Jump to content

Uploading Files With Php


Recommended Posts

Hi all -

I want to have a PHP page where a user can upload a file, and then I save that file to disk. Of course, I can do this on my local Linux development machine, but I have to change the permissions of the upload directory so that whatever user Apache and PHP are running as has write access to that directory. My question is, can I do the same thing somehow on my TCH account? It looks to me that in the CPanel, I can change the permissions of a directory for UserGroupWorld, but can I change the group to match whatever user Apache runs as? Wouldn't that be more secure than simply making the directory world-writeable?

 

Thanks...

jasonsho (somehow a funny short for "jasonshosting") :)

Link to comment
Share on other sites

  • 2 weeks later...

oh and would you be willing to share the script if you get it working? I would like to have something like that. I'm getting tired of walking people through using FTP

 

 

Edit: nevermind, I followed KWs link and found one I'm going to use. :D

Link to comment
Share on other sites

OK - attached is the script that was linked to above by kweilbacher with some extra crap by me. I was just trying to make it work to test the permissions issue, and it didn't have all the error reporting that I would like. The suspect lines are:

 

>      if(!copy($HTTP_POST_FILES['file']['tmp_name'],"/changeme/public_html/test/".$HTTP_POST_FILES['file']['name']))
        print "Failed to upload file!";

 

I do not currently have shell access to my account. However, I can make the "/changeme/public_html/test/" directory writeable by world via CPanel, and then the file upload works OK. By doing that, I am just giving any user on the system write access to that directory, versus limiting it to the apache user or its group. So now the question is, how much less secure is this method? My thoughts: if some sort of attack or misuse comes via apache to somehow upload files to this directory, it could happen in either case - only for other users on the system is this a greater risk. So what sort of risk do we have for other user IDs on our systems? What about anonymous FTP? Any takers?

 

-jasonsho

file.php

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...