It is a good idia to have uploader.php and all site .php in the same directory? Or not a good idia?
-
-
It doesnt matter where you want to put you uploader.php what matters most is how you secure your landing folder of uploaded files. And its also important to secure your codes in your uploader.php -
its safer to have the uploader not in the same directory so you can prevent php etc working in the uploaded file directory.Comment
-
he might have misunderstood you something else..jervy is right..it doesn't matter where you place your uploader.php, the most important is the security of that uploader and its directory of uploaded files..something else meant to say that you should not put your uploader.php in the directory of uploaded files 'cause hackers might have uploaded and run php files in that directory unless your uploader.php and its directory is fully secured, otherwise they might have hacked your site.My Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.comComment
-
Some tips for your uploader:
1. Place your Uploads folder outside of public_html ( you cand open files directly in php file eg. image.php?picid=69 )
2. Make validation for your files
3. Disable the next functions:(not all if u use some of it)PHP Code:exec, system, passthru, shell_exec, escapeshellarg, proc_close, proc_open, dl, popen, show_source, allow_url_fopen, eva and chmod
4. Give public_html permision 710
5. On upload rename the file after it is uploaded and save the last name of it.
6. You can simple dont use Upload in your server: You have host A and host B. On A you have the script on B the upload procesor and uploaded files. In a make a html form (upload form) that go on server B. In B you upload the files and save the file name and thumb name in 2 vars. Make 2 links: 1 for Back ( use the) and the second that pass the information http://siteA/upload.php?picname=$pic&thumbname=$thumb&s id=$sid )PHP Code:$HTTP_SERVER_VARS["HTTP_REFERER"];
That's all:PLast edited by i0nutzxp; 05.12.10, 07:31.<?php unlink('World/Europe/Romania.country'); ?>Comment
-
Hmmm.. I never knew that a folder which contains the uploaded files can be place outside the public_html. Can you post an exact script to link files outside the public_html?Comment
-
PHP Code:$filename = ...... ;
if(move_uploaded_file($_FILES['upload']['tmp_name'], "../Uploads/Pics/$filename"))echo "Its working<br/>";
<?php unlink('World/Europe/Romania.country'); ?>Comment
-
Then where will I create a folder outside public_html? I never did this before that's why i don't have any idea how to do it.Comment
-
yeah man @i0nutzxp... that's a good trick, i've done that before too, keeps script safe away from uploads, so your script is safe even if they get sripts, etc through uploader...Comment
Comment