To guard against our users possibly uploading huge files, I've got this
in my php.ini file:
; Maximum size of POST data that PHP will accept.
post_max_size = 10M
On a server running Ubuntu Linux. The PHP version:
root@ldc310:/etc/php5/cli# php -v
PHP 5.1.6 (cli) (built: Nov 28 2007 22:52:49)
I just uploaded a 28 meg file to the server. I have a PHP script that
automatically resizes the images to less than a meg. However, I was
assuming that the upload should have failed, before the PHP script ever
had the chance to resize the file. How do I limit how much our users can
upload? I really don't want the users to have the power to upload 30 or
40 or 50 meg files.
The server does have Plesk installed, which I know, in times past, has
found ways to undermine the settings in php.ini. For instance, for
open_basedir, the value that gets written in the httpd.conf file, in
each vhost directory, takes precedence over whatever I put in php.ini.
But I've never seen Plesk undermine the importance of the post_max_size
setting, nor can I imagine where Plesk might store such a conf setting
if it did.
Any thoughts on what might be wrong? Are there other places some
configuration data might be taking precedent?
16  2084 
On May 30, 7:01 pm, Lawrence Krubner <lawre...@krubn er.comwrote:
>
To guard against our users possibly uploading huge files, I've
got this in my php.ini file:
; Maximum size of POST data that PHP will accept.
post_max_size = 10M
What about upload_max_file size? And what, if anything, is
LimitRequestBod y directive in Apache set to? Are there any .htaccess
files that could possibly change any of this?
And while we're checking for possibilities, are you editing the same
php.ini PHP is using?
Also, are you running PHP as an Apache module or CGI/FastCGI?
Cheers,
NC
NC wrote:
On May 30, 7:01 pm, Lawrence Krubner <lawre...@krubn er.comwrote:
>To guard against our users possibly uploading huge files, I've
got this in my php.ini file:
; Maximum size of POST data that PHP will accept.
post_max_siz e = 10M
What about upload_max_file size?
From my php.ini file:
; Maximum allowed size for uploaded files.
upload_max_file size = 10M
And what, if anything, is
LimitRequestBod y directive in Apache set to?
This returns nothing:
root@ldc310:~# cd /etc/apache2/
root@ldc310:/etc/apache2# grep -R LimitRequestBod y *
So I assume it is not set.
Are there any .htaccess
files that could possibly change any of this?
No, not at the top level of the site, where the upload script is.
And while we're checking for possibilities, are you editing the same
php.ini PHP is using?
I assume, but how could I be sure? This tells me the version: root@ldc310:/var/www/vhosts/thesecondroad.o rg/httpdocs# php -v
PHP 5.1.6 (cli) (built: Nov 28 2007 22:52:49)
Since it is PHP version 5, I assume this is the right path for editing:
root@ldc310:/# nano /etc/php5/cli/php.ini
Any way I can be sure? How do I check?
Also, are you running PHP as an Apache module or CGI/FastCGI?
An Apache module.
-- lawrence
On May 31, 12:04 am, Lawrence Krubner <lawre...@krubn er.comwrote:
NC wrote:
And what, if anything, is LimitRequestBod y directive
in Apache set to?
This returns nothing:
root@ldc310:~# cd /etc/apache2/
root@ldc310:/etc/apache2# grep -R LimitRequestBod y *
So I assume it is not set.
And if it's not set, it takes the default value, zero (meaning, no
limit).
And while we're checking for possibilities, are you editing
the same php.ini PHP is using?
I assume, but how could I be sure?
Run phpinfo() FROM THE BROWSER, not from command line. Look for
"Configurat ion File (php.ini) Path" in the output. The command-line
interpreter, the server module, and the CGI/FastCGI executable can
each have a different php.ini...
Since it is PHP version 5, I assume this is the right path for
editing:
root@ldc310:/# nano /etc/php5/cli/php.ini
I don't think so; note the "cli" in the path. Looks like you're
editing the php.ini that's used by the command-line interpreter,
not the one used by the Apache module.
Any way I can be sure? How do I check?
See the bit on phpinfo() above.
