Koozali.org formerly Contribs.org

PHP & File Upload

Offline MSmith

  • *
  • 675
PHP & File Upload
« on: April 22, 2006, 03:35:47 AM »
If this should be in Bug Tracker, please let me know.  And if this should be in the Contribs forum, let me know that also.  Although it is my feeling that as PHP is supported that this might be a base issue.

Many people have reported problems with PHP and file uploads, specifically that the scripts report all's well but the file never actually gets to the directory.  It doesn't seem to matter whether the folder is chowned www:www, and fiddling with the basepath has mixed results.  Can anyone shed some light on why SME in particular has had issues with this at least since 5.6?

Better still, can some kind soul help those of us who might like to fiddle with PHP know where to poke the system in order to allow file upload?
...

Offline pfloor

  • ****
  • 888
PHP & File Upload
« Reply #1 on: April 22, 2006, 08:32:42 AM »
SME is built for security and locked down tight.  It is working as intended. If you want to allow insecure file uploading then that is up to you.

Move over to the contribs forum and post specific to your php application.  Some of the "fixes" have been figured out for particular apps and others have not.
In life, you must either "Push, Pull or Get out of the way!"

Offline MSmith

  • *
  • 675
PHP & File Upload
« Reply #2 on: April 22, 2006, 02:36:49 PM »
Yes, obviously SME is working as intended, but PHP was obviously "intended" or it wouldn't've been included in ibay design.  Therefore my asking this GENERAL question in the regular forum.  If I'd wanted help with a specific applications, I'd've asked for help with a specific application.
...

RE: PHP uploads
« Reply #3 on: April 22, 2006, 03:58:02 PM »
Hi all

I'm working on PHP uploads as well and am using 7-pre3

Some of the things I've learned about SME and PHP uploads

Typically you need to enable ftp access, in the remote sections of the SME server manager- and also use a secure sftp program per SME documentation. For additional ibays I believe you need to create a group then add users and give those users access etc. however I believe that also with the sftp program you can still login and access any ibays as root and upload

I've used gftp which works nice for uploads to either my primary or ibays etc.
gftp does not work well with changing permissions or at least I do not know how to get it working to change permissions on SME ibays etc.
You need something else for this, or you must do it manually either enable ssh under the SME-server-manager(not secure in my opinion) or directly from the console of the server itself

Anyhow uploads to primary is simple enough enable ftp access under the SME remote section, and you should be able to upload no problems, however not typically using a browser, as I've mentioned you need a sftp program for this. please see SME documentation regarding such.

I do not believe you can upload folders diretly to the ibay or create folders unless you login as root, or give the proper access to your group or user.

Anyhow I don't know which specific problem your having with uploading PHP files but please post more info so that others that those with more knowledge can assist.

I hope this helps :pint:

And bye the way here is the site i've been trying to get working:

www.foolishlys.com

It appears to work properly, mostly- but when adding items  there is a section/field in which works like a html webpage editor, and it only seems to work with IE. The field is just blank and non functional when using firefox, or any other browser. knonqueror will let that part work, but will not complete adding the listing it gets errors.

Anyhow I would love to get that worked out, I don't know why it's doing that. But anyhow just a sample of my php site and upload results etc.

Re: RE: PHP uploads
« Reply #4 on: April 22, 2006, 07:03:08 PM »
Quote from: "Agent86"

Some of the things I've learned about SME and PHP uploads

Typically you need to enable ftp access, in the remote sections of the SME server manager- and also use a secure sftp program per SME documentation.


ftp and sftp actually have nothing to do with PHP uploads.

PHP uploads work - you wouldn't be able to send attachments via webmail if they didn't.

PHP uploads do work as long as they are within the PHP upload size limitation, and paths are within the open_basedir restrictions.

Most PHP errors will be logged to /var/log/messages.

Really ?
« Reply #5 on: April 22, 2006, 07:19:43 PM »
Hmm, strange I've not been able to upload unless ftp access was enabled.

so I may have something else wrong althogether.

Thanks for the info

Offline pfloor

  • ****
  • 888
PHP & File Upload
« Reply #6 on: April 23, 2006, 04:39:48 AM »
Quote from: "MSmith"
Yes, obviously SME is working as intended, but PHP was obviously "intended" or it wouldn't've been included in ibay design.
PHP is included and intended for Webmail.  Allowing it's use for ibays is an added (and insecure in my opinion) bonus.

