tags:

views:

1129

answers:

2

I'm running PHP 5.2.6 on a Windows Server 2003 Enterprise box. IIS is set to deny anonymous access and use Integrated Windows authentication.

I'm using a PHP script to save a file uploaded from a web form. The file is uploaded to a temp folder, the script creates a file name and path depending on other variables from the web form, and then the script uses PHP's move_uploaded_file() to move the temp file to the final location. All that works fine. In short, people are uploading files so everyone in the group can see them and the files are organized by the script.

My problem is that the file in the final location has odd permissions. It is not ending up with permissions from either the temp location or the final location. Both the temp location and final location have the same permissions: full rights for owner and administrations; read and read/execute for 2 specific AD security groups. The final file ends up with only: full rights for owner and administrations. So while the admins and the original uploader have no problem viewing the file, all others in the group get "permission denied" when trying to access it.

Any ideas or suggestions will be greatly appreciated! Thanks!

+2  A: 

This seems to be an issue with the move_uploaded_file() function:
http://us3.php.net/move_uploaded_file
Take a look at the comments below, take note of Florian's comment about copy().

Would copy() solve the issue?:
http://us3.php.net/manual/en/function.copy.php

Chris Roland
That worked. Thanks!
No problem, glad I could help.
Chris Roland
It would be wise to verify that is_uploaded_file() returns true on the temporary file if you are using copy(), as move_uploaded_file() implements this check
Tom Haigh
A: 

from the php page on move_uploaded_file (nb: this worked for me):

For those using PHP on Windows and IIS, you SHOULD set the "upload_tmp_dir" value in php.ini to some directory around where your websites directory is, create that directory, and then set the same permissions on it that you have set for your websites directory. Otherwise, when you upload a file and it goes into C:\WINDOWS\Temp, then you move it to your website directory, its permissions will NOT be set correctly. This will cause you problems if you then want to manipulate that file with something like ImageMagick's convert utility.