assuming you have the correct access you can do the following
say your default web directory is "/web" and you want to allow uploads into the "/web/images"directory
from the command line in the web directory type
chmod o=rwx images
your command line might look like this
[web]$ chmod o=rwx images
thats it - i don't know if there is an security implications for this if you our anybody know please e-mail me
i have a problem like that too. for uploading files i have to chmod my pic directory to 777. But i didn't. because its so unsecure to do that. it means everyone can write everything there.. Also delete everything.. Also to fill that directory...
write me your opinion... :-)
Have you tried CHMOD 666, this worked on a server we were uploading to not long since, because yes 777 is pretty unsecure and your ISP will probably end up changing it back anyway!
problem is:
i want to upload my files to my domain. but for uploading i must open write permission in that directory. it solves a problem but it's unsecure too. because now(no write protect), everyone can upload his files, delete files, modify files... thats the problem. and... my server admin dont let me use chmod command. so i'm mailing him which directory must be in which permissins. it means i cant change my directories permissions in php script every time my script works. :-(
how can i solve this problem? can i solve?
Elsad,
have you tried Paul's suggestion of chmod 666 , it seems a bit devilish to me (ha!,ha!) . The uploading script that i have is fine for the purpose of its use the script can only be run if an administrator is logged in . The way to do this is to give the upload directory a name with letters and number so that no one can guess it , then only allow admin users to use the script . when the file is uploaded move it into another directory .
If you have any other ideas i would like to hear of them .
Regards,
Garreth
that's really good idea... (letter and numbers) but ... how am i going to move them? i dont want to do moving manually...
thanks for idea..
you could use the move function see
http://www.php.net/manual/en/function.move-uploaded-file.php
not 100% sure of the function as i've never used it . What do you make of it ?
Regards,
Garreth
i used it.
it wants write permission too...
and its unsecure too (open write permission)
you said that i can name my directory random by letters and numbers for not guessing it...
but for showing that picture i must send the path to the browser ...
elsad,
if you want to allow users to upload a file to your site and the users don't know the directory that it is being uploaded to , assuming that you have set a maximum file size limit , where is the problem ? Also if you want you could limit the users that are allowed to use the script by adding userid's and passwords from a populated database .
What exactly are you worried about .
if it is the write permission on the move of the file after the upload you could execute a system command before and then after the move procedure .
Regards,
Garreth
im building a photo site. i have writen all php script to run. i wrote administrating scritp too. for uploading a file, for adding it to the tabel automatically... so on..
but it has some problems with uploading. my problem is..
for uploading photos to site i must have write permission to that directory. i have it. but not in script. i have it if im connecting with ftp. so my script erroring me "cant crate file. permission denied" thats first error.
second: i cant execute system command "chmod". because admin dont let me. i havent got a permission to execute this command. i mean i cant change my permissions. my site is in www.f2s.com thats second problem.
third: i cant connect to my ftp by scritp. "undefined function error".
have you got any idea? have i got any chance yet? :-)
elsad,
sent me the code you are trying to use for the ftp and i will try and run it on my site .When i get it working i'll send it back to you .
Regards,
Garry.
Does anyone know of a way to upload files via a form, from one server i.e http://www.mydomain.com to another server http://www.myotherdomain.com. The script seems to disagree with the http:// bit of the upload path.
Regards Paul
Richard ,
you telnet to the server and run it then
here is a copy of a message i previously wrote in this discussion .
assuming you have the correct access you can do the following
say your default web directory is "/web" and you want to allow uploads into the "/web/images"directory
from the command line in the web directory type
chmod o=rwx images
your command line might look like this
[web]$ chmod o=rwx images
thats it - i don't know if there is an security implications for this if you our anybody know please e-mail me
and this is my code...
