Jump to content

Recommended Posts

I've created a page in a small CMS system that allows our customer to upload images via a php script but when the file gets to the images directory it shows that it's now owned by www instead of the administrative user. The only way to delete the file is to do it from the command line. We aren't able to overwrite the files either. The Add (Insert Record) and Delete pages of the CMS are working just fine.

 

I've contacted our host and their reply was as follows;

 

"This is a known issue with using php. PHP that is built into apache runs as www and so any files created or uploaded through this will also be owned by www.

 

If you use the apache php build then you need also a php script to handle these files - to modify or delete them etc.

 

The alternative to this is to use the php binary at /usr/local/bin/php. You would need of course to modify your scripts to use the binary instead of the apache module but that is fairly standard. It really just depends upon your own needs and how you want to proceed."

 

Server specs

Apache Version 1.3.27

PHP 4.3.4 w/Zend Optimizer v2.1.0

Linux Redhat Version 7.3

MySQL 3.23.57

 

My question is... How do I modify my scripts so that I'm running php binary? I'm using Dreamweaver MX to create these php pages and this is the final stumbling block. I tried adding #!/usr/local/bin/php at the top of my pages but it didn't work. (saw this in another forum and thought I'd give it a try)...all it did was make #!/usr.. show up at the top of the page... I also tried changing the extension of the page to .cgi This made the #!/usr... disappear but the script stopped working also.

 

thanks for any help,

Troy

 

 

Here's the code for the update page..

 

<?php require_once('../Connections/sos.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
 $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

 switch ($theType) {
   case "text":
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
     break;    
   case "long":
   case "int":
     $theValue = ($theValue != "") ? intval($theValue) : "NULL";
     break;
   case "double":
     $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
     break;
   case "date":
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
     break;
   case "defined":
     $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
     break;
 }
 return $theValue;
}

$editFormAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
 $editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
}

if ((isset($HTTP_POST_VARS["MM_update"])) && ($HTTP_POST_VARS["MM_update"] == "form1")) {
 $updateSQL = sprintf("UPDATE closeouts SET title=%s, body=%s, image=%s WHERE id1=%s",
                      GetSQLValueString($HTTP_POST_VARS['title'], "text"),
                      GetSQLValueString($HTTP_POST_VARS['body'], "text"),
                      GetSQLValueString($HTTP_POST_VARS['image'], "text"),
                      GetSQLValueString($HTTP_POST_VARS['id1'], "int"));

 mysql_select_db($database_sos, $sos);
 $Result1 = mysql_query($updateSQL, $sos) or die(mysql_error());

 $updateGoTo = "thanks.html";
 if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
   $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
   $updateGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
 }
 header(sprintf("Location: %s", $updateGoTo));
}

mysql_select_db($database_sos, $sos);
$query_Recordset1 = "SELECT * FROM closeouts";
$Recordset1 = mysql_query($query_Recordset1, $sos) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

// *** Move To Specific Record: declare variables
$MM_rs = &$Recordset1;
$row_MM_rs = &$row_Recordset1;
$MM_rsCount = $totalRows_Recordset1;
$MM_uniqueCol = "id1";
$MM_paramName = "id1";
$MM_paramIsDefined = ($MM_paramName != "" && isset($HTTP_GET_VARS[$MM_paramName]));

// *** Move To Specific Record: handle detail parameter
if ($MM_paramIsDefined && $MM_rsCount != 0) {
 // get the value of the parameter
 $param = $HTTP_GET_VARS[$MM_paramName];
 // find the record with the unique column value equal to the parameter value
 do {
   if ($row_MM_rs[$MM_uniqueCol] == $param) break;
 } while($row_MM_rs = mysql_fetch_assoc($MM_rs));
}
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.