I am building the ability for authenticated users to create php files and upload graphics. These would then be served by the server.
More details. The php files are automagicly generated by form input (that doesn't allow php code) This is heavily filtered/escaped. I am fairly confident in this part (security of code generated.) The php files will be served by include($file), then calling functions defined within the file. The php files are also designed so that if they were to be served directly, they would not output anything. I haven't started on the graphics upload yet, but it would be served the same way. (through my php program, not directly by apache) So, there is no reason apache needs to see the uploaded/created files, but php does need to see them. (ok, they are usually the same user, but it's the idea I'm going for.) This is on a standard cheap linux hosting server for the time being. I am wondering what setup you recommend for doing this type of thing. Where do you save the files? How do you configure permissions? Can/How do you validate images? Etc. Thanks, Orson _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
