SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    a fresh, new start... dujmovicv's Avatar
    Join Date
    Aug 2006
    Location
    Earth
    Posts
    559
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    php create dir and subdir

    Hi ALL,

    I'm using this script segment to create and chmod a folder in the file system on the server :
    PHP Code:
        $current_umask umask();
        
    umask(0000);
        
        if (! 
    is_dir("users/".$user)) {
            
    mkdir("users/".$user);
            
    chmod("users/".$user0777);
            
    umask($current_umask);
        } 
    the dir is created and chmod is 777 after that. Later on, a script is called to create a subfolder in the previously created $user folder and to save a .txt file inside that subfolder :
    PHP Code:
    $current_umask umask();
    umask(0000);

    if (! 
    is_dir("../users/".$user."/".$subfolder)) {
    mkdir("../users/".$user."/".$subfolder);
    echo 
    "<h3>".$subfolder." dir is created!</h3>";
    }
    chmod("../users/".$user."/".$subfolder0777);
    umask($current_umask); 
    The problem is this $subfolder cannot be created with the script.... When I delete the previously created $user folder and then create it 'manually' through an FTP client and then reload the page which supposed to create the $subfolder, it creates it... Is this a server/security issue? Can be solved somehow? I can't delete and then create manually a folder whenever a visitor loads the page...

    Full time ADMIN - art community
    Part time coder - dsign

  2. #2
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    php should generate an error message when mkdir fails. You can view your error log, or turn up error reporting.
    PHP Code:
    ini_set('display_errors'1);
    error_reporting(E_ALL); 
    You probably have safe_mode on, which is kinda designed to stop you from doing stuff like this. There's hacky ways to get around it if that's the case, but see what the error is.

  3. #3
    a fresh, new start... dujmovicv's Avatar
    Join Date
    Aug 2006
    Location
    Earth
    Posts
    559
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm afraid you were right (about safe_mod)
    Code:
    Warning: mkdir() [function.mkdir]: SAFE MODE Restriction in effect. The script whose uid is 10627 is not allowed to access
    /var/www/vhosts/PATH/users/viktor owned by uid 33 in /var/www/vhosts/PATH/add_newsletter_txt.php on line 60
    
    resp_viktor dir is created!
    
    Warning: chmod() [function.chmod]: Unable to access ../users/viktor/resp_viktor in /var/www/vhosts/PATH/add_newsletter_txt.php on line 63
    
    Warning: chmod() [function.chmod]: SAFE MODE Restriction in effect. The script whose uid is 10627 is not allowed to access
    /var/www/vhosts/PATH/users/viktor owned by uid 33 in /var/www/vhosts/PATH/add_newsletter_txt.php on line 63
    Is there a way to get around it?

    Full time ADMIN - art community
    Part time coder - dsign

  4. #4
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ask your host if it can be disabled, but it's doubtful they will. When people do this type of stuff they sometimes end up getting the server hacked.

    Otherwise you would need to use php's ftp functions to programatically log in via ftp and create the directory. If there is another scripting language available on the server(like perl) you may be able to use that.

    The other way to do it is to just simulate a directory using php and a database, with mod_rewrite. mod_rewrite will send all requests to the users/ dir to a php script. This php script parses the url requested, and then uses it to query the database to retrieve the proper content.

    Regardless of which way you go, make sure you're not creating user accounts which might cause trouble. Potential risks are XSS attacks as well as filesystem traversal. You need to be very strict with which characters/how many characters a user name is allowed to have.

  5. #5
    a fresh, new start... dujmovicv's Avatar
    Join Date
    Aug 2006
    Location
    Earth
    Posts
    559
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the advice, that's bad news...
    I think I'll have to go for a 'database' solution but I'll have to rewrite huge amount of php code as the system is relying on 'working' with files from folders.....

    Technically, the best solution would be the administrator (me) to create the folder "$username" in the users directory, but in this case the logged in users have to 'wait' until it's created...... And I don't want to make them waiting for me...

    Full time ADMIN - art community
    Part time coder - dsign


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •