Hi,

Yes, The script has to run as that user instead of nobody. To do this  
you need to make php with phpsuexec.

Sincerely,
Mike
-- 
Mike Brandonisio          *    Web Hosting
Tech One Illustration     *    Internet Marketing
tel (630) 759-9283        *    e-Commerce
[EMAIL PROTECTED]    *    http://www.jikometrix.net

     JIKOmetrix - Reliable web hosting


On Apr 13, 2006, at 9:43 PM, Michael Sullivan wrote:

> On Thu, 2006-04-13 at 18:31 -0500, Michael Sullivan wrote:
>> One of my users at espersunited.com cannot upload new content to his
>> webspace because the new router his father has installed for their  
>> home
>> network automatically blocks FTP transactions of any kind (for  
>> security
>> purposes).  They do not know how to turn off this feature.  I am  
>> seeking
>> other ways for this user to upload new content to his webspace.  I am
>> considering the following PHP script:
>>
>> form.html:
>>
>> <!-- The data encoding type, enctype, MUST be specified as below -->
>> <form enctype="multipart/form-data" action="upload.php"  
>> method="POST">
>>    <!-- MAX_FILE_SIZE must precede the file input field -->
>>    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
>>    <!-- Name of input element determines name in $_FILES array -->
>>    Send this file: <input name="userfile" type="file" />
>>    <input type="submit" value="Send File" />
>> </form>
>>
>> upload.php:
>>
>> <?php
>>    // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be
>> used instead
>>    // of $_FILES.
>>
>>    $uploaddir = '/home/michael/webspace/html'; //For testing.  Actual
>> value will be determined dynamically
>>
>>    $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
>>
>>    echo '<pre>';
>>    if (move_uploaded_file($_FILES['userfile']['tmp_name'],  
>> $uploadfile))
>>    {
>>       echo "File is valid, and was successfully uploaded.\n";
>>    }
>>    else
>>    {
>>       echo "Possible file upload attack!\n";
>>    }
>> ?>
>>
>> However, I'm running into a permissions problem.  I was considering
>> creating a temporary uploads directory, authenticating the user, and
>> then copying the file in the temp uploads directory to the users
>> directory tree, but I'm afraid that approach would be too  
>> vulnerable to
>> DoS attacks.  Does anyone have any advice for me on this?  I was  
>> going
>> to authenticate the user through the my FTP server anyway.  Any  
>> ideas,
>> anyone?
>>
>>
>
> My user who was having problems with the FTP-blocked router has solved
> them.  Now I'm attempting to create a web-based website editor  
> (similar
> to the one geocities.com uses).  I've looked at several today and none
> of them that I've found seem to support the Linux accounts on my  
> server.
> I need the script to be kept at a central location where all users can
> take advantage of it, but each user needs to be able to save the files
> they create/edit to their own webspace.  Is there a way to do this,
> without setting the user directories world-writable?
>
>
>
>
>
> Community email addresses:
>   Post message: [email protected]
>   Subscribe:    [EMAIL PROTECTED]
>   Unsubscribe:  [EMAIL PROTECTED]
>   List owner:   [EMAIL PROTECTED]
>
> Shortcut URL to this page:
>   http://groups.yahoo.com/group/php-list
> Yahoo! Groups Links
>
>
>
>
>
>
>
>



Community email addresses:
  Post message: [email protected]
  Subscribe:    [EMAIL PROTECTED]
  Unsubscribe:  [EMAIL PROTECTED]
  List owner:   [EMAIL PROTECTED]

Shortcut URL to this page:
  http://groups.yahoo.com/group/php-list 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/php-list/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 



Reply via email to