Newgrounds.com — Everything, By Everyone.

Me and my friends have been in production of our new site we just bought last saturday and yesterday we decided to write a media upload system for all of our movies/games. This way everything is run by a database and its just more conveniant in the long run. Well its pretty much finished except one thing, when the flash and image upload their chmod is set to 666 which means it wont be displayed on the web page.

So we just assumed thats the defualt for our servers upload. So I remembered seeing something about changing the chmod of a file with php. So I went on www.php.net and found the function quick. I tested it out on a random file on the server and it worked fine, but then I applied it to our script and it returns this:

Possible file upload attack! Here's some debugging info: Array ( )

I can't get it to work, heres the script, please tell me whats wrong...

$uploadDir = '/var/www/html/movies/';
$uploadFile = $uploadDir . $_FILES['moviefile']['name'];
$movief = 'http://www.tririft.net/movies/'. $_FILES['moviefile']['name'];

$ftp_server = "******";
$ftp_user_name = "**************";
$ftp_user_pass = "*******";

$file = $uploadFile;

// set up basic connection
$conn_id = ftp_connect($ftp_server);

// login with username and password
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);

$chmod_cmd="CHMOD 0744 ".$file;
$chmod=ftp_site($conn_id, $chmod_cmd);

// close the connection
ftp_close($conn_id);

Funny that the string "possible upload" isn't in that script...

no no no, we have that in the script, I didn't show you all the script, I'm only showing you the part thats supposed to change the chmod of the file to 744 because when the files are uploaded they are set to 666 so no one can access them.

and the problam of just setting everything to 777 is?

if you're using php 5 you can use ftp_chmod , it should make your life alot easier

Well we want it to be conveniant so when we do submit movies/games we dont have to manually go in and change its chmod through ftp.

But dont worry me and my friend just fixed it, we figured out that it was trying to change the chmod of the file before the file was even uploaded so we made the scripts activate to change their chmod once its been confirmed that they have been uploaded.

Thnx anyways guys...

At 6/27/05 09:38 AM, Inglor wrote: and the problam of just setting everything to 777 is?

Yeah, when I always had a script with uploading, etc. the chmod 777 always worked for me.

one thing I don't think you guys understood here is that when the files were set to 644 when they were uploaded, we dont set them that way, its just a server default or something...