embsupafly

Actually, The version rab had does not work correctly, but mine does, with the exception of the session vars being lost and having to login again if the directory is switched. Anyone else?

[!--quoteo(post=369055:date=Apr 26 2006, 10:45 PM:name=Koen Calliauw)--][div class=\'quotetop\']QUOTE(Koen Calliauw @ Apr 26 2006, 10:45 PM) [snapback]369055[/snapback][/div][div class=\'quotemain\'][!--quotec--] Exactly, I think that will be the problem, suppose googlebot hits your site, It'll not know what url to enter, just call the file without params, if that happens, no vars get set, so no $uniquedir gets set, ... boom. Check the dirs you want to delete, check that they are at least 1 or 2 chars long (use strlen or something), check if the directory exists and make sure you put in an extra check that it does not delete some unintended dir for some weird reason. Like this, this script was bound to have this kind of behaviour at some point. Koen [/quote] Well, the entire directory is password protected, so it must be done by someone logging in right?

Here is the delete script: I think I already see some problems if the delete script is not called from an intended url: [code] <? $db_name = "***"; $table_name = "cars"; $connection = @mysql_connect("localhost", "***", "***") or die(mysql_error()); $db = @mysql_select_db($db_name, $connection) or die(mysql_error()); $sql = "SELECT * FROM $table_name WHERE vehicle_id = '$_POST[vehicle_id]'"; $result = @mysql_query($sql,$connection) or die(mysql_error()); while ($row = mysql_fetch_array($result)) { $vehicle_id = $row['vehicle_id']; $vehicle_make = $row['vehicle_make']; $vehicle_model = $row['vehicle_model']; $vehicle_style = $row['vehicle_style']; $vehicle_description = $row['vehicle_description']; $vehicle_price = $row['vehicle_price']; $vehicle_image_a = $row['vehicle_image_a']; $vehicle_image_b = $row['vehicle_image_b']; $vehicle_image_c = $row['vehicle_image_c']; $vehicle_image_d = $row['vehicle_image_d']; $vehicle_image_e = $row['vehicle_image_e']; $vehicle_image_f = $row['vehicle_image_f']; $popup_vehicle_a = $row['popup_vehicle_a']; $popup_vehicle_b = $row['popup_vehicle_b']; $popup_vehicle_c = $row['popup_vehicle_c']; $popup_vehicle_d = $row['popup_vehicle_d']; $popup_vehicle_e = $row['popup_vehicle_e']; $popup_vehicle_f = $row['popup_vehicle_f']; $vehicle_year = $row['vehicle_year']; } $dbfield = $popup_vehicle_a; //new stuff to delete directory of images $the_url = $dbfield; $pieces = explode("%20", $the_url); $state = $pieces[0]; $piece = explode("/", $state); $uniquedir = $piece[4]; $dirname = "/home/***/www/phpcars/$uniquedir"; $files = "/home/***/www/phpcars/$uniquedir/"; // define function that will recursively enter directory and remove files in order for rmdir() function to // work. rmdir() can not remove a directory unless it is empty, that is what this purge() function does function purge($dir)   {   $handle = opendir($dir);   while (false !== ($file = readdir($handle)))   {   if ($file != "." && $file != "..")   {   if (is_dir($dir.$file))   {   purge ($dir.$file."/");   rmdir($dir.$file);   }   else   {   unlink($dir.$file);   }   }   }   closedir($handle);   } // end of define purge() //call purge() function and then rmdir() purge($files);   rmdir($dirname); //remove database entry $sql = "DELETE FROM $table_name WHERE vehicle_id = '$_POST[vehicle_id]'"; $result = @mysql_query($sql,$connection) or die(mysql_error()); ?> <html> <head> <title>Vehicle has Been Deleted</title> </head> <body> <h2>Vehicle Deleted</h2> <p> <? echo " The <strong><u><font color=\"blue\">$_POST[vehicle_year] $_POST[vehicle_make] $_POST[vehicle_model] $_POST[vehicle_style]</font></u></strong> being offered at $$_POST[vehicle_price]"; ?> has been deleted from the Database and Website.</p> <p>The directory: <strong><font color="red">/home/***/www/phpcars/<? echo "$uniquedir" ?> </font></strong> and it's contents have been removed from the server.</p> <table width="84%"  border="0" cellspacing="1" cellpadding="1">   <tr>     <th scope="col"><a href="pick_to_delete.php">Delete Another Vehicle</a> </th>     <th scope="col"><a href="insert_form.php">Add A New Vehicle</a></th>     <th scope="col"><a href="show_records.php">Show All Vehicles</a> </th>     <th scope="col"><a href="index.php">Go back to Main Menu </a></th>   </tr> </table> </body> </html>[/code]

