disable user to upload certain file format from file manager

Then I could only suggest checking it myself; I'll need root access on your server for that.
Or we could try and spend time for looking at a screenshot of that file from you.
 
You can trust zEitEr, he is a respected forum member and he helped a lot of people.
 
I have included this line in all_pre.sh
/usr/local/directadmin/scripts/custom/all_pre.php

Now I have also inserted the script for ip binding using this link
http://help.directadmin.com/item.php?id=349

Should I include /usr/local/directadmin/scripts/custom/all_pre.php at the bottom of all_pre.sh after IP binding script or at the starting.How to include that file?
 
More logical would be to check IP prior to other checks, but both cases are possible.
So place /usr/local/directadmin/scripts/custom/all_pre.php at the bottom of all_pre.sh
 
In all_pre.sh
#!/bin/sh
if [ "${USERTYPE}" = "admin" ]; then
if [ "$caller_ip" = "1.2.3.4" ]; then
exit 0;
fi

if [ "$caller_ip" = "5.6.7.8" ]; then
exit 0;
fi
fi
exit 0;
/usr/local/directadmin/scripts/custom/all_pre.php

I have to include all_pre.php like this or do i have to write include or something else before this line /usr/local/directadmin/scripts/custom/all_pre.php
 
In this case put /usr/local/directadmin/scripts/custom/all_pre.php after #!/bin/sh:

Code:
#!/bin/sh
/usr/local/directadmin/scripts/custom/all_pre.php
...
...

otherwise you need to add before every exit 0 line
 
#!/bin/sh
/usr/local/directadmin/scripts/custom/all_pre.php
if [ "${USERTYPE}" = "admin" ]; then
if [ "$caller_ip" = "1.2.3.4" ]; then
exit 0;
fi

if [ "$caller_ip" = "5.6.7.8" ]; then
exit 0;
fi
fi
exit 0;

Trie this and after exit 0 not working
 
nopes...its not working.I added /usr/local/directadmin/scripts/custom/all_pre.php after bin/bash line same as above but its still uploading exe files not working properly.Its working when I remove the ip binding script....but with ip binding script its not working properly.I want to include that php file with this ip binding script.
 
I see, then you need to use this code:

Code:
#!/bin/sh
/usr/local/directadmin/scripts/custom/all_pre.php
if [ $? -ne 0 ]; then
 exit $?;
fi;

#other IP checks go here under
 
Following the same code ip binding script is working perfectly but still uploading exe file....all_pre.php not working.
 
OK, update you all_pre.php to the following:

PHP:
#!/usr/local/bin/php 
<? 

$command=getenv('command'); 
$action=getenv('action'); 

print "<pre>";

if ($command == "/CMD_FILE_MANAGER" && $action == "upload") 
{ 

# Debug
var_dump($_SERVER);

    foreach($_SERVER as $key => $val) 
    { 
        if(strpos($key,"file")===0) 
        { 
            $file=substr($val,0,-6); 

# Debug
var_dump($file);
exit(1);

            if (strpos($file,".exe")!==false){ 
                print "You seem to be uploading a file with forbidden extension <b>".htmlspecialchars($file)."</b>"; 
                exit(1); 
            } 
        } 
    } 
} 

print "</pre>";

exit(0); 

?>


And post here the output from your browser when you try to upload a file.
 
Last edited:
When I executed all_pre.sh script after updating with new script,it gives an error:
Parse error: syntax error, unexpected 'exit' (T_EXIT) in /usr/local/directadmin/scripts/custom/all_pre.php on line 34

After removing last exit 0; its output on terminal is <pre></pre> and still uplaoding exe file.
 
When I executed all_pre.sh script after updating with new script,it gives an error:

What? The script should be executed by directadmin, not by you in any means.
 
I have changed all_pre.php with the new updated script given by you.....and all_pre.sh is same as before.
On browser it is showing Upload successful of exe file.
 
I've just checked this code

Code:
#!/bin/bash

if [ $command == "/CMD_FILE_MANAGER" -a $action == "upload" ];
then
    /usr/local/directadmin/scripts/custom/all_pre.php
    RETVAL=$?;

    if [ $RETVAL -ne 0 ]; then
        exit $RETVAL;
    fi;

fi;

# Other code goes here

on my side, and it executes all_pre.php and *.exe files are blocked.

And all_pre.php should be as following:

PHP:
#!/usr/local/bin/php
<?

$command=getenv('command');
$action=getenv('action');

if ($command == "/CMD_FILE_MANAGER" && $action == "upload")
{
    foreach($_SERVER as $key => $val)
    {
        if(strpos($key,"file")===0)
        {
            $file=substr($val,0,-6);
            if (strpos($file,".exe")!==false){
                print "You seem to be uploading a file with forbidden extension <b>".htmlspecialchars($file)."</b>";
                exit(1);
            }
        }
    }
}
exit(0);

?>
 
Well in my case it is blocking every file extension after applying the above script.I tried to upload exe php file then doc file but its not allowing to upload any of the extension file.
 
Note if your php file contains .exe in it's name, then it will be blocked.

For further help, please post your debug output from my post #34 or hire me to set it up for you.
 
Back
Top