Post by bobiturboto » Sat Sep 20, 2008 5:08 am

From admin panel i successfully upload images. In home page can`t view images in full screen (with lightbox). In images directory all new images are in 600 permissions after i change permissions to 755 full screen work fine. Permissions on folder image and cache are 777. My hosting is based on ispcpomega  http://isp-control.net/ and work with virtual users.
http://img233.imageshack.us/img233/1257 ... os3.th.jpg[/img]
Last edited by bobiturboto on Sat Sep 20, 2008 5:10 am, edited 1 time in total.

Newbie

Posts

Joined
Sat Sep 20, 2008 4:35 am

Post by Qphoria » Sat Sep 20, 2008 5:16 am

If full screen works fine at 755 why not just leave it there?

Image
Donate!|OpenCart Basics|GeoZones
Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by fido-x » Sat Sep 20, 2008 12:26 pm

If full screen works fine at 755 why not just leave it there?
Changing the permission to 755 make the file executable, this is not needed for images. Setting the permission to 644 on images should be sufficient.

However, the real issue here, is that the permissions of 600 are applied to the image on upload to the server, which subsequently make the file unreadable by anyone but the owner.

Image
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool

If you're not living on the edge ... you're taking up too much space!


User avatar
Expert Member

Posts

Joined
Sat Jun 28, 2008 1:09 am
Location - Tasmania, Australia

Post by bobiturboto » Sat Sep 20, 2008 5:19 pm

Qphoria wrote: If full screen works fine at 755 why not just leave it there?
I have other administrator which add new products. When go to travel can`t fix permission immediately. What change should make in javascript to work with 600 permissions on images? Other solution is edit image.php to able upload image with correctly permissions?
Sorry for my english  :)

Newbie

Posts

Joined
Sat Sep 20, 2008 4:35 am

Post by bruce » Sat Sep 20, 2008 5:54 pm

Your english is fine.

you will need to change the save function in library\filesystem\upload.php as follows

Code: Select all

	function save($key, $file)
	{
		if (file_exists($file))
		{
			@unlink($file);
		}
		$status = @move_uploaded_file($_FILES[$key]['tmp_name'], $file);
		if ($status)
			chmod($file, 0644);
		return $status;
	}	

Active Member

Posts

Joined
Wed Dec 12, 2007 2:26 pm

Post by bobiturboto » Sun Sep 21, 2008 5:30 am

bruce wrote: Your english is fine.

you will need to change the save function in library\filesystem\upload.php as follows

Code: Select all

	function save($key, $file)
	{
		if (file_exists($file))
		{
			@unlink($file);
		}
		$status = @move_uploaded_file($_FILES[$key]['tmp_name'], $file);
		if ($status)
			chmod($file, 0644);
		return $status;
	}	
Great job @bruce everything work fine. This is what i need :)
Best Regards !

Newbie

Posts

Joined
Sat Sep 20, 2008 4:35 am

Post by hm2k » Thu Nov 27, 2008 6:30 pm

chmod() won't work in all system environments, sometimes it errors because it uses the filesystem to achieve it.

You can make it silent, by adding an @ in front of the commend. ie: @chmod()

Further more, you only need to make it readable by all, you can use a+r

Code: Select all

	function save($key, $file)
	{
		if (file_exists($file)) @unlink($file);
		$status=@move_uploaded_file($_FILES[$key]['tmp_name'], $file);
		if ($status) @chmod($file, 'a+r');
		return $status;
	}	
All this aside, I am on the understanding that you need to set the permissions of new files somewhere.

UK Web Hosting


User avatar
Global Moderator

Posts

Joined
Tue Mar 11, 2008 9:06 am
Location - UK

Post by fido-x » Thu Nov 27, 2008 6:44 pm

hm2k wrote: Further more, you only need to make it readable by all, you can use a+r
That's the same as 0644
All this aside, I am on the understanding that you need to set the permissions of new files somewhere.
Pardon? Do you mean, after uploading an image through the admin, that I then have to log in using a terminal or ftp client to set the correct permissions? If that is the case, why have an image upload function?

Permissions on the uploaded file are set by the server operator (apache) for the owner to read and write, but the group and everyone else can't. Remember, you are NOT the owner of the uploaded files, the server operator is.

Image
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool

If you're not living on the edge ... you're taking up too much space!


User avatar
Expert Member

Posts

Joined
Sat Jun 28, 2008 1:09 am
Location - Tasmania, Australia

Post by hm2k » Thu Nov 27, 2008 6:55 pm

fido-x wrote: That's the same as 0644
I think you should read up on chmod. I think you mean 644.

The reason for using a+r is that even if it's 477, it'll change it to 677, rather than always 644. This means it'll have no affect on other permissions, only the read ones, which is what we want.
Pardon? Do you mean, after uploading an image through the admin, that I then have to log in using a terminal or ftp client to set the correct permissions? If that is the case, why have an image upload function?

Permissions on the uploaded file are set by the server operator (apache) for the owner to read and write, but the group and everyone else can't. Remember, you are NOT the owner of the uploaded files, the server operator is.
No, I do not. There's a setting in many operating systems and web servers that tells the system what permissions new files should have. For example, his system is probably set to something like 444, where as if new files were set to 644, he wouldn't be seeing this problem.

