Richard Lynch wrote:
> > I've got a strange thing with overriding an ini file in PHP.
> >
> > I'm trying to implement a simple example of a script that allows a file to
> be
> > uploaded.
> >
> > I put an <INPUT TYPE="file" NAME="myfile" ENCTYPE="multipart/form-data">
> tag
>
> ENCTYPE goes in the FORM tag, I think...
maybe, but this is copied straight out of a PHP book I've got by Judy Meloni
> > on the form, along with a submit button. (yeah, the rest of the HTML is
> > fine...)
> >
> > The script gets the file, uploads it, and the $myfile variable says the
> > uploaded file is named something like "/var/tmp/phpq32345". However, I
> don't
> > have write permissions to /var/tmp. (Neither does the process doing the
> > actual upload!)
>
> What process is it that you think is doing the upload?...
PHP scripts run as user nobody on this system
> It's usually "nobody" who owns it, which usually does have write access to
> /tmp files. Or, maybe in your OS, /var/tmp files. If PHP says it got it
> there, it probably did.
PHP gives me a file name like what I showed above, but it's not there by the
time the script tries to copy it. We're not talking a huge script here -- an
exec( "ls -l $myfile" ) doesn't find the file. If it was ever there, it's gone
almost instantaneously.
> But then you must copy it or process it, because
> PHP will delete it when the script ends -- to avoid a denial-of-service
> attack where somebody tries to upload a million little files through your
> web-server to fill up /tmp.
>
> > I created a php3.ini file in the same directory that contains the script.
> > It has only the line:
> >
> > upload_tmp_dir = myuploads
> >
> > Then I created a directory named myuploads in the same dir with 2777
> > perms.
> >
> > However, the script never sees this ini file! I printed out the cwd from
> > the script, and it IS the same dir where the php3.ini file resides; I can
> > even exec a command 'ls -l *.ini' and it shows up there just fine.
>
> You can't do that in a php.ini file in the same directory.
> You *can* do it (maybe) with an .htaccess file, if Apache has .htaccess
> turned on in httpd.conf, and upload_tmp_dir isn't one of the
> non-over-ridable directives.
The things I've read say the php3.ini file goes in the "current directory". I'm
not sure which one that is, but it's obviously not the one containing the script
files.
Any other ideas?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
