File uploaders working on local server, failing when uploaded to Godaddy hosted space.

[mstabosz]

So this might be a problem that I have to take up with my hosting provider, but maybe you guys can help me through it.

 

I wrote this web site called Geoquitties.  It's sorta like the old Geocities... you sign up for an account, then you get a folder that you can upload files to.  You can also create new directories.  I'm not trying to, like, commercialize this or anything.  I made it as a project for school and also as a thing I can show off.

 

So I wrote all this on my personal computer, which is running XAMPP 3.1.0.  It all worked just fine   Then I tried to upload it to my GoDaddy account.  Now I get this when I try to upload files there:

 

Warning: move_uploaded_file(./mstabosz/csb.log) [function.move-uploaded-file]: failed to open stream: Permission denied in D:\Hosting\8734914\html\geoquitties\uploader.inc on line 55

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'D:\Temp\php\phpA592.tmp' to './mstabosz/csb.log' in D:\Hosting\8734914\html\geoquitties\uploader.inc on line 55

 

I guess it's spitting out those error messages because I didn't do a lot of error checking in my own code, so it gives the PHP default stuff.  I'm not sure what code to post because the code, I think, is okay, and there's kind of a lot of probably irrelevant code.  Here's the code for the form that makes the uploader blocks and moves the files.

	//Use the session variable if available.
	//Use the default value of 5 if not.
	if(isset($_SESSION['blocks']))
		$blocks = $_SESSION['blocks'];
	else
		$blocks = 5;
	
			
	//Create a new block of uploaders.
	$uploaders = new uploaderChunk($blocks);
	
	//The name of a particular upload field.
	$uploaderName;
			
	//Upload any files available.
	for($i = 1; $i <= $blocks; $i++)
	{
		$uploaderName = "uploader" .$i;
		if(!empty($_FILES[$uploaderName]['name']))
			$uploaders->moveFiles($uploaderName);
	}

	 

and here's the uploader.inc class it refers to.  Line 55 reads:                    

 

$fileUploadSuccess = move_uploaded_file($_FILES[$upName]['tmp_name'], "$currentDir/$fileName");

<?php
	    class uploaderChunk
	    {
	    	private $classUploaderName;
	    	private $numBlocks;
	    	
	    	public function __construct($blocks)
	    	{	    		
	    		//Start off the uploader form.
	    		echo <<<FORMSTART
	    		<div id="uploaderchunk" class="formbox">
	    		<form action="uploadpage.php" method="post" enctype="multipart/form-data">
				<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
FORMSTART;
	    		//Set up a count of the number of blocks in the chunk.
	    		$this->numBlocks = $blocks;
	    		//Make the uploader blocks.
	    		for($i = 1; $i <= $this->numBlocks; $i++)
	    		{
	    			$this->classUploaderName = "uploader" .$i;
	    			$this->makeUploaderBlock();
	    		}
	    		
	    		//Build the submit button for the chunk.
	    		echo '<input type="submit" name="uploadButton" value="Upload now!" />';
	    		//Close out the uploader form.
	    		echo "\n</form>";
	    		echo "\n</div>";
	    	}
	    
		    private function makeUploaderBlock()
		    {
		    	echo <<<UPLOADERBLOCK
		    			<div class="uploader">
		    			<input type = "file" name="$this->classUploaderName" />
		    			</div>
UPLOADERBLOCK;
		    }
		    public function moveFiles($upName)
		    {
		    	//The currently logged on user.
		    	$currentDir = $_SESSION['currentDirectory'];
		    	
		    	//Boolean to tell if the file uploaded successfully.
		    	$fileUploadSuccess = FALSE;
		    	
		   	 
				//A file box was not empty.
				if(!empty($_FILES[$upName]['name']))
				{
					//Get the name of the file in the current uploader box.
					$fileName = $_FILES[$upName]['name'];
					
