We often get asked by clients to allow pages on their websites to essentially upload files anonymously to their sites.....
Unfotunately as our servers are running under Windows and not Linux, we cannot provide the anonymous internet user with the ability to upload files into a folder on your website.
The reason for this is that we get targetted by hackers who very quickly find these directories and then upload everything from trojans and viruses to phishing sites....
If you want to provide this ability, you will need to do it by embedding a legitimate FTP logon and password that has write access to the folder concerned into a server side page that you have up on your site.
Below is an example written using PHP that shows the code needed to achieve this
First is the HTML code that will bring up a form allowing the visitor to select the file for upload
upload.htm
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">
<title>Upload a File</title>
</head>
<body>
File Upload<br>
<br>
<br>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input name="MAX_FILE_SIZE" value="100000"
type="hidden">Choose a file to upload: <input
name="uploadedfile" type="file"><br>
<br>
Name on Server:
<input maxlength="20" size="20" name="TargetName"><br>
<br>
<input value="Upload File" type="submit">
</form>
</body>
</html>
This brings up the following form:
This in turn calls the server side script upload.php
<?php
// Set up the settings
// ******
// ******
// We can give you a dedicated additional FTP logon just for this ....
$ftp_server = 'ftp.your-domain.com';
$ftpuser = 'YourLogon';
$ftppass = 'YourPassword';
// Capture the file details from the input form ...
$source1 = $_FILES['uploadedfile']['tmp_name'];
$source2 = $_FILES['uploadedfile']['name'];
$source_file = $source1;
// Set the target folder ....
$target_dir = "uploads/";
// Build the full target filename ...
$target = $target_dir . $TargetName;
// Connect to the webserver...
$conn_id = ftp_connect($ftp_server);
// Login with username and password
$login_result = ftp_login($conn_id, $ftpuser, $ftppass);
// Check connection
if ((!$conn_id) || (!$login_result)) {
print ("FTP connection has failed!<BR>");
print ("Attempted to connect to " . $ftp_server . " for user " . $ftpuser ."<BR>");
exit;
} else {
print ("Connected to " . $ftp_server . ", for user " . $ftpuser . "<BR>");
}
// Upload the file .....
$upload = ftp_put($conn_id, $target, $source_file, FTP_ASCII);
// Check upload status
if (!$upload) {
print ("FTP upload has failed! <BR>");
} else {
print ($source2 . " Uploaded as " . $target . "<BR>");
print ("Upload OK <BR>");
}
// Close the connection ...
ftp_close($conn_id);
print ("Exiting ...<BR>");
?>