Re: [PHP-DB] Help with file upload
Hello Neil, I want to really thank you. You cracked my month long problem for me. The destination path was supposed to be the absolute path: /home/ayserve/public_html/fu/ It is working fine now. Regards, Bunmi Neil Smth wrote: At 18:44 16/10/2003 +, you wrote: From: Ruprecht Helms [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Bunmi Akinmboni [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Content-Type: text/plain Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Date: 16 Oct 2003 15:12:38 +0200 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DB] Help with file upload On Thu, 2003-10-16 at 09:58, Bunmi Akinmboni wrote: Thanks Neil. My ultimate aim to update my database with the details of the upload after it uploads successfully, but I need to solve this problem first. The folder already has permission 777. Re your response below : I missed the leading dot, and so I may have not been concise enough with my answer so let me try again : You are trying to move a file to ./ayservenet.jpg Now, as far as the OS can determine, this file is not allowed to be placed there (even though its the same directory) because you probably have the open_basedir restriction in place on your server (quite rightly, for security reasons). What you need to do let me reiterate, is to ensure the directory you are copying to has the correct permissions (you say this is tru) *and* you name the path as an absolute path name within the Linux filesystem structure. My ISP does the same thing, and you can only upload files to an absolute path which is at or below your html root directory. In your case this is probably /home/ayserve/public_html/fu/ Please do not use relative paths for this as it will probably not work, as you have found. Hope that helps - Cheers, Neil. This is the reply I got: Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream: Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6 Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to './ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on line 6 ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw [error] = 0 [size] = 3030 ) ) I had experienced this also on Windows IIS now it is also coming on my Linux yet I have full access to the two servers. Bunmi -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] = ayservenet.jpg
[type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw [error] = 0 [size]
= 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
Bunmi
John W. Holmes wrote:
Bunmi Akinmboni wrote:
His is the new code:
?php
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
copy($_FILES['ufile1']['tmp_name'], .);
You should be using move_uploaded_file() instead of copy(), first of all.
Next, the two arguments passed to either copy() or move_uploaded_file()
are _filenames_, not directories. So something like
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
is probably what you're after.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
For the message:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
you have to change the permissions of the file folder where you are copying
the file.
If you created it via FTP then you can't use copy() or move().
check:
echo fileperms( $folder );
if it's 33188 or 33279 it's ok but I think it is not the permission of your
folder.
I think you'll get 17901 or some other.
so you have to use ftp_chmod() of ftp_site() to change it..
try this:
$folderbase = folderbase; // it's the folder where your folder for
uploads is.
$folder = foldername;// it's your folder for uploads.
$mode = 0777;
$site = ftp_connect ( ftp.yourdomain.com );
if( $site != FALSE ) {
$loged = ftp_login( $site , your username, your password );
if( $loged ) {
ftp_chdir( $site , $folder );
ftp_site( $site , chmod $mode $folder );
}
ftp_quit( $site );
John W. Holmes [EMAIL PROTECTED] escribió en el mensaje
news:[EMAIL PROTECTED]
Bunmi Akinmboni wrote:
Pls Help.
I have done a lot of reading prior to this yet I just can't seem make it
work. I wrote an upload program as seen below but the response I got
was:
Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1]
= Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] =
/tmp/phpIMEhdh [error] = 0 [size] = 3030 ) )
[snip]
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
echo $ufile1_name ;
echo DONE;
echo ;
print_r($_FILES);
} else {
echo Possible file upload attack. Filename: .
$_FILES['ufile1']['name'];
echo ;
print_r($_FILES);
}
?
You should pass $_FILES['ufile1']['tmp_name'] to is_uploaded_file().
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
On Thu, 2003-10-16 at 07:14, John W. Holmes wrote: Bunmi Akinmboni wrote: Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream: Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6 PHP runs as the web server and it does not have permission to write to the current directory. If you're using IIS, PHP runs as the IUSR_computer_name user. And how is it by running Linux. I've a similar problem with my provider in uploading files via php. The permissions in the html-subdir are set that all persons have write-permissions. At the moment I work with a workaround that by using email to transfer the file to me to be uploaded via ftp. But the way should be that the user should be able to upload a file by himselve via PHP. Regards, Ruprecht -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
I just changed the permission on fu folder to 777 but it gives me the
same problem. I'm writing this script so that I can use it to upload to
jpeg files. The code is hereby attached.
