How to upload image files to a shared folder using PHP on Linux

Home > Search > How-to
  by

Enable File Uploads in PHP

Ensure that file_uploads is set to on in PHP. This can be checked by navigating to www.your_site.com/phpinfo.php, or in your php.ini file. If file_uploads is not on, set file_uploads to on in your php.ini file. 

file_uploads = On

 


Temporary Uploads Directory

Typically, open_basedir will be set to /var/www in /etc/php.ini. In this scenario, upload_tmp_dir must be somewhere below /var/www. This can be checked by navigating to www.your_site.com/phpinfo.php, or in your php.ini file. If upload_tmp_dir is not below your document root, modify upload_tmp_dir in your php.ini file. 

upload_tmp_dir = /var/www/html/images/tmp

 

If upload_tmp_dir is not somewhere below your web servers document root, the PHP log file will throw an error.

[john.doe@server1 ~]# cat /var/log/php-fpm/error.log
[28-May-2017 15:33:21 US/Central] PHP Warning: move_uploaded_file(): open_basedir restriction in effect. File (/tmp/phpNENCQM) is not within the allowed path(s): (/var/www) in /var/www/html/Stage2.php on line 9.

 

Ensure the temporary uploads directory exists.

[john.doe@server1 ~]# mkdir /var/www/html/uploads/tmp

 

Ensure the temporary uploads directory permission is 755.

[john.doe@server1 ~]# chmod 755 /var/www/html/uploads/tmp

 

Use the following PHP to determine what user PHP uses to upload the file.

<?php
    echo exec('whoami'); 
?>

 

If the output of the above is apache, then apache is the user. In this scenario, set the owner of the temporary uploads directory to apache.

[john.doe@server1 ~]# chown apache:root /var/www/html/uploads/tmp

 

Set the SELinux context of the temporary and permanent uploads directory to httpd_sys_rw_content_t.

[john.doe@server1 ~]# chcon --type httpd_sys_rw_content_t /var/www/html/uploads
[john.doe@server1 ~]# chcon --type httpd_sys_rw_content_t /var/www/html/uploads/tmp

 


HTML

Use the following HTML to create a form that will post the file to file_upload.php.

<form action="file_upload.php" method="post" enctype="multipart/form-data">
    <input type="file" name="upload">
    <input type="submit">
</form>

 

In this example, an image of Goofy is selected.

 


PHP

In this example, upload_tmp_dir in the php.ini file is /var/www/html/images/tmp/. This tells PHP to create a temporary copy of the file being upload in the /var/www/html/images/tmp/ directory on the web server. The temporary name of the file can be viewed with the following PHP.

<?php
    $original_name = $_FILES["upload"]["name"];
    $temporary_name = $_FILES["upload"]["tmp_name"];
    $target = "/var/www/html/images/tmp/" . $original_name;
    echo $original_name . "<br /><br />";
    echo $temporary_name . "<br /><br />";
    echo $target . "<br /><br />";
?>

 

In this example, in the HTML, the name of the file input type is upload. In PHP, the FILES  variable will also need to contain upload.

 

For the sake of this tutorial, let's say the original name of the file is goofy.png, temporary name of the uploaded file is /tmp/php8AAD.tmp. The php8AAD.tmp file is what will be uploaded, not the original file name.

example.jpg
/tmp/php8AAD.tmp
/var/www/site1/images/example.jpg

 

The PHP move_uploaded_file function can be used to move a file from one directory to another. In this example, the temporary file will be moved from /tmp/php8AAD.tmp to /var/www/html/uploads/tmp, and the name of the file will be goofy.png.

<?php
    $original_name = $_FILES["upload"]["name"];
    $temporary_name = $_FILES["upload"]["tmp_name"];
    $target = "/var/www/html/images/" . $original_name;

    if(move_uploaded_file($temporary_name, $target)) {echo "Success";}
    else{echo "Failed";}
?>

 


Check if file already exists

Use the following PHP to check to see if the file being upload already exists, and then only proceed with the upload if the file does not already exists in the uploads directory.

<?php
    $original_name = $_FILES["upload"]["name"];
    $temporary_name = $_FILES["upload"]["tmp_name"];
    $target = "/var/www/html/images/" . $original_name;

    if (file_exists($target)) {
        echo "Already exists";
        }
    else{
        if(move_uploaded_file($temporary_name, $target)) {echo "Success";}
        else{echo "Failed";}
    }
?>

 


Check file extension

Use the following PHP to check to see if the file being upload has extension .jpg, .jpeg, .png, or .gif, and then only proceed with the upload if the file has one of these extension.

<?php
    $original_name = $_FILES["upload"]["name"];
    $temporary_name = $_FILES["upload"]["tmp_name"];
    $target = "/var/www/html/images/" . $original_name;
    $FileExtension = pathinfo($target,PATHINFO_EXTENSION);

    if (file_exists($target)) {
        echo "Already exists";
        $Status = 0;
        }
    if ($FileExtension !='jpg' && $FileExtension !='jpeg' && $FileExtension !='png' && $FileExtension !='gif') {
        echo "Invalid extension";
        $Status = 0;
        }
    if($Status == 0) {}
    else{
        if(move_uploaded_file($temporary_name, $target)) {echo "Success";}
        else{echo "Failed";}
    }
?>

 


Debugging

If there is a problem, add the following PHP, and then reference the PHP Manual.

$_FILES["upload"]["error"];

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments