[joe56247]

Hi everyone,
I need to get some files uploaded from customers now and then and I am always asked about my ftp. Thing is, I don't want third part to get access to all of my files and folders. I thought of creating a upload subdomain so that they could send directly to it. If I do so, will I need a second password to provide to our customers? Can I do this? How do I configure FZ for this subdomain? any clue of what can be done?
Thanks
Joe

[ShocK]

Hi, with the free hosting there's only one ftp account, unlimited with paid. http://www.000webhost.com/

[Mate]

Forget FTP.

Why not create the customer upload facility in a sub-directory, and then implement access control on that directory using .htaccess/.htpasswd ?

That way you could have separate login and password for each user, if you desired.

[joe56247]

Thanks Shock for letting me know that. Would be my last option right now but in a future time I'd pay for unlimited accounts.
Mate, that'd be interesting, I mean, anything that could let customers send their files would help but I really don't know how to proceed. How to creat a sub-directory (public_html folder or a new folder under it). Also don't know the commands fot the .htaccess for this especific issue. Think I'm going to ask them to send attachments via email by now until I can improve my account. Thanks anyway,
cheers,
Joe

[DJ Mike]

Here is a script that you can modify to fit your needs. Mate's idea for .htaccess for password protection is a good one. I used an array to hold passwords so I could easily assign a temporary password then delete it. $allowed is an array of file types that can be uploaded. You probably want to allow only images and HTML type files. Yoe definitely do NOT want to allow scripts.

<?
######################################
# $passwords is an array of usable passwords.
# Make one password for yourself, make others for
# trusted relatives to upload photos directly to your site
# set $path to your uploads directory.
# upload directory must have 777 permissions.
# $number_of_files = number of upload inputs.
# $max_size = max file size in bytes
# $allowed is an array of allowed file extensions.
# do not allow scripts like .php, .pl or .cgi to be uploaded
# if $overwrite = "no" then overwriting blocked
######################################
$passwords = array( "password1", "password2" );
$path = "uploads/";
$number_of_files = 10;
$max_size = 6000000000;
$allowed = array( "jpeg", "jpg", "gif", "png", "avi", "html", "mp4", "pdf" );
$overwrite = "no";
$body_bg = "fad888";
$table_bg = "slategray";
$th = "black";
$title = "DJ Mike's Multi File Uploader";
$self = "$_SERVER[PHP_SELF]";

######################################
session_start();


############## log out ###############
if ( $_POST[logout] )
{
$_SESSION[pass] = "";
$_SESSION = "";
session_destroy();
header("location:$self");
exit;
}
#####################################

############### or log in ##############
elseif ( in_array( "$_POST[pass]", $passwords ) )
{
$_SESSION[pass] = "$_POST[pass]";
header("location:$self");
exit;
}
#####################################
?>
<html>
<head>
<title><? echo "$title"; ?></title>
<style>
body {background-color:#<? echo "$body_bg"; ?>}
h1, h2 { color:blue; text-align:center; }
h2.in { color:green; text-align:center; }
h2.out { color:red; text-align:center; }
.error { color:red; font-weight:bold; text-align:center; }
.ok { color:green }
th { color:<? echo "$th"; ?>}
</style>
</head>
<body bgcolor="#<? echo "$body_bg"; ?>">
<h1><? echo "$title"; ?></h1>
<center>
<form method="post">
<input type="password" name="pass" value="<? echo "$_SESSION[pass]"; ?>" />
<input type="submit" name="login" value="Log In" />
<input type="submit" name="logout" value="Log Out" />
</form>
</center>

<?
#### hide upload form if not logged in
if ( !in_array( "$_SESSION[pass]", $passwords ) )
{
echo "<h2 class=\"out\">Logged out</h2>";
echo "</body></html>";
exit;
}
else
{
echo "<h2 class=\"in\">Logged In</h2>";
}

?>
<hr><hr>
<center>
<a href="<? echo $path; ?>">Upload directory</a>
</center>
<?
#### start upload ####
## do it only if files submitted
if ( $_FILES )
{
# start loop
echo "<h2>Attempting Upload...</h2>";
for ( $x=0; $x<=$number_of_files-1; $x++ )
{
# do it only if file has original name
# prevents processing when nothing submitted
if ( isset($_FILES[file_name][name][$x]) )
{
# check for upload problems
####
if ( $_FILES[file_name][error][$x] > 0 )
{
echo "<span class=\"error\">
The file could not be upoaded because ";
switch ( $_FILES[file_name][error][$x] )
{
case 1:
echo "the file is too big.";
break;
case 2:
echo "the file is too big.";
break;
case 3:
echo "the file was only partially uploaded.";
break;
case 4:
echo "no file was uploaded.";
break;
case 6:
echo "no temporary folder was available.";
break;
case 7:
echo "unable to write to disk.";
break;
case 8:
echo "file upload stopped";
break;
default:
echo "a system error occured.";
} # end of switch
echo "</span><br />";
exit;
}
#### end of if files > 0

