I have created a php file to handle file uploads.
It very simple without any bells or whistles.
I just wanted to know if there was a way to control the owner of the new
file because when iupload files the owner is set to httpd which means that I
can't access the file properly.
My code is as follows.
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
<title>File Uploads</title>
<meta name="Generator" content="Editplus">
<meta name="Author" content="James Cook">
<meta name="Keywords" content="file upload, Filke Upload, FILE UPLOAD,
files, Files, FILES, uploads, Uploads, UPLOADS">
<meta name="Description" content="A page that allows the author to upload
files to his web page.">
</head>
<body>
<h2>Cook's File Upload page, please do not use</h2>
<br />
<?php
global $HTTP_POST_FILES;
global $PHP_SELF;
include "connect.php";
$connection = dbconnect();
$query="select pwd from pwd;";
$result = @MYSQL_QUERY($query,$connection);
if (!$result){
echo("No result");
echo mysql_errno() . ": " . mysql_error() . "\n";
}
$res = @MYSQL_RESULT($result,0,"pwd");
if (empty($addr)){
$addr="/home/cj923/public_html/wat/";
}
if (empty($first)){
displayform();
}
else{
if ($pass==$res){
// In PHP earlier then 4.1.0, $HTTP_POST_FILES previous $_FILES should be
used instead of $_FILES.
if (is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])){
copy($HTTP_POST_FILES['userfile']['tmp_name'], $addr .
$HTTP_POST_FILES['userfile']['name']);
}
else{
echo "Possible file upload attack. Filename: " .
$HTTP_POST_FILES['userfile']['name'] . "<br />";
}
/* ...or... */
$move = move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'], $addr
. $HTTP_POST_FILES['userfile']['name']);
if (!$move){
echo ("File Move failed");
echo ("<a href='$PHP_SELF'>Try Again</a>");
}
else{
echo("File Moved successfully");
}
}
else{
echo ("Incorrect pass, sorry<br/>");
echo ("<a href='$PHP_SELF'>Try Again</a>");
}
}
function displayform(){
global $PHP_SELF;
$HTML=<<<HTML
<form enctype='multipart/form-data' action='$PHP_SELF' method='post'>
<input type='hidden' name='max_file_size' value='10000'>
<table>
<tr>
<td>Send this file: </td>
<td><input name='userfile' type='file'><br /></td>
</tr>
<tr>
<td><input type='hidden' name='first' value='1'>
Use this pass: </td>
<td><input type='password' name='pass'></td>
</tr>
<tr>
<td>Save to this location: </td>
<td><input type='text' name='addr'></td>
</tr>
<tr>
<td></td><td>Default is /home/cj923/public_html/wat/</td>
</tr>
<tr colspan='2'>
<td><input type='submit' value='send file'></td>
</tr>
</form>
HTML;
echo ($HTML);
}
?>
</body>
</html>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
