Guys, As we have discussed, file upload in php is quite easier,
If you are newer to php file upload please refer to
(http://softwareguy82.blogspot.com/2008/08/simple-file-upload-in-php.html).
In this article we will discuss how to upload files with bigger size (200 mb / 300 mb or even more).
1) One approach is to mention MAX_FILE SIZE in the form itself.
<html>
<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
Choose a file to upload: <input name=" file" type="file" />
<input type="submit" value="Upload" />
</form>
</body>
</html>
By this approach, you can limit file size.
2) php.ini change
Php has global settings in php.ini for max file size.
Here only change in max_file_size is not sufficient. Some other corresponding settings are also needed.
Change following values
upload_max_filesize = 200M
post_max_size = 250M
max_execution_time = 900 (or -1 will also do, but be careful, this will allow hackers to attack on your server)
max_input_time = -1
memory_limit = 250M
That’s it. This setting should allow to upload files with bigger filesize.
3) On shared server, its not possible to customize php.ini. This is biggest hurdle.
And ini_set() doesn’t work for above said variables.
One common practice is to use .htaccess provided you are working with apache server.
In htaccess file paste following lines
php_value upload_max_filesize 200M
php_value post_max_size 250M
php_value max_execution_time 900
php_value max_input_time -1
php_value memory_limit 250M
If you are still facing problem while uploading; check apache config setting (httpd.conf) “AllowOverride” for directory level. That’s should be ALL.
That’s it guys, This should wrk.
Send me your feedback on ninad.blog@gmail.com
Friday, August 22, 2008
Domey Bank Landing Page
Hey Guys
I was checking my gmail today morning and guess what i saw in my inbox.
i got this email saying Axis banking online account has been violated.
Now joke is, i had an axis account 1& half year ago. and it has been closed couple of months ago :)).
Then i just visited the link provided by those guys in the email and to my surprise it was a phishing website
Check out the content of the mail below:-
Security Alert:
Attention! Your Axis Online Banking Account has been violated!
Someone with IP Address 81.102.72.19 tried to access your personal account!
In accordance with Axis Online Banking User Agreement and to ensure that
your account has not been compromised, access to your account was limited.
Your account access will remain limited until this issue has been resolved.
Please follow the link below to resolve this problem:
https://www.axisbank.com/security/resolve=acct
Thank You.
Accounts Management As outlined in our User Agreement, Axis ® Bank will
periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any questions.
Now if you look very carefully to the link, you will notice that the actual axis bank one but the href given is
http://e-nocleg.com/baners/index.php?bank=www.axisbank.com/BankAway/dJSESSION2973743u383h3bjhffufDHJUGHSbwayparam=dabCcRhcJfLjtYCXCZuARrnhMYei0G7D&type=personal&stge=2&id=fyjdL1LXSFkUnut
which is the domey link
Here are the screenshots of actual axis bank & domey Phishing page.
Original Axis Bank Page
Domey Phishing Page
Please keep in mind, all the banks use Secure Socket Layer or HTTPS to perform banking operations, so never never perform transactions when url does not contain https://
Pass this message to your frenz, to be careful with such frauds.
Thanks.
I was checking my gmail today morning and guess what i saw in my inbox.
i got this email saying Axis banking online account has been violated.
Now joke is, i had an axis account 1& half year ago. and it has been closed couple of months ago :)).
Then i just visited the link provided by those guys in the email and to my surprise it was a phishing website
Check out the content of the mail below:-
Security Alert:
Attention! Your Axis Online Banking Account has been violated!
Someone with IP Address 81.102.72.19 tried to access your personal account!
In accordance with Axis Online Banking User Agreement and to ensure that
your account has not been compromised, access to your account was limited.
Your account access will remain limited until this issue has been resolved.
Please follow the link below to resolve this problem:
https://www.axisbank.com/security/resolve=acct
Thank You.
Accounts Management As outlined in our User Agreement, Axis ® Bank will
periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any questions.
Now if you look very carefully to the link, you will notice that the actual axis bank one but the href given is
http://e-nocleg.com/baners/index.php?bank=www.axisbank.com/BankAway/dJSESSION2973743u383h3bjhffufDHJUGHSbwayparam=dabCcRhcJfLjtYCXCZuARrnhMYei0G7D&type=personal&stge=2&id=fyjdL1LXSFkUnut
which is the domey link
Here are the screenshots of actual axis bank & domey Phishing page.
Original Axis Bank Page
Domey Phishing Page
Please keep in mind, all the banks use Secure Socket Layer or HTTPS to perform banking operations, so never never perform transactions when url does not contain https://
Pass this message to your frenz, to be careful with such frauds.
Thanks.
Tuesday, August 19, 2008
Simple file upload in PHP
File Upload In Php
One of the important aspects in php is file upload. File upload in php is very simple, but you need to be careful while doing it, because allowing users to upload file to server means possibly providing whole can of worms.
To upload file create one simple html form .
