Best way or not

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Best way or not

    It is a good idia to have uploader.php and all site .php in the same directory? Or not a good idia?
    have connected with http://adexchat.com ?
    Fun up with
    http://forum.adexchat.com

    #2
    It doesnt matter where you want to put you uploader.php what matters most is how you secure your landing folder of uploaded files. And its also important to secure your codes in your uploader.php

    Comment


      #3
      its safer to have the uploader not in the same directory so you can prevent php etc working in the uploaded file directory.

      Comment


        #4
        he might have misunderstood you something else..jervy is right..it doesn't matter where you place your uploader.php, the most important is the security of that uploader and its directory of uploaded files..something else meant to say that you should not put your uploader.php in the directory of uploaded files 'cause hackers might have uploaded and run php files in that directory unless your uploader.php and its directory is fully secured, otherwise they might have hacked your site.
        My Blog: http://jhommark.blogspot.com
        My Facebook: http://www.facebook.com/jhommark
        My Official Site: http://www.undergroundweb.tk
        My Community Site: http://undergroundwap.xtreemhost.com

        Comment


          #5
          Some tips for your uploader:
          1. Place your Uploads folder outside of public_html ( you cand open files directly in php file eg. image.php?picid=69 )
          2. Make validation for your files
          3. Disable the next functions:
          PHP Code:
          execsystempassthrushell_execescapeshellargproc_closeproc_opendlpopenshow_sourceallow_url_fopeneva and chmod 
          (not all if u use some of it)
          4. Give public_html permision 710
          5. On upload rename the file after it is uploaded and save the last name of it.
          6. You can simple dont use Upload in your server: You have host A and host B. On A you have the script on B the upload procesor and uploaded files. In a make a html form (upload form) that go on server B. In B you upload the files and save the file name and thumb name in 2 vars. Make 2 links: 1 for Back ( use the
          PHP Code:
          $HTTP_SERVER_VARS["HTTP_REFERER"]; 
          ) and the second that pass the information http://siteA/upload.php?picname=$pic&thumbname=$thumb&s id=$sid )
          That's all:P
          Last edited by i0nutzxp; 05.12.10, 07:31.
          <?php unlink('World/Europe/Romania.country'); ?>

          Comment


            #6
            Hmmm.. I never knew that a folder which contains the uploaded files can be place outside the public_html. Can you post an exact script to link files outside the public_html?

            Comment


              #7
              PHP Code:
              $filename = ...... ;
              if(
              move_uploaded_file($_FILES['upload']['tmp_name'], "../Uploads/Pics/$filename"))echo "Its working<br/>"
              <?php unlink('World/Europe/Romania.country'); ?>

              Comment


                #8
                Then where will I create a folder outside public_html? I never did this before that's why i don't have any idea how to do it.

                Comment


                  #9
                  yeah man @i0nutzxp... that's a good trick, i've done that before too, keeps script safe away from uploads, so your script is safe even if they get sripts, etc through uploader...
                  C3 Themes: http://c3themes.wen.ru/index.html
                  Find Files: http://mystarter.tk/?goto=X-search

                  Comment

                  Working...
                  X