Thursday, February 2, 2012

PHP Hide your Files location

SkyHi @ Thursday, February 02, 2012
This Code , will Help you Hide your files location, Images, MP3, Video .. and Create a Mask Link to the files .

Example : Your link is :
http://www.somesitehere.com/image.jpg

with this code the link will look like :

http://www.somesitehere.com/getfile.php?file=image.jpg

u can even make catgoreys , and the link will look like

Download

Make sure to edit the code Below to Put down the Name of the Directory will Include ur files that u need to hide thier location , Better way to move your files outside the root of ur site and link to them useing this code .

I have no idea who wrote this Code , Just found it in Google , . I just Modifided it with help of zelfase to fix some bug .

Save the file as getfile.php and edit line 3 if needed.


<?php
// Usage: Download 
// Path to downloadable files (will not be revealed to users so they will never know your file's real address) 
$hiddenPath = "secretfiles/"; 

// VARIABLES 
if (!empty($_GET['file'])){ 
$file = str_replace('%20', ' ', $_GET['file']); 
$category = (!empty($_GET['category'])) ? $_GET['category'] . '/' : ''; 
} 
$file_real = $hiddenPath . $category . $file; 
$ip = $_SERVER['REMOTE_ADDR']; 

// Check to see if the download script was called 
if (basename($_SERVER['PHP_SELF']) == 'download.php'){ 
if ($_SERVER['QUERY_STRING'] != null){ 
// HACK ATTEMPT CHECK 
// Make sure the request isn't escaping to another directory 
//if (substr($file, 0, 1) == '.' ¦¦ strpos($file, '..') > 0 ¦¦ substr($file, 0, 1) == '/' ¦¦ strpos($file, '/') > 0)  { 
if ((substr($file, 0, 1) == '.') || (strpos($file, '..') > 0) || (substr($file, 0, 1) == '/') || (strpos($file, '/') > 0)) 
{ 

// Display hack attempt error 
echo("Hack attempt detected!"); 
die(); 
} 
// If requested file exists 
if (file_exists($file_real)){ 
// Get extension of requested file 
$extension = strtolower(substr(strrchr($file, "."), 1)); 
// Determine correct MIME type 
switch($extension){ 
case "png": $type = "video/x-ms-asf"; break; 
case "avi": $type = "video/x-msvideo"; break; 
case "jpg": $type = "application/octet-stream"; break; 
case "jpeg": $type = "video/quicktime"; break; 
case "mp3": $type = "audio/mpeg"; break; 
case "mpg": $type = "video/mpeg"; break; 
case "gif": $type = "video/mpeg"; break; 
case "rar": $type = "encoding/x-compress"; break; 
case "txt": $type = "text/plain"; break; 
case "wav": $type = "audio/wav"; break; 
case "pdf": $type = "text/plain"; break; 
case "doc": $type = "audio/wav"; break; 
case "jpeg": $type = "text/plain"; break; 
case "bmp": $type = "audio/wav"; break; 
case "wma": $type = "audio/x-ms-wma"; break; 
case "wmv": $type = "video/x-ms-wmv"; break; 
case "zip": $type = "application/x-zip-compressed"; break; 
default: $type = "application/force-download"; break; 
} 
// Fix IE bug [0] 
$header_file = (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) ? preg_replace('/\./', '%2e', $file, substr_count($file, '.') - 1) : $file; 
// Prepare headers 
header("Pragma: public"); 
header("Expires: 0"); 
header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 
header("Cache-Control: public", false); 
header("Content-Description: File Transfer"); 
header("Content-Type: " . $type); 
header("Accept-Ranges: bytes"); 
header("Content-Disposition: attachment; filename=\"" . $header_file . "\";"); 
header("Content-Transfer-Encoding: binary"); 
header("Content-Length: " . filesize($file_real)); 
// Send file for download 
if ($stream = fopen($file_real, 'rb')){ 
while(!feof($stream) && connection_status() == 0){ 
//reset time limit for big files 
set_time_limit(0); 
print(fread($stream,1024*8)); 
flush(); 
} 
fclose($stream); 
} 
}else{ 
// Requested file does not exist (File not found) 
echo("Requested file does not exist"); 
die(); 
} 
} 
} 
?>



PHP: Hide the Real File URL and Provide Download via a PHP Script

There are times when you need to store a file (such as one that you sell for profit) outside of the document root of your domain and let the buyers download it via a PHP script so as to hide the real path, web address or URL to that file. Use of this approach enables you to:

Check for permissions first before rendering the file download thus protecting it from being downloaded by unprivileged visitors.
Store the file outside of the web document directory of that domain – a good practice in web security in protecting sensitive and important data.
Count the number of downloads and collect other useful download statistics.