<html>
<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
Choose a file to upload: <input name=" file" type="file" />
<input type="submit" value="Upload" />
</form>
</body>
</html>
Note the attributes of the form here.
enctype = "multipart/form-data". It specifies which content-type to use when submitting information back to server. Without these requirements, your file upload will not work.
Action = php script path, which will have php code to upload the file to desired path
Method = “POST”
Here, another thing to notice is the hidden form field named MAX_FILE_SIZE. Some web browsers actually pick up on this field and will not allow the user to upload a file bigger than this number (in bytes).
You can also set this value in php.ini. Also make sure that file_uploads inside your php.ini file is set to On.
Now it’s time to create upload.php; which has been referenced in form tag.
//Сheck if file is present
if((!empty($_FILES[“file”])) && ($_FILES[“file”][“error”] == 0)) {
//Check if the file is JPEG image and it”s size is less than 350Kb
$filename = basename($_FILES[“file”][“name”]);
$ext = strtolower(substr($filename, strrpos($filename, “.”) + 1));
if (($ext == "jpg") && ($_FILES["file"]["type"] == "image/jpeg") &&
($_FILES["file"]["size"] < 350000)) {
//Determine the path to which we want to save this file
$newname =”upload/”.$filename;
//Check if the file with the same name is already exists on the server if (!file_exists($newname)) { //Attempt to move the uploaded file to it”s new place
if ((move_uploaded_file($_FILES[“file”][“tmp_name”],$newname))) {
echo "It”s done! The file has been saved as: ".$newname; } else {
echo "Error: A problem occurred during file upload!";
}
} else {
echo "Error: File ".$_FILES["file"]["name"]." already exists";
}
} else {
echo "Error: Only .jpg images under 350Kb are accepted for upload";
}
} else {
echo "Error: No file uploaded";
}
?>
Note: Be sure that PHP has permission to read and write to the directory in which temporary files are saved and the location in which you're trying to copy the file.
Guys, there you are. This script will upload image files with validations.
You can even add the validations by checking the header of uploading file upto first 100 bytes and make sure that file being uploaded is image file.
This example is simple way to upload file. If you re beginner in php, this should help you. In case any questions / feedback, please mail me at ninad.blog@gmail.com
One of the important aspects in php is file upload. File upload in php is very simple, but you need to be careful while doing it, because allowing users to upload file to server means possibly providing whole can of worms.
To upload file create one simple html form .
<html>
<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
Choose a file to upload: <input name=" file" type="file" />
<input type="submit" value="Upload" />
</form>
</body>
</html>
Note the attributes of the form here.
enctype = "multipart/form-data". It specifies which content-type to use when submitting information back to server. Without these requirements, your file upload will not work.
Action = php script path, which will have php code to upload the file to desired path
Method = “POST”
Here, another thing to notice is the hidden form field named MAX_FILE_SIZE. Some web browsers actually pick up on this field and will not allow the user to upload a file bigger than this number (in bytes).
You can also set this value in php.ini. Also make sure that file_uploads inside your php.ini file is set to On.
Now it’s time to create upload.php; which has been referenced in form tag.
//Сheck if file is present
if((!empty($_FILES[“file”])) && ($_FILES[“file”][“error”] == 0)) {
//Check if the file is JPEG image and it”s size is less than 350Kb
$filename = basename($_FILES[“file”][“name”]);
$ext = strtolower(substr($filename, strrpos($filename, “.”) + 1));
if (($ext == "jpg") && ($_FILES["file"]["type"] == "image/jpeg") &&
($_FILES["file"]["size"] < 350000)) {
//Determine the path to which we want to save this file
$newname =”upload/”.$filename;
//Check if the file with the same name is already exists on the server if (!file_exists($newname)) { //Attempt to move the uploaded file to it”s new place
if ((move_uploaded_file($_FILES[“file”][“tmp_name”],$newname))) {
echo "It”s done! The file has been saved as: ".$newname; } else {
echo "Error: A problem occurred during file upload!";
}
} else {
echo "Error: File ".$_FILES["file"]["name"]." already exists";
}
} else {
echo "Error: Only .jpg images under 350Kb are accepted for upload";
}
} else {
echo "Error: No file uploaded";
}
?>
Note: Be sure that PHP has permission to read and write to the directory in which temporary files are saved and the location in which you're trying to copy the file.
Guys, there you are. This script will upload image files with validations.
You can even add the validations by checking the header of uploading file upto first 100 bytes and make sure that file being uploaded is image file.
This example is simple way to upload file. If you re beginner in php, this should help you. In case any questions / feedback, please mail me at ninad.blog@gmail.com
Simple Ajax Tutorial
Ajax is derived from javascript. When javascript was released, people just loved all the cool things you could do with web browser. Form validation, modal message, popups, sliding information divs, cool web tools and many more.
Still javascript was limited to web browser. You could never pass information back and fro server. You had to go for either PHP or ASP approach, via GET or POST method.
