Setting permissions in PHP on server - php

I am trying to create a really simple webpage in php, letting people upload images to a folder on my server. I made this really simple with some done code, and it worked awesomely on my computer with xampp, but when I upload the page to my server, it gets an error message every time I upload anything. The error is when the script checks if the image was uploaded, where it says
$copied = copy($_FILES['image']['tmp_name'], $newname);
if(!$copied)
echo "error";
This leads me to believe that there is something wrong with the permissions. But how can I set this? And what should I set it to? I just need others to be able to upload images to a spesific folder.

The web server needs write permissions to be able to write into the directory you're storing the images.
Assuming you're on a Linux server, run the following command on the server (ssh) after changing /path/to/uploaded/images to the image upload directory, and see if it solves the problem:
chmod 777 /path/to/uploaded/images
If that fixes the problem, you can probably relax the permissions to something like:
chmod 664 /path/to/uploaded/images
These are basic commands for directory permissions, which you can learn more about in this tutorial about file permissions on Linux.
Alternatively, you can use move_uploaded_file() to copy the uploaded file to a known location.

Related

Uploaded file is not transfering to the destination folder [duplicate]

this is my code:
$uploaddir = '/temp/';
$uploadfile = $uploaddir.basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile))
send_OK();
else
send_error("ERROR - uploading file");
i have tried to upload with ftp_fput, ftp_put, move_uploaded_file, rename, copy and anything i can put my hands on. nothing seems to work.
i can't understand what is the problem since move_uploaded_file returns only true or false and no error code.
help??
Are you sure that the target directory has write permissions for world?ie,the third number in permission representation?
The files uploaded by php are owned by and comes under the group www-data
You can change the ownership by
[sudo] chown -R www-data folder // change owner
[sudo] chown -R www-data:www-data folder // change group and owner
i don't know why
But you have to.
That's what error messages are for.
Do you see any error message when something goes wrong? If not, then you have to check error logs.
Add this line at the top of your code
error_reporting(E_ALL);
and this one, if it's your local (not live) server
ini_set('display_errors',1);
so you'll be able to see errors onscreen
For the file uploads you have to check $_FILES['file']['error']) first. it it's not 0, refer to the manual page for the actual message.
I experienced a similar problem when using move_uploaded_file which would fail to upload particular files with an $_FILES['filename']['error'] code of 0.
It turns out that the name of the file needs to be unique in relation to the destination directory. move_uploaded_file does not know how to handle identical files names.
Have you check the limit of the file size? One of the reason if crashing could be that you are trying to upload a file bigger than the limit in your configuration. Look at the config var "upload_max_filesize" in your php.ini and check the size of the file.
This caught me out too. Be aware of:
move_uploaded_file() is both safe mode and open_basedir aware. However, restrictions are placed only on the destination path as to allow the moving of uploaded files in which filename may conflict with such restrictions. move_uploaded_file() ensures the safety of this operation by allowing only those files uploaded through PHP to be moved.
These settings can cause the upload to fail if you try to move the file outside of your website base directory for example.
In addition to permissions, be sure to check that there is disk space available on your server. If not, move_uploaded_file() will fail with error 0.
Did you try to activate error_reporting?
You should check your php-config if file uploads are allowed.

Unable to download file using FTP, after upload file via PHP

I have written simple PHP code to upload image file. Images are uploading successfully.
Here is my code,
mkdir("uploaded images", 0777, true);
move_uploaded_file($sourcePath,$targetPathNew);
but when i download that image, it shows me
Response: 550 Access is denied.
Error: Critical file transfer error
Thanks
This is due to permissions of the file. The uploaded file is owned by a web server user (such as www-data) and your FTP server runs under different user. While you change permissions on the folder to 0777 (allow everything to everyone), the file doesn't inherit the same permissions.
To fix this, you probably can add chmod($targetPathNew, 0777) in your code after the move_uploaded_file(...).
There is a chance though that this won't work due to some stricter server configuration. I'm not going to dive into this as judging by your question you're not very familiar with the Linux permissions (sorry if I'm wrong). You can find some essential information about permissions here, for example - https://www.tutorialspoint.com/unix/unix-file-permission.htm

Why dont i have rights on uploaded file?

