Page 1 of 2
FTP login via PHP
Posted: Tue May 03, 2005 2:47 pm
by MadsC
Hi.
I have not been able to find any examples on this, so I hope one of you can help.
I'm looking for a way to "post" a username & password contained in PHP-variables to a ftp-adress, thus sending the user to the ftp-folder without the password being revealed.
I do not have access to CURL-functions, so I think I would need "fsockopen".
Can anyone help me out, here?
Thanks, in advance.
Mads Christensen, DK
Posted: Tue May 03, 2005 2:58 pm
by shiznatix
you want the user to just be able to view the part of your ftp or do you want the user to be able to modify everything in that part of the ftp?
maybe try doing ftp_connect() and whatnot but what is your exact mission here?
Posted: Tue May 03, 2005 4:08 pm
by timvw
here is a little snippet of a script that i use
Code: Select all
// make sure we have time enough to execute this script - 20 * 60 seconds
set_time_limit(1200);
// get the fileslist that we have downloaded already
$local = filesInDirectory($local_path);
// get the fileslist available on the ftp server
$ftp = ftp_connect($settings['ftp_host']);
ftp_login($ftp, $settings['ftp_user'], $settings['ftp_pass']);
$remote = ftp_nlist($ftp, ".");
// get the remote files we don't have locally
foreach($remote as $file)
{
if (!in_array($file, $local))
{
// we don't have the file, thus download it
ftp_get($ftp, $local_path . $file, $file, FTP_BINARY);
...
}
}
Posted: Tue May 03, 2005 4:17 pm
by MadsC
I am creating a system where different users have their own individual folders which they can gain access to via FTP.
There are more features in the system so under all circumstances the user has already logged in to a site where he has access to the different features.
Therefore, I think it would be userfriendly if the user could access his FTP-folder by clicking a link. I could, of course, make the link
ftp://user:pass@ftp.host.dk - I wish, however, that his password is not revealed at any time.
The user should have access to his folder with all opportunites of reading, writing and executing.
That is basically what I want to do. I will now see if the function you mentioned is what I need. Thank you for your quick reply, your help is appreciated.
Mads
Posted: Tue May 03, 2005 4:21 pm
by MadsC
Oh, I was writing my previous post same time as you wrote, timvm - I will just try out your script - thanks.
Posted: Tue May 03, 2005 4:31 pm
by MadsC
timvw > I cannot use your script due to restrictions on the server:
Warning: set_time_limit(): Cannot set time limit in safe mode
Fatal error: Call to undefined function: filesindirectory()
Posted: Tue May 03, 2005 4:45 pm
by timvw
MadsC wrote:
Warning: set_time_limit(): Cannot set time limit in safe mode
Just comment that out and pray your script doesn't require more than 30 seconds or so...
MadsC wrote:
Fatal error: Call to undefined function: filesindirectory()
Well, you could write your own using the
glob function. I could post the function in this forum, but it seems useless, because it performs some soap requests...
Posted: Tue May 03, 2005 5:23 pm
by MadsC
Okay. But since I have no knowledge on that area, at first I would like to know if it is what I need. To me it looks like a script that downloads a row of files, but I just want to link to the ftp-folder.
Formerly, I had an upload-system with a view over the user's files. FTP is better, I think, since you control the same way as in ordinary folders and you can handle multiple files. Furthermore, filesizes are not restricted by the browser's timelimit when uploading.
Posted: Tue May 03, 2005 8:56 pm
by John Cartwright
Furthermore, filesizes are not restricted by the browser's timelimit when uploading.
You are however limited to PHP's maximum execution time. And did you even read the manual on glob? They have several useful snipplets that do exactly what you need done.
Posted: Wed May 04, 2005 5:07 am
by timvw
I don't think the OP needs the FTP functions....
If i understand well, he needs a filemanager that works on the webserver. So, if he uses that, he is bound to the limitations of php etc...
If provides ftp access, he should give his users access rights to do this. And the users would need an ftp client. Well, he could write an ftp client in php (or search one, there are some nice out there) but that would restrict him again to the limitations of php etc...
Posted: Wed May 04, 2005 6:58 am
by MadsC
As far as I understand "glob", the use of it is for opening folders, returning and handling the files within - through PHP.
But as you say, tim - PHP restricts the handling of the files.
So therefore it would be optimal with FTP.
What I want PHP to do is merely to link to the FTP-location:
If I go to
ftp://user@host.dk a dialog will request my password before I access the folder. But since the session already contains this password, it would be great if PHP posted or somehow enclosed the password to the FTP-location, so the password request is not needed.
If provides ftp access, he should give his users access rights to do this. And the users would need an ftp client. Well, he could write an ftp client in php (or search one, there are some nice out there) but that would restrict him again to the limitations of php etc...
> If the user is referred to the ftp://... -location, does he then need a FTP-client. Normally, don't the browser just view the folder as a local folder?
If I am completly off the track, please tell me.
Posted: Wed May 04, 2005 7:28 am
by timvw
MadsC wrote:
> If the user is referred to the ftp://... -location, does he then need a FTP-client. Normally, don't the browser just view the folder as a local folder?
That is because most browsers have a built-in ftp functionality.
If you know the password, you could redirect them like:
Code: Select all
header("Location: ftp://{$user}:{$password}@server/{$user}");
But i think more recent browsers will pop-up a warning dialog, because you can easily spoof url's with this technique... (I just tested, and it appears firefox doesn't like the password anymore

)
Posted: Wed May 04, 2005 7:53 am
by MadsC
Yes...
As I mentioned in my former post, I will not use the ftp://user:pass-thing, since I do not want the password to be revealed at any time.
I just wondered if somebody here knew a way to send the password by posting it or something, but maybe it isn't possible.
Thanks for your interrest, anyways.
Posted: Wed May 04, 2005 7:57 am
by phpScott
as tim just suggested
the header() is a php thing done on the server side.
so when the user clicks on the link to see their ftp folder the page submits and then redirets using the header();
they won't see it.
Posted: Wed May 04, 2005 8:21 am
by MadsC
Ah, oh yeah - but the "spoof" thing?