[FX.php List] Upload script in PHP?
Bob Patin
bob at patin.com
Mon Mar 13 14:39:18 MST 2006
Just curious: why do people recommend removing the phpinfo file? Is
it a security concern?
Thanks,
Bob
On Mar 13, 2006, at 2:31 PM, Marisa Smith wrote:
> Bob
>
> If you create a phpinfo.php file, with this as the content:
>
> <?php
> phpinfo();
> ?>
>
> You will be able to see the path to your php.ini file so you can
> find and edit in in the terminal. Be sure to remove this info file
> when you are done.
>
> Marisa
>
> ---------------------------------------------------------------------
> Marisa Smith, President
> DataSmith Consulting, LLC
> 9206 Huron River Drive
> Dexter, MI 48130
> Phone & Fax: (734) 426-8077
> http://www.datasmithconsulting.net
> Filemaker Solutions Alliance Associate Member
>
> On Mar 13, 2006, at 3:24 PM, Bob Patin wrote:
>
>> Actually, I'm in Mac OS X Server, which is Apache; anyone out
>> there familiar with OS X Server who could tell me how to get to
>> 'php.ini' in the Terminal? I seem to recall editing a text file in
>> there before, but can't remember the command to do that.
>>
>> Thanks,
>>
>> Bob Patin
>> Longterm Solutions
>> bob at longtermsolutions.com
>> 615-333-6858
>> http://www.longtermsolutions.com
>>
>> CONTACT US VIA SKYPE:
>> USERNAME: longtermsolutions
>>
>> CONTACT US VIA INSTANT MESSAGING:
>> AIM or iChat: longterm1954
>> Yahoo: longterm_solutions
>> MSN: bob at patin.com
>> ICQ: 159333060
>>
>>
>> On Mar 13, 2006, at 1:42 PM, Daniel P. Brown wrote:
>>
>>>
>>>
>>> Permissions on the upload folder, if it's going to be public,
>>> should be 777. Conversely, you can change the ownership to
>>> nobody (or whatever the Apache user on your system is), and chmod
>>> it to 700, or change the group to nobody (again, whatever your
>>> Apache user is) and chmod it to 770.
>>>
>>> If you're using a standard Linux system, php.ini is usually
>>> just in the /etc/ directory. You can type `locate -u` and then
>>> `locate php.ini` if you want to try to find it that way. It's
>>> possible that your slocate database is outdated, hence the
>>> inability to locate the file.
>>>
>>> ~ Dan
>>>
>>> Bob Patin wrote:
>>>> Dale,
>>>>
>>>> Thanks for the reply; I'd tried that code but I suspect I need
>>>> to change the permissions on the "upload" folder. What do you
>>>> recommend that I set the permissions to for that folder, if not
>>>> "www?"
>>>>
>>>> Also, how do I get to the php.ini file? I tried searching for it
>>>> on the web server but didn't find it, but I vaguely recall
>>>> working on it in the past. Do I have to use Terminal?
>>>>
>>>> Thanks a lot,
>>>>
>>>> Bob Patin
>>>> Longterm Solutions
>>>> bob at longtermsolutions.com
>>>> 615-333-6858
>>>> http://www.longtermsolutions.com
>>>>
>>>> CONTACT US VIA SKYPE:
>>>> USERNAME: longtermsolutions
>>>>
>>>> CONTACT US VIA INSTANT MESSAGING:
>>>> AIM or iChat: longterm1954
>>>> Yahoo: longterm_solutions
>>>> MSN: bob at patin.com
>>>> ICQ: 159333060
>>>>
>>>>
>>>> On Mar 13, 2006, at 11:11 AM, Dale Bengston wrote:
>>>>
>>>>> Hi Bob,
>>>>>
>>>>> I took mine right from the php.net's examples about uploading
>>>>> files:
>>>>>
>>>>> <http://us2.php.net/manual/en/features.file-upload.php>
>>>>>
>>>>> Here is their upload HTML form:
>>>>>
>>>>> <!-- The data encoding type, enctype, MUST be specified as
>>>>> below -->
>>>>> <form enctype="multipart/form-data" action="__URL__"
>>>>> method="POST">
>>>>> <!-- MAX_FILE_SIZE must precede the file input field -->
>>>>> <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
>>>>> <!-- Name of input element determines name in $_FILES array
>>>>> -->
>>>>> Send this file: <input name="userfile" type="file" />
>>>>> <input type="submit" value="Send File" />
>>>>> </form>
>>>>>
>>>>> The three comment lines identify the big differences in this
>>>>> form and more traditional html forms. Note that the
>>>>> MAX_FILE_SIZE value is largely ignored by the browser, so
>>>>> you'll need to evaluate that after the file is uploaded (file
>>>>> size is part of the $_FILES array... see immediately below).
