Remote Control - PHP

You've already seen how PHP4's FTP functions can help youinteract with files on a remote server. In this article, learn how to usePHP's other file and directory manipulation functions, and build anequivalent application that demonstrates the difference between the twoapproaches.

TABLE OF CONTENTS:

By: Vikram Vaswani, (c) Melonfire

Poor Best

Rating:

/ 2

November 29, 2000

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

Given all that information, let's take a look at "upload.php4"



<?
// get some information
echo "Filename: $upfile_name<br>";
echo "Temporary filename: $upfile<br>";
echo "File size: $upfile_size bytes<br>";
echo "File type: $upfile_type<br>";
// if upload successful
if ($upfile)
{
echo "Upload successful!<br>";
// copy file to new location
if (copy($upfile, "/tmp/uploads/" . $upfile_name))
{
echo "File copy successful!<br>";
}
}
// else display error
else
{
echo "Upload unsuccessful!<br>";
}
?>

Be warned: you should enforce strict rules about what can and can't be uploaded when using such a system in a production environment. Failure to do this would open up a security hole which would allow users to upload Perl scripts, C binaries and PHP documents to the server, and perhaps even execute them remotely.

A good way to avoid this is to use the $upfile_type variable to decide which files get uploaded, and which get rejected. For example,



<?
if ($upfile_type == "text/plain" || $upfile_type == "text/html" ||
$upfile_type == "image/gif" || $upfile_type == "image/jpeg")
{
// file upload code
}
else
{
echo "Permission denied!";
}
?>

Similarly, you can use the $upfile_size variable to reject files which are too large for comfort.

This article copyright Melonfire 2000. All rights reserved.

Next: The Application >>