Unable to upload a file in the remote folder on server in Win SCP

[Sandeep590]

Good Evening Folks,

 

Issue :  Uploading a file works in local folder ..but not in the remote folder which is on server in WIN SCP..

 

Description :  I have set all the permissions of the folder checked .. However , I don't see the file to be uploaded in the intended path .

 

 

This is path where the file needs to be uploaded :    home/int/libscrip/html/webtest/helpdesk/uploads

 

 

The code which was written in the PHP file regarding the destination path is as shown below.

 

$my_path = "tmp/";

$my_destinationpath = "uploads/";

 

if(!file_exists($my_path))

mkdir($my_path,0777,true);

if(!file_exists($my_destinationpath)

mkdir($my_destinationpath,0777,TRUE);

 

Note :  The folder and the file in which the code was written resides in the same folder due to which the above PHP variable was set as "tmp/".. (  Kindly assist me if this is correct practice to specify a folder on remote server)..

 

However , Iam not posting the code related to upload as the code works fine on local without any issues.

 

Unfortunately, this upload functionality is not working on remote server which needs to be solved.

 

 

Your help is greatly appreciated !!!!

 

 

 

 

[Jacques1]

The way you handle your server is suicidal.

 

If you've actually allowed PHP to create arbitrary files/directories within your application folder (as indicated by the mkdir() calls), that means your application may be manipulated at any time. The same permissions you use to create your upload folder may be used by an attacker to, for example, inject malware. You don't want this. The entire application must be read-only for the webserver, and you have to create the folders manually.

 

Using 777 permissions is also insane, even if that was just a desparate attempt of fixing the problem. Permissions must always be minimal. In your case, only the webserver needs execute and write permissions on the upload and tmp directory. So assign the directories to the webserver and then set the permissions to “300”. Read permissions are not required, unless you want the webserver to list the directory content. And other accounts don't need any permissions at all.

 

Last but not least, don't use relative paths, because you never know what they're relative to. If you want to reference a directory next to the current script, use

const UPLOAD_DIR = __DIR__.'/uploads';
const TMP_DIR = __DIR__.'/tmp';

Edited February 12, 2016 by Jacques1