Be a Supporter!

Chmod

  • 619 Views
  • 9 Replies
New Topic Respond to this Topic
triRift
triRift
  • Member since: Jan. 26, 2005
  • Offline.
Forum Stats
Member
Level 12
Blank Slate
Chmod 2005-06-26 21:35:47 Reply

Me and my friends have been in production of our new site we just bought last saturday and yesterday we decided to write a media upload system for all of our movies/games. This way everything is run by a database and its just more conveniant in the long run. Well its pretty much finished except one thing, when the flash and image upload their chmod is set to 666 which means it wont be displayed on the web page.

So we just assumed thats the defualt for our servers upload. So I remembered seeing something about changing the chmod of a file with php. So I went on www.php.net and found the function quick. I tested it out on a random file on the server and it worked fine, but then I applied it to our script and it returns this:

Possible file upload attack! Here's some debugging info: Array ( )

I can't get it to work, heres the script, please tell me whats wrong...

$uploadDir = '/var/www/html/movies/';
$uploadFile = $uploadDir . $_FILES['moviefile']['name'];
$movief = 'http://www.tririft.net/movies/'. $_FILES['moviefile']['name'];

$ftp_server = "******";
$ftp_user_name = "**************";
$ftp_user_pass = "*******";

$file = $uploadFile;

// set up basic connection
$conn_id = ftp_connect($ftp_server);

// login with username and password
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);

$chmod_cmd="CHMOD 0744 ".$file;
$chmod=ftp_site($conn_id, $chmod_cmd);

// close the connection
ftp_close($conn_id);

henke37
henke37
  • Member since: Sep. 10, 2004
  • Offline.
Forum Stats
Member
Level 30
Blank Slate
Response to Chmod 2005-06-27 04:40:07 Reply

Funny that the string "possible upload" isn't in that script...


Each time someone abuses hittest, God kills a kitten. Please, learn real collision testing.

Sir-Davey
Sir-Davey
  • Member since: Jul. 9, 2001
  • Offline.
Forum Stats
Supporter
Level 19
Blank Slate
Response to Chmod 2005-06-27 08:11:32 Reply

At 6/27/05 04:40 AM, henke37 wrote: Funny that the string "possible upload" isn't in that script...

I think that's a php default error.

Anyways instead of FTP you should try using copy($_FILES['moviefile']['tmp_name'],$uploadFile = $uploadDir . $_FILES['moviefile']['name']);


BBS Signature
triRift
triRift
  • Member since: Jan. 26, 2005
  • Offline.
Forum Stats
Member
Level 12
Blank Slate
Response to Chmod 2005-06-27 09:34:14 Reply

no no no, we have that in the script, I didn't show you all the script, I'm only showing you the part thats supposed to change the chmod of the file to 744 because when the files are uploaded they are set to 666 so no one can access them.

Inglor
Inglor
  • Member since: Jan. 26, 2003
  • Offline.
Forum Stats
Member
Level 17
Blank Slate
Response to Chmod 2005-06-27 09:38:15 Reply

and the problam of just setting everything to 777 is?

Inglor
Inglor
  • Member since: Jan. 26, 2003
  • Offline.
Forum Stats
Member
Level 17
Blank Slate
Response to Chmod 2005-06-27 09:42:58 Reply

if you're using php 5 you can use ftp_chmod , it should make your life alot easier

Sir-Davey
Sir-Davey
  • Member since: Jul. 9, 2001
  • Offline.
Forum Stats
Supporter
Level 19
Blank Slate
Response to Chmod 2005-06-27 10:42:06 Reply

Well then just use the chmod command


BBS Signature
triRift
triRift
  • Member since: Jan. 26, 2005
  • Offline.
Forum Stats
Member
Level 12
Blank Slate
Response to Chmod 2005-06-27 11:00:38 Reply

Well we want it to be conveniant so when we do submit movies/games we dont have to manually go in and change its chmod through ftp.

But dont worry me and my friend just fixed it, we figured out that it was trying to change the chmod of the file before the file was even uploaded so we made the scripts activate to change their chmod once its been confirmed that they have been uploaded.

Thnx anyways guys...

Zune
Zune
  • Member since: Jun. 25, 2004
  • Offline.
Forum Stats
Member
Level 17
Blank Slate
Response to Chmod 2005-06-27 12:43:10 Reply

At 6/27/05 09:38 AM, Inglor wrote: and the problam of just setting everything to 777 is?

Yeah, when I always had a script with uploading, etc. the chmod 777 always worked for me.

triRift
triRift
  • Member since: Jan. 26, 2005
  • Offline.
Forum Stats
Member
Level 12
Blank Slate
Response to Chmod 2005-06-27 13:11:39 Reply

one thing I don't think you guys understood here is that when the files were set to 644 when they were uploaded, we dont set them that way, its just a server default or something...