Re: Chmod
- From: "frizzle" <phpfrizzle@xxxxxxxxx>
- Date: 4 Apr 2006 16:14:23 -0700
Gary L. Burnore wrote:
On 4 Apr 2006 15:10:39 -0700, "frizzle" <phpfrizzle@xxxxxxxxx> wrote:
Hi,
I am at the base of an FTP thingy i'm building, and i noticed that
it would only work if i chmod the folder 777, i thought to remember
correctly that previously on another site chmod 744 was enough,
now it isn't.
Am i mistaking, and should it always be 777 ? And isn't a chmodded
777 folder much more vulnerable?
Most definitely more vulnerable.
You want 755, not 744. You need the x bit set. It should look like
this:
drwxr-xr-x ... ...
The x on a directory means search, not execute. If you can't search
the directory, you can't read the files in it.
If you want people to be able to find the files but not list the
directory when they're on the server, you can set the directory as 711
which would look like:
drwx--x--x ... ...
Frizzle.--
Code sofar below:
++++++++++++++++++++++++++
<?php
require_once('../inc/globals.php');
if( isset( $_FILES['image'] ) ){
$ftp_conn = @ftp_connect( $default_ftp_server )or
die('<b>Error!</b>');
@ftp_login( $ftp_conn, $default_ftp_user, $default_ftp_pass )or
die('<bError!</b>');
$uploaddir = '../items/';
$uploadfile = $uploaddir . basename( $_FILES['image']['name'] );
if ( move_uploaded_file( $_FILES['image']['tmp_name'], $uploadfile ) ){
echo "File is valid, and was successfully uploaded.";
} else {
echo "Possible file upload attack!";
};
ftp_close( $ftp_conn );
};
?>
<form action="<?php echo $PHP_SELF; ?>" method="post"
enctype="multipart/form-data" name="images" target="_top" id="images"
class="form">
<input name="image" type="file" id="image">
<br>
<input type="submit" name="upload" id="upload" value="Upload">
<input name="cancel" type="button" id="cancel" value="Cancel"
onClick="javascript:history.go(-1) ">
</form><?php
if (is_dir($uploaddir)) {
if ($dh = opendir($uploaddir)) {
while (($file = readdir($dh)) !== false) {
if ($file !== '..' && $file !== '.') echo "filename: $file :
filetype: " . filetype($uploaddir . $file) . "<br>\r\n";
}
closedir($dh);
}
};
?>
----------------------------------------------------
gburnore at DataBasix dot Com
---------------------------------------------------------------------------
How you look depends on where you go.
---------------------------------------------------------------------------
Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
Official .sig, Accept no substitutes. | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
| ÝÛ 0 1 7 2 3 / Ý³Þ 3 7 4 9 3 0 Û³
Black Helicopter Repair Services, Ltd.| Official Proof of Purchase
===========================================================================
Hmm, i still get an error; i chmodded both the destination folder AND
the executing script-file 755.
Warning: move_uploaded_file(../items/bg.jpg): failed to open stream:
Permission denied in
/home/httpd/vhosts/domain.com/httpdocs/new/admin/ftptest.php on line 15
Read mode Write mode Execute/search mode
Owner + + +
Group + - +
Others + - +
Frizzle.
.
- Follow-Ups:
- Re: Chmod
- From: bobzimuta
- Re: Chmod
- References:
- Chmod
- From: frizzle
- Chmod
- Prev by Date: Re: Avoiding timeout while mass mailing
- Next by Date: Re: selecting specific tag
- Previous by thread: Chmod
- Next by thread: Re: Chmod
- Index(es):
Relevant Pages
|
