0

I have a simplest php page for just uploading only MS Word or pdf files by a user. The function "move_uploaded_file" simply DOES not work. I have checked the limits in php.ini, checked with file and folder permissions in the target folder everything googled and verified, including to see if SELinux has any issues but it simply refuses to upload and neither is there any error seen as well. Frustrated now and nowhere replies related to EC2 instance are mentioning the solution online. Request experts to help and understand what is going wrong in the code presented below

Mine is a T2 large instance with PHP 7.2.11, Apache/2.4.37 (Red Hat Enterprise Linux), mysqld 8.0.17, still not understanding what is the issue, and no error is logged in error.log as well

<?php

include 'includes/UploadException.php';

define ('SITE_ROOT', realpath(dirname(__FILE__)));

echo "Current User:".get_current_user()."<br />";

if ($_POST['hdnOp'] == "A"){

        $file = $_FILES['resume'];

        $filename = $_FILES['resume']['name'];
        $fileTmpName = $_FILES['resume']['tmp_name'];
        $filesize = $_FILES['resume']['size'];
        $fileerror = $FILES['resume']['error'];
        $filetype = $_FILES['resume']['type'];

        if ($filetype=="application/msword" || $filetype=="application/pdf"){
                $random = rand(1111,9999);
                $newfilename = $random.$filename;
                $uploadpath = "/BMT/UserProfiles/".$newfilename;
                echo "<h2>FILE = ".$newfilename."</h2>";
                echo "<h2>ULPATH = ".$uploadpath."</h2>";
                move_uploaded_file($fileTmpName,$uploadpath);
                if ($_FILES['resume']['error'] === 0){
                        echo "<h3>ALL OK</h3>";
                        echo "ERROR CODE = ".$_FILES['resume']['error']."<br />";
                        echo "File Name :".$newfilename;
                        echo "File Size :".$filesize." kb";
                        echo "File Type :".$filetype;
                } else {
                        throw new UploadException($_FILES['resume']['error']);
                }
        }
}

?>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=yes">
<!-- Bootstrap CSS -->
<!-- <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"> -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
<title>UPLOAD</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.4.1.min.js"></script>
<script type="text/javascript">
function submitForm(this){
        return true;
}
</script>
</head>
<body class="container">
<table class='table table-bordered table-hover table-sm'><body>
<tr><td>
<form id="teacher-form" class="login-form" name="teacher-form" method="POST" enctype="multipart/form-data" action="test.php" onsubmit="return submitForm(this)">
<input type='hidden' name='hdnOp' value='A'>
<div id="form-content"></td></div><td></td></tr>
<tr><td>
<label>Upload Resume<b>*</b>&nbsp;&nbsp;<i>Note: Most recent upload will overwrite earlier version (if any)</i></label><br />
<input type="file" name="resume" id="resume" accept=".pdf,.docx,.doc,.rtf"><br /><div id='errresume'></div>
</td></tr>
<tr><td><input name="submit" type="submit" value="SUBMIT" /></td></tr>
</table>
</div>
</form>
</body>
</html>

I should be able to see the file in /BMT/UserProfiles/ folder

[root@ip-XXX-XX-XX-XXX bmt]# ls -al /BMT/UserProfiles/
total 4
drw-r--r--. 2 apache apache  24 Oct 16 12:17 .
drw-r--r--. 3 apache apache  26 Oct 16 12:05 ..
Krishna Vaddadi
  • 1
  • 1
  • 1
    is PHP error reporting and/or logging switched on? You may not see errors unless it is. I find it unlikely that the function would fail to move the file and yet not report any kind of error or warning. – ADyson Oct 16 '19 at 13:20
  • Hi @ADyson, the log file indicates permission issues for move_uploaded_file(), this is the same message I have been seeing no matter whatever permissions I have changed and checked under /BMT/UserUploads folder or at apache level or at the file level. Is there any other place where i might have missed to check? – Krishna Vaddadi Oct 17 '19 at 12:28
  • ```[root@ip-XXX-XX-XX-XXX php-fpm]# cat www-error.log``` ```[17-Oct-2019 12:05:48 UTC] PHP Warning: move_uploaded_file(/BMT/UserProfiles/6471Forrester Wave Report.pdf): failed to open stream: Permission denied in /var/www/html/bmt/test.php on line 25``` ```[17-Oct-2019 12:05:48 UTC] PHP Warning: move_uploaded_file(): Unable to move '/tmp/phpZaEoHw' to '/BMT/UserProfiles/6471Forrester Wave Report.pdf' in /var/www/html/bmt/test.php on line 25``` – Krishna Vaddadi Oct 17 '19 at 12:32
  • Please add the warning to your question, it's a significant piece of information, not a passing comment. Thanks. Obviously you need to ensure that the write permission is granted to the user account under which php is executing. I don't know your specific config so I would _guess_ that might be the apache account but I can't say for sure. And I can't see what permissions you've actually granted to that folder or its parents (remember that in some **nix OSes parent folders sometimes also need the permission) – ADyson Oct 17 '19 at 12:47
  • Possible duplicate of [move\_uploaded\_file gives "failed to open stream: Permission denied " error after all configurations I did](https://stackoverflow.com/questions/8103860/move-uploaded-file-gives-failed-to-open-stream-permission-denied-error-after) – ADyson Oct 17 '19 at 12:50
  • @ADyson I have checked that post and modified permissions accordingly in my httpd.conf file but to no avail. I have not modified php.ini file for /tmp file location (using default from php) while added a new section in my httpd.conf: – Krishna Vaddadi Oct 18 '19 at 10:38
  • `##### MODIFICATION FOR BMT UPLOADS#######` `` `Options -Indexes` `AllowOverride None` `Order allow,deny` `Allow from all` `# Allow open access:` `Require all granted` `` `##### MODIFICATION DONE - FOR BMT UPLOADS#######` – Krishna Vaddadi Oct 18 '19 at 10:43
  • that conf file controls permissions allowing incoming HTTP requests to access certain paths in your webserver (and therefore be allowed to visit certain URLs). It doesn't control the underlying filesystem permissions, which is the cause of your issue. And the [post I linked to](https://stackoverflow.com/questions/8103860/move-uploaded-file-gives-failed-to-open-stream-permission-denied-error-after) doesn't suggest modifying httpd.conf anyway. In the question the OP lists that as something they did...but it isn't helping because it isn't relevant. The **answers** don't tell you to do that. – ADyson Oct 18 '19 at 10:58
  • 1
    @ADyson finally managed to get the solution to this problem.... `chcon -R --type httpd_sys_rw_content_t /BMT/UserProfiles/` Then stop and start the httpd service Had a doubt if somewhere SELinux was responsible... after this now its working fine. Thanks for all the help and suggestions from your end, really helped me to debug from different perspective – Krishna Vaddadi Oct 21 '19 at 17:55
  • No problem. You know, if you found the solution you may add it as an Answer below, instead of a comment. It's fine to answer your own question. That way, others can vote on it, and the solution is searchable online by others who may have a similar issue (whereas comments do not show up in search results). – ADyson Oct 21 '19 at 18:23

1 Answers1

0

ADyson finally managed to get the solution to this problem....

chcon -R --type httpd_sys_rw_content_t /BMT/UserProfiles/

Then stop and start the httpd service Had a doubt if somewhere SELinux was responsible... after this now its working fine. Thanks for all the help and suggestions from your end, really helped me to debug from different perspective

Krishna Vaddadi
  • 1
  • 1