Upload not allowed on my server!!

  CutNpaste 16:18 12 Sep 2005

Hi everyone,
I siigned up with WEBMANIA.CO.UK for a web host and the price was also cheap.
I am building a site - where i can upload pictures or files to my database or server but they both didnt work as acces was denied.
So i emailed my provider and they replied by saying that they only allow upoloads to be made by FTP and not through a web page - as it has security issues.
I can understand security issues - but come on!! I want to be able to make a site where i can upload pictures of my portfolio using a simple form and php.

Can someone tell me why this is and also recommend me an web hosting provider that can upload both by FTP and using a simple form and php script.
Thank you

  LeadingMNMs 18:50 12 Sep 2005

I have a webmania account, and have a simple php form that uploads pictures without a problem, so I don't know whats wrong with your account.

  Taran 18:52 12 Sep 2005

You can set up a file upload on WebMania.

All you do is render the target folder fully writeable (CHMOD 777 using your FTP software) and then the PHP upload script will handle the rest. I have one set up on the account I have with WebMania.

However, they are correct about potential security issues. If the upload page is one you've written yourself, I suggest you ditch it in favour of a (probably) more secure solution written by a third party, unless of course you are a seriously good programmer, and I mean seriously good.

I'm also not sure why you'd want a file upload page unless you want site users to be able to upload files as well as you. If you do want them to, then you need to protect the file upload script with a username/password login routine which means you also need a user registration program. Without this protection your upload script would be visible and could be used by anyone. So suddenly we've moved from a file upload to this situation:

1. Call file upload page into browser.

2. User login required.

3. User must register to gain username/password to access file upload page.

4. If user does not log into your system, they may not upload files.

The potential inherent security issues are a small scale nightmare and any host if right to be worried. Don't forget that you are on shared hosting. This means that if something incredibly nasty gets on your web space, there is always a tiny chance of it affecting the web server on a grand scale. It's happened before and will no doubt happen again.

Any web host will be concerned about use of CHMOD 777 on a folder in your site root that is not as securely locked down as it could be, and they will be even more concerned about less than brilliant PHP programs allowing users to send files up to the web account.

You don't (or shouldn't) upload images to your database, as you said. You upload them to your web root folder or a directory (folder) inside the web root.

If you want to use MySQL to help manage your online images, use it to store the file name and location of the image(s) on the web server, since storing the images themselves in MySQL is a huge waste of database resources and will give the server something to think about when your site starts getting busy.

Since you say you want to upload images from your portfolio, what's wrong with simply uploading them through the FTP program of your choice ?

I can code PHP until the cows come home, but close to 100% of all my web uploads are run through WS_FTP Pro, for a lot of very good reasons. FTP is the single best method of shifting files from point A to point B on a web server, and without knowing more about your requirements I can only say I don't see a need for browser based uploads based on the little information you supplied.

My first inclination is to say forget about the file upload completely, get a decent FTP program and crack on with your site.

If your requirements dictate a file upload system, perhaps you could say why.

Access denied messages will typically be seen where file/folder permissions disallow writing to the web server or where your account username and password are incorrect.

Hopefully from the above you will start to see just some of the potential falls you could take by including a PHP file upload page.


  Taran 18:55 12 Sep 2005

Just to be clear, if the folder you want to upload files to is not writeable then access will be denied - period.

If you render it writeable and your script includes the relevant WebMania account details, you can upload to it without any problems.

WebMania is not at fault here.

Either your PHP has errors or you don't fully understand how to get the script to work at the web server level.

  LeadingMNMs 18:56 12 Sep 2005

And make sure that you have the correct folder permissions for the folder that your uploading to. You need 777 (read, write and execute for owner, group and other).

  LeadingMNMs 18:59 12 Sep 2005

^ I should remember to refresh the page before posting ;)

  CutNpaste 19:13 12 Sep 2005

well i was making a self managed website for a freind and she doesnt know how to use FTP programs or use photoshop etc.

So i thought i'll make her a simple program where she can write down details of her pprojects and provide a picture in a form and then submit. SO the details will be stored in a database and the picture in the server (mind u this will the pasword protected pages) , so she doesnt have to build seperate pages for each of her projects.

I do understand the security issues and believe me i aint no expert but since its a site for a portfolio - i dont think security would be a big issue as the admin pages willl be password protected.

But thanks Taran - when ever write a post - i alwayz get help from u - cheer guys

p.s. I cant find the CMOD 777 - where is it - i checked all the folders using my FTP.

  LeadingMNMs 19:24 12 Sep 2005

All you need to make sure is that you the folder you are uploading to has the correct permissions, in this case 777, CHMOD is the unix command for changing file permissions.

In you FTP client click on the folder you want and select Properties. You should find the permissions here.

  Taran 19:34 12 Sep 2005

Which FTP program are you using ?

If you want an image gallery type program, check out Gallery click here Coppermine Photo Gallery click here or 4Images click here

In fact, if your friend would like to maintain her own site, why not consider a small, lightweight Content Management System (CMS) ?

phpWCMS is easy to learn and Mambo, although a little imposing at first, offers just about everything you could ever want in terms of maintaining your site.

Pointless trying to reinvent the wheel here.

  CutNpaste 23:41 12 Sep 2005

cheers guyz!! i changed my folder permission to 777 but i see no hope. My script is perfect and simple and it works on my university server.
I think webmania just dont allow this access at all.
N e wayz everyone cheers for ya help.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

11 best portfolio websites for designers and artists

Office for Mac buying guide: Price, Office 2017 rumours & new features

Comment désactiver les programmes qui s'exécutent au démarrage de Windows 10 ?