0

I use this form to upload an image to my PHP:

<form method="post" action="http://my.domain/media.php" enctype="multipart/form-data">
    <input type="hidden" name="MAX_FILE_SIZE" value="10485760" />
    <input type="file" name="mediafile"></input>
    <input type="submit"></input>
</form>

And I use this PHP code to retrieve the uploaded file (image):

$mfn = "./upload_test.png";
if (move_uploaded_file($_FILES['mediafile']['tmp_name'], $mfn)) {
    if (file_exists($mfn)) {
        echo 'success';
    } else {
        echo 'Uploaded file didn\'t move to the requested path.';
        print_r($_FILES);
    }
} else {
    echo 'move_uploaded_file error<br/>';
    print_r(error_get_last());
    echo '<br/>';
    print_r($_FILES);
}

When I click the submit button, the move_uploaded_file returns an error. So, I caught debug data with print_r(error_get_last()):

Array (
[type] => 2
[message] => move_uploaded_file(): open_basedir restriction in effect. File() is not within the allowed path(s): (/home/username/:/tmp:/var/tmp:/usr/local/lib/php/)
[file] => /home/username/domains/my.domain/public_html/media.php
[line] => 96 )

and with print_r($_FILES):

Array (
[mediafile] => Array (
    [name] => test.png
    [type] => image/png
    [tmp_name] => /tmp/phpvoQr3i
    [error] => 0
    [size] => 38207 )
)

NOTE: I can't edit php.ini or any admin settings.

HF_
  • 689
  • 3
  • 9
  • 22
  • The error message seems to be pretty clear. The PHP script is not allowed to write into that directory. You need to write to one of the 4 directories listed in the `open_basedir` list. Or change your `php.ini` setting to add more directories. – Barmar Nov 20 '18 at 16:44
  • Hmm... did you delete my comment? Or is S/O messing up... I flagged this as a dupe to that one, yet it claims you did?! How strange. – Adam Nov 20 '18 at 16:50
  • @Barmar, what should I do? How can I move the uploaded file? – HF_ Nov 20 '18 at 16:57
  • @Dammeul When a question is closed as a duplicate, comments that mention the same question are automatically deleted because they're redundant. The close notice only shows users who voted to close, not those who flagged (you don't have enough rep to cast close votes). – Barmar Nov 20 '18 at 16:59
  • @Barmar, please read the end of edited question. – HF_ Nov 20 '18 at 17:00
  • Ahh now I know! Thought I was losing my mind!!! One day I will, maybe ;) – Adam Nov 20 '18 at 17:00
  • Where does the filename `media.png` come from? The filename in the code is `upload_test.png`. – Barmar Nov 20 '18 at 17:04
  • I'm not sure why you're getting the error, since `/home/username/` is in the list, and the filename is `/home/username/domains/my.domain/public_html/media.php` – Barmar Nov 20 '18 at 17:05
  • `upload_test.png` is the path to save the file to server. – HF_ Nov 20 '18 at 17:10
  • The error says `File()`, so, there is no path between parentheses. But it should be as the same of `tmp_name`, but it isn't. When I installed WordPress, I could upload media, such as images. But I don't know how do this work? – HF_ Nov 20 '18 at 17:14
  • Possible duplicate of [open\_basedir restriction in effect. File(/) is not within the allowed path(s):](https://stackoverflow.com/questions/1846882/open-basedir-restriction-in-effect-file-is-not-within-the-allowed-paths) – miken32 Nov 20 '18 at 17:39
  • Have you check folder permissions ? – Sachin Nov 20 '18 at 18:04
  • Yes. I'd check that. – HF_ Nov 20 '18 at 18:07

0 Answers0