Now the actual tip. Given that you have put the file to be downloaded via the PHP script in place at /home/someuser/products/data.tar.gz, write a PHP file with the following content in it and put it in the web document directory where your site visitors can access:

<?php
$path = '/home/someuser/products/data.tar.gz'; // the file made available for download via this PHP file
$mm_type="application/octet-stream"; // modify accordingly to the file type of $path, but in most cases no need to do so

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: " . $mm_type);
header("Content-Length: " .(string)(filesize($path)) );
header('Content-Disposition: attachment; filename="'.basename($path).'"');
header("Content-Transfer-Encoding: binary\n");

readfile($path); // outputs the content of the file

exit();


REFERENCES
http://www.codingforums.com/showthread.php?t=185272
http://www.kavoir.com/2009/05/php-hide-the-real-file-url-and-provide-download-via-a-php-script.html
http://stackoverflow.com/questions/6647165/hide-download-file-location-redirect-download

Wednesday, February 1, 2012

Redundant Servers and Load Balancing using MX Records

SkyHi @ Wednesday, February 01, 2012
The normal mail delivery process looks up DNS Mail Exchange (MX) records to determine the destination host. A MX record tells the sending system where to deliver mail for a certain domain. It is also possible to have several MX records for a single domain, they can have different priorities. For example, our MX record looks like that:

Code:
> dig -t mx proxmox.com

;; ANSWER SECTION:
proxmox.com.            22879   IN      MX      10 mail.proxmox.com.

;; ADDITIONAL SECTION:
mail.proxmox.com.       22879   IN      A       213.129.239.114
Please notice that there is one single MX record for the Domain proxmox.com, pointing to mail.proxmox.com. The 'dig' command automatically puts out the corresponding address record if it exists. In our case it points to "213.129.239.114". The priority of our MX record is set to 10 (preferred default value).

Hot Standby with backup MX Records

Many people do not want to install two redundant mail proxies, instead they use the mail proxy of their ISP as fallback. This is simply done by adding an additional MX Record with a lower priority (higher number). With the example above this looks like that:

Code:
proxmox.com.            22879   IN      MX      100 mail.provider.tld.
Sure, your provider must accept mails for your domain and forward received mails to you.

You will never lose mails with such a setup, because the sending Mail Transport Agent (MTA) will simply deliver the mail to the backup server (mail.provider.tld) if the primary server (mail.proxmox.com) is not available.

Load Balancing wit MX Records

Using your ISPs mail server is not always a good idea, because many ISPs do not use advanced spam prevention techniques like greylisting. It is often better to run a second server yourself to avoid lower spam detection rates.

Anyways, it's quite simple to set up a high performance load balanced mail cluster using MX records. You just need to define two MX records with the same priority. I will explain this using a complete example to make it clearer.

First, you need to have 2 working proxmox mail gateways (mail1.example.com and mail2.example.com), each having its own IP address (the rest of the setting should be more or less equal, i.e. you can use backup/restore to copy the rules). Let us assume the following addresses (DNS address records):

Code:
mail1.example.com.       22879   IN      A       1.2.3.4
mail2.example.com.       22879   IN      A       1.2.3.5
Btw, it is always a good idea to add reverse lookup entries (PTR records) for those hosts. Many email systems nowadays reject mails from hosts without valid PTR records. Then you need to define your MX records:

Code:
example.com.            22879   IN      MX      10 mail1.example.com.
example.com.            22879   IN      MX      10 mail2.example.com.
This is all you need. You will receive mails on both hosts, more or less load balanced. If one host fails the other is used.

Other ways

Multiple Address Records: Using several DNS MX record is sometime clumsy if you have many domains. It is also possible to use one MX record per domain, but multiple address records:

Code:
example.com.            22879   IN      MX      10 mail.example.com.
mail.example.com.       22879   IN      A       1.2.3.4
mail.example.com.       22879   IN      A       1.2.3.5
Using Firewall features: Many firewalls can do some kind of RR-Scheduling when using DNAT. See your firewall manual for more details.




REFERENCES
http://forum.proxmox.com/threads/73-Redundant-Servers-and-Load-Balancing-using-MX-Records

Tuesday, January 31, 2012

How can I mount an FTP to a drive letter in windows?

SkyHi @ Tuesday, January 31, 2012



REFERENCES
http://serverfault.com/questions/6079/how-can-i-mount-an-ftp-to-a-drive-letter-in-windows