Posted by Markus on 07/04/07 09:05

Bob Bedford schrieb:
>> Files should be sanitized, resized, and moved by the php that handles the
>> POST data.
> As it's a mutualized server, big images (more than 4mio pixels, quite common
> those days) can't be resized in the PHP script due to the memory limit,
> that's why I do it using a ftp connection in my own program (compiled
> program).

You might be interested in taking a look at RadUpload:
http://www.radinks.com/upload/

It is a Java applet for easy FTP file upload, the pro version can resize
images at the client side, before they are uploaded, which saves upload
capacity and reduces server-side processing.

Of course it does not solve your actual chmod problem. I use a separate
FTP user (outside the www root directory) for uploads only. This is my
procedure (I am not sure if it is optimal from a security point of view;
it works even with safe_mode, anyway):
- upload files with RadUpload (logging in as upload user)
- upload user moves them into a receiving directory (chmoded 0777) via
ftp_get()
- PHP user chmods them to 0666 (else it would not be possible to delete
or download them from the server via FTP later), does all needed
post-processing and moves them into their final destination directories

Of course it would make things much easier if it were possible to hand
over a file from one user to another, or to assign FTP and PHP to one
user id. I guess the latter is possible if you configure your server
yourself; but as I always work on shared hosting I don't know about
these things.

--
Markus

[Back to original message]