Okay. I'm building a gallery, where users can be logged in for uploading to their own folders, or just view the page via "public" (not logged in) - what I'm trying to do is make it possible to share uploads from the logged in user to the public folder, without having to duplicate files. For this, I'm trying to use symlink() - which works (in that the file I'm clicking "make public" on get a symlink created in the public folder - however, the link does not go back to the actual file in the user folder). I'm a little at a loss as to what I need to do. The code for the make_public is as follows: <?php if (!session_id()) { session_start(); }; require_once('conf/config.php'); $symbolic = (isset($_POST['filename']) ? $_POST['filename'] : ''); if (!empty($symbolic)) { $username = ((isset($_POST['username']) && !empty($_POST['username'])) ? $_POST['username'].'/' : $username); $fullpath = $userpath.$username.'/'.$symbolic; $checkthumbs = explode('/',$symbolic); $checkthumbs[1] = ($checkthumbs[0] == 'video') ? $checkthumbs[1].'.jpg' : $checkthumbs[1]; $thumbs = ($checkthumbs[0] == 'pictures' || $checkthumbs[0] == 'video') ? symlink($userpath.$username.$checkthumbs[0].'/thumbs/'.$checkthumbs[1],$userpath.'public/'.$checkthumbs[0].'/thumbs/'.$checkthumbs[1]) : false; symlink($userpath.$username.$symbolic,$userpath.'public/'.$symbolic); if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { echo json_encode(["content"=>"File made public","infotype"=>"success"]); } else { header('location: gallery'); } } ?> PHP: What happens is that the "target" (the first part of the symlink()), seems to use the "public/" folder for target, instead of the user-name-folder. Not really sure why, because if I echo the $username it shows the correct value. The link is created in the correct folder, but is not recognized as a link if I do is_link() or readlink() on it (returns bool(false) on var_dump()). Does anyone have any tips as to how I could do this correctly? As an example, the file being shared publicly, is an image - what would I need to show this as a regular image file in the public gallery?
I'd echo out symlink($userpath.$username.$symbolic,$userpath.'public/'.$symbolic); symlink($userpath.$username.$checkthumbs[0].'/thumbs/'.$checkthumbs[1],$userpath.'public/'.$checkthumbs[0].'/thumbs/'.$checkthumbs[1]); Code (php): echo($userpath.$username.$symbolic,$userpath.'public/'.$symbolic); echo($userpath.$username.$checkthumbs[0].'/thumbs/'.$checkthumbs[1],$userpath.'public/'.$checkthumbs[0].'/thumbs/'.$checkthumbs[1]) Code (php): to see if it's actually linking the file you want. Chances are you're creating a non existent symbolic link
I'm not. The variables are populated (it's the exact same variables used for moving and deleting files, it's just moved to that file, and changed some variable-names). The return values for the two echo's are as follows: First echo: users/admin/pictures/01_06_03_060.jpg users/public/pictures/01_06_03_060.jpg Second echo: users/admin/pictures/thumbs/01_06_03_060.jpg users/public/pictures/thumbs/01_06_03_060.jpg Which is the exact placements. However, I'm a bit unsure if I need a full path - a symbolic link should be able to work with dynamic link, correct? Or do I need the full link ($_SERVER['DOCUMENT_ROOT'])?
No harm trying out the full path. Which brings me to think, are you on a windows platform? If so you need to use absolute paths.
No, this is currently running on MAMP (OSX) - which might be why it's not working, of course Hard to find OSX-specific cases to read up on. But I will test full paths, see if it helps. It really shouldn't matter, though, as the test-server is set up as a vhost, and everything else works as intended.
realpath have too many potential pitfalls on different systems. DOCUMENT ROOT seems to be working perfectly fine on any type of system I've bothered testing on thus far. Also, it would involve a rewrite of certain parts of the code, which I can't be arsed doing right now. As for user-input sanitation, I agree, need to work that in as well - although it's not really that much that can be done with this.