Cheers,
NC
On May 31, 3:01 am, Lawrence Krubner <lawre...@krubn er.comwrote:
To guard against our users possibly uploading huge files, I've got this
in my php.ini file:
; Maximum size of POST data that PHP will accept.
post_max_size = 10M
On a server running Ubuntu Linux. The PHP version:
root@ldc310:/etc/php5/cli# php -v
PHP 5.1.6 (cli) (built: Nov 28 2007 22:52:49)
I just uploaded a 28 meg file to the server. I have a PHP script that
automatically resizes the images to less than a meg. However, I was
assuming that the upload should have failed, before the PHP script ever
had the chance to resize the file. How do I limit how much our users can
upload? I really don't want the users to have the power to upload 30 or
40 or 50 meg files.
The server does have Plesk installed, which I know, in times past, has
found ways to undermine the settings in php.ini.
No - override - exactly as it's supposed to do. But its worth noting
that the only time I've seen plesk is on hosted servers - which rather
implies that you're already paying somebody to answer these questions.
For instance, for
open_basedir, the value that gets written in the httpd.conf file, in
each vhost directory, takes precedence over whatever I put in php.ini.
But I've never seen Plesk undermine the importance of the post_max_size
setting, nor can I imagine where Plesk might store such a conf setting
if it did.
Any thoughts on what might be wrong? Are there other places some
configuration data might be taking precedent?
The post_max_size is PHP specific thing - assuming it did work as you
expect, it wouldn't stop anyone from posting more data to the
webserver - indeed, according to the manual, it only says that when
more than this limit is posted, the $_POST and $_GET vars are empty -
no mention of $_FILES. A better setting would be to set the limit
using upload_max_file size, but again this does not stop people from
abusing your bandwidth.
If you set the limit in the webserver config then it will terminate
the conenction.
C.
On Sat, 31 May 2008 13:38:57 +0200, C. ( http://symcbean.blogspot.com/)
<co************ @gmail.comwrote :
On May 31, 3:01 am, Lawrence Krubner <lawre...@krubn er.comwrote:
>To guard against our users possibly uploading huge files, I've got this
in my php.ini file:
; Maximum size of POST data that PHP will accept.
post_max_siz e = 10M
On a server running Ubuntu Linux. The PHP version:
root@ldc310:/etc/php5/cli# php -v
PHP 5.1.6 (cli) (built: Nov 28 2007 22:52:49)
I just uploaded a 28 meg file to the server. I have a PHP script that
automaticall y resizes the images to less than a meg. However, I was
assuming that the upload should have failed, before the PHP script ever
had the chance to resize the file. How do I limit how much our users can
upload? I really don't want the users to have the power to upload 30 or
40 or 50 meg files.
The server does have Plesk installed, which I know, in times past, has
found ways to undermine the settings in php.ini.
No - override - exactly as it's supposed to do. But its worth noting
that the only time I've seen plesk is on hosted servers - which rather
implies that you're already paying somebody to answer these questions.
Well, even on my personal VPS I have Plesk. Really takes the edge of
administrative tasks I have no interest in for a hobby server :)
>For instance, for
open_basedir , the value that gets written in the httpd.conf file, in
each vhost directory, takes precedence over whatever I put in php.ini..
But I've never seen Plesk undermine the importance of the post_max_size
setting, nor can I imagine where Plesk might store such a conf setting
if it did.
Any thoughts on what might be wrong? Are there other places some
configuratio n data might be taking precedent?
The post_max_size is PHP specific thing - assuming it did work as you
expect, it wouldn't stop anyone from posting more data to the
webserver - indeed, according to the manual, it only says that when
more than this limit is posted, the $_POST and $_GET vars are empty -
no mention of $_FILES. A better setting would be to set the limit
using upload_max_file size, but again this does not stop people from
abusing your bandwidth.
If you set the limit in the webserver config then it will terminate
the conenction.
If concerned, it would be best to limit at the source indeed, i.e. the
webserver. If one wants to do it in PHP, a php_admin_value in httpd.conf/
vhost config should work. They ought not be overridable bij .htaccess
files, and as max_upload_file size is PHP_INI_PERDIR since 4.2.3 an
ini_set() shouldn't work either.
