|
|
Posted by frizzle on 04/10/06 15:58
Jerry Stuckle wrote:
> frizzle wrote:
> > Jerry Stuckle wrote:
> >
> >>frizzle wrote:
> >>
> >>>Jerry Stuckle wrote:
> >>>
> >>>
> >>>>frizzle wrote:
> >>>>
> >>>>
> >>>>>Jerry Stuckle wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>>frizzle wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>Jerry Stuckle wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>frizzle wrote:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>Jerry Stuckle wrote:
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>>frizzle wrote:
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>>Jerry Stuckle wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>>frizzle wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>>Jerry Stuckle wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>>Gary L. Burnore wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>On Wed, 05 Apr 2006 07:55:14 -0500, Jerry Stuckle
> >>>>>>>>>>>>>>><jstucklex@attglobal.net> wrote:
> >>>>>>>>>>>>>>>.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>Standard (DW created files/dirs) have user 'domainname', permissions
> >>>>>>>>>>>>>>>>>>'rwx r-x r-x ',
> >>>>>>>>>>>>>>>>>>Ftp app uploaded (with chmod 777) have user 'apache', permissions 'rw-
> >>>>>>>>>>>>>>>>>>--- --- '
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>Frizzle.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>Is there a possibility to upload files via PHP without Chmodding, and
> >>>>>>>>>>>>>>>>>keep the same group / permissions on uploaded files as those uploaded
> >>>>>>>>>>>>>>>>>with, say, DreamWeaver or WS_FTP ?
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>Frizzle.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>(E.g. with ftp_put() wich i can't seem to get working.)
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>Only if you can ftp in as the web server.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>It depends on the ftp server, actually. Our ftp server correctly sets
> >>>>>>>>>>>>>>>the permissions for you when you push. Seems your ISP has something
> >>>>>>>>>>>>>>>set incorrectly.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>No, he was asking how to upload files with PHP - not with FTP.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>--
> >>>>>>>>>>>>>>==================
> >>>>>>>>>>>>>>Remove the "x" from my email address
> >>>>>>>>>>>>>>Jerry Stuckle
> >>>>>>>>>>>>>>JDS Computer Training Corp.
> >>>>>>>>>>>>>>jstucklex@attglobal.net
> >>>>>>>>>>>>>>==================
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>Sorry, kind of lost it here; is it possible to FTP via PHP w/o any
> >>>>>>>>>>>>>chmodding etc.
> >>>>>>>>>>>>>So i could mail a zipfile to a client, tell them to unpack it and
> >>>>>>>>>>>>>upload it, and
> >>>>>>>>>>>>>have the upload script up and running ... ?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>Frizzle.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>Frizzle,
> >>>>>>>>>>>>
> >>>>>>>>>>>>No, you can't upload via PHP. FTP is a system service, just as telnet, ssh and
> >>>>>>>>>>>>web server are.
> >>>>>>>>>>>>
> >>>>>>>>>>>>When you ftp a file to the server, the owner of the file is the userid who
> >>>>>>>>>>>>uploaded the file (signed into ftp). But when you upload via PHP, you're using
> >>>>>>>>>>>>the web server, and the owner is the userid of the server itself.
> >>>>>>>>>>>>
> >>>>>>>>>>>>--
> >>>>>>>>>>>>==================
> >>>>>>>>>>>>Remove the "x" from my email address
> >>>>>>>>>>>>Jerry Stuckle
> >>>>>>>>>>>>JDS Computer Training Corp.
> >>>>>>>>>>>>jstucklex@attglobal.net
> >>>>>>>>>>>>==================
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>Ok, thanks.
> >>>>>>>>>>>Not to go on and on about this, but the other thing i asked is
> >>>>>>>>>>>impossible as well then?
> >>>>>>>>>>>
> >>>>>>>>>>>"So i could mail a zipfile to a client, tell them to unpack it and
> >>>>>>>>>>>upload it,
> >>>>>>>>>>>and have the upload script up and running ... ?"
