Community @ The Turning Gate

Support community for TTG plugins and products.

NOTICE

The Turning Gate's Community has moved to a new home, at https://discourse.theturninggate.net.

This forum is now closed, and exists here as a read-only archive.

  • New user registrations are disabled.
  • Users cannot create new topics.
  • Users cannot reply to existing topics.

You are not logged in.

#1 2019-01-31 22:58:34

mad
Member
From: Arkansas
Registered: 2014-01-03
Posts: 154
Website

Running a non-phplugin php file from Pangolin Page

I have HTML code embedded in a Pangolin Page and I need to call my own PHP file and not the phplugin.  However, when I do I get the Forbidden access error.  Is there a way to do what I want? Here is my HTML embedded in the Pagolin Page Copy field.  I do have a custom css as well but the page works great just not executing my own PHP file.  Any help would be appreciated.

<html>
<body>
  <div id="uploads">
    <fieldset>
        <center><legend><font size="+2">Single Image upload</font></legend></center>
        <center><p><font size="+1">Choose an image to upload, and then press "Upload"</font></p></center>
        <form name="form1" enctype="multipart/form-data" method="post" action="/backlight/custom/phplugins/keylightupload.php" />
            <p><input type="file" size="64" name="img_field" value="" /></p>
            <p class="button"><input type="hidden" name="action" value="image" />
            <input type="submit" name="Submit" value="Upload" /></p>
        </form>
    </fieldset>

    <fieldset>
        <center><legend><font size="+2">Multiple image uploads</font></legend></center>
        <center><p><font size="+1"><p>Choose multiple image files to upload, and press "upload"</font></p></center>
        <form name="form2" enctype="multipart/form-data" method="post" action="/backlight/custom/phplugins/keylightupload.php">
            <p><input type="file" size="64" name="img_field[]" value="" multiple="multiple"/></p>
            <p class="button"><input type="hidden" name="action" value="multiple" />
            <input type="submit" name="Submit" value="Upload" /></p>
        </form>
        <p><strong>Note:</strong> Number of image files that can be uploaded per request is <strong>20.</strong></p>
    </fieldset>

</body>
</html>

Offline

#2 2019-02-01 00:19:35

rod barbee
Moderator
From: Port Ludlow, WA USA
Registered: 2012-09-24
Posts: 17,830
Website

Re: Running a non-phplugin php file from Pangolin Page

Have you checked permissions on the /backlight/custom/phplugins/ folder?


For your html, you don't need the html and body tags. Those are already included on the page and shouldn't be duplicated.
You also need to include a closing div tag </div> after the closing </fieldset> tag (that's important so the page layout isn't compromised)
You're also using some deprecated html. But none of that should pose any form problems, just an fyi.

Can you post a link to the page so that others who have more knowledge will have something to look at?


Rod 
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site

Offline

#3 2019-02-01 00:30:54

mad
Member
From: Arkansas
Registered: 2014-01-03
Posts: 154
Website

Re: Running a non-phplugin php file from Pangolin Page

I am checking on the permissions as far as the HTML; I haven't written HTML in a long time so my deprecated html is from old memory - lol!.  Anyway I missed the div tag my bad!!! Thanks for pointing out that I do not need the html and body tags for the Pangolin Page useful information.  I will post the link to the production page as soon as I upload from my testing box.  Thanks Rod.

Offline

#4 2019-02-01 00:42:36

rod barbee
Moderator
From: Port Ludlow, WA USA
Registered: 2012-09-24
Posts: 17,830
Website

Re: Running a non-phplugin php file from Pangolin Page

I was referring to folder permissions you can set on the folders themselves. You can do that with your FTP program.
They're probably already set as needed, but it's something to check out. I don't know if the phplugins folder needs read/write permission or not.
Mine is set to 755, which give read and execute rights to theowner, group and public. But it only gives write permissions to the owner.
Depending on what that file does (is it letting files be written to the phplugins/ folder?, it could be that you need to change the permissions of that folder to 777

But I don't know a whole lot about that. Hopefully Ben or Matt or Daniel will come along with some better info.


Rod 
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site

Offline

#5 2019-02-01 01:11:31

mad
Member
From: Arkansas
Registered: 2014-01-03
Posts: 154
Website

Re: Running a non-phplugin php file from Pangolin Page

Yes, I understand the folder permissions and as far as I can tell they are set correctly.  I am thinking it is something to do with my test system box right now.  Although, my Production box server is Linux my test system is running IIS. I am thinking I missed something in my IIS setup but as soon as I upload my changes to my Production Box I will find out if it is the permissions or the difference between my setup on Linux versus IIS.

Offline

#6 2019-02-01 02:53:35

Daniel Leu
Moderator
Registered: 2012-10-11
Posts: 1,624
Website

Re: Running a non-phplugin php file from Pangolin Page

You would need to use phplugins to call your custom php code. Depending on what your custom code does, select the most appropriate hook, maybe copy_bottom().


