I tried a basic upload script, much like the one found on the php.net website, but I discovered that I don't have permission to make any upload thru the page. As I have FTP access, I thought I could trik the server and upload files thru FTP from the page. What do you think, could it work? What are the diferences between an upload with move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) and one thru ftp_fput()? Is it less secure, slower, or why people don't use it that much?
Thanks,
Andrei
upload or ftp post?
Moderator: General Moderators
-
andrei.mita
- Forum Commoner
- Posts: 65
- Joined: Sun May 08, 2005 4:06 am
- Location: Barlad/Romania
Well, using $_FILES and those functions (move_uploaded_file() to name one) makes it possible to visit a remote website and upload files using for example a form.
But by using the ftp functions you need the files stored on another location, thus sending the files from A to B (ie. locally to remote host).
Basicly completely different things.
But by using the ftp functions you need the files stored on another location, thus sending the files from A to B (ie. locally to remote host).
Basicly completely different things.
-
andrei.mita
- Forum Commoner
- Posts: 65
- Joined: Sun May 08, 2005 4:06 am
- Location: Barlad/Romania
You create a form, that is supposed to send file "foo.txt" to the server. The user selects that file using an input type="file" form element. The file is then sendt to a temporary storage on the server when the user press the submit button. (At this point it can be retrieved by using the $_FILES superglobals.)
The file is now stored in a "temporary" space on the server (hence the $_FILES['userfile']['tmp_name'] superglobal). I might be way off, but I can't see the possability on how to use ftp functions with this "non-existing" file.
FTP are mainly used to ship files/data from point A to B, but in this case the file/data is allready somewhat stored on place B, hence you shouldn't be able to send it again. The form on the webpage itself has allready taken care of this part....
You could however send the files from your local server to the host server using ftp... But thats truly a real A -> B transfer.
The file is now stored in a "temporary" space on the server (hence the $_FILES['userfile']['tmp_name'] superglobal). I might be way off, but I can't see the possability on how to use ftp functions with this "non-existing" file.
FTP are mainly used to ship files/data from point A to B, but in this case the file/data is allready somewhat stored on place B, hence you shouldn't be able to send it again. The form on the webpage itself has allready taken care of this part....
You could however send the files from your local server to the host server using ftp... But thats truly a real A -> B transfer.
-
andrei.mita
- Forum Commoner
- Posts: 65
- Joined: Sun May 08, 2005 4:06 am
- Location: Barlad/Romania
now i understand what you said and that's exactly why i asked in the first place. i don't have permision to upload files, better yet to use the move_uploaded_file function but i have ftp permision. I thought I could trick the server by using instead of move_uploaded_files the ftp_put one and it worked. so here is the code:FTP are mainly used to ship files/data from point A to B, but in this case the file/data is allready somewhat stored on place B, hence you shouldn't be able to send it again. The form on the webpage itself has allready taken care of this part....
Code: Select all
<?php
$server = "server";
$user = "user";
$pass = "pasword";
$nume_fisier = $_FILES['userfile']['name'];
$sursa = $_FILES['userfile']['tmp_name'];
$destinatie = "/pics/".$nume;
$connect = ftp_connect($ftp_server);
$login = ftp_login($connect, $user, $pass);
if ((!$connect) || (!$login))
{
echo "Not working";
die();
}
$upload = ftp_put($connect, $destinatie, $sursa, FTP_BINARY);
if (!$upload)
{
echo "Conmected but not uploaded!";
}
ftp_close($connect);
?>what do you thnik?
Yah, I thought more on the issue after I posted, and all the relevant info is there to be used (the binary etc.) so it should work afterall, but I'm to late to edit my post...
I personally would not use ftp as a workaround for this, rather than use the functions that is designed for this kind of work. I'd verify that the host has everything setup correctly, trying to debug the script(s), anything to get the fileuploads working as they should.
If the host intentionally disabled file uploads somehow, it would be pretty odd that they'd still used the --enable-ftp during php installation...
I personally would not use ftp as a workaround for this, rather than use the functions that is designed for this kind of work. I'd verify that the host has everything setup correctly, trying to debug the script(s), anything to get the fileuploads working as they should.
If the host intentionally disabled file uploads somehow, it would be pretty odd that they'd still used the --enable-ftp during php installation...
-
andrei.mita
- Forum Commoner
- Posts: 65
- Joined: Sun May 08, 2005 4:06 am
- Location: Barlad/Romania
the only case I would use ftp along with upload is when I need to chmod the folder in which the file will be written to. When the uploading is done, change mode of the folder not to be written again. I don't like to have the idea of keep the folder with 777 at all time. Of course with perl, you don't need to do this.