Jump to content

Unable to upload a file in the remote folder on server in Win SCP

Sandeep590

By Sandeep590
in PHP Coding Help

 Share

Recommended Posts

Sandeep590 Member

Sandeep590

Posted
Posted

Good Evening Folks,

 

Issue :  Uploading a file works in local folder ..but not in the remote folder which is on server in WIN SCP..

 

Description :  I have set all the permissions of the folder checked .. However , I don't see the file to be uploaded in the intended path .

 

 

This is path where the file needs to be uploaded :    home/int/libscrip/html/webtest/helpdesk/uploads

 

 

The code which was written in the PHP file regarding the destination path is as shown below.

 

$my_path = "tmp/";

$my_destinationpath = "uploads/";

 

if(!file_exists($my_path))

mkdir($my_path,0777,true);

if(!file_exists($my_destinationpath)

mkdir($my_destinationpath,0777,TRUE);

 

Note :  The folder and the file in which the code was written resides in the same folder due to which the above PHP variable was set as "tmp/".. (  Kindly assist me if this is correct practice to specify a folder on remote server)..

 

However , Iam not posting the code related to upload as the code works fine on local without any issues.

 

Unfortunately, this upload functionality is not working on remote server which needs to be solved.

 

 

Your help is greatly appreciated !!!!

 

 

 

 

Jacques1 Prolific Member

Jacques1

Posted
Posted (edited)

The way you handle your server is suicidal.

 

If you've actually allowed PHP to create arbitrary files/directories within your application folder (as indicated by the mkdir() calls), that means your application may be manipulated at any time. The same permissions you use to create your upload folder may be used by an attacker to, for example, inject malware. You don't want this. The entire application must be read-only for the webserver, and you have to create the folders manually.

 

Using 777 permissions is also insane, even if that was just a desparate attempt of fixing the problem. Permissions must always be minimal. In your case, only the webserver needs execute and write permissions on the upload and tmp directory. So assign the directories to the webserver and then set the permissions to “300”. Read permissions are not required, unless you want the webserver to list the directory content. And other accounts don't need any permissions at all.

 

Last but not least, don't use relative paths, because you never know what they're relative to. If you want to reference a directory next to the current script, use

const UPLOAD_DIR = __DIR__.'/uploads';
const TMP_DIR = __DIR__.'/tmp';
Edited by Jacques1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.