Daniel Leu | Photography   
DanielLeu.com
My digital playground (eg, Backlight tips&tricks): lab.DanielLeu.com

Offline

#7 2019-02-01 04:34:15

mad
Member
From: Arkansas
Registered: 2014-01-03
Posts: 154
Website

Re: Running a non-phplugin php file from Pangolin Page

I uploaded all my new changes and on the problem I originally described; I am having the same problem I get the Forbidden permissions error for the /backlight/custom/phplugins/keylightupload.php after I submit my upload btn. Here is the link to the page: https://keylightphotography.us/uploadpage/  I checked the folder and I have 755 but not writing to the phplugin directory.  Maybe Matt or Ben can take a look - I most likely missed something.

Offline

#8 2019-02-01 04:39:16

mad
Member
From: Arkansas
Registered: 2014-01-03
Posts: 154
Website

Re: Running a non-phplugin php file from Pangolin Page

He.re is my direct email if they need to ask for userid's and pswds: keylightphotography@gmx.com

Offline

#9 2019-02-01 05:52:28

rod barbee
Moderator
From: Port Ludlow, WA USA
Registered: 2012-09-24
Posts: 17,830
Website

Re: Running a non-phplugin php file from Pangolin Page

Try changing the permissions to 777


Rod 
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site

Offline

#10 2019-02-01 06:17:48

mad
Member
From: Arkansas
Registered: 2014-01-03
Posts: 154
Website

Re: Running a non-phplugin php file from Pangolin Page

No effect same issue.

Offline

#11 2019-02-01 06:18:02

Daniel Leu
Moderator
Registered: 2012-10-11
Posts: 1,624
Website

Re: Running a non-phplugin php file from Pangolin Page

I did a quick test on my site and I get this working when I disable /backlight/custom/phplugins/.htaccess or when I move my script to the root directory.  Best might be to add an additional rule to this .htaccess file to allow accessing your script or host your file-upload infrastructure separate of /backlight.


Daniel Leu | Photography   
DanielLeu.com
My digital playground (eg, Backlight tips&tricks): lab.DanielLeu.com

Offline

#12 2019-02-01 06:20:37

Ben
Moderator
From: Melbourne, Australia
Registered: 2012-09-29
Posts: 4,399

Re: Running a non-phplugin php file from Pangolin Page

* IIS is absolutely not recommended.  That removes two requirements from the installation: Linux and Apache.  IIS handles things differently.

* I would not recommend 777 except as a last resort.  755 should usually do.

* phplugins is a protected directory by design.  Files from there are intended to be loaded by the server and not called from the web. You can unprotect it by modifying phplugins/.htaccess to remove or disable the Deny line.  Modifying Backlight to do things it's not intended to is at your own risk.

* Allowing uploads from the public is an inherently dangerous operation.  You would want to make sure they are saved to a benign location (e.g. a /tmp directory with noexec) with some kind of antivirus to protect against malicious files.

Offline

#13 2019-02-01 06:26:12

mad
Member
From: Arkansas
Registered: 2014-01-03
Posts: 154
Website

Re: Running a non-phplugin php file from Pangolin Page

Hmm I get the same error when I try to view it from my cpanel but interesting I can edit it.

Offline

#14 2019-02-01 07:12:42

mad
Member
From: Arkansas
Registered: 2014-01-03
Posts: 154
Website

Re: Running a non-phplugin php file from Pangolin Page

Ben, The error happens on the Linux/Apache production web server as well. I did try changing the permissions to no avail.  However, I have not tried the .htaccess file.  But, to protect the phplugins directory I could move the files to a different directory thus isolating the php files for this; your thoughts?  Yes, I am aware of the issues and I have already taken it into account to upload to /tmp no exec location and then process them for antivirus or other issues before moving them to a more permanent location; Also, I am deleting the tmp files as well.

Offline

#15 2019-02-01 07:17:25

mad
Member
From: Arkansas
Registered: 2014-01-03
Posts: 154
Website

Re: Running a non-phplugin php file from Pangolin Page

Just for your information my IIS Server is only for testing at home and is not accessible from outside.  But, I am aware of the differences between IIS and Linux/Apache stuff.  In anycase, IIS is running fine as my test server for now - eventually I plan on moving it to a Linux/Apache server most likely within a month or so.  Again I use it only for testing at home.  My Production Server is Debian Linux/Apache.

Offline

#16 2019-02-01 07:21:05

mad
Member
From: Arkansas
Registered: 2014-01-03
Posts: 154
Website

Re: Running a non-phplugin php file from Pangolin Page

Yup changing the .htaccess file worked. Thanks to Ben and Daniel much appreciated.

Offline

#17 2019-02-01 07:27:52

mad
Member
From: Arkansas
Registered: 2014-01-03
Posts: 154
Website

Re: Running a non-phplugin php file from Pangolin Page

I am going to host the file-upload infrastructure separate of /backlight.  I think that will be the best solution and to isolate any possible contamination.  Thanks again.

Offline

Board footer

Powered by FluxBB