[英]Cannot create file with PHP using NGINX and php-fpm on CentOS 6.4
Using php-fpm, nginx, CentOS 6.4 File being called = register.php I cannot create a file in my directory /.../wingd/profiles
使用php-fpm,nginx,CentOS 6.4文件被称为= register.php我无法在目录
/.../wingd/profiles
创建文件
Goal: Generate user profiles by creating files when a user registers for my website. 目标:当用户注册我的网站时,通过创建文件来生成用户配置文件。
Error: 错误:
Warning: fopen(profiles/test.txt): failed to open stream: Permission denied in /usr/share/nginx/wingd/register.php on line 150
警告:fopen(profiles / test.txt):无法打开流:在第150行的/usr/share/nginx/wingd/register.php中,权限被拒绝
In my register.php
I have: 在我的
register.php
我有:
$file = fopen("profiles/test.txt", "w") or die("Unable to open file!");
Things I have tried: 我尝试过的事情:
chmod 777
for all files and folders associated (/usr/share/nginx/wingd/profiles all directories listed to the left all are 777 at the moment including 'register.php' (I understand 777 is a security concern and will worry about security later on once I understand the current issue and how to fix) chmod 777
用于关联的所有文件和文件夹(/ usr / share / nginx / wingd / profiles左侧列出的所有目录目前都是777,包括“ register.php”(我知道777是安全问题,会担心安全问题)稍后,一旦我了解了当前问题以及如何解决)
Have used: 用过的:
echo 'Current script owner: ' . get_current_user() . "<br>";
echo 'posix: '.posix_getuid()."<br>";
echo getcwd()."<br>";
$last_line = system('whoami', $retval);
echo $last_line . " " . $retval;
which has shown me that the script owner and the runner of the script is the nginx user. 这告诉我脚本所有者和脚本运行者是nginx用户。
/etc/php-fpm.d/www.conf
and see that 'user = nginx' and 'group = nginx' currently /etc/php-fpm.d/www.conf
并看到当前'user = nginx'和'group = nginx' /var/www
folder and I see a lot of these forum posts about similar issue referring to /var/www
(is this an apache thing only?) /var/www
文件夹,并且我在论坛上看到很多关于/var/www
类似问题的帖子(这仅仅是apache吗?) strace php register.php
strace php register.php
输出 su nginx
and then use touch command to touch /profiles/test.txt. su nginx
,然后使用touch命令触摸/profiles/test.txt。 It did create the file without error php-fpm
is using for a username and what its permissions are set to, not sure how to do this. php-fpm
用于用户名及其权限设置,不确定如何执行此操作。 I saw on another stackoverflow topic that php may be using a username of apache and I tried giving that user ownership of files and got no where. I am not sure what else I can try. 我不确定还能尝试什么。
Code: 码:
<?php
include ("config.php");
?>
<html>
<body>
<a href="index.php">Index</a><br>
<form name="registrationForm" method="post" onsubmit="return validateForm()">
<input type="text" class="form-control" placeholder="Enter username" name="username"><font color="red">*</font>
<input type="text" class="form-control" placeholder="Enter email address" name="email"><font color="red">*</font>
<input type="password" class="form-control" placeholder="Enter password" name="password"><font color="red">*</font>
<input type="text" class="form-control" placeholder="Enter first name" name="first"><font color="red">*</font>
<input type="text" class="form-control" placeholder="Enter last name" name="last"><font color="red">*</font>
<input type="text" class="form-control" placeholder="Enter zip code" name="zip"><font color="red">*</font>
<input class="btn btn-default" type="submit" name="submit" value="Submit">
</form>
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
if (isset($_POST['submit'])){
//if($_SERVER["REQUEST_METHOD"] == "POST"){
$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
$first = $_POST["first"];
$last = $_POST["last"];
$zip = $_POST["zip"];
// Check connection
if ($db->connect_error) {
die("Connection failed: ".$db->connect_error);
}
//flag to detect if the username exists in db
$flag = 0;
$sql = "SELECT username FROM users WHERE username = '".$username."';";
$result = $db->query($sql);
if ($result->num_rows > 0) {
$flag = 1;
}
//If the username already exists then alert the user, else insert the record to the db and send user to login.php
if ($flag == 1){
echo "<script>alert(\"Sorry, that username is already taken. Please choose another.\");</script>";
}
else {
$sql = "INSERT INTO users (first, last, username, email, password, zip) VALUES ('".$first."', '".$last."', '".$username."', '".$email."', '".$password."', '".$zip."')";
if ($db->query($sql) === TRUE) {
//echo "Registration successful";
//$filename = "/profiles/".$username.".php";
//chmod($filename,0777);
echo 'Current script owner: ' . get_current_user() . "<br>";
echo 'posix: '.posix_getuid()."<br>";
echo getcwd()."<br>";
$last_line = system('whoami', $retval);
echo $last_line . " " . $retval;
$file = fopen("profiles/test.txt", "w") or die("Unable to open file!");
//$txt = "This is a user profile for ".$username;
//fwrite($file, $txt);
fclose($file);
//header('Location: login.php');
} else {
echo "Registration error, please try again later.";
}
}
}
$db->close();
?>
</body>
So I am no longer going to try to implement my idea by creating potentially hundreds, thousands, etc.. of user profile files on my server but rather follow what seems to be convention now to just have one profile page that is then populated with data based on parameters. 因此,我不再尝试通过在服务器上创建潜在的成百上千的用户配置文件来实现我的想法,而是遵循现在似乎已经习惯的做法,只有一个配置文件页面然后填充数据根据参数。 That parameter (like user id or username) could then be used in a pull from the database and voila, you dont have TONS of files and is much better also for security concerns.
该参数(例如用户ID或用户名)随后可用于从数据库中拉出,瞧,您没有TONS文件,并且出于安全性考虑也要好得多。 Thanks for all who took the time to read, and/or respond to this to help me.
感谢所有花时间阅读和/或回复此内容对我有帮助的人。 Hope this post will help other users with my same tech stack and initial design thoughts in the future.. Takeaway: Ask how to best solve the problem/idea rather than asking how to best fix the issue you are dealing with, with your current design/implementation idea.
希望这篇文章将来能以我相同的技术栈和初步的设计思想为其他用户提供帮助。.总结:询问如何最好地解决问题/想法,而不是询问如何以当前的设计来最好地解决您正在处理的问题/实施思路。
See the following for a better explanation and code snippet: Generate Profile Page Upon Registration - PHP 请参阅以下内容以获得更好的解释和代码段: 注册时生成配置文件页面-PHP
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.