| View previous topic :: View next topic |
| Author |
Message |
Usergnome
-
Joined: 23 Jan 2005
Posts: 19
|
 Posted: Sun Jan 23, 2005 8:03 am Post subject: Allowing Users To Upload Files To Server |
 |
|
I have been testing the following http server applications-On Windows Server 2003 Enterprise Edition In a Vmware Session:
Apache
IIS 6
Sun One Webserver
Abyss
Apache gave me a real bad headache
IIS 6.0 is bloatware as most microsoft products are
Sun One-I haven't a clue if I like it yet and wasn't ready after the apache scalping.
Abyss-Uh...Easy...Embeddable...what a relief.
I'm not too good with html when it comes to allowing users to upload files-and thats the whole thing behind the concept of my site...They need to be able to upload files to a their directory on the server.
I need some help with this...I don't want the code to be dependant on frontpage server extensions or any of that microsoft crap...
Any suggestions or links would be great thanks...
_________________
Great just F**kin,Great-Now You've went and broke the entire internet... |
|
| Back to top |
  |
 |
Glitch2082
-
Joined: 02 Dec 2004
Posts: 194
|
| Posted: Sun Jan 23, 2005 8:48 am Post subject: |
|
|
With PHP installed, you will have $_FILE at your descression. You can lookit up on the PHP Manual at php.net :D
_________________
int main() {
cout << "Im Pro Apache";
cin.get();
} |
|
| Back to top |
 |
|
Usergnome
-
Joined: 23 Jan 2005
Posts: 19
|
| Posted: Sun Jan 23, 2005 9:05 am Post subject: I see said the blind man,as he walked off the cliff |
|
|
That's very helpful I'm going through the tutorial now. I'll post more once i get a feel for what i'm doing.
Thank you
_________________
Great just F**kin,Great-Now You've went and broke the entire internet... |
|
| Back to top |
|
|
eyn
-
Joined: 11 Sep 2004
Posts: 32
Location: Canada
|
|
| Back to top |
 |
|
Usergnome
-
Joined: 23 Jan 2005
Posts: 19
|
| Posted: Sun Jan 23, 2005 10:27 pm Post subject: Ok Prior to posting I'd done a little research |
|
|
_________________
Great just F**kin,Great-Now You've went and broke the entire internet... |
|
| Back to top |
|
|
Usergnome
-
Joined: 23 Jan 2005
Posts: 19
|
| Posted: Sun Jan 23, 2005 10:30 pm Post subject: one more thing |
|
|
I should mention that i tried with a directory named uploads and uploadfile with the same negative results
_________________
Great just F**kin,Great-Now You've went and broke the entire internet... |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Sun Jan 23, 2005 10:40 pm Post subject: |
|
|
Have you set up PHP in Abyss as described here ? You don't just set it up by copying PHP to the Abyss folder...
http://www.aprelium.com/abyssws/php.html |
|
| Back to top |
|
|
Usergnome
-
Joined: 23 Jan 2005
Posts: 19
|
| Posted: Sun Jan 23, 2005 10:56 pm Post subject: N0000b |
|
|
Yep just after I posted that disertation I realized that I hadn't done that-I did it works better that previously-I knew it couldn't work like that-that's why I copied the binaries and the PHP folder into the folder-had I moved them I would've hosed the PHP installation...So now that I've made some progress its back to the scripts and getting the files uploaded-I am going to scrap my directories and start over fresh the more I typed the more I realized I was over complicating this...Any further suggestions are appreciated (other than RTFM) I know that-
Thanks
_________________
Great just F**kin,Great-Now You've went and broke the entire internet... |
|
| Back to top |
|
|
eyn
-
Joined: 11 Sep 2004
Posts: 32
Location: Canada
|
| Posted: Sun Jan 23, 2005 11:02 pm Post subject: |
|
|
Just to tell u that I have some problem with the HTML Goodies script, I tried but the getfile.php will return "notice: undefined" index and crap. I suggest you to use the script I used, that is the one I mentioned in my upload thread. It also allow multiple files upload by creating multiple file input field, might be more suitable for your case.
As Anonymoose said, you better make sure you have PHP installed before trying to run a PHP script. If it's installed properly, you should get the debug message if there's a script error. |
|
| Back to top |
|
|
Usergnome
-
Joined: 23 Jan 2005
Posts: 19
|
| Posted: Sun Jan 23, 2005 11:49 pm Post subject: Yep undefined index on line 8 & 9 |
|
|
Yes I am having the same problem now with that script-I'm going to try the other-that one does seem to be much better haven't tried it yet I thought I'd be better off with a single file upload but as we've seen that script don't work or requires something more...brb
_________________
Great just F**kin,Great-Now You've went and broke the entire internet... |
|
| Back to top |
|
|
Usergnome
-
Joined: 23 Jan 2005
Posts: 19
|
| Posted: Mon Jan 24, 2005 12:19 am Post subject: Ok got the script...need a clue |
|
|
Did I miss something in the tutorial-I have them in the \htdocs\Client Folder
But don't they need to be written in the index.html page if that's the first thing I want them to see after they authenticate-how do I do that ?? I don't understand all I get is the following when i go to http:\\127.0.0.1:8000\Client is the authentication applet and then an index of all files in the directory including the uploadform1.php uploadfom2.php and processfiles.php looks very blah and i can execute the scripts from the contents but they will not sucessfully upload anything..Logic tells me that the script needs to be told to put the uploaded files in a sub directory within /client like say /client/workorders -workorders being the folder where their files are located
Mostly .docs which brings up another point I want to disallow the upload of the following extensions .bat .exe .reg etc. to prevent anytype of malware from being uploaded.