--
Rik Wasmus
....spamrun finished
On May 31, 6:38 am, "C. (http://symcbean.blogsp ot.com/)"
<colin.mckin... @gmail.comwrote :
If you set the limit in the webserver config then it will terminate
the conenction.
I probably should not get involved in a discussion like this, but I
can't help it. If the purpose is to save bandwidth, does the webserver
terminate the connection *after* if has uploaded to the specified
limit?
If tat is the case, that would be wasteful for an upload. Is there not
a facility that one could write just before the upload function is
involved to check the size of the file on the client and not start the
upload at that point? That would seem to be more bandwidth-sensible?
On May 31, 10:45 am, Lawrence Krubner <lawre...@krubn er.comwrote:
NC wrote:
On May 31, 12:04 am, Lawrence Krubner <lawre...@krubn er.comwrote:
NC wrote:
>And what, if anything, is LimitRequestBod y directive
in Apache set to?
This returns nothing:
root@ldc310:~# cd /etc/apache2/
root@ldc310:/etc/apache2# grep -R LimitRequestBod y *
So I assume it is not set.
And if it's not set, it takes the default value, zero (meaning, no
limit).
>And while we're checking for possibilities, are you editing
the same php.ini PHP is using?
I assume, but how could I be sure?
Run phpinfo() FROM THE BROWSER, not from command line. Look for
"Configurat ion File (php.ini) Path" in the output. The command-line
interpreter, the server module, and the CGI/FastCGI executable can
each have a different php.ini...
Since it is PHP version 5, I assume this is the right path for
editing:
root@ldc310:/# nano /etc/php5/cli/php.ini
I don't think so; note the "cli" in the path. Looks like you're
editing the php.ini that's used by the command-line interpreter,
not the one used by the Apache module.
Thanks for catching that. Seems you were right.
If anyone has time and wants to do me a big favor, go here:
http://www.cyberbitten.com/my_private_page.php
login with:
user: test
password: test
then go here and try to upload a file that is bigger than 10 megs:
http://www.cyberbitten.com/my_privat...=mp_photos.htm
I appreciate anyone who can give this a test.
-- lawrence krubner
I've started an upload of a 20MB .exe file(Nessus-3.2.1.exe).
As I said in another post, perhaps you want to do a few checks to save
your bandwidth. Check that the file type is correct. Check the size
*before* you start the upload.
I'll report back if the upload crashes.
On May 31, 11:04 am, MikeB <MPBr...@gmail. comwrote:
On May 31, 10:45 am, Lawrence Krubner <lawre...@krubn er.comwrote:
NC wrote:
On May 31, 12:04 am, Lawrence Krubner <lawre...@krubn er.comwrote:
>NC wrote:
>>And what, if anything, is LimitRequestBod y directive
>>in Apache set to?
>This returns nothing:
>root@ldc310: ~# cd /etc/apache2/
>root@ldc310:/etc/apache2# grep -R LimitRequestBod y *
>So I assume it is not set.
And if it's not set, it takes the default value, zero (meaning, no
limit).
>>And while we're checking for possibilities, are you editing
>>the same php.ini PHP is using?
>I assume, but how could I be sure?
Run phpinfo() FROM THE BROWSER, not from command line. Look for
"Configurat ion File (php.ini) Path" in the output. The command-line
interpreter, the server module, and the CGI/FastCGI executable can
each have a different php.ini...
>Since it is PHP version 5, I assume this is the right path for
>editing:
>root@ldc310:/# nano /etc/php5/cli/php.ini
I don't think so; note the "cli" in the path. Looks like you're
editing the php.ini that's used by the command-line interpreter,
not the one used by the Apache module.
Thanks for catching that. Seems you were right.
If anyone has time and wants to do me a big favor, go here:
http://www.cyberbitten.com/my_private_page.php
login with:
user: test
password: test
then go here and try to upload a file that is bigger than 10 megs:
http://www.cyberbitten.com/my_privat...=mp_photos.htm
I appreciate anyone who can give this a test.
-- lawrence krubner
I've started an upload of a 20MB .exe file(Nessus-3.2.1.exe).
