Page 1 of 1

Uploaded file permissions

Posted: Thu Jan 06, 2005 9:14 pm
by evilmonkey
Hello.

Wow, been a while since I asked a PHP question. :lol: Alright, I have a slight annoyance. I worte a script to upload files (images to be exact), but the problem is, I cannot go into the FTP and delete them, permission denied. Nor can I delete them throught Cpanel's file manager, also permission denied. The only way to get rid of that file is to write another php script that would delete it, that works. While I plan to write such script, a plan B is never a bad idea, so how can I fix the problem? Below is my code (I'm uploading 6 pictures at a time and the field nmaes are pic1, pic2, pic3, pic4, and pic5, hence the 'for' loop and $_FILES['pic'.$i]. I love variable variables and variable keys :D).

Code: Select all

if ($_POST['process'] == "upload_pics"){
	$pic1 = $_POST['pic1'];
	$pic2 = $_POST['pic2'];
	$pic3 = $_POST['pic3'];
	$pic4 = $_POST['pic4'];
	$pic5 = $_POST['pic5'];
	$album = $_POST['album'];
	$pull_album_info = mysql_query("SELECT `name` FROM `pic_albums` WHERE id = $album", $db);
	$album_info = mysql_fetch_assoc($pull_album_info);
	$album_name = $album_info['name'];
	$date = date("Y-m-d");
	for ($i=0; $i<=5; $i++){
		if ($_FILES['pic'.$i]['name']!=""){ //if there was input 
			$info = @getimagesize($_FILES['pic'.$i]['tmp_name']);
			if ($info[2]==2) {
				if (move_uploaded_file($_FILES['pic'.$i]['tmp_name'], "../pics/".$album_name."/".$_FILES['pic'.$i]['name'])){
					mysql_query("INSERT INTO `pictures` (`url`, `album`, `date`) VALUES ('../pics/".$album_name."/".$_FILES['pic'.$i]['name']."', ".$album.",".$date.")", $db) or die (mysql_error());
				}
				else { die("Cannot upload file"); }
				
			}
			else{
				die ("ALL PICS MUST BE .JPG or .JPEG! Please go back and fix it");
			}
		}
	}
	echo "Pictures uploaded! You are bieng redirected to the admin homepage";
	echo '<meta http-equiv="refresh" content="3;index.php">';
}
Thank you! :D

Posted: Thu Jan 06, 2005 9:21 pm
by feyd
well since the user that runs php owns the files, you might be able to chown them to your user.. but this makes it impossible for the script to delete them probably. What about chgrp? Is your user and the php process user under the same group? If so, that's the route. Last resort is to try chmod.. If that doesn't work, then I'd say you might want to change the method of the files being stored to ftp'ing the files in. That way, your user is their owner.

Posted: Thu Jan 06, 2005 9:23 pm
by markl999
I agree with Feyd, chmod sounds like the only option as chown can only be run with root permissions.

Posted: Sun Jan 09, 2005 12:40 pm
by evilmonkey
Thanks, I'll give it a shot and shout back. :D