File Extensions and Directory Writes
in [Visual Basic]
|
From: Karl E. Peterson on 15 Mar 2010 21:22 Webbiz wrote: > On Mon, 15 Mar 2010 15:54:17 -0700, Karl E. Peterson <karl(a)exmvps.org> > wrote: > >> Webbiz wrote: >>>> I was guessing you may need to set a mime-type on the server to solve >>>> the problem you originally posted about. Could also be related to the >>>> browser being used. Have you tried other download methods? If you >>>> have a link, I'm sure others here would be willing to try snatching a >>>> copy, to see what happens and what might be learned from that. >>> >>> I gave up. It turned out to be a Mime issue and a subject I don't >>> think I have a lot of time to become expert about. >> >> There's no need to become an expert at it. Do you have access to the >> server? If not, there's *definitely* no need to learn much at all. >> >> For an indeterminate binary format, I believe you can just use >> "application/octet-stream" as the mime type. That's really all there >> is to it. >> >> That and finding how to set it on your web server. For example, in >> IIS6: >> >> http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/cd72c0dc-c5b8-42e4-96c2-b3c656f99ead.mspx?mfr=true > > Yes, I have access and yes I got it setup the other day. > > Thanks. <g> Great! Hate to see someone give up, right after I gave them the right answer. <g> -- ..NET: It's About Trust! http://vfred.mvps.org
From: Webbiz on 15 Mar 2010 21:24 On Mon, 15 Mar 2010 18:36:50 -0500, "Nobody" <nobody(a)nobody.com> wrote: > >"Webbiz" <nospam(a)noway.com> wrote in message >news:rlssp5lmdmu2b1pt8gpupkdltc7slsl3h6(a)4ax.com... >> Yes, my site uses PHP for its webpages so its definitely supported. >> >> Wish I had the time to learn the stuff. Had it done professionally. >> >> But let's talk VB6. Is it possible to write an app that can log into a >> website forum? Is the only way to do this is with ASP? > >You could do it this way, but the password could be intercepted: > >mysite.com/getfile.php?UserID=1234&Pass=abc > >Here is a PHP version of the ASP script, modified slightly. It assumes that >there are no HTML tags in the data file. The same applies to ASP, which >support "include". Save the script below as "getfile.php" and upload it >using FTP ASCII mode. How to access it: > >mysite.com/getfile.php?SubID=1234 > > ><html> ><head> ><TITLE>Test</TITLE> ></head> ><body> ><?php > >$SubID=$_GET["SubID"]; > >if ($SubID=="1234" or $SubID=="1235") { > // Subscriber is black listed > echo "Access denied."; >} else { > // Valid subscriber, send the file > echo "Access granted."; > include 'datafile.txt'; >} >?> ></body> ></html> > > >PHP Documentation: >http://www.php.net/docs.php > >I recommend that you use PSPad freeware because it adds syntax color >highlighting to virtually all languages and script files. > >http://www.pspad.com > I have Adobe Dreamweaver CS3 that I can use to create the PHP with. The code looks straight forward without knowing PHP. Although this code deals with blacklisting, I'll actually need to do it the other way, that is, grant access if the SubID is in a list. So then, I assume the VB app would pass the URL with the ID. The "include" part does not make sense to be though. Isn't the "include" directive to give one code set access to another code set? For my purposes, it would have to be something like... <html> <head> <TITLE>Test</TITLE> </head> <body> <?php $SubID=$_GET["SubID"]; > [Pseudo-Code] Open IDlist and compare SubID. If so, GiveAccess = True. if (GiveAccess) { // Valid subscriber, send the file echo "Access granted."; [Pseudo-Code] Download Data.txt to user's "My Documents\MyCoolApp" } ?> </body> </html> * I used Pseudo-code because I do not currently have a clue how this will be coded. However, there is a PHP book in my library and so I'll look into it as soon as time permits. Thank you for the tip though. Gives me something to think about. Webbiz
From: Nobody on 15 Mar 2010 21:50 "Webbiz" <nospam(a)noway.com> wrote in message news:gmmtp517k70m17drtkb5v5ks4vqgbep4b6(a)4ax.com... > The code looks straight forward without knowing PHP. Although this > code deals with blacklisting, I'll actually need to do it the other > way, that is, grant access if the SubID is in a list. You are correct, you need to make it check for the allowed ID's. > So then, I assume the VB app would pass the URL with the ID. Yes. > The "include" part does not make sense to be though. Isn't the > "include" directive to give one code set access to another code set? Yes, but you could add escape characters to the file to make it jump to non-PHP mode(client side mode). Example; ?> Data here <?php // Back to server side. However, it's preferable to use something like http_redirect() so you don't have to edit the file. See this link: http://us2.php.net/manual/en/function.http-redirect.php > For my purposes, it would have to be something like... > > <html> > <head> > <TITLE>Test</TITLE> > </head> > <body> > <?php > > > $SubID=$_GET["SubID"]; >> > > [Pseudo-Code] Open IDlist and compare SubID. If so, GiveAccess = True. See sample code here: http://www.php.net/manual/en/function.mysql-query.php > if (GiveAccess) { > // Valid subscriber, send the file > echo "Access granted."; > [Pseudo-Code] Download Data.txt to user's "My Documents\MyCoolApp" You can't download to My Documents from PHP, you have to do it from your app.
