permissions

cass27

Hi,

I am trying to grasp permissions. I used to use asp.net 2.0 but found it horrible so I am attempting to use PHP. It seems so much better. I am coping with the script (basically) but I am struggling with permissions.

For instance I have php on my machine and I run it off an IIS server (rather than apache. I created a form that would enable users to upload files to my computer. however the message comes back: "An error has occured: receiving directory insuffiecient permission... The upload form is reloading"

I have checked with my host and I have the correct permissions on the hosts server. Should I be creating permissions on the local machine? If so how do i do this? If anyone knows of ttutorials for working with this area Id be very grateful.

Thanks
cass27

sneakyimp

It's difficult to know why the error was caused without knowing what PHP you were running that caused it. In order for IIS to be able to copy files to a particular folder, IIS needs permission to write that folder. I'm not sure what you mean about 'local machine'.

cass27

I use php 5. By "local machine" I mean my computer. The address for the form is www.louandelcats.co.uk/upload.form.php

The second php script is on www.louandelcats.co.uk/upload.processor.php

thanks

cass27

sneakyimp

By 'what php you are using' i meant the source code, not the version. One cannot see the source code merely by visiting the site.

As for permissions on your 'local machine' that should have nothing to do with what runs on the server. If you can choose the file in your browser, you should probably be able to upload it.

cass27

sorry, i should have realised that of course the source code is not downloaded with the html page. I have used three pages to make the form work. The first which is the form itself has the following script and html code:

www.upload.form.php

<?php 

// filename: upload.form.php 

// first let's set some variables 

// make a note of the current working directory relative to root. 
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']); 

// make a note of the location of the upload handler script 
$uploadHandler = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'upload.processor.php'; 

// set a max file size for the html upload form 
$max_file_size = 30000; // size in bytes 

// now echo the html page 
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 
"http://www.w3.org/TR/html4/strict.dtd"> 

<html lang="en"> 
    <head> 
        <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> 

    <link rel="stylesheet" type="text/css" href="stylesheet.css"> 

    <title>Upload form</title> 

</head> 

<body> 

<form id="Upload" action="<?php echo $uploadHandler ?>" enctype="multipart/form-data" method="post"> 

    <h1> 
        Upload form 
    </h1> 

    <p> 
        <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size ?>"> 
    </p> 

    <p> 
        <label for="file">File to upload:</label> 
        <input id="file" type="file" name="file"> 
    </p> 

    <p> 
        <label for="submit">Press to...</label> 
        <input id="submit" type="submit" name="submit" value="Upload me!"> 
    </p> 

</form> 


</body> 

</html>

The second file is [url]www.upload.processor.php:[/url]

<?php
// filename: upload.processor.php 

// first let's set some variables 

// make a note of the current working directory, relative to root. 
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']); 

// make a note of the directory that will recieve the uploaded file 
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploaded_files/'; 

// make a note of the location of the upload form in case we need it 
$uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'upload.form.php'; 

// make a note of the location of the success page 
$uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'upload.success.php'; 

// fieldname used within the file <input> of the HTML form 
$fieldname = 'file'; 

// Now let's deal with the upload 

// possible PHP upload errors 
$errors = array(1 => 'php.ini max file size exceeded', 
                2 => 'html form max file size exceeded', 
                3 => 'file upload was only partial', 
                4 => 'no file was attached'); 

// check the upload form was actually submitted else print the form 
isset($_POST['submit']) 
    or error('the upload form is neaded', $uploadForm); 

// check for PHP's built-in uploading errors 
($_FILES[$fieldname]['error'] == 0) 
    or error($errors[$_FILES[$fieldname]['error']], $uploadForm); 

// check that the file we are working on really was the subject of an HTTP upload 
@is_uploaded_file($_FILES[$fieldname]['tmp_name']) 
    or error('not an HTTP upload', $uploadForm); 

// validation... since this is an image upload script we should run a check   

// to make sure the uploaded file is in fact an image. Here is a simple check: 
// getimagesize() returns false if the file tested is not an image. 
@getimagesize($_FILES[$fieldname]['tmp_name']) 
    or error('only image uploads are allowed', $uploadForm); 

// make a unique filename for the uploaded file and check it is not already 
// taken... if it is already taken keep trying until we find a vacant one 
// sample filename: 1140732936-filename.jpg 
$now = time(); 
while(file_exists($uploadFilename = $uploadsDirectory.$now.'-'.$_FILES[$fieldname]['name'])) 
{ 
    $now++; 
} 

// now let's move the file to its final location and allocate the new filename to it 
@move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename) 
    or error('receiving directory insuffiecient permission', $uploadForm); 

