I have created a small scale CMS for a website I am working on and have a form that uploads image files to be used on the website. It uploads the files successfully but the permissions it sets do not allow the file to be viewed in a browser.
Here is my current PHP code to upload the files
$typepath = $_POST['filetype'];
$target_path = "../../images/uploads/".$typepath."/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "<p>The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded</p>\n<p>To the directory: <span style=\"font-weight:bold;\">".substr($target_path, 6)."</span></p>";
} else{
echo "There was an error uploading the file, please try again!";
}
chmod("/somedir/somefile", 0750);
The command chmod -R 777 / makes every single file on the system under / (root) have rwxrwxrwx permissions. This is equivalent to allowing ALL users read/write/execute permissions.
Set php files to 640. For maximum security you should set minimum permissions, which is 640. The owner 6 would be the one uploading the files.
PHP Manaual chmod
http://php.net/manual/en/function.chmod.php
chmod("/somedir/somefile", 0755);
In context;
$typepath = $_POST['filetype'];
$target_path = "../../images/uploads/".$typepath."/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
chmod($target_path, 0755);
echo "<p>The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded</p>\n<p>To the directory: <span style=\"font-weight:bold;\">".substr($target_path, 6)."</span></p>";
} else{
echo "There was an error uploading the file, please try again!";
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With