Page 1 of 1

Issue with mkdir & chmod

Posted: Fri Sep 05, 2008 11:40 am
by uhmaster2000
~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.


This code has been driving me nuts. :banghead:
Basically. When I submit the artist's name it goes to "artist" and makes "artist/artistname" @777
Its is supposed to make "artist/artistname/photos" "artist/artistname/music" "artist/artistname/video" "artist/artistname/flow"
@ 777 but it doesnt.. what am i doing wrong :dubious:

Code: Select all

 
<?php
include 'connect.php';
include 'session.php';
$status = "Admin Control Center.";
// ----------------------------------------------------------------------
// FUNCTIONS ------------------------------------------------------------
// ----------------------------------------------------------------------
function qs($value){
        if (get_magic_quotes_gpc()) {
                $value = stripslashes($value);
        }
        if (!is_int($value)) {
                $value = "'" . mysql_real_escape_string($value) . "'";
        }
        return $value;
 
}
// ----------------------------------------------------------------------
// POST ACTIONS ---------------------------------------------------------
// ----------------------------------------------------------------------
 
if(count($_POST) > 0) {
    if(isset($_POST['tango'])){ 
        $zebra=explode(':', $_POST['tango']);
        $x=0;
        foreach($zebra as $valus) {
            $x++;
            $sqlz='update booms_artists set `rank`=' .$x .' where id='.qs($valus);
            //echo $sqlz;
            $msql=mysql_query($sqlz) or die(mysql_error());
        }
    }
        if($_POST['mod'] == "c5"){
                
 
                
               if(file_exists("artists/".$_POST['name'])) {
               $status="This Artist Already Exists, Please Choose a Different Name.";
               }else{
               mkdir("artists/".$_POST['name'], 0777);
               chmod("artists/".$_POST['name'], 0777); 
               mkdir("artists/".$_POST['name']."/photos/", 0777);
               chmod("artists/".$_POST['name']."/photos/", 0777); 
               mkdir("artists/".$_POST['name']."/music/", 0777);
               chmod("artists/".$_POST['name']."/music/", 0777);
               mkdir("artists/".$_POST['name']."/video/", 0777);
               chmod("artists/".$_POST['name']."/video/", 0777);
               mkdir("artists/".$_POST['name']."/flow/", 0777);
               chmod("artists/".$_POST['name']."/flow/", 0777);
               
               $sql = 'INSERT INTO booms_artists set name='.qs($_POST['name']);
               mysql_query($sql) or die(mysql_error());
               $status = "Entry Updated.";
               }
              
                                                                
                
        }elseif($_POST['mod'] == "edit"){
                //add image
                $id = $_POST['id'];
                $subname = $_POST['name'];
                
                if(rename("artists/".$subname, "artists/".$_POST['new_name'])){
                $sql = 'UPDATE booms_artists SET name='.qs($_POST['new_name']);
                $sql .= ' WHERE id='.$id;
                $status="Rename Successful.";
                mysql_query($sql) or die(mysql_error()); 
                }else{
                $status="Error: Could Not Rename";
                }
                
                                                
        }elseif($_POST['mod'] == "c6"){
                 //delete stuff
                $id = $_POST['id'];
                $sql = sprintf("DELETE FROM booms_artists WHERE id=%s", qs($id));
                mysql_query($sql) or die(mysql_error());
                $status = "Entry deleted";    
        }
 
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
 
<body>
 
<?php include('aux_links.php'); ?>
<br />
<?php echo $status ?><br /><br/>
Add New Artist<br />
<form method="post" action="">
<input type="hidden" name="mod" value="c5" />
<table>
</tr>
<tr>
<td valign="top" colspan="2" >Enter The Name of Your Artist: 
  <input name="name" type="text" id="name" size="70" />
</td>
</tr>
<tr>
<td valign="top">
<input type="submit" class="button" name="submit" value=" Add "/>
</form>
</td>
</tr>
</table>
 
<?php
echo "<p><strong>Change Artist Name or Delete Artist</strong></p>";
         
        $sql = "SELECT * FROM booms_artists order by `rank` ASC";
        $result = mysql_query($sql);    
        echo '<ul id="boxes" >';
        while($row = mysql_fetch_assoc($result)){
                $id = $row['id'];
                $name = $row['name'];
                echo "
                <li id=\"$id\" class=\"box\">
                <form method=\"post\" action=\"\" enctype=\"multipart/form-data\">
                <input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"50000000\" />
                <input type=\"hidden\" name=\"mod\" value=\"edit\" />
                <input type=\"hidden\" name=\"name\" value=\"$name\" />
                <input type=\"hidden\" name=\"id\" value=\"$id\" />
                <table width=\"100%\"  class=\"tabe\">
                <tr>
                <td>Edit Artist Name (Do Not Use Spaces or Punctuation Marks)</td>
                </tr>
                <tr>
                <td colspan=\"2\">
                <p><input name=\"new_name\" type=\"text\" size=\"70\" value=\"$name\" /></p>
                </td>
                </tr>
                <tr>
                <td colspan=\"2\">
                
                <table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\">
                <tr>
                <td>
                <input type=\"submit\" class=\"button\" name=\"submit\" value=\"Edit\"/></form>
                </td>
                <td>
                <form action=\"\" method=\"post\">
                <input type=\"hidden\" name=\"mod\" value=\"c6\" />
                <input type=\"hidden\" name=\"id\" value=\"$id\" />
                <input type=\"hidden\" name=\"oldmid\" value=\"$smid\" />
                <input type=\"hidden\" name=\"name\" value=\"$name\" />
                <input type=\"submit\" value=\"Delete\" />
                </form>
                </td></tr></table>
                </td>
                </tr>
                </table><br/></li>";
                
                $ct++;
                
        }
echo '</ul>
<br/><br/>
<form method="post" id="whiskey" name="whiskey" style="padding:0;margin:0;">
<input name="tango" id="tango" type="hidden" /><input type="submit" value="Update Order" /></form>';
?>
 
</body></html>
 

~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: :arrow: Posting Code in the Forums to learn how to do it too.

Re: Issue with mkdir & chmod

Posted: Fri Sep 05, 2008 12:15 pm
by pickle
Noticed a couple things: The default mode is 0777, so you should need to specify it in mkdir, nor have a second chmod call. Also, you should NEVER use user data to access the file system. Granted you're writing and not deleting, so it's not as bad as it could be. However, if I put a few '..' in as my "Artist", I can get an idea of what your filesystem looks like. You should sanities your $_POST['name'] and use realpath() to make sure the user is being nice.

As for the problem you actually asked about ;), I'm not sure. What happens if you just call mkdir() with the path & no special mode, and don't call chmod after it? Maybe you're making a directory you don't have rights to?

Re: Issue with mkdir & chmod

Posted: Fri Sep 05, 2008 12:37 pm
by uhmaster2000
So I removed the 777 @ then end of the mkdir. and @ removed the chmod. still doesnt do it. i think im going to probably just have to rewrite the script to use ftp. b/c i need to make it so it removes the directory after they del the artist. i didnt think it was very secure in the first place. just picked up an admin backend from the place im currentally working. eh better get coding. thanks :mrgreen: