473,855 Members | 2,068 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Chmod

Hi,

I am at the base of an FTP thingy i'm building, and i noticed that
it would only work if i chmod the folder 777, i thought to remember
correctly that previously on another site chmod 744 was enough,
now it isn't.
Am i mistaking, and should it always be 777 ? And isn't a chmodded
777 folder much more vulnerable?

Frizzle.
Code sofar below:
+++++++++++++++ +++++++++++
<?php

require_once('. ./inc/globals.php');

if( isset( $_FILES['image'] ) ){

$ftp_conn = @ftp_connect( $default_ftp_se rver )or
die('<b>Error!</b>');
@ftp_login( $ftp_conn, $default_ftp_us er, $default_ftp_pa ss )or
die('<bError!</b>');

$uploaddir = '../items/';
$uploadfile = $uploaddir . basename( $_FILES['image']['name'] );

if ( move_uploaded_f ile( $_FILES['image']['tmp_name'], $uploadfile ) ){
echo "File is valid, and was successfully uploaded.";
} else {
echo "Possible file upload attack!";
};

ftp_close( $ftp_conn );

};

?>
<form action="<?php echo $PHP_SELF; ?>" method="post"
enctype="multip art/form-data" name="images" target="_top" id="images"
class="form">
<input name="image" type="file" id="image">
<br>
<input type="submit" name="upload" id="upload" value="Upload">
<input name="cancel" type="button" id="cancel" value="Cancel"
onClick="javasc ript:history.go (-1) ">
</form><?php

if (is_dir($upload dir)) {
if ($dh = opendir($upload dir)) {
while (($file = readdir($dh)) !== false) {
if ($file !== '..' && $file !== '.') echo "filename: $file :
filetype: " . filetype($uploa ddir . $file) . "<br>\r\n";
}
closedir($dh);
}
};

?>
----------------------------------------------------

Apr 4 '06
47 3358
frizzle wrote:
Jerry Stuckle wrote:
frizzle wrote:
Jerry Stuckle wrote:
frizzle wrote:
>Jerry Stuckle wrote:
>
>
>
>>frizzle wrote:
>>
>>
>>
>>>Jerry Stuckle wrote:
>>>
>>>
>>>
>>>
>>>>frizz le wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>Jerr y Stuckle wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>frizz le wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Jerr y Stuckle wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Gar y L. Burnore wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Wed, 05 Apr 2006 07:55:14 -0500, Jerry Stuckle
>>>>>>>>><j s*******@attglo bal.net> wrote:
>>>>>>>>> .
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>> >Standard (DW created files/dirs) have user 'domainname', permissions
>>>>>>>>>>> >'rwx r-x r-x ',
>>>>>>>>>>> >Ftp app uploaded (with chmod 777) have user 'apache', permissions 'rw-
>>>>>>>>>>> >--- --- '
>>>>>>>>>>> >
>>>>>
>>>>>
>>>>>>>>>>> >Frizzle.
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>>>> Is there a possibility to upload files via PHP without Chmodding, and
>>>>>>>>>>> keep the same group / permissions on uploaded files as those uploaded
>>>>>>>>>>> with, say, DreamWeaver or WS_FTP ?
>>>>>>>>> >>
>>>>>>>>>>> Frizzle.
>>>>>>>>> >>
>>>>>>>>>>> (E.g. with ftp_put() wich i can't seem to get working.)
>>>>>>>>> >>
>>>>>>>>> >
>>>>>>>>>>O nly if you can ftp in as the web server.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> It depends on the ftp server, actually. Our ftp server correctly sets
>>>>>>>>>th e permissions for you when you push. Seems your ISP has something
>>>>>>>>>se t incorrectly.
>>>>>>>>>
>>>>>>>>
>>>>>>>>N o, he was asking how to upload files with PHP - not with FTP.
>>>>>>>>
>>>>>>>>--
>>>>>>>>=== ===============
>>>>>>>>Rem ove the "x" from my email address
>>>>>>>>Jer ry Stuckle
>>>>>>>>J DS Computer Training Corp.
>>>>>>>>js* ******@attgloba l.net
>>>>>>>>=== ===============
>>>>>>>
>>>>>>>
>>>>>>>Sorr y, kind of lost it here; is it possible to FTP via PHP w/o any
>>>>>>>chmo dding etc.
>>>>>>>So i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>uplo ad it, and
>>>>>>>ha ve the upload script up and running ... ?
>>>>>>>
>>>>>>>Friz zle.
>>>>>>>
>>>>>>
>>>>>>Frizz le,
>>>>>>
>>>>>>No, you can't upload via PHP. FTP is a system service, just as telnet, ssh and
>>>>>>web server are.
>>>>>>
>>>>>>Whe n you ftp a file to the server, the owner of the file is the userid who
>>>>>>uploa ded the file (signed into ftp). But when you upload via PHP, you're using
>>>>>>the web server, and the owner is the userid of the server itself.
>>>>>>
>>>>>>--
>>>>>>===== =============
>>>>>>Remov e the "x" from my email address
>>>>>>Jer ry Stuckle
>>>>>>JDS Computer Training Corp.
>>>>>>js*** ****@attglobal. net
>>>>>>===== =============
>>>>>
>>>>>
>>>>>Ok, thanks.
>>>>>Not to go on and on about this, but the other thing i asked is
>>>>>imposs ible as well then?
>>>>>
>>>>>"So i could mail a zipfile to a client, tell them to unpack it and
>>>>>uplo ad it,
>>>>> and have the upload script up and running ... ?"
>>>>>
>>>>>Frizzl e.
>>>>>
>>>>
>>>>It's easy to ftp or to upload via PHP. Both work quite well (unless the
>>>>server' s configuration is screwed up). It's when you try to mix the two you
>>>>start running into permission problems and need to chmod.
>>>>
>>>>--
>>>>======= ===========
>>>>Remov e the "x" from my email address
>>>>Jerry Stuckle
>>>>JDS Computer Training Corp.
>>>>js***** **@attglobal.ne t
>>>>======= ===========
>>>
>>>
>>>owkaaaaa yyyy, i never realized ftp and uploading aren't the same
>>>thing. ..
>>>I don't need to mix them, i need a script to upload files, wich can
>>>preffera bly
>>>run without any chmodding etc.
>>>
>>>Frizzl e.
>>>
>>
>>Ok, you just need to ensure you have the original directory permissions set
>>properl y, then. In a typical installation the directory would be owned by the
>>webserver 's userid with permissions of 755.
>>
>>And I hope I didn't confuse you. You can upload via HTTP, or with the ftp PUT
>>command . In either case the file ends up on the server. But how it gets there
>>is much different.
>>
>>
>>--
>>========= =========
>>Remove the "x" from my email address
>>Jerry Stuckle
>>JDS Computer Training Corp.
>>js******* @attglobal.net
>>========= =========
>
>
>When i create a new folder, either via Plesk, Dreamweaver or WS_FTP,
>folders are standard chmodded 755.
>That should be allright then ...
>
>Frizzle.
>

*Should be* is the key. If your host has things set ip properly, then yes you
should be OK. But if not...

And I'm not sure about Plesk, but I know DreamWeaver and WS_FTP both use ftp to
transfer files. I suspect Plesk does, also.
--
=========== =======
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@a ttglobal.net
=========== =======
Well, ok, but where should i focus now to build a script to upload
files to my server?
FTP, or an other file transfer method?
It would be ideal if i could also create / delete folders ...

Frizzle.

Frizzle,

It depends on how you want to do things. If you're going to be the only one
uploading, you can do ftp or http uploads. If you have users who may not be
familiar with ftp, you should do http uploads.

The downside of http uploads is you can't synchronize files between your local
copy and the website with products like Dreamweaver.

You can create and delete directories in PHP also, assuming your host hasn't
disabled these functions and you have the appropriate permissions. So that's
not a problem.

It's all in how you want to maintain your site.
--
============= =====
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@att global.net
============= =====

It's meant for a user based site; users with certain priviledges are
allowed to add news and files to the site. No synchronizing
needed. Mostly images and mp3's, maybe some docs etc.

Frizzle.


In that case I would suggest http uploads.

Maybe the easiest way is to have an admin page where you can let PHP create the
root directory(s) you wish, then let the main part of the site upload into these
directories and, if necessary, create new directories.

