0

I have a simple one-field HTML form that submits via a PHP script. The PHP script uses imagejpeg() to generate a JPG with data submitted with the form. My concern is security. How can I allow that script to run and write the file to the server, but not require the folder permissions to be that anyone can write to the server? If I try to change the directory permissions where the PHP script lives and then writes the image to something more restrictive, I get the following error:

Warning: imagejpeg(covers/b6c8bdf9e441affb6031756f66a379a2.jpg): 
failed to open stream: Permission denied in 
C:\webroot\share\index.php on line 42
Andrew
  • 1,121
  • 4
  • 15
  • 24
  • You are mixing unix and windows folder seperators `/` vs. `\\`, fix this first. – JustOnUnderMillions Mar 15 '17 at 14:25
  • Possibly you ought to become familiar with the default and standard directory rights used by a properly configured Apache web server or IIS Server if thats what you are using These would make your question unnecessary – RiggsFolly Mar 15 '17 at 14:25
  • @JustOnUnderMillions I think Windows servers understands both forward and backwards slashes (http://stackoverflow.com/questions/4178263/make-a-path-work-both-on-linux-and-windows) – Andrew Mar 15 '17 at 14:50
  • @RiggsFolly I think some of my issue is a lack of understanding of my clients server setup. They are using a Windows server and I am not completely familiar with their setup. I'm trying to figure out what I need to communicate to the server admin if there is something he needs to adjust. Any help you can give would be great. – Andrew Mar 15 '17 at 14:51
  • There should be nothing needs changing. The account the server runs under should have all the correct access setup. When you upload a file it is the web servers account that controls access. Any other user that does or does not have rights to these folders is nothing to do with you as a developer of a web site functionality. – RiggsFolly Mar 15 '17 at 15:04
  • @RiggsFolly I am adding the files to the server via SFTP though. If my SFTP user doesn't have the proper permissions/access rights though, that could cause the issue, right? – Andrew Mar 15 '17 at 15:57
  • Errr that might have been a **useful piece of information** to have placed in your question rather than leaving it till now. But again, the security of any remote access to a server is the responsibility of the server admin. – RiggsFolly Mar 15 '17 at 16:09

0 Answers0