#### if file uploaded, get extension
else {
$original_name = $_FILES[file_name][name][$x];
$original_name = trim($original_name);
$type = explode(".", $original_name);
$count = count($type);
$last = $count-1;
$type = "$type[$last]";
$type = strtolower($type);
# test extension type
if ( !in_array( $type, $allowed) )
{
echo "<div class=\"error\">File type ($type) is not allowed</div>";
}
# then see if it is small enough
elseif ( $_FILES[file_name][size][$x] > $max_size )
{
echo "<div class=\"error\">File is too big</div>";
}
# if no errors and small enough, sanititize name
else
{
# if no new name use original name
if ( $_POST[new_name][$x] == "" )
{
# snip extension
$original_name = str_replace( ".$type", "", $original_name);
# sanitize original name
$original_name = preg_replace("@[^\w\.]@", "_", $original_name);
# add extension and directory path to clean name
$file_name = "$path$original_name.$type";
}
# if new name submited, use it
else
{
# sanitize new name
$newname = $_POST[new_name][$x];
$newname = trim($newname);
$newname = preg_replace("@[^\w\.]@", "_", $newname);
# add extension and directory path to clean name
$file_name = "$path$newname.$type";
}

# prevent overwriting if $overwrite is "no"
if ( $overwrite == "no" && file_exists($file_name) )
{
echo "<span class=\"error\">File $file_name already exists.</span><br />";
}
# move uploaded file to upload directory
# suppress PHP error message
elseif ( @move_uploaded_file($_FILES[file_name][tmp_name][$x], $file_name) )
{
echo "<span class=\"ok\">File uploaded to <a href=\"$file_name\">$file_name</a>.</span><br />";
}
# if move fails, give your own error messahe.
else
{
echo "<span class=\"error\">An error occured. File Not uploaded</span><br />";
}
}
echo "<br><br>";
}
} # end isset file name
}
echo "</center></body></html>";
exit;
# end upload
}
?>

<center>
<form enctype="multipart/form-data" action="<? echo "$_SERVER[PHP_SELF]"; ?>" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="<? echo "$max_size"; ?>" />
<table bgcolor="<? echo "$table_bg"; ?>" border="1" cellpadding="10">
<tr>
<td colspan="2">
<ul>
<li>Limit <? echo number_format($max_size/1000); ?> KB each.
<li>Renaming is optional.
<li>Leave "New Name" field blank to retain original name.
<li>Do not include extension in new name.
<li>Periods and illegal characters will be replaced with underscores.
<li>Allowed file types: <?
foreach ( $allowed as $key=>$val)
{
echo "$val, ";
}
if ( $overwrite == "no" )
{
echo "<span class=\"ok\"><li>Overwrite protection is on.</span>";
}
else
{
echo "<span class=\"error\"><li>Overwrite protection is off.<span>";
}
?>
</ul>
</td>
</tr>
<tr>
<th>Files</th>
<th>New Name</th>
</tr>
<?
for ( $x=0; $x<=$number_of_files-1; $x++ )
{
$filenum = str_pad($x, 3, "0", STR_PAD_LEFT );
echo "<tr><td align=\"center\">";
echo "<input type=\"file\" name=\"file_name[$x]\" />";
echo "</td><td align=\"center\">";
echo "<input type=\"text\" name=\"new_name[$x]\" value=\"$filenum\" />";
echo "</td></tr>";
}
?>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Upload Files" />
</td>
</tr>
</table>
</form>
</center>
</body>
</html>

[ShocK]

You can create a sub directory in your cpanel by clicking on "subdomains"

[Mate]

Create a subdirectory on your PC where you write your stuff, then upload it using FTP.

Here's a sample upload script.
Google will find you plenty of other examples.

Your Control Panel -> Advanced section has a facility to password protect directories.
Create a test entry there, then checkout the files it creates to see how easy it is to modify the .htpasswd file.
(Edit .htaccess and .htpasswd files with a non-formatting text editor, eg Notepad.)

[joe56247]

Thank you all people. I must say that I have a form in which customers can upload files but some of them want to send via ftp for either their files are too heavy or they are not confindent that files will reach me via the form page. In 99% of cases uploaded files are JPG and Raw camera ones.
DJ thanks so much for all the code you sent and directions. Surely no scripts allowed and,
Shock I've already created a subdomain (even before posting) but don't know how to deal with it in the FTP (if it's possible to).
Mate i'll do what you tell me and try to modify the .htaccess and htpasswd.
In any case I'll come here and I'll let you all know what I came up with. Thanks so much!
Cheers mates,
Joe

[nevermore93]

I've been in the same situation, and ended up using a combination of 3rd party solutions. Both have free versions of their services that do everything I need and more.

For embedded upload links in your pages and files up to 2GB
http://www.sendthisfile.com/

For FTP access to shared folders
http://www.4shared.com/

Between the two it saves me a lot of headaches and I don't have to worry about dragging down the servers here.

[joe56247]

Hi Nevermore93. I think you are giving an easy way to solve this ftp issue. I've been looking the links you provided and specially I got very interested in 4share which seems will fit me better and avoid some headaches. It allows me to send a link to customers through which they can upload files up to 50Mb each. That's more than enough for them. I thank you for the hints. Cheers, Joe

PS I would like to thank everyone who showed up with some help for this problem I have. Thanks Shock, Mate and DJ. I think I will go with the hint Nevermore gave cause I don't need too much work to implement it. Thanks a lot for your time!