PHP mkdir():Permission denied

Question

I have a simple PHP/HTML/CSS app that creates a folder for newly registered users. It worked great on my test site, and not that I am ready to "go live" I get the "mkdir(): Permission denied" error. As far as I know, all settings are the same on both sites and the file permission for the root and uploads folder are set to 755. Everything else is working as expected accept for the code below...

if (count($errors) == 0) {
        $pword = md5($pword_1);//encrypt the pword before saving in the database
        $rand = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz";
        $rand = str_shuffle($rand);
        $folder = substr($rand, 0, 10);
        $regDate = date("Y-m-d");
        $token = 0;
        $tokenExp = 0;
        $curDir = getcwd();

        if(mkdir($curDir . "/uploads/" . $folder, 0755)){
            $query = "INSERT INTO users (uname, email, pword, folder, regDate, token, tokenExp) VALUES ('$uname', '$email', '$pword', '$folder', '$regDate', '$token', '$tokenExp')";
            mysqli_query($db, $query);
            $_SESSION['uname'] = $uname;
            $_SESSION['success'] = "You are now logged in";
            header('location: index.php');
        }else{
            array_push($errors, "An error occurred creating your account!!!");
        }
    }

As far as I can tell not being able to create the user's folder, I am not able to upload files. However, while troubleshooting, I when I manually add the folder to the server, I still get the "path not found" error. Here's the upload file code...

if(isset($_POST['uploads'])){
    $uname = mysqli_real_escape_string($db, $_POST['uname']);
    $name = $_FILES['file']['name'];
    $size = $_FILES['file']['size'];
    $type = $_FILES['file']['type'];
    $tmp_name = $_FILES['file']['tmp_name'];
    $extension = substr($name, strpos($name, '.') + 1);
    $max_size = 2500000; //bytes

    if(empty($name)) {
        echo "<p class='error'>Please Select a File</p>";
    }else{
        if($extension == "jpg" || $extension == "jpeg" || $extension == "gif" || $extension == "tif" || $extension == "png" || $extension == "pdf"){
            if($extension == $size<=$max_size){
                $getFold = "SELECT * FROM users WHERE uname='$uname'";
                $getFold = mysqli_query($db, $getFold);
                while($for = mysqli_fetch_assoc($getFold)){
                    $folder = $for['folder'];
                }
                $location = "uploads/" . $folder . "/";
                if(move_uploaded_file($tmp_name, $location . $name)){
                    $query = "INSERT INTO `upload` (name, size, type, location, uname, folder) VALUES ('$name', '$size', '$type', '$location', '$uname', '$folder')";
                    $result = mysqli_query($db, $query);
                    if($result){
                        echo "<p class='success'>File has been uploaded successfully!!!</p>";
                    }else{
                        echo "<p class='error'>Failed to upload file information to database!!! Filename already exist!</p>";
                    }               
                }else{
                    echo "<p class='error'>Failed to Upload File</p>";
                }
            }else{
                echo "<p class='error'>File size should be 3MB or less</p>";
            }
        }else{
            echo "<p class='error'>The selected file is not a JPG, JPEG, GIF, TIF, PNG, or PDF file type!!!</p>";
        }
    }
}

Possible duplicate of [PHP mkdir: Permission denied problem](https://stackoverflow.com/questions/5246114/php-mkdir-permission-denied-problem) — Alexandre Elshobokshy, Nov 07 '18 at 08:46
you are able to `mkdir` on a path if 1) the permission for that file is 777, or 2) the ownership of that file is for the server user , in most cases it is the `www-data` user. check out the ownership in your test site. — hassan, Nov 07 '18 at 08:46

score 1 · Answer 1 · answered Nov 07 '18 at 09:27

1

You need to change the owner of the folder in which you are trying to make subfolders for your users to:

apache - in case of CentOS server
www-data - in case of Ubuntu server

You can do it with the following command

sudo chown -R www-data /folder

The -R flag means that it's recursive, so the apache/httpd process that is running the php will own all the subfolders you might have created as well.

For more info about this command take a look at this SO post

answered Nov 07 '18 at 09:27

Sasa Blagojevic

2,110
17
22

Sorry, I am quite new to this. Where do I add the "sudo" command? In my .htaccess or php.ini file? I used the recursive option via FileZilla, is this the same thing? I also changed the mkdir function to... if(mkdir($curDir . "/uploads/" . $upToken, 0777, true)){ Also. Tried changing permissions to 766 and 777 in the code and via FileZilla. Still get the error. When I watch https://www.youtube.com/watch?v=ff76Z3hJSKA and https://www.youtube.com/watch?v=4U7PxdAwvM8 it looks like they are using the CMD prompt on their local computer, not a server. – jjd79 Nov 09 '18 at 01:08
Well, you need to `ssh` into your server and then do what I sad. Since you mentioned CMD prompt I guess you are using WIndows. To be able to ssh into your server on Windows you'll need a small program called [Putty](https://www.chiark.greenend.org.uk/~sgtatham/putty/). When you download and open Putty the simplest way you can ssh into your server is `ssh username@domain.com` or `ssh username@ipadress`, the ip address being the ip address of your server. – Sasa Blagojevic Nov 09 '18 at 07:39
ok, so I tried SSH and Telnet and all the ports I can think of 21 - 25. I keep getting the "Network error: Connection timed out" error. Is there a setting I am missing? – jjd79 Nov 12 '18 at 05:16
Maybe your `ssh` is configured to listen on a different port, you should check the documentation of your server provider or maybe something from this [SO post](https://unix.stackexchange.com/questions/148956/how-do-i-work-out-which-port-to-log-in-on-with-ssh) can help – Sasa Blagojevic Nov 12 '18 at 07:50

score 0 · Answer 2 · answered Nov 07 '18 at 08:52

0

You create the dir with the permissions 0755, which means full access for the owner and only read + execute for the others. Change it to 0777 or 0766; full access to anyone or full access to the owner and read+write to anyone.
This also applies to the parent folder.

answered Nov 07 '18 at 08:52

Lithilion

1,097
2
11
26

Tried changing permissions to 766 and 777 in the code and via FileZilla. Still get the error. – jjd79 Nov 09 '18 at 00:54
I also added "true" to the mkdir function...if(mkdir($curDir . "/uploads/" . $upToken, 0777, true)){ – jjd79 Nov 09 '18 at 00:55
Did you also applied these permissions to the parent folder? – Lithilion Nov 09 '18 at 07:29
Yes, I applied 777 to the parent folder and still receive the error. – jjd79 Nov 12 '18 at 04:07

score 0 · Accepted Answer · answered Mar 08 '19 at 00:43

0

Thank you for your help, I followed your advice and it turned out that my host provider prevented the functionality in an obscure "setting" location accessible via the cPanel. Previously (i.e. on my older test server/account), the accounts were set up automatically to allow read/write access, the newer accounts are set up to as read-only and require the account owner to make the switch via the setting.

answered Mar 08 '19 at 00:43

jjd79

25
1
1
5

1

It's not clear who are you thanking? It's better to give direct attribution "Thanks to USERNAME advice... etc". – brasofilo Mar 08 '19 at 01:38

PHP mkdir():Permission denied

3 Answers3