PHP Script To Upload A File with password-protection.

Problem: Upload a file to the Xisto account (that I have been granted here) throught the webpage

 

I would like to know, how should I proceed on this particular problem. I know this has been done through cPanel, but I want to write a PHP functionality. The cPanel is accessed through the 2082 port, and most of the places I access internet from does not give me access through that port. I can access http://forums.xisto.com/no_longer_exists/ but not http://forums.xisto.com/no_longer_exists/ or http://forums.xisto.com/no_longer_exists/. I need to go to one particular place (a internet-cafe) to do that and upload my files to my account which happens to be quite cumbersome.

 

Hence, I thought, I will write a php page, that lets me upload the files to a particular path in the account. It has to be ofcourse, password protected. (I do not want just anybody to upload files there). That way, I can upload files straight away (by using the http://forums.xisto.com/no_longer_exists/adminupload.php page or something like that). I would need to go to the internet-cafe only to do some obscruse or rare task like setting up the MySQL database or something like that - which wont be much of a problem. But to do that for each and every file I need to upload, is becoming quite a thorn-in-the-hide.

 

From how far I know PHP, I think it can be done, but now that I think about it, I start to scratch my head. Any links or guidelines please?

Edited March 8, 2006 by Vyoma (see edit history)

Well, yes you can write a file upload script in PHP with little difficulty. You could even write an entire file managment system in PHP if you were really serious.Most of the file upload, delete, copy, and move options are easist if you use the PHP ftp functions since using the file system functions can leave your files with the wrong ownership. Basically, using PHP file system functions to upload files sets the server as the file's owner instead of you. Using the ftp functions requires you to provide your password and user name but sets the file's owner as you.The requirements to list, browser, and manipulate the file system structure can be a little complicated since you'll probably be using several PHP file system and FTP functions at once along with environmental variables and authentication to allow you to only enter your username and password once per session and expire after so many minutes.I think you can stat to see that the requirements exceed the novice or beginner level.I would suggest using the ftp option instead of the cPanel anyhow. You can find several topics regarding the use of FTP with yur account throughout the forums. I use CuteFTP but the built in Windows XP FTP client will work as well.Just go to "My Network Places"Click add new Place.Enter your ftp address. (ftp.myaccount.astahost.com)Specify your username.etc...You'll then have a direct connection to your account from your computer. It'll look just like your windows file structure. Then you just need to drag and drop files from local folders to remote folder or copy and paste. It works pretty well actually.For more advanced FTP features, I recommend a third party FTP client. I think you'll find FTP easier to use in most cases than the cPanel File Manager.Good Luck. :ovujsa

vujsa, I am sorry, I forgot to mention that I had tried the FTP option earlier. The network administrator here is a real security-paranoid. When I had tried to ftp to my account on Xisto, I had got the following pop-up window:

Even after that, I could not even see my account-folder, as it gives the following error:

FTP replies error

InterScan HTTP Version 3.81-Build_1022 $Date: 12/19/2003 17:51:0017$

 

ftp server replies:

 

530 Authentication failed, sorry

Obviously, it would fail, because it never asked me the password for http://forums.xisto.com/no_longer_exists/ [Yes, my username is vyoma, and the site is kmaheshbhat]

 

So, I had talked with the administrator and he did not budge an inch. He did not give me any other proxy either. Hence, I came up with this idea where I can upload my files through a webpage.

 

So, vujsa, if I use the PHP file system funtions, is there no way to configure to which user the files are set the ownership? Because, using a web-access to upload seems like the only option I have.

Edited March 9, 2006 by Vyoma (see edit history)

I recommend you to get and install filezilla for your ftp usage, it is light software and works very nicely, I am always using it and not the stupid Windows Explorer, using a third party ftp program is much faster too. You can get it from https://filezilla-project.org/

And why worry and waste time for writing another php upload script, if you really want to to manage everything, filezilla is for you. Just remember that files uploaded by ftp user belongs to ftp user and php can't really work with them very well.. like rename() touch() delete() chmod() etc. will return access denied, so you will need to change permissions to 777 through the FTP Client or maybe even CPanel File Manager. But this does not effect Windows Servers as it does not have such permissions.

And the CPanel File Manager Upload work just fine, for me.

I recommend you to get and install filezilla .. You can get it from https://filezilla-project.org/

 

PHP Script to upload a file :

 

I think this FTP client will just meet up your needs.

 

Download it from :

projects.adamsutton.co.uk

This is an FTP Client written using PHP and designed to allow restricted use of FTP via a web based interface.

 

Main Features:

 

1. Provide FTP access through a firewall which blocks FTP

2. Provide a front end to an FTP server which only allows access to the web server, thus reducing the risk of the FTP server being attacked.

3. Multiple File Uploads.

It is pretty light and has a 'feel-good' web based interface.

 

Regards,

Sid

According to his post, he can't use ftp because the cafe blocks it, or allows only the read permission. I would personally recommend using a pre-made script to upload files. You can find them floating around.

ex. from hostscripts, it's freeware
http://www.hotscripts.com/category/scripts/php/scripts-programs/file-manipulation/upload-systems/

I haven't looked at it, but it's probably self explanatory if you read the info's and readme's. Then I would just put an authorization on the top of the page and wrap everything in an if/else. If you're going to be the only user then I would use $_SERVER['PHP_AUTH..'] variables.