If the webserver creates them it will be the owner, also.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
Apr 8 '06 #21

Jerry Stuckle wrote:
frizzle wrote:
Jerry Stuckle wrote:
frizzle wrote:

Jerry Stuckle wrote:
>frizzle wrote:
>
>
>>Jerry Stuckle wrote:
>>
>>
>>
>>>frizzle wrote:
>>>
>>>
>>>
>>>>Jerry Stuckle wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>frizz le wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Jerr y Stuckle wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>frizz le wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Jerr y Stuckle wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>Gar y L. Burnore wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On Wed, 05 Apr 2006 07:55:14 -0500, Jerry Stuckle
>>>>>>>>>><j s*******@attglo bal.net> wrote:
>>>>>>>>>> .
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>> >Standard (DW created files/dirs) have user 'domainname', permissions
>>>>>>>>>>>> >'rwx r-x r-x ',
>>>>>>>>>>>> >Ftp app uploaded (with chmod 777) have user 'apache', permissions 'rw-
>>>>>>>>>>>> >--- --- '
>>>>>>>>>>>> >
>>>>>>
>>>>>>
>>>>>>>>>>>> >Frizzle.
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>>>> Is there a possibility to upload files via PHP without Chmodding, and
>>>>>>>>>>>> keep the same group / permissions on uploaded files as those uploaded
>>>>>>>>>>>> with, say, DreamWeaver or WS_FTP ?
>>>>>>>>>> >>
>>>>>>>>>>>> Frizzle.
>>>>>>>>>> >>
>>>>>>>>>>>> (E.g. with ftp_put() wich i can't seem to get working.)
>>>>>>>>>> >>
>>>>>>>>>> >
>>>>>>>>>>>O nly if you can ftp in as the web server.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> It depends on the ftp server, actually. Our ftp server correctly sets
>>>>>>>>>>th e permissions for you when you push. Seems your ISP has something
>>>>>>>>>>se t incorrectly.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>N o, he was asking how to upload files with PHP - not with FTP.
>>>>>>>>>
>>>>>>>>>--
>>>>>>>>>=== ===============
>>>>>>>>>Rem ove the "x" from my email address
>>>>>>>>>Jer ry Stuckle
>>>>>>>>>J DS Computer Training Corp.
>>>>>>>>>js* ******@attgloba l.net
>>>>>>>>>=== ===============
>>>>>>>>
>>>>>>>>
>>>>>>>>Sorr y, kind of lost it here; is it possible to FTP via PHP w/o any
>>>>>>>>chmo dding etc.
>>>>>>>>So i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>uplo ad it, and
>>>>>>>>ha ve the upload script up and running ... ?
>>>>>>>>
>>>>>>>>Friz zle.
>>>>>>>>
>>>>>>>
>>>>>>>Frizz le,
>>>>>>>
>>>>>>>No, you can't upload via PHP. FTP is a system service, just as telnet, ssh and
>>>>>>>web server are.
>>>>>>>
>>>>>>>Whe n you ftp a file to the server, the owner of the file is the userid who
>>>>>>>uploa ded the file (signed into ftp). But when you upload via PHP, you're using
>>>>>>>the web server, and the owner is the userid of the server itself.
>>>>>>>
>>>>>>>--
>>>>>>>===== =============
>>>>>>>Remov e the "x" from my email address
>>>>>>>Jer ry Stuckle
>>>>>>>JDS Computer Training Corp.
>>>>>>>js*** ****@attglobal. net
>>>>>>>===== =============
>>>>>>
>>>>>>
>>>>>>Ok, thanks.
>>>>>>Not to go on and on about this, but the other thing i asked is
>>>>>>imposs ible as well then?
>>>>>>
>>>>>>"So i could mail a zipfile to a client, tell them to unpack it and
>>>>>>uplo ad it,
>>>>>> and have the upload script up and running ... ?"
>>>>>>
>>>>>>Frizzl e.
>>>>>>
>>>>>
>>>>>It's easy to ftp or to upload via PHP. Both work quite well (unless the
>>>>>server' s configuration is screwed up). It's when you try to mix the two you
>>>>>start running into permission problems and need to chmod.
>>>>>
>>>>>--
>>>>>======= ===========
>>>>>Remov e the "x" from my email address
>>>>>Jerry Stuckle
>>>>>JDS Computer Training Corp.
>>>>>js***** **@attglobal.ne t
>>>>>======= ===========
>>>>
>>>>
>>>>owkaaaaa yyyy, i never realized ftp and uploading aren't the same
>>>>thing. ..
>>>>I don't need to mix them, i need a script to upload files, wich can
>>>>preffera bly
>>>>run without any chmodding etc.
>>>>
>>>>Frizzl e.
>>>>
>>>
>>>Ok, you just need to ensure you have the original directory permissions set
>>>properl y, then. In a typical installation the directory would be owned by the
>>>webserver 's userid with permissions of 755.
>>>
>>>And I hope I didn't confuse you. You can upload via HTTP, or with the ftp PUT
>>>command . In either case the file ends up on the server. But how it gets there
>>>is much different.
>>>
>>>
>>>--
>>>========= =========
>>>Remove the "x" from my email address
>>>Jerry Stuckle
>>>JDS Computer Training Corp.
>>>js******* @attglobal.net
>>>========= =========
>>
>>
>>When i create a new folder, either via Plesk, Dreamweaver or WS_FTP,
>>folders are standard chmodded 755.
>>That should be allright then ...
>>
>>Frizzle.
>>
>
>*Should be* is the key. If your host has things set ip properly, then yes you
>should be OK. But if not...
>
>And I'm not sure about Plesk, but I know DreamWeaver and WS_FTP both use ftp to
>transfer files. I suspect Plesk does, also.
>
>
>--
>=========== =======
>Remove the "x" from my email address
>Jerry Stuckle
>JDS Computer Training Corp.
>js*******@a ttglobal.net
>=========== =======
Well, ok, but where should i focus now to build a script to upload
files to my server?
FTP, or an other file transfer method?
It would be ideal if i could also create / delete folders ...

Frizzle.

Frizzle,

It depends on how you want to do things. If you're going to be the only one
uploading, you can do ftp or http uploads. If you have users who may not be
familiar with ftp, you should do http uploads.

The downside of http uploads is you can't synchronize files between your local
copy and the website with products like Dreamweaver.

You can create and delete directories in PHP also, assuming your host hasn't
disabled these functions and you have the appropriate permissions. So that's
not a problem.

It's all in how you want to maintain your site.
--
============= =====
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@att global.net
============= =====

It's meant for a user based site; users with certain priviledges are
allowed to add news and files to the site. No synchronizing
needed. Mostly images and mp3's, maybe some docs etc.

Frizzle.


In that case I would suggest http uploads.

Maybe the easiest way is to have an admin page where you can let PHP create the
root directory(s) you wish, then let the main part of the site upload into these
directories and, if necessary, create new directories.

If the webserver creates them it will be the owner, also.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===


Hmm, hope i'm not back at the start (the chmodding part) i get an
error:

Warning: move_uploaded_f ile(): SAFE MODE Restriction in effect. The
script whose uid is 10008 is not allowed to access / owned by uid 0 in
/home/httpd/vhosts/host.com/httpdocs/test/admin/ftp2.php on line 17

Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => photo.jpg
[type] => image/jpeg
[tmp_name] => /tmp/phpejdmGr
[error] => 0
[size] => 11469
)

)
Does this have something to do with the Chmodding again ? (Please tell
me it doesn't...)

Frizzle.

