Can't upload file through php?

Question

I am trying to upload a file through php

Html Form

<!DOCTYPE html>
<html>
<body>

<form action="upload.php" method="post" enctype="multipart/form-data">
    Select image to upload:</br>
    <input type="file" name="fileToUpload" id="fileToUpload"></br>
    <input type="submit" value="Upload Image" name="submit">
</form>

</body>
</html>

PHP

<!DOCTYPE html>
<html>
<body>

<form action="upload.php" method="post" enctype="multipart/form-data">
    Select image to upload:</br>
    <input type="file" name="fileToUpload" id="fileToUpload"></br>
    <input type="submit" value="Upload Image" name="submit">
</form>

</body>
</html> 
rohit@joed:/var/www/html$ cat upload.php 
<?php
$target_dir = "/home/rohit/uploads";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}
// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
    } else {
        echo "Sorry, there was an error uploading your file.";
    }
}
?>

Apache logs

move_uploaded_file failed to open stream: Permission denied in /var/www/html/upload.php

on line 37, referer: http://localhost/filetest.htm

I have already tried everything mentioned here, but still facing the issue.

Here are the permissions for the folders

drwxr-xr-x  2 www-data rohit   4096 Feb 24 15:58 tmp_uploads
drwxr-xr-x  2 www-data rohit   4096 Feb 24 15:05 uploads

I got the owner from

<?php echo exec('whoami'); ?>

chown user destination_dir
chmod 755 destination_dir

and then changed the owner of the folder with that user.

Could somebody help me unblock please?

@hanshenrik array(0) { } array(1) { ["submit"]=> string(12) "Upload Image" } array(1) { ["fileToUpload"]=> array(5) { ["name"]=> string(9) "page1.png" ["type"]=> string(9) "image/png" ["tmp_name"]=> string(33) "/home/rohit/tmp_uploads/phpCwZA6V" ["error"]=> int(0) ["size"]=> int(205237) } } — Max, Feb 24 '16 at 23:28
@hanshenrik But according to apache logs , there is some Permission denied error. What is the source/resolution for that? — Max, Feb 24 '16 at 23:31
You can have issues if the destination directory if outside of site document root, even if www-data is the owner — fusion3k, Feb 24 '16 at 23:33
http://stackoverflow.com/questions/8103860/move-uploaded-file-gives-failed-to-open-stream-permission-denied-error-after — Motomotes, Feb 24 '16 at 23:33
@Motes I took a look at SO page, could you tell specifically what to do? I have tried out everything on that page. I even put that in the question? — Max, Feb 24 '16 at 23:35
@Dude I write an answer. Not 100% success, but maybe can help you — fusion3k, Feb 25 '16 at 00:10

score 3 · Answer 1 · answered Feb 24 '16 at 23:39

Looks like the problem is in how you are constructing the $target_file:

$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);

You need to put a '/' between the $target_dir and the basename of the upload file like:

$target_file = $target_dir . '/'. basename($_FILES["fileToUpload"]["name"]);

Or just set your $target_dir to (note the closing '/'):

$target_dir = "/home/rohit/uploads/"

Without it, it is attempting to move a file in '/home/rohit' which www-data user may not have the relevant permissions.

score 0 · Answer 2 · answered Feb 24 '16 at 23:36

0

This seems like it might be too simple, but if you're getting permissions denied, have you tried setting permissions to 0777 and testing. If it works, try 0775 (instead of 0755). If that works, then the group is causing you the problem. If that is the case, try switching the owner and the group.

chown rohit:www-data tmp_uploads
chown rohit:www-data uploads

answered Feb 24 '16 at 23:36

Simon Willan

378
3
14

Also, be sure to check the result of `$target_file` in case you're missing a slash or something. – Simon Willan Feb 24 '16 at 23:38
yeah it was the missing slash. I've wasted over two hours on that. – Max Feb 24 '16 at 23:41

fusion3k · Answer 3 · 2016-02-25T00:08:18.380

Depending on specific OS/package configuration, Apache can not be able to write outside Document Root.

By the way, in most cases the problem can be simply in the directory tree: each parent directory of destination path should have the execute bit set (x) for Apache user (or for its group, or for all). Only the execute bit, not the read/write permission (except for the directory in which to write, obviously).

So, in your specific case, check if the execute bit is set for

/home
/home/rohit
/home/rohit/uploads

Let me know if it works. For me, it works in most situations.

Can't upload file through php?

3 Answers3