I’ve written code for referring providers to upload images and documents to our site during the referral process. The script works, the directory is created, the image is renamed and uploaded. My issue is that I cannot physically delete the files (using Filezilla and Dreamweaver).
Could this be an issue with the script or would this be an issue with something in Apache setup?
I had thought to try and add something like this but it uploads the file but the $img_file does not get copied to the database and when I view the chmod settings for the image they’re set at 644, so clearly the below snippet isn’t working as expected.
// rename uploaded file
$img_file = chmod("$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '_' . rand(1000000000,1000000000000).".".$imgExt", 755);
Note: I know that there are two portions to the script, 1 with this and 1 without. I’ve tried it both ways.
I am not able to change the chmod settings in Filezilla, which leads me to believe that there is maybe something with the Apache settings?
My script is:
<?PHP
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = new mysqli("xxx", "xxx", "xxx", "xxx");
$mysqli->set_charset("utf8");
$mysqli->query("SET NAMES 'utf8'");
if (mysqli_connect_error()) { echo mysqli_connect_error(); exit; }
// check to make sure the form was submitted
if (isset($_POST['Upload'])){
// derm form ID
if(isset($_POST['dermdvmID']))
{
$id = $_POST["dermdvmID"];
}
else {
$id = NULL;
}
// PA or Case Number
if(isset($_POST['UMNCaseNo']))
{
$UMNCaseNo = $_POST["UMNCaseNo"];
}
else {
$UMNCaseNo = $_POST["dermdvmID"];
}
// Client Name
if(isset($_POST['ClientName']))
{
$ClientName = $_POST["ClientName"];
}
else {
$ClientName = NULL;
}
// Patient Name
if(isset($_POST['Pet_Name']))
{
$Pet_Name = $_POST["Pet_Name"];
}
else {
$Pet_Name = NULL;
}
// Image File Information
$imgFile = $_FILES['file']['name'];
$tmp_dir = $_FILES['file']['tmp_name'];
$imgSize = $_FILES['file']['size'];
// Upload to Directory
$upload_dir = '/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/'; // upload directory
// Check to see if the Directory already exists. If not, create the directory and give settings 0777
if (!is_dir('/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/')) {
mkdir('/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/', 0777, TRUE);
}
// Get file extension
$imgExt = strtolower(pathinfo($imgFile,PATHINFO_EXTENSION)); // get file extension
// valid file extensions
$valid_extensions = array('jpeg', 'jpg', 'png', 'gif', 'tif', 'bmp', 'dicom', 'dcm', 'pdf', 'doc', 'docx', 'xls', 'xlsx' ); // valid extensions
// rename uploaded file
$img_file = chmod("$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '_' . rand(1000000000,1000000000000).".".$imgExt", 755);
// allow valid file formats
if(in_array($imgExt, $valid_extensions)){
// Check file size '15MB'
if($imgSize < 1500000) {
move_uploaded_file($tmp_dir,$upload_dir.$img_file);
}
else{
$errMSG = "Sorry, the file you are trying to upload is too large.";
}
}
else{
$errMSG = "Sorry, only JPG, JPEG, PNG, TIFF, GIF, BMP, DICOM, PDF, DOC, DOCX, TXT, XLS, & XLSX files are allowed.";
}
$sql = "INSERT INTO tbl_dermatology_rdvm_attachments (dermformID, UMNCaseNo, ClientName, PatientName, file, original_filename, date_uploaded) VALUES (?,?,?,?,?,?, NOW())";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("ssssss", $id, $UMNCaseNo, $ClientName, $Pet_Name, $img_file, $imgFile ); // bind variables
if ($stmt->execute()){
$attachID = $stmt->insert_id;
header('Location: the link goes here',
TRUE, // rewrite existing Location header
302 // set status code
);
}
else {
echo "Something went wrong with the upload. Please try again.";
$stmt->close();
}
}
// check to make sure the form was submitted for upload a new image
if (isset($_POST['Upload2'])){
// derm form ID
if(isset($_POST['dermdvmID']))
{
$id = $_POST["dermdvmID"];
}
else {
$id = NULL;
}
// PA or Case Number
if(isset($_POST['UMNCaseNo']))
{
$UMNCaseNo = $_POST["UMNCaseNo"];
}
else {
$UMNCaseNo = $_POST["dermdvmID"];
}
// Client Name
if(isset($_POST['ClientName']))
{
$ClientName = $_POST["ClientName"];
}
else {
$ClientName = NULL;
}
// Patient Name
if(isset($_POST['Pet_Name']))
{
$Pet_Name = $_POST["Pet_Name"];
}
else {
$Pet_Name = NULL;
}
// Image File Information
$imgFile = $_FILES['file']['name'];
$tmp_dir = $_FILES['file']['tmp_name'];
$imgSize = $_FILES['file']['size'];
$upload_dir = '/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/'; // upload directory
if (!is_dir('/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/')) {
mkdir('/xx/xx/xx/xx/public/dermatology/files/' .$UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '/', 0777, TRUE);
}
$imgExt = strtolower(pathinfo($imgFile,PATHINFO_EXTENSION)); // get file extension
// valid image extensions
$valid_extensions = array('jpeg', 'jpg', 'png', 'gif', 'tif', 'bmp', 'dicom', 'dcm', 'pdf', 'doc', 'docx', 'xls', 'xlsx' ); // valid extensions
// rename uploading image
$img_file = $UMNCaseNo . '_' .$Pet_Name . '_' .$ClientName . '_' . rand(1000000000,1000000000000) . ".".$imgExt;
// allow valid image file formats
if(in_array($imgExt, $valid_extensions)){
// Check file size '15MB'
if($imgSize < 1500000) {
move_uploaded_file($tmp_dir,$upload_dir.$img_file);
}
else{
$errMSG = "Sorry, the file you are trying to upload is too large.";
}
}
else{
$errMSG = "Sorry, only JPG, JPEG, PNG, TIFF, GIF, BMP, DICOM, PDF, DOC, DOCX, TXT, XLS, & XLSX files are allowed.";
}
$sql = "INSERT INTO tbl_dermatology_rdvm_attachments (dermformID, UMNCaseNo, ClientName, PatientName, file, original_filename, date_uploaded) VALUES (?,?,?,?,?,?, NOW())";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("ssssss", $id, $UMNCaseNo, $ClientName, $Pet_Name, $img_file, $imgFile ); // bind variables
if ($stmt->execute()){
// derm form ID
if(isset($_POST['dermdvmID']))
{
$id = $_POST["dermdvmID"];
}
else {
$id = NULL;
}
header('Location: https://URL/public/dermatology/rdvm_upload_form_success.php?id='. $id,
TRUE, // rewrite existing Location header
302 // set status code
);
}
else {
echo "Something went wrong with the upload. Please try again.";
$stmt->close();
}
}
?>
2
Answers
Adding the following code resolved my issue:
Depending on who you use, your FTP user, (eg
ftp
) may not have permissions to edit/delete files created by the Web user, eg Apache is run by userhttpd
andftp
may not be part of the group/supercede userhttpd
.