Jump to content

file upload and permissions issue

offsprg01

By offsprg01
in PHP Coding Help

 Share

Recommended Posts

offsprg01 Member

offsprg01

Posted
Posted

so here's my problem, i've finally tracked down the soucre of my inability to access a file uploaded to my server with php's move file function. aparently the sys admin has the server set to not allow access to files that are uploaded. he says i need to write a script to chnage the permission on the fles i upload. problem is i don't have the slightest clue where to start.

 

so can anyone point me to a good tutorial or show my how to set file permissions with php? i'm not to worried about security on this project as the end client as specified not to include security features in the web page code as they are going to be implimenting all security features once we turn the site over to them.

Link to comment
https://forums.phpfreaks.com/topic/40480-file-upload-and-permissions-issue/
Share on other sites
offsprg01 Member

offsprg01

Posted
  • Author
Posted

do i need to provide a url to the location of the file or just the file name? also where would chmod($filename, 0777); go in the following script?

 


// Where the file is going to be placed 
	$target_path = "../images/promo/";
	$filename = basename( $_FILES['uploadedfile']['name']); 
	$_FILES['uploadedfile']['tmp_name'];
//now we save the file location and info in the database
  $startDateComp = $_POST['StartDateYear'] . '-' . $_POST['StartDateMonth'] . '-' . $_POST['StartDateDay'];
  $endDateComp = $_POST['EndDateYear'] . '-' . $_POST['EndDateMonth'] . '-' . $_POST['EndDateDay'];
  $filename = mysql_real_escape_string($filename);
  $startDateComp = mysql_real_escape_string(GetSQLValueString($startDateComp, "date"));
  $endDateComp = mysql_real_escape_string(GetSQLValueString($endDateComp, "date"));
  $default = GetSQLValueString($_POST['Default'], "int");
  $leftRight = GetSQLValueString($_POST['LeftRight'], "int");
  $id = GetSQLValueString($_POST['TITLE'], "int");


/* Add the original filename to our target path.  
Result is "uploads/filename.extension" */
	$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
	$_FILES['uploadedfile']['tmp_name']; 
if(is_uploaded_file($_FILES['uploadedfile']['tmp_name'])){
	if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { 
		chmod($filename, 0777);
	    $uploadNotice = "The file ".  basename( $_FILES['uploadedfile']['name']). " has been uploaded.<br />";
		$insertSQL = "UPDATE PromoImages SET FileName='$filename', StartDate='$startDateComp', EndDate='$endDateComp', `Default`='$default', LeftRight='$leftRight' WHERE ID='$id'";

	} 
	else{
    	$uploadNotice = "There was an error moving the file, previous file still in use!<br />";
		$insertSQL = "UPDATE PromoImages SET StartDate='$startDateComp', EndDate='$endDateComp', `Default`='$default', LeftRight='$leftRight' WHERE ID='$id'";
	}
}
else{
    	$uploadNotice = "You did not upload a file. Previous file will be used.<br />";
	$insertSQL = "UPDATE PromoImages SET StartDate='$startDateComp', EndDate='$endDateComp', `Default`='$default', LeftRight='$leftRight' WHERE ID='$id'";
}

willpower Member

willpower

Posted
Posted

its already in the script....did you put it there?

 

if(is_uploaded_file($_FILES['uploadedfile']['tmp_name'])){

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

chmod($filename, 0777);     $uploadNotice = "The file ".  basename

pixeltrace Advanced Member

pixeltrace

Posted
Posted

i have a related question here.

 

how do i limit the files being uploaded

 

let say i only want jpg, jpeg, gif, doc, or pdf

to be uploaded, otherwise the file will be rejected

 

what is the code for this?

i have a working codes here

but i dont know what codes to add to create a rule on the extension files

$target_path = '../../uploads/';
$target_path = $target_path . basename($_FILES['resume']['name']);

if(move_uploaded_file($_FILES['resume']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['resume']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}

 

 

need help on this please.

 

thanks!

redarrow Advanced Member

redarrow

Posted
Posted

$_FILES['userfile']['type']

 

The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.

 

 


<?php
$mime=array("jpeg","pdf");

foreach($mime as $x){

if($_FILES['userfile']['type']==$x){

//upload

}else{

//dont

}
  }
?>

 

Please read the manual ok.

 

http://uk.php.net/features.file-upload

offsprg01 Member

offsprg01

Posted
  • Author
Posted

well i solved my issue i just needed to add the path to the file :doh: now chmod works fine.

 

so it's chmod (../somepath/somefile.jpg , 0777);

 

where as i was thinking it was magic and just needed chmod(somefile.jpg , 0777);

 

ah if only we had magic code that knew exaclty what we wnated it to do. then life you be grand. AND WE'D HAVE NO MORE MISSING SEMI COLONS!

 

...semi-colons are the bane of my existance. :(

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.