How to determine why PHP's move_uploaded_file fails

Question

Given:

function upload($file_id, $destination) {
  $folder = "/uploads";
  $types = "jpg, jpeg, gif, tiff, png";
  if (! $_FILES [$file_id] ['name'])
      return false;

  $fileName = $_FILES [$file_id] ['name'];

  if (! testExtensions ( $fileName, $types )) {
      echo ("<p>FAILED TEST EXTENSIONS</p>");
      return false;
  }

  $uniqer = substr ( md5 ( uniqid ( rand (), 1 ) ), 0, 5 );
  $fileName = $uniqer . '_' . $fileName; // Get Unique Name
  $path = getPath ( $destination ) . "/";

  $uploadFile = $path . $fileName;

 if (! move_uploaded_file ( $_FILES [$file_id]['tmp_name'], $uploadfile )) {
    return false;
 } else {
    if (! $_FILES [$file_id] ['size']) { // Check if the file is made
        @unlink ( $uploadfile ); // Delete the Empty file
        $file_name = '';
        return false;
    } else {
        chmod ( $uploadfile, 0777 ); // Make it universally writable.
    }
  }

 return $file_name;
}

function getPath($destination) {
  $path = getcwd ();

  $pathParts = explode ( "/", $path );
  array_pop ( $pathParts );

  array_push ( $pathParts, $destination );

  $path = implode ( "/", $pathParts );

  return $path;
}

 function testExtensions($fileName, $types) {
  $extensions = split ( "\.", basename ( $fileName ) );
  $extension = strtolower ( $extensions [count ( $extensions ) - 1] ); // Get the last extension

  $all_types = explode ( ",", strtolower ( $types ) );
  if ($types) {
    if (! in_array ( $extension, $all_types ))
        return false;
  }
  return true;
}

is there any way to test why move_uploaded_file failed? I've generated some trace output to make sure that everything makes sense, but all of the output seems to suggest that move_uploaded_file should be working. However, the function consistently returns false.

Answer 1

There is only probable reason I know that move_uploaded_file fail is the destination of your file. It can be either no permission to the dir or it doesn't exist (aside from syntax error).

To address the issue you have to edit the permission of the destination directory. The principle of least privilege applies. Only give users the rights they need and no more.

In this case, if Apache is only serving up pages, give the user acct no rights to edit. Possible risks include: changing file content or uploading new one; adding executable code to files, etc. These risks exists regardless of whether it is a single site up multiples. If the application has a need to edit a specific file, restrict permissions changes to that file.

Here's how to change it:

[me@linuxbox me]$ chmod 600 some_file

Ideally, you need a permission code

766 - The file's owner may read, write, and execute the file. But others can only read and write.

but to be safe, you can use:

755 - The file's owner may read, write, and execute the file. All others may read and execute the file. This setting is common for programs that are used by all users..

UPDATE

You can change the permission of the whole directory using this command:

find /opt/lampp/htdocs -type d -exec chmod 755 {} \;

assuming that the location is /opt/lampp/htdocs

As Barmar quoted, you can check the size of the file if it is uploaded. The fix I mentioned is when you are moving the files itself.