How to Disable Direct file Download via .htaccess - file

I want to disable direct file download to my .zip files.
If my website is the referrer then only download the file.
I am using Apache server

You can try this one which will help you but I will suggest you to research more on this.However you can put the below code for the work.
Also make changes to the below code for the changes.
<?php
// This is to check if the request is coming from a specific domain domain.com
$ref = $_SERVER['HTTP_REFERER'];
$refData = parse_url($ref);
if($refData['host'] !== 'domain.com') {
// Output string and stop execution
die("Hotlinking not permitted");
}
echo "Executing code here";
?>
You need to change your domain above eg. clubapk.com instead of domain.com

Related

Block direct downloads using Symfony

I want block the direct access to some of public files from my directory. For example, I have the file image.png and I have to fill a captcha to download that file, if I fail the captcha I don't want that the user could access the file. Is there any way to do that in Symfony?
First of all, create an .htaccess file inside the image directory to prevent the direct access of files inside the directory.
Deny from All
Now, give customised path, through controller to download the file, where you can easily integrate a captcha by using some bundle like Gregwar's CaptchaBundle.
On successful captcha validation, download the file through Response.
$filename = __DIR__ . "../path_to_file/image.png";
// Generate response
$response = new Response();
// Set headers
$response->headers->set('Cache-Control', 'private');
$response->headers->set('Content-type', mime_content_type($filename));
$response->headers->set('Content-Disposition', 'attachment; filename="' . basename($filename) . '";');
$response->headers->set('Content-length', filesize($filename));
// Send headers before outputting anything
$response->sendHeaders();
$response->setContent(file_get_contents($filename));
Note : Code not tested!
Hope this helps!

Manual custom script partially working.

I need to export my target path and request path url's of my products and categories.
custom code :
<?php
require_once('app/Mage.php');
Mage::app();
$data=Mage::getModel('core/url_rewrite')->getCollection();
$fp = fopen('exports.csv', 'w+');
$csvHeader = array('request_psth',"target_path");
fputcsv( $fp, $csvHeader,",");
foreach($data as $row)
{
fputcsv($fp, array($row->getData('request_path'),$row->getData('target_path')), ",");
}
fclose($fp);
?>
Its working in my localhost, and i get export file, when i try to applied on hosting site, its not working.
i have post my code via ftp, like
screen shot
You should upload the product to the magento root directory, then only it will work as it is including Mage.php.
Also make sure your file has enough permission to execute. Once you uploaded the file using ftp, change the permission by
Right click on the file, select File permissions type 755 in the text field

Correct way in CakePHP 1.3 to create zip file and download without leaving view

I just upgraded from cakephp 1.1 to 1.3. I have everything on the site updated and working great, except for creating and downloading zip files.
Here is the code in my accounts_controller.php:
function zip() {
$this->checkSession();
$this->checkUpgradedAccount();
$files = array();
$this->layout="zip";
/*
code where I locate the files to zip, combine them, etc
*/
$tmp_file = "/home/[userdirectory]/tmp/".md5(mktime()).".zip"; //directory name edited
$command = "/usr/bin/zip -j $tmp_file ".implode(" ",$zip_files);
exec($command);
foreach($zip_files as $zf) {
unlink($zf);
}
$file_path = $tmp_file;
$this->set("path",$file_path);
$this->render();
}
When I call this action, however, I get an error:
Error: The requested address '/accounts/zip' was not found on this
server.
It worked just like this in version 1.1. I'm assuming something has changed, but I'm not sure what, and was unable to find anything pertinent in the documentation.
The zip.ctp view file does exists, but it has nothing in it other than: <?php ?>
I suspect something is different with layouts. There is NO "zip.ctp" in the /layouts directory. However, I have changed that line to $this->layout('default'); and it renders a blank page with NO ERROR, but also with no download.
Please direct me on the proper way to download my zip file in cake 1.3. Thanks in advance.
You have two different problems here. That error you're getting is because you don't have a zip layout file. As for your problem with getting the zip file, you should be using the media view class - http://book.cakephp.org/1.3/en/The-Manual/Developing-with-CakePHP/Views.html#media-views

Javascript edit external file

Okay so I'm trying to make a script that can edit an external .txt file. I want to be able to do something like /name John Doe and it saves that name in the file that the command is supposed to edit.
Another example would be I have a file called List.txt associated with the command /todo, whenever I do /todo * it adds whatever came after the command to the List.txt file.
Is there any way I can do this in javascript?
You're in luck, it appears that HTML5 actually supports this. Of course you'll have to run it through a browser, I don't know if you can hack it somehow to work from bash.
Yes, its possible to do this by creating an ajax http request to an server server side script that edits the file based on the http request's content.
Heres an example PHP serverside script the handle the ajax request:
Note: This example has a lot of security issues and is untested
<?php
$command = $_POST['command'];
$argument = $_POST['argument'];
if ($command == "name") {
$file = fopen("names.txt", "a");
fwrite($file, $argument."\n");
fclose($file);
} else if ($command == "todo") {
$file = fopen("todo.txt", "a");
fwrite($file, $argument."\n");
fclose($file);
}
?>
There is also a great tutorial on AJAX requests here
They also have a php tutorial on here
ps. sorry it took so long.

CakePHP generate a Document to Webroot

I'm currently working with cakephp and I am generating a word document. My problem is how can I put the generated document on my web root and not as a download.
I am guessing you are using an action to generate a document, which gets output to the browser.
You should either use output buffering to "catch" the output and then write it to a file, or write the document data to a string, and write that string to a file on the server.
EDIT:
PHPWord has a SAVE method. In your action, you can save the document to a certain location, but output something else, i.e. success notification. This way, your action only generates the file:
public function generateWordDocument(){
//... your word file creation...
$wordDocumentLocation = TMP . 'word_files/';
$objWriter = PHPWord_IOFactory::createWriter($PHPWord, 'Word2007');
$objWriter->save($wordDocumentLocation . 'helloWorld.docx');
$this->Session->setFlash('Document generated!');
$this->redirect(array('action'=>'index')); //or wherever you want
}
If you want to protect that file, you could save the file to a "secure" folder (this can either be a folder outside the "app/webroot" folder, or a folder protected with .htaccess deny all instruction) and than use another action, like "getWordDocument":
function getWordDocument($documentName){
$wordDocumentLocation = TMP . 'word_files/';
if (file_exists($wordDocumentLocation . $documentName)) { //this is not really the safest way of doing it
$fp = fopen($wordDocumentLocation . $documentName, 'rb');
header("Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document");
header("Content-Length: " . filesize($wordDocumentLocation . $documentName));
fpassthru($fp);
exit();
}
}
Please note, that this code is just for "grasping the concept" and is in no way safe or optimal.
i think you want to add file in webroot but it is not downloadable for public users ,
You have several ways :
- protect folders with .htaccess (Like Js folder)
- create new folder in app folder like webroot and put files in it
- use Dispatcher Filters in cakephp : http://book.cakephp.org/2.0/en/development/dispatch-filters.html
and ....

Resources