Page 1 of 1

Uploaded file won't allow download

Posted: Tue Apr 11, 2006 3:43 pm
by mlarson154
Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I have created a script that will upload a file to the server and store link information in mySQL. The files upload fine, and I can delete them fine via PHP, but if I try to access the files via a hyperlink, I get a 403 error which says "Forbidden. You don't have permission to access (file) on this server."

The code snippet that handles the upload is this:

Code: Select all

$uploaddir = '../docs/';
	$uploadfile = $uploaddir . basename($_FILES['link']['name']);
				
	if (move_uploaded_file($_FILES['link']['tmp_name'], $uploadfile)) {
	   echo "File is valid, and was successfully uploaded.\n";
	} else {
	   echo "Possible file upload attack!\n";
	}
Again, the upload and delete (unlink) work perfectly fine, but I get the permissions problem when generating a hyperlink to download the files. There are no password protections on the folders the files are located.

Does the "move_uploaded_file" put some sort of protection on it? I'm confused.


Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Apr 11, 2006 3:59 pm
by Christopher
Is the file actually in "../docs/" ? What are the permissions on the file? What OS?

Posted: Tue Apr 11, 2006 4:07 pm
by mlarson154
Yes, the file is actually in the "../docs/" folder. The files I'm uploading are Word docs and Excel files with no permission specifications put on them. Again, neither the folder any of the files have any limitations placed on them. I have uploaded .pngs and .jpgs as well for testing with the same error message.

What do you mean by OS? My personal OS, or the server software? My OS is Windows XP. My web host is running Linux with PHP 4.4.3.

Posted: Tue Apr 11, 2006 5:04 pm
by Benjamin
The directory containing the uploaded files probably doesn' have traverse (execute) permissions. This is a permission issue.

Posted: Tue Apr 11, 2006 11:56 pm
by mlarson154
Okay, is there a way for me to enable traverse permissions? I'm relatively new and haven't done something like that.

Posted: Wed Apr 12, 2006 12:36 am
by Christopher
So there is a file in the "../docs/" directory which I assume is in your public HTML directory somewhere because you said: if I try to access the files via a hyperlink, I get a 403 error which says "Forbidden. You don't have permission to access (file) on this server.". So what are the permissions and user/group on the file set to? You should probably find out what the same settings are for the "docs" directory.

Posted: Wed Apr 12, 2006 11:34 am
by mlarson154
You are correct that the permissions for the file are stripped so that only the "owner" can read and write the file. The permissions for the "/docs/" folder are set for all users,groups, and owner to read, write, and execute.

I have verified that the file, before upload, has the correct permissions enabled, so the upload process is stripping those permissions to make it only accessible by the owner.

Is there a way to pass along permissions in the upload?

Posted: Wed Apr 12, 2006 12:09 pm
by pickle
mlarson154 wrote:Is there a way to pass along permissions in the upload?
Not that I know of. Strictly speaking, it's not the same file, so there's no guarantee that the same permissions should apply. Most often, programmers call chmod() on the uploaded file, after it's been moved to the desired location.

Posted: Wed Apr 12, 2006 12:34 pm
by mlarson154
chmod() did it. Thanks!