[FX.php List] Upload script in PHP?

Bob Patin bob at patin.com
Mon Mar 13 14:39:18 MST 2006


Just curious: why do people recommend removing the phpinfo file? Is  
it a security concern?

Thanks,

Bob


On Mar 13, 2006, at 2:31 PM, Marisa Smith wrote:

> Bob
>
> If you create a phpinfo.php file, with this as the content:
>
> <?php
> phpinfo();
> ?>
>
> You will be able to see the path to your php.ini file so you can  
> find and edit in in the terminal.  Be sure to remove this info file  
> when you are done.
>
> Marisa
>
> ---------------------------------------------------------------------
> Marisa Smith, President
> DataSmith Consulting, LLC
> 9206 Huron River Drive
> Dexter, MI 48130
> Phone & Fax: (734) 426-8077
> http://www.datasmithconsulting.net
> Filemaker Solutions Alliance Associate Member
>
> On Mar 13, 2006, at 3:24 PM, Bob Patin wrote:
>
>> Actually, I'm in Mac OS X Server, which is Apache; anyone out  
>> there familiar with OS X Server who could tell me how to get to  
>> 'php.ini' in the Terminal? I seem to recall editing a text file in  
>> there before, but can't remember the command to do that.
>>
>> Thanks,
>>
>> Bob Patin
>> Longterm Solutions
>> bob at longtermsolutions.com
>> 615-333-6858
>> http://www.longtermsolutions.com
>>
>>   CONTACT US VIA SKYPE:
>>      USERNAME: longtermsolutions
>>
>>   CONTACT US VIA INSTANT MESSAGING:
>>      AIM or iChat: longterm1954
>>      Yahoo: longterm_solutions
>>      MSN: bob at patin.com
>>      ICQ: 159333060
>>
>>
>> On Mar 13, 2006, at 1:42 PM, Daniel P. Brown wrote:
>>
>>>
>>>
>>>    Permissions on the upload folder, if it's going to be public,  
>>> should be 777.  Conversely, you can change the ownership to  
>>> nobody (or whatever the Apache user on your system is), and chmod  
>>> it to 700, or change the group to nobody (again, whatever your  
>>> Apache user is) and chmod it to 770.
>>>
>>>    If you're using a standard Linux system, php.ini is usually  
>>> just in the /etc/ directory.  You can type `locate -u` and then  
>>> `locate php.ini` if you want to try to find it that way.  It's  
>>> possible that your slocate database is outdated, hence the  
>>> inability to locate the file.
>>>
>>>          ~ Dan
>>>
>>> Bob Patin wrote:
>>>> Dale,
>>>>
>>>> Thanks for the reply; I'd tried that code but I suspect I need  
>>>> to change the permissions on the "upload" folder. What do you  
>>>> recommend that I set the permissions to for that folder, if not  
>>>> "www?"
>>>>
>>>> Also, how do I get to the php.ini file? I tried searching for it  
>>>> on the web server but didn't find it, but I vaguely recall  
>>>> working on it in the past. Do I have to use Terminal?
>>>>
>>>> Thanks a lot,
>>>>
>>>> Bob Patin
>>>> Longterm Solutions
>>>> bob at longtermsolutions.com
>>>> 615-333-6858
>>>> http://www.longtermsolutions.com
>>>>
>>>>   CONTACT US VIA SKYPE:
>>>>      USERNAME: longtermsolutions
>>>>
>>>>   CONTACT US VIA INSTANT MESSAGING:
>>>>      AIM or iChat: longterm1954
>>>>      Yahoo: longterm_solutions
>>>>      MSN: bob at patin.com
>>>>      ICQ: 159333060
>>>>
>>>>
>>>> On Mar 13, 2006, at 11:11 AM, Dale Bengston wrote:
>>>>
>>>>> Hi Bob,
>>>>>
>>>>> I took mine right from the php.net's examples about uploading  
>>>>> files:
>>>>>
>>>>> <http://us2.php.net/manual/en/features.file-upload.php>
>>>>>
>>>>> Here is their upload HTML form:
>>>>>
>>>>> <!-- The data encoding type, enctype, MUST be specified as  
>>>>> below -->
>>>>> <form enctype="multipart/form-data" action="__URL__"  
>>>>> method="POST">
>>>>>     <!-- MAX_FILE_SIZE must precede the file input field -->
>>>>>     <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
