Solved

feel stupid and I have to ask...phpftp question

Posted on 2004-09-15
8
296 Views
Last Modified: 2008-02-01
I'm trying to test out the phpftp client found here:

http://inebria.com/phpftp/

It's open source software, and I've tried about all the other alternatives. I'm certain I have met all the requirements listed but I'm not having any luck. Basically, when I submit the form, it just comes back with the same form and all the fields are blank. I'm sure it's something simple, but it's making me crazy. I'm running apache 1.3x and php 4.3x on FreeBSD 4.10. The ftp.php file is located in the root of the webserver dir (/usr/local/www/data/ftp.php). Any help or insight is appreciated. The full PHP script is below.



<?php

/* $Id: ftp.php,v 2.2 2002/03/12 23:21:28 pauls Exp $ */

/* This software came from http://inebria.com/ */

/* Copyright (c) 2000
      Paul Southworth.  All rights reserved.

 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:
 1. Redistributions of source code must retain the above copyright
    notice, this list of conditions and the following disclaimer.
 2. Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in the
    documentation and/or other materials provided with the distribution.
 3. The name of the author may not be used to endorse or promote
    products derived from this software without specific prior
    written permission.

 THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
 OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
 GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */

/* Configuration Options */

$phpftp_host="localhost";
$phpftp_version="2.2";

/* Comment this out if you don't want the version footer */

$show_version_footer=1;

/* How large a file will you accept?  You may also need to edit your
   php.ini file and change upload_max_filesize appropriately */

$max_file_size="1000000";

/* The temporary directory $phpftp_tmpdir must exist and be writable
   by your web server.
   Hint:  mkdir /var/tmp/xfers && chmod 1777 /var/tmp/xfers */

$phpftp_tmpdir="/var/tmp/xfers";

/* $use_mime_lookup
   Turning this on creates a dependency upon the
   http://www.inebria.com/mime_lookup/ MIME type lookup library.
   Setting this variable to "1" enables it.  "0" disables.
   If you turn it on, put the mime_lookup.php file in the same directory
   as ftp.php and uncomment the 'include("mime_lookup.php");' statement. */

$use_mime_lookup="0";
/* include("mime_lookup.php"); */

/* We enclose the top and bottom in functions because sometimes
   we might not send them (ie, in a file-download situation) */

function phpftp_top() {
      global $phpftp_version;
?>
<!-- function phpftp_top -->
<html>
<head>
<title>PHP FTP Client <?php echo $phpftp_version; ?></title>
</head>
<body bgcolor="#ffffff">
<?php
}

function phpftp_bottom() {
      global $phpftp_version;
      global $show_version_footer;
?>
<!-- function phpftp_bottom -->
<?php
if (isset($show_version_footer)) {
?>
<p><font size=-2>This is <a href="http://inebria.com/phpftp/">PHP FTP</a>
version <?php echo $phpftp_version; ?></font></p>
<?php
}
?>
</body>
</html>
<?php
}

/* This is the form used for initially collecting username/passwd */

function phpftp_login() {
      phpftp_top();
?>
<!-- function phpftp_login -->
<p>
<form action="ftp.php" method=post>
<p><table border=0>
<tr><td>
Login:
</td><td>
<input name="phpftp_user" type="text">
</td></tr>
<tr><td>
Password:
</td><td>
<input name="phpftp_passwd" type="password">
</td></tr>
<tr><td>
Directory:
</td><td>
<input name="phpftp_dir" type="text">
</td></tr>
</table>
</p><p>
<input type="hidden" name="function" value="dir">
<input type="submit" value="connect">
</p>
</form>
<p>
<?php
      phpftp_bottom();
}

/* This function does not return TRUE/FALSE - it returns the value of
   $ftp, the current FTP stream. */

function phpftp_connect($phpftp_user,$phpftp_passwd) {
      global $phpftp_host;
      $ftp = ftp_connect($phpftp_host);
      if ($ftp) {
            if (ftp_login($ftp,$phpftp_user,urldecode($phpftp_passwd))) {
                  return $ftp;
            }
      }
}

