I'd like to upload file out of the *public_html* directory, because of security reasons, but I can't do this, because it gives me this error message:
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to access /opt/share/www/a/domainname/safety-download/file/20120517215405-2012-05-16--1-27-51.png in /opt/share/www/a/domainname/public_html/beta/admin/dokumentum.php on line 29
I don't want to use MySQL - BLOB file upload, because I don't have enough space in my MySQL server to upload over 3000 files, with more than 5 MB file size, but I'd like to deny the users from accessing these files, because they contain personal details.
Thanks for your answers,
Barnabas
Are you sure you have the rights to write in that folder ?
dirty fix
chmod a+w /opt/share/www/a/domainname/safety-download/file/
Or you can give the rights to apache to write in this folder. By changing the group of the folder to be the one of apache
And also make sure you call move_uploaded_file in the right order $src, $dest:
Related
I don't know how to fix this but the problem is that it won't upload to the server that I'm using to host the website it creates the folder just fine but won't move it. The coding for the moving is below.
This is the error I get
Warning: move_uploaded_file(./userdata/profile_pics/iOy1pQXTZsLw7VA/) [function.move-uploaded-file]: failed to open stream: Is a directory in /home/a4640336/public_html/account_settings.php on line 103
and as well as this error code
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpX1zVno' to './userdata/profile_pics/iOy1pQXTZsLw7VA/' in /home/a4640336/public_html/account_settings.php on line 103
move_uploaded_file(#$_FILES["profilepic"]["tmp_name"],"./userdata/profile_pics/$rand_dir_name/".$FILES["profilepic"]["name"]);
echo "Your profile pic has been updated!".#$_FILES ["profilepic"]["name"];
//$profile_pic_name = #$_FILES["profilepic"] ["name"];
//$profile_pic_query= mysql_query("UPDATE users SET profile_pic='$rand_dir_name/$profile_pic_name' WHERE username='$username'");
//header("location: account_settings.php");
Overall I have tried to change where it is located to have it leading directly from the source but it doesn't change. If anyone can help please help me!
PS the commented out parts were done to be able to see the error
For those using PHP on Windows and IIS, you SHOULD set the "upload_tmp_dir" value in php.ini to some directory around where your websites directory is, create that directory, and then set the same permissions on it that you have set for your websites directory. Otherwise, when you upload a file and it goes into C:\WINDOWS\Temp, then you move it to your website directory, its permissions will NOT be set correctly.And If you try to upload a file larger than the post_max_size value (or multi files), the page will only refresh itself and no errors are thrown.
The destination directory must exist; move_uploaded_file() will not automatically create it for you.
You must
make sure that the file is not empty.
make sure the file name in English characters, numbers and (_-.) symbols, For more protection.
make sure that the file name not bigger than 250 characters.
Check File extensions and Mime Types that you want to allow in your
project. You can use : pathinfo(). or you can use regular expression for check File extensions as in example
Check file size and make sure the limit of php.ini to upload files
is what you want, You can start from here.
Check the file content if have a bad codes or something like this
function
move_uploaded_file($_FILES["file"]["tmp_name"], "../uploads/" . $_FILES["file"]["name"]);
Also check dir have writable permission
you need to use server path for file upload
$files = glob($_SERVER["DOCUMENT_ROOT"]."/myFolder/*");
$_SERVER["DOCUMENT_ROOT"] will get server path like var/host/public_html/your_folder
May this help you
So I'm working on some legacy/maintenance code, and there's a file upload that uses FTP, specifically ftp_login() and ftp_put().
Anyway, whenever I uploaded a file, it has very low permissions - only the user that uploads has write permission. I want all uploaded files to have all permissions enabled.
How would I go about this? I can't see anyway of doing it.
You can use ftp_chmod to change the permission of a file on an FTP server from PHP.
ftp_chmod($conn, 0777, $file);
The above line will - if successful - grant all permissions to everybody on $file.
I have a script that uploads files to a directory with file permissions 0644. I am unable to delete the file via FTP or using PHP's unlink() function (550 error). After scouring the web, I was unable to find a method to fix this problem. I am aware that the issue has to do with group/owner permissions, but I don't know how to fix the problem.
Should I use copy() or rename() instead?
Any ideas?
Edit: All uploaded files have owner/group set as: 48 48. All other files that I have uploaded via FTP and NOT the PHP script are 1006 1006. Is the owner/group set for the incorrect user?
I have already tried using chmod() to set permissions to 0666. I think the problem may be with the user?
Edit 2: Should I use exec() and run a command that changes the owner and group of the file?