<?php
require("functions.php");
$filename=nextfilename();
$path = sprintf("/www.mydomain.f2s.com/photo/%s.jpg",$filename);
$path2=sprintf("/www.mydomain.f2s.com/photo/m%s.jpg",$filename);
echo ("<br>$path<br>");
echo ("$path2<br>");
echo ("<body bgcolor=\"#FFFFFF\">");
$conn_id = ftp_connect("ftp.mydomain.f2s.com");
$login_result = ftp_login($conn_id, "username", "userpass");
if ((!$conn_id) || (!$login_result)) {
echo "Ftp connection has failed!";
echo "Attempted to connect to ftp_server for user username";
die;
exit;
} else {
echo "Connected to ftp_server, for user username";
}
$upload = ftp_put($conn_id, $path, $file, FTP_BINARY);
$upload2 = ftp_put($conn_id, $path2, $minifile, FTP_BINARY);
if ((!$upload)||(!$upload2)) {
echo "Ftp upload has failed!";
die;
exit;
} else {
echo "Uploaded source_file to ftp_server as destination_file";
}
ftp_quit($conn_id);
unlink ($file);
unlink ($minifile);
include ("submit.php");
?>
i'll test this code tonight , i accidently put the email replies on my spam list so i wasn't recieving replies . Back to you soon .
Garry
elsad,
i had a brief chance to look at the code , i think the problem is the following :
When you login through ftp your directory will default to the user default directory as specified by the isp provider so say you logged in as "elsad" the directory would be elsad , what to do now is after a successful connection change the directory e.g
$result = ftp_chdir($conn_id , "../../web")
here i am going back two directories and then going forward to the web directory .
what i would suggest to you is to login from a command line and figure out the path to the photos directory
then alter the code above as required .
Also after changing directories you don't need the following which you had
$path = sprint("/www.mydomain.f2s.com/photo/s.jpg",$filename);
$path2=sprintf("/www.mydomain.f2s.com/photo/m%s.jpg",$filename);
all you need is to specify the file name as the path so when you a putting the file it will be like
$upload = ftp_put($conn_id, $destinationfile, $file, FTP_BINARY);
where destination file is whatever you want to call it .
also why are you trying to delete the localfile ??
I'll test out the ftp code that i wrote tonight and then send it on to you .
Regards,
Garry.
when im logging in from ftp in command line im in my host dir. it means my files are in "/www.elsad.f2s.com/public_html" ?!
in my scritp im getting "unnown command ftp_connect" in www.f2s.com. i put my scritp in xoasis.com. there is nothing there. no errors and no upload ?!
some people saing that "you cant upload a file in your script when php running in secure mod." is it true?
and what do you mean im tring to delete a local file?
my all files' names will be different. and im not tring to delete any file?
elsad,
In response to the ftp_connect error you are getting this means that ftp is disabled on the server you are running the script from . This happened me with my isp . I tried running the script from my pc which has w2k running iis and php4.04 and it ran perfectly .
In your script you are deleting a file the unlink() function deletes a file but this is when i looked at your script again i realised that you are only deleting the temporary file that would be uploaded to the temporay uploads directory .
I never new of xoasis.com before , is it really true that everything is free bar the domain registration ?
Anyway i think you should either ringup or write an email to your isp and tell them of your problem , more than likely because of the fact that the have an awful lot of things disabled on the server they surely have a tool to help you with your problem . If you have an more questions email me at garrethkelly@hotmail.com
Bye
i mail to support@f2s.com but nothing... i mailed many times but no answers. and in that sites forum the users wrote that "there is a problem in uploading file in php. use perl for uploading files."
also there is writing that its reason is, to run php in secure (or protected) mode (?)
im going to try in perl.
thanks for your help and opinions...
I got a similar error message for my picture upload script (on Redhat 7.1).
I changed the owner of my pictures directory to apache (Apache runs under the user apache).
[root@iie images] chown apache:apache pictures
And that was not enough. I discovered that the user apache has to have execute permission on the directory, too.
[root@iie images] chmod 744 pictures
Now, I am able to upload pictures via post and PHP's move_uploaded_file() function.
(see http://www.php.net/manual/en/features.file-upload.php for the code)
Regards.
Mengu