[Tutorials] Create a Directory

Blood08 · #1 (**permalink**) 07-08-2007, 03:10 PM

This is a easy way to create a directory which can be edited and put into upload scripts ect anyway

PHP Code:

  <?php

if($_POST[submit]){ // Sees if the form has been submitted

$form = $_POST['directory']; // Gets the field from the form

$directory = $_SERVER['DOCUMENT_ROOT'] . "/" . $form; // Asks where the directory is going to be created

if (!is_dir($directory))  // Checks if the directory is already created

{ 

mkdir($directory, 0777); // Creates the directory and chmods it to 777

} 

}

?> 

<form method="POST">

    <p><input type="text" name="directory" size="20" value="Directory Name"><input type="submit" value="Submit" name="submit"></p>

</form>

This has been tested and does work but if you are having problems with it saying something like

Quote:

Warning: mkdir(/home/****/public_html/Test) [function.mkdir]: Permission denied in /home/****/public_html/create.php on line 7

Then just go back to public_html and then change the permissions to 777 then it should work if its still not working please email me or pm me.

Thanks to Peterk92

Lee · #2 (**permalink**) 07-08-2007, 05:09 PM

If you CHMOD a folder or even a file to 777 you must always make sure your script is fully secure, if it isn't someone could hack it by the means of something like a shell, these shells allow people to browse all the files on the server, they can get your config files if you have any and take all the user information in a database and also deface your website, so always be careful!

ScottHughes · #3 (**permalink**) 07-09-2007, 07:36 AM

Quote:

Originally Posted by Lee

If you CHMOD a folder or even a file to 777 you must always make sure your script is fully secure, if it isn't someone could hack it by the means of something like a shell, these shells allow people to browse all the files on the server, they can get your config files if you have any and take all the user information in a database and also deface your website, so always be careful!

I understand that 777 gives full rights to everyone, but how does it let people hack into your system? How can we make sure the file or folder is secure?

HelloWorld · #4 (**permalink**) 07-09-2007, 07:38 AM

Quote:

I understand that 777 gives full rights to everyone, but how does it let people hack into your system? How can we make sure the file or folder is secure?

The way they will do is that they may connect to your webserver through the openings port probably *I never done it* (this is just my assumption) and then they use whatever editor on their shell program to open the file that you chmod 777. Because when you chmod a file to 777, that means the rights to the user is even be able to write, read, and execute.

Lee · #5 (**permalink**) 07-09-2007, 08:37 AM

Quote:

Originally Posted by ScottHughes

I understand that 777 gives full rights to everyone, but how does it let people hack into your system? How can we make sure the file or folder is secure?

You need to make sure you filter your inputs, if a username is put in a text box unless you filter/validate it, it may contain a command which could get all the information from your database, have a look around google for security on protecting against SQL injections, Shell attacks etc.

As far as the shell goes, there has to be a way to upload, like on one version of phpBB, i think it was 2.0.10 and below (thats a think) you could upload a shell as a .gif file and when the hacker loads the shell it would load as it should allowing them to browse you files and get to your databases and steal/destroy a lot of things.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode