Help with CHMOD in PHP Script

[derekbelcher]

I am in desperate need of assistance with an inherited script from a "no-longer-works-with-me" website desiger.  Long story short, my web developer left for another job and I have a script that a client is having trouble with.  This script allows the admin to upload a new member's name, title, and picture.  The picture is inserted into a file on the server.  The problem is that the file is inserted with a default permission of 600 which does not allow the pic to be viewed on the public facing website or the admin page.  I have read that chmod may be my answer, but am not a programmer by any means and have no idea where to implement this fix.

 

I have attached the code as a .txt file - its the full code that resides on this page.  Any help is greatly appreciated.

code.txt

[.josh]

We're here to help teach you things and help you when you are coding and get stuck. We aren't really here to do the work for you. I suggest you post in the freelance forum or on some freelance site (IOW offer up some money) if you aren't looking to get your hands dirty.

[netaneledri]

Hey ,

I fixed the code for you and add chmod command to the final uploaded file to 777 (need it to view and delete picture from server).

The fixed code can be found here : http://pastebin.com/5dqJ2m4F

[derekbelcher]

Thank you netaneledri!  I appreciate you bailing me out here.  We are working out an agreement with a new tech firm to manage this stuff, but I had a client in need in the interim.  Total Lifesaver.  I had a feeling it was something small, but just don't know how to read the code.  Thanks again!

[Ch0cu3r]

I would not recommend chmod 777 as  solution. This value gives everyone read and write permissions. I am inexpedience with linux file permissions but I know this value should never be used, especially for files on a webserver.

[netaneledri]

Thank you netaneledri!  I appreciate you bailing me out here.  We are working out an agreement with a new tech firm to manage this stuff, but I had a client in need in the interim.  Total Lifesaver.  I had a feeling it was something small, but just don't know how to read the code.  Thanks again!

 

No problem , thats was just 2 lines of code.

If you looking for expert web developer to work with you , contact me on private message.

[netaneledri]

I would not recommend chmod 777 as  solution. This value gives everyone read and write permissions. I am inexpedience with linux file permissions but I know this value should never be used, especially for files on a webserver.

Thats not a problem because its local permission on the server , only one with access can do something with that.

This permission give the option to view , edit and delete the file what fits the needs.

[DavidAM]

Thats not a problem because its local permission on the server , only one with access can do something with that.

This permission give the option to view , edit and delete the file what fits the needs.

777 is "world writable", which means anyone who can logon to the server can read or write the file. This setting is NOT recommended even on private servers, because it means any user you now have or add in the future has full access to the file. It is NOT Best Practice.

 

Since the issue was viewing the file, the web-server already has write access to the directory. To be able to view the file, you only need to set the READ flag, so 444 (on the file) would allow the world to read it. You do NOT need write permission on a file in order to DELETE it -- deleting a file is a WRITE to the directory. Since we are talking about images here, unless you are planning to modify the uploaded file, no one needs write access to it; and since it is not a program, no one needs EXECUTE access.

 

Uploaded files are going to be owned by the effective userid of the web-server, NOT the site owner/administrator (usually). Since any website access to the file will use that same userid, you could go with 400 on the file, if you want to be strict.