kratsg Posted August 6, 2009 Share Posted August 6, 2009 So, this keeps going to a dead end through google, so I'd figure I would try here. I have a script that is able to upload images into a specific folder. It uploads the images with the permission 644. Using cPanel File Manager's system, we're able to view these image files. What I can't seem to figure out is who are the Users, Groups of each file that gets uploaded via a PHP script? The folder the images are contained in has no read permissions (but has execute permissions for all 3). (a) Do we need execute permissions for all 3 [users, Groups, World] in order for anyone to view the images on our site? (b) What write permissions do we need? (IE: the script is the one uploading these image files, so would it be safe to assume that it is the same user as the cPanel account?) Link to comment https://forums.phpfreaks.com/topic/169040-php-upload-image-scripts-permissions-of-users-groups-worlds/ Share on other sites More sharing options...
kratsg Posted August 6, 2009 Author Share Posted August 6, 2009 Update: So, for example: An image added via the upload script has the following: User ID: 32024 Group ID: 32026 An image added via the upload script also has the following: User ID: 99 Group ID: 99 Link to comment https://forums.phpfreaks.com/topic/169040-php-upload-image-scripts-permissions-of-users-groups-worlds/#findComment-891888 Share on other sites More sharing options...
Mardoxx Posted August 6, 2009 Share Posted August 6, 2009 I'm guessing 99 is apache or WWW (webserver user account) and the user group 32024 is _your_ account - the one you use when accessing FTP/SSH/cPanel etc Link to comment https://forums.phpfreaks.com/topic/169040-php-upload-image-scripts-permissions-of-users-groups-worlds/#findComment-891890 Share on other sites More sharing options...
kratsg Posted August 6, 2009 Author Share Posted August 6, 2009 Ok, so I used <?php echo "User ID: "; print_r(posix_getpwuid(fileowner($_GET['img']))); echo "<br>Group ID: "; print_r(posix_getgrgid(filegroup($_GET['img']))); ?> To check out the images. It gave me information about owner and such. http://us3.php.net/manual/en/function.posix-getpwuid.php http://us3.php.net/manual/en/function.posix-getgrgid.php So, apparently, the 99/99 relate to nobody/Nobody. The other one has 32024/32026 related to "admin"/"admin_group". Now, I assume because I log on the cPanel with the username "admin" that it would imply that these two users are the one and the same. I need a way of confirming this. Second, I should be able to convert ownership of uploaded files using chown (and probably group ownership as well) which covers that part. Third, what category of permissions does a PHP script fall under (Users, Groups, World) when you're either adding files to a folder or editing files in a folder and such through that script? Is there a way to find this out?Edit: So I found out using get_current_user(); that the script's ownerships are the same as the 32024/32026 mentioned above. So since the user alone could be this script, Why would I need the group permissions if there is only the one user?Edit 2: the current process owner is actually 99/99 (not the owner of the script as I found above). I need to either change this process owner or insert code in the script to change the ownership of all files it uploads. Finally, what is the point of having Users/Groups permissions? Like, let's say we have someone who handles uploading all the images into correct folders and such but these images are viewed on the website using html img tags, doesn't that mean we just need the folder to have "World Execute" and the images to have "World Read" permissions? Link to comment https://forums.phpfreaks.com/topic/169040-php-upload-image-scripts-permissions-of-users-groups-worlds/#findComment-891897 Share on other sites More sharing options...
cunoodle2 Posted August 6, 2009 Share Posted August 6, 2009 Do you care to post the script that you are using for your image upload? Link to comment https://forums.phpfreaks.com/topic/169040-php-upload-image-scripts-permissions-of-users-groups-worlds/#findComment-891905 Share on other sites More sharing options...
kratsg Posted August 6, 2009 Author Share Posted August 6, 2009 Sure, this is still in the rough stages, but I just wanted to get a lot of the permissions fixed so that there aren't any problems in the future. The script works perfectly honestly, and I'm gonna update it in more security to verify these are images by checking the extension, using the imggetfile (whatever it is), etc... <?php if (!$_POST['fuse_action']) $fuse_action = $_GET['fuse_action']; else $fuse_action = $_POST['fuse_action']; switch ($_GET['fuse_action']) { default : show_error('Error', "Invalid Module."); break; case 1012 : if ($_POST["action"] == "Upload Image") { unset ($imagename); if (!isset ($_FILES) && isset ($HTTP_POST_FILES)) $_FILES = $HTTP_POST_FILES; if (!isset ($_FILES['image_file'])) $error["image_file"] = "An image was not found."; $imagename = basename($_FILES['image_file']['name']); if (empty ($imagename)) $error["imagename"] = "The name of the image was not found."; $imagename = ReplaceBadFilenameChars($imagename); if (IsValidFileType($imagename)) { $newimage = $_SERVER['DOCUMENT_ROOT']."/images/uploaded/".$imagename; if (file_exists($newimage)) $error["exists"] = "The file currently exists on the server."; if (empty ($error)) { $result = move_uploaded_file($_FILES['image_file']['tmp_name'], $newimage); if (empty ($result)) $error["result"] = "There was an error moving the uploaded file."; } } else $error['filetype'] = "The file extension was not valid."; } ?> <form method="POST" enctype="multipart/form-data" name="image_upload_form" action="<?$_SERVER["PHP_SELF"];?>"> <p><input type="file" name="image_file" size="20"></p> <p><input type="submit" value="Upload Image" name="action"></p> </form> <? echo "<center>"; if (is_array($error)) { while (list ($key, $val) = each($error)) { echo $val; echo "<br>\n"; } } else { if ($_POST) { echo "Upload was successful"; } } echo "</center>"; break; } /** * Remove unusual characters * @param string $oldName original filename submitted by the * user * @return string modified filename with characters replaced * @since 2009-6-29 */ function ReplaceBadFilenameChars($oldName) { if (get_magic_quotes_gpc()) $oldName = stripslashes($oldName); return strtr($oldName, array ( ' ' => '_', '&' => 'and', '+' => 'plus', '\'' => '_', '"' => '_', '<' => '_', '>' => '_', '$' => '_', '!' => '_', '*' => '_', '(' => '-', ')' => '-' )); } /** * Check if the new file has a valid extension * * @param string $filename name of new file * @return boolean if valid or not * @since 2009-6-29 */ function IsValidFileType($filename) { $ext = strtolower(strrchr($filename, '.')); if ('.jpg' == $ext) return true; elseif ('.gif' == $ext) return true; elseif ('.png' == $ext) return true; return false; } ?> Link to comment https://forums.phpfreaks.com/topic/169040-php-upload-image-scripts-permissions-of-users-groups-worlds/#findComment-891907 Share on other sites More sharing options...
kratsg Posted August 6, 2009 Author Share Posted August 6, 2009 Is nobody able to help with this? Really? Link to comment https://forums.phpfreaks.com/topic/169040-php-upload-image-scripts-permissions-of-users-groups-worlds/#findComment-892194 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.