Problems uploading to a password protected folder

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mk_silence
Forum Newbie
Posts: 4
Joined: Sat Jun 21, 2003 5:28 am
Location: Cluj-Napoca, Romania
Contact:

Problems uploading to a password protected folder

Post by mk_silence »

Hi there,

I experience problems in uploading files to a password protected folder. The protected folder contains only pictures and it's protected from outsiders via direct link but for registered users should be ok to view. I wrote a script that can access the files in there and display them in the browser and the script passes the protection system because it resides on the server. It should work the same with the upload thing, but it doesn't. I use move_uploaded_file. The OS is Linux, the server is Apache 1.3.27 and PHP is 4.3.1

What can I do?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

does the account the webserver/script runs as have write permission for that directory?
you might use is_writable('nameOfDirectory') to determine this.
http://www.zend.com/manual/function.is-writable.php
mk_silence
Forum Newbie
Posts: 4
Joined: Sat Jun 21, 2003 5:28 am
Location: Cluj-Napoca, Romania
Contact:

Post by mk_silence »

The protected directory has a chmod of 755, (drwxr-xr-x)
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

which means: only the owner (or root) can write to this directory (/create files).
Is the webserver's account really the owner of the directory?
Often apache runs as user 'nobody' or 'apache'
mk_silence
Forum Newbie
Posts: 4
Joined: Sat Jun 21, 2003 5:28 am
Location: Cluj-Napoca, Romania
Contact:

Post by mk_silence »

Problem solved - file permissions stuff

I used something like this:

I changed the mod of the protected folder to 777 and same for all the subfolders in it. Since the folder is password protected through apache, I think it's safe. Actualy, I tested it. The upload script is also protected through a session check
Judas
Forum Commoner
Posts: 67
Joined: Tue Jun 10, 2003 3:34 pm
Location: Netherlands

Post by Judas »

0777
mk_silence
Forum Newbie
Posts: 4
Joined: Sat Jun 21, 2003 5:28 am
Location: Cluj-Napoca, Romania
Contact:

Post by mk_silence »

sure :) I bumped into this before on another project and spent about 2 days to figure out what went wrong. That's what happens when you don't read CAREFULLY the documentation.
Post Reply