One popular approach to get ajaxy effect was to use hidden dives, iframes, to create hidden request and get the results and then using javascript, show that result. This would create some other problems which I am not touching to as it is out of scope for current topic.
Ajax attempts to remedy above said problem by letting you Javascript communicate directly with the server, using special javascript object XMLHttpRequest.
Let me tell you one thing, you might already known that Ajax stands for Asynchronous Javascript and xml.
With this approach, we have to create one XMLHttpRequest object through javascript, which will do job for us to get the results, withought letting browser know.
Here is the javascript code which creates the XMLHttpRequest.
function initxmlhttp(){
var xmlhttp ;
/*@cc_on @*/
/*@if (@_jscript_version >= 5)
try {
xmlhttp=new ActiveXObject("Msxml2.XMLHTTP")
} catch (e) {
try {
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP")
} catch (E) {
xmlhttp=false
}
}
@else
xmlhttp=false
@end @*/
if ( !xmlhttp && typeof XMLHttpRequest!='undefined' ){
try{
xmlhttp = new XMLHttpRequest() ;
}
catch (e){
xmlhttp = false ;
}
}
return xmlhttp ;
}
If you look carefully to above javascript function, you can see some comments are embedded. But don’t remove them. Those are conditional compilers. Removing them will cause problem in IE browsers.
So till now, we have created the base of ajax. Now, we have to use above JS function.
Let’s code one javascript function which create XMLHttpRequest object, and will send the request to php script. Embed both these javascript function in the same form.
function GET_MD5(){
var xmlreload = initxmlhttp() ;
var str = ‘Name’;
var url = "callthis.php?str="+str;
//img_capcha
xmlreload.open( "GET", url, true ) ;
xmlreload.onreadystatechange=function() {
if (xmlreload.readyState==4){
j_string = xmlreload.responseText ;
}
}
xmlreload.send(null) ;
}
AJAX_CALL function calls initxmlhttp, and send request to callthis.php.
Now create one php script named callthis.php which contains simple php code. This script will take ‘str’ as GET variable and echos md5 value of that.
--------Callthis.php-----------
Echo md5($_REQUEST[‘str’]);
?>
--------END Callthis.php-----------
That’s it guys. Now you can do anything with simple PHP script change, and calling that file in GET_MD5 function.
Hope this code helps you. Send me your feed back at ninad.blog@gmail.com
Ajax is derived from javascript. When javascript was released, people just loved all the cool things you could do with web browser. Form validation, modal message, popups, sliding information divs, cool web tools and many more.
Still javascript was limited to web browser. You could never pass information back and fro server. You had to go for either PHP or ASP approach, via GET or POST method.
One popular approach to get ajaxy effect was to use hidden dives, iframes, to create hidden request and get the results and then using javascript, show that result. This would create some other problems which I am not touching to as it is out of scope for current topic.
Ajax attempts to remedy above said problem by letting you Javascript communicate directly with the server, using special javascript object XMLHttpRequest.
Let me tell you one thing, you might already known that Ajax stands for Asynchronous Javascript and xml.
With this approach, we have to create one XMLHttpRequest object through javascript, which will do job for us to get the results, withought letting browser know.
Here is the javascript code which creates the XMLHttpRequest.
function initxmlhttp(){
var xmlhttp ;
/*@cc_on @*/
/*@if (@_jscript_version >= 5)
try {
xmlhttp=new ActiveXObject("Msxml2.XMLHTTP")
} catch (e) {
try {
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP")
} catch (E) {
xmlhttp=false
}
}
@else
xmlhttp=false
@end @*/
if ( !xmlhttp && typeof XMLHttpRequest!='undefined' ){
try{
xmlhttp = new XMLHttpRequest() ;
}
catch (e){
xmlhttp = false ;
}
}
return xmlhttp ;
}
If you look carefully to above javascript function, you can see some comments are embedded. But don’t remove them. Those are conditional compilers. Removing them will cause problem in IE browsers.
So till now, we have created the base of ajax. Now, we have to use above JS function.
Let’s code one javascript function which create XMLHttpRequest object, and will send the request to php script. Embed both these javascript function in the same form.
function GET_MD5(){
var xmlreload = initxmlhttp() ;
var str = ‘Name’;
var url = "callthis.php?str="+str;
//img_capcha
xmlreload.open( "GET", url, true ) ;
xmlreload.onreadystatechange=function() {
if (xmlreload.readyState==4){
j_string = xmlreload.responseText ;
}
}
xmlreload.send(null) ;
}
AJAX_CALL function calls initxmlhttp, and send request to callthis.php.
Now create one php script named callthis.php which contains simple php code. This script will take ‘str’ as GET variable and echos md5 value of that.
--------Callthis.php-----------
Echo md5($_REQUEST[‘str’]);
?>
--------END Callthis.php-----------
That’s it guys. Now you can do anything with simple PHP script change, and calling that file in GET_MD5 function.
Hope this code helps you. Send me your feed back at ninad.blog@gmail.com
Subscribe to:
Posts (Atom)
