|
|
Posted by Dikkie Dik on 02/08/07 12:13
> Hi
> I have built a free-php-space website, after the user is
> registered, he will have 100MB php space. the server is linux+apache.
> The location of the user's file is in:
>
> /phpspace/<username>
>
> My problem is : if user A has uploaded a php file, user A can use php
> to read user B directory. How can i isolate them?
You can't. In fact, it is not user A who put the file there. Uploading
works as follows: The file sent by the browser is put in the server's
temp directory. From there, you use the move_uploaded_file() function to
put it in, say /phpspace/usera/. It is the webserver-system-user (such
as "apache") who put the file in that directory.
> That mean if there is php file in /phpspace/usera/index.php, how can i
> make it can read the directory phpspace/usera only?
If /phpspace/usera/ is publicly visible (from the browser, I mean), then
everyone can access the file. Therefore, it is better to put these user
directories outside the webroot. In that case, only the server can reach
them, and you can do any user management in PHP.
Best regards
Navigation:
[Reply to this message]
|