This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
ComputerCraftGeneral
Goof's profile picture

[Website] Upload a file from cc via http.post.

Started by Goof, 01 April 2014 - 06:21 PM
Goof #1

Goof's profile picture

767 posts

Posted 01 April 2014 - 08:21 PM
Hello!


I am trying to make a basic website which takes postdata and put it into the posted file with a CC emulator

I have the following code on the upload website, but i don't know how to take the $postdata and "upload" it to the website

<?php
  $postdata=$_POST['POSTDATA'] or "WRONGDATA";
  $posttype=$_POST['POSTTYPE'] or "WRONGTYPE";
  $postname=$_POST['POSTNAME'] or "WRONGNAME";
  /*echo $postdata;*/
  $currentPath=$_SERVER['PHP_SELF'];
  $endPath=$currentPath.'/files/' . $posttype . '/' . $postname;
  move_uploaded_file($postdata, $endPath); /* but this line wont work with postdata... :(/> */
?>

I am uploading a long text ( which is the file.readAll() ) as so: 
http://mywebsite.com/dev/upload.php?POSTDATA=allfiledata&POSTTYPE=program&POSTNAME=testprogram


Any help ie very appreciated!


Thanks in Advance
Shazz #2

Shazz's profile picture

169 posts

Posted 02 April 2014 - 12:39 AM
move_uploaded_file() is not what you would use in this case.

Use file_put_contents($filename, $contents) in this case.

Also, $_SERVER['php_self'] will return path to the executing file (relative to the document root).
More info: http://www.php.net/manual/en/reserved.variables.server.php
You can simply use "/" as the document root.

Also looking over your code, it doesn't look very safe. Should be fine for personal use though.
Goof #3

Goof's profile picture

767 posts

Posted 02 April 2014 - 02:15 PM
Shazz, on 02 April 2014 - 12:39 AM said:
move_uploaded_file() is not what you would use in this case.

Use file_put_contents($filename, $contents) in this case.

Also, $_SERVER['php_self'] will return path to the executing file (relative to the document root).
More info: http://www.php.net/m...bles.server.php
You can simply use "/" as the document root.

Also looking over your code, it doesn't look very safe. Should be fine for personal use though.

Oh, Okay. Thank you very much!

And yes its not secure at all, because its for personal use xD

Thank you!
Goof #4

Goof's profile picture

767 posts

Posted 03 April 2014 - 09:09 PM
EDIT: Just figured out that i was placing the OR parameter in the wrong place.. XD minor mistake.. Thank you anyway.


Hello Again everyone..

I've managed to get time to make some security on my php-webpage.

The security i currently have is via a hashed password, which is transferred in a $_post["auth"].

But for somehow no reason the if statement still allows "wrong" authentification codes in that auth post… How and why does it do that?

PHP_code
__ Removed all links to websites etc.

<!--?php
  $secure_hash_auth=$_POST["auth"];
  $authCode=hash("sha256", "somethingwhichismycode");
  echo $secure_hash_auth; /*This was debugging to see if i actually sent the auth code. ( it did )*/
  if("HEllo"=="HEllo"){ /* debug if statement test... this also works */
	echo 'HELLO!"#!#';
  }

  if(!$secure_hash_auth==$authCode){
/* here it doesnt work... for example:
If $authCode was 1234 and $secure_hash_auth were 29301409237092 then this doesnt occour... it just passess this "NOT equal to authcode"
How and Why ?
*/
	echo "ACCESS DENIED \n";
	echo "You did not enter this site with an authorized authentification code!\n";
	echo "Please leave this site!\n\n
";
	echo "Secure post: > " . $secure_hash_auth . "
";
	/*echo "AuthCode: > " . $authCode;*/
  } else{
	$postresptype=$_POST["RESPONSETYPE"] or "put";
	$postdata=$_POST["POSTDATA"] or "error_loading_postdata_ERROR!";
	$posttype=$_POST["POSTTYPE"] or "other";
	$postname=$_POST["POSTNAME"] or "error_getting_postname!";

	$currentPath=$_SERVER["PHP_SELF"];
	$endPath="files/" . $posttype . "/" . $postname;
	if($postresptype=="put") {
	  if(!file_exists($endPath)) {
		touch($endPath) or die("Touch_error");
	  } else {
		die("File already exists!");
	  }
	  file_put_contents($endPath, $postdata) or die("ERROR putting data into file!");
	  $response="Done!";
	} elseif($postresptype=="get") {
	  if(!file_exists($endPath)) {
		echo "File does not exist!";
	  } else {
		$response=file_get_contents($endPath);
	  }
	} elseif($postresptype=="del") {
	  if(!file_exists($endPath)) {
		echo "File does not exist!";
	  } else {
		$response=unlink($endPath);
		if($response=="1") {
		  $response="Done!";
		} else{
		  $response="Failed!";
		}
	  }
	} elseif($postresptype=="dir") {
	  $fileList_files=scandir("files");
	  $fileList_api=scandir("files/api");
	  $fileList_program=scandir("files/program");
	  $fileList_other=scandir("files/other");
	  foreach ($fileList_files as $key) {
		if($key==".") {

		} elseif($key=="..") {

		} else {
		  $result="/files/".$key . "\n";
		  echo $result;
		}
	  }
	  foreach ($fileList_api as $key) {
		if($key==".") {

		} elseif($key=="..") {

		} else {
		  $result="/files/api/".$key . "\n";
		  echo $result;
		}
	  }
	  foreach ($fileList_program as $key) {
		if($key==".") {

		} elseif($key=="..") {

		} else {
		  $result="/files/program/".$key . "\n";
		  echo $result;
		}
	  }
	  foreach ($fileList_other as $key) {
		if($key==".") {

		} elseif($key=="..") {

		} else {
		  $result="/files/other/".$key . "\n";
		  echo $result;
		}
	  }
	}
	echo $response;
  }
?>



Thanks in Advance
Edited on 03 April 2014 - 07:14 PM