To Avoid the Wrong Domain
A ftp connection in PHP can be made to a different domain from the one you are currently working on. But sometimes you can think you are connecting to domain a, when in fact the connection is to domain b.
It happens like this: aaa.com and bbb.com are on the same server, and your PHP script is in aaa.com, and you put for example ftp.aaa.com as your ftp server, but instead of the username and password for aaa.com you accidentally put the username and password for bbb.com, then although the ftp server you specified was aaa.com, you will actually get a connection to bbb.com.
I cannot say for sure that this happens on every server, as I cannot test every server, it certainly seems to happen on some, including some running Apache.
What we need, then, is some code in PHP to check that the server we are connected to for ftp is the same one that the scripts are running on, and so ensure that if you upload a file, say, then your scripts can access it in the place they think it is going to be. We need a check to make sure that the username and password used for ftp are the correct ones for where we want to be.
One way of doing this, that you see recommended sometimes, is to do a ftp_rawlist or ftp_nlist, and if these return an empty array (ftp_rawlist) or false (ftp_nlist) then you are on the wrong server. The trouble with this method is that ftp_rawlist and ftp_nlist are unreliable, they don’t work on some configurations, so their returning an empty array or false does not necessarily mean that it is the wrong server, it may mean something else is wrong.
The method I use is this:
$servername= the ftp server name, eg. ftp.aaa.com
$ftpconx= ftp stream as in PHP documentation
$username= the ftp user name
$initial_directory= our initial directory for ftp
$slash='/'; // or whatever the path separator is
$srvOK=!check_server_problem($servername, $ftpconx, $username, $initial_directory, $slash);
if(!$srvOK){
echo $srvOK; // we've identified a problem
}
function check_server_problem($servername, $ftpconx, $username, $initial_directory, $slash){
$md=@ftp_chdir($ftpconx,$initial_directory);
if(!$md){
return 'Initial directory not found';
}
$stamp=time();
$rl=@ftp_mkdir($ftpconx, 'tmp_try'.$stamp); // we try making a directory in the current ftp directory
if($rl===false){
return 'Write permission not set on '.$servername;
/* If the ftp user does not have write permission to the current directory or in the unlikely event that a file or directory called tmp_trynnnnn already exists, then ftp_mkdir will fail and 'Write permission not set' be returned. The code could be made more elaborate here, to check what is the real reason for ftp-mkdir failing. This code is kept a bit simpler than the belt-and-braces version would be. */
}
$lookerdir=$_SERVER['DOCUMENT_ROOT'];
if(substr($lookerdir,strlen($lookerdir)-(strlen($initial_directory)))==$initial_directory){
$lookerdir=substr($lookerdir,0,strlen($lookerdir)-strlen($initial_directory));
}
if((substr($lookerdir,strlen($lookerdir)-1)!=$slash) && (substr($initial_directory,0,1)!=$slash)){
$lookerdir.=$slash;
}
$lookerdir.=$initial_directory;
if(substr($lookerdir,strlen($lookerdir)-1)!=$slash){
$lookerdir.=$slash;
}
/* we should now have $lookerdiv set to the system path that matches our ftp directory */
$dir_exists = file_exists($lookerdir.'tmp_try'.$stamp);
$rl=ftp_rmdir($_SESSION['wa66_ftp_conx'], 'tmp_try'.$stamp); // remove the directory we just made
if($!dir_exists){
return ' Username '.$username.' seems not to belong to '.$servername;
}
return '';
}
And if there is a better method than this, then I would be delighted to know what it is.
0 comments:
Post a Comment