Situation:
My server has several web accounts (/home/*/public_html). I am trying to write a pseudo-WS_FTP program to permit upload/management of files on the server, including mkdir, rmdir, chmod, etc.
Problem:
There is a security issue. I want users to be able to create/alter files in their directories only, similiar to if they were accessing the server via WS_FTP or an SSH client (user1 can play with files in /home/user1/, but not in /home/user2/). Therefore, doing a chmod(0777) to all directories is not an option.
What I basically need is a way for PHP to login to the server as if the user is coming from an SSH console.
Note: Since I am the sys admin, I can easily make a DB table with username/password/homeDir combinations when I set up new users.
Note 2: Having users go through WS_FTP, PSFTP, etc., is not an option according to my boss.
Login using server accounts
Moderator: General Moderators
Try this one
http://webmanager.sourceforge.net/
Try this program... I have played with it a bit... seems to work fine, however, no guarantees!
Try this program... I have played with it a bit... seems to work fine, however, no guarantees!
Can you have people upload to an "incoming/username" directory with web writeable permissions, with a priviledged cron job moving files to the local protected /home/username/ directories? Or you could even just load the files into the database directory and not bother with recreating a duplicate incoming filesystem....
I have been working on a file upload html page for people to send large files, databases, to have repaired (re-indexed etc), but I have created a short script to do just the uploading....
<?php
ini_set('upload_max_filesize','50M');
ini_set('post_max_size','55M');
ini_set('max_execution_time','0');
ini_set('memory_limit','50M');
//header("Content-Transfer-Encoding: binary");
?>
<html>
<head>
<body>
<form enctype="multipart/form-data" action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="50000000">
File: <input name="userfile" type="file" /><br />
<input type="submit" value="Upload" />
</form>
<?php
if (@is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
//copy($_FILES["userfile"]["tmp_name"], "files/" . $_FILES["userfile"]["name"]);
move_uploaded_file($_FILES["userfile"]["tmp_name"], "files/" . $_FILES["userfile"]["name"]);
echo "<p>File uploaded successfully.</p>";
}
?>
</body></html>
My first hurdle was the files were over the 2Mg limit (solved by editing the .htaccess - php values), now the second, some... not many are over the 8Mg limit.. (last week one was almost 30Mg).
Do you find the need for files over the 8Mg limit, and if so, how do you think you would get around it?
Thanks, James
<?php
ini_set('upload_max_filesize','50M');
ini_set('post_max_size','55M');
ini_set('max_execution_time','0');
ini_set('memory_limit','50M');
//header("Content-Transfer-Encoding: binary");
?>
<html>
<head>
<body>
<form enctype="multipart/form-data" action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="50000000">
File: <input name="userfile" type="file" /><br />
<input type="submit" value="Upload" />
</form>
<?php
if (@is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
//copy($_FILES["userfile"]["tmp_name"], "files/" . $_FILES["userfile"]["name"]);
move_uploaded_file($_FILES["userfile"]["tmp_name"], "files/" . $_FILES["userfile"]["name"]);
echo "<p>File uploaded successfully.</p>";
}
?>
</body></html>
My first hurdle was the files were over the 2Mg limit (solved by editing the .htaccess - php values), now the second, some... not many are over the 8Mg limit.. (last week one was almost 30Mg).
Do you find the need for files over the 8Mg limit, and if so, how do you think you would get around it?
Thanks, James