Uploading Files and Directory Permissions

ro1960

I have a form to enter data into a mySQL database located in the /html/admin directory. This directory is password-protected.

The form allows to upload files which end up in the /html/admin/uploads directory.

I would like the files to actually be uploaded in another directory, /html/shop_images since these files will be used on public web pages but there seems to be a problem with permissions, I get the following error:

Warning: move_uploaded_file(): open_basedir restriction in effect. File(/html/shop_images/dieux41.jpg) is not within the allowed path(s): (/var/www/web13/html/:/var/www/web13/phptmp/:/var/www/web13/files/:/var/www/web13/atd/) in /var/www/web13/html/admin/shop_created.php on line 17

Here's the PHP code that processes the upload:

$target_path = "/html/shop_images/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
$photo = basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path))
{
echo "Le fichier ". basename( $_FILES['uploadedfile']['name']). " a &eacute;t&eacute; t&eacute;l&eacute;charg&eacute;";
}
else
{
echo "Il y a eu un probl&egrave;me durant le t&eacute;l&eacute;chargement. Veuillez r&eacute;essayer.";
}

How do I go about this?

devinemke

from the manual (http://www.php.net/manual/en/features.safe-mode.php)

open_basedir string
Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink.

The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().

In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".

Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited.

The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/"

Note: Support for multiple directories was added in 3.0.7.

The default is to allow all files to be opened.

ro1960

Thanks for your reply. A bit technical for me. If I understand well, there's something I can change in the httpd.conf to solve my problem? Unfortunately I do not have access to this file.

What can I do to achieve what I am trying to do?