Forum Moderators: coopster
My script tests if the file has been uploaded i.e.
$the_path= "_img/_products";
echo "Variables are:<br>
$userfile." ".$userfile_name." ".$userfile_size." ".$userfile_type."<br>";
if ($userfile=="none")
{
echo "Problem: no file uploaded";
exit;
}
if ($userfile_size==0)
{
echo "Problem: uploaded file is zero length";
exit;
}
$destination = $the_path . "/" .$userfile_name;
if (!move_uploaded_file($userfile, $destination));
{
echo "Problem: Could not move file into directory";
exit;
}
if I use move_uploaded_file my script outputs "Problem: Could not move file into directory" but the file is uploaded to web server & apache 2.0.4 will assign 0600 to the uploaded file.
However if I use copy instead of move_uploaded_file my script still outputs "Problem: Could not move file into directory" and again the file is uploaded to web server but apache 2.0.4 this time assign's 0755 to the uploaded file.
Therefore the two questions are;
1. Why are the above the above functions returning false?
2. Why are the uploaded file permissions different for each function?
Cheers
Synfield
if (!move_uploaded_file($userfile, $destination))
{
echo "Problem: Could not move file into directory";
exit;
}
As far as file permission differences, I'm not sure...
Is PHP safe mode on?
What version of PHP are you running?
Maybe it could be that the file has permissions set in the temp directory before it is moved and the move operation merely maintains the existing temp directory permissions whereas the copy creates a new file and assigns the permissions based on the directory you are copying to?
Files will by default be stored in the server's default temporary directory, unless another location has been given with the upload_tmp_dir directive in php.ini. The server's default directory can be changed by setting the environment variable TMPDIR in the environment in which PHP runs. Setting it using putenv() from within a PHP script will not work. This environment variable can also be used to make sure that other operations are working on uploaded files, as well.
Anyone else have any ideas or solutions?
My apache is httpd-2.0.40-21 home directory is /var/www/html and I have chown -R apache.apache /var/www/html so that all my web html & php files are owned by the server.
All this resides on redhat 9.0, have tried creating a new temp directory in /var/www then chown to apache.apache, but the same permission assignment happens as I mentioned in my first post.
In my etc/passwd file apache:x:48:48:Apache:/var/www:/sbin/nologin
for some reason apache doesn't have the same file creation rights as a non-priveged user?
Could this be an environment setting or apache config setting problem?
Regards
Synfield
>>for some reason apache doesn't have the same file creation rights as a non-priveleged user?
In the Miscellaneous configuration directives [us3.php.net]:
upload_tmp_dirThe temporary directory used for storing files when doing file upload. Must be writable by whatever user PHP is running as. If not specified PHP will use the system's default.
Match those against the permissions on the target directory. if you can't afford anonymous permissions to be too wide, chown the target directory to apache's group (www-data on debian) or add apache to your group (dumb idea)
Nova_Reticulis, couldn't get `id apache' to work but my user is apache and group is apache in my httpd.conf.
The target file i.e. upload_tmp_dir in php.ini is /var/www/temp and has 0777 permissions owner apache group apache.
The file I move files to from the temp directory is /var/www/html/_img on which I have also set the same permissions as on /var/www/temp.
coopster, I'm not sure what u mean by the temp directory being writable by the php user, I assume that the above 0777 permission assignment on the temp directory should be adequate?
Cheers & thanks!
