On Thu, 2006-04-13 at 18:31 -0500, Michael Sullivan wrote:
> One of my users at espersunited.com cannot upload new content to his
> webspace because the new router his father has installed for their home
> network automatically blocks FTP transactions of any kind (for security
> purposes). They do not know how to turn off this feature. I am seeking
> other ways for this user to upload new content to his webspace. I am
> considering the following PHP script:
>
> form.html:
>
> <!-- The data encoding type, enctype, MUST be specified as below -->
> <form enctype="multipart/form-data" action="upload.php" method="POST">
> <!-- MAX_FILE_SIZE must precede the file input field -->
> <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
> <!-- Name of input element determines name in $_FILES array -->
> Send this file: <input name="userfile" type="file" />
> <input type="submit" value="Send File" />
> </form>
>
> upload.php:
>
> <?php
> // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be
> used instead
> // of $_FILES.
>
> $uploaddir = '/home/michael/webspace/html'; //For testing. Actual
> value will be determined dynamically
>
> $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
>
> echo '<pre>';
> if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile))
> {
> echo "File is valid, and was successfully uploaded.\n";
> }
> else
> {
> echo "Possible file upload attack!\n";
> }
> ?>
>
> However, I'm running into a permissions problem. I was considering
> creating a temporary uploads directory, authenticating the user, and
> then copying the file in the temp uploads directory to the users
> directory tree, but I'm afraid that approach would be too vulnerable to
> DoS attacks. Does anyone have any advice for me on this? I was going
> to authenticate the user through the my FTP server anyway. Any ideas,
> anyone?
>
>
My user who was having problems with the FTP-blocked router has solved
them. Now I'm attempting to create a web-based website editor (similar
to the one geocities.com uses). I've looked at several today and none
of them that I've found seem to support the Linux accounts on my server.
I need the script to be kept at a central location where all users can
take advantage of it, but each user needs to be able to save the files
they create/edit to their own webspace. Is there a way to do this,
without setting the user directories world-writable?
Community email addresses:
Post message: php-list@yahoogroups.com
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