function phpftp_list($phpftp_user,$phpftp_passwd,$phpftp_dir) {
      global $phpftp_host;
      phpftp_top();
?>
<!-- function phpftp_list -->
<?php
      $ftp = @phpftp_connect($phpftp_user,$phpftp_passwd);
      if (!$ftp) {
?>
<strong>FTP login failed!</strong>
<a href="ftp.php">Start over?</a>
<?php
            phpftp_bottom();
      } else {
            if (!$phpftp_dir) {
                  $phpftp_dir=ftp_pwd($ftp);
            }
            if (!@ftp_chdir($ftp,$phpftp_dir)) {
?>
<font color="#ff0000"><strong>Can't enter that directory!</strong></font><p><p>
<?php
                  $phpftp_dir=ftp_pwd($ftp);
            }
            echo "<strong>Current host:</strong> " . $phpftp_host . "<br>\n";
            echo "<strong>Current directory:</strong> " . $phpftp_dir . "<br>\n";
            if ($phpftp_dir == "/") {
                  $phpftp_dir="";
            }

            if ($contents = ftp_rawlist($ftp,"")) {
                  $d_i=0;
                  $f_i=0;
                  $l_i=0;
                  $i=0;
                  while ($contents[$i]) {
                        $item[] = split("[ ]+",$contents[$i],9);
                        $item_type=substr($item[$i][0],0,1);
                        if ($item_type == "d") {
                              /* it's a directory */
                              $nlist_dirs[$d_i]=$item[$i][8];
                              $d_i++;
                        } elseif ($item_type == "l") {
                              /* it's a symlink */
                              $nlist_links[$l_i]=$item[$i][8];
                              $l_i++;
                        } elseif ($item_type == "-") {
                              /* it's a file */
                              $nlist_files[$f_i]=$item[$i][8];
                              $nlist_filesize[$f_i]=$item[$i][4];
                              $f_i++;
                        } elseif ($item_type == "+") {
                              /* it's something on an anonftp server */
                              $eplf=split(",",implode(" ",$item[$i]),5);
                              if ($eplf[2] == "r") {
                                    /* it's a file */
                                    $nlist_files[$f_i]=trim($eplf[4]);
                                    $nlist_filesize[$f_i]=substr($eplf[3],1);
                                    $f_i++;
                              } elseif ($eplf[2] == "/") {
                                    /* it's a directory */
                                    $nlist_dirs[$d_i]=trim($eplf[3]);
                                    $d_i++;
                              }
                        } /* ignore all others */
                        $i++;
                  }
?>
<table border=0 cellspacing=20>
<?php
                  if (count($nlist_dirs)>0) {
?>
<tr><td align=left valign=top>
<strong>Directories</strong><br>
<form action="ftp.php" method=post>
<input type="hidden" name="function" value="cd">
<input type="hidden" name="phpftp_user" value="<?php echo $phpftp_user; ?>">
<input type="hidden" name="phpftp_passwd" value="<?php echo $phpftp_passwd; ?>">
<input type="hidden" name="phpftp_dir" value="<?php echo $phpftp_dir; ?>">
<select name="select_directory" size="10" width="100">
<?php
                        for ($i=0; $i < count($nlist_dirs); $i++) {
                              echo "<option value=\"" . $nlist_dirs[$i] . "\">" . $nlist_dirs[$i] . "</option>\n";
                        }
?>
</select><br>
<input type="submit" value="Enter Directory">
</form>
</td>
<?php
                  }