From: Webbiz on 16 Mar 2010 13:36 On Mon, 15 Mar 2010 20:50:21 -0500, "Nobody" <nobody(a)nobody.com> wrote: >"Webbiz" <nospam(a)noway.com> wrote in message >news:gmmtp517k70m17drtkb5v5ks4vqgbep4b6(a)4ax.com... >> The code looks straight forward without knowing PHP. Although this >> code deals with blacklisting, I'll actually need to do it the other >> way, that is, grant access if the SubID is in a list. > >You are correct, you need to make it check for the allowed ID's. > >> So then, I assume the VB app would pass the URL with the ID. > >Yes. > >> The "include" part does not make sense to be though. Isn't the >> "include" directive to give one code set access to another code set? > >Yes, but you could add escape characters to the file to make it jump to >non-PHP mode(client side mode). Example; > >?> >Data here ><?php // Back to server side. > >However, it's preferable to use something like http_redirect() so you don't >have to edit the file. See this link: > >http://us2.php.net/manual/en/function.http-redirect.php > > >> For my purposes, it would have to be something like... >> >> <html> >> <head> >> <TITLE>Test</TITLE> >> </head> >> <body> >> <?php >> >> >> $SubID=$_GET["SubID"]; >>> >> >> [Pseudo-Code] Open IDlist and compare SubID. If so, GiveAccess = True. > >See sample code here: > >http://www.php.net/manual/en/function.mysql-query.php > So have the valid ID's in a MySQL database. > >> if (GiveAccess) { >> // Valid subscriber, send the file >> echo "Access granted."; >> [Pseudo-Code] Download Data.txt to user's "My Documents\MyCoolApp" > >You can't download to My Documents from PHP, you have to do it from your >app. > So I would have to have PHP somehow tell my app that it is okay to do so. Any hint as to how PHP can do this, like, what part of PHP should I concentrate on (as opposed to having to learn the whole language)? Thanks for the direction. Webbiz
From: Nobody on 16 Mar 2010 22:10
"Webbiz" <nospam(a)noway.com> wrote in message news:j9gvp5hjid3l731ln6hdhaf3vikeagth58(a)4ax.com... > On Mon, 15 Mar 2010 20:50:21 -0500, "Nobody" <nobody(a)nobody.com> > wrote: > >>Yes, but you could add escape characters to the file to make it jump to >>non-PHP mode(client side mode). Example; >> >>?> >>Data here >><?php // Back to server side. >> >>However, it's preferable to use something like http_redirect() so you >>don't >>have to edit the file. See this link: >> >>http://us2.php.net/manual/en/function.http-redirect.php >> >> >>> For my purposes, it would have to be something like... >>> >>> <html> >>> <head> >>> <TITLE>Test</TITLE> >>> </head> >>> <body> >>> <?php >>> >>> >>> $SubID=$_GET["SubID"]; >>>> >>> >>> [Pseudo-Code] Open IDlist and compare SubID. If so, GiveAccess = True. >> >>See sample code here: >> >>http://www.php.net/manual/en/function.mysql-query.php >> > > So have the valid ID's in a MySQL database. > >> >>> if (GiveAccess) { >>> // Valid subscriber, send the file >>> echo "Access granted."; >>> [Pseudo-Code] Download Data.txt to user's "My Documents\MyCoolApp" >> >>You can't download to My Documents from PHP, you have to do it from your >>app. >> > > So I would have to have PHP somehow tell my app that it is okay to do > so. Any hint as to how PHP can do this, like, what part of PHP should > I concentrate on (as opposed to having to learn the whole language)? Your app never sees PHP code, but the output from it. The same is true for ASP. See "Getting Started" topic in PHP documentation. Also of interest are "Predefined Variables", and "Handling file uploads" topics. |