dongpo1599 2018-07-18 00:23
浏览 50

无法从PHP创建的目录中删除图像。 PHP问题与apache安全问题

I've written code for referring providers to upload images and documents to our site during the referral process. The script works, the directory is created, the image is renamed and uploaded. My issue is that I cannot physically delete the files (using Filezilla and Dreamweaver).

Could this be an issue with the script or would this be an issue with something in Apache setup?

I had thought to try and add something like this but it uploads the file but the $img_file does not get copied to the database and when I view the chmod settings for the image they're set at 644, so clearly the below snippet isn't working as expected. 

       // rename uploaded file
        $img_file = chmod("$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '_' . rand(1000000000,1000000000000).".".$imgExt", 755);

Note: I know that there are two portions to the script, 1 with this and 1 without. I've tried it both ways.

I am not able to change the chmod settings in Filezilla, which leads me to believe that there is maybe something with the Apache settings?

My script is:

<?PHP
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

$mysqli = new mysqli("xxx", "xxx", "xxx", "xxx");
$mysqli->set_charset("utf8");
$mysqli->query("SET NAMES 'utf8'");

if (mysqli_connect_error()) { echo mysqli_connect_error(); exit; }

// check to make sure the form was submitted 
if (isset($_POST['Upload'])){

// derm form ID 
if(isset($_POST['dermdvmID']))
   {
    $id = $_POST["dermdvmID"];
   }    
else {
    $id = NULL;
 }  

// PA or Case Number    
if(isset($_POST['UMNCaseNo']))
   {
    $UMNCaseNo = $_POST["UMNCaseNo"];
   }    
else {
    $UMNCaseNo = $_POST["dermdvmID"];
 }

// Client Name  
if(isset($_POST['ClientName']))
   {
    $ClientName = $_POST["ClientName"];
   }    
else {
    $ClientName = NULL;
 }  

// Patient Name 
if(isset($_POST['Pet_Name']))
   {
    $Pet_Name = $_POST["Pet_Name"];
   }    
else {
    $Pet_Name = NULL;
 }      

      // Image File Information
      $imgFile = $_FILES['file']['name'];
      $tmp_dir = $_FILES['file']['tmp_name'];
      $imgSize = $_FILES['file']['size'];

      // Upload to Directory
      $upload_dir = '/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/'; // upload directory

      // Check to see if the Directory already exists. If not, create the directory and give settings 0777
       if (!is_dir('/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/')) {
        mkdir('/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/', 0777, TRUE);

       }

       // Get file extension
       $imgExt = strtolower(pathinfo($imgFile,PATHINFO_EXTENSION)); // get file extension

       // valid file extensions
       $valid_extensions = array('jpeg', 'jpg', 'png', 'gif', 'tif', 'bmp', 'dicom', 'dcm', 'pdf', 'doc', 'docx', 'xls', 'xlsx' ); // valid extensions

       // rename uploaded file
        $img_file = chmod("$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '_' . rand(1000000000,1000000000000).".".$imgExt", 755);        

       // allow valid file formats
       if(in_array($imgExt, $valid_extensions)){   
        // Check file size '15MB'
        if($imgSize < 1500000)    {
         move_uploaded_file($tmp_dir,$upload_dir.$img_file);
        }
        else{
         $errMSG = "Sorry, the file you are trying to upload is too large.";
        }
       }
       else{
        $errMSG = "Sorry, only JPG, JPEG, PNG, TIFF, GIF, BMP, DICOM, PDF, DOC, DOCX, TXT, XLS, & XLSX files are allowed.";  
       }

$sql = "INSERT INTO tbl_dermatology_rdvm_attachments (dermformID, UMNCaseNo, ClientName, PatientName, file, original_filename, date_uploaded) VALUES (?,?,?,?,?,?, NOW())";

$stmt = $mysqli->prepare($sql);
$stmt->bind_param("ssssss", $id, $UMNCaseNo, $ClientName, $Pet_Name, $img_file, $imgFile ); // bind variables

if ($stmt->execute()){

        $attachID = $stmt->insert_id;

        header('Location: the link goes here', 
            TRUE, // rewrite existing Location header
            302  // set status code 
                   );
    }

 else {
        echo "Something went wrong with the upload. Please try again.";

  $stmt->close();

} 
     }

// check to make sure the form was submitted for upload a new image
if (isset($_POST['Upload2'])){

// derm form ID 
if(isset($_POST['dermdvmID']))
   {
    $id = $_POST["dermdvmID"];
   }    
else {
    $id = NULL;
 }  

// PA or Case Number    
if(isset($_POST['UMNCaseNo']))
   {
    $UMNCaseNo = $_POST["UMNCaseNo"];
   }    
else {
    $UMNCaseNo = $_POST["dermdvmID"];
 }

// Client Name  
if(isset($_POST['ClientName']))
   {
    $ClientName = $_POST["ClientName"];
   }    
else {
    $ClientName = NULL;
 }  

// Patient Name 
if(isset($_POST['Pet_Name']))
   {
    $Pet_Name = $_POST["Pet_Name"];
   }    
else {
    $Pet_Name = NULL;
 }      

      // Image File Information
      $imgFile = $_FILES['file']['name'];
      $tmp_dir = $_FILES['file']['tmp_name'];
      $imgSize = $_FILES['file']['size'];

      $upload_dir = '/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/'; // upload directory

       if (!is_dir('/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/')) {
            mkdir('/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/', 0777, TRUE);
       }

       $imgExt = strtolower(pathinfo($imgFile,PATHINFO_EXTENSION)); // get file extension

       // valid image extensions
       $valid_extensions = array('jpeg', 'jpg', 'png', 'gif', 'tif', 'bmp', 'dicom', 'dcm', 'pdf', 'doc', 'docx', 'xls', 'xlsx' ); // valid extensions

       // rename uploading image
        $img_file = $UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '_' . rand(1000000000,1000000000000) . ".".$imgExt;    

       // allow valid image file formats
       if(in_array($imgExt, $valid_extensions)){  

        // Check file size '15MB'
        if($imgSize < 1500000)    {
         move_uploaded_file($tmp_dir,$upload_dir.$img_file);
        }
        else{
         $errMSG = "Sorry, the file you are trying to upload is too large.";
        }
       }
       else{
        $errMSG = "Sorry, only JPG, JPEG, PNG, TIFF, GIF, BMP, DICOM, PDF, DOC, DOCX, TXT, XLS, & XLSX files are allowed.";  
       }

$sql = "INSERT INTO tbl_dermatology_rdvm_attachments (dermformID, UMNCaseNo, ClientName, PatientName, file, original_filename, date_uploaded) VALUES (?,?,?,?,?,?, NOW())";

$stmt = $mysqli->prepare($sql);
$stmt->bind_param("ssssss", $id, $UMNCaseNo, $ClientName, $Pet_Name, $img_file, $imgFile ); // bind variables

if ($stmt->execute()){
        // derm form ID 
        if(isset($_POST['dermdvmID']))
           {
            $id = $_POST["dermdvmID"];
           }    
        else {
            $id = NULL;
         }  

        header('Location: https://URL/public/dermatology/rdvm_upload_form_success.php?id='. $id,
      TRUE, // rewrite existing Location header
            302  // set status code 
      );
    }

 else {

        echo "Something went wrong with the upload. Please try again.";

  $stmt->close();

} 
     }

?>
  • 写回答

2条回答 默认 最新

  • dongmao4486 2018-07-18 00:39
    关注

    Depending on who you use, your FTP user, (eg ftp) may not have permissions to edit/delete files created by the Web user, eg Apache is run by user httpd and ftp may not be part of the group/supercede user httpd.

    评论

报告相同问题?

悬赏问题

  • ¥15 教务系统账号被盗号如何追溯设备
  • ¥20 delta降尺度方法,未来数据怎么降尺度
  • ¥15 c# 使用NPOI快速将datatable数据导入excel中指定sheet,要求快速高效
  • ¥15 再不同版本的系统上,TCP传输速度不一致
  • ¥15 高德地图点聚合中Marker的位置无法实时更新
  • ¥15 DIFY API Endpoint 问题。
  • ¥20 sub地址DHCP问题
  • ¥15 delta降尺度计算的一些细节,有偿
  • ¥15 Arduino红外遥控代码有问题
  • ¥15 数值计算离散正交多项式