As I said in another post, perhaps you want to do a few checks to save
your bandwidth. Check that the file type is correct. Check the size
*before* you start the upload.
I'll report back if the upload crashes.
I can't tell if it failed or uploaded successfully. I don't get an
error message or anything... ?
MikeB wrote:
On May 31, 6:38 am, "C. (http://symcbean.blogsp ot.com/)"
<colin.mckin... @gmail.comwrote :
>If you set the limit in the webserver config then it will terminate
the conenction.
I probably should not get involved in a discussion like this, but I
can't help it. If the purpose is to save bandwidth, does the webserver
terminate the connection *after* if has uploaded to the specified
limit?
The webserver doesn't KNOW what php's bandwidth limit is. It takes ALL
the POST data of which the uploaded file is part, and gives it to PHP.
If tat is the case, that would be wasteful for an upload. Is there not
a facility that one could write just before the upload function is
involved to check the size of the file on the client and not start the
upload at that point? That would seem to be more bandwidth-sensible?
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Chris Mosser |
last post by:
I'm looking for an applet that allows for multiple file uploads. I found
jupload and am considering using that, but I might have a couple issues. I
need to build a web app for a print shop, that allows their clients to
upload their finished files. Problem is, these files are likely to be upto
10 megs each with the possibility of having multiple files at one time. I
don't think standard http protocol is the best solution for these file...
|
by: Jeff_Relf |
last post by:
Hi Tom, You showed: <<
private const string PHONE_LIST =
"495.1000__424.1111___(206)564-5555_1.800.325.3333";
static void Main( string args ) {
foreach (string phoneNumber in Regex.Split (PHONE_LIST, "_+")) {
Console.WriteLine (phoneNumber); } }
Output:
495.1000
|
by: Grace |
last post by:
Hello,
I want to upload the file by webpage to SQL Server.
When I upload the small file, it is work.
But, when I upload big file(ex. 40~50 MB), it isn't work;
the Browser displays the following error message:
"The webpage consulted at present is unable to use.
Websites may happen the technological question or you need to adjust the
browser to establish ."
|
by: Dude |
last post by:
Somewhere between 9 - 11 megs I am unable to upload, using either
aspupload or the built-in uploading functionality.
here is the code from web.config
<system.web>
<httpRuntime maxRequestLength="35192" executionTimeout="1200" />
afer submitting the form, it takes a few minutes for the page to
process, then a blank page comes up, it appears to be doing more
processing, but the new page hangs indefinately.
|
by: Charlie |
last post by:
Hi:
I'm using the HTML File Field control as a file picker for uploading files
to a SQl Server image field. When page posts back to initiate upload, if
file is small (under about two megs) all is well. However, when I select a
large file, the default IIS "Cannot find server" page is immediately
returned. Weird???
Thanks,
Charlie
| | |
by: lawrence k |
last post by:
I've a file upload script on my site. I just now used it to upload a
small text document (10k). Everything worked fine.
Then I tried to upload a 5.3 meg Quicktime video.
Didn't work.
I've set the POST limit in php.ini to 8 megs.
What reasons, other than the POST limit, would a large upload fail?
|
by: mikecom |
last post by:
Hi
Maybe there is an oracle out there who can help.
I have an aspx site and a simple fileupload control on it.
Everything works fine except:
I can reproduce an 404 error when trying to upload some files.
It only happens when trying to upload PDF Files, and not on every PDF
File.
|
by: KevinADC |
last post by:
Note: You may skip to the end of the article if all you want is the perl code.
Introduction
Uploading files from a local computer to a remote web server has many useful purposes, the most obvious of which is the sharing of files. For example, you upload images to a server to share them with other people over the Internet. Perl comes ready equipped for uploading files via the CGI.pm module, which has long been a core module and allows users...
|
by: henribaeyens |
last post by:
Hello,
I have this question that hopefully some of you guys can answer.
So I use the usual mechanism: display form, enter data, browse for file,
validate, upload if no errors. Well, something is not working when I try
to upload a flv file. For starters, I print out the $_post and $_files
arrays and I see that if I browsed for, say, a wmv video then those
arrays contain all the needed data. If I browse for a flv, however, both
arrays...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
