PHP Error - Uploading a file

Question

I'm trying to write some php to upload a file to a folder on my webserver. Here's what I have:

<?php
if ( !empty($_FILES['file']['tmp_name']) ) {
    move_uploaded_file($_FILES['file']['tmp_name'], './' . $_FILES['file']['name']);
    header('Location: http://www.mywebsite.com/dump/');
    exit;
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>
    <title>Dump Upload</title>
</head>
<body>
    <h1>Upload a File</h1>
    <form action="upload.php" enctype="multipart/form-data" method="post">
        <input type="hidden" name="MAX_FILE_SIZE" value="1000000000" />
        Select the File:<br /><input type="file" name="file" /><br />
        <input type="submit" value="Upload" />
    </form>
</body>

I'm getting these errors:

Warning: move_uploaded_file(./test.txt) [function.move-uploaded-file]: failed to open stream: Permission denied in E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\upload.php on line 3

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\WINDOWS\Temp\phpA30E.tmp' to './test.txt' in E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\upload.php on line 3

Warning: Cannot modify header information - headers already sent by (output started at E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\upload.php:3) in E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\upload.php on line 4

PHP version 4.4.7 Running IIS on a Windows box. This particular file/folder has 777 permissions.

Any ideas?

Answer 1

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\WINDOWS\Temp\phpA30E.tmp' to './people.xml' in E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\upload.php on line 3

is the important line it says you can't put the file where you want it and this normally means a permissions problem

check the process running the app (normally the webservers process for php) has the rights to write a file there.

EDIT:

hang on a bit I jumped the gun a little is the path to the file in the first line correct?

Answer 2

As it's Windows, there is no real 777. If you're using chmod, check the Windows-related comments.

Check that the IIS Account can access (read, write, modify) these two folders:

E:\inetpub\vhosts\mywebsite.com\httpdocs\dump\
C:\WINDOWS\Temp\

Answer 3

Yeah the path is correct. I renamed the server URL obviously and the file to test.txt.

Answer 4

Try adding a path. The following code works for me:

<?php

if ( !empty($_FILES['file']) ) {
    $from = $_FILES['file']['tmp_name'];
    $to = dirname(__FILE__).'/'.$_FILES['file']['name'];

    if( move_uploaded_file($from, $to) ){
        echo 'Success';   
    } else {
        echo 'Failure';   
    }

    header('Location: http://www.mywebsite.com/dump/');
    exit;
}
?>

Answer 5

OMG

move_uploadd_file($_FILES['file']['tmp_name'], './' . $_FILES['file']['name']);

Don't do that. $_FILES['file']['name'] could be ../../../../boot.ini or any number of bad things. You should never trust this name. You should rename the file something else and associate the original name with your random name. At a minimum use basename($_FILES['file']['name']).

Answer 6

Another think to observe is your directory separator, you are using / in a Windows box..

Answer 7

Add the IIS user in the 'dump' folders security persmissions group, and give it read/write access.