At 9:32 PM -0600 9/24/06, Andy Hultgren wrote:
Hi Tedd,
Yes, when I browse to www.myDomain.com I get the index.html file, and so I
have been leaving the .public_html/ directory alone since it is not my
root. I'm curious, what you described is exactly what I'm trying to do -
what permissions do you set the parent folder at when you are finished
uploading/saving/downloading/etc.? I have my "uploaded_images/"
directory set at chmod 0100 and I can still browse to an uploaded image from
my file upload page... Thanks for your response,
Andy:
I ran into the same problem trying to work with, and understand,
permissions on a virtual host. When I asked this gang about
permissions some time back, I received answers that ranged from RTFM
to calling me stupid for using 0777, but none answered my question.
No fault of the gang, I probably didn't ask the question correctly.
In any event, I felt too stupid to ask the question again, so I went
elsewhere looking for answers and eventually found something that
works for me.
Some consider me a novice, so I'll ask the gang to overview my
comments to make sure that I'm not guiding you down the wrong path.
As you know, the key to setting the permissions of a file depends
upon the permissions the parent folder. If the parent folder
permission is set to 0777, then we can change any files inside the
folder as we want. However, that also presents a major security hole
because then anyone can use that folder to upload and run evil code.
So, the key problem is how to alter parent folder permissions.
With virtual hosting, we can upload, manage, and set permissions as
we want via our FTP connection software. So, I thought perhaps php
had something like that and as such I discovered how to ftp connect
via php.
Now, not all php ftp_<commands> are available to php 4, but you can
connect to your site and change permissions of folders, which is what
we actually need. So, if you want to do something with a file: then
change the folder permissions of the folder that holds it; do
whatever you want with the file; and then change the folder
permissions back to something safe.
You can also create new folders if you want using the command ftp_mkdir().
Note, the beginning of the ftp_paths are different than url paths we
would normally use to locate a file. For example:
An example web path:
http://www.yourdomain.com/rw/tmp/text.txt
An example symbolic link:
public_html/rw/tmp/text.txt
The following code will show you an example of how this works. Just
put in your own domain, user id, password, and correct paths and try
it out. Change the permissions in the code and watch how the file
permissions change.
Please let me know if this works for you -- watch for line breaks.
hth's
tedd
PS: I don't know what to say about your ".public_html/" directory,
but I would just leave it alone.
---
// how to call the function
<?php
$ftp_path = "public_html/rw/"; // note the ftp path
$theDir = "tmp";
$theFile ="text.txt";
FtpPerms($ftp_path, $theDir, $theFile);
?>
// the function
<?php
// create directory and change permissions via FTP connection
function FtpPerms($path, $theDir, $theFile)
{
$server='ftp.yourdomain.com'; // ftp server
$connection = ftp_connect($server); // connection
$user = "you";
$pass = "yourpassword";
$result = ftp_login($connection, $user, $pass); // login to ftp server
if ((!$connection) || (!$result))
{
echo("No connection<br/>");
return false;
exit();
}
else
{
echo("Made connection<br/>");
ftp_chdir($connection, $path); // go to destination dir
echo("Change permission<br/>");
$str="CHMOD 0755 " . $theDir; // change permissions for dir (note the
space after 0775 )
ftp_site($connection, $str);
echo("$str<br/>");
$filename = "$theDir/$theFile";
$contents = "This is the contents of the file.";
echo("<hr><br/>Writing file <br/><br/>");
$file = fopen( $filename, "w" );
fwrite( $file, $contents);
fclose( $file );
chmod($filename,0755);
echo("Change permission<br/>");
$str="CHMOD 0600 " . $theDir; // change permissions back for dir
ftp_site($connection, $str);
echo("$str<br/>");
echo("Close connection<br/>");
ftp_close($connection); // close connection
}
}
?>
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