Gabriel Peugnet wrote:
For the message:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
you have to change the permissions of the file folder where you are copying
the file.
If you created it via FTP then you can't use copy() or move().
check:
echo fileperms( $folder );
if it's 33188 or 33279 it's ok but I think it is not the permission of your
folder.
I think you'll get 17901 or some other.
so you have to use ftp_chmod() of ftp_site() to change it..
try this:
$folderbase = folderbase; // it's the folder where your folder for
uploads is.
$folder = foldername;// it's your folder for uploads.
$mode = 0777;
$site = ftp_connect ( ftp.yourdomain.com );
if( $site != FALSE ) {
$loged = ftp_login( $site , your username, your password );
if( $loged ) {
ftp_chdir( $site , $folder );
ftp_site( $site , chmod $mode $folder );
}
ftp_quit( $site );
John W. Holmes [EMAIL PROTECTED] escribi en el mensaje
news:[EMAIL PROTECTED]
Bunmi Akinmboni wrote:
Pls Help.
I have done a lot of reading prior to this yet I just can't seem make it
work. I wrote an upload program as seen below but the response I got
was:
Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1]
= Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] =
/tmp/phpIMEhdh [error] = 0 [size] = 3030 ) )
[snip]
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
echo $ufile1_name ;
echo DONE;
echo ;
print_r($_FILES);
} else {
echo Possible file upload attack. Filename: .
$_FILES['ufile1']['name'];
echo ;
print_r($_FILES);
}
?
You should pass $_FILES['ufile1']['tmp_name'] to is_uploaded_file().
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
'Bunmi Akinmboni
5, Aibu Street, Off Bode Thomas Street,
P.O. Box 6235, Surulere, Lagos, NIGERIA.
Tel: (234) 1-813-3335
Fax: (234) 1-583-2585 (Nigeria Only)
Fax: 1 (309) 285-2383 (International)
Email: [EMAIL PROTECTED]
Web site: http://www.budelak.com
http://www.ayserve.net
Web Design, Web Hosting, Domain Registration, ICT Consultancy,
Networking, Internet, eCommerce, System Integrator
===
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
I just changed the permission on fu folder to 777 but it gives me the
same problem. I'm writing this script so that I can use it to upload to
jpeg files. The code is hereby attached.
Bunmi
Gabriel Peugnet wrote:
For the message:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
you have to change the permissions of the file folder where you are copying
the file.
If you created it via FTP then you can't use copy() or move().
check:
echo fileperms( $folder );
if it's 33188 or 33279 it's ok but I think it is not the permission of your
folder.
I think you'll get 17901 or some other.
so you have to use ftp_chmod() of ftp_site() to change it..
try this:
$folderbase = folderbase; // it's the folder where your folder for
uploads is.
$folder = foldername;// it's your folder for uploads.
$mode = 0777;
$site = ftp_connect ( ftp.yourdomain.com );
if( $site != FALSE ) {
$loged = ftp_login( $site , your username, your password );
if( $loged ) {
ftp_chdir( $site , $folder );
ftp_site( $site , chmod $mode $folder );
}
ftp_quit( $site );
John W. Holmes [EMAIL PROTECTED] escribi en el mensaje
news:[EMAIL PROTECTED]
Bunmi Akinmboni wrote:
Pls Help.
I have done a lot of reading prior to this yet I just can't seem make it
work. I wrote an upload program as seen below but the response I got
was:
Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1]
= Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] =
/tmp/phpIMEhdh [error] = 0 [size] = 3030 ) )
[snip]
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
echo $ufile1_name ;
echo DONE;
echo ;
print_r($_FILES);
} else {
echo Possible file upload attack. Filename: .
$_FILES['ufile1']['name'];
echo ;
print_r($_FILES);
}
?
You should pass $_FILES['ufile1']['tmp_name'] to is_uploaded_file().
