move_uploaded_file + safe_mode

From: Felix Natter (felix.natter_at_ldc.de)
Date: 07/09/04 

Date: Fri, 09 Jul 2004 15:15:04 +0200

hi,

I would like to upload a file (via a form), then read that (temporary)
file and write the contents into a database. The first problem is that
open_basedir=/home/CUSTOMER so I can't just read it from /tmp.

That's why I used move_uploaded_file() to move the file
to /home/CUSTOMER/DOMAIN/tmp/FILENAME:

======================================================
<?php
                                                                                
error_reporting (E_ALL);
                                                                                
// move file to DOMAIN's tmpdir
$client_name = $_FILES['uploadfile']['name'];
$dest = "/home/CUSTOMER/DOMAIN/tmp/$client_name";
move_uploaded_file($_FILES['uploadfile']['tmp_name'], $dest);

// read uploaded file
$tempfile = fopen("$dest","rb");
echo "contents of $client_name=" . fread ($tempfile,1024);

?>
======================================================

when I do the fopen I get an error:
Warning: SAFE MODE Restriction in effect. The script whose uid is 0 is not allowed to access /home/CUSTOMER/DOMAIN/tmp/README.html owned by uid 33

This error is because move_uploaded_file() has created README.html
with www-data:www-data (instead of CUSTOMER:CUSTOMER):
-rw------- 1 www-data www-data 12733 Jul 9 14:17 README.html

Next I tried to login via ftp, and do a chmod on that file from there
(I found this trick on www.php.net and it helped with such safe_mode
problems in the past), right after the call to move_uploaded_file():

======================================================
// do a chmod 777 via ftp to work around a safe_mode problem
// (file-uploads are created with user=www-data, but on our server
// safe_mode is enabled, and so php-scripts may not open any files
// that are not owned by CUSTOMER:CUSTOMER)
// => we chmod 777 it via ftp so that we can read it
$path = "DOMAIN";
$conn = ftp_connect ("localhost");
$result = ftp_login ($conn, "CUSTOMER", "PASSWORD");
if (!$conn or !$result) { exit ("Couldn't login to ftp!"); }
if (!ftp_site ($conn, "chmod 0777 /DOMAIN/tmp/$client_name")) \{
 exit ("Couldn't do ftp_site!");
}
ftp_quit ($conn);
======================================================
but then I get permission denied for the ftp-command:
Warning: ftp_site: /DOMAIN/tmp/README.html: Operation not permitted in [...]/testupload.php on line 20
Couldn't do ftp_site!

thanks a lot, 

-- 
Felix Natter

Relevant Pages

  • Re: ftp upload problems
    ... > normally if I upload it via ftp. ... I wrote a test script ... "chmod +x test.pl" will fix this. ...
    (comp.os.linux.misc)
  • Re: SOHO3 And FTP
    ... The weird thing is that with WS-FTP I can upload and delete. ... can't CHMOD. ... > Bob wrote: ... How does this help me FTP via ...
    (comp.security.firewalls)
  • Re: Publisher and 1&1
    ... In other words, clean up the folder. ... change the FTP proxy settings to allow ... To use Publisher read the following ... this is your root directory and where you upload your Publisher ...
    (microsoft.public.publisher.webdesign)
  • Re: hmt will not load in FTP client after proxy server problems.
    ... what things you have to format differently when you build a webpage. ... Now as per the FTP issue. ... off the server, and upload new ones. ... index.htm file and the index_files folder that contain the supporting ...
    (microsoft.public.publisher.webdesign)
  • Re: hmt will not load in FTP client after proxy server problems.
    ... Publisher is a DTP with limited web building capability. ... Now as per the FTP issue. ... off the server, and upload new ones. ... index.htm file and the index_files folder that contain the supporting ...
    (microsoft.public.publisher.webdesign)