Apr 9 '06 #22
frizzle wrote:
Jerry Stuckle wrote:
frizzle wrote:
Jerry Stuckle wrote:
frizzle wrote:
>Jerry Stuckle wrote:
>
>
>
>>frizzle wrote:
>>
>>
>>
>>>Jerry Stuckle wrote:
>>>
>>>
>>>
>>>
>>>>frizz le wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>Jerr y Stuckle wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>frizz le wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Jerr y Stuckle wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>fri zzle wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>Je rry Stuckle wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>G ary L. Burnore wrote:
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>>>> On Wed, 05 Apr 2006 07:55:14 -0500, Jerry Stuckle
>>>>>>>>>>> <js*******@attg lobal.net> wrote:
>>>>>>>>>>> .
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>>>> >>>Standard (DW created files/dirs) have user 'domainname', permissions
>>>>>>>>>>> >>>'rwx r-x r-x ',
>>>>>>>>>>> >>>Ftp app uploaded (with chmod 777) have user 'apache', permissions 'rw-
>>>>>>>>>>> >>>--- --- '
>>>>>>>>>>> >>>
>>>>>>>
>>>>>>>
>>>>>>>>>>> >>>Frizzle.
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>Is there a possibility to upload files via PHP without Chmodding, and
>>>>>>>>>>> >>keep the same group / permissions on uploaded files as those uploaded
>>>>>>>>>>> >>with, say, DreamWeaver or WS_FTP ?
>>>>>>>>>>> >>
>>>>>>>>>>> >>Frizzle.
>>>>>>>>>>> >>
>>>>>>>>>>> >>(E.g. with ftp_put() wich i can't seem to get working.)
>>>>>>>>>>> >>
>>>>>>>>>>> >
>>>>>>>>>>> >Only if you can ftp in as the web server.
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>>>> It depends on the ftp server, actually. Our ftp server correctly sets
>>>>>>>>>>> the permissions for you when you push. Seems your ISP has something
>>>>>>>>>>> set incorrectly.
>>>>>>>>> >>
>>>>>>>>> >
>>>>>>>>>>N o, he was asking how to upload files with PHP - not with FTP.
>>>>>>>>> >
>>>>>>>>> >--
>>>>>>>>>>= =============== ==
>>>>>>>>>>R emove the "x" from my email address
>>>>>>>>>>J erry Stuckle
>>>>>>>>>>J DS Computer Training Corp.
>>>>>>>>>>j s*******@attglo bal.net
>>>>>>>>>>= =============== ==
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>So rry, kind of lost it here; is it possible to FTP via PHP w/o any
>>>>>>>>>ch modding etc.
>>>>>>>>> So i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>>up load it, and
>>>>>>>>>ha ve the upload script up and running ... ?
>>>>>>>>>
>>>>>>>>>Fr izzle.
>>>>>>>>>
>>>>>>>>
>>>>>>>>Fri zzle,
>>>>>>>>
>>>>>>>>N o, you can't upload via PHP. FTP is a system service, just as telnet, ssh and
>>>>>>>>w eb server are.
>>>>>>>>
>>>>>>>>Whe n you ftp a file to the server, the owner of the file is the userid who
>>>>>>>>upl oaded the file (signed into ftp). But when you upload via PHP, you're using
>>>>>>>>t he web server, and the owner is the userid of the server itself.
>>>>>>>>
>>>>>>>>--
>>>>>>>>=== ===============
>>>>>>>>Rem ove the "x" from my email address
>>>>>>>>Jer ry Stuckle
>>>>>>>>J DS Computer Training Corp.
>>>>>>>>js* ******@attgloba l.net
>>>>>>>>=== ===============
>>>>>>>
>>>>>>>
>>>>>>>Ok , thanks.
>>>>>>>No t to go on and on about this, but the other thing i asked is
>>>>>>>impo ssible as well then?
>>>>>>>
>>>>>>>"S o i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>uplo ad it,
>>>>>>>an d have the upload script up and running ... ?"
>>>>>>>
>>>>>>>Friz zle.
>>>>>>>
>>>>>>
>>>>>>It' s easy to ftp or to upload via PHP. Both work quite well (unless the
>>>>>>serve r's configuration is screwed up). It's when you try to mix the two you
>>>>>>sta rt running into permission problems and need to chmod.
>>>>>>
>>>>>>--
>>>>>>===== =============
>>>>>>Remov e the "x" from my email address
>>>>>>Jer ry Stuckle
>>>>>>JDS Computer Training Corp.
>>>>>>js*** ****@attglobal. net
>>>>>>===== =============
>>>>>
>>>>>
>>>>>owkaaa aayyyy, i never realized ftp and uploading aren't the same
>>>>>thing. ..
>>>>>I don't need to mix them, i need a script to upload files, wich can
>>>>>preffe rably
>>>>>run without any chmodding etc.
>>>>>
>>>>>Frizzl e.
>>>>>
>>>>
>>>>Ok, you just need to ensure you have the original directory permissions set
>>>>properl y, then. In a typical installation the directory would be owned by the
>>>>webserv er's userid with permissions of 755.
>>>>
>>>>And I hope I didn't confuse you. You can upload via HTTP, or with the ftp PUT
>>>>command . In either case the file ends up on the server. But how it gets there
>>>>is much different.
>>>>
>>>>
>>>>--
>>>>======= ===========
>>>>Remov e the "x" from my email address
>>>>Jerry Stuckle
>>>>JDS Computer Training Corp.
>>>>js***** **@attglobal.ne t
>>>>======= ===========
>>>
>>>
>>>When i create a new folder, either via Plesk, Dreamweaver or WS_FTP,
>>>folder s are standard chmodded 755.
>>>That should be allright then ...
>>>
>>>Frizzl e.
>>>
>>
>>*Should be* is the key. If your host has things set ip properly, then yes you
>>should be OK. But if not...
>>
>>And I'm not sure about Plesk, but I know DreamWeaver and WS_FTP both use ftp to
>>transfe r files. I suspect Plesk does, also.
>>
>>
>>--
>>========= =========
>>Remove the "x" from my email address
>>Jerry Stuckle
>>JDS Computer Training Corp.
>>js******* @attglobal.net
>>========= =========
>
>
>Well, ok, but where should i focus now to build a script to upload
>files to my server?
>FTP, or an other file transfer method?
>It would be ideal if i could also create / delete folders ...
>
>Frizzle.
>
Frizzle,

It depends on how you want to do things. If you're going to be the only one
uploading , you can do ftp or http uploads. If you have users who may not be
familiar with ftp, you should do http uploads.

The downside of http uploads is you can't synchronize files between your local
copy and the website with products like Dreamweaver.

You can create and delete directories in PHP also, assuming your host hasn't
disabled these functions and you have the appropriate permissions. So that's
not a problem.

It's all in how you want to maintain your site.
--
=========== =======
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@a ttglobal.net
=========== =======
It's meant for a user based site; users with certain priviledges are
allowed to add news and files to the site. No synchronizing
needed. Mostly images and mp3's, maybe some docs etc.

Frizzle.


In that case I would suggest http uploads.

Maybe the easiest way is to have an admin page where you can let PHP create the
root directory(s) you wish, then let the main part of the site upload into these
directories and, if necessary, create new directories.

If the webserver creates them it will be the owner, also.

--
============= =====
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@att global.net
============= =====

Hmm, hope i'm not back at the start (the chmodding part) i get an
error:

Warning: move_uploaded_f ile(): SAFE MODE Restriction in effect. The
script whose uid is 10008 is not allowed to access / owned by uid 0 in
/home/httpd/vhosts/host.com/httpdocs/test/admin/ftp2.php on line 17

Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => photo.jpg
[type] => image/jpeg
[tmp_name] => /tmp/phpejdmGr
[error] => 0
[size] => 11469
)

)
Does this have something to do with the Chmodding again ? (Please tell
me it doesn't...)

Frizzle.


I have no idea - don't know what code you're using.

But it looks like you're trying to access the system root directory ('/') -
which is owned by root. You can't do it.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
Apr 9 '06 #23
Jerry Stuckle wrote:
frizzle wrote:
Jerry Stuckle wrote:
frizzle wrote:

Jerry Stuckle wrote:
>frizzle wrote:
>
>
>>Jerry Stuckle wrote:
>>
>>
>>
>>>frizzle wrote:
>>>
>>>
>>>
>>>>Jerry Stuckle wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>frizz le wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Jerr y Stuckle wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>frizz le wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Jerr y Stuckle wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>fri zzle wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>Je rry Stuckle wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>G ary L. Burnore wrote:
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>>>> On Wed, 05 Apr 2006 07:55:14 -0500, Jerry Stuckle
>>>>>>>>>>>> <js*******@attg lobal.net> wrote:
>>>>>>>>>>>> .
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>>>> >>>Standard (DW created files/dirs) have user 'domainname', permissions
>>>>>>>>>>>> >>>'rwx r-x r-x ',
>>>>>>>>>>>> >>>Ftp app uploaded (with chmod 777) have user 'apache', permissions 'rw-
>>>>>>>>>>>> >>>--- --- '
>>>>>>>>>>>> >>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>>> >>>Frizzle.
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>Is there a possibility to upload files via PHP without Chmodding, and
>>>>>>>>>>>> >>keep the same group / permissions on uploaded files as those uploaded
>>>>>>>>>>>> >>with, say, DreamWeaver or WS_FTP ?
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>Frizzle.
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>(E.g. with ftp_put() wich i can't seem to get working.)
>>>>>>>>>>>> >>
>>>>>>>>>>>> >
>>>>>>>>>>>> >Only if you can ftp in as the web server.
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>>>> It depends on the ftp server, actually. Our ftp server correctly sets
>>>>>>>>>>>> the permissions for you when you push. Seems your ISP has something
>>>>>>>>>>>> set incorrectly.
>>>>>>>>>> >>
>>>>>>>>>> >
>>>>>>>>>>>N o, he was asking how to upload files with PHP - not with FTP.
>>>>>>>>>> >
>>>>>>>>>> >--
>>>>>>>>>>>= =============== ==
>>>>>>>>>>>R emove the "x" from my email address
>>>>>>>>>>>J erry Stuckle
>>>>>>>>>>>J DS Computer Training Corp.
>>>>>>>>>>>j s*******@attglo bal.net
>>>>>>>>>>>= =============== ==
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>So rry, kind of lost it here; is it possible to FTP via PHP w/o any
>>>>>>>>>>ch modding etc.
>>>>>>>>>> So i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>>>up load it, and
>>>>>>>>>>ha ve the upload script up and running ... ?
>>>>>>>>>>
>>>>>>>>>>Fr izzle.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>Fri zzle,
>>>>>>>>>
>>>>>>>>>N o, you can't upload via PHP. FTP is a system service, just as telnet, ssh and
>>>>>>>>>w eb server are.
>>>>>>>>>
>>>>>>>>>Whe n you ftp a file to the server, the owner of the file is the userid who
>>>>>>>>>upl oaded the file (signed into ftp). But when you upload via PHP, you're using
>>>>>>>>>t he web server, and the owner is the userid of the server itself.
>>>>>>>>>
>>>>>>>>>--
>>>>>>>>>=== ===============
>>>>>>>>>Rem ove the "x" from my email address
>>>>>>>>>Jer ry Stuckle
>>>>>>>>>J DS Computer Training Corp.
>>>>>>>>>js* ******@attgloba l.net
>>>>>>>>>=== ===============
>>>>>>>>
>>>>>>>>
>>>>>>>>Ok , thanks.
>>>>>>>>No t to go on and on about this, but the other thing i asked is
>>>>>>>>impo ssible as well then?
>>>>>>>>
>>>>>>>>"S o i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>uplo ad it,
>>>>>>>>an d have the upload script up and running ... ?"
>>>>>>>>
>>>>>>>>Friz zle.
>>>>>>>>
>>>>>>>
>>>>>>>It' s easy to ftp or to upload via PHP. Both work quite well (unless the
>>>>>>>serve r's configuration is screwed up). It's when you try to mix the two you
>>>>>>>sta rt running into permission problems and need to chmod.
>>>>>>>
>>>>>>>--
>>>>>>>===== =============
>>>>>>>Remov e the "x" from my email address
>>>>>>>Jer ry Stuckle
>>>>>>>JDS Computer Training Corp.
>>>>>>>js*** ****@attglobal. net
>>>>>>>===== =============
>>>>>>
>>>>>>
>>>>>>owkaaa aayyyy, i never realized ftp and uploading aren't the same
>>>>>>thing. ..
>>>>>>I don't need to mix them, i need a script to upload files, wich can
>>>>>>preffe rably
>>>>>>run without any chmodding etc.
>>>>>>
>>>>>>Frizzl e.
>>>>>>
>>>>>
>>>>>Ok, you just need to ensure you have the original directory permissions set
>>>>>properl y, then. In a typical installation the directory would be owned by the
>>>>>webserv er's userid with permissions of 755.
>>>>>
>>>>>And I hope I didn't confuse you. You can upload via HTTP, or with the ftp PUT
>>>>>command . In either case the file ends up on the server. But how it gets there
>>>>>is much different.
>>>>>
>>>>>
>>>>>--
>>>>>======= ===========
>>>>>Remov e the "x" from my email address
>>>>>Jerry Stuckle
>>>>>JDS Computer Training Corp.
>>>>>js***** **@attglobal.ne t
>>>>>======= ===========
>>>>
>>>>
>>>>When i create a new folder, either via Plesk, Dreamweaver or WS_FTP,
>>>>folder s are standard chmodded 755.
>>>>That should be allright then ...
>>>>
>>>>Frizzl e.
>>>>
>>>
>>>*Should be* is the key. If your host has things set ip properly, then yes you
>>>should be OK. But if not...
>>>
>>>And I'm not sure about Plesk, but I know DreamWeaver and WS_FTP both use ftp to
>>>transfe r files. I suspect Plesk does, also.
>>>
>>>
>>>--
>>>========= =========
>>>Remove the "x" from my email address
>>>Jerry Stuckle
>>>JDS Computer Training Corp.
>>>js******* @attglobal.net
>>>========= =========
>>
>>
>>Well, ok, but where should i focus now to build a script to upload
>>files to my server?
>>FTP, or an other file transfer method?
>>It would be ideal if i could also create / delete folders ...
>>
>>Frizzle.
>>
>
>
>Frizzle,
>
>It depends on how you want to do things. If you're going to be the only one
>uploading , you can do ftp or http uploads. If you have users who may not be
>familiar with ftp, you should do http uploads.
>
>The downside of http uploads is you can't synchronize files between your local
>copy and the website with products like Dreamweaver.
>
>You can create and delete directories in PHP also, assuming your host hasn't
>disabled these functions and you have the appropriate permissions. So that's
>not a problem.
>
>It's all in how you want to maintain your site.
>
>
>--
>=========== =======
>Remove the "x" from my email address
>Jerry Stuckle
>JDS Computer Training Corp.
>js*******@a ttglobal.net
>=========== =======
It's meant for a user based site; users with certain priviledges are
allowed to add news and files to the site. No synchronizing
needed. Mostly images and mp3's, maybe some docs etc.