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
'Bunmi Akinmboni
5, Aibu Street, Off Bode Thomas Street,
P.O. Box 6235, Surulere, Lagos, NIGERIA.
Tel: (234) 1-813-3335
Fax: (234) 1-583-2585 (Nigeria Only)
Fax: 1 (309) 285-2383 (International)
Email: [EMAIL PROTECTED]
Web site: http://www.budelak.com
http://www.ayserve.net
Web Design, Web Hosting, Domain Registration, ICT Consultancy,
Networking, Internet, eCommerce, System Integrator
===
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user needs
permission to write to the directory you are specifying. In this case you
are trying to circumvent filesystem access controls by writing directly to
the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory). It
needs to be mode 660 or 666 for testing, you can tighten up the permissions
later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web server
to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP, the
topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] = ayservenet.jpg
[type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw [error] = 0 [size] =
3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
Bunmi
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
Thanks Neil. My ultimate aim to update my database with the details of
the upload after it uploads successfully, but I need to solve this
problem first.
The folder already has permission 777.
Bunmi
Neil Smth wrote:
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user needs
permission to write to the directory you are specifying. In this case
you are trying to circumvent filesystem access controls by writing
directly to the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory).
It needs to be mode 660 or 666 for testing, you can tighten up the
permissions later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web
server to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP,
the topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on
line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] =
ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw
[error] = 0 [size] = 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
Neil,
The folder fu is not the root. I just created it for testing and it has
777 permission. My ultimate aim is to update a database upon successful
uploading.
Bunmi
Neil Smth wrote:
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user needs
permission to write to the directory you are specifying. In this case
you are trying to circumvent filesystem access controls by writing
directly to the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory).
It needs to be mode 660 or 666 for testing, you can tighten up the
permissions later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web
server to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP,
the topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on
line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] =
ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw
[error] = 0 [size] = 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
Bunmi
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
permission is ok but it's got to be inside the home directory of web server,
which is /var/www by default for apache
Nitin
- Original Message -
From: Bunmi Akinmboni [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 1:28 PM
Subject: Re: [PHP-DB] Help with file upload
Thanks Neil. My ultimate aim to update my database with the details of
the upload after it uploads successfully, but I need to solve this
problem first.
The folder already has permission 777.
Bunmi
Neil Smth wrote:
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user needs
permission to write to the directory you are specifying. In this case
you are trying to circumvent filesystem access controls by writing
directly to the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory).
It needs to be mode 660 or 666 for testing, you can tighten up the
permissions later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web
server to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP,
the topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line
6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on
line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] =
ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw
[error] = 0 [size] = 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
HI Nitin,
Is that not dangerous as it will affect the entire server structure?
Bunmi
Nitin wrote:
permission is ok but it's got to be inside the home directory of web server,
which is /var/www by default for apache
Nitin
- Original Message -
From: Bunmi Akinmboni [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 1:28 PM
Subject: Re: [PHP-DB] Help with file upload
Thanks Neil. My ultimate aim to update my database with the details of
the upload after it uploads successfully, but I need to solve this
problem first.
The folder already has permission 777.
Bunmi
Neil Smth wrote:
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user needs
permission to write to the directory you are specifying. In this case
you are trying to circumvent filesystem access controls by writing
directly to the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory).
It needs to be mode 660 or 666 for testing, you can tighten up the
permissions later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web
server to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP,
the topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line
6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on
line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] =
ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw
[error] = 0 [size] = 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
i dont understand, what are you saying dangerous to...
i just gave an example, at your machine home directory of web server could
be entirely different.
anyway read my last mail
Nitin
- Original Message -
From: Bunmi Akinmboni [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 1:56 PM
Subject: Re: [PHP-DB] Help with file upload
HI Nitin,
Is that not dangerous as it will affect the entire server structure?
Bunmi
Nitin wrote:
permission is ok but it's got to be inside the home directory of web
server,
which is /var/www by default for apache
Nitin
- Original Message -
From: Bunmi Akinmboni [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 1:28 PM
Subject: Re: [PHP-DB] Help with file upload
Thanks Neil. My ultimate aim to update my database with the details of
the upload after it uploads successfully, but I need to solve this
problem first.