Example:
Modify the code for the upload script that you download

header('WWW-Authenticate: Negotiate');//taken from php.netif($_SERVER['PHP_AUTH_USER']=='EXAMPLE' && $_SERVER['PHP_AUTH_PW']=='EXAMPLE'){/* validate login, someone correct me if these are wrong variables, variables taken from php.net, I think they work for most versions of php */ /*************here is where your codefrom the downloaded scriptto upload files will go*************/}else{//!End of if there's a valid login	echo 'bad login';/* or use unauthorized page or w/e u want, redirect them to google! :P*/}//!End of if there's a bad login

You would login by USING: EXAMPLE/EXAMPLE It's case sensitive of course. Now that would be a simple way of doing it, and probably wouldn't be too secure, and you would have to browse around to find a pre-made script with some functionality and probably modify it under the GPL or whatever agreement it has. Good luck with it.
Edited March 10, 2006 by minnieadkins (see edit history)

According to his post, he can't use ftp because the cafe blocks it, or allows only the read permission. I would personally recommend using a pre-made script to upload files. You can find them floating around.

I saw it, but he was using Explorer and using Filezilla might help him as it is a real ftp client and it won't be blocked, but it is only a guess, he even did not use a password. Furthermore, Filezilla has proxy and firewall settings, so you can use a proxy to connect to the server and outcome the ISP or whatever Internet provider blocks.

But first you would need to find an proxy which support ftp protocol and which is fast, I don't think he cares if it is anonymous it sends his header details, I only have one proxy which I need, but it only works in my country as I been testing. So try to use google. But the alternative to use the ftp web based client pre-written is also quite a good idea, if real ftp client does not work, you can go with it.

There aren't too many options to help this situation. If all non HTTP and Mail ports are blocked at the LAN firewall, there isn't any thing that can be done. I don't know for sure how the PHP ftp functions work when it comes to ports.

 

It may be that we can set up a php based ftp system for you that would work if it was hosted on your Xisto account. It is still a lot of work to write but if you look around at http://php.resourceindex.com/ , yo may be able to find what you need pre written.

 

Since the comands sent to the serve are from the server, your LAN may never be involved with the transaction other than to submit the form and reply to the data.

 

I think this is how the flow of data works for a php based FTP transaction:

Your computer -> Your LAN -> Xisto web server -> Xisto FTP server -> Xisto web server -> Your LAN -> Your computer

 

Given your situation, I think that it would be worth he time to test a few web based ftp scripts.

 

vujsa

I've got a similar problem. My campus net proxy blocks all ports except 3128. For file maintanance, I use Net2Ftp. Of course, it allows only uploads of 2mb and tasks which don't take more than 30sec. To get around this, just download the package from their site and extract it to your site. Then edit .htaccess accordingly (I'm not really sure how) to enable uploads of more than 2mb and edit the preferences also.

This works fine for me from everywhere. Hope it helps you. It's easier than writing the script from scratch .

Well, I think you guys all gave me a lot to think about. I might still try to use some kind of PHP code to upload my files, because when I checked, the proxy only lets me HTTP access. The admin is like, you know, wont budge an inch.I will surely reply here on my findings after the research so others would be able to use it. (But, I should say, I am quite occupied with something else - my mind can be so mercurical, ).

vujsa, I am sorry, I forgot to mention that I had tried the FTP option earlier. The network administrator here is a real security-paranoid.

Heh... they all seem to be that way, lol.

Perhaps if you're interested, you can upload files directly through cpanel to your web space. Here's a HOWTO:

1) Login to cPanel (http://forums.xisto.com/no_longer_exists/) with your username and password.
2) Under "Site Management Tools" in the first row, last column, you should see an icon labled as "File Manager". Click it.
3) A new window will open. You should see your home directory (outside public_html folder). Click the folder icon (NOT the folder name!) next to "public_html"
4) Click on the link in the top "Upload files" and you can upload 12 files at once!
5) Click on the link in the top "New folder" to add a new folder.
6) Click on a folder or file NAME (not the icon) to change its properties (CHMOD, re-name, etc), delete, edit, etc.

Good Luck! This will be much easier and is built into cpanel. You won't need to worry about getting a PHP script in and then keeping that script secure.

Best of luck with building your site the hard way (uploading through cpanel) but I suppose with security freaks on the other end of the proxy, you'll have to do it this way.

[N]F

nightfox, I cannot use the FTP option and the cpanel (that port is blocked). I have to go out to a net cafe to do it. Hence, I came up with this option that may work out.

Hi!I was actually working on a PHP script to do just that. And unfortunately, it seems it won't work, for some reason. I've been asking around to find out what's wrong (I see the file isn't even uploaded as temporary file) and it may be that the PHP server in Xisto is running as root, and as such we needed root access to do the file upload... Not entirely sure though.EDIT: Actually, it looks like the PHP upload_tmp_dir variable is empty, and that's why I can't put the files there as well...

Edited March 31, 2006 by KazDoran (see edit history)

Yay I got it to work!

Here's how it goes, a very simple script, without password verification:

1) CHMOD your /tmp directory to 775 (very important!)

2) Create a form like this:

<form enctype="multipart/form-data" action="process.php" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="50000" />File: <input type="file" name="uploadedfile"><br><input type="submit" value="Submit"></form>

You MUST have enctype="multipart/form-data" or the file upload won't work!
MAX_FILE_SIZE limits the maximum file size, in bytes (in this case, around 50 KB).

3) Now the script inside process.php:

<?$upload_dir="upload/"$upload_path = $upload_dir . basename($_FILES['uploadedfile']['name']);if(!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $upload_path)){	echo "Upload failed.";	}?>

Set the $upload_dir variable to whatever directory you wish to upload the file to.
The $upload_path variable will be the relative path to the file when it's in place.
If by any chance the file fails to upload, you'll be notified.

Hope this will help. To create a password protection just create a new form where you type the password and do a basic check to see if it matches.

Is video uploading site is good in PHP or ASP.NetPHP Script To Upload A File

I am thinking to make video uploading site so now I am confused as should I make it in PHP or ASP.Net. So please give your suggestions as which technology would be good.

-reply by Simran