[Information] FTP login details for plugin uploader - Printable Version +- MattRogowski's MyBB Plugins (http://mattrogowski.co.uk/mybb) +-- Forum: Plugins and Support (/forum-3.html) +--- Forum: Plugin Uploader (/forum-14.html) +--- Thread: [Information] FTP login details for plugin uploader (/thread-197.html)

FTP login details for plugin uploader - MattRogowski - 15-06-2011 06:51 AM The latest version of the plugin uploader includes support for uploading files for plugins via FTP. As there will be various questions and concerns about this I will try and explain everything here. You do not necessarily have to give your FTP details to the plugin uploader. When moving files, the plugin uploader will try and use standard PHP functions to move the files to their destinations. However, on some servers, PHP will not have permission to do this due to file ownerships, so it will then attempt to move the files via FTP. You may have had to give your FTP details in WordPress for automatic updates or plugin/theme installations/updates; this is a similar sort of thing. If you could upload plugins fine using previous versions, and/or you do not see a message on the plugin uploader page about requiring an FTP connection, then your server will be able to move the files with standard PHP functions, and you will not need to give any FTP details. This is the process taken to try and copy a file: copy() rename() fopen() file_get_contents() file_put_contents()/fwrite() ftp_connect() (entering FTP mode) ftp_rename() ftp_chmod() (change CHMOD of parent folder via FTP) ftp_rename() (called again after CHMODing parent folder) ftp_chmod() (undo CHMOD of parent folder) copy() (called again after CHMODing parent folder) ftp_chmod() (undo CHMOD of parent folder) rename() (called again after CHMODing parent folder) ftp_chmod() (undo CHMOD of parent folder) fopen() (called again after CHMODing parent folder) file_get_contents() file_put_contents()/fwrite() ftp_chmod() (undo CHMOD of parent folder) As you can see, it tries different ways of copying the file before resorting to FTP (although if the first copy() call fails it's likely FTP will be needed anyway), and may have to CHMOD the parent folder to be able to move the file. The only alternative to connecting via FTP is to CHMOD all the folders in your file system to 777; PHP won't be able to change the CHMOD to 777 and then change it back after copying the file, as if it doesn't have permission to copy a file to a folder, it won't have permission to change the CHMOD of that folder. Your FTP details must be hardcoded into the plugin uploader plugin file, in a similar way to your database details being stored in your config.php file. This is because they cannot be stored in your database; I cannot pass encrypted login details to the FTP connection function, which would mean your FTP details would need to be stored unencrypted in your database, which isn't something I'm going to do. If they were to be stored unencrypted in the database, anybody who gained unauthorized access to your database would be able to see them and connect to your FTP server, whereas if the details are stored in a file, somebody would already need access to your file system to be able to see it, thus they wouldn't need the details anyway. The login details are stored as private variables in the PluginUploader class, which means they can only be accessed by the PluginUploader class itself, and not by any classes that extend that class. It's not the most ideal place to have to put them but it's the most secure place I can store them. It's either a case of storing them in the file, or having to enter them every time you upload a plugin. Ultimately this change just means more people will be able to use the plugin uploader who couldn't before. If you have any questions, comments or concerns about this new feature, feel free to raise them by making a thread in this forum.