Hi, Yes, The script has to run as that user instead of nobody. To do this you need to make php with phpsuexec.
Sincerely, Mike -- Mike Brandonisio * Web Hosting Tech One Illustration * Internet Marketing tel (630) 759-9283 * e-Commerce [EMAIL PROTECTED] * http://www.jikometrix.net JIKOmetrix - Reliable web hosting On Apr 13, 2006, at 9:43 PM, Michael Sullivan wrote: > On Thu, 2006-04-13 at 18:31 -0500, Michael Sullivan wrote: >> One of my users at espersunited.com cannot upload new content to his >> webspace because the new router his father has installed for their >> home >> network automatically blocks FTP transactions of any kind (for >> security >> purposes). They do not know how to turn off this feature. I am >> seeking >> other ways for this user to upload new content to his webspace. I am >> considering the following PHP script: >> >> form.html: >> >> <!-- The data encoding type, enctype, MUST be specified as below --> >> <form enctype="multipart/form-data" action="upload.php" >> method="POST"> >> <!-- MAX_FILE_SIZE must precede the file input field --> >> <input type="hidden" name="MAX_FILE_SIZE" value="30000" /> >> <!-- Name of input element determines name in $_FILES array --> >> Send this file: <input name="userfile" type="file" /> >> <input type="submit" value="Send File" /> >> </form> >> >> upload.php: >> >> <?php >> // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be >> used instead >> // of $_FILES. >> >> $uploaddir = '/home/michael/webspace/html'; //For testing. Actual >> value will be determined dynamically >> >> $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); >> >> echo '<pre>'; >> if (move_uploaded_file($_FILES['userfile']['tmp_name'], >> $uploadfile)) >> { >> echo "File is valid, and was successfully uploaded.\n"; >> } >> else >> { >> echo "Possible file upload attack!\n"; >> } >> ?> >> >> However, I'm running into a permissions problem. I was considering >> creating a temporary uploads directory, authenticating the user, and >> then copying the file in the temp uploads directory to the users >> directory tree, but I'm afraid that approach would be too >> vulnerable to >> DoS attacks. Does anyone have any advice for me on this? I was >> going >> to authenticate the user through the my FTP server anyway. Any >> ideas, >> anyone? >> >> > > My user who was having problems with the FTP-blocked router has solved > them. Now I'm attempting to create a web-based website editor > (similar > to the one geocities.com uses). I've looked at several today and none > of them that I've found seem to support the Linux accounts on my > server. > I need the script to be kept at a central location where all users can > take advantage of it, but each user needs to be able to save the files > they create/edit to their own webspace. Is there a way to do this, > without setting the user directories world-writable? > > > > > > Community email addresses: > Post message: [email protected] > Subscribe: [EMAIL PROTECTED] > Unsubscribe: [EMAIL PROTECTED] > List owner: [EMAIL PROTECTED] > > Shortcut URL to this page: > http://groups.yahoo.com/group/php-list > Yahoo! Groups Links > > > > > > > > Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