Quote
Therefore my asking this GENERAL question in the regular forum.  If I'd wanted help with a specific applications, I'd've asked for help with a specific application.
So if I understand you right, you just want your server in general to allow any type of PHP upload in general so that any type of PHP application in general will allow any type of uploading?

Paul
In life, you must either "Push, Pull or Get out of the way!"

Offline MSmith

  • *
  • 675
PHP & File Upload
« Reply #7 on: April 23, 2006, 06:08:00 AM »
Sarcasm notwithstanding, you are more or less correct in that I'd like to attain a greater understanding of how "basedir" works in SME and how that in combination with chown and/or chmod can be used to allow (yes, relatively insecure) file uploading via PHP scripting.  I have found people who claim to have fixed individual problems with individual applications but I feel there must be a common thread.  Generally speaking.
...

PHP & File Upload
« Reply #8 on: April 23, 2006, 06:16:05 AM »
Quote from: "MSmith"
Sarcasm notwithstanding, you are more or less correct in that I'd like to attain a greater understanding of how "basedir" works in SME ...


It's just PHP running inside apache on linux. http://www.php.net/ should tell you pretty much all you need to know.

User www belongs to all groups, and can read all i-bays and write to some. PHP runs as user and group 'www'.

PHP & File Upload
« Reply #9 on: April 25, 2006, 11:54:45 AM »
I'd like to help here but I'm a bit lost as to what you are asking...

Are you

Having trouble uploading php scripts (i.e. *.php files) to an ibay
or
Having trouble with a php script that allows the user to upload a file
or
Something else....

?
...
Nick

"No good deed goes unpunished." :-x...

Offline judgej

  • *
  • 375
PHP & File Upload
« Reply #10 on: April 28, 2006, 02:25:27 PM »
Quote from: "MSmith"
...Therefore my asking this GENERAL question in the regular forum...


But it's not a general question, is it? You were asking about specific problems that have been reported against specific scripts, although we have no idea which scripts they are.

If this is any help, I know for a fact that some scripts do not retrieve the files from their landing zone using the correct PHP function to do so. They try to copy or read the file directly instead, and that *will* fail with SME Server because a PHP script running in an i-bay does not have *any* access to the landing zone for uploaded files. That is a bug in those scripts, and fixing it would nornally allow them to be run on SME Server.

-- JJ
-- Jason

Offline MSmith

  • *
  • 675
PHP & File Upload
« Reply #11 on: April 28, 2006, 03:01:54 PM »
Quote from: "NickCritten"
I'd like to help here but I'm a bit lost as to what you are asking...

Are you

Having trouble uploading php scripts (i.e. *.php files) to an ibay
or
Having trouble with a php script that allows the user to upload a file
or
Something else....

?


The middle one.
...

Offline MSmith

  • *
  • 675
PHP & File Upload
« Reply #12 on: April 28, 2006, 03:08:16 PM »
JudgeJ:

I phrased it as a general question because I've read many, many threads on this subject and there are common elements, most notably that the scripts run without error but files do not show up where they're supposed to.  I have a vague notion of what you're referring to with the direct read/copy ... I think this is a "copy" command vs. "move_copied_file", but I've seen a couple of scripts that used move_copied_file (that's probably the wrong command, I'm typing this from memory) that didn't work either.  I'm thinking specifically here of ACollab, which worked fantastically in every respect ... except uploading a file to the document library, which reported success but ... no file.  Even tiny files, before someone points out the file upload size limitations.  That's what got me started searching the forums.

So I still think this is a GENERAL question about the PHP implementation on SME, and I still think there's a meta-solution that can be applied to many PHP scripts.

My whole thought was to try to bring to light the principles guiding the SME implementation of PHP and how SME differs from a bone-stock CentOS in this regard, so that even a non-programmer such as I might have a chance of understanding why some scripts don't work correctly and either modify the code or ask the script developers.
...

Offline judgej

  • *
  • 375
PHP & File Upload
« Reply #13 on: April 28, 2006, 03:36:24 PM »
Any script which does not use move_uploaded_file() (http://us2.php.net/manual/en/function.move-uploaded-file.php) will fail on SME Server, and will likely fail on many other servers.