Frizzle.
In that case I would suggest http uploads.

Maybe the easiest way is to have an admin page where you can let PHP create the
root directory(s) you wish, then let the main part of the site upload into these
directories and, if necessary, create new directories.

If the webserver creates them it will be the owner, also.

--
============= =====
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@att global.net
============= =====

Hmm, hope i'm not back at the start (the chmodding part) i get an
error:

Warning: move_uploaded_f ile(): SAFE MODE Restriction in effect. The
script whose uid is 10008 is not allowed to access / owned by uid 0 in
/home/httpd/vhosts/host.com/httpdocs/test/admin/ftp2.php on line 17

Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => photo.jpg
[type] => image/jpeg
[tmp_name] => /tmp/phpejdmGr
[error] => 0
[size] => 11469
)

)
Does this have something to do with the Chmodding again ? (Please tell
me it doesn't...)

Frizzle.


I have no idea - don't know what code you're using.

But it looks like you're trying to access the system root directory ('/') -
which is owned by root. You can't do it.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===

You were right, i forgot a dot (shame on me) in the path. My code is
below.
Having fixed that, it gave me the next (of how many :s ) error:

--- ERROR ---

Warning:
move_uploaded_f ile(/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg):
failed to open stream: Permission denied in
/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17

Warning: move_uploaded_f ile(): Unable to move '/tmp/phpzeJkaC' to
'/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg' in
/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17

Possible file upload attack!
Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => photo.jpg
[type] => image/jpeg
[tmp_name] => /tmp/phpzeJkaC
[error] => 0
[size] => 11469
)

)

--- END ERROR ---

The folder i'm trying to access is /test/admin/uploads
and it does exist. (checked).
I hope you can tel me what's wrong. Anyway, i really appreciate all
your effort for trying to help me!

Frizzle.

My entire exact code is below:

+++++++++++++++ +++++++++++++++ +++++++++++++++ +

<?php

require_once('. ./inc/globals.php');

/*$ftp_conn = @ftp_connect( $default_ftp_se rver )or
die('<b>Error!</b><br>FTP Host Niot Found!');
@ftp_login( $ftp_conn, $default_ftp_us er, $default_ftp_pa ss )or
die('<b>Error!</b><br>Wrong FTP-login name or FTP-pass!');

@ftp_close( $ftp_conn );*/

if( isset( $_FILES['userfile'] ) ){
$uploaddir = './uploads/';
$uploadfile = $uploaddir . basename($_FILE S['userfile']['name']);

echo '<pre>';
if (move_uploaded_ file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES );

print "</pre>";

};

?>
<form action="<?php echo $PHP_SELF; ?>" method="post"
enctype="multip art/form-data" name="images" target="_top" id="images"
class="form">
<input name="userfile" type="file" id="userfile">
<br>
<input type="submit" name="upload" id="upload" value="Upload!" >
<input name="cancel" type="button" id="cancel" value="Cancel"
onClick="javasc ript:if(confirm ('Sure?')){ history.go(-1) }else{}">
</form><?php

if (is_dir($upload dir)) {
if ($dh = opendir($upload dir)) {
while (($file = readdir($dh)) !== false) {
if ($file !== '..' && $file !== '.') echo "filename: $file : filetype:
" . filetype($uploa ddir . $file) . "<br>\r\n";
}
closedir($dh);
}
};

