Error 403 - Forbidden when attempting to download a file previously uploaded via PHP script

Hello experts, I am using a simple PHP script to upload a file to a directory on a UNIX server.  The file upload appears to be working properly, however when I attempt to retrieve the file I receive "Error 403 - Forbidden".  I am assuming that this is because of improperly set permissions on the initial upload.  Interestingly I am able to delete the uploaded file via PHP.  Below is my upload script.

$file_dir = "/upload";

foreach($_FILES as $file_name => $file_array) {
	print "path: ".$file_array['tmp_name']."<br>\n";
	print "name: ".$file_array['name']."<br>\n";
	print "type: ".$file_array['type']."<br>\n";
	print "size: ".$file_array['size']."<br>\n";

	if (is_uploaded_file($file_array['tmp_name'])) {
		move_uploaded_file($file_array['tmp_name'], "$file_dir/$file_array[name]") or die ("Couldn't copy");
 		print "file was moved!<br><br>";

Open in new window


Any assistance would be appreciated.  
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

How do you retreive the file?

Meybe you server don't allowed extension of your file?
example. if you upload .exe file you need to have set server to allow access to these files
steinonlineAuthor Commented:
It doesn't really seem to matter.  A directory listing in the browser does the same thing as a GET method.  It's as though the file is locked.  It cannot be downloaded.
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

steinonlineAuthor Commented:
No that's not the problem.  Previously my application used FTP to handle uploads and downloads.  That worked fine, however a large number of users have Microwave LOS internet  which the ISP disable the FTP port.  Switched to an HTTP delivery method.  Now the files are untouchable once PUT on the server.
Aaron TomoskyDirector of Solutions ConsultingCommented:
I suggest using a download.php?file=filename type of script.
Here is one example
Marco GasiFreelancerCommented:
Please, can you show the code you're using to access the file? And another question: via FTP you see the file is correctly uploaded and listed in the correct directory?

steinonlineAuthor Commented:
marqusG, I can't access it via, webbrowser, FTP.  I can see it in the directory listing.  The files are correctly uploaded. Size is perfect match.  If it is pertinent, I am using a delphi application to interface with PHP scripts server side.  I am using Indy9 HTTP client component to make posts and requests from UNIX server.  This inclines me to think that possibly I am getting something wrong with file attributes on upload.  I vaguely remember something about the number 755 for some reason (college was a long time ago). I am using a very simple script for upload.  Probably too simple.
Marco GasiFreelancerCommented:
lol, It's fantastic! I've encopuntered this issue just yesterday and fortunately I found the fix. The problem is that some spammer has written bad code using Indy components and so some providers have inserted Indy user agent in their block lists.
To fix this problem open your program in the Delphi IDE select idHTTP component and look at the Object Inspector. Look for User Agent property under Request property: it should be set to something like this: Mozilla/3.0 (compatible; Indy Library). Simply delete all except Mozilla 3.0. That's all. Remember to not leave blank this value: if empty, by default it is filled at runtime with above value and your program wont work.

Marco GasiFreelancerCommented:
Are you still here?
steinonlineAuthor Commented:
marqusG sorry, that didn't do the trick, however it makes sense.  
Marco GasiFreelancerCommented:
Oh, I'm sorry. In my opinion the problem resides in client code, however. Is it possible for you post the dfm and pas files so we can take a look at your client code?
steinonlineAuthor Commented:
sorry, I can't really give you the actual .dfm or .pas files due to company policy, however I will concoct a little mini program that is dedicated to this one problem.  If you do not have Delphi 7 and Indy 9 Internet Components, these files will be of little use to you.
Marco GasiFreelancerCommented:
I have both of them, don't worry :-)
steinonlineAuthor Commented:
here is a small sample program that has all of the behaviors and problems that I have previously outlined.  It is linked to a test directory on the actual server that it will be deployed on.  If you need source to the various .php files let me know.  The are just little simple single duty scripts.  I doubt there is any problem with them.  I appreciate your willingness to help very much.
steinonlineAuthor Commented:
I actually solved this problem myself, so I am going to reveal the solution, however I am not awarding any points.  Thanks to those who helped. I appreciate it very much.

The solution is to perform chmod($uploadFile,0777) immediately upon moving it from temp location on server. The file then downloads flawlessly.  

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Marco GasiFreelancerCommented:
I'm taking a look at your files. Unfortunately, I have to go away now, but I see you don't use any CookieManager. When AllowCookie is true, TidHTTP uses TidCookieManager to manage cookies and in my experience, my solution worked using CookieManager. So I suggest two things:

1. set AllowCookie to false in your idHTTP
2. alternatively, place a CookieManager (you can find it within Indy Misc tab) on your form and set idHTTP's CookieManager property accordingly.

Last thing: I see in your program a button to upload and a menu item to delete: if I understood the problem, you upload files correctly but you get 403 error when you attmpt to delete them: it's right?
When I run your sample program, I see two files: These two files are sample files that I can try to delete?

steinonlineAuthor Commented:
It is the correct, concise solution to my own problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.