While developing the Foliopress WYSIWYG we decided to create the images management on the basis of Kae Veren’s excellent KFM file manager. While we are totally happy with how KFM handles the images itself, we were unable to work with images uploaded via ftp.
SEO Image managing a large sub directory of images uploaded via FTP
Uploading images one by one through an image editor is fine, uploading twenty that way is annoying. One of the reasons to prefer WordPress over Typepad is that you do have direct access to the server via ftp. So this was clearly not acceptable. It wasn’t even possible to change the file ownership of httpd via SSH (without root permissions).
Back in SEO Images we tried to move the images, but there was a problem. Images could not be moved or deleted, even renamed. Researching more this issue we found out a problem with users and their permissions. Images uploaded by FTP belong to user fv, but PHP runs as user httpd.
So the issue is that FTP and PHP runs under different user, but these users cannot touch each other files, except reading it. We tried to set the folder owner to fv and group httpd, but newly uploaded files were still locked to PHP.
After much deliberation we came up with several potential solutions.
One possible way would be to create some nice HTTP uploader with progress bar, where you’ll be able to upload more files. Since you cannot do it in PHP, there is an option to use flash uploader. BUT BE VERY CAREFUL, since flash uses different session than your browser, so even if your form is secure, the flash upload will not be. So if you chose flash, chose your flash uploader carefully. Security is always priority number one.
Other option is to use FTP inside PHP. So the PHP will FTP into the folder and change the permissions when there is a file (or directory) that doesn’t belong to PHP script user. This will solve the issue, but in order to for PHP login to FTP, you have store the login information somewhere on the server. This again is a security risk. You can of course enhance the security by encrypting the login information, and change the pass-phrase for encryption every couple of hours, but for this to be really secure, you have to use second computer (possibly non-public) to generate the pass-phrase. So this solution turns out to be not really practical.
Since this is all a permissions issue, it can all be dealt with by changing the permissions for uploaded image files to 766 and images directories to 777. This may be very dangerous, especially on cheap shared hosting who often have mod_security turned off and who do not protect the directories between clients.
But changing permission turns out to be the easiest solution and probably safest solution (safer than storing ftp login info on your server!). When your server security is high and, like us, you only need this to upload images, maybe this is what you want. If you are working with an httpd file manager but would like to be able to use FTP with it, just set the permissions of uploaded files via HTTP and also FTP to 766 and folders to 777 and you’re good to go.
In our particular case we actually had to change a bit of code to change permmissions of newly created directories in KFM to allow the FTP manager to work on the uploaded images.
The great thing about this fix, is that our image manager is now totally compatible with FTP, so uploading and managing hundreds of images is no longer a concern. Together with Lightbox, SEO Images effectively becomes full scale gallery software and not just for a few images per post. Here is an example gallery of images of Vienna’s industrial south.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Necessary Cookies
Strictly Necessary Cookie allow you to log in and download your software or post to forums.
We use the WordPress login cookie and the session cookie.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Support Cookies
Foliovision.com uses self-hosted Rocket.chat and self-hosted Freescout support desk to provide support for FV Player users. These cookies allow our visitors to chat with us and/or submit support tickets.
We are delighted to recommend self-hosted Rocket.chat and especially Freescout to other privacy-conscious independent publishers who would prefer to self-host support.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
3rd Party Cookies
This website uses Google Analytics and Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
We reluctantly use Google Analytics as it helps us to test FV Player against popular Google Analytics features. Feel free to turn off these cookies if they make you feel uncomfortable.
Statcounter is an independent Irish stats service which we have been using since the beginning of recorded time, sixteen years ago.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Leave a Reply