?>

+++++++++++++++ +++++++++++++++ +++++++++++++++ +

Apr 10 '06 #24
frizzle wrote:
Jerry Stuckle wrote:
frizzle wrote:
Jerry Stuckle wrote:
frizzle wrote:
>Jerry Stuckle wrote:
>
>
>
>>frizzle wrote:
>>
>>
>>
>>>Jerry Stuckle wrote:
>>>
>>>
>>>
>>>
>>>>frizz le wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>Jerr y Stuckle wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>frizz le wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Jerr y Stuckle wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>fri zzle wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>Je rry Stuckle wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>f rizzle wrote:
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>>>> Jerry Stuckle wrote:
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>>>> >Gary L. Burnore wrote:
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >>On Wed, 05 Apr 2006 07:55:14 -0500, Jerry Stuckle
>>>>>>>>>>> >><js*******@at tglobal.net> wrote:
>>>>>>>>>>> >>.
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>>>>Standard (DW created files/dirs) have user 'domainname', permissions
>>>>>>>>>>> >>>>>'rwx r-x r-x ',
>>>>>>>>>>> >>>>>Ftp app uploaded (with chmod 777) have user 'apache', permissions 'rw-
>>>>>>>>>>> >>>>>--- --- '
>>>>>>>>>>> >>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>> >>>>>Frizzle.
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>Is there a possibility to upload files via PHP without Chmodding, and
>>>>>>>>>>> >>>>keep the same group / permissions on uploaded files as those uploaded
>>>>>>>>>>> >>>>with, say, DreamWeaver or WS_FTP ?
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>Frizzle.
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>(E.g. with ftp_put() wich i can't seem to get working.)
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>Only if you can ftp in as the web server.
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>It depends on the ftp server, actually. Our ftp server correctly sets
>>>>>>>>>>> >>the permissions for you when you push. Seems your ISP has something
>>>>>>>>>>> >>set incorrectly.
>>>>>>>>>>> >>
>>>>>>>>>>> >
>>>>>>>>>>> >No, he was asking how to upload files with PHP - not with FTP.
>>>>>>>>>>> >
>>>>>>>>>>> >--
>>>>>>>>>>> >============== ====
>>>>>>>>>>> >Remove the "x" from my email address
>>>>>>>>>>> >Jerry Stuckle
>>>>>>>>>>> >JDS Computer Training Corp.
>>>>>>>>>>> >js*******@attg lobal.net
>>>>>>>>>>> >============== ====
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>>>> Sorry, kind of lost it here; is it possible to FTP via PHP w/o any
>>>>>>>>>>> chmodding etc.
>>>>>>>>>>> So i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>>>> upload it, and
>>>>>>>>>>> have the upload script up and running ... ?
>>>>>>>>> >>
>>>>>>>>>>> Frizzle.
>>>>>>>>> >>
>>>>>>>>> >
>>>>>>>>>>F rizzle,
>>>>>>>>> >
>>>>>>>>>>N o, you can't upload via PHP. FTP is a system service, just as telnet, ssh and
>>>>>>>>>>w eb server are.
>>>>>>>>> >
>>>>>>>>>>W hen you ftp a file to the server, the owner of the file is the userid who
>>>>>>>>>>u ploaded the file (signed into ftp). But when you upload via PHP, you're using
>>>>>>>>>>t he web server, and the owner is the userid of the server itself.
>>>>>>>>> >
>>>>>>>>> >--
>>>>>>>>>>= =============== ==
>>>>>>>>>>R emove the "x" from my email address
>>>>>>>>>>J erry Stuckle
>>>>>>>>>>J DS Computer Training Corp.
>>>>>>>>>>j s*******@attglo bal.net
>>>>>>>>>>= =============== ==
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>Ok , thanks.
>>>>>>>>>No t to go on and on about this, but the other thing i asked is
>>>>>>>>>im possible as well then?
>>>>>>>>>
>>>>>>>>>"S o i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>>up load it,
>>>>>>>>>an d have the upload script up and running ... ?"
>>>>>>>>>
>>>>>>>>>Fr izzle.
>>>>>>>>>
>>>>>>>>
>>>>>>>>It' s easy to ftp or to upload via PHP. Both work quite well (unless the
>>>>>>>>ser ver's configuration is screwed up). It's when you try to mix the two you
>>>>>>>>sta rt running into permission problems and need to chmod.
>>>>>>>>
>>>>>>>>--
>>>>>>>>=== ===============
>>>>>>>>Rem ove the "x" from my email address
>>>>>>>>Jer ry Stuckle
>>>>>>>>J DS Computer Training Corp.
>>>>>>>>js* ******@attgloba l.net
>>>>>>>>=== ===============
>>>>>>>
>>>>>>>
>>>>>>>owka aaaayyyy, i never realized ftp and uploading aren't the same
>>>>>>>thin g...
>>>>>>>I don't need to mix them, i need a script to upload files, wich can
>>>>>>>pref ferably
>>>>>>>ru n without any chmodding etc.
>>>>>>>
>>>>>>>Friz zle.
>>>>>>>
>>>>>>
>>>>>>Ok, you just need to ensure you have the original directory permissions set
>>>>>>prope rly, then. In a typical installation the directory would be owned by the
>>>>>>webse rver's userid with permissions of 755.
>>>>>>
>>>>>>And I hope I didn't confuse you. You can upload via HTTP, or with the ftp PUT
>>>>>>comma nd. In either case the file ends up on the server. But how it gets there
>>>>>>is much different.
>>>>>>
>>>>>>
>>>>>>--
>>>>>>===== =============
>>>>>>Remov e the "x" from my email address
>>>>>>Jer ry Stuckle
>>>>>>JDS Computer Training Corp.
>>>>>>js*** ****@attglobal. net
>>>>>>===== =============
>>>>>
>>>>>
>>>>>When i create a new folder, either via Plesk, Dreamweaver or WS_FTP,
>>>>>folder s are standard chmodded 755.
>>>>>That should be allright then ...
>>>>>
>>>>>Frizzl e.
>>>>>
>>>>
>>>>*Shou ld be* is the key. If your host has things set ip properly, then yes you
>>>>shoul d be OK. But if not...
>>>>
>>>>And I'm not sure about Plesk, but I know DreamWeaver and WS_FTP both use ftp to
>>>>transfe r files. I suspect Plesk does, also.
>>>>
>>>>
>>>>--
>>>>======= ===========
>>>>Remov e the "x" from my email address
>>>>Jerry Stuckle
>>>>JDS Computer Training Corp.
>>>>js***** **@attglobal.ne t
>>>>======= ===========
>>>
>>>
>>>Well, ok, but where should i focus now to build a script to upload
>>>files to my server?
>>>FTP, or an other file transfer method?
>>>It would be ideal if i could also create / delete folders ...
>>>
>>>Frizzl e.
>>>
>>
>>
>>Frizzle ,
>>
>>It depends on how you want to do things. If you're going to be the only one
>>uploading , you can do ftp or http uploads. If you have users who may not be
>>familia r with ftp, you should do http uploads.
>>
>>The downside of http uploads is you can't synchronize files between your local
>>copy and the website with products like Dreamweaver.
>>
>>You can create and delete directories in PHP also, assuming your host hasn't
>>disable d these functions and you have the appropriate permissions. So that's
>>not a problem.
>>
>>It's all in how you want to maintain your site.
>>
>>
>>--
>>========= =========
>>Remove the "x" from my email address
>>Jerry Stuckle
>>JDS Computer Training Corp.
>>js******* @attglobal.net
>>========= =========
>
>
>It's meant for a user based site; users with certain priviledges are
>allowed to add news and files to the site. No synchronizing
>needed. Mostly images and mp3's, maybe some docs etc.
>
>Frizzle.
>

In that case I would suggest http uploads.

Maybe the easiest way is to have an admin page where you can let PHP create the
root directory(s) you wish, then let the main part of the site upload into these
directori es and, if necessary, create new directories.

If the webserver creates them it will be the owner, also.

--
=========== =======
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@a ttglobal.net
=========== =======
Hmm, hope i'm not back at the start (the chmodding part) i get an
error:

Warning: move_uploaded_f ile(): SAFE MODE Restriction in effect. The
script whose uid is 10008 is not allowed to access / owned by uid 0 in
/home/httpd/vhosts/host.com/httpdocs/test/admin/ftp2.php on line 17

Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => photo.jpg
[type] => image/jpeg
[tmp_name] => /tmp/phpejdmGr
[error] => 0
[size] => 11469
)

)
Does this have something to do with the Chmodding again ? (Please tell
me it doesn't...)

Frizzle.


I have no idea - don't know what code you're using.

But it looks like you're trying to access the system root directory ('/') -
which is owned by root. You can't do it.
--
============= =====
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@att global.net
============= =====


You were right, i forgot a dot (shame on me) in the path. My code is
below.
Having fixed that, it gave me the next (of how many :s ) error:

--- ERROR ---

Warning:
move_uploaded_f ile(/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg):
failed to open stream: Permission denied in
/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17

Warning: move_uploaded_f ile(): Unable to move '/tmp/phpzeJkaC' to
'/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg' in
/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17

Possible file upload attack!
Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => photo.jpg
[type] => image/jpeg
[tmp_name] => /tmp/phpzeJkaC
[error] => 0
[size] => 11469
)

)

--- END ERROR ---

The folder i'm trying to access is /test/admin/uploads
and it does exist. (checked).
I hope you can tel me what's wrong. Anyway, i really appreciate all
your effort for trying to help me!

Frizzle.

My entire exact code is below:

+++++++++++++++ +++++++++++++++ +++++++++++++++ +

<?php

require_once('. ./inc/globals.php');

/*$ftp_conn = @ftp_connect( $default_ftp_se rver )or
die('<b>Error!</b><br>FTP Host Niot Found!');
@ftp_login( $ftp_conn, $default_ftp_us er, $default_ftp_pa ss )or
die('<b>Error!</b><br>Wrong FTP-login name or FTP-pass!');

@ftp_close( $ftp_conn );*/

if( isset( $_FILES['userfile'] ) ){
$uploaddir = './uploads/';
$uploadfile = $uploaddir . basename($_FILE S['userfile']['name']);

echo '<pre>';
if (move_uploaded_ file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES );

print "</pre>";

};

?>
<form action="<?php echo $PHP_SELF; ?>" method="post"
enctype="multip art/form-data" name="images" target="_top" id="images"
class="form">
<input name="userfile" type="file" id="userfile">
<br>
<input type="submit" name="upload" id="upload" value="Upload!" >
<input name="cancel" type="button" id="cancel" value="Cancel"
onClick="javasc ript:if(confirm ('Sure?')){ history.go(-1) }else{}">
</form><?php

if (is_dir($upload dir)) {
if ($dh = opendir($upload dir)) {
while (($file = readdir($dh)) !== false) {
if ($file !== '..' && $file !== '.') echo "filename: $file : filetype:
" . filetype($uploa ddir . $file) . "<br>\r\n";
}
closedir($dh);
}
};

?>

+++++++++++++++ +++++++++++++++ +++++++++++++++ +

OK, who owns the directory, and what are its flags? And what's the userid of
the webserver?

