mwoolley Posted April 10, 2004 Posted April 10, 2004 I have a file upload script that is straight from the PHP manual (see below). It works great, but I only if I set the permissions on the uploads directory to be 777. This doesn't seem real secure. I've researched this issue in the PHP forums and people talk about setting the security on the upload directory so that user 'nobody' (user Apache runs under) can write it. I'm a Unix newby, but I can't see any option in the cpanel to do that. Any ideas? <?php // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead // of $_FILES. $uploaddir = 'uploads/'; $uploadfile = $uploaddir . $_FILES['userfile']['name']; print "<pre>"; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { print "File is valid, and was successfully uploaded. "; print "Here's some more debugging info:\n"; print_r($_FILES); } else { print "Possible file upload attack! Here's some debugging info:\n"; print_r($_FILES); } print "</pre>"; ?>
TCH-Bruce Posted April 10, 2004 Posted April 10, 2004 Closing thread. There is no reason to post in multiple forums we read them all.
Recommended Posts