In general, a script which fails to use this PHP function to move an uploaded file to a writeable/readble area, to process it, is doing it wrong. Further discussion can be found here:

http://us2.php.net/manual/en/features.file-upload.php

There are, of course, other limits and restrictions on uploading files to a PHP script - but every server has restrictions set at some limit, they are just generally all different ;-)

I've taken a look at ACollab, and it appears to be moving the file correctly, so the next question I would ask is: what are the permissions on the upload directory?

-- JJ
-- Jason

PHP & File Upload
« Reply #14 on: April 28, 2006, 06:41:33 PM »
I agree with JudgeJ,

This definately sounds like a permissions issue.

Make sure your uploads directory has permissions set to 775 (Owner & Group have RWX rights, Everyone has RX)

If you don't know how to do this, use the CLI and cd to the ibay's html directory then do a
Code: [Select]
chmod -R 775 uploads

I have written probably a dozen php scripts which require a user to upload a file and never get any problems, as long as the permissions are correct.
I also occasionally get problems uploading files that have spaces in the filename.  But i haven't bothered figuring out a workaraound.

If you are still having problems, make sure you switch on display_errors and you should get some indication of what the problem is.
...
Nick

"No good deed goes unpunished." :-x...

Related PHP subject
« Reply #15 on: April 30, 2006, 05:30:15 PM »
Hi all

Regarding PHP uploads

Other then a website now working or error messages, however would a person determine if a PHP script could run on SME or determine if the permissions are corect

My topic is an online auction script which seemed to upload and install fine, I'm told to set permissions to cgi-bin to 755 and a few other folders to 777 , however when doing that the site does not work, however when setting the cgi-bin to 777 it appears to work well. Except uploading of a photo image

The site allows a new listing to be added and when you complete the listing the item number apperas in the category you desire, however no image and no actual item, just one more item in the category
Example: add item listed in category: computers. The image and process eems to complete and in the category of computers, there appears 1 more item listed, but when going to the category to review, there is no item listed ?

This script works on other servers just fine.
I'm sure it's something related to permissions, however I've even given 777 to all files related to the website etc.
I've uploaded cgi-bin files as asci and html folder as binary

Tried many things, but can't seem to get it working

So I'm not sure if this is the proper location of this post as it may relate to SME features or perhaps it could end up being something else like permissions or perhaps the script itself.

Assuming the script is working properly, which it may not be, how can I tell? I'm not sure where to start to diagnose this all I know is that it works on other servers and I'm having trouble on SME, which could also be permission settings or something.

Where would be a good place to start on this subject to diagnose my site?
Thanks all

Offline pfloor

  • ****
  • 888
PHP & File Upload
« Reply #16 on: April 30, 2006, 07:07:47 PM »
This subject is getting off topic and should be moved to the contribs forum.  Every application is going to require different settings and that is why this subject can't be discussed and solved with a single (or set of) global parameters or settings.  SME is set up to allow the base to function and all other settings are set restrictive for security reasons.  To set the base perameters to allow ALL Web apps to work would be a security risk and against what SME is all about.

Here is what I suggest, start a thread in the contribs section for each app and include:

1-First and foremost What is the application called and a link to its website.
2-What type of application (PHP, CGI, HTML, Mixture, etc.)
3-What does the application do?
4-Your SPECIFIC problem.  Not things like "I can't upload" or "It doesn't work"

Another thing, some of the system logging has been turned down a notch or 2 to reduce log noise.  I don't know if this is the case with Apache, PHP, etc. but it seems it might be as a lot of people as stating that there are limited/no errors in the log files.  I do know that error logging can be increased on almost anything in the system to the point that it will log ALL information for de-bugging purposes.

Almost any web app will work on SME but it is up to you to determine exactly what needs to be tweaked.  I experiment 4 different apps and each one of them has required a different settings adjustment...They are not all the same so this web app issue can't be solved with a single "fix-all", that just wouldn't be prudent.

Agent86, you have now completely changed the scope of this discussion.  It started as PHP file uploading and you have now added CGI into the mix.  As you can see, this can't be solved in a single thread, it needs to be solved on a case by case basis.
In life, you must either "Push, Pull or Get out of the way!"