PHP mkdir():Permission denied

Question

I have a simple PHP/HTML/CSS app that creates a folder for newly registered users. It worked great on my test site, and not that I am ready to "go live" I get the "mkdir(): Permission denied" error. As far as I know, all settings are the same on both sites and the file permission for the root and uploads folder are set to 755. Everything else is working as expected accept for the code below...

if (count($errors) == 0) {
        $pword = md5($pword_1);//encrypt the pword before saving in the database
        $rand = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz";
        $rand = str_shuffle($rand);
        $folder = substr($rand, 0, 10);
        $regDate = date("Y-m-d");
        $token = 0;
        $tokenExp = 0;
        $curDir = getcwd();

        if(mkdir($curDir . "/uploads/" . $folder, 0755)){
            $query = "INSERT INTO users (uname, email, pword, folder, regDate, token, tokenExp) VALUES ('$uname', '$email', '$pword', '$folder', '$regDate', '$token', '$tokenExp')";
            mysqli_query($db, $query);
            $_SESSION['uname'] = $uname;
            $_SESSION['success'] = "You are now logged in";
            header('location: index.php');
        }else{
            array_push($errors, "An error occurred creating your account!!!");
        }
    }

As far as I can tell not being able to create the user's folder, I am not able to upload files. However, while troubleshooting, I when I manually add the folder to the server, I still get the "path not found" error. Here's the upload file code...

if(isset($_POST['uploads'])){
    $uname = mysqli_real_escape_string($db, $_POST['uname']);
    $name = $_FILES['file']['name'];
    $size = $_FILES['file']['size'];
    $type = $_FILES['file']['type'];
    $tmp_name = $_FILES['file']['tmp_name'];
    $extension = substr($name, strpos($name, '.') + 1);
    $max_size = 2500000; //bytes

    if(empty($name)) {
        echo "<p class='error'>Please Select a File</p>";
    }else{
        if($extension == "jpg" || $extension == "jpeg" || $extension == "gif" || $extension == "tif" || $extension == "png" || $extension == "pdf"){
            if($extension == $size<=$max_size){
                $getFold = "SELECT * FROM users WHERE uname='$uname'";
                $getFold = mysqli_query($db, $getFold);
                while($for = mysqli_fetch_assoc($getFold)){
                    $folder = $for['folder'];
                }
                $location = "uploads/" . $folder . "/";
                if(move_uploaded_file($tmp_name, $location . $name)){
                    $query = "INSERT INTO `upload` (name, size, type, location, uname, folder) VALUES ('$name', '$size', '$type', '$location', '$uname', '$folder')";
                    $result = mysqli_query($db, $query);
                    if($result){
                        echo "<p class='success'>File has been uploaded successfully!!!</p>";
                    }else{
                        echo "<p class='error'>Failed to upload file information to database!!! Filename already exist!</p>";
                    }               
                }else{
                    echo "<p class='error'>Failed to Upload File</p>";
                }
            }else{
                echo "<p class='error'>File size should be 3MB or less</p>";
            }
        }else{
            echo "<p class='error'>The selected file is not a JPG, JPEG, GIF, TIF, PNG, or PDF file type!!!</p>";
        }
    }
}

Answer 1

You need to change the owner of the folder in which you are trying to make subfolders for your users to:

1. apache - in case of CentOS server
2. www-data - in case of Ubuntu server

You can do it with the following command

sudo chown -R www-data /folder

The -R flag means that it's recursive, so the apache/httpd process that is running the php will own all the subfolders you might have created as well.

For more info about this command take a look at this SO post

Answer 2

You create the dir with the permissions 0755 , which means full access for the owner and only read + execute for the others. Change it to 0777 or 0766 ; full access to anyone or full access to the owner and read+write to anyone.
This also applies to the parent folder.

Answer 3

Thank you for your help, I followed your advice and it turned out that my host provider prevented the functionality in an obscure "setting" location accessible via the cPanel. Previously (ie on my older test server/account), the accounts were set up automatically to allow read/write access, the newer accounts are set up to as read-only and require the account owner to make the switch via the setting.