					//Move uploaded file from temp directory to permanent location.
					$fileUploadSuccess = move_uploaded_file($_FILES[$upName]['tmp_name'], "$currentDir/$fileName");
					print "<br>Results:  " .$_FILES[$upName]['error'];
					if($fileUploadSuccess)
					{
						$this->showAlertMessage("File $fileName uploaded successfully");
						header('Refresh: 5;url=uploadpage.php?trimslash=YES');
					}
					else
						echo "<p class=\"errormessage\">Problem uploading file $fileName!</p>";
				}
		    }
	    }	//End of uploaderChunk class.
?>

Again I'm not sure if that's relevant because the code works okay on my development machine.  Is there anything I can add that will make it work when I upload it?  Or should I contact Godaddy support?  I'm not sure how to approach this.

[Ch0cu3r]

Its a file permissions issue. The mstabosz folder needs to have the correct write permissions set so PHP can write uploaded files to that folder, by default on linux based servers non owners of folders/files can only read.

Try chmod'ing the mstabosz folder to 755 using chmod before you use move_uploaded_file function.

Edited October 11, 2013 by Ch0cu3r

[mstabosz]

Its a file permissions issue. The mstabosz folder needs to have the correct write permissions set so PHP can write uploaded files to that folder, by default on linux based servers non owners of folders/files can only read.

Try chmod'ing the mstabosz folder to 755 using chmod before you use move_uploaded_file function.

 

So you're saying I should do this at line 55 where I move the uploaded file?

//Set file permissions.
chmod($currentDir,755);
					
//Move uploaded file from temp directory to permanent location.
$fileUploadSuccess = move_uploaded_file($_FILES[$upName]['tmp_name'], "$currentDir/$fileName");

Tried that, got Warning: chmod() [function.chmod]: Permission denied in D:\Hosting\8734914\html\geoquitties\uploader.inc on line 55

 

followed by the same errors as before.

[Ch0cu3r]

OK, you'll do it via FTP or Godaddys Account Manager. Change the chmod permission to 0755 for the mstabosz  folder

[mstabosz]

OK, you'll do it via FTP or Godaddys Account Manager. Change the chmod permission to 0755 for the mstabosz  folder

 

That got it.  Thanks. I meant to tell you on Friday evening but got caught up in other things.

 

It looks like it's working, except now I get this message.

 

Warning: Cannot modify header information - headers already sent by (output started at D:\Hosting\8734914\html\geoquitties\uploadpage.php:227) in D:\Hosting\8734914\html\geoquitties\uploader.inc on line 63

 

Which was probably caused by this:

					if($fileUploadSuccess)
					{
						echo '<p class="informationmessage">"File ' .$fileName .' uploaded successfully"</p>';
						header('Refresh: 5;url=uploadpage.php?trimslash=YES');
					}
					else
						echo "<p class=\"errormessage\">Problem uploading file $fileName!</p>";

Which is probably due to that thing I read about how you're not supposed to add headers after output has echoed to the screen.  I threw in some output buffering and it seems to work okay now.  I was using headers like that to redirect the page in about a dozen different places.  My dev machine didn't seem to mind but the remote server is much more strict.  Looks like I've got a fair bit of testing to do.  :Q  Oh well.  Thanks a bunch for your help.

[Ch0cu3r]

What you should be doing is processing any input, before sending any output.

 

you are outputting your sites page html layout etc in uploadpage.php. Then on line 227 you are including uploader.inc and setting a header on line 63 of that file. The code in uploader.inc should be ran before you start outputting anything. Output buffering is not really a solution. 

 

Also rename your uploader.inc file to uploader.inc.php. If that file is in a publicly accessible folder someone could go to yoursite.com/uploader.inc and see the raw PHP source code of that file! Always end any file that contains PHP code with .php then the raw PHP source code wont be shown.

 

The reason your development server doesn't flag up the error is because you have output buffering enabled in the php.ini

Edited October 13, 2013 by Ch0cu3r