The folder already has permission 777.
Bunmi
Neil Smth wrote:
Bunmi, you need to understand Unix file permissions.
Because you are running as the web server 'user / group' that user
needs
permission to write to the directory you are specifying. In this case
you are trying to circumvent filesystem access controls by writing
directly to the root directory of the filesystem !
So you need to adjust your path to for example
/home/ayserve/public_html/fu/uploads/
*** Then*** You need to adjust the permission on this directory to
allow
write access to the web server. You can do this from most FTP clients
(dreamweaver has a plugin to adjust the permissions of the directory).
It needs to be mode 660 or 666 for testing, you can tighten up the
permissions later.
If you absolutely cant do this by FTP somehow, try using
chmod(/home/ayserve/public_html/fu/uploads/,100666);
execute your upload after extensive file type checks
chmod(/home/ayserve/public_html/fu/uploads/,100755);
To change it back again to a safe setting as soon as possible !
666 corresponds to user-group-everybody, rwx and 660 to rw (no execute
permission). Finally, 755 allows owner rwx and others rx permission -
execute permission needs to be set again afterwards to allow the web
server to traverse (read) the directory again.
PS _ Can you remind me again how this is related to Databases in PHP,
the topic of this list ;-)
Cheers - Neil.
At 06:25 16/10/2003 +, you wrote:
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 06:09:07 +0100
From: Bunmi Akinmboni [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on
line
6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on
line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] =
ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw
[error] = 0 [size] = 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
On Thu, 2003-10-16 at 09:58, Bunmi Akinmboni wrote:
Thanks Neil. My ultimate aim to update my database with the details of
the upload after it uploads successfully, but I need to solve this
problem first.
The folder already has permission 777.
Dateiname: /home/www/web172/phptmp/phppYlgrZDatei wurde hochgeladen
Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The
script whose uid is 897 is not allowed to access
/home/www/web172/html/html owned by uid 30 in
/home/www/web172/html/upload_http.php on line 9
This is my actual Warning after running this script
files should moved from ../web172/phptmp/ into ../web172/html/
both directories are on the same 'floor'.
?
echo 'Dateiname: ';
echo $userfile;
//chdir('html');
if(is_uploaded_file($userfile));
{
echo Datei wurde hochgeladen;
chmod(html,100755);
move_uploaded_file($userfile,'html/'.$userfile);
}
//move_uploaded_file($userfile,$userfile);
?
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
At 18:44 16/10/2003 +, you wrote: From: Ruprecht Helms [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Bunmi Akinmboni [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Content-Type: text/plain Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Date: 16 Oct 2003 15:12:38 +0200 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DB] Help with file upload On Thu, 2003-10-16 at 09:58, Bunmi Akinmboni wrote: Thanks Neil. My ultimate aim to update my database with the details of the upload after it uploads successfully, but I need to solve this problem first. The folder already has permission 777. Re your response below : I missed the leading dot, and so I may have not been concise enough with my answer so let me try again : You are trying to move a file to ./ayservenet.jpg Now, as far as the OS can determine, this file is not allowed to be placed there (even though its the same directory) because you probably have the open_basedir restriction in place on your server (quite rightly, for security reasons). What you need to do let me reiterate, is to ensure the directory you are copying to has the correct permissions (you say this is tru) *and* you name the path as an absolute path name within the Linux filesystem structure. My ISP does the same thing, and you can only upload files to an absolute path which is at or below your html root directory. In your case this is probably /home/ayserve/public_html/fu/ Please do not use relative paths for this as it will probably not work, as you have found. Hope that helps - Cheers, Neil. This is the reply I got: Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream: Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6 Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to './ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on line 6 ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw [error] = 0 [size] = 3030 ) ) I had experienced this also on Windows IIS now it is also coming on my Linux yet I have full access to the two servers. Bunmi -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Help with file upload
Pls Help.
I have done a lot of reading prior to this yet I just can't seem make it
work. I wrote an upload program as seen below but the response I got was:
Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1]
= Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] =
/tmp/phpIMEhdh [error] = 0 [size] = 3030 ) )
My codes are:
File UPLOAD.HTM:
html
head
titleUntitled Document/title
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
/head
body
form method=post action=fuprocess.php enctype=multipart/form-data
input type=file name=ufile1 size=20
input type=submit name=submit value=submit
/form
/body
/html
File FUPROCESS.PHP:
?php
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead
of $_FILES.
