SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Hybrid View

  1. #1
    SitePoint Zealot
    Join Date
    Oct 2009
    Posts
    134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    browser not liking headers after FPASSTHRU()

    got a website where users view or download docs and pics they uploaded earlier.

    let me show you what is working before I present the problem.
    user clicks a link to their doc or image and browser opens it in new window.
    browser url bar shows something like: mysite.com/files/box/data/278/myimage.jpg
    ALL IS WELL, this is working fine.

    HOWEVER, I want to add a bit of security to keep users out of other people's folders.
    ie, can't have them changing url to something like: mysite.com/files/box/data/456/mytaxes2011.pdf

    SO, using .htaccess I intercept all requests to /data/ and check authorization. once they get the green light, I open the file and pass it to the browser:

    // Open the file for reading
    $fp = fopen($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'], 'r');
    // Set mime type to header
    header('Content-type: '.mime_content_type($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI']));
    // Send the contents of the file the browser
    fpassthru($fp);
    fclose($fp);

    HERE IS THE PROBLEM: headers getting screwed up. files do not open properly. not working in IE, FF, or CHROME. both before and after my security mod, identical REQUEST HEADERS are being sent:

    Request Headers
    Host www.mysite.com
    User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.8) Gecko/20100722 AskTbHIP/3.15.4.23821 Firefox/3.6.8 (.NET CLR 3.5.30729)
    Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language en-us,en;q=0.5
    Accept-Encoding gzip,deflate
    Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive 115
    Connection keep-alive
    Referer https://www.mysite.com/files/box/index.php
    Cookie PHPSESSID=90bae8f5ad8ca690beaf8e389b2cc3fb

    BUT I'M GETTING DIFFERENT RESPONSE HEADERS BACK. here is the good response - before the mod:

    Response Headers
    Date Tue, 03 Jul 2012 02:14:02 GMT
    Server Apache
    Last-Modified Tue, 03 Jul 2012 02:01:07 GMT
    Accept-Ranges bytes
    Content-Length 169175
    Keep-Alive timeout=5, max=75
    Connection Keep-Alive
    Content-Type image/jpeg

    AND here is the bad response - after the mod:

    Response Headers
    Date Tue, 03 Jul 2012 02:15:36 GMT
    Server Apache
    Expires Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma no-cache
    Keep-Alive timeout=5, max=75
    Connection Keep-Alive
    Transfer-Encoding chunked
    Content-Type image/jpeg

    SO PLEASE, what do you make of this? looks like the headers are corrupted or lost by the PASSTHRU??
    ANY IDEAS AT ALL PLEASE & THANK YOU !!

  2. #2
    SitePoint Zealot
    Join Date
    Oct 2009
    Posts
    134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sounds of crickets (chirp... chirp)...

    okay, how about some .htaccess voodoo: can anyone tell me how to hide (that is - remove) a DYNAMIC folder name from url?

    e.g. - mysite.com/files/box/data/278/myimage.jpg
    OR mysite.com/files/box/data/456/myimage.jpg

    is diplayed as mysite.com/files/box/data/myimage.jpg

  3. #3
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Do this, set the content-type as text/plain. I bet you are getting an error message but you are not seeing it because the browser is hiding it.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  4. #4
    SitePoint Zealot
    Join Date
    Oct 2009
    Posts
    134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you logic, but have images to display too. here's what happens when they're set as text:

    no error message btw.

    JFIF,,C    $.' ",#(7),01444'9=82<.342   ĵ}!1AQa"q2‘#BR$3br‚ %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzƒ„…†‡ˆ‰Š’“”•–—˜™š?,S<€•ڝEQEQE„I=™!94gŒirhri€ž˜Z\(=pžy<4gŸ“4f“>” šqh'HI“?4„Z“'Ž™FF)7j3š?* <h'š7v?Z32z™>„FIR‚9ŒŒœ4™8žgš3**.i Ґp=hɧgŸ gŠ\ž( >u'jPhѻJLgŒph&‚€u'Hѻ&—8ލ—”gš3HSN{6sHOgŽ™>”.sFpzQJ7 uZ V ?zPi2?jP}&€9ɡ“IœcŠMšZ pF?‹ ڥŒŠ t—wNh@n-“w7Q(hsH_€hj]Ի FG*84…=hF‚ء˜‘֝gšN ?ZMy)Cdt 7) Ǩu.J“wFIP_=ECAni Fz Ÿj~4”9< dŒRo>vhƒ@zPMKŠ7i<n‚̧$9P>›.)C=iC`uw&{[Gzb{†(Ii s֍}&” ?“wH_ѻ"“#z]… “u)n)ѻ—w@j *LŠR 7€Ի7f—jpy

  5. #5
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Alright, then my next guess would be to try "rb" in fopen instead of just "r".
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  6. #6
    SitePoint Zealot
    Join Date
    Oct 2009
    Posts
    134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks again logic, but no help.

    cleared cache and all that, but still a little red X where image should be...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •