I'm trying to create a secure way to handle file uploads by uploading the files to a directory outside of public_html
.
I'm testing my script and my script works when I execute sudo php receive_files.php
, but when I run receive_files.php without sudo
I get failed to open stream: Permission denied.
Right now all permissions all the way back to var/www/html/mysite/public_html
are set to 755. I tried changing all of them to 775 and the command still didn't work
Without sudo
. And I'm pretty sure that would not be secure. How do I get around this problem?
My code:
$encoded_file = $_POST['file'];
$user_id = $_POST['user_id'];
$decoded_file = base64_decode($encoded_file);
$new_directory = "../../../../../../user_uploads/$user_id/";
if(!file_exists($new_directory)){
mkdir($new_directory, 0775, true);
file_put_contents($new_directory . $decoded_file);
}