Forum Moderators: coopster
I'm new to PHP and just learning, but I had help from someone with a lot of experience yesterday and we still couldn't solve it. It seems it may be that I just don't have permision to put files on the site in this way.
Is there some way I can check this? Is there a way to change this?
The hosting is with bravenet, and I was very happy with them until now. When I tried to find detailed information on their site it was impossible. I've opened a ticket but they have not replied so far.
The PHP code I was using was basically like this:
<?php
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
As a result I get a screen with the $_FILES array, and the error code is 0, so the file was uploaded.
I really appreciate any thoughts you may have. Thanks! Scott
The first question is, do you have write permissions on the directory you are moving the image to?
Set your error reporting to E^ALL as well at the top of your script:
error_reporting(E^ALL);
See what happens.
dc
That is the question I suppose - do I have permisions? I don't know.
I tried adding the line of code you suggested but nothing came of it. Then I removed the whole "if" statement and just used the "move" command directly, leaving your line of code in, but it just showed a blank screen. And of course, no file appeared in my directory...
I suspect I just don't have the permision, but that is really annoying. Do you know a good host that definately does allow this? Or do you know if there is another way around this?
dc
If your server is Unix-based in some way (Unix, Linux, Solaris, BSD, etc, etc) then files are "owned" by different users. If a file is owned by your user ID, then my user ID cannot modify that file unless the mode is changed to give me permission to do so.
Here's the problem: If you're uploading files via PHP, then the files are most likely "owned" by the user ID that the web server software runs under. This is almost certainly not your user ID, but rather, is something like, "apache" or "nobody" or "www."
Thus, when you upload files, they're owned by, say "www". When you then try to copy them into a directory on your site, that directory is most likely owned by YOUR user ID, (I'll call it "scottd," but it's whatever it is on that server), so that "www" cannot modify it by putting files in there.
To "chmod" a directory 777 means read/write/execute for the owner (in this case scottd), read/write/execute for the group (I won't get into this, but certain users are grouped into user groups), and read/write/execute for the "world" or everyone. Generally, your directories would be "chmod" 755, which is to say, only the owner can write to it (put files in, take files out, etc) but everyone else can read files in there. You have to let everyone read files so that the web server user can retrieve and display those files to people browsing your site.
Okay. So.
Most FTP or file upload programs, or heck, even website control panels have something where you can change permissions on a file or directory. You might want to run a google search on "how do I chmod" or similar or "how do I chmod with [your upload program]" to find out how to do it. It's often a matter of making sure that "read/write/execute" are checked for owner, group, and world/other/everyone (sometimes the "world" setting is presented as "other" or "everyone" or similar).
If you chmod the directory 777, then the "www" user will be able to put files in there, even if the directory is owned by scottd.
And yes, there are some security issues inherent in this, but for the most part, you have no choice if you are using PHP to upload files and you do not have full administrative control over your server, I'm afraid.
JK
JK
:-)
JK
go to window/results/ftplog and type in the command barsite chmod 777 /path/to/your/file
I got that to work, or so it seemed judging by the message that appeared in the window below. So should that mean that the permissions are permanently changed? Or is it a momentary thing?
Not knowing the above answer I saw I could use chmod in PHP so I wrote this:
chmod("/path/to/file/", 777);
and included it before the PHP script to move images.
Needless to say it didn't work...so I put this in to see if the chmod was working:
if (chmod("/bla bla directory/", 777)) {
echo "chmod ok\n";
} else {
echo "chmod not ok\n";
}
and it showed me "chmod not ok"
When trying to use the dreamweaver thing I quite often got a message saying the directory didn't exist, but occaisionally I got a positive message saying the mode had been changed.
Well...sorry for blabbing on, but I've been trying to resolve this for 3 days now!
Things I don't really understand:
1 - in dreammweaver, am I relating this ftp command to a specific file, or is it a general command not related to or stored in any file?
2 - is the change permanent once set? (unless changed by another chmod of course)
Thanks again for your enduring patience. Scott
$file = posix_getcwd();
echo substr(sprintf('%o', fileperms($file)), -4);
you see I am learning!
Anyway, the amazing thing is it returns a value....0777
so now I really don't know whats going on.
hmmm...I'm off to bed.
Scott
As for whether "chmod" is permanent, it is supposed to stay the way you chmod it until you, or the superuser/administrator ("root" user) of the machine chmods it some other way. Some webhosts un-chmod stuff from 777 to 755 periodically automatically as a "security" feature. I have "security" in quotes because honestly, if everyone's files are owned by the web server user, it's rather like everything being 777 anyway.
But I digress.
Have you set error_reporting(E^ALL); in your script as suggested by dc above? That will generally give you more information about what may be going wrong.
Another rather slickity thing to do in this case is, rather than attempting to use move_uploaded_file(), instead, make an actual FTP connection to "127.0.0.1" (localhost), and use ftp_chdir to get into the directory you want to put the script, then use ftp_put to "upload" the file into that directory. That somewhat gets around the whole permissions thing if, in fact, it IS a permissions thing. I saw this idea in the comments on the manual page for move_uploaded_file(), so no guarantees.
On the same manual page, someone commented that Fedora Core 3 Linux may have a security function built in such that you may not be able to do image upload. I have no idea how your server is configured, though.
Definitely ask Bravenet what is going on, I think. :-)
JK
dc
Arjan
I have finally got a reply from Bravenet too (it was the weekend I suppose) and they say it should be okay, but they run on safe mode, so I think I know where to go now. If I get seriously stuck, I know where there are some great people to turn to. But I hope I can work it out on my own now.
Thanks again
Scott
