phpapachefilefile-permissionsajax-upload

PHP - File ownership/permission issue - Uploaded file cannot be accessed/not found after it was uploaded


I am using this Simple-Ajax-Uploader plugin to upload files, then I used This PHP library to handle the processing of the files, to do things like generating random file names, resizing and specifying a directory to save the files, etc.

Here's the code:

<?php
require('../classes/class.upload.php');
require('../classes/User.php');

//Process a file uploaded via XMLHttpRequest
$handle = new upload($_FILES['uploadfile']['tmp_name']);
if ($handle->uploaded) {
    $handle->file_new_name_body = User::generateRandomString();
    $handle->image_resize = true;
    $handle->image_x = 360;
    $handle->image_ratio_y = true;
    $handle->process('temp-uploads');
    if ($handle->processed) {
        echo json_encode(array('success' => true, 'newfilename' => $handle->file_dst_name));
        $handle->clean();
    } else {
        exit(json_encode(array('success' => false, 'msg' => $handle->error))); 
    }
}

Well, the file will upload successfully but somehow it becomes inaccessible via any web page, it's also inaccessible if I try to access the "site-name.com/directory-name/filename.jpg" on the browser. It shows 404 Not found.

I also thought it could be file permission issues, but after giving the uploaded files including their directory) all possible permissions, they are still 404 Not Found. Right now, files uploaded by ajax are visible in cPanel file manager but not accessible in URL.

Finally, out of curiosity, I uploaded another file directly to the server via cPanel and that one was accessible, but the others still mysteriously remain inaccessible with 404 Not Found. I also renamed one of the inaccessible files to test.jpg, but it remains inaccessible. I tried to search for similar problems here but can't find one.

Please what is going wrong here?

Edit:

I have discovered that this was a file ownership permission issue, the directory where files are uploaded and the files within it are having different owner usernames of 1128 and 99 respectively. I have modified the title of the question to include "File ownership/permission issue".

Also I found the following message in the error logs repeatedly for each file uploaded:

[Sat May 26 09:28:05.584102 2018] [core:error] [pid 9320:tid 140646036481792] [client 209.126.90.118:59372] Caught race condition abuser. attacker: 1128, victim: 99 open file owner: 99, open file: /home/royalsee/public_html/php/MichenoCoop/dashboard/temp-uploads/32_3.JPG, referer: http://michenocoop.com/dashboard/temp-uploads/

Solution

  • The problem was resolved when I contacted support of my hosting provider.

    enter image description here

    I asked them to explain what was the cause and they replied with this:

    enter image description here

    Whatever that means I have no idea, however my problem was solved, so I am posting this to help anyone else who may be having the same issue. I hope it helps.