PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
I have created a script that will upload a file to the server and store link information in mySQL. The files upload fine, and I can delete them fine via PHP, but if I try to access the files via a hyperlink, I get a 403 error which says "Forbidden. You don't have permission to access (file) on this server."
The code snippet that handles the upload is this:
$uploaddir = '../docs/';
$uploadfile = $uploaddir . basename($_FILES['link']['name']);
if (move_uploaded_file($_FILES['link']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
Again, the upload and delete (unlink) work perfectly fine, but I get the permissions problem when generating a hyperlink to download the files. There are no password protections on the folders the files are located.
Does the "move_uploaded_file" put some sort of protection on it? I'm confused.
tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Yes, the file is actually in the "../docs/" folder. The files I'm uploading are Word docs and Excel files with no permission specifications put on them. Again, neither the folder any of the files have any limitations placed on them. I have uploaded .pngs and .jpgs as well for testing with the same error message.
What do you mean by OS? My personal OS, or the server software? My OS is Windows XP. My web host is running Linux with PHP 4.4.3.
So there is a file in the "../docs/" directory which I assume is in your public HTML directory somewhere because you said: if I try to access the files via a hyperlink, I get a 403 error which says "Forbidden. You don't have permission to access (file) on this server.". So what are the permissions and user/group on the file set to? You should probably find out what the same settings are for the "docs" directory.
You are correct that the permissions for the file are stripped so that only the "owner" can read and write the file. The permissions for the "/docs/" folder are set for all users,groups, and owner to read, write, and execute.
I have verified that the file, before upload, has the correct permissions enabled, so the upload process is stripping those permissions to make it only accessible by the owner.
Is there a way to pass along permissions in the upload?
mlarson154 wrote:Is there a way to pass along permissions in the upload?
Not that I know of. Strictly speaking, it's not the same file, so there's no guarantee that the same permissions should apply. Most often, programmers call chmod() on the uploaded file, after it's been moved to the desired location.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.