How To Get Rid Of Need For 777

liunx

Guest
I have a file upload script that is straight from the PHP manual (see below). It works great, but I only if I set the permissions on the uploads directory to be 777. This doesn't seem real secure. I've researched this issue in the PHP forums and people talk about setting the security on the upload directory so that user 'nobody' (user Apache runs under) can write it. I'm a Unix newby, but I can't see any option in the cpanel to do that. Any ideas? <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/blink.gif" style="vertical-align:middle" emoid=":blink:" border="0" alt="blink.gif" /> <br /><br /><?php<br />// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead<br />// of $_FILES.<br /><br />$uploaddir = 'uploads/';<br />$uploadfile = $uploaddir . $_FILES['userfile']['name'];<br /><br />print "<pre>";<br />if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {<br /> print "File is valid, and was successfully uploaded. ";<br /> print "Here's some more debugging info:\n";<br /> print_r($_FILES);<br />} else {<br /> print "Possible file upload attack! Here's some debugging info:\n";<br /> print_r($_FILES);<br />}<br />print "</pre>";<br /><br />?><!--content-->
Closing thread. There is no reason to post in multiple forums we read them all.<!--content-->
 
Back
Top