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
Apr 11 '06 #25

Jerry Stuckle wrote:
frizzle wrote:
Jerry Stuckle wrote:
frizzle wrote:

Jerry Stuckle wrote:
>frizzle wrote:
>
>
>>Jerry Stuckle wrote:
>>
>>
>>
>>>frizzle wrote:
>>>
>>>
>>>
>>>>Jerry Stuckle wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>frizz le wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Jerr y Stuckle wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>frizz le wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Jerr y Stuckle wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>fri zzle wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>Je rry Stuckle wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>f rizzle wrote:
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>>>> Jerry Stuckle wrote:
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>>>> >Gary L. Burnore wrote:
>>>>>>>>>>>> >
>>>>>>>>>>>> >
>>>>>>>>>>>> >
>>>>>>>>>>>> >
>>>>>>>>>>>> >
>>>>>>>>>>>> >
>>>>>>>>>>>> >
>>>>>>>>>>>> >
>>>>>>>>>>>> >>On Wed, 05 Apr 2006 07:55:14 -0500, Jerry Stuckle
>>>>>>>>>>>> >><js*******@at tglobal.net> wrote:
>>>>>>>>>>>> >>.
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>>>>Standard (DW created files/dirs) have user 'domainname', permissions
>>>>>>>>>>>> >>>>>'rwx r-x r-x ',
>>>>>>>>>>>> >>>>>Ftp app uploaded (with chmod 777) have user 'apache', permissions 'rw-
>>>>>>>>>>>> >>>>>--- --- '
>>>>>>>>>>>> >>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>> >>>>>Frizzle.
>>>>>>>>>>>> >>>>
>>>>>>>>>>>> >>>>
>>>>>>>>>>>> >>>>Is there a possibility to upload files via PHP without Chmodding, and
>>>>>>>>>>>> >>>>keep the same group / permissions on uploaded files as those uploaded
>>>>>>>>>>>> >>>>with, say, DreamWeaver or WS_FTP ?
>>>>>>>>>>>> >>>>
>>>>>>>>>>>> >>>>Frizzle.
>>>>>>>>>>>> >>>>
>>>>>>>>>>>> >>>>(E.g. with ftp_put() wich i can't seem to get working.)
>>>>>>>>>>>> >>>>
>>>>>>>>>>>> >>>
>>>>>>>>>>>> >>>Only if you can ftp in as the web server.
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>
>>>>>>>>>>>> >>It depends on the ftp server, actually. Our ftp server correctly sets
>>>>>>>>>>>> >>the permissions for you when you push. Seems your ISP has something
>>>>>>>>>>>> >>set incorrectly.
>>>>>>>>>>>> >>
>>>>>>>>>>>> >
>>>>>>>>>>>> >No, he was asking how to upload files with PHP - not with FTP.
>>>>>>>>>>>> >
>>>>>>>>>>>> >--
>>>>>>>>>>>> >============== ====
>>>>>>>>>>>> >Remove the "x" from my email address
>>>>>>>>>>>> >Jerry Stuckle
>>>>>>>>>>>> >JDS Computer Training Corp.
>>>>>>>>>>>> >js*******@attg lobal.net
>>>>>>>>>>>> >============== ====
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>>>> Sorry, kind of lost it here; is it possible to FTP via PHP w/o any
>>>>>>>>>>>> chmodding etc.
>>>>>>>>>>>> So i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>>>>> upload it, and
>>>>>>>>>>>> have the upload script up and running ... ?
>>>>>>>>>> >>
>>>>>>>>>>>> Frizzle.
>>>>>>>>>> >>
>>>>>>>>>> >
>>>>>>>>>>>F rizzle,
>>>>>>>>>> >
>>>>>>>>>>>N o, you can't upload via PHP. FTP is a system service, just as telnet, ssh and
>>>>>>>>>>>w eb server are.
>>>>>>>>>> >
>>>>>>>>>>>W hen you ftp a file to the server, the owner of the file is the userid who
>>>>>>>>>>>u ploaded the file (signed into ftp). But when you upload via PHP, you're using
>>>>>>>>>>>t he web server, and the owner is the userid of the server itself.
>>>>>>>>>> >
>>>>>>>>>> >--
>>>>>>>>>>>= =============== ==
>>>>>>>>>>>R emove the "x" from my email address
>>>>>>>>>>>J erry Stuckle
>>>>>>>>>>>J DS Computer Training Corp.
>>>>>>>>>>>j s*******@attglo bal.net
>>>>>>>>>>>= =============== ==
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>Ok , thanks.
>>>>>>>>>>No t to go on and on about this, but the other thing i asked is
>>>>>>>>>>im possible as well then?
>>>>>>>>>>
>>>>>>>>>>"S o i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>>>up load it,
>>>>>>>>>>an d have the upload script up and running ... ?"
>>>>>>>>>>
>>>>>>>>>>Fr izzle.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>It' s easy to ftp or to upload via PHP. Both work quite well (unless the
>>>>>>>>>ser ver's configuration is screwed up). It's when you try to mix the two you
>>>>>>>>>sta rt running into permission problems and need to chmod.
>>>>>>>>>
>>>>>>>>>--
>>>>>>>>>=== ===============
>>>>>>>>>Rem ove the "x" from my email address
>>>>>>>>>Jer ry Stuckle
>>>>>>>>>J DS Computer Training Corp.
>>>>>>>>>js* ******@attgloba l.net
>>>>>>>>>=== ===============
>>>>>>>>
>>>>>>>>
>>>>>>>>owka aaaayyyy, i never realized ftp and uploading aren't the same
>>>>>>>>thin g...
>>>>>>>>I don't need to mix them, i need a script to upload files, wich can
>>>>>>>>pref ferably
>>>>>>>>ru n without any chmodding etc.
>>>>>>>>
>>>>>>>>Friz zle.
>>>>>>>>
>>>>>>>
>>>>>>>Ok, you just need to ensure you have the original directory permissions set
>>>>>>>prope rly, then. In a typical installation the directory would be owned by the
>>>>>>>webse rver's userid with permissions of 755.
>>>>>>>
>>>>>>>And I hope I didn't confuse you. You can upload via HTTP, or with the ftp PUT
>>>>>>>comma nd. In either case the file ends up on the server. But how it gets there
>>>>>>>is much different.
>>>>>>>
>>>>>>>
>>>>>>>--
>>>>>>>===== =============
>>>>>>>Remov e the "x" from my email address
>>>>>>>Jer ry Stuckle
>>>>>>>JDS Computer Training Corp.
>>>>>>>js*** ****@attglobal. net
>>>>>>>===== =============
>>>>>>
>>>>>>
>>>>>>When i create a new folder, either via Plesk, Dreamweaver or WS_FTP,
>>>>>>folder s are standard chmodded 755.
>>>>>>That should be allright then ...
>>>>>>
>>>>>>Frizzl e.
>>>>>>
>>>>>
>>>>>*Shou ld be* is the key. If your host has things set ip properly, then yes you
>>>>>shoul d be OK. But if not...
>>>>>
>>>>>And I'm not sure about Plesk, but I know DreamWeaver and WS_FTP both use ftp to
>>>>>transfe r files. I suspect Plesk does, also.
>>>>>
>>>>>
>>>>>--
>>>>>======= ===========
>>>>>Remov e the "x" from my email address
>>>>>Jerry Stuckle
>>>>>JDS Computer Training Corp.
>>>>>js***** **@attglobal.ne t
>>>>>======= ===========
>>>>
>>>>
>>>>Well, ok, but where should i focus now to build a script to upload
>>>>files to my server?
>>>>FTP, or an other file transfer method?
>>>>It would be ideal if i could also create / delete folders ...
>>>>
>>>>Frizzl e.
>>>>
>>>
>>>
>>>Frizzle ,
>>>
>>>It depends on how you want to do things. If you're going to be the only one
>>>uploading , you can do ftp or http uploads. If you have users who may not be
>>>familia r with ftp, you should do http uploads.
>>>
>>>The downside of http uploads is you can't synchronize files between your local
>>>copy and the website with products like Dreamweaver.
>>>
>>>You can create and delete directories in PHP also, assuming your host hasn't
>>>disable d these functions and you have the appropriate permissions. So that's
>>>not a problem.
>>>
>>>It's all in how you want to maintain your site.
>>>
>>>
>>>--
>>>========= =========
>>>Remove the "x" from my email address
>>>Jerry Stuckle
>>>JDS Computer Training Corp.
>>>js******* @attglobal.net
>>>========= =========
>>
>>
>>It's meant for a user based site; users with certain priviledges are
>>allowed to add news and files to the site. No synchronizing
>>needed. Mostly images and mp3's, maybe some docs etc.
>>
>>Frizzle.
>>
>
>In that case I would suggest http uploads.
>
>Maybe the easiest way is to have an admin page where you can let PHP create the
>root directory(s) you wish, then let the main part of the site upload into these
>directori es and, if necessary, create new directories.
>
>If the webserver creates them it will be the owner, also.
>
>--
>=========== =======
>Remove the "x" from my email address
>Jerry Stuckle
>JDS Computer Training Corp.
>js*******@a ttglobal.net
>=========== =======
Hmm, hope i'm not back at the start (the chmodding part) i get an
error:

Warning: move_uploaded_f ile(): SAFE MODE Restriction in effect. The
script whose uid is 10008 is not allowed to access / owned by uid 0 in
/home/httpd/vhosts/host.com/httpdocs/test/admin/ftp2.php on line 17

Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => photo.jpg
[type] => image/jpeg
[tmp_name] => /tmp/phpejdmGr
[error] => 0
[size] => 11469
)

)
Does this have something to do with the Chmodding again ? (Please tell
me it doesn't...)

Frizzle.
I have no idea - don't know what code you're using.

But it looks like you're trying to access the system root directory ('/') -
which is owned by root. You can't do it.
--
============= =====
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@att global.net
============= =====


You were right, i forgot a dot (shame on me) in the path. My code is
below.
Having fixed that, it gave me the next (of how many :s ) error:

--- ERROR ---

Warning:
move_uploaded_f ile(/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg):
failed to open stream: Permission denied in
/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17

Warning: move_uploaded_f ile(): Unable to move '/tmp/phpzeJkaC' to
'/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg' in
/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17

Possible file upload attack!
Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => photo.jpg
[type] => image/jpeg
[tmp_name] => /tmp/phpzeJkaC
[error] => 0
[size] => 11469
)

)

--- END ERROR ---

The folder i'm trying to access is /test/admin/uploads
and it does exist. (checked).
I hope you can tel me what's wrong. Anyway, i really appreciate all
your effort for trying to help me!

Frizzle.

