使用blueimp jQuery-File-Upload上传时出现权限错误

Question

I have a problem with the jQuery-File-Upload. I'm using it with PHP code and I would to upload the file in different folder based on the logged user. For example if the logged user has code 'abcd', I would to upload the file in 'upload/2017/abcd/'.

To do this I wrote this code:

$(function () {
        'use strict';
        // Change this to the location of your server-side upload handler:
        var url = 'upload/<?= $year?>/<?= $logged_user?>';
        $('#fileupload').fileupload({
            acceptFileTypes: /(\.|\/)(gif|jpe?g|png)$/i,
            upload_dir: url,
            upload_url: url,
            url: url,
            dataType: 'json',
            done: function (e, data) {
                $.each(data.result.files, function (index, file) {
                    $('<p/>').text(file.name).appendTo('#files');
                });
            },
            progressall: function (e, data) {
                var progress = parseInt(data.loaded / data.total * 100, 10);
                $('#progress .progress-bar').css(
                    'width',
                    progress + '%'
                );
            }
        }).prop('disabled', !$.support.fileInput)
            .parent().addClass($.support.fileInput ? undefined : 'disabled');
    });

The folders exists, and has the correct permission (0777), but when I try to upload, I have this error message:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /upload/2017/abcd/ on this server.<br />
</p>
</body></html>

Answer 1

According to the docs :

url

A string containing the URL to which the request is sent.

This should be an upload handler, eg a PHP script, which will do the work of validating, naming, and moving the files into place. The code you show above even includes a comment saying the same thing:

// Change this to the location of your server-side upload handler:

But it looks like you are using url to specify a target directory to save files in:

var url = 'upload/<?= $year?>/<?= $logged_user?>';

The blueimp/jQuery-File-Upload distribution includes a set of PHP files for the server-side implementation, it looks like index.php is supposed to be the one you should point url at. I am not familiar with the plugin or the back end handler, but looking through the source I can see where the upload directory is specified, on line 47 :

'upload_dir' => dirname($this->get_server_var('SCRIPT_FILENAME')).'/files/',

That is one place you could do your year/user/ directory customisation.

As to why you are seeing the 403 Forbidden error: as you've specified a directory as the url , that's where fileupload will POST the files. Your url has no trailing slash ( upload/2017/abcd ), and Apache will forward that - as a GET - to the same directory with the trailing slash. Since there is no suitable index file in the directory to handle the request (no index.html , index.php , and/or whatever you have configured as DirectoryIndex in Apache), Apache will attempt to do a directory listing. However you have directory listing disabled ( Options -Indexes ), so you get a 403 Forbidden . You should be able to verify all this by looking in your browser devtools, clicking the Network tab, and examining the requests there.

As a side note, you are specifying upload_dir and upload_url options for the fileupload() in your Javascript, but those are variables in the back-end PHP handler I linked to above. They're PHP variables, and won't have any effect in your Javascript, you should remove them to avoid confusion.