>>>>>
>>>>> Once uploaded, PHP stores info about the file in the $_FILES
>>>>> array. You can find the details of the elements of $_FILES on
>>>>> the page linked above, but the elements for the uploaded
>>>>> 'userfile' above are:
>>>>>
>>>>> $_FILES['userfile']['name'] The original name of the uploaded
>>>>> file on the client machine.
>>>>>
>>>>> $_FILES['userfile']['type'] The mime type of the file, if the
>>>>> browser provided this information. An example would be "image/
>>>>> gif". This mime type is however not checked on the PHP side and
>>>>> therefore don't take its value for granted.
>>>>>
>>>>> $_FILES['userfile']['size'] The size, in bytes, of the uploaded
>>>>> file.
>>>>>
>>>>> $_FILES['userfile']['tmp_name'] The temporary filename of the
>>>>> file in which the uploaded file was stored on the server.
>>>>>
>>>>> $_FILES['userfile']['error'] The error code associated with
>>>>> this file upload. This element was added in PHP 4.2.0
>>>>>
>>>>> The uploaded file lands in a temp directory, and you use php's
>>>>> move_uploaded_file() to relocate it to your appropriate web
>>>>> directory. You can also rename it and use the values in $_FILES
>>>>> check for different file types and file sizes (although the
>>>>> mime type thing isn't bulletproof).
>>>>>
>>>>> Things to watch out for: file and folder permissions on the
>>>>> final resting place for your uploads, since the www user has
>>>>> pretty limited access. Also, your php.ini file probably has a
>>>>> upload_max_filesize set to 2MB. If the PDFs being uploade are
>>>>> larger than 2MB, you'll need to up this value. If you're
>>>>> changing upload_max_filesize, you'll need to look at
>>>>> post_max_size too.
>>>>>
>>>>> Hope this helps,
>>>>> Dale
>>>>>
>>>>>
>>>>> On Mar 13, 2006, at 9:59 AM, Bob Patin wrote:
>>>>>
>>>>>> Does anyone have any code for writing a simple upload script
>>>>>> in PHP? I tried some code that I found online, but have been
>>>>>> unable to get it to work.
>>>>>>
>>>>>> I have a client who needs to put a form on their site so that
>>>>>> clients can upload PDF files directly into their web folder on
>>>>>> the web server.
>>>>>>
>>>>>> Any help would be greatly appreciated.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Bob Patin
>>>>>> Longterm Solutions
>>>>>> bob at longtermsolutions.com
>>>>>> 615-333-6858
>>>>>> http://www.longtermsolutions.com
>>>>>>
>>>>>> CONTACT US VIA SKYPE:
>>>>>> USERNAME: longtermsolutions
>>>>>>
>>>>>> CONTACT US VIA INSTANT MESSAGING:
>>>>>> AIM or iChat: longterm1954
>>>>>> Yahoo: longterm_solutions
>>>>>> MSN: bob at patin.com
>>>>>> ICQ: 159333060
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> FX.php_List mailing list
>>>>>> FX.php_List at mail.iviking.org
>>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>
>>>>> _______________________________________________
>>>>> FX.php_List mailing list
>>>>> FX.php_List at mail.iviking.org
>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.iviking.org/pipermail/fx.php_list/attachments/20060313/0909c312/attachment-0001.html
More information about the FX.php_List
mailing list