[!--quoteo(post=369025:date=Apr 26 2006, 09:54 PM:name=Koen Calliauw)--][div class=\'quotetop\']QUOTE(Koen Calliauw @ Apr 26 2006, 09:54 PM) [snapback]369025[/snapback][/div][div class=\'quotemain\'][!--quotec--] My guess would be the script. Does your script have in-built functionality to move or delete files that exist? [/quote] Yes there are functions to delete the files.... What it is is a car for sale (database holds the data) and pictures stored in the filesystem. The users can delete a car, which removes it from the database and also removes the directory. Deleting cars works flawlessly, but I am wondering if there is a glitch if they do something wrong, like click the "submit" or "delete" button twice, or if there are two people logged in at the same time, both trying to delete the same car???

So ... since all of the files in the upload directory have disappeared twice, would it be because the directory was set to 777 or because there is a problem with the script?

Ok I have cleaned up the code as suggested by USER: rab.... Still haven't gotten to the user directory permissions yet, but here is the code: [code]<?php session_start(); if (! isset($_SESSION['name']) ) {     if (isset($_SESSION['username'])) {         $username = $_SESSION['username'];         $pswd = $_SESSION['pswd'];       }           } else {            $username = stripslashes($_POST['username']);            $pswd = stripslashes($_POST['pswd']);            require_once '../connection.php';            $query = "SELECT * FROM $users_table WHERE username='$username' AND password='$pswd'";            $result = mysql_query($query);            $check_num = mysql_num_rows($result);        if ($check_num > 0) {      while ($row = mysql_fetch_array($result)) {         $user_type = $row['user_type'];     }        } else {                            echo "<b><font color='red'>You need to be logged in to access this area.</font></b><br><br> <a href=\"../index.php\">Login Page</a><br><br>If you attempted to login, this message means that your username and/or password does not match a valid account, please <a href=\"../index.php\">try again</a>.";             exit();             }        $_SESSION['name'] = $name; $_SESSION['username'] = $username; $_SESSION['user_type'] = $user_type; $name = ucfirst($name); $login_result = "Welcome $name<br><br>Please use the menu above"; echo "$login_result";    }        ?>[/code] This code is in the root directory and called session_handler.php In the /sales, /service, and /manager directory, all pages have a header.php file, inside this header file there is an include to ../session_handler.php, so all directories are using the same file and its code as listed above. The problem is that when you switch to a different directory say from /manager to /sales, it seems to kill the session variables, and catches this part of code [code] } else {                            echo "<b><font color='red'>You need to be logged in to access this area.</font></b><br><br> <a href=\"../index.php\">Login Page</a><br><br>If you attempted to login, this message means that your username and/or password does not match a valid account, please <a href=\"../index.php\">try again</a>.";             exit();             } [/code] Which seems to prove that the previous session vars are dead. Is this because when moving to another directory, it recalls the session_handler.php file when the new directory header is loaded and kills them with session_start() ??? Once I can get the session vars to carry over, I will work on the user_type and permissions to each directory...

Chmod'ing the directory after the upload from 777 to 755 is a good idea, but it is not very feasable because the users don't have access to chmod the files and would have to call us all of the time to chmod them. Is there a way to do it with a script to where when they login, the directory gets chmod'd to 777 and when they logout, it gets chmod'd back to 755? I am sure there is a better way. Also if nobody owns the directory and it is 755, nobody will still have write permissions...isn't that a problem? Can't someone easily exploit nobody and get their permission levels?

I know how chmod works, but I am asking about php upload directories as far as what permissions are best... Do you have to have 777 on the directory to allow php scripts running as nobody be able to upload an image/file? Are there more secure permissions that can be set that won't break the upload process?

Does anyone else have any comment or suggestions?

