Wouldn't they still be able to overwrite each other? I don't think I expressed myself clearly. The point of the protection is to keep the scripts from overwriting each other on purpose. It was a protection that would make it posible to upload scripts, even if you were not completly sure they were safe. tor, 08 06 2006 kl. 17:30 -0400, skrev tedd: > At 10:37 PM +0200 6/8/06, Mathias Bundgaard Svesson wrote: > >Restrict them not to overwrite other modules or overwrite the CMS > >itself. Each module should have it's own directory, and it shouldn't be > >allowed to change anything outside it. > > > >tor, 08 06 2006 kl. 21:49 +1000, skrev chris smith: > >> On 6/8/06, Mathias Bundgaard Svesson <freaken@xxxxxxxxxx> wrote: > >> > Hi! > >> > I'm trying to create a CMS where it should be posible to upload script > >> > modules. Those modules should mostly be made by myself, but it is > >> > posible for others to create scripts too. My question is, is it posible > >> > to restrict the modules to their own directory so they don't overwrite > > > > some of the other modules or the CMS itself? > > Mathias: > > Well then, how about this? > > You can create a "uniquely" named id by using: > > $unique_id = md5(uniqid(microtime(), true)); > > and then use that name as a folder for each person submitting scripts OR use the unique id as a suffix for their cms file. Either way, it should stop persons from overwriting cms files. > > I would also suggest that you keep track of these id's in a dB. If you are still concerned about two people having the same unique, then you could search the dB to see if the recently created id exist. If it does, then generate another one. > > I use a similar method for making sure that the images I upload have unique names. > > hth's > > tedd > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
