Programming Tutorials

PHP file upload prompts authentication for anonymous users

By: Phil Ciebiera  

On a Microsoft platform utilizing IIS, you may run into a situation where, upon moving the uploaded file, anonymous web users can't access the content without being prompted to authenticate first...

The reason for this is, the uploaded file will inherit the permissions of the directory specified in the directive upload_tmp_dir of php.ini. If this directive isn't set, the default of C:\Windows\Temp is used.

You can work around this by granting the IUSR_[server name] user read access to your temporary upload directory, so that after you move_uploaded_file the permissions will already be set properly.

It's also a good idea to set the Execute Permissions of the upload directory to NOT include Executables, for security reasons.
To accomplish this:
-Open the IIS Manager
-Browse to the relevant sites directory where the uploads will be placed
-Right Click the folder and select Properties
-In the Directory tab of the resulting dialog, set the Execute permissions to be None

This took me a while to figure out, so I hope this helps save some other peoples time.




Archived Comments


Most Viewed Articles (in PHP )

Latest Articles (in PHP)

Comment on this tutorial

Related Tutorials

© 2022 Java-samples.com

Tutorial Archive: Data Science  Android  AJAX  ASP.net  C  C++  C#  Cocoa  Cloud Computing  EJB  Errors  Java  Certification  Interview  iPhone  Javascript  JSF  JSP  Java Beans  J2ME  JDBC  Linux  Mac OS X  MySQL  Perl  PHP  Python  Ruby  SAP  VB.net  EJB  Struts  Trends  WebServices  XML  Office 365  Hibernate

Latest Tutorials on: Data Science  Android  AJAX  ASP.net  C  Cocoa  C++  C#  EJB  Errors  Java  Certification  Interview  iPhone  Javascript  JSF  JSP  Java Beans  J2ME  JDBC  Linux  Mac OS X  MySQL  Perl  PHP  Python  Ruby  SAP  VB.net  EJB  Struts  Cloud Computing  WebServices  XML  Office 365  Hibernate