My entire exact code is below:

+++++++++++++++ +++++++++++++++ +++++++++++++++ +

<?php

require_once('. ./inc/globals.php');

/*$ftp_conn = @ftp_connect( $default_ftp_se rver )or
die('<b>Error!</b><br>FTP Host Niot Found!');
@ftp_login( $ftp_conn, $default_ftp_us er, $default_ftp_pa ss )or
die('<b>Error!</b><br>Wrong FTP-login name or FTP-pass!');

@ftp_close( $ftp_conn );*/

if( isset( $_FILES['userfile'] ) ){
$uploaddir = './uploads/';
$uploadfile = $uploaddir . basename($_FILE S['userfile']['name']);

echo '<pre>';
if (move_uploaded_ file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES );

print "</pre>";

};

?>
<form action="<?php echo $PHP_SELF; ?>" method="post"
enctype="multip art/form-data" name="images" target="_top" id="images"
class="form">
<input name="userfile" type="file" id="userfile">
<br>
<input type="submit" name="upload" id="upload" value="Upload!" >
<input name="cancel" type="button" id="cancel" value="Cancel"
onClick="javasc ript:if(confirm ('Sure?')){ history.go(-1) }else{}">
</form><?php

if (is_dir($upload dir)) {
if ($dh = opendir($upload dir)) {
while (($file = readdir($dh)) !== false) {
if ($file !== '..' && $file !== '.') echo "filename: $file : filetype:
" . filetype($uploa ddir . $file) . "<br>\r\n";
}
closedir($dh);
}
};

?>

+++++++++++++++ +++++++++++++++ +++++++++++++++ +

OK, who owns the directory, and what are its flags? And what's the userid of
the webserver?

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===


User: domainname
Group: psacln
Permissions: rwx r-x r-x

Userid i don't know. How could i check that ?

Frizzle.

Apr 11 '06 #26
frizzle wrote:
Jerry Stuckle wrote:
frizzle wrote:
Jerry Stuckle wrote:
frizzle wrote:
>Jerry Stuckle wrote:
>
>
>
>>frizzle wrote:
>>
>>
>>
>>>Jerry Stuckle wrote:
>>>
>>>
>>>
>>>
>>>>frizz le wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>Jerr y Stuckle wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>frizz le wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Jerr y Stuckle wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>fri zzle wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>Je rry Stuckle wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>f rizzle wrote:
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>>>> Jerry Stuckle wrote:
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>>>> >frizzle wrote:
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >>Jerry Stuckle wrote:
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>>Gary L. Burnore wrote:
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>>On Wed, 05 Apr 2006 07:55:14 -0500, Jerry Stuckle
>>>>>>>>>>> >>>><js*******@ attglobal.net> wrote:
>>>>>>>>>>> >>>>.
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>>>>Standa rd (DW created files/dirs) have user 'domainname', permissions
>>>>>>>>>>> >>>>>>>'rwx r-x r-x ',
>>>>>>>>>>> >>>>>>>Ftp app uploaded (with chmod 777) have user 'apache', permissions 'rw-
>>>>>>>>>>> >>>>>>>--- --- '
>>>>>>>>>>> >>>>>>>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>>>> >>>>>>>Frizzl e.
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>Is there a possibility to upload files via PHP without Chmodding, and
>>>>>>>>>>> >>>>>>keep the same group / permissions on uploaded files as those uploaded
>>>>>>>>>>> >>>>>>with, say, DreamWeaver or WS_FTP ?
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>Frizzle .
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>(E.g. with ftp_put() wich i can't seem to get working.)
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>
>>>>>>>>>>> >>>>>Only if you can ftp in as the web server.
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>It depends on the ftp server, actually. Our ftp server correctly sets
>>>>>>>>>>> >>>>the permissions for you when you push. Seems your ISP has something
>>>>>>>>>>> >>>>set incorrectly.
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>No, he was asking how to upload files with PHP - not with FTP.
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>--
>>>>>>>>>>> >>>============ ======
>>>>>>>>>>> >>>Remove the "x" from my email address
>>>>>>>>>>> >>>Jerry Stuckle
>>>>>>>>>>> >>>JDS Computer Training Corp.
>>>>>>>>>>> >>>js*******@at tglobal.net
>>>>>>>>>>> >>>============ ======
>>>>>>>>>>> >>
>>>>>>>>>>> >>
>>>>>>>>>>> >>Sorry, kind of lost it here; is it possible to FTP via PHP w/o any
>>>>>>>>>>> >>chmodding etc.
>>>>>>>>>>> >>So i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>>>> >>upload it, and
>>>>>>>>>>> >>have the upload script up and running ... ?
>>>>>>>>>>> >>
>>>>>>>>>>> >>Frizzle.
>>>>>>>>>>> >>
>>>>>>>>>>> >
>>>>>>>>>>> >Frizzle,
>>>>>>>>>>> >
>>>>>>>>>>> >No, you can't upload via PHP. FTP is a system service, just as telnet, ssh and
>>>>>>>>>>> >web server are.
>>>>>>>>>>> >
>>>>>>>>>>> >When you ftp a file to the server, the owner of the file is the userid who
>>>>>>>>>>> >uploaded the file (signed into ftp). But when you upload via PHP, you're using
>>>>>>>>>>> >the web server, and the owner is the userid of the server itself.
>>>>>>>>>>> >
>>>>>>>>>>> >--
>>>>>>>>>>> >============== ====
>>>>>>>>>>> >Remove the "x" from my email address
>>>>>>>>>>> >Jerry Stuckle
>>>>>>>>>>> >JDS Computer Training Corp.
>>>>>>>>>>> >js*******@attg lobal.net
>>>>>>>>>>> >============== ====
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>>>> Ok, thanks.
>>>>>>>>>>> Not to go on and on about this, but the other thing i asked is
>>>>>>>>>>> impossible as well then?
>>>>>>>>> >>
>>>>>>>>>>> "So i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>>>> upload it,
>>>>>>>>>>> and have the upload script up and running ... ?"
>>>>>>>>> >>
>>>>>>>>>>> Frizzle.
>>>>>>>>> >>
>>>>>>>>> >
>>>>>>>>>>I t's easy to ftp or to upload via PHP. Both work quite well (unless the
>>>>>>>>>>s erver's configuration is screwed up). It's when you try to mix the two you
>>>>>>>>>>s tart running into permission problems and need to chmod.
>>>>>>>>> >
>>>>>>>>> >--
>>>>>>>>>>= =============== ==
>>>>>>>>>>R emove the "x" from my email address
>>>>>>>>>>J erry Stuckle
>>>>>>>>>>J DS Computer Training Corp.
>>>>>>>>>>j s*******@attglo bal.net
>>>>>>>>>>= =============== ==
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>ow kaaaaayyyy, i never realized ftp and uploading aren't the same
>>>>>>>>>th ing...
>>>>>>>>> I don't need to mix them, i need a script to upload files, wich can
>>>>>>>>>pr efferably
>>>>>>>>>ru n without any chmodding etc.
>>>>>>>>>
>>>>>>>>>Fr izzle.
>>>>>>>>>
>>>>>>>>
>>>>>>>>O k, you just need to ensure you have the original directory permissions set
>>>>>>>>pro perly, then. In a typical installation the directory would be owned by the
>>>>>>>>web server's userid with permissions of 755.
>>>>>>>>
>>>>>>>>A nd I hope I didn't confuse you. You can upload via HTTP, or with the ftp PUT
>>>>>>>>com mand. In either case the file ends up on the server. But how it gets there
>>>>>>>>i s much different.
>>>>>>>>
>>>>>>>>
>>>>>>>>--
>>>>>>>>=== ===============
>>>>>>>>Rem ove the "x" from my email address
>>>>>>>>Jer ry Stuckle
>>>>>>>>J DS Computer Training Corp.
>>>>>>>>js* ******@attgloba l.net
>>>>>>>>=== ===============
>>>>>>>
>>>>>>>
>>>>>>>Wh en i create a new folder, either via Plesk, Dreamweaver or WS_FTP,
>>>>>>>fold ers are standard chmodded 755.
>>>>>>>Th at should be allright then ...
>>>>>>>
>>>>>>>Friz zle.
>>>>>>>
>>>>>>
>>>>>>*Shou ld be* is the key. If your host has things set ip properly, then yes you
>>>>>>shoul d be OK. But if not...
>>>>>>
>>>>>>And I'm not sure about Plesk, but I know DreamWeaver and WS_FTP both use ftp to
>>>>>>trans fer files. I suspect Plesk does, also.
>>>>>>
>>>>>>
>>>>>>--
>>>>>>===== =============
>>>>>>Remov e the "x" from my email address
>>>>>>Jer ry Stuckle
>>>>>>JDS Computer Training Corp.
>>>>>>js*** ****@attglobal. net
>>>>>>===== =============
>>>>>
>>>>>
>>>>>Well , ok, but where should i focus now to build a script to upload
>>>>>file s to my server?
>>>>>FTP, or an other file transfer method?
>>>>>It would be ideal if i could also create / delete folders ...
>>>>>
>>>>>Frizzl e.
>>>>>
>>>>
>>>>
>>>>Frizzle ,
>>>>
>>>>It depends on how you want to do things. If you're going to be the only one
>>>>uploadi ng, you can do ftp or http uploads. If you have users who may not be
>>>>familia r with ftp, you should do http uploads.
>>>>
>>>>The downside of http uploads is you can't synchronize files between your local
>>>>copy and the website with products like Dreamweaver.
>>>>
>>>>You can create and delete directories in PHP also, assuming your host hasn't
>>>>disable d these functions and you have the appropriate permissions. So that's
>>>>not a problem.
>>>>
>>>>It's all in how you want to maintain your site.
>>>>
>>>>
>>>>--
>>>>======= ===========
>>>>Remov e the "x" from my email address
>>>>Jerry Stuckle
>>>>JDS Computer Training Corp.
>>>>js***** **@attglobal.ne t
>>>>======= ===========
>>>
>>>
>>>It's meant for a user based site; users with certain priviledges are
>>>allowe d to add news and files to the site. No synchronizing
>>>needed . Mostly images and mp3's, maybe some docs etc.
>>>
>>>Frizzl e.
>>>
>>
>>In that case I would suggest http uploads.
>>
>>Maybe the easiest way is to have an admin page where you can let PHP create the
>>root directory(s) you wish, then let the main part of the site upload into these
>>directori es and, if necessary, create new directories.
>>
>>If the webserver creates them it will be the owner, also.
>>
>>--
>>========= =========
>>Remove the "x" from my email address
>>Jerry Stuckle
>>JDS Computer Training Corp.
>>js******* @attglobal.net
>>========= =========
>
>
>Hmm, hope i'm not back at the start (the chmodding part) i get an
>error:
>
>Warning: move_uploaded_f ile(): SAFE MODE Restriction in effect. The
>script whose uid is 10008 is not allowed to access / owned by uid 0 in
>/home/httpd/vhosts/host.com/httpdocs/test/admin/ftp2.php on line 17
>
>Here is some more debugging info:Array
>(
> [userfile] => Array
> (
> [name] => photo.jpg
> [type] => image/jpeg
> [tmp_name] => /tmp/phpejdmGr
> [error] => 0
> [size] => 11469
> )
>
>)
>
>
>Does this have something to do with the Chmodding again ? (Please tell
>me it doesn't...)
>
>Frizzle.
>

