38

Why would file_put_contents refuse to work for the following code?

$f = file_put_contents("files/r.js", "Some text here");

if ($f) print 1;
else print 0;
steve
  • 3,878
  • 7
  • 34
  • 49
  • what happens if you remove that code.. does the rest of the page render fine? – Famver Tags Jan 02 '11 at 04:38
  • Who is "it", who is giving you an error? In what form you get this error? Are you sure you can see PHP errors at all? – Your Common Sense Jan 02 '11 at 07:49
  • Did you read the question? He said error reporting was on. Don't make comments or answer the questions if you aren't going to read them. – jamesmortensen Jan 02 '11 at 08:16
  • @jmort253 to let you know, in case error reporting **really** turned on, one is able to see complete and unambiguous error message. If there was none - then error reporting wasn't turned on properly. That's LOGIC. – Your Common Sense Jan 02 '11 at 09:10
  • Hm, although `error_reporting` may be enabled, is `display_errors` on? Otherwise the errors will be logged but not displayed in page. – Piskvor left the building Feb 03 '11 at 08:10

5 Answers5

51

It could be a permission problem

Is the directory /files chmoded to 777? sometimes php won't allow you to access directories if they don't have enough permission. I don't know about blank errors though.

Try to see if it has enough permissions, if not, then set it to 777 and try it.

Famver Tags
  • 1,988
  • 2
  • 16
  • 18
  • 21
    This is a bad answer and a bad idea: http://stackoverflow.com/questions/2338641/in-a-php-apache-linux-context-why-exactly-is-chmod-777-dangerous – joemurphy Mar 23 '15 at 21:26
  • 2
    in the other word, you let enough permission to anyone to write something. . – S.M_Emamian Mar 16 '16 at 08:14
  • 7
    @joemurphy It's only a bad idea if you do it in a production environment and then leave the 777 there if it works, instead of treating the test as simply intended to show or eliminate the possibility of permissions being an issue as a step forward. I think the answer should have made it clear though. – Nick Rice Nov 16 '16 at 15:52
  • Great answer, Famver: you saved me much anguish! I recommend that people also have a look at this related question for good advice on the correct directory permissions (see "bad answer" comments): http://stackoverflow.com/questions/4917811/file-put-contents-permission-denied – Parapluie Feb 09 '17 at 21:59
  • 1
    @Parapluie But when you have tried 777, you must then find out what user and group it is supposed to have and fix the problem. 777 is only a step that can be used during troubleshooting, and you must NOT use this later since it is a bad idea from security point of view. – Johan Jun 06 '17 at 08:17
  • @Johan Exactly right… I guess I should have made that part explicit :-) – Parapluie Jun 09 '17 at 18:08
  • @joemurphy Your link doesn't make any sense. Regardless of 777 or not, being able to execute php files is a huge vulnerability. At minimum someone would be able to take down the server continuously until its fixed by consuming resources with dummy phps. That issue should be handled in the htaccess when implementing a user controlled directory, and has nothing to do with execute bits, which would just be salt on the wound. – Nicholas Pipitone Apr 04 '19 at 13:44
  • A few things to address comments here.1. Clearly you don't leave a production directory with 777, unless that directory is /tmp. 2. directories need to be executable in order, and an executable directory don't imply the files are executable. 3. the point of this answer is to determine if permissions are the issue, not to run in production with 777. – Craig Jacobs Sep 12 '19 at 19:23
5

Are you using the full path on the filesystem or are you trying to use the URI? I think this PHP function expects you to give the path as the file is found on the filesystem.

Relative paths should be okay though.

You may need to make sure the file exists and that it's permissions are set to 777. Sometimes I've found that it's not enough to just have the directory permissions set to 777 but the file must also already exist.

jamesmortensen
  • 33,636
  • 11
  • 99
  • 120
  • 4
    This wasn't guesswork. This is from my professional experience. I've run into cases where I couldn't write to a file unless that file existed. Where did you get "a guesswork" from??? Did you even read the question and answer? – jamesmortensen Jan 02 '11 at 08:12
  • 1
    This is a bad answer and a bad idea: http://stackoverflow.com/questions/2338641/in-a-php-apache-linux-context-why-exactly-is-chmod-777-dangerous – joemurphy Mar 23 '15 at 21:26
3

It is because of SELINUX.

You can mark the folder as of type httpd_sys_rw_content_t with this command to enable writing to this folder.

semanage fcontext -a -t httpd_sys_rw_content_t '/files(/.*)?'; restorecon -RF '/files/'
1

We've experienced this, requiring a workaround (regardless of method, permissions and anything else mentioned here). When all other fixes failed, we have found it can be linked to restrictions created by SELinux.

devgroop
  • 129
  • 4
0

If you’re using windows the following solution worked perfectly for me on Windows 10 running php 5.5.38

If you’re having this problem on Windows/IIS try the following:

  1. Go to the Folder that you are trying to write to and right click it, then select properties.
  2. Select the Security Tab
  3. Click Edit
  4. Click Add
  5. Click Advanced
  6. Click Find Now
  7. From the list of User select IUSR and click OK
  8. Click OK again.
  9. The IUSR will be displayed in the top box labelled 'Group of User Names'
  10. Select IUSR and grant necessary permissions in the 'Permissions for BATCH' list view.
  11. Click Apply and then you are done.

The steps may be slightly different for different versions of windows. This also applies to ASP.NET though I think the users you add are the network users (NETWORK AND OR NETWORK SERVICE users) as well as the IUSR.

Milan
  • 177
  • 8
user2288580
  • 2,210
  • 23
  • 16
  • I ran into a similar issue as this where I accidently deleted all users by selecting disable all inheritance on an uploads folder to be able to manage user permissions. If you have done this, then these are great instructions for recreating the IUSR; however, in most use cases you should be able to disable just the inheritance on the IUSR and then modify its permissions directly. – Nosajimiki May 01 '20 at 15:58