I am working on an admin section for a site that resells vitamins. I have an "Add Product" page which allows the user to enter product information and upload an image for that new product.
I use the php mkdir() function to create a new folder if neccessary and then upload the image into that new folder using move_uploaded_file(). When I call mkdir() from the script I set the permissions of the folder to 750. When I then access the new folder (that was created with the script) using either WS_FTP or the Web Interface File Manager that the hosting company provides I find the folder filled with other files and folders that have not been put there by me or my script. Some of the folders are: cgi-sys, db, backend, frontend, and many many more.. I have called my hosting provider and they told me that it is my script. I also cannot delete the new folder that is created by my script.
I have read that when using move_uploaded_files, PHP checks whether the files or directories you are about to operate on have the same UID (owner) as the script that is being executed. If I don't set the permissions on the new dir to at least 750 I cannot upload the file to the new dir. I created the script and uploaded it using WS_FTP and the new dir is being created by that script. I have no idea how to check the UID for either the script or the new dir.
I would really appreciate any information about UID's, permissions, mkdir(), move_uploaded_files() or anything that can help to solve the problem. I have spent so much time on something that seems so simple. Help!