> >>>>>>>>>>>
> >>>>>>>>>>>Frizzle.
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>It's easy to ftp or to upload via PHP. Both work quite well (unless the
> >>>>>>>>>>server's configuration is screwed up). It's when you try to mix the two you
> >>>>>>>>>>start running into permission problems and need to chmod.
> >>>>>>>>>>
> >>>>>>>>>>--
> >>>>>>>>>>==================
> >>>>>>>>>>Remove the "x" from my email address
> >>>>>>>>>>Jerry Stuckle
> >>>>>>>>>>JDS Computer Training Corp.
> >>>>>>>>>>jstucklex@attglobal.net
> >>>>>>>>>>==================
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>owkaaaaayyyy, i never realized ftp and uploading aren't the same
> >>>>>>>>>thing...
> >>>>>>>>>I don't need to mix them, i need a script to upload files, wich can
> >>>>>>>>>prefferably
> >>>>>>>>>run without any chmodding etc.
> >>>>>>>>>
> >>>>>>>>>Frizzle.
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>>Ok, you just need to ensure you have the original directory permissions set
> >>>>>>>>properly, then. In a typical installation the directory would be owned by the
> >>>>>>>>webserver's userid with permissions of 755.
> >>>>>>>>
> >>>>>>>>And I hope I didn't confuse you. You can upload via HTTP, or with the ftp PUT
> >>>>>>>>command. In either case the file ends up on the server. But how it gets there
> >>>>>>>>is much different.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>--
> >>>>>>>>==================
> >>>>>>>>Remove the "x" from my email address
> >>>>>>>>Jerry Stuckle
> >>>>>>>>JDS Computer Training Corp.
> >>>>>>>>jstucklex@attglobal.net
> >>>>>>>>==================
> >>>>>>>
> >>>>>>>
> >>>>>>>When i create a new folder, either via Plesk, Dreamweaver or WS_FTP,
> >>>>>>>folders are standard chmodded 755.
> >>>>>>>That should be allright then ...
> >>>>>>>
> >>>>>>>Frizzle.
> >>>>>>>
> >>>>>>
> >>>>>>*Should be* is the key. If your host has things set ip properly, then yes you
> >>>>>>should be OK. But if not...
> >>>>>>
> >>>>>>And I'm not sure about Plesk, but I know DreamWeaver and WS_FTP both use ftp to
> >>>>>>transfer files. I suspect Plesk does, also.
> >>>>>>
> >>>>>>
> >>>>>>--
> >>>>>>==================
> >>>>>>Remove the "x" from my email address
> >>>>>>Jerry Stuckle
> >>>>>>JDS Computer Training Corp.
> >>>>>>jstucklex@attglobal.net
> >>>>>>==================
> >>>>>
> >>>>>
> >>>>>Well, ok, but where should i focus now to build a script to upload
> >>>>>files to my server?
> >>>>>FTP, or an other file transfer method?
> >>>>>It would be ideal if i could also create / delete folders ...
> >>>>>
> >>>>>Frizzle.
> >>>>>
> >>>>
> >>>>
> >>>>Frizzle,
> >>>>
> >>>>It depends on how you want to do things. If you're going to be the only one
> >>>>uploading, you can do ftp or http uploads. If you have users who may not be
> >>>>familiar with ftp, you should do http uploads.
> >>>>
> >>>>The downside of http uploads is you can't synchronize files between your local
> >>>>copy and the website with products like Dreamweaver.
> >>>>
> >>>>You can create and delete directories in PHP also, assuming your host hasn't
> >>>>disabled these functions and you have the appropriate permissions. So that's
> >>>>not a problem.
> >>>>
> >>>>It's all in how you want to maintain your site.
> >>>>
> >>>>
> >>>>--
> >>>>==================
> >>>>Remove the "x" from my email address
> >>>>Jerry Stuckle
> >>>>JDS Computer Training Corp.