// If you got this far, everything has worked and the file has been successfully saved. 
// We are now going to redirect the client to a success page. 
header('Location: ' . $uploadSuccess); 

// The following function is an error handler which is used 
// to output an HTML error page if the file upload fails 
function error($error, $location, $seconds = 5) 
{ 
    header("Refresh: $seconds; URL=\"$location\""); 
    echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"'."\n". 
    '"http://www.w3.org/TR/html4/strict.dtd">'."\n\n". 
    '<html lang="en">'."\n". 
    '    <head>'."\n". 
    '        <meta http-equiv="content-type" content="text/html; charset=iso-8859-1">'."\n\n". 
    '        <link rel="stylesheet" type="text/css" href="stylesheet.css">'."\n\n". 
    '    <title>Upload error</title>'."\n\n". 
    '    </head>'."\n\n". 
    '    <body>'."\n\n". 
    '    <div id="Upload">'."\n\n". 
    '        <h1>Upload failure</h1>'."\n\n". 
    '        <p>An error has occured: '."\n\n". 
    '        <span class="red">' . $error . '...</span>'."\n\n". 
    '         The upload form is reloading</p>'."\n\n". 
    '     </div>'."\n\n". 
    '</html>'; 
    exit; 
} // end error handler 

?>

and the third file is the form that sets up to the user. [url]WWW.upload.success.php:[/url]

<?php 

// filename: upload.success.php 

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 
"http://www.w3.org/TR/html4/strict.dtd"> 

<html lang="en"> 
    <head> 
        <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> 

    <link rel="stylesheet" type="text/css" href="stylesheet.css"> 

    <title>Successful upload</title> 

</head> 

<body> 

    <div id="Upload"> 
        <h1>File upload</h1> 
        <p>Congratulations! Your file upload was successful</p> 
    </div> 

</body> 

</html>

There is the css file but i didnt think you would be interested in seeing this.

Thank you for your time

cass27

MOD EDIT: [noparse]

[/noparse] bbcode tags added.

SpeedBird

You might want to check permissions that are configured in IIS as these usually override any permissions configured via NTFS.

bradgrafelman

Get rid of the '@' symbols - why suppress error messages when you're trying to diagnose a problem? Paste us the exact PHP error message that you're getting.

Sounds like the directory you're trying to move files to doesn't have the necessary permissions after all.

sneakyimp

You should also surround your code with formatting tags. put [/code] after and

 before.  like this:
[code=php]
<?
echo 'hello world';
?>

cass27

thanks for that guys. The code I put up is copied directly from the php pages. So it includes comments (this is where the @ signs are and not part of the actual code).
The code itself is from a tutorial on how to upload files using a form. so what i have been doing is trying to upload files to my web site www.louandelcats.co.uk
(the form address should be www.louandelcats.co.uk/upload.form.php

I think you hit it on the nose when you said the permissions sorting out on IIS (what is NFTS by the way?). However I am a real novice in this area. Can abybody give me some guidance here or know of a good tutorial around php and IIS permisions?

thanks

cass27

bradgrafelman

cass27 wrote:
So it includes comments (this is where the @ signs are and not part of the actual code).

Not part of the code? So this part:

@move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
or error('receiving directory insuffiecient permission', $uploadForm);

Doesn't have an '@' sign before the move_uploaded_file() function call? Are you sure?

As for SpeedBird's comment regarding "permissions that are configured in IIS," I'm not quite sure what he/she means. The only security permissions on a directory comes from the Windows ACL which can be accessed via either the "Permissions" option on the right-click menu within the IIS Manager or by simply going to the properties of the folder in Windows and clicking on the Security tab.

What you need to do is to make sure that the IIS worker process has permissions to write both to the temporary folder that PHP stores uploaded files in as well as the folder that you're trying to move the uploaded files to.

cass27

Doesn't have an '@' sign before the move_uploaded_file() function call? Are you sure?

yes, you are right. I have taken the @ out. I have also gone into the folder properties for the folder here all the pages of the web site are. I was told I should give the "internet Guest Account" full permissions. There wasnt one there so I added guests (name of computer) and gave it permissions. Or should I have added the IUSR account?

