Jump to content

tenke

New Members
  • Posts

    1
  • Joined

  • Last visited

    Never

Posts posted by tenke

  1. I've created a page in a small CMS system that allows our customer to upload images via a php script but when the file gets to the images directory it shows that it's now owned by www instead of the administrative user. The only way to delete the file is to do it from the command line. We aren't able to overwrite the files either. The Add (Insert Record) and Delete pages of the CMS are working just fine.

     

    I've contacted our host and their reply was as follows;

     

    "This is a known issue with using php. PHP that is built into apache runs as www and so any files created or uploaded through this will also be owned by www.

     

    If you use the apache php build then you need also a php script to handle these files - to modify or delete them etc.

     

    The alternative to this is to use the php binary at /usr/local/bin/php. You would need of course to modify your scripts to use the binary instead of the apache module but that is fairly standard. It really just depends upon your own needs and how you want to proceed."

     

    Server specs

    Apache Version 1.3.27

    PHP 4.3.4 w/Zend Optimizer v2.1.0

    Linux Redhat Version 7.3

    MySQL 3.23.57

     

    My question is... How do I modify my scripts so that I'm running php binary? I'm using Dreamweaver MX to create these php pages and this is the final stumbling block. I tried adding #!/usr/local/bin/php at the top of my pages but it didn't work. (saw this in another forum and thought I'd give it a try)...all it did was make #!/usr.. show up at the top of the page... I also tried changing the extension of the page to .cgi This made the #!/usr... disappear but the script stopped working also.

     

    thanks for any help,

    Troy

     

     

    Here's the code for the update page..

     

    <?php require_once('../Connections/sos.php'); ?>
    <?php
    function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
    {
     $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
    
     switch ($theType) {
       case "text":
         $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
         break;    
       case "long":
       case "int":
         $theValue = ($theValue != "") ? intval($theValue) : "NULL";
         break;
       case "double":
         $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
         break;
       case "date":
         $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
         break;
       case "defined":
         $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
         break;
     }
     return $theValue;
    }
    
    $editFormAction = $HTTP_SERVER_VARS['PHP_SELF'];
    if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
     $editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
    }
    
    if ((isset($HTTP_POST_VARS["MM_update"])) && ($HTTP_POST_VARS["MM_update"] == "form1")) {
     $updateSQL = sprintf("UPDATE closeouts SET title=%s, body=%s, image=%s WHERE id1=%s",
                          GetSQLValueString($HTTP_POST_VARS['title'], "text"),
                          GetSQLValueString($HTTP_POST_VARS['body'], "text"),
                          GetSQLValueString($HTTP_POST_VARS['image'], "text"),
                          GetSQLValueString($HTTP_POST_VARS['id1'], "int"));
    
     mysql_select_db($database_sos, $sos);
     $Result1 = mysql_query($updateSQL, $sos) or die(mysql_error());
    
     $updateGoTo = "thanks.html";
     if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
       $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
       $updateGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
     }
     header(sprintf("Location: %s", $updateGoTo));
    }
    
    mysql_select_db($database_sos, $sos);
    $query_Recordset1 = "SELECT * FROM closeouts";
    $Recordset1 = mysql_query($query_Recordset1, $sos) or die(mysql_error());
    $row_Recordset1 = mysql_fetch_assoc($Recordset1);
    $totalRows_Recordset1 = mysql_num_rows($Recordset1);
    
    // *** Move To Specific Record: declare variables
    $MM_rs = &$Recordset1;
    $row_MM_rs = &$row_Recordset1;
    $MM_rsCount = $totalRows_Recordset1;
    $MM_uniqueCol = "id1";
    $MM_paramName = "id1";
    $MM_paramIsDefined = ($MM_paramName != "" && isset($HTTP_GET_VARS[$MM_paramName]));
    
    // *** Move To Specific Record: handle detail parameter
    if ($MM_paramIsDefined && $MM_rsCount != 0) {
     // get the value of the parameter
     $param = $HTTP_GET_VARS[$MM_paramName];
     // find the record with the unique column value equal to the parameter value
     do {
       if ($row_MM_rs[$MM_uniqueCol] == $param) break;
     } while($row_MM_rs = mysql_fetch_assoc($MM_rs));
    }
    ?>

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.