// $realname = $_FILES['ufile1']['name'];
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
echo $ufile1_name ;
echo DONE;
echo ;
print_r($_FILES);
} else {
echo Possible file upload attack. Filename: .
$_FILES['ufile1']['name'];
echo ;
print_r($_FILES);
}
?
Thanks.
--
'Bunmi Akinmboni
5, Aibu Street, Off Bode Thomas Street,
P.O. Box 6235, Surulere, Lagos, NIGERIA.
Tel: (234) 1-813-3335
Fax: (234) 1-583-2585 (Nigeria Only)
Fax: 1 (309) 285-2383 (International)
Email: [EMAIL PROTECTED]
Web site: http://www.budelak.com
http://www.ayserve.net
Web Design, Web Hosting, Domain Registration, ICT Consultancy,
Networking, Internet, eCommerce, System Integrator
===
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
Bunmi Akinmboni wrote:
Pls Help.
I have done a lot of reading prior to this yet I just can't seem make it
work. I wrote an upload program as seen below but the response I got was:
Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1]
= Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name] =
/tmp/phpIMEhdh [error] = 0 [size] = 3030 ) )
[snip]
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
echo $ufile1_name ;
echo DONE;
echo ;
print_r($_FILES);
} else {
echo Possible file upload attack. Filename: .
$_FILES['ufile1']['name'];
echo ;
print_r($_FILES);
}
?
You should pass $_FILES['ufile1']['tmp_name'] to is_uploaded_file().
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
His is the new code:
?php
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
copy($_FILES['ufile1']['tmp_name'], .);
echo $ufile1_name ;
echo DONE;
echo ;
print_r($_FILES);
} else {
echo Possible file upload attack. Filename: .
$_FILES['ufile1']['name'];
echo ;
print_r($_FILES);
}
?
Bunmi
Bunmi Akinmboni wrote:
Thanks John,
I had done it before and still tried it again now. This is what I get:
Warning: copy(.): failed to open stream: Is a directory in
/home/ayserve/public_html/fu/fuprocess.php on line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] = ayservenet.jpg
[type] = image/pjpeg [tmp_name] = /tmp/php1tARiu [error] = 0 [size]
= 3030 ) )
Bunmi
John W. Holmes wrote:
Bunmi Akinmboni wrote:
Pls Help.
I have done a lot of reading prior to this yet I just can't seem make
it work. I wrote an upload program as seen below but the response I
got was:
Possible file upload attack. Filename: ayservenet.jpg Array (
[ufile1] = Array ( [name] = ayservenet.jpg [type] = image/pjpeg
[tmp_name] = /tmp/phpIMEhdh [error] = 0 [size] = 3030 ) )
[snip]
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
echo $ufile1_name ;
echo DONE;
echo ;
print_r($_FILES);
} else {
echo Possible file upload attack. Filename: .
$_FILES['ufile1']['name'];
echo ;
print_r($_FILES);
}
?
You should pass $_FILES['ufile1']['tmp_name'] to is_uploaded_file().
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
Bunmi Akinmboni wrote:
His is the new code:
?php
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
copy($_FILES['ufile1']['tmp_name'], .);
You should be using move_uploaded_file() instead of copy(), first of all.
Next, the two arguments passed to either copy() or move_uploaded_file()
are _filenames_, not directories. So something like
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
is probably what you're after.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals www.phparch.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
This in in the php manual
(http://www.php.net/manual/en/features.file-upload.php) but anyway...
The value contained in $_FILES['ufile1']['name'] is not the name of the
temporary file on the server. Try $_FILES['ufile1']['tmp_name'] instead
Hence the lines
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
become
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
copy($_FILES['ufile1']['tmp_name'], $_FILES['ufile1']['name']);
That is copy the temporary file to the name that the user specified when
uploading.
BTW: Make sure you move or copy the temporary file before the php script
ends as the temporary file will not exist afterwards.
