twitter...

Tweet This

Storing a post image.

34 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Storing a post image.

34 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

34 Comments(s) _↴

Also in #PHP _↴