I have created a php file to handle file uploads.

It very simple without any bells or whistles.

I just wanted to know if there was a way to control the owner of the new
file because when iupload files the owner is set to httpd which means that I
can't access the file properly.

My code is as follows.

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<title>File Uploads</title>
<meta name="Generator" content="Editplus">
<meta name="Author" content="James Cook">
<meta name="Keywords" content="file upload, Filke Upload, FILE UPLOAD,
files, Files, FILES, uploads, Uploads, UPLOADS">
<meta name="Description" content="A page that allows the author to upload
files to his web page.">
<h2>Cook's File Upload page, please do not use</h2>
<br />
global $PHP_SELF;
include "connect.php";

$connection = dbconnect();
$query="select pwd from pwd;";
$result = @MYSQL_QUERY($query,$connection);
if (!$result){
 echo("No result");
 echo mysql_errno() . ": " . mysql_error() . "\n";
$res = @MYSQL_RESULT($result,0,"pwd");

if (empty($addr)){
if (empty($first)){
 if ($pass==$res){
  // In PHP earlier then 4.1.0, $HTTP_POST_FILES previous $_FILES should be
used instead of $_FILES.
  if (is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])){
   copy($HTTP_POST_FILES['userfile']['tmp_name'], $addr .
   echo "Possible file upload attack. Filename: " .
$HTTP_POST_FILES['userfile']['name'] . "<br />";
  /* ...or... */
  $move = move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'], $addr
. $HTTP_POST_FILES['userfile']['name']);
  if (!$move){
   echo ("File Move failed");
   echo ("<a href='$PHP_SELF'>Try Again</a>");
   echo("File Moved successfully");
  echo ("Incorrect pass, sorry<br/>");
  echo ("<a href='$PHP_SELF'>Try Again</a>");

function displayform(){
global $PHP_SELF;
<form enctype='multipart/form-data' action='$PHP_SELF' method='post'>
<input type='hidden' name='max_file_size' value='10000'>
 <td>Send this file: </td>
 <td><input name='userfile' type='file'><br /></td>
 <td><input type='hidden' name='first' value='1'>
 Use this pass: </td>
 <td><input type='password' name='pass'></td>
 <td>Save to this location: </td>
 <td><input type='text' name='addr'></td>
 <td></td><td>Default is /home/cj923/public_html/wat/</td>
<tr colspan='2'>
<td><input type='submit' value='send file'></td>
echo ($HTML);

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to