Can't the php script be a sub function within a html page ? The page doesn't have to be all that aesthetically pleasing
_________________
Great just F**kin,Great-Now You've went and broke the entire internet... |
|
| Back to top |
|
|
Usergnome
-
Joined: 23 Jan 2005
Posts: 19
|
| Posted: Mon Jan 24, 2005 12:50 am Post subject: Progress |
|
|
Hey good news I've been reading through the forums more-and I read this post about hosting multiple sites I'll link to it in a minute anyway...inside of my \client directory I renamed the uploadform1 to index.html and the scripts execute flawlessly...the files upload to the htdocs\client directory...thanks I'm so excited.
Now then modifying the script to put the uploaded files in a different directory may be kinda tricky but I'm up for it...any suggestions
_________________
Great just F**kin,Great-Now You've went and broke the entire internet... |
|
| Back to top |
|
|
eyn
-
Joined: 11 Sep 2004
Posts: 32
Location: Canada
|
| Posted: Wed Jan 26, 2005 5:42 pm Post subject: |
|
|
Go to your processFiles.php, look for this line:
| Code: | | $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],"uploads/$file_name"); |
You might have slightly different 2nd argument for the function, it's where the uploaded file should go to. The expression above will put the file inside a directory called uploads (you need to create it prior to uploading). Note that the path is document related (its path relative to your document calling it).
I'm not sure about the filetype restricting, but what I suggest is to put the uploaded files to a protected directory. Like for my example above, set up a access rule for the directory "uploads". This will allow user to upload file but not able to execute and view them without password (to prevent mallicious script uploaded by others). Hope it helps. |
|
| Back to top |
|
|
Usergnome
-
Joined: 23 Jan 2005
Posts: 19
|
| Posted: Thu Jan 27, 2005 3:23 am Post subject: Thanks eyn |
|
|
That makes sense-I'll try it-thanks alot. It's working quite well thus far once I get this worked out I'll start with penetration testing.That should be an interesting topic.
_________________
Great just F**kin,Great-Now You've went and broke the entire internet... |
|
| Back to top |
|
|
Usergnome
-
Joined: 23 Jan 2005
Posts: 19
|
| Posted: Thu Jan 27, 2005 6:58 pm Post subject: It works |
|
|
Works Quite Well Thank You For The Tip.
_________________
Great just F**kin,Great-Now You've went and broke the entire internet... |
|
| Back to top |
|
|
kaitamasaki
-
Joined: 21 Apr 2004
Posts: 3
|
| Posted: Mon Jan 31, 2005 12:59 am Post subject: |
|
|
use invision file manager!!!
www.invisionfilemanager.com
easy to setup =)
copy contents to a folder in ur htdocs
run install.php
and ur done =D |
|
| Back to top |
|
|
fredibau
-
Joined: 04 Jun 2005
Posts: 6
|
| Posted: Fri Jun 10, 2005 4:47 pm Post subject: |
|
|
| kaitamasaki wrote: | use invision file manager!!!
www.invisionfilemanager.com
easy to setup =)
copy contents to a folder in ur htdocs
run install.php
and ur done =D |
Yes invisionfilemanager make the job done very well
but i have the users.cgi securite problem.
You are not running the Apache Server. If you give users MySQL access others maybe able to view the database passwords by viewing the URL http://www.fr***.***.**/fileman/settings/users.cgi
You can test this out by visting the URL yourself, if you get an error page such as "Internal Server Error 500" or a blank screen, then you are safe
Otherwise you should contact your Server Admin and ask them to disallow access to the file D:\mambo\fileman\settings\users.cgi over the Internet ??
Have to do this ?
I running my own win 2003 standard server
Mambo 4-5-2-1
MySQL 4.1.12a-nt kører på localhost som root@localhost
I don't use MySql on Filemaker
Do you have you a tip for me
Please |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Sat Jun 11, 2005 12:01 pm Post subject: |
|
|
| fredibau wrote: |
Otherwise you should contact your Server Admin and ask them to disallow access to the file D:\mambo\fileman\settings\users.cgi over the Internet ??
Have to do this ?
Do you have you a tip for me
Please |
To disallow access to a file/directory or group of files in Abyss Web Server, select "IP address control" (in the host where the file/directory is), press "Add..." in "IP Address Control Rules", enter the virtual path of the file/directory in "Virtual Path" (for example, /fileman/settings/users.cgi ), set "Order" to Allow/Deny, press "Add" in "Denied IP addresses", enter * in "IP Address/Range", press OK, press OK, press Restart.
This IP address control rule simply states that access to /fileman/settings/users.cgi from any IP address is prohibited. Users will receive 403 error if they browse the file.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
|