George Patterson
On Thu, 16 Oct 2003 05:20:38 +0100
Bunmi Akinmboni [EMAIL PROTECTED] wrote:
Pls Help.
I have done a lot of reading prior to this yet I just can't seem make
it work. I wrote an upload program as seen below but the response I
got was:
Possible file upload attack. Filename: ayservenet.jpg Array ( [ufile1]
= Array ( [name] = ayservenet.jpg [type] = image/pjpeg [tmp_name]
= /tmp/phpIMEhdh [error] = 0 [size] = 3030 ) )
File FUPROCESS.PHP:
?php
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead
of $_FILES.
// $realname = $_FILES['ufile1']['name'];
if (is_uploaded_file($_FILES['ufile1']['name'])) {
copy($_FILES['ufile1']['name'], .);
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
This is reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] = ayservenet.jpg
[type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw [error] = 0 [size]
= 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
Bunmi
John W. Holmes wrote:
Bunmi Akinmboni wrote:
His is the new code:
?php
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
copy($_FILES['ufile1']['tmp_name'], .);
You should be using move_uploaded_file() instead of copy(), first of all.
Next, the two arguments passed to either copy() or move_uploaded_file()
are _filenames_, not directories. So something like
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
is probably what you're after.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
I used this code now:
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
This is the reply I got:
Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream:
Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6
Warning: move_uploaded_file(): Unable to move '/tmp/phpfJyDSw' to
'./ayservenet.jpg' in /home/ayserve/public_html/fu/fuprocess.php on line 6
ayservenet.jpg DONE Array ( [ufile1] = Array ( [name] = ayservenet.jpg
[type] = image/pjpeg [tmp_name] = /tmp/phpfJyDSw [error] = 0 [size]
= 3030 ) )
I had experienced this also on Windows IIS now it is also coming on my
Linux yet I have full access to the two servers.
Bunmi
John W. Holmes wrote:
Bunmi Akinmboni wrote:
His is the new code:
?php
if (is_uploaded_file($_FILES['ufile1']['tmp_name'])) {
copy($_FILES['ufile1']['tmp_name'], .);
You should be using move_uploaded_file() instead of copy(), first of all.
Next, the two arguments passed to either copy() or move_uploaded_file()
are _filenames_, not directories. So something like
move_uploaded_file($_FILES['ufile1']['tmp_name'],'./' .
$_FILES['ufile1']['name']);
is probably what you're after.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
Bunmi Akinmboni wrote: Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream: Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6 PHP runs as the web server and it does not have permission to write to the current directory. If you're using IIS, PHP runs as the IUSR_computer_name user. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Help with file upload
So what could be the problem? I reaaly don't know. Bunmi John W. Holmes wrote: Bunmi Akinmboni wrote: Warning: move_uploaded_file(./ayservenet.jpg): failed to open stream: Permission denied in /home/ayserve/public_html/fu/fuprocess.php on line 6 PHP runs as the web server and it does not have permission to write to the current directory. If you're using IIS, PHP runs as the IUSR_computer_name user. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Help with file upload
I am trying to upload a file but the problem i am having is that i get no
value if i used $HTTP_POST_FILES['userfile']['name'] i have my register
globals on and everything but i just can't see what am i doing wrong. here
is my code:
/*?
-$dir = .\Apache\htdoc\ ;
-$dir .= $_POST['img1'];
-$temp1 = $_POST['img1'];
-$filename = $HTTP_POST_FILES['img1']['name'];
-echo filename is $filenamebr\n;
-$temp_file = $HTTP_POST_FILES[img1][tmp_name];
-$file_type = $HTTP_POST_FILES[img1][type];
-if($HTTP_POST_VARS['img1']['name'] != ){
copy($temp1,$dir) or
die (Couldn't copy the file);
-}else{
die(No input file specified);
-}
-?
-HTML
-BODY
-h1Successful upload /h1
-p
-You sent: ? print $_POST['img1']; ?, a ? echo$img1_size; ?
- byte file of type ? echo$img1_type; ?. /p
-/body
-/html
*/
please help me because i need this ASAP.. thank you all
_
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