                  if (count($nlist_files)>0) {
?>
<td align=left valign=top>
<strong>Files</strong><br>
<form action="ftp.php" method=post>
<input type="hidden" name="function" value="get">
<input type="hidden" name="phpftp_user" value="<?php echo $phpftp_user; ?>">
<input type="hidden" name="phpftp_passwd" value="<?php echo $phpftp_passwd; ?>">
<input type="hidden" name="phpftp_dir" value="<?php echo $phpftp_dir; ?>">
<select name="select_file" size="10">
<?php
                        for ($i=0; $i < count($nlist_files); $i++) {
                              echo "<option value=\"" . $nlist_files[$i] . "\">" . $nlist_files[$i] ."  ($nlist_filesize[$i] bytes)". "</option>\n";
                        }
?>
</select><br>
<input type="submit" value="Download File">
</form>
</td></tr>
<?php
                  }
            } else {
?>
<p><font color="#ff0000"><strong>Directory empty or not readable</strong></font><p>
<?php
            }
?>
</table>
<p>
<form action="ftp.php" method=post>
<?php
            $cdup=dirname($phpftp_dir);
            if ($cdup == "") {
                  $cdup="/";
            }
?>
<input type="hidden" name="function" value="dir">
<input type="hidden" name="phpftp_user" value="<?php echo $phpftp_user; ?>">
<input type="hidden" name="phpftp_passwd" value="<?php echo $phpftp_passwd; ?>">
<input type="hidden" name="phpftp_dir" value="<?php echo $cdup; ?>">
<input type="submit" value="Go up one directory">
</form>
<p>
<form enctype="multipart/form-data" action="ftp.php" method=post>
<input type="hidden" name="max_file_size" value="<?php echo $max_file_size ?>">
<input type="hidden" name="phpftp_user" value="<?php echo $phpftp_user; ?>">
<input type="hidden" name="phpftp_passwd" value="<?php echo $phpftp_passwd; ?>">
<input type="hidden" name="phpftp_dir" value="<?php echo $phpftp_dir; ?>">
<input type="hidden" name="function" value="put">
<input type="submit" value="Upload this:">
<input name="userfile" type="file">
</form>
<p>
<form action="ftp.php" method=post>
<input type="hidden" name="function" value="mkdir">
<input type="hidden" name="phpftp_user" value="<?php echo $phpftp_user; ?>">
<input type="hidden" name="phpftp_passwd" value="<?php echo $phpftp_passwd; ?>">
<input type="hidden" name="phpftp_dir" value="<?php echo $phpftp_dir; ?>">
<input type="submit" value="Make subdirectory:">
<input name="new_dir" type="text">
<?php
            ftp_quit($ftp);
            phpftp_bottom();
      }
}

function phpftp_cd($phpftp_user,$phpftp_passwd,$phpftp_dir,$select_directory) {
?>
<!-- function phpftp_cd -->
<?php
      $new_directory=$phpftp_dir . "/" . $select_directory;
      phpftp_list($phpftp_user,$phpftp_passwd,$new_directory);
}

function phpftp_mkdir($phpftp_user,$phpftp_passwd,$phpftp_dir,$new_dir) {
?>
<!-- function phpftp_mkdir -->
<?php
      $ftp = @phpftp_connect($phpftp_user,$phpftp_passwd);
      if ($phpftp_dir == "") {
            $phpftp_dir="/";
      }
      if (!$ftp) {
            @ftp_quit($ftp);
            phpftp_top();
?>
<font color="#ff0000"><strong>FTP login failed!</strong></font><p><p>
<a href="ftp.php">Start over?</a>
<?php
            phpftp_bottom();
      } else {
            $dir_path = $phpftp_dir . "/" . $new_dir;
            @ftp_mkdir($ftp,$dir_path);
            @ftp_quit($ftp);
            phpftp_list($phpftp_user,$phpftp_passwd,$phpftp_dir);
      }
};
      

function phpftp_get($phpftp_user,$phpftp_passwd,$phpftp_dir,$select_file) {
      $ftp = @phpftp_connect($phpftp_user,$phpftp_passwd);
      if ($phpftp_dir == "") {
            $phpftp_dir="/";
      }
      if ((!$ftp) || (!@ftp_chdir($ftp,$phpftp_dir))) {
            @ftp_quit($ftp);
            phpftp_top();
?>
<font color="#ff0000"><strong>FTP login failed!</strong></font><p><p>
<a href="ftp.php">Start over?</a>
<?php
            phpftp_bottom();
      } else {
            srand((double)microtime()*1000000);
            $randval = rand();
            $tmpfile=$phpftp_tmpdir . "/" . $select_file . "." . $randval;
            if (!ftp_get($ftp,$tmpfile,$select_file,FTP_BINARY)) {
                  ftp_quit($ftp);
                  phpftp_top();
?>
<font color="#ff0000"><strong>FTP get failed!</strong></font><p><p>
<a href="ftp.php">Start over?</a>
<?php
                  phpftp_bottom();
            } else {
                  ftp_quit($ftp);
                  global $use_mime_lookup;
                  if ($use_mime_lookup == "1") {
                        $file_mime_type=mime_lookup(substr(strrchr($select_file,"."),1));
                  }
                  if (!$file_mime_type) {
                        $file_mime_type="application/octet-stream";
                  }
                  header("Content-Type: " . $file_mime_type);
                  header("Content-Disposition: attachment; filename=" . $select_file);
                  readfile($tmpfile);
            }
            @unlink($tmpfile);
      }
}

