The forums have permanently moved to forum.kirupa.com. This forum will be kept around in read-only mode for archival purposes. To learn how to continue using your existing account on the new forums, check out this thread.


Results 1 to 14 of 14

Thread: Uploading file with PHP and chmod

  1. #1

    Uploading file with PHP and chmod

    I am attempting to upload a file to a directory on my web server. I am using PHP to upload the file to this server. However, only members that have registered can upload and view the files. Can I use CHMOD on the file to set permissions so that files themselves can only add and view the content? Therefor, only users that have logged on from the code in the file can view the photos.

    Thanks

  2. #2
    yea when the upload is completed you can run...
    PHP Code:
    $file '/this/would/be/the/path/to/the/file.txt';
    chmod($file0644); 
    that's w/ chmod, but realistically... you need to create a user login script.
    Let us live so that when we come to die even the undertaker will be sorry. - Mark Twain
    Don't PM me your CSS, xHTML, JS or PHP questions. I will not reply to ANY IE6 questions.

  3. #3
    So would the folder have to be set to 777 and then set the file to 644?

  4. #4
    right, folder 777 so you can upload files into that folder... and files 644 OR 755
    Let us live so that when we come to die even the undertaker will be sorry. - Mark Twain
    Don't PM me your CSS, xHTML, JS or PHP questions. I will not reply to ANY IE6 questions.

  5. #5
    I tried what you suggested, but I could still view the photograph when I went into the directory and clicked on the image name.

  6. #6
    Any other suggestions?

  7. #7
    Well if what you're trying to do is allow some people to see it and some people to not see it... it won't be able to be done w/ just CHMOD (at least not that i know). As I said in the first post you'll have to create some sort of user system that if a user has proper permissions (stored in a database not via apache), a script will access the pictures from a folder outside of your public folder, based on their permission.
    Let us live so that when we come to die even the undertaker will be sorry. - Mark Twain
    Don't PM me your CSS, xHTML, JS or PHP questions. I will not reply to ANY IE6 questions.

  8. #8
    I already have a user system that a person logs in to. But, I can't figure out how to show these images to the logged users and at the same time restricting these images in a folder (without .htaccess or anything) and having only people who are logged in able to see it. I was thinking the chmod would be a way to do it?

  9. #9
    no the only real way to do it would be to put the images outside of the public folder then use a script to call the images, the public folder being the folder you upload your site into. so you'd need to create another folder on the same level as that folder.
    Let us live so that when we come to die even the undertaker will be sorry. - Mark Twain
    Don't PM me your CSS, xHTML, JS or PHP questions. I will not reply to ANY IE6 questions.

  10. #10
    oh also... i guess another way that you could do it is store the images as a BLOB in your DB that way you can assign the user to the image that way, and it's all virtual. I myself am not a fan of BLOBs but they can work.
    Let us live so that when we come to die even the undertaker will be sorry. - Mark Twain
    Don't PM me your CSS, xHTML, JS or PHP questions. I will not reply to ANY IE6 questions.

  11. #11
    Yeah I don't want to use the database blob. So, I create a folder on my toplevel directory before I even select the folder where I upload files and create a directory? What do I set the permissions as? Because I feel like its the same either way if Its a directory outside the public folder or inside

  12. #12
    1,839
    posts
    Registered User
    BLOBS will slow down your site terribly if you start getting hits in volume

  13. #13
    Oh by the way, for some reason my web host doesn't really have a public_html folder because I am allowed unlimited web sites so when I login to my account on FTP, it just lists each domain name, not really www or public_html folders...

  14. #14
    Quote Originally Posted by dreamerp View Post
    Yeah I don't want to use the database blob. So, I create a folder on my toplevel directory before I even select the folder where I upload files and create a directory? What do I set the permissions as? Because I feel like its the same either way if Its a directory outside the public folder or inside
    Right I'm also against BLOB some people like them. But I've always stayed away from them. Anyway, if you put your files outside of your public directory they can't be called except via a script. I have a demo of this that i put together, to show proof of concept, at the end of this thread if you just want to skip all my gibberish below, it's late so my gibberish may not make sense anyway

    Normally say if you goto www.site.com/files/myfile.jpg it'll bring up the jpg... the server path for that could actually be something like
    Code:
    /var/www/host/site.com/httpdocs/files/myfile.jpg
    so every file you call you're calling normally is called from that httpdocs, so needs to be done is you need to have a folder that's in that same level as httpdocs. cause no matter what the end-user tries he/she won't be able to access that every file they try to call by default will use the httpdocs. I think you got what I was saying about it earlier, but just wanted to reiterate it. Note that you don't HAVE use a none public folder, it's just more secure. But if you use a public folder you will have to obfuscate where you're pulling your images from , well you do w/ both methods. Just one has the possibility of being downloaded directly the other doesn't.

    So say you put a folder on that same level... lets call it 'files'. While the end-user can't access that folder your scripts can. So if you have your file uploader you prolly normally do something like this for the path, i.e.
    Code:
    $path = '/files/';
    which in terms of the server is
    Code:
    /var/www/host/site.com/httpdocs/files/
    but you can generally back that out even further by doing using the server-relative path
    Code:
    $path = '/var/www/host/site.com/files/';
    notice how i'm forcing it to go into files and NOT httpdocs.

    Your next step would be your database which you already have. For this example I have two tables:

    users
    user_id, username, password

    and

    files
    file_id, user_id, filename

    now you can upload your files in any form you want... like...when someone registers it creates a folder w/ their user_id number in it... OR when you upload you just dump all the files in the files folder and append the user_id to the front of each file. so you can either have files/1/myfile.jpg or files/1_myfile.jpg. Something that will allow you to give unique identifiable names to your files.

    your last step would be to create a downloader file that will take a query string parse the query and convert it into an image, on a session identifier that should match w/ say the user_id or username... whatever floats your boat. what'd you'd do is when that file is called... something like download.php?image=yourimage.jpg, which will go out and fetch it from the nonpublic folder as if it was a public file.

    ANYWHO... with that being said here's the demo I put together that illustrates this:

    http://dev.beyondthepixel.com/_lab/secure_downloads/

    User 1
    username : demouser1
    password : password

    User 2
    username : demouser2
    password : password

    go ahead and toggle between the two and try and grab each others files, and all that snaziness
    Let us live so that when we come to die even the undertaker will be sorry. - Mark Twain
    Don't PM me your CSS, xHTML, JS or PHP questions. I will not reply to ANY IE6 questions.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012