>>>>>     <!-- Name of input element determines name in $_FILES array  
>>>>> -->
>>>>>     Send this file: <input name="userfile" type="file" />
>>>>>     <input type="submit" value="Send File" />
>>>>> </form>
>>>>>
>>>>> The three comment lines identify the big differences in this  
>>>>> form and more traditional html forms. Note that the  
>>>>> MAX_FILE_SIZE value is largely ignored by the browser, so  
>>>>> you'll need to evaluate that after the file is uploaded (file  
>>>>> size is part of the $_FILES array... see immediately below).
>>>>>
>>>>> Once uploaded, PHP stores info about the file in the $_FILES  
>>>>> array. You can find the details of the elements of $_FILES on  
>>>>> the page linked above, but the elements for the uploaded  
>>>>> 'userfile' above are:
>>>>>
>>>>> $_FILES['userfile']['name'] The original name of the uploaded  
>>>>> file on the client machine.
>>>>>
>>>>> $_FILES['userfile']['type'] The mime type of the file, if the  
>>>>> browser provided this information. An example would be "image/ 
>>>>> gif". This mime type is however not checked on the PHP side and  
>>>>> therefore don't take its value for granted.
>>>>>
>>>>> $_FILES['userfile']['size'] The size, in bytes, of the uploaded  
>>>>> file.
>>>>>
>>>>> $_FILES['userfile']['tmp_name'] The temporary filename of the  
>>>>> file in which the uploaded file was stored on the server.
>>>>>
>>>>> $_FILES['userfile']['error'] The error code associated with  
>>>>> this file upload. This element was added in PHP 4.2.0
>>>>>
>>>>> The uploaded file lands in a temp directory, and you use php's  
>>>>> move_uploaded_file() to relocate it to your appropriate web  
>>>>> directory. You can also rename it and use the values in $_FILES  
>>>>> check for different file types and file sizes (although the  
>>>>> mime type thing isn't bulletproof).
>>>>>
>>>>> Things to watch out for: file and folder permissions on the  
>>>>> final resting place for your uploads, since the www user has  
>>>>> pretty limited access. Also, your php.ini file probably has a  
>>>>> upload_max_filesize set to 2MB. If the PDFs being uploade are  
>>>>> larger than 2MB, you'll need to up this value. If you're  
>>>>> changing upload_max_filesize, you'll need to look at  
>>>>> post_max_size too.
>>>>>
>>>>> Hope this helps,
>>>>> Dale
>>>>>
>>>>>
>>>>> On Mar 13, 2006, at 9:59 AM, Bob Patin wrote:
>>>>>
>>>>>> Does anyone have any code for writing a simple upload script  
>>>>>> in PHP? I tried some code that I found online, but have been  
>>>>>> unable to get it to work.
>>>>>>
>>>>>> I have a client who needs to put a form on their site so that  
>>>>>> clients can upload PDF files directly into their web folder on  
>>>>>> the web server.
>>>>>>
>>>>>> Any help would be greatly appreciated.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Bob Patin
>>>>>> Longterm Solutions
>>>>>> bob at longtermsolutions.com
>>>>>> 615-333-6858
>>>>>> http://www.longtermsolutions.com
>>>>>>
>>>>>>   CONTACT US VIA SKYPE:
>>>>>>      USERNAME: longtermsolutions
>>>>>>
>>>>>>   CONTACT US VIA INSTANT MESSAGING:
>>>>>>      AIM or iChat: longterm1954
>>>>>>      Yahoo: longterm_solutions
>>>>>>      MSN: bob at patin.com
>>>>>>      ICQ: 159333060
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> FX.php_List mailing list
>>>>>> FX.php_List at mail.iviking.org
>>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>
>>>>> _______________________________________________
>>>>> FX.php_List mailing list
>>>>> FX.php_List at mail.iviking.org
>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20060313/0909c312/attachment-0001.html


More information about the FX.php_List mailing list