The ownership of the file has very little to do with this, because the point is to set the file to all read. This is also especially true if you use something like suphp, as any good admin should do.

Hope this helps explain it further.

UK Web Hosting


User avatar
Global Moderator

Posts

Joined
Tue Mar 11, 2008 9:06 am
Location - UK

Post by fido-x » Thu Nov 27, 2008 7:14 pm

hm2k wrote: I think you should read up on chmod. I think you mean 644.
No. I mean 644. It is the last number that sets the permission for "everybody else". The numbers represent permissions for owner, group, and everybody else - in that order.
There's a setting in many operating systems and web servers that tells the system what permissions new files should have. For example, his system is probably set to something like 444, where as if new files were set to 644, he wouldn't be seeing this problem.
True. This is set in the php configuration. The following is from php.ini:-

Code: Select all

[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
;
; As of PHP 4.0.1, you can define the path as:
;
;     session.save_path = "N;/path"
;
; where N is an integer.  Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories.  This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
;
; NOTE 1: PHP will not create this directory structure automatically.
;         You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
;         use subdirectories for session storage
;
; The file storage module creates files using mode 600 by default.
; You can change that by using
;
;     session.save_path = "N;MODE;/path"
;
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
session.save_path = /var/lib/php
This could be set in the .htaccess file.

Image
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool

If you're not living on the edge ... you're taking up too much space!


User avatar
Expert Member

Posts

Joined
Sat Jun 28, 2008 1:09 am
Location - Tasmania, Australia

Post by hm2k » Thu Nov 27, 2008 7:20 pm

fido-x wrote: No. I mean 644. It is the last number that sets the permission for "everybody else". The numbers represent permissions for owner, group, and everybody else - in that order.
Ah, yes, sorry my mistake. I've not had my morning coffee yet ;). Still using a+r has it's benefits.

You're on the right path with the php.ini, however it's sometimes a filesystem issue.

I guess it depends on who admins his server and what the environment is.

UK Web Hosting


User avatar
Global Moderator

Posts

Joined
Tue Mar 11, 2008 9:06 am
Location - UK

Post by fido-x » Thu Nov 27, 2008 8:11 pm

I found this comment -
On all current PHP versions, move_uploaded_file() creates a
destination file that is either mode 0600 or 0644 (on Linux,
anyway), depending on whether move_uploaded_file() needed to copy
the file across filesystems.

If the file can be moved (renamed), then the resulting file is mode
0600, because the file was originally created with mkstemp. If the
file needs to be copied, the resulting mode is 0644 instead
(assuming a "normal" umask of 022).
at http://bugs.php.net/bug.php?id=42291

You should use @copy() instead of @move_uploaded_file().

Image
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool

If you're not living on the edge ... you're taking up too much space!


User avatar
Expert Member

Posts

Joined
Sat Jun 28, 2008 1:09 am
Location - Tasmania, Australia

Post by Qphoria » Thu Nov 27, 2008 8:12 pm

You're both wrong! its 844

Image
Donate!|OpenCart Basics|GeoZones
Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by hm2k » Thu Nov 27, 2008 8:19 pm

fido-x wrote: I found this comment -
On all current PHP versions, move_uploaded_file() creates a
destination file that is either mode 0600 or 0644 (on Linux,
anyway), depending on whether move_uploaded_file() needed to copy
the file across filesystems.

If the file can be moved (renamed), then the resulting file is mode
0600, because the file was originally created with mkstemp. If the
file needs to be copied, the resulting mode is 0644 instead
(assuming a "normal" umask of 022).
at http://bugs.php.net/bug.php?id=42291

You should use @copy() instead of @move_uploaded_file().
Sure, but then you'd have to unlink the temp file too... so copy()&unlink() vs move_uploaded_file()&chmod() really...

UK Web Hosting


User avatar
Global Moderator

Posts

Joined
Tue Mar 11, 2008 9:06 am
Location - UK

Post by fido-x » Thu Nov 27, 2008 8:23 pm

hm2k wrote: Sure, but then you'd have to unlink the temp file too... so copy()&unlink() vs move_uploaded_file()&chmod() really...
Unlink? The temporary file gets deleted automatically when the script finishes executing, ie. after the temporary file is copied.

Image
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool

If you're not living on the edge ... you're taking up too much space!


User avatar
Expert Member

Posts

Joined
Sat Jun 28, 2008 1:09 am
Location - Tasmania, Australia

Post by hm2k » Fri Nov 28, 2008 3:35 am

No, I don't think it does, not always... I could be wrong.

UK Web Hosting


User avatar
Global Moderator

Posts

Joined
Tue Mar 11, 2008 9:06 am
Location - UK

Post by hm2k » Fri Nov 28, 2008 9:59 pm

I think i'm gonna run with move_uploaded_file()&chmod() as move_uploaded_file is designed for use with uploaded files, which is what we are trying to do here.

I'll follow this up here: http://forum.opencart.com/index.php/topic,2367.0.html

UK Web Hosting


User avatar
Global Moderator

Posts

Joined
Tue Mar 11, 2008 9:06 am
Location - UK
Who is online

Users browsing this forum: No registered users and 5 guests