[php-list] Permissions problem with file upload script.

Thu, 13 Apr 2006 16:31:44 -0700 

One of my users at espersunited.com cannot upload new content to his
webspace because the new router his father has installed for their home
network automatically blocks FTP transactions of any kind (for security
purposes).  They do not know how to turn off this feature.  I am seeking
other ways for this user to upload new content to his webspace.  I am
considering the following PHP script:

form.html:

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="upload.php" method="POST">
   <!-- MAX_FILE_SIZE must precede the file input field -->
   <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
   <!-- Name of input element determines name in $_FILES array -->
   Send this file: <input name="userfile" type="file" />
   <input type="submit" value="Send File" />
</form>

upload.php:

<?php
   // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be
used instead
   // of $_FILES.

   $uploaddir = '/home/michael/webspace/html'; //For testing.  Actual
value will be determined dynamically

   $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

   echo '<pre>';
   if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile))
   {
      echo "File is valid, and was successfully uploaded.\n";
   }
   else
   {
      echo "Possible file upload attack!\n";
   }
?>

However, I'm running into a permissions problem.  I was considering
creating a temporary uploads directory, authenticating the user, and
then copying the file in the temp uploads directory to the users
directory tree, but I'm afraid that approach would be too vulnerable to
DoS attacks.  Does anyone have any advice for me on this?  I was going
to authenticate the user through the my FTP server anyway.  Any ideas,
anyone?





Community email addresses:
  Post message: php-list@yahoogroups.com
  Subscribe:    [EMAIL PROTECTED]
  Unsubscribe:  [EMAIL PROTECTED]
  List owner:   [EMAIL PROTECTED]

Shortcut URL to this page:
  http://groups.yahoo.com/group/php-list 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/php-list/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to