Solved

PHP File Upload - Server File Permissions Issue

Posted on 2011-03-24
2
379 Views
Last Modified: 2012-05-11
Hi

I have had a sudden increase in users of my wordpress plugin complaining about permission related errors. I'm no pro yet but my first stance on the matter was that it is the servers restrictions. I'm still not convinced that it is my plugin but it just seems a little strange that a server would not allow the uploading of a text or csv file. Plus it has never come up before and suddenly multiple people  report it.

Warning: move_uploaded_file(/home/httpd/html/sextalk.me/sex/wp-content/plugins/easy-csv-importer-2/sextalk2me.csv) [function.move-uploaded-file]: failed to open stream: Permission denied

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpMvJ9cb' to '/home/httpd/html/domain.me/wp

One permission that the plugin didn't have was to open a csv file for writing.

I will show you my method for uploading a file, maybe you can suggest another approach or even just help me decide where the fault is. My script or the users server. I should say I build the plugin on my computer, no problems there and I have many test blogs online, no problems their either.

Troubleshooting has been going on for days regarding this so any help is appreciated.

function eci_csvupload( $upload,$set )
{
	//$_POST = stripslashes_deep($_POST);
	
	$upload = $_FILES['file'];
	
	// check for errors
	if ( $upload['error'] != 0 ) 
	{
		eci_log(__('Upload Failed'),__('A new file upload attempt failed to start'),'Error',$set,'Failure' );	
		eci_err(__('Upload Failed To Start'),__('CSV file upload could not be started 
		at all as the file loader returned error, please try again.'));
	}
	elseif ( $upload['error'] == 0 ) 
	{	
		// get path data
		$pat = get_option('eci_pat');
		
		// if no path data or path not submitted use default
		if( !$pat || !isset( $_POST['eci_path'] ) )
		{
			$path = 'default';
			
			// install path array
			eci_install_paths();
			
			// now get paths data
			$pat = get_option('eci_pat');
		}
		else
		{
			$path = $_POST['eci_path'];
		}

		// now get the actual path
		foreach( $pat as $key=>$p )
		{
			if( $path == $key )
			{
				$path = $p['path'];
			}
		}
		
		// confirm path is valid else exit
		$openresult = opendir( $path );
		
		// if failed to open directory display error
		if( !$openresult )
		{
			// use directory name
			// add manual directory creation button to error message
			$createform = '
			<form method="post" name="eci_createdirectory" action=""> 
				<input name="eci_pathdir" type="hidden" value="'.$path.'" />
				<label>Enter Directory Name:<input name="eci_pathname" type="text" value="" size="15" maxlength="15" /></label>
				<input class="button-primary" type="submit" name="eci_createdirectory_submit" value="Create Directory" />
			</form>';
			
			eci_err(__('Failed To Open Path/Directory'),'The path being used for uploading your
					csv file does not appear to be a valid directory or a directory with
					permissions that will allow the upload. Your CSV file was not uploaded. 
					Here is the directory you are attempting to upload your csv file to and
					a button to create it manually.<br /><br />
					<strong>Required Path</strong>'.$path.'<br /><br />
					 '.$createform.'');
		}
		else
		{
			// build final file path
			$path = $path.$upload['name'];
			
			// if the final path already exists, delete the existing file then continue
			if ( file_exists( $path ) ) 
			{
				// change file exists switch to true
				$fileexisted = true;
				
				// get existing files datestamp
				$oldtime = filemtime( $path );

				// delete the existing file
				$deleted = unlink( $path );
				
				if( $deleted )
				{
					eci_err( __('Existing File Deleted'),__('A matching csv filename was found in the
							same directory you are uploaded to. It has been deleted as part of
							the upload process.') );
				}
			}
			else
			{
				$fileexisted = false;
				$deleted = true;// set variable only, has no purpose
			}
									
			// if file could not be delete do not continue and let user know
			if( !$deleted && $fileexisted === true )
			{
				// $deleted or $fileexists do not equal true, both must be true to avoid this
				eci_err(__('File Name Exists Already'),__('You already have a CSV file with the same name
						in the selected directory. The plugin could not delete it. You will need to
						delete it manually then try again.'));
			}
			elseif( $fileexisted === true && $deleted == true || $fileexisted === false )
			{
				// move temp upload to its final path
				$moveresult = move_uploaded_file( $upload['tmp_name'], $path );
				
				// alert user if file move failed
				if( !$moveresult )
				{
					eci_err(__('File Failed To Upload'),'There is no clear reason for the failure.
							The plugin confirm no file with the same name exists. Please check
							the directory permissions and ensure you are uploading a correctly
							formatted CSV file. '. $moveresult .' and report this problem so we 
							can investigate. Please considering using FTP.');
				}
				else
				{
					// confirm file has uploaded to the correct directory and path exists
					if ( file_exists( $path ) ) 
					{
						eci_notifications( $upload['name'],'Uploaded a new csv file','NA',1 );

						eci_mes(__('CSV Upload Success'),'You uploaded '.$upload['name'].' and
						can now use it to create a new project or update an existing one
						using the file name.');

					}
					else
					{
						eci_err(__('Possible Upload Error'),__('The plugin detected that the upload
								was a success but on double checking that the uploaded file is 
								now in place, the plugin could not locate your file. Please
								investigate and report this if the problem persists.'));
					}
				}
			}
		}
	}
}

Open in new window

0
Comment
Question by:Ryan Bayne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 250 total points
ID: 35205738
These errors are usually caused by the webserver not having permission to write into the receiving folder. In the example you cited above I would be checking ownership and permissions on /home/httpd/html/domain.me/wp

The usual method is to grant GROUP access to the web daemon or a group that the web daemon is a member of and then allow that group to have write permission to the folder, so on a command line type

ls -l /home/httpd/html/domain.me/

and look for the wp folder and note the user and group name together with the permissions and post them back here so we can help you.
0
 
LVL 2

Author Comment

by:Ryan Bayne
ID: 35206165
In terms of me the developer providing a plugin. Can you confirm that there is nothing I can do to get around this?

Thank you for your reply. I just want to clear this up before I start telling the occasional customer that they need to contact their hosting, nothing I can do etc.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
access an app through a window on a wordpress site 3 49
Help installing Laravel app on MAMP on MAC 7 56
wordpress 4.7.4, theme 8 41
Position image fpdf 4 18
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The purpose of this video is to demonstrate how to Test the speed of a WordPress Website. Site Speed is an important metric of a site’s health. Slow site speed can result in viewers leaving your site quickly and not seeing your content. This…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question