I have a simple PHP/HTML/CSS app that creates a folder for newly registered users. It worked great on my test site, and not that I am ready to “go live” I get the “mkdir(): Permission denied” error. As far as I know, all settings are the same on both sites and the file permission for the root and uploads folder are set to 755. Everything else is working as expected accept for the code below…
if (count($errors) == 0) {
$pword = md5($pword_1);//encrypt the pword before saving in the database
$rand = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz";
$rand = str_shuffle($rand);
$folder = substr($rand, 0, 10);
$regDate = date("Y-m-d");
$token = 0;
$tokenExp = 0;
$curDir = getcwd();
if(mkdir($curDir . "/uploads/" . $folder, 0755)){
$query = "INSERT INTO users (uname, email, pword, folder, regDate, token, tokenExp) VALUES ('$uname', '$email', '$pword', '$folder', '$regDate', '$token', '$tokenExp')";
mysqli_query($db, $query);
$_SESSION['uname'] = $uname;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else{
array_push($errors, "An error occurred creating your account!!!");
}
}
As far as I can tell not being able to create the user’s folder, I am not able to upload files. However, while troubleshooting, I when I manually add the folder to the server, I still get the “path not found” error. Here’s the upload file code…
if(isset($_POST['uploads'])){
$uname = mysqli_real_escape_string($db, $_POST['uname']);
$name = $_FILES['file']['name'];
$size = $_FILES['file']['size'];
$type = $_FILES['file']['type'];
$tmp_name = $_FILES['file']['tmp_name'];
$extension = substr($name, strpos($name, '.') + 1);
$max_size = 2500000; //bytes
if(empty($name)) {
echo "<p class='error'>Please Select a File</p>";
}else{
if($extension == "jpg" || $extension == "jpeg" || $extension == "gif" || $extension == "tif" || $extension == "png" || $extension == "pdf"){
if($extension == $size<=$max_size){
$getFold = "SELECT * FROM users WHERE uname='$uname'";
$getFold = mysqli_query($db, $getFold);
while($for = mysqli_fetch_assoc($getFold)){
$folder = $for['folder'];
}
$location = "uploads/" . $folder . "/";
if(move_uploaded_file($tmp_name, $location . $name)){
$query = "INSERT INTO `upload` (name, size, type, location, uname, folder) VALUES ('$name', '$size', '$type', '$location', '$uname', '$folder')";
$result = mysqli_query($db, $query);
if($result){
echo "<p class='success'>File has been uploaded successfully!!!</p>";
}else{
echo "<p class='error'>Failed to upload file information to database!!! Filename already exist!</p>";
}
}else{
echo "<p class='error'>Failed to Upload File</p>";
}
}else{
echo "<p class='error'>File size should be 3MB or less</p>";
}
}else{
echo "<p class='error'>The selected file is not a JPG, JPEG, GIF, TIF, PNG, or PDF file type!!!</p>";
}
}
}
Advertisement
Answer
Thank you for your help, I followed your advice and it turned out that my host provider prevented the functionality in an obscure “setting” location accessible via the cPanel. Previously (i.e. on my older test server/account), the accounts were set up automatically to allow read/write access, the newer accounts are set up to as read-only and require the account owner to make the switch via the setting.