Uploading a file to an FTP Server without storing it on an filesystem using PHP

Question

Hi,

I have been unsuccesfully attempting to upload an encrypted file to an FTP server, without writing it to the filesystem first (which has security implications)

I have been attempting to use proc_open and then ftp_fput but to no avail, I guess because the stream created in proc_open isn't fstatable

Here is the code

<?php
$ciphertext = 'sadfasfasdf90809sf890as8fjwkjlf';

//The Descriptors
$descriptorspec = array( 
  0 => array("pipe", "r"),  // stdin 
  1 => array("pipe", "w"),  // stdout 
  2 => array("pipe", "w")   // error
);

$process = proc_open('cat', $descriptorspec, $pipes);
if (is_resource($process)) {    
fwrite($pipes[0], $ciphertext); 
fclose($pipes[0]);

//Debug test to proce that $pipes[1] is a valid stream     
//while(!feof($pipes[1])) {
//  $content .=  fgets($pipes[1],1024);
//}

//FTP connection etc etc OMMITTED to save space.

$upload = @ftp_fput($conn_id,$dir."/".$ftp_file.$extenstion,$pipes[1],FTP_BINARY);
fclose($pipes[1]);
// Check upload status
echo ('upload '. ($upload ? 'true':' false')); 
}
?>

I hope someone can help or suggest any improvements or alternative methods.

Thanks,

Phil

Answer 1

Why is is that you don't want to create a file? Is it just because you don't have an alternative, security reasons, or anything else?

The way I usually upload files to FTP that are not already in the filesystem is using tmpfile:

<?php

  $fh = tmpfile();
  fwrite($fh, data);

  // do upload

  fclose($fh);

?>

Using a temporary file makes is pretty clean; you write whatever you need to write, upload, then close the file and it magically disappears after you do.

Now, I don't know if you can upload to an FTP server other things than files (i.e. data from memory)... at least I tried to find a way but couldn't.

Answer 2

Never trust a server admin!

The code above works and doesn't require you to use a tmpfile.

Thanks,

Phil