[!--quoteo(post=368588:date=Apr 25 2006, 07:23 PM:name=embsupafly)--][div class=\'quotetop\']QUOTE(embsupafly @ Apr 25 2006, 07:23 PM) [snapback]368588[/snapback][/div][div class=\'quotemain\'][!--quotec--] How do they get in? [/quote] Anyone with a real answer?

Need a bit of help... I have a user login system right now that does work, but what I need it to do is check permission levels based on the user_type pulled from the database. The script is listed below and is contained in each directory such as /manager, /sales, /service. I want service users to only have access to the pages in the /service directory, sales users to only have access to the /sales directory, and managers have access to the /manager, /sales, and /service directory, but sent to the /manager directory after login. Each directory has a copy of this script, not sure if we could just do one and have the 3 directories use the same copy. The script is listed below, but I need assistance to get the user_type feature added for the permissions to the particular directories, again, the code works, but I have not tried to implement the directory permissions yet, right now, everyone gains acccess to all areas. [code] <?php    session_start(); $name = "";    // Has a session been initiated previously?    if (! isset($_SESSION['name']) ) {       // If no previous session, has the user submitted the form?       if (isset($_POST['username'])) {          $username = strip_tags($_POST['username']);          $pswd = strip_tags($_POST['pswd']);          // Connect to the MySQL server and select the database          require_once '../connection.php';          // Look for the user in the users table.          $query = "SELECT * FROM $users_table WHERE username='$username' AND password='$pswd'";          $result = mysql_query($query);          while ($row = mysql_fetch_array($result)) {              $name = $row["username"];              $username = $row["username"];              $user_type = $row["user_type"];             } }             else {             echo "<b><font color='red'>You need to be logged in to access this area.</font></b><br><br> <a href=\"../index.php\">Login Page</a><br><br>If you attempted to login, this message means that your username and/or password does not match a valid account, please <a href=\"../index.php\">try again</a>.";             exit();             }          // If the user was found, assign some session variables.          if (@mysql_num_rows($result) == 1) {             $_SESSION['name'] = "$name";                $_SESSION['username'] = "$username";                $_SESSION['user_type'] = "$user_type";             $name = ucfirst($name);          $login_result = "<b>Welcome $name!</b><br><br>Please use the menu above.";                       }          // If the user has not previously logged in, show the login form          else {                 echo "<b><font color='red'>You must be logged in to access this area.</font></b><br><br> <a href=\"../index.php\">Login Page</a><br><br>If you attempted to login, this message means that your username and/or password does not match a valid account, please <a href=\"../index.php\">try again</a>.";             exit();              }              }              // The user has returned. Offer a welcoming note.       else {          $name = $_SESSION['name'];          $username = $_SESSION['username'];          $name = ucfirst($name);          $login_result = "You are logged in as $name<br>";       } ?> [/code]

[!--quoteo(post=368587:date=Apr 25 2006, 07:18 PM:name=Brandi)--][div class=\'quotetop\']QUOTE(Brandi @ Apr 25 2006, 07:18 PM) [snapback]368587[/snapback][/div][div class=\'quotemain\'][!--quotec--] absolutly! with permissions 777 that means anyone can get in the folder. i've seen scripts on here that allow you to run a hosting site, maybe check that out? [/quote] How do they get in?

Hi, We have PHP running as nobody on the server and have scripts that let users upload pictures to a directory. The directory is located inside the DOC ROOT, is owned by nobody and has permissions of 777 so the upload will work without complaining about permissions. In the past (this has happened twice) we have lost all of the images in the directory, they seem to have "vanished". What I am wondering is, could someone have gotten in their and deleted them maliciously because of the permissions, or is there possibly a bug in the code somewhere? Are there other ways to let php run as nobody and allow the folders to have other permissions?

Let me re-explain: Ok, I have some data stored in session vars that need to be added to a mysql table named wo_lines I have data like this: v_1 = BG-457 pr_1 = 9.99 q_1 = 3 Where v_1 is a product id, pr_1 is the price, and q_1 is the quantity. The 1 indicates that these values are associated with each other and need to be inserted into the same row with each other. I may have from 1 - 10 items to like this, and in some cases none, so we would have v_x, pr_x, q_x up to 10 times with x changing as determined and based upon how many items are selected. I also have other session vars as well that are going into other tables, so we shouldn't explicitly try to do this to ALL session vars, just the ones matching the patterns above.

Thanks, but I am looking for a bit cleaner solution. Anyone else?