SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Jun 2007
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    where to put upload scripts on the server

    just a quick question. I have a simple CMS system that allows a user upload images and text to the images on the server. Where do i place these 'upload' scripts. Should they be in the admin folder outside the www folder? Is there a general structure i should follow?

  2. #2
    SitePoint Member
    Join Date
    Sep 2007
    Location
    Kenley, Surrey, UK
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by katu View Post
    Where do i place these 'upload' scripts. Should they be in the admin folder outside the www folder?
    By "upload scripts" do you mean the script to upload the files or the files that are uploaded?

    If it's the script them it must be in the "www folder" otherwise no one will be able to access it via their browser to run it. If you mean the uploaded images then that depends what you want to do with them once they've been uploaded. If you need to access them via HTML i.e. <img src=... then they must be in the "www folder" but if you are only ever going to access them via php then you can place them outside if you want.

    You need to be very careful with upload scripts because if they aren't coded correctly then you leave your server vulnerable to someone uploading a script instead of an image and running riot on the server.

  3. #3
    SitePoint Member
    Join Date
    Jun 2007
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for replying. Yeah i mean the script - but its only for the site owner to manage images for a gallery. I read somewhere that this script should be outside the root folder. If its outside the root folder does that mean it can't be accessed directly via URL but can be accessed once the owner logs in via a login script in the www/ folder?

  4. #4
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,806
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    If the owner is logging into a secure area via the website you can put the script in there. Having the script above the webroot simply means that the script itself wouldnt be accessible by using a web browser and your code to process the upload would reference back beyond the root.

    Code:
    // if your script is one directory above your root
    // and the form is in your root
    $path_to_script = '../upload.php
    However if you are using some kind of restricted access either through php or .htaccess it doesnt really matter where you put it
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  5. #5
    SitePoint Member
    Join Date
    Sep 2007
    Location
    Kenley, Surrey, UK
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by katu View Post
    If its outside the root folder does that mean it can't be accessed directly via URL but can be accessed once the owner logs in via a login script in the www/ folder?
    That's right, but there is no real security advantage to placing it outside of the web area if doing it this way as the script will only be as secure as the security on the login script which is accessible via a browser, so as spikeZ said, it won't matter where you put it so you could just as easily secure it with .htaccess in the web area.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •