|
|
Posted by frizzle on 04/05/06 13:06
frizzle wrote:
> bobzimuta wrote:
> > Are you allowing your web server write permissions to the folder?
> > Assuming the webserver runs as 'nobody' .
> > 755 with ownership nobody, nobody . Otherwise you'll need
> > 775 with ownership frizzle, nobody
> >
> >
> > frizzle wrote:
> > > Gary L. Burnore wrote:
> > > > On 4 Apr 2006 15:10:39 -0700, "frizzle" <phpfrizzle@gmail.com> wrote:
> > > >
> > > > >Hi,
> > > > >
> > > > >I am at the base of an FTP thingy i'm building, and i noticed that
> > > > >it would only work if i chmod the folder 777, i thought to remember
> > > > >correctly that previously on another site chmod 744 was enough,
> > > > >now it isn't.
> > > > >Am i mistaking, and should it always be 777 ? And isn't a chmodded
> > > > >777 folder much more vulnerable?
> > > >
> > > >
> > > > Most definitely more vulnerable.
> > > >
> > > >
> > > > You want 755, not 744. You need the x bit set. It should look like
> > > > this:
> > > >
> > > > drwxr-xr-x ... ...
> > > >
> > > >
> > > > The x on a directory means search, not execute. If you can't search
> > > > the directory, you can't read the files in it.
> > > >
> > > > If you want people to be able to find the files but not list the
> > > > directory when they're on the server, you can set the directory as 711
> > > > which would look like:
> > > >
> > > > drwx--x--x ... ...
> > > >
> > > >
> > > >
> > > > >Frizzle.
> > > > >
> > > > >
> > > > >Code sofar below:
> > > > >
> > > > >
> > > > >++++++++++++++++++++++++++
> > > > ><?php
> > > > >
> > > > > require_once('../inc/globals.php');
> > > > >
> > > > > if( isset( $_FILES['image'] ) ){
> > > > >
> > > > >$ftp_conn = @ftp_connect( $default_ftp_server )or
> > > > >die('<b>Error!</b>');
> > > > >@ftp_login( $ftp_conn, $default_ftp_user, $default_ftp_pass )or
> > > > >die('<bError!</b>');
> > > > >
> > > > >$uploaddir = '../items/';
> > > > >$uploadfile = $uploaddir . basename( $_FILES['image']['name'] );
> > > > >
> > > > >if ( move_uploaded_file( $_FILES['image']['tmp_name'], $uploadfile ) ){
> > > > > echo "File is valid, and was successfully uploaded.";
> > > > >} else {
> > > > > echo "Possible file upload attack!";
> > > > >};
> > > > >
> > > > >ftp_close( $ftp_conn );
> > > > >
> > > > >};
> > > > >
> > > > >?>
> > > > ><form action="<?php echo $PHP_SELF; ?>" method="post"
> > > > >enctype="multipart/form-data" name="images" target="_top" id="images"
> > > > >class="form">
> > > > > <input name="image" type="file" id="image">
> > > > > <br>
> > > > > <input type="submit" name="upload" id="upload" value="Upload">
> > > > > <input name="cancel" type="button" id="cancel" value="Cancel"
> > > > >onClick="javascript:history.go(-1) ">
> > > > ></form><?php
> > > > >
> > > > > if (is_dir($uploaddir)) {
> > > > > if ($dh = opendir($uploaddir)) {
> > > > > while (($file = readdir($dh)) !== false) {
> > > > > if ($file !== '..' && $file !== '.') echo "filename: $file :
> > > > >filetype: " . filetype($uploaddir . $file) . "<br>\r\n";
> > > > > }
> > > > > closedir($dh);
> > > > > }
> > > > > };
> > > > >
> > > > >?>
> > > > >----------------------------------------------------
> > > > --
> > > > gburnore at DataBasix dot Com
> > > > ---------------------------------------------------------------------------
> > > > How you look depends on where you go.
> > > > ---------------------------------------------------------------------------
> > > > Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
> > > > | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
> > > > Official .sig, Accept no substitutes. | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
> > > > | ÝÛ 0 1 7 2 3 / Ý³Þ 3 7 4 9 3 0 Û³
> > > > Black Helicopter Repair Services, Ltd.| Official Proof of Purchase
> > > > ===========================================================================
> > >
> > > Hmm, i still get an error; i chmodded both the destination folder AND
> > > the executing script-file 755.
> > >
> > > Warning: move_uploaded_file(../items/bg.jpg): failed to open stream:
> > > Permission denied in
> > > /home/httpd/vhosts/domain.com/httpdocs/new/admin/ftptest.php on line 15
> > >
> > > Read mode Write mode Execute/search mode
> > > Owner + + +
> > > Group + - +
> > > Others + - +
> > >
> > > Frizzle.
>
> Standard (DW created files/dirs) have user 'domainname', permissions
> 'rwx r-x r-x ',
> Ftp app uploaded (with chmod 777) have user 'apache', permissions 'rw-
> --- --- '
>
> Frizzle.
Is there a possibility to upload files via PHP without Chmodding, and
keep the same group / permissions on uploaded files as those uploaded
with, say, DreamWeaver or WS_FTP ?
Frizzle.
(E.g. with ftp_put() wich i can't seem to get working.)
Navigation:
[Reply to this message]
|