I've just created a php snippet that allows me to upload pictures. Im working on my personal pc that runs Windows7, IIS7 and PHP.
The wierd thing is that Im allowed to upload and it works great, but if i go to the folder: c:\inetpub\wwwroot\imgupload\uploads and try to view the image then im now allowed because i dont have any rights. Adding my user to file rights solves the problem but thats a bit silly aint it? im using php's move_uploaded_file()
any thoughts?
The webserver (IIS) and PHP run with different permissions as you yourself. It's the webserver that receives the file and writes it to disk. So it is entirely reasonable that someone else (i.e. you) does not have access to it.
The problem is that the 'user' creating the images isn't you, it is IIS. Consequently, you don't own the image, the server does.
You could try to do a chmod($file, 777); after the file has been created to make it publicly accesible.

file uploaded via php: no such file or directory

i'm working on a website wherein the users can upload images (uses php 4.3.11). the files are uploaded with no problem as i can see them in the upload directory and i don't get any error message, but when i try to access the uploaded files via ftp, i get an error: no such file or directory. sometimes, i am able to access the file sometimes i get this error. what could be the problem here?
[update]
thanks for the help guys. i'm not familiar with the ftp daemon stuff. but i do access my files via ftp using FireFTP. the files are there but when try to download them or change the file properties, i get the said error. i also tried uploading a file in the folder through ftp and i was able to download it with no problem.
here is some of the code i'm working on, its kind of roundabout but i'll see on how to improve it.
my working directory is something like this www.domain.com/register/
and the upload directory is here www.domain.com/register/uploads/
users are required to register and upon sign-up, a folder is created for them in the uploads directory. i couldn't find a way to create a folder without having to be in the uploads folder itself so i redirect to a create-user-folder.php file in the uploads dir.
the file just contained this code:
$user_foldername = rawurldecode($_GET['name']);
mkdir($user_foldername);
header("Location: ../form.php"); // redirect back to the page
i checked and the created folder's permission is set to 775.
and here's part of the code i use in uploading ( /register/function/function.php ):
$path = "../uploads/$user_foldername/";
for($j = 0; $j < $num_of_uploads; $j++){
if(is_uploaded_file($_FILES[$file]['tmp_name'][$j])){
$filename = $_FILES[$file]['name'][$j];
copy($_FILES[$file]['tmp_name'][$j],$path.$filename);
}
}
i checked using FireFTP and the files are in the /uploads/user_foldername/ directory and its permission is set to 664. the strange thing is that when i try to download the files, at times there would be no problem at all but there are times when the error will appear.
[another update]
i added chmod() after the copy() function,
$filename = $_FILES[$file]['name'][$j];
copy($_FILES[$file]['tmp_name'][$j],$path.$filename);
chmod($path.$filename, 0755);
but i still get the error.
another thing is that when i access /register/uploads/user_foldername/ through the url, i can see all of the uploaded files and view them, but how is it that i can't access them via ftp?
thanks again!
This is either a permission issue, or a configuration error. Here are things you should try:
What are the permission of the uploaded files? Does the FTP user has access to these files? Have you tried logging in as the user the FTP daemon would use and see if you could read the file that way?
Do you really see the correct directory? Have you verified by putting a file in that directory yourself and downloading it? Have you used the ftp command ls to verify the presence of the folder/folders/files?
You might need to chmod the folder the files are in, or in some cases the files themselves.
try chmoding them to 775
You can chmod files and folders through PHP it's self, with the chmod function. Or, you could use a FTP program such as filezilla.
Also check to make sure the intermediate directories are also permissioned as 755, as all the directories in the path need to be executable to be traversed.
i just figured out the problem. it was all because of the file name having accented characters in it, which explains why i do not always get the error message :|
<sigh> i should have seen this earlier, but anyway i hope this helps in case someone ran into the same problem.
thanks again! i really appreciate it :)

Odd permissions on file modified by PHP move_uploaded_file()

I'm running PHP 5.2.6 on a Windows Server 2003 Enterprise box. IIS is set to deny anonymous access and use Integrated Windows authentication.
I'm using a PHP script to save a file uploaded from a web form. The file is uploaded to a temp folder, the script creates a file name and path depending on other variables from the web form, and then the script uses PHP's move_uploaded_file() to move the temp file to the final location. All that works fine. In short, people are uploading files so everyone in the group can see them and the files are organized by the script.
My problem is that the file in the final location has odd permissions. It is not ending up with permissions from either the temp location or the final location. Both the temp location and final location have the same permissions: full rights for owner and administrations; read and read/execute for 2 specific AD security groups. The final file ends up with only: full rights for owner and administrations. So while the admins and the original uploader have no problem viewing the file, all others in the group get "permission denied" when trying to access it.
Any ideas or suggestions will be greatly appreciated! Thanks!
from the php page on move_uploaded_file (nb: this worked for me):
For those using PHP on Windows and IIS, you SHOULD set the "upload_tmp_dir" value in php.ini to some directory around where your websites directory is, create that directory, and then set the same permissions on it that you have set for your websites directory. Otherwise, when you upload a file and it goes into C:\WINDOWS\Temp, then you move it to your website directory, its permissions will NOT be set correctly. This will cause you problems if you then want to manipulate that file with something like ImageMagick's convert utility.
This seems to be an issue with the move_uploaded_file() function:
http://us3.php.net/move_uploaded_file
Take a look at the comments below, take note of Florian's comment about copy().
Would copy() solve the issue?:
http://us3.php.net/manual/en/function.copy.php

Categories