Anway the problem still remains. Things seem to have moved foreward but I now get the message:

Warning: move_uploaded_file(/uploaded_files/1213827318-adgraphic.jpg) [function.move-uploaded-file]: failed to open stream: No such file or directory in D:\inetpub\vhosts\louandelcats.co.uk\httpdocs\upload.processor.php on line 57

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\WINDOWS\Temp\phpA6F8.tmp' to '/uploaded_files/1213827318-adgraphic.jpg' in D:\inetpub\vhosts\louandelcats.co.uk\httpdocs\upload.processor.php on line 57

Warning: Cannot modify header information - headers already sent by (output started at D:\inetpub\vhosts\louandelcats.co.uk\httpdocs\upload.processor.php:57) in D:\inetpub\vhosts\louandelcats.co.uk\httpdocs\upload.processor.php on line 68

Upload failure
An error has occured: receiving directory insuffiecient permission... The upload form is reloading

I have to say I have no idea what vhosts are. Do I need to create a virtual folder for this folder in wwwroot. If so how do i do this?

thanks again

cass27

bradgrafelman

Error messages are wonderful when debugging! 🙂

The problem is that the $_SERVER['DOCUMENT_ROOT'] doesn't appear to be set. What if you just do a simple echo() of that variable (or check a phpinfo() printout) - what value do you see?

SpeedBird

cass27 wrote:
I have also gone into the folder properties for the folder here all the pages of the web site are. I was told I should give the "internet Guest Account" full permissions. There wasnt one there so I added guests (name of computer) and gave it permissions. Or should I have added the IUSR account?

The 'Internet Guest Account' is the IUSR account (it is in the form of 'domain\IUSR_COMPUTERNAME'). If IIS is installed this account will be there. This account may need write permissions to the directory you want the uploads to be saved to.

bradgrafelman wrote:
As for SpeedBird's comment regarding "permissions that are configured in IIS," I'm not quite sure what he/she means. The only security permissions on a directory comes from the Windows ACL which can be accessed via either the "Permissions" option on the right-click menu within the IIS Manager or by simply going to the properties of the folder in Windows and clicking on the Security tab.

That is exactly what I meant by NTFS permissions. If you go into the IIS mmc, and navigate to 'Web Sites -> website' and right-click the root directory (or a subdirectory) of the site and navigate to 'Properties -> Directory Security' any settings defined there will override settings defined in an ACL (although this shouldn't be a problem if Anonymous Access is allowed).

gjewett

Your problem is that the PHP user does not have write permissions to the directory you are saving the uploaded file to. I'm not a Windoze user so I'm not sure how you set that, but ideally the PHP user is the owner, or at least has write permissions in the web directory. This is how most web servers are set up, so if you're just developing this on your own computer and will not make it live in that environment, I'd just give full write permissions to the PHP user on the upload directory and not worry about the global user permissions.

cass27

Right . Really quite confused now. Most people seem to think its to do with permissions which was my original thought. My problem is in instigating this. This is what I have done. I have created a file called "louandel3" in wwwroot and and added IUSR guest account (this account does not state the name of the domain only the name of the computer.) I have set the permissions to write. I have done the same in the original folder and the folder where I am taking the jpg from.
Still the same error message.

Bradgrafellman wrote:

What if you just do a simple echo() of that variable (or check a phpinfo() printout) - what value do you see?

Can you explain how I do either of these two ideas?

Speedbird wrote:

This account may need write permissions to the directory you want the uploads to be saved to.

This is going to sound really silly but I dont know where uploaded files are to be stored. Do I need to create a folder and add it to the script?

gjewett wrote:

I'd just give full write permissions to the PHP user on the upload directory and not worry about the global user permissions.

Again, if someone can point me in the right direction how to do this Id be over the moon. I really am a complete newbie

Thanks again

cass27

bradgrafelman

At this point, we don't know yet if it's a permissions problem - you have to fix your path issue first.

Make a new PHP script and call it something like phpinfo.php (this is only temporary), that looks like this:

<?php
phpinfo();
?>

Visit that script in your browser, and in the table underneath "PHP Core", what is the value of the doc_root directive?

If it is blank, then this is your problem; you need to manually set this directive in your php.ini config file if you're using IIS. Make this change in your php.ini file and then restart IIS. Let us know if the script works after that.

cass27

hi,

I created a seperape file called phpinfo.php and in the core under doc_root it says "no value".

Bradgrafelman wrote:

you need to manually set this directive in your php.ini config file if you're using IIS. Make this change in your php.ini file and then restart IIS. Let us know if the script works after that.

Without sounding totally stupid (I hope) In what way would I change the php.ini file. what would go in it?

thanks again

cass27

bradgrafelman

You want to specify the path to the root of your website.

After looking back at your previous post, I see that you're using vhosts. I'm not too sure how to handle document roots with vhosts using IIS... especially since IIS doesn't understand PHP directives in .htaccess files (nor does it have an httpd.conf file like Apache does).

What might be easier for you is to use relative paths instead of absolute paths. For example, if the 'uploaded_files' directory is in the same directory as the upload script, the path to the file would be simply 'uploaded_files/newfile.jpg'.

If anyone else has experience on doc_root and virtual hosts on IIS, feel free to chime in.

EDIT: Now I'm seeing reports that IIS should properly fill in the doc_root directive on its own. Odd.