skip to Main Content

I am using this Simple-Ajax-Uploader plugin to upload files, then I used This PHP library to handle the processing of the files, to do things like generating random file names, resizing and specifying a directory to save the files, etc.

Here’s the code:

<?php
require('../classes/class.upload.php');
require('../classes/User.php');

//Process a file uploaded via XMLHttpRequest
$handle = new upload($_FILES['uploadfile']['tmp_name']);
if ($handle->uploaded) {
    $handle->file_new_name_body = User::generateRandomString();
    $handle->image_resize = true;
    $handle->image_x = 360;
    $handle->image_ratio_y = true;
    $handle->process('temp-uploads');
    if ($handle->processed) {
        echo json_encode(array('success' => true, 'newfilename' => $handle->file_dst_name));
        $handle->clean();
    } else {
        exit(json_encode(array('success' => false, 'msg' => $handle->error))); 
    }
}

Well, the file will upload successfully but somehow it becomes inaccessible via any web page, it’s also inaccessible if I try to access the “site-name.com/directory-name/filename.jpg” on the browser. It shows 404 Not found.

I also thought it could be file permission issues, but after giving the uploaded files including their directory) all possible permissions, they are still 404 Not Found. Right now, files uploaded by ajax are visible in cPanel file manager but not accessible in URL.

Finally, out of curiosity, I uploaded another file directly to the server via cPanel and that one was accessible, but the others still mysteriously remain inaccessible with 404 Not Found. I also renamed one of the inaccessible files to test.jpg, but it remains inaccessible.
I tried to search for similar problems here but can’t find one.

Please what is going wrong here?

Edit:

I have discovered that this was a file ownership permission issue, the directory where files are uploaded and the files within it are having different owner usernames of 1128 and 99 respectively.
I have modified the title of the question to include “File ownership/permission issue”.

Also I found the following message in the error logs repeatedly for each file uploaded:

[Sat May 26 09:28:05.584102 2018] [core:error] [pid 9320:tid 140646036481792] [client 209.126.90.118:59372] Caught race condition abuser. attacker: 1128, victim: 99 open file owner: 99, open file: /home/royalsee/public_html/php/MichenoCoop/dashboard/temp-uploads/32_3.JPG, referer: http://michenocoop.com/dashboard/temp-uploads/

2

Answers


  1. Chosen as BEST ANSWER

    The problem was resolved when I contacted support of my hosting provider.

    enter image description here

    I asked them to explain what was the cause and they replied with this:

    enter image description here

    Whatever that means I have no idea, however my problem was solved, so I am posting this to help anyone else who may be having the same issue. I hope it helps.


  2. I know that you already checked that:

    could be file permission issues, but after giving the uploaded files
    including their directory) all possible permissions, they are still
    404 Not Found

    But maybe the problem is with ownership of the file, according to this S.O answer What's the meaning of this error message in error log?:

    Bad permission or ownership can also trigger this error. I have
    resolved it by changing ownership of my application directory. It was
    owned by root before.

    And here again with the same error you get in your log file:

    https://alexantop.wordpress.com/2013/05/07/caught-race-condition-abuser/

    with the same solution:

    Change the files ownership to “username”.

    Can you check the ownership of the folder and try to change it to www-data or some user that can be accessible from internet.

    Hope it helps!

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search