Hi,

I have been using php upload and asp upload for about a year now. Previously to enable the upload into the desired folder I have had to get my isp to enable anonymous write permissions on the upload folder. I am rethinking server security issues and do not want to do this anymore. Is there a way of using php upload but at the same time specify that you wish to use a specifically set up user acocunt to ftp the files to the desired folder?

I have checked the php manual site and am testing the ftp functions, but so far none are working. I suspect that my ISP needs to add the ftp module and enable it in the php.ini file.

Can anyone help out or point me in the direction of some resources? Or maybe I'm making this more complicated than it needs to be...?

Thanks in Advance

Euan

Edited by - euangreen on 09 Feb 2004 13:11:19

Well it's taken me a while but I think I'm home and dry.

If you do not want to have anonymous write permissions enabled on your 'upload' directory you can upload using ftp_out (php module, but may not be installed by default)

The basic code consists of two parts, the form and the upload page:

here's the form:

<code> <form enctype="multipart/form-data" action="upload.php" method="post"><br>
<input type="hidden" name="MAX_FILE_SIZE" value="30000" /><br>
Send this file: <input name="userfile" type="file" /><br>
<input type="submit" value="Send File" /><br>
</form&gt</code>
And here's the code you would have in your upload.php page:

<pre id=code><font face=courier size=2 id=code> &lt;?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES. In PHP versions earlier than 4.0.3, use copy() and
// is_uploaded_file() instead of move_uploaded_file.
$ftp_server = "hostname";
$ftp_user = "username";
$ftp_pass = "password";

// set up a connection or die
$conn_id = ftp_connect($ftp_server) or die("Couldn't connect to $ftp_server";

// try to login
if (@ftp_login($conn_id, $ftp_user, $ftp_pass)) {
echo "Connected as $ftp_user@$ftp_server\n";
} else {
echo "Couldn't connect as $ftp_user\n";
}

$remote_file = $_FILES['userfile']['name'];;
//I used these for debugging
echo $_FILES['userfile']['name'];
echo "&lt;br&gt;";
echo $_FILES['userfile']['type'];
echo "&lt;br&gt;";
echo $_FILES['userfile']['size'];
echo "&lt;br&gt;";
echo $_FILES['userfile']['tmp_name'];
echo "&lt;br&gt;";
echo $_FILES['userfile']['error'];
echo "&lt;br&gt;";

//v important this one as you have to use the tmp_file created for the actual upload
$file = $_FILES['userfile']['tmp_name'];
if (ftp_put($conn_id, $remote_file, $file, FTP_ASCII)) {
echo "successfully uploaded $file\n";
} else {
echo "There was a problem while uploading $file\n";
}

// close the connection
ftp_close($conn_id);
?&gt;
</font id=code></pre id=code>

It's not hugely pretty but it has solved my problem. Next step I suppuse would be to modify the file once you have uploaded and integrate it somehow into PHP UPload. I'll look at that if I have time.

George, if you're looking is this something you think is worthwhile putting into PHPUpload?

<img src=../images/dmxzone/forum/icon_smile_big.gif border=0 align=middle>

Euan

nb: I am doing this because as far as I am aware there is no way of having the uploaded folder you use for phpupload (or aspupload) set to permissions other than write all. If there is a way then I would gladly look at any laternative someone can suggest. Also most of this code was taken from uk.php.net/features.file-upload

Interesting, I used a much simpler approach for PHP uploads.
Set the folder permission CHMOD 0777 / upload the file and then set it / CHMOD 0755.

I can't find a solution for ASP uploads, I don't like leaving my folders open for bots and spammers alike.

Cheers


[DWMX 2004]|[DWMX 8]|[DW CS3]|[MySQL]|[SQL]|[Access ]|[ASP/VBScript]|[PHP]|[XP-Pro]

<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
Well it's taken me a while but I think I'm home and dry.

If you do not want to have anonymous write permissions enabled on your 'upload' directory you can upload using ftp_out (php module, but may not be installed by default)

The basic code consists of two parts, the form and the upload page:

here's the form:

&lt;code&gt; &lt;form enctype="multipart/form-data" action="upload.php" method="post"&gt;&lt;br&gt;
&lt;input type="hidden" name="MAX_FILE_SIZE" value="30000" /&gt;&lt;br&gt;
Send this file: &lt;input name="userfile" type="file" /&gt;&lt;br&gt;
&lt;input type="submit" value="Send File" /&gt;&lt;br&gt;
&lt;/form&gt;&lt;/code&gt;
And here's the code you would have in your upload.php page:

<pre id=code><font face=courier size=2 id=code> &lt;?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES. In PHP versions earlier than 4.0.3, use copy() and
// is_uploaded_file() instead of move_uploaded_file.
$ftp_server = "hostname";
$ftp_user = "username";
$ftp_pass = "password";

// set up a connection or die
$conn_id = ftp_connect($ftp_server) or die("Couldn't connect to $ftp_server";

// try to login
if (@ftp_login($conn_id, $ftp_user, $ftp_pass)) {
echo "Connected as $ftp_user@$ftp_server\n";
} else {
echo "Couldn't connect as $ftp_user\n";
}

$remote_file = $_FILES['userfile']['name'];;
//I used these for debugging
echo $_FILES['userfile']['name'];
echo "&lt;br&gt;";
echo $_FILES['userfile']['type'];
echo "&lt;br&gt;";
echo $_FILES['userfile']['size'];
echo "&lt;br&gt;";
echo $_FILES['userfile']['tmp_name'];
echo "&lt;br&gt;";
echo $_FILES['userfile']['error'];
echo "&lt;br&gt;";

//v important this one as you have to use the tmp_file created for the actual upload
$file = $_FILES['userfile']['tmp_name'];
if (ftp_put($conn_id, $remote_file, $file, FTP_ASCII)) {
echo "successfully uploaded $file\n";
} else {
echo "There was a problem while uploading $file\n";
}

// close the connection
ftp_close($conn_id);
?&gt;
</font id=code></pre id=code>

It's not hugely pretty but it has solved my problem. Next step I suppuse would be to modify the file once you have uploaded and integrate it somehow into PHP UPload. I'll look at that if I have time.

George, if you're looking is this something you think is worthwhile putting into PHPUpload?

<img src=../images/dmxzone/forum/icon_smile_big.gif border=0 align=middle>

Euan

nb: I am doing this because as far as I am aware there is no way of having the uploaded folder you use for phpupload (or aspupload) set to permissions other than write all. If there is a way then I would gladly look at any laternative someone can suggest. Also most of this code was taken from uk.php.net/features.file-upload
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>

i tried with the above code but the error displayed is cannot connect to the site]

Some hosts support suPHP, <i>much better</i> cause it allows the user to leave the folders and files protected.
I managed to find an ASP version, I posted the link in one of these forums?

Cheers