It depends on what user your script is running as. Try uploading the files as 0655 instead
if you're using move_uploaded_file(); function, permissions are set correctly, so unlink(); should work
try this
move_uploaded_file($from, $to);
chmod($to, 0666);
You will want to have write permission to delete the file. 6 represents read/write. The first number after the zero represents the file's owner, who created it. If you are running the script to create the file, you should be able to delete it as long as you use the same user, probably the server user.
i'm working on a website wherein the users can upload images (uses php 4.3.11). the files are uploaded with no problem as i can see them in the upload directory and i don't get any error message, but when i try to access the uploaded files via ftp, i get an error: no such file or directory. sometimes, i am able to access the file sometimes i get this error. what could be the problem here?
[update]
thanks for the help guys. i'm not familiar with the ftp daemon stuff. but i do access my files via ftp using FireFTP. the files are there but when try to download them or change the file properties, i get the said error. i also tried uploading a file in the folder through ftp and i was able to download it with no problem.
here is some of the code i'm working on, its kind of roundabout but i'll see on how to improve it.
my working directory is something like this www.domain.com/register/
and the upload directory is here www.domain.com/register/uploads/
users are required to register and upon sign-up, a folder is created for them in the uploads directory. i couldn't find a way to create a folder without having to be in the uploads folder itself so i redirect to a create-user-folder.php file in the uploads dir.
the file just contained this code:
$user_foldername = rawurldecode($_GET['name']);
mkdir($user_foldername);
header("Location: ../form.php"); // redirect back to the page
i checked and the created folder's permission is set to 775.
and here's part of the code i use in uploading ( /register/function/function.php ):
$path = "../uploads/$user_foldername/";
for($j = 0; $j < $num_of_uploads; $j++){
if(is_uploaded_file($_FILES[$file]['tmp_name'][$j])){
$filename = $_FILES[$file]['name'][$j];
copy($_FILES[$file]['tmp_name'][$j],$path.$filename);
}
}
i checked using FireFTP and the files are in the /uploads/user_foldername/ directory and its permission is set to 664. the strange thing is that when i try to download the files, at times there would be no problem at all but there are times when the error will appear.
[another update]
i added chmod() after the copy() function,
$filename = $_FILES[$file]['name'][$j];
copy($_FILES[$file]['tmp_name'][$j],$path.$filename);
chmod($path.$filename, 0755);
but i still get the error.
another thing is that when i access /register/uploads/user_foldername/ through the url, i can see all of the uploaded files and view them, but how is it that i can't access them via ftp?
thanks again!
This is either a permission issue, or a configuration error. Here are things you should try:
What are the permission of the uploaded files? Does the FTP user has access to these files? Have you tried logging in as the user the FTP daemon would use and see if you could read the file that way?
Do you really see the correct directory? Have you verified by putting a file in that directory yourself and downloading it? Have you used the ftp command ls to verify the presence of the folder/folders/files?
You might need to chmod the folder the files are in, or in some cases the files themselves.
try chmoding them to 775
You can chmod files and folders through PHP it's self, with the chmod function. Or, you could use a FTP program such as filezilla.
Also check to make sure the intermediate directories are also permissioned as 755, as all the directories in the path need to be executable to be traversed.
i just figured out the problem. it was all because of the file name having accented characters in it, which explains why i do not always get the error message :|
<sigh> i should have seen this earlier, but anyway i hope this helps in case someone ran into the same problem.
thanks again! i really appreciate it :)
I'm running PHP 5.2.6 on a Windows Server 2003 Enterprise box. IIS is set to deny anonymous access and use Integrated Windows authentication.
I'm using a PHP script to save a file uploaded from a web form. The file is uploaded to a temp folder, the script creates a file name and path depending on other variables from the web form, and then the script uses PHP's move_uploaded_file() to move the temp file to the final location. All that works fine. In short, people are uploading files so everyone in the group can see them and the files are organized by the script.
My problem is that the file in the final location has odd permissions. It is not ending up with permissions from either the temp location or the final location. Both the temp location and final location have the same permissions: full rights for owner and administrations; read and read/execute for 2 specific AD security groups. The final file ends up with only: full rights for owner and administrations. So while the admins and the original uploader have no problem viewing the file, all others in the group get "permission denied" when trying to access it.
Any ideas or suggestions will be greatly appreciated! Thanks!
from the php page on move_uploaded_file (nb: this worked for me):
For those using PHP on Windows and IIS, you SHOULD set the "upload_tmp_dir" value in php.ini to some directory around where your websites directory is, create that directory, and then set the same permissions on it that you have set for your websites directory. Otherwise, when you upload a file and it goes into C:\WINDOWS\Temp, then you move it to your website directory, its permissions will NOT be set correctly. This will cause you problems if you then want to manipulate that file with something like ImageMagick's convert utility.
This seems to be an issue with the move_uploaded_file() function:
http://us3.php.net/move_uploaded_file
Take a look at the comments below, take note of Florian's comment about copy().
Would copy() solve the issue?:
http://us3.php.net/manual/en/function.copy.php