Page 1 of 1
Ftp form...
Posted: Sun Jun 22, 2003 5:08 pm
by mikusan
The ftp script itself is no problem, but i have never dealed with the upload a file form itself... i am looking for some guidance... A from in itself would be nice and perhaps an explanation to where can i get the file's directory on the client's machine so that i can set the ftp variables right.
Thanks
Posted: Sun Jun 22, 2003 5:45 pm
by mikusan
Just while i was waiting i thought i mite test out my ftp function itself... i found that i cannot upload the file... i get Warning: ftp_put(): error opening
what could it be..spaces?
Also on the topic another curiosity... i would like to show a bar that tells the user how much of it has been uploaded...
Thanks...
Posted: Sun Jun 22, 2003 10:41 pm
by hedge
the ftp functions can not be used client side, PHP is server side. The only way to get a file from the client is by using a specialzed html form that is then posted to the php script on the server.
Posted: Mon Jun 23, 2003 7:56 am
by mikusan
Then how is that...how do i make that form...
I thought FTP was a way for a website to send a file from the client to the server, i know php is serverside... but ftp is that ability to do so...otherwise what is that field $client_path for ??
Posted: Mon Jun 23, 2003 8:09 am
by hedge
mikusan wrote:Then how is that...how do i make that form...
I thought FTP was a way for a website to send a file from the client to the server, i know php is serverside... but ftp is that ability to do so...otherwise what is that field $client_path for ??
Well no it's not possible, what field $client_path?
here's the link to the php site on uploads
http://www.php.net/manual/en/features.file-upload.php
Posted: Mon Jun 23, 2003 8:27 am
by mikusan
Yes i noticed from another post.... i am looking into... $client_path is a variable that you must specify on ftp_put();
Nevertheless i found what i was looking for this post
Code: Select all
<form enctype="multipart/form-data" action="_URL_" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="30000">
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>
Thanks
Posted: Mon Jun 23, 2003 9:09 am
by m3rajk
fyi, you should go to a book store and look at the orielly books on php. both using and the cookbook talk about issues with letting the user be able to put something in unchecked... specifigcally something like when your upload directory is /var/www/html/uploads/ and they supply ../../../etc/shadow
Posted: Mon Jun 23, 2003 9:17 am
by mikusan
Well i have not been geeting much help on this topic, and i already have a good book thank you very much.
Let's clear something out, first not everyone will be able to do this but only 2 people with a login and password, second, as far as i got with my brain storming/searching the files areuploaded into the /tmp directory first and it's up to your php script to move them
third, when you are uploading you certainly check for mime types, and while you are at it if you want to make it ultra secure you can encript your filetransfers...
But then again why then should the 2 people that i am building the site for who just want to upload .doc files need such things?
Instead why, help me figuring out the basics of file uploading. After which i will deal with the security.