Hi all! I'm probably, no no, surely the happiest guy on earth/line coz my hosting technican told me if I set the permissions for a directory to 777, then I can have file uploads in that directory! very juvenile, huh?! But I didn't know that before! anyway, now I'm wondering that if it's possible that someone else does that to by hacking or whatever, is that really possible? I've also heard that by using sockets ( I even don't know what it means! ) and having right permissions or hacking! you can upload files to another host. Is it true?
And also wouldn't it have been great if it's possible to set a username/password for a directory of file and connect it just like mysql? Then I could have been more certain!

Hello? doesn't anyone want to answer? :confused: Can I define a username/password or a way that PHP knows that I am the owner? What do you do yourself if you wana have file uploads in your server? How do you set the persmissions for your direcotories that you can read and write files into them?

No body probably answered coz they have no idea what you mean. If I want to upload something, I use ftp. If I want other people to upload, I check their username and password exist and allow them to upload by a form. To check to see if it's you using the form, you'll use a script to check the users. :confused: No one can hack the site by sockets, unless you're host is that bad with it's security.

Ok, sorry, I wasn't clear enough. When I wanted to use my script file, basically that form submit that you said, I got an error message that I don't have persmission to write to my directory ( I checked if the file uploaded is what I want and then copied that into the directory that I wanted, coz as I heard when you upload something it goes to the tmp directory of the server and you have to copy that into your own directory if you want it), so, I contacted my host and they said PHP works as nobody, so you have to set Read, Write and Excecute permissions to Everyone ( We have the Owner, Group and Other or everyone, ok?) that PHP be able to write/copy into a directory, and I did it and it works fine. I'm just worried that now that Everyone has all the persmissions, can anybody else ( not my script ) write into my directory? Couldn't PHP somehow introduces itself as the Owner to the server that I don't have to set all the permissions for Everyone? Thanx for your help in advance.

No one will be able to create a script to upload to your site from their site, unless they have your ftp details.

Thanx NightFire, now I can sleep better!
But as for as my second question, just suppose that you wana have a directory with just the owner having the Excecute permission and you don't wana give any permission to Group and Others, does it mean that you can not have such a php script for uploading files in that directory?

whilst Nightfire is right... it is not impossible on shared servers for someone else on the same server but a different account to be able to write to a file with wide open permissions (777 etc ) I can do it on some of my accounts :)

if your host allows the chmod() command (and many do not), you can create the upload directory via script...

mkdir('uploads',0777);

now 'nobody' i.e the apache webserver owns that directory, then you can chmod() the folders permissions on the fly, so your script could

chmod('uploads',0777);
//do your stuff//then
chmod('uploads',0644);

or similar.