chmod question

[corillo181]

is there a way i can set a chmod to 0777 so a user can read it and them set it back to any other type so no one can read it.

 

so it would be something like this

 

chmod($file,0777);

echo $file;

chmod($file,0600);

[hvle]

i think you've just answered your own question.

[rarebit]

As you've shown, yes. However I assume you'd like more security so that whilst it's being read no-one else can read it. Either use php to read the file and serve it up to them that way. Or use their session id and end time to generate a temporary filename and save a copy with certain permissions, in the header of the file have some code which use's '__FILE__' to check it's own name and therefore can check sess_id and timeout, and if necessary deny and ... hmmm delete itself (i'll have to try that one, think it should be possible!).

 

Also it might be wise to set a cron page which trawls the tempoary directory for such files and deletes when too old...

[corillo181]

i think you've just answered your own question.

 

you sure because i tried it with a song. and i does not place how ever when i remove the hmod after the echo it does work, but the files stays 777.

 

 

[BlueSkyIS]

You might want to try an if (chmod()) to see if it does anything at all. Also:

 

Note: The current user is the user under which PHP runs. It is probably not the same user you use for normal shell or FTP access. The mode can be changed only by user who owns the file on most systems.

 

Note: This function will not work on remote files as the file to be examined must be accessible via the servers filesystem.

 

Note: When safe mode is enabled, PHP checks whether the files or directories you are about to operate on have the same UID (owner) as the script that is being executed. In addition, you cannot set the SUID, SGID and sticky bits.

[corillo181]

i tried a if statment like this one

if(chmod(/path/musicfile.mp3,0777)){
  echo '<embed src="/path/musicfile.mp3"></embed>';
}
if(chmod(/path/musicfile.mp3,0777)){
  chmod(/path/musicfile.mp3,0600);
}

 

th only way this works is if i remove the second if. i thought php runs in a updown order which means what ever is on top will execute first and them the rest.

 

so the first if should execute the song and the second if should turn it back to a 600.

[BlueSkyIS]

hm, not sure. i have had some problems with chmod due to the Notes mentioned above. if I was writing the app, I probably wouldn't direct-link to it anyway. I'd either stream it through (probably slower) or use mod_rewrite to hide it's true location. 1 idea...

[corillo181]

yes thats my ultimate goal to let the user hear the song but not be able to download it and since people look for every weird way. i know because i use to do the same.. i want to get every posibility out of the way.

plus i dont think my host company is going to let me dig up in apache

[hvle]

hi corillo,

first of all, check the owner of the mp3 files, make sure the user that php run is same as owner of the mp3's.

secondly, doing embed do not prevent user from download the mp3 file.