Topic: where is the (/tmp) folder ??

[Kim-Fini]

Hi i got a problem with my forum, and they tell me that is my server that is the problem. The thin is that my users cant upload avantars, to my PHPbb2+ forum, from a url ore own pc. The deweloper tells me that there must be a problem with my /tmp folder on the server.
Is this folder locaded on the server? and where? ore is it a part of Mysql? and if this is the case, where and how?

Hope some can help, and i put the topic in the right, forum.

Kim Fini

[Jean-Philippe Pialasse]

it is simply /tmp/

but as it is not in the ibay, it is not accessible from the webserver.

Two solutions:

1 modifify your script, and creat e a writable tmp in your ibay.

2 my prefered:

Code: [Select]


db accounts setprop IBAYNAME PHPBaseDir=/home/e-smith/files/ibays/IBAYNAME/:/tmp/
expand-template /etc/httpd/conf/httpd.conf
service httpd-e-smith restart


[Kim-Fini]

Thanks for your replay

I cant find the place in the PHP where i have to rewrite the code, and there will be other, codes in the future, there also have to be rewriten. So i think this will be a to big project for me.
So can i reach the /tmp folder when i'm in the root?
I use Putty, so my only problem is where the folder is locaded.
When i find it, i intend to set it to chmod 777, is this ok?

Kim Fini

[JonB]

No it not ok and will not make any difference anyway. Please read this FAQ

http://no.longer.valid/phpwiki/index.php/TroubleshootingFAQ#php_basedir

Jon

[Jean-Philippe Pialasse]

Thanks for your replay

I cant find the place in the PHP where i have to rewrite the code, and there will be other, codes in the future, there also have to be rewriten. So i think this will be a to big project for me.
So can i reach the /tmp folder when i'm in the root?
I use Putty, so my only problem is where the folder is locaded.
When i find it, i intend to set it to chmod 777, is this ok?

Kim Fini

you just have to execute theses few lines of  code for each ibays you need to acces to the temp dir.

No file to modify !

[Kim-Fini]

Thanks

I was almost making a great mistake, but then i dont do anything, but will now, ask in the forum for my Phpbb forum. Im sure that they have had this problem before. And with the code i got from Unnilennium, i now have a chanse to solwe the problem.
Once again thanks for the help you have given me so far.
It's always a plesure to wisit this forum.

Kim Fini

[william_syd]

Thanks for your replay

I cant find the place in the PHP where i have to rewrite the code, and there will be other, codes in the future, there also have to be rewriten. So i think this will be a to big project for me.
So can i reach the /tmp folder when i'm in the root?
I use Putty, so my only problem is where the folder is locaded.
When i find it, i intend to set it to chmod 777, is this ok?

Kim Fini

Kim Fini,

That 'code' does not go anywhere.

What you do is login using Putty as root and then type it in, line by line. Press enter at the end of each line.

Just remembet to change IBAYNAME to the name of the ibay you installed phpBB2 into.

db accounts setprop IBAYNAME PHPBaseDir=/home/e-smith/files/ibays/IBAYNAME/:/tmp/
expand-template /etc/httpd/conf/httpd.conf
service httpd-e-smith restart

[judgej]

The forum has been written in a way that forces an unnecessary constraint on the server. If they used the techniques they are supposed to use (i.e. not try and access the downloaded file directly, but use the approproate PHP or other functions for copying the files) then they would not have this problem.

I would put the blame with the forum software, get them to fix that, rather than modifying the server in a way that may make it less secure.

Point them to this:

http://us2.php.net/manual/en/function.move-uploaded-file.php

and tell them to stop messing around in /tmp, they should know better

-- JJ

[Kim-Fini]

This is the reason whay i choesed, SME server. Always a good replay on problems.
i will return to my forum, and tell them the message.

Kim Fini.

[Jean-Philippe Pialasse]

hum for the problem of hidding files for download, to avoid acces without using the php interface there's something funny using phpBB on sme

=> just configure the download file mod of phpbb to put files to download into a directory named files into the ibayname/html folder !

as the files aliase  is already defined for apache fo another directory (the /ibayname/files folder) it is not accessible using the internet navigator... but apache is able to work in this directory ...


and another trick

[william_syd]

So where is the problem ?

phpBB2 or phpBB2+

[judgej]

...
=> just configure the download file mod of phpbb to put files to download into a directory named files into the ibayname/html folder !
...

Marvellous. So anyone can upload a PHP script, that can then be run on your server, even before the BB application gets a chance to look at it (and decide it is a PHP script that should be deleted).

Really, there is only one safe way to handle the uploads: let the default configuration of Apache/PHP chose where to put it, then interogate the MIME type and size of the file, and only then, when your application is happy with it, move the move to its own work area using the supplied PHP function.

The server is set up the way it is for a reason: security. If you try and reconfigure it for certain applications such as phpBB, then you run the risk of opening the server to the kind of security exploits that the original configuration was meant to avoid.

-- JJ

[Kim-Fini]

No it not ok and will not make any difference anyway. Please read this FAQ

http://no.longer.valid/phpwiki/index.php/TroubleshootingFAQ#php_basedir

Jon

It's this code, from FAQ, that is working, not the other one.
This is what i did:
1.) I made a tmp folder in my forum.
2.) Set it to chmod 777
3.) Open Putty, as root, and type the code in.
4.) db accounts setprop IBAYNAME PHPBaseDir /home/e-smith/files/ibays/IBAYNAME/:/tmp (ENTER)
5.) signal-event ibay-modify IBAYNAME (ENTER)

Now it's Working