function phpftp_put($phpftp_user,$phpftp_passwd,$phpftp_dir,$userfile,$userfile_name) {
      srand((double)microtime()*1000000);
      $randval = rand();
      $tmpfile=$phpftp_tmpdir . "/" . $userfile_name . "." . $randval;
      if (!@move_uploaded_file($userfile,$tmpfile)) {
            phpftp_top();
?>
<font color="#ff0000"><strong>Upload failed!  Can't create temp file?</strong></font>
<p><p>
<a href="ftp.php">Start over?</a>
<?php
            phpftp_bottom();
      } else {
            if (!$ftp = @phpftp_connect($phpftp_user,$phpftp_passwd)) {
                  unlink($tmpfile);
                  phpftp_top();
?>
<font color="#ff0000"><strong>FTP login failed!</strong></font><p><p>
<a href="ftp.php">Start over?</a>
<?php
                  phpftp_bottom();
            } else {
                  ftp_chdir($ftp,$phpftp_dir);
                  ftp_put($ftp,$userfile_name,$tmpfile,FTP_BINARY);
                  ftp_quit($ftp);
                  unlink($tmpfile);
                  phpftp_list($phpftp_user,$phpftp_passwd,$phpftp_dir);
            }
      }
}

switch($function) {
      case "dir";
            phpftp_list($phpftp_user,$phpftp_passwd,$phpftp_dir);
            break;
      case "cd";
            phpftp_cd($phpftp_user,$phpftp_passwd,$phpftp_dir,$select_directory);
            break;
      case "get";
            phpftp_get($phpftp_user,$phpftp_passwd,$phpftp_dir,$select_file);
            break;
      case "put";
            phpftp_put($phpftp_user,$phpftp_passwd,$phpftp_dir,$userfile,$userfile_name);
            break;
      case "mkdir";
            phpftp_mkdir($phpftp_user,$phpftp_passwd,$phpftp_dir,$new_dir);
            break;
      case "";
            phpftp_login();
            break;
}
 
?>

0
Comment
Question by:timmr72
  • 4
  • 4
8 Comments
 
LVL 1

Expert Comment

by:Nezzo
ID: 12067980
/* The temporary directory $phpftp_tmpdir must exist and be writable
   by your web server.
   Hint:  mkdir /var/tmp/xfers && chmod 1777 /var/tmp/xfers */

$phpftp_tmpdir="/var/tmp/xfers";
0
 
LVL 1

Expert Comment

by:Nezzo
ID: 12068001
Also, did you check your apache error log for errors?

Another thought. :)
0
 

Author Comment

by:timmr72
ID: 12068034
Thanks Nezzo. I do  have the /var/tmp/xfers directory in place and with the correct permissions (as you stated). There is nothing in the httpd-error.log. The access log shows a get and a post entry....but nothing else. Anything else?

thanks again,
Tim
0
 
LVL 1

Expert Comment

by:Nezzo
ID: 12069600
What kind of ftp server are you running? The reason I ask is you have $phpftp_host set to "localhost":

$phpftp_host="localhost";
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:timmr72
ID: 12069784
the server is vsftpd? I'll take a look at the conf file...hmmm
0
 

Author Comment

by:timmr72
ID: 12074286
Nothing out of the ordinary from what I can see. There doesn't appear to be a entry for hostname in my vsftpd.conf file (not even sure if there should be?)
0
 
LVL 1

Accepted Solution

by:
Nezzo earned 125 total points
ID: 12088148
It's probably a problem with your ftp server. First, make sure you can ftp into it normaly from the command line. If that's working fine then try this:

In the script you will see @ signs place here and there. They are there to stop PHP error messages from being displayed or logged. Remove all @ signs and try again.

For example, this:

<!-- function phpftp_list -->
<?php
     $ftp = @phpftp_connect($phpftp_user,$phpftp_passwd);
     if (!$ftp) {
?>



would become:

<!-- function phpftp_list -->
<?php
     $ftp = phpftp_connect($phpftp_user,$phpftp_passwd);
     if (!$ftp) {
?>


Remove the rest of the @ signs in the script and try it again. Your errors will be displayed in the browser or in your apache error log.
0
 

Author Comment

by:timmr72
ID: 12256342
I actually went a different route. The variables weren't passing from one page to the next for me in this script. Still don't know why. Found a different solution that worked immediately (Net2FTP). Thanks though. You can have the points for being the only one to attempt to help :).
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
spacing 5 32
Install MySQL 5.6 and PHP on Centos Linux 6 54
Phone Dialer 5 38
Strip leading 0 from a var 3 14
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now