I have no idea - don't know what code you're using.

But it looks like you're trying to access the system root directory ('/') -
which is owned by root. You can't do it.
--
=========== =======
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@a ttglobal.net
=========== =======

You were right, i forgot a dot (shame on me) in the path. My code is
below.
Having fixed that, it gave me the next (of how many :s ) error:

--- ERROR ---

Warning:
move_uploade d_file(/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg):
failed to open stream: Permission denied in
/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17

Warning: move_uploaded_f ile(): Unable to move '/tmp/phpzeJkaC' to
'/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg' in
/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17

Possible file upload attack!
Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => photo.jpg
[type] => image/jpeg
[tmp_name] => /tmp/phpzeJkaC
[error] => 0
[size] => 11469
)

)

--- END ERROR ---

The folder i'm trying to access is /test/admin/uploads
and it does exist. (checked).
I hope you can tel me what's wrong. Anyway, i really appreciate all
your effort for trying to help me!

Frizzle.

My entire exact code is below:

++++++++++++ +++++++++++++++ +++++++++++++++ ++++

<?php

require_once ('../inc/globals.php');

/*$ftp_conn = @ftp_connect( $default_ftp_se rver )or
die('<b>Erro r!</b><br>FTP Host Niot Found!');
@ftp_login ( $ftp_conn, $default_ftp_us er, $default_ftp_pa ss )or
die('<b>Erro r!</b><br>Wrong FTP-login name or FTP-pass!');

@ftp_close ( $ftp_conn );*/

if( isset( $_FILES['userfile'] ) ){
$uploaddir = './uploads/';
$uploadfil e = $uploaddir . basename($_FILE S['userfile']['name']);

echo '<pre>';
if (move_uploaded_ file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FI LES);

print "</pre>";

};

?>
<form action="<?php echo $PHP_SELF; ?>" method="post"
enctype="mul tipart/form-data" name="images" target="_top" id="images"
class="form" >
<input name="userfile" type="file" id="userfile">
<br>
<input type="submit" name="upload" id="upload" value="Upload!" >
<input name="cancel" type="button" id="cancel" value="Cancel"
onClick="jav ascript:if(conf irm('Sure?')){ history.go(-1) }else{}">
</form><?php

if (is_dir($upload dir)) {
if ($dh = opendir($upload dir)) {
while (($file = readdir($dh)) !== false) {
if ($file !== '..' && $file !== '.') echo "filename: $file : filetype:
" . filetype($uploa ddir . $file) . "<br>\r\n";
}
closedir($dh );
}
};

?>

++++++++++++ +++++++++++++++ +++++++++++++++ ++++

OK, who owns the directory, and what are its flags? And what's the userid of
the webserver?

--
============= =====
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@att global.net
============= =====

User: domainname
Group: psacln
Permissions: rwx r-x r-x

Userid i don't know. How could i check that ?

Frizzle.


Well, the Apache user is usually (but not always) the owner of the document root
directory. Or you can ask your webhost.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
Apr 11 '06 #27
try to change the temp directory to own buy your user. Your /tmp
directory maybe secured so php has a hard time putting files there.

--
Mike
http://www.xpertdns.com

Apr 12 '06 #28
I asked my webhost, but they told me uploading
a folder and having it running uploads etc. is not
possible on Linux by default. Folders should be
chmod 777 or chmod 755.

Frizzle.

Apr 14 '06 #29
frizzle wrote:
I asked my webhost, but they told me uploading
a folder and having it running uploads etc. is not
possible on Linux by default. Folders should be
chmod 777 or chmod 755.

Frizzle.


Yes and no. It depends on how they have their folders configured.

However, obviously they have it configured so you can't do it. But you should
still be able to create the folder in PHP from a web page (so it's running as
the Apache user) and upload to it. The folder should then have the Apache user
as the owner.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
Apr 14 '06 #30

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
16819
by: Daniel | last post by:
Hi, From what I read from the PHP manual, chmod on a Windows platform should have no effect, and that seems totally normal (unless someone on sourceforge has a windows port of that!). I create a directory on my Windows box, and set chmod 777 on it (that should be full access for everyone if my memory serves me correctly), but when I want to rmdir that directory, I get a permission denied message (I can delete contents from that...
6
6705
by: Ask Josephsen | last post by:
Hi NG If I write the following: <?php $file="myfile.JPG"; if ( getmyuid()==fileowner ( $file ) ) { chgrp ( $file, getmygid() ); chown ( $file, getmyuid() );
1
4703
by: Xuan Yuan | last post by:
I'm using Windows XP Professional and have no FTP installed. Instead, I use Command Promt. I need to CHMOD a PHP file, so I type "CHMOD 775 file-path",but get "'CHMOD'is not recognized as an internal or external command,operable program or batch file"!Is this because I spelled it wrong?Or is it the computer's problem?
4
4839
by: Ian N | last post by:
Hi i'm having a problem with file permissions of upload, they appear to be being set to only readable by the administrator, so anyone browsing the site gets a 403 forbidden error when they try and view the image. I've tried adding the following line: - chmod($uploadfile, 444); and also a few variations on it but to no avail.
5
9558
by: Stewart | last post by:
Hi, I'm working on a program in VC++ right now that needs to set file permissions of a given file to 766 (read/write/execute). Now I've found the _chmod() function in the API help docs, but that only caters for read/write. Is there ANY way of setting 766 to a file through C++ at all? Many thanks. Mike
2
2922
by: Freebird | last post by:
Hello everyone, =] I need your help, I'm creating a script that will work in many servers, and there's this part, where you can update a list, so the script goes from the client's machine to the central server, opens the file, and in adda line by line in the client server, it's all working fine, but there's a problem, this list, can't be available to others, because if I do this:
1
2992
by: James Colannino | last post by:
Ok, so now I have a very interesting problem, this time related to os.chmod. I have the following in a text file: 0600. My script reads that number as a string and converts it to an integer for use with chmod. However, when I do this, instead of the rw------ permissions that I expect, I get ---x-wx--T. I tried placing 0600 directly in the command (chmod(filename, 0600)), and that worked as expected (I got rw------). So then I entered...
3
3772
by: webhead | last post by:
I have a web where users can upload photos, but they want to also be able to delete them. The directory can have chmod changes but it won't let me chmod the files and unlink them. I'm assuming it really is a chmod problem even though the error message is "no such file or directory", as I'm sure the name and path are right. Even my ftp program won't let me chmod the files, is this a safemode problem?
3
4769
by: Rik | last post by:
Hello, first of all, my provider sucks, newsserver is down for the #nth time now, offcourse when I have an urgent question.... So this will be me first time using Google Groups, forgive me if something goes wrong. The problem at hand: In a restricted area I let a user upload an image, no problem The image gets scaled down with imagecopyresampled(), and stored with imagejpeg($resized_img,'/path/to/target/image.jpg')
1
3218
by: lawrence k | last post by:
I've a simple script to transfer some files from one domain to another, with both domains living on the same server. The files in both directories are already chmod 777. Yet after transfer, I try to ensure that the file is 777, and I get an error. Why? for ($i=0; $i < count($transferArray); $i++) { $fileName = $transferArray; $commandAsString = "\cp -f /var/www/vhosts/mydomain.com/httpdocs/ site_specific_files/$fileName...
0
9903
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9754
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
11044
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10692
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10767
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10375
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9526
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
7084
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
3
3194
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.