Jump to content

777 dir file write problem

Pyrozz

By Pyrozz
in PHP Coding Help

 Share

Recommended Posts

Pyrozz Newbie

Pyrozz

Posted
Posted

I've been using php for quite a while, but recently I was hacked. ):  The thing is, I had a folder set to 777, because this was the only way I could save images and files into it with php. I had a script that made a security image for registering and it saved it into this directory, but I guess this hacker from turkey found out and put his own php files in there, and the rest doesn't need explaining.  But I need to know how to save files in a directory without the directory's permission's being set to 777.

Link to comment
https://forums.phpfreaks.com/topic/128921-777-dir-file-write-problem/
Share on other sites
Pyrozz Newbie

Pyrozz

Posted
  • Author
Posted

But then I wouldn't be able to display the pictures. I'm not just storing files, I need them to be public, but I want only the php scripts that I write to be able to write files in the directory.

 

Or can I grab the files from the root directory and output them by request via php script?

MadTechie Regular Member

MadTechie

Posted
Posted

You could have a script to load up the images ie

 

<?php
header('Content-Type: image/jpeg');
$img = imagecreatefromjpeg("/private/images/".$_GET['jpg']);
imagejpeg($img);
imagedestroy($img);
?>

 

however you should check the files before uploading them..

 

Pyrozz Newbie

Pyrozz

Posted
  • Author
Posted

But then I wouldn't be able to display the pictures. I'm not just storing files, I need them to be public, but I want only the php scripts that I write to be able to write files in the directory.

 

Or can I grab the files from the root directory and output them by request via php script?

Pyrozz Newbie

Pyrozz

Posted
  • Author
Posted

Just a follow up...

 

I used your advice, this works great, I am surprised I did not do this before (I'm such a noob).

 

But I did a little research, and to avoid opening unwanted images, I actually just outputted the 64base encoding into the HTML.

So something like this:

$outfile= "File location on a 777 dir out of public view";
imagegif($im,$outfile); //$im is the image that I rendered in the script
imagedestroy($im);
$ff = fopen($outfile,"rb",0); //So I open the file I just made
echo "<IMG border=0 SRC=\"data:image/gif;base64,
".chunk_split(base64_encode(fread($ff,filesize($outfile))))."\" name=secimg>";

and then this outputs something like:

<IMG border=0 SRC="data:image/gif;base64,
R0lGODdhcwAYAOMAAAAAAIAAAIAAAKBgYIgYGKh4eLioqICAgMDAwJAwMJhISLCQkAAA//8A/wD/
/////ywAAAAAcwAYAAAE/hDISau9OOvNu99HKI5kaZ5oqq5se0pHgMwyPSM1fuf87ttAXbA3/AmP
RKSReIApi9CnNEldWqNVrK8JOGi/02sYnB2beVwv2VAwlN9iODlOn6XlOMJgKiAQAgkKCgEFWAYL
SIhuPwtZCXhyaWczjwQGUwYGA4QFBTwLCUgCQIMznjsLljIGj6gKk3OSZwYEOK9hA5tLlkIChDaq
M6UIbog6Ba00l1Odi2SyZ7cBy1S5zDTIjTu1OgalBNo2A6WgVQV/CgSnYHd1ybpYhU/rOIV/pj0F
m/I9CpsKiKgkCIigViQncAzOuAdl2BNfC2UUKJWrBwGHPRLAm2IsAC84y7LeJOgUIF0yJQOrpFzw
SobBgUgUhKqiLkujARMhQcsySNA+cAIJDplYj4aCQqNslCNK5WiYi4AUsoORMJHURFhqMcxTbkeC
S4CEItkzRRrMg12iDRn5ZGu1ljv8dTsJCEq4Jxt/TQp5BeO2IsGgDBDAzxRhGmfjFqFlbh3dODut
XH2TtEoqIsP80ujoo5DKR4JgIWg3p7RoOc5OI9AHyQ7COqpNt5YNuwdf2rhj656NJHJu3sBrC4+S
xoXx48iTKzfxobnz59Cjb4gAADs=
" name=secimg>

 

 

And ta-da, now nobody even knows where those security images are being saved.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.