8

Introduction

I'm trying to achieve something relatively simple, in a potentially complicated environment. I would like to upload files, from a JavaScript widget (Netvibes UWA format) to a local intranet server, using the plupload jQuery UI plugin.

Problem

I've set my code up seemingly correctly - the plupload container appears and I can happily select and upload files. The uploading seems to work - each file hits 100% - but when I check my Firebug console, I get the following error:

OPTIONS upload.php - 403 Forbidden

And the files does not upload to my specified files directory.

Firebug Net output

Environment

  • Origin server is frogserver.curriculum.local on internal IP 192.168.3.15
  • Recipient server is staff.curriculum.local on internal IP 192.168.3.60
  • Origin server is linux, but I have no direct access to HTML/JS/PHP/SQL, everything has to be done via the aforementioned Netvibes Universal Widget API. It's an enclosed Virtual Learning Environment solution provided by www.frogtrade.com
  • Recipient server is Windows/IIS

Code

JavaScript

widget.onLoad = function(){
    $( "#datetime" ).datepicker({ dateFormat: "yy-mm-dd" });
    Input.init();

    /* plupload */
    $("#uploader").plupload({
        // General settings
        runtimes : 'html5,flash,html4',
        url : 'http://staff.curriculum.local/frog/LOTS/upload.php',
        max_file_size : '1000mb',
        max_file_count: 20, // user can add no more then 20 files at a time
        chunk_size : '1mb',
        rename: true,
        multiple_queues : true,

        // Resize images on clientside if we can
        resize : {width : 320, height : 240, quality : 90},

        // Rename files by clicking on their titles
        rename: true,

        // Sort files
        sortable: true,

        // Specify what files to browse for
        filters : [
            {title : "Image files", extensions : "jpg,gif,png"},
            {title : "Zip files", extensions : "zip,avi"}
        ],

        // Flash settings
        flash_swf_url : '/user/74/186718.swf'
    });

    // Client side form validation
    $('form').submit(function(e) {
        var uploader = $('#uploader').plupload('getUploader');

        // Files in queue upload them first
        if (uploader.files.length > 0) {
            // When all files are uploaded submit form
            uploader.bind('StateChanged', function() {
                if (uploader.files.length === (uploader.total.uploaded + uploader.total.failed)) {
                    $('form')[0].submit();
                }
            });

            uploader.start();
        } else
            alert('You must at least upload one file.');

        return false;
    });
}

HTML

<form  method="post" action="../dump.php">
    <div id="uploader">
        <p>Your browser doesn't have Flash, Silverlight, Gears, BrowserPlus or HTML5 support.</p>
    </div>
</form>

PHP

The PHP script I'm using is the bundled upload.php file handling script, with the addition of this code at the top:

// * - stands for all domains
header("Access-Control-Allow-Origin: *");

I've also changed the upload directory target:

// Settings
//$targetDir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
$targetDir = 'files';

Thoughts

  • I'm not sure if this is classed as being a "cross-domain" file transfer or not? I've tried to set it up as if it is, hence the Access-Control-Allow-Origin header in my PHP script
  • The Netvibes UWA and VLE setup may be getting in the way, somehow
  • The IIS permissions on the LOTS folder for the Internet Guest account appears to be correct (i.e. "Read" permissions) but I'm not entirely sure; it has "Deny" on "Special Permissions" and I can't seem to see what those permissions are, or change that

Edit: IIS Permissions

Just checked, and everything seems correct:

Permissions

turbonerd
  • 1,234
  • 4
  • 27
  • 63
  • 2
    Upvoting purely for the effort you've put into your post, truely hope you get this resolved by someone soon. – duellsy Apr 22 '13 at 10:35
  • 1
    Have you tried setting full 777 permissions just to see if permissions are playing a part? – duellsy Apr 22 '13 at 10:36
  • Thanks duellsy. I've just double-checked and the IIS Guest Account only has `WRITE` access denied. I don't think that's the problem here - Firebug seems to be reporting that `READ` access to my `upload.php` script is being denied. – turbonerd Apr 22 '13 at 10:51
  • I've added in a screenshot of the permissions from IIS. – turbonerd Apr 22 '13 at 10:56
  • Just for sh*ts and giggles, give it write access, had a look on google and found this https://discussion.dreamhost.com/thread-48335-post-48346.html#pid48346 which doesn't seem to make sense, but seems similar – duellsy Apr 22 '13 at 10:56
  • I've just tried that (as per Bigood's answer), and nothing has changed. – turbonerd Apr 22 '13 at 11:14
  • 1
    Bugger, at least that rules out permissions then! – duellsy Apr 22 '13 at 11:16
  • If not done, first, check if you can execute php scripts by putting a hello world php script in the same directory as your upload.php. Then, have your hello world write some txt content on the disk to the same location as upload.php would. If successful, this should rule out rights problems. If not successfull, ensure that the account running the script is the one you think. If network shares are involved you might have to set some rights for the network service account of the maching running the script. – jbl Apr 22 '13 at 12:43

1 Answers1

1

[Edit] CORS

As permissions seems alright, that might be a CORS problem.

I stumbled upon monsur's answer on this question : Is it possible to use XMLHttpRequest across Domains , quoting :

A CORs request actually consists of two physical HTTP requests: 1) The preflight request, and 2) the actual request. The request you posted above looks like the preflight request, since it is uses the HTTP OPTIONS method. So the first thing you have to do is verify that your server accepts OPTIONS requests (I believe this should just work, but it may explain why you are receiving a 403).

Permissions

According to this doc :

Create a separate folder for your uploaded content and change the NTFS file permissions on the upload folder

By doing this, you can configure the behavior of uploaded content differently from the rest of your Web application. Grant the upload folder Read and Write permissions for the IIS worker process identity. For IIS 6.0 in Windows Server 2003, you can use the IIS_WPG user group for this. For IIS 7.0 and later, you can use the IIS_IUSRS user group.

You might be checking permissions for the wrong user (IUSR_ASHVOIP), try IIS_WPG (seems to be this one for you) or IIS_IUSRS depending on your configuration.

Community
  • 1
  • 1
Maen
  • 10,603
  • 3
  • 45
  • 71
  • Thanks for your help, Bigood. I've just asked our Network Manager to add those permissions (then I checked them myself), but sadly, the script is still doing exactly the same thing :( – turbonerd Apr 22 '13 at 11:13
  • For reference, we gave `Full Control` to both `IIS_WPG` and `IIS_IUSRS` on the `LOTS` folder and the `LOTS\files` subfolder. – turbonerd Apr 22 '13 at 11:14
  • @dunc Edited my answer, it might be a problem of CORS. Have a look on the SO link! – Maen Apr 22 '13 at 11:36
  • Thanks again Bigood (+1 for you), but even with the extra CORS headers I'm having the same problem. Guess the issue lies with my VLE and UWA widget setup... :( – turbonerd Apr 22 '13 at 12:12
  • @dunc I can't help you further, sorry! Let us know if you find a solution, I'm curious! – Maen Apr 23 '13 at 07:42