Crossroads: LMB^Box FilePress

I’m at a crossroads point in my LMB^Box FilePress plugin for WordPress. I’m calling out for everyone’s input as to what they think/know will be better! :help_tb:

The Problem
Ok. Many of you may know about the problem with file management using PHP. If you use the standard Filesystem Functions that PHP has to upload/create/edit/remove any file(s) on your server, the user/owner for those files is the PHP/Apache user usually something like ‘nobody.’ Once you upload/create a file or directory using the PHP Filesystem Function, you will no longer have any control over the file(s) via FTP or Shell because the you are NOT the Owner of those files/directories. The other option to use is to use the PHP FTP Functions to control the file(s). With this option, you will have to enter in a FTP Username/Password and Path into the plugin in order to use it.

ADDED: I forget to mention that I believe that this only happens with Unix/Linux since it’s soo secure and I believe that under Windows this doesn’t happen/really matter, not sure though …

Which way would you like more? Please let me know soon so I can finish this plugin! Thanks all! :tongue_wink_ee:

Post a Comment

Your email is never shared. Required fields are marked *

*
*

4 Comments

  1. Posted June 14, 2005 at 2:33 pm | Permalink

    I understand where you’re coming from! I am going to put in both because it is just the best thing to do right now. One option (Filesystem Functions) has problems on shared hosting servers with the ownership of the file uploaded. The other option (FTP Functions) has problems with bandwidth usage; every file uploaded is added twice to your bandwidth (I believe …). I’m hoping just to finish up the last beta version in the next day. Thanks for your support!

  2. Posted June 14, 2005 at 12:51 pm | Permalink

    It should look good when it’s finished! I think you should put both in, purely because i don’t quite understand what you’re saying. (Please don’t try to explain)

    :P

    Thanks, keep up the good work, it’s much appreciated,
    Danny

  3. Posted June 11, 2005 at 8:52 pm | Permalink

    Well, I’ve come to the conclusion that the best thing for the plugin is to have both Filesystem and FTP Fucntions included and the user sets which to use. I looked at alot of info/reviews/comments on PHP’s CGI API vs Apache Module API and I believe even though the CGI API has some more security and good features, the downsides of it far out weigh the ups. :wallbash_tb: With CGI API, every single HTTP call is forced to open a new process to PHP which adds great demand of the server. Also many of the builtin PHP variables like $_SERVER will have problems with their values/settings. :thumbdown_tb:

    So the best thing to do is use PHP as an Apache Module, and I’ll make the default settings use the FTP Functions to add the files using the plugin. Then there will also be the option to use the Filesystem Functions as well. The only real downside to using the FTP Functions to add/edit/manage/modify/remove files is that it adds to your bandwidth because your using FTP (I believe that it does … :ponder_tb: ).

    Oh by the way everyone, thanks for all your help … :blink_tb: :dunce_tb: :dry_tb: :down_tb:

  4. Posted June 10, 2005 at 10:11 pm | Permalink

    I’ve been doing lots of researching online this evening and I’ve found some other help/info. :ponder_tb: One option which would take care of all these problems is if your PHP is run via the CGI API instead of the Apache Module API. What does this mean? Well, PHP that is run via the CGI API has the PHPsuexec feature enabled which lets all process of PHP run under the user’s account. Now when you upload/add/create/modify any file or folder, that file or folder will have your user as the owner and group on a Linux/Unix system, taking care of the problem. :thumbup_tb: I’m not sure about the security issues with the CGI API, but from what I’ve read the CGI API should be more secure than the Apache Module API! There is a small problem though … YOU would have to add to the top of all your php files something like this #!/usr/bin/php that states the path to the PHP executible file. :thumbdown_tb: But that’s not really all that hard to do …

    I’m doing some more indeepth research on these topics to dig up some dirt on both options. I think I’ll just end up adding support for both standard filesystem and ftp uploads and management functions for LMB^Box FilePress and you’ll set which on to use in the Options page. I would really like feedback from all of you out there … :huh_tb:

One Trackback

  1. By Wordpress Plugin Competition Blog on June 10, 2005 at 4:03 pm

    Crossroads: LMB^Box FilePress

    I’m at a crossroads point in my LMB^Box FilePress plugin for WordPress. I’m calling out for everyone’s input as to what they think/know will be better! :help_tb:

    The Problem
    Ok. Many of you may know about the problem with file management using …