> >>>>jstucklex@attglobal.net
> >>>>==================
> >>>
> >>>
> >>>It's meant for a user based site; users with certain priviledges are
> >>>allowed to add news and files to the site. No synchronizing
> >>>needed. Mostly images and mp3's, maybe some docs etc.
> >>>
> >>>Frizzle.
> >>>
> >>
> >>In that case I would suggest http uploads.
> >>
> >>Maybe the easiest way is to have an admin page where you can let PHP create the
> >>root directory(s) you wish, then let the main part of the site upload into these
> >>directories and, if necessary, create new directories.
> >>
> >>If the webserver creates them it will be the owner, also.
> >>
> >>--
> >>==================
> >>Remove the "x" from my email address
> >>Jerry Stuckle
> >>JDS Computer Training Corp.
> >>jstucklex@attglobal.net
> >>==================
> >
> >
> > Hmm, hope i'm not back at the start (the chmodding part) i get an
> > error:
> >
> > Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The
> > script whose uid is 10008 is not allowed to access / owned by uid 0 in
> > /home/httpd/vhosts/host.com/httpdocs/test/admin/ftp2.php on line 17
> >
> > Here is some more debugging info:Array
> > (
> > [userfile] => Array
> > (
> > [name] => photo.jpg
> > [type] => image/jpeg
> > [tmp_name] => /tmp/phpejdmGr
> > [error] => 0
> > [size] => 11469
> > )
> >
> > )
> >
> >
> > Does this have something to do with the Chmodding again ? (Please tell
> > me it doesn't...)
> >
> > Frizzle.
> >
>
> I have no idea - don't know what code you're using.
>
> But it looks like you're trying to access the system root directory ('/') -
> which is owned by root. You can't do it.
>
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstucklex@attglobal.net
> ==================
You were right, i forgot a dot (shame on me) in the path. My code is
below.
Having fixed that, it gave me the next (of how many :s ) error:
--- ERROR ---
Warning:
move_uploaded_file(/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg):
failed to open stream: Permission denied in
/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17
Warning: move_uploaded_file(): Unable to move '/tmp/phpzeJkaC' to
'/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg' in
/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17
Possible file upload attack!
Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => photo.jpg
[type] => image/jpeg
[tmp_name] => /tmp/phpzeJkaC
[error] => 0
[size] => 11469
)
)
--- END ERROR ---
The folder i'm trying to access is /test/admin/uploads
and it does exist. (checked).
I hope you can tel me what's wrong. Anyway, i really appreciate all
your effort for trying to help me!
Frizzle.
My entire exact code is below:
++++++++++++++++++++++++++++++++++++++++++++++
<?php
require_once('../inc/globals.php');
/*$ftp_conn = @ftp_connect( $default_ftp_server )or
die('<b>Error!</b><br>FTP Host Niot Found!');
@ftp_login( $ftp_conn, $default_ftp_user, $default_ftp_pass )or
die('<b>Error!</b><br>Wrong FTP-login name or FTP-pass!');
@ftp_close( $ftp_conn );*/
if( isset( $_FILES['userfile'] ) ){
$uploaddir = './uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
};
?>
<form action="<?php echo $PHP_SELF; ?>" method="post"
enctype="multipart/form-data" name="images" target="_top" id="images"
class="form">
<input name="userfile" type="file" id="userfile">
<br>
<input type="submit" name="upload" id="upload" value="Upload!">
<input name="cancel" type="button" id="cancel" value="Cancel"
onClick="javascript:if(confirm('Sure?')){ history.go(-1) }else{}">
</form><?php
if (is_dir($uploaddir)) {
if ($dh = opendir($uploaddir)) {
while (($file = readdir($dh)) !== false) {
if ($file !== '..' && $file !== '.') echo "filename: $file : filetype:
" . filetype($uploaddir . $file) . "<br>\r\n";
}
closedir($dh);
}
};
?>
++++++++++++++++++++++++++++++++++++++++++++++
Navigation:
[Reply to this message]
|