Page 1 of 1

Protecting myself from dataloss using PHP's FTP functions

Posted: Tue Aug 04, 2009 5:43 am
by SvanteH
I did this script in the morning and I am wondering if this is failsafe aka it won't delete files that haven't been uploaded. Also is my unique name generator an overkill? As I am measuring ms there's really no way for them to have the same name is it? If a name actually do exists already it sounds more like that my script uploaded an empty file or something (only chance of the name to be same) and thus better to raise an error rather then trying to fix it.


The base64 encoding is just for the employers incase they find the *.php file and opens it. I don't expect them to open it in the first place nor to change/remove anything. It's merely a _small_ (even if easily decoded) security add-on.

Code: Select all

<?php
  
  /*****LOGGING*****/
  function get_log_date()
  {
    return date("[D M j H:i:s Y]");
  }
  
  
  /*****PREPARATION*****/
  // @ftp_connect ( string $host [, int $port= 21 [, int $timeout= 90 ]] )
  $ftp = ftp_connect(base64_decode($host), $port); 
  if($ftp)
  {
    //Login onto the server
    $ftpLoginResult = ftp_login($ftp, base64_decode($username), base64_decode($password));
    if($ftpLoginResult)
    {
      //Set passive mode
      ftp_pasv($ftp, true);
      
      
      //Lists
      $hostFileList = ftp_nlist($ftp, $hostDir);
      $localFileList = scandir($localDir);
      
      //Remove "." and ".." listings
      array_shift($localFileList);
      array_shift($localFileList);
      if(empty($localFileList)) { die("There wasn't any files to upload.\r\nDet fanns inga filer att ladda upp."); }
      
      foreach($localFileList as $file)
      {
        //Generate unique name
        $uid = microtime(true);
        $uid = str_replace(".", "", $uid);
        $fileExtension = explode(".", $file);
        $fileExtension = $fileExtension[count($fileExtension)-1];
        $count = 0; 
        $uniqueFilename = "$uid$count.$fileExtension";
         
        while (array_search($uniqueFilename, $hostFileList) !== FALSE)
        {
          $count++;
          $uniqueFilename = "$uid$count.$fileExtension"; 
        }
        
        if(ftp_put($ftp, $hostDir.$uniqueFilename, $localDir.$file, FTP_BINARY))
        {
          //Add the new filename in the host-list
          $hostFileList[] = $uniqueFilename; 
          $deleteQueue[] = $file;
 
          file_put_contents($logPath, get_log_date() . " [notice] ($file) has been uploaded to FTP ($uniqueFilename).\r\n", FILE_APPEND);
        } else {
          file_put_contents($logPath, get_log_date() . " [error] ($file) could not be uploaded.\r\n", FILE_APPEND);
          $setError = true;
        }
      }
      
      foreach($deleteQueue as $deleteItem)
      {
        //Delete old files after sucessfull upload
        unlink($localDir.$deleteItem);
      }
      
      if($setError)
      {
        echo "Error! Something has gone wrong, check uploads.log and/or try again.\r\nFel! Nagot har gatt fel, kolla uploads.log och forsok igen.";
      } else {
        echo "Sucess! File(s) has been uploaded sucessfully.\r\nSlutf'o'rt! Fil(erna) har laddats upp utan problem.";
      } 
    } else {
      file_put_contents($logPath, get_log_date() . " [error] Username or password is not correct.\r\n", FILE_APPEND);
    }
  } else {
    file_put_contents($logPath, get_log_date() . " [error] Could not connect to the server.\r\n", FILE_APPEND);
  }
  
  ftp_close($ftp);
?>