can't upload file

bgneuschafer

I have a form that allows the user to enter in a file to be uploaded to a server. I had it working before but I had to reinstall my apache and PHP software. Now I get this error message:

Warning: move_uploaded_file(\Kccrdi\public\PlatformPorting\Porting Documentation\FPRD01D - November Release (6.10.00)\Release Issues_TestFolderforPHP\/CRDI-Overview with details.doc) [function.move-uploaded-file]: failed to open stream: Permission denied in c:\documents and settings\formprocess_testissues.php on line 150

is there something in the configuration files that I forgot to change?Warning:

dnoonan

check the permissions on the directory you're moving the file to... I believe apache defaults to 'nobody' but sysadmins like to change it to 'apache'.

Check that the User/Group in httpd.conf match the user/group of the destination folder.

bgneuschafer

I can't find the section in the httpd.conf that specifies the user/group. I found this though:

Control access to UserDir directories. The following is an example

for a site where these directories are restricted to read-only.

#
#<Directory "C:/Apache/users">

AllowOverride FileInfo AuthConfig Limit

Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

<Limit GET POST OPTIONS PROPFIND>

Order allow,deny

Allow from all

</Limit>

<LimitExcept GET POST OPTIONS PROPFIND>

Order deny,allow

Deny from all

</LimitExcept>

#</Directory>

However I have no "C:/Apache/users" directory

travelbuff

bgneuschafer:

what dnoonan is talking about is checking the operating system (os) restrictions on who can write to that directory (c:\documents and settings\formprocess_testissues.php).

See, PHP and Apache have to run under some username - perhaps 'nobody' or 'apache', but for security reasons they probably don't run under your username/id (uid). The most likely casue of your error is that your os will not allow whatever uid php/apache is running under to write to that directory. So you either need to change the uid that php/apache is running under (not recommended) or change the directory permissions for the directory so that apache's uid can write to it.

Judging by the back slashes, you are running windows. Try this article: http://www.comptechdoc.org/os/windows/win2k/win2kpermissions.html

bgneuschafer

There were certain lines that I forgot in my httpd.conf file to make PHP work entirely.

LoadModule php5_module "c:/php/php5apache.dll"
AddModule mod_php5.c

But now I don't even know if the function move_uploaded_file is performing. I don't get error messages, but I'm not seeing the uploaded files either.

stfuji

Either you have disable in the php.in file uploads or your don't have the correct permissions on the directory you are uploading too.

Based on the error message you don't have the correct permissions on the folder you are uploading too.

It appears from your post and since you are recieving an error that whatever file has in fact been uploaded via HTTP POST method and is resident on the machine in the default or specified upload directory.

However it is most likely that the directory you are moving it to either doesn't exist or is read only to the web server and php.

Check the permission / security settings on the destination folder. Denote what they currently are then allow everyone total control and retest. If your problem is alleviated at that point try scaling back the security permissions until it breaks again to identify which account needs to have which permission.

HTH

Geoffrey

bgneuschafer

well why is it that I can just copy and paste the file manually into the destination directory then?

stfuji

As the creator / owner of the directory you have full permissions for the account you are logged into. The webserver runs on a different set of permissions as a system process...

Therefore you have to allow the system process (which is like another user logged into the machine) permission to perform the same actions you are discussing.

Hope that makes sense. This is just the way security is set up through most web servers (include MS based, apache, etc) that I know of. Permissions are generally based on the directory sometimes inherited from parent directories. Access priveleges for specific accounts are usually toggled on and off. For web server type applications the permissions generally start fairly high to keep your machine running securely. Otherwise someone could use your web server to run malicious scripts on your machine (I.E. hacking there are often holes that are utilized to do this very thing). It is generally up to the server administrator to give the web server directories permissions to perform system type task outside of processing files that lie in the directory structure to push out to a client. Anything that causes the machine to run machine level actions (moving / updating / executing files) is generally restricted. The usual place that things of this nature can occur would be in tmp directories or CGI directories.

In order to allow or override you have to play with the permissions. This doesn't generally get set up out of the box. You could always attempt to login as the process (although I don't know how to do this) and see if you can perform the move action to test.

However when messing with permission be very careful as you could allow for exploits depending on how you do it. I would suggest playing with these after some reading and then testing on a development server before you expose this type or issue to the general population.

Hope that helps,

Geoffrey