phpfile-uploadpermissionspermission-deniedmove-uploaded-file

move_uploaded_file Failed to open stream: Permission denied in XAMPP MacOS


I was trying to upload a file using php to my local using XAMPP on MacOS. Whenever I tried to upload a file through script, I got thi error.

move_uploaded_file  - Failed to open stream: Permission denied  

So I tried some fixes I saw on internet, like chmod -R 777 , changing the user-group and also tried to give read&write permission to every user; None of them worked.

This is the code I am using for uploading:

    if(!empty($filename)){
        $ext = pathinfo($filename, PATHINFO_EXTENSION);
        $new_filename = $slug.'_'.time().'.'.$ext;
        if(!move_uploaded_file($_FILES['eventImage']['tmp_name'], '../assets/images/events/'.$new_filename))
        {
            $_SESSION['error']='<strong>Error!</strong> Uploading Image failed. Please try again.';
        }   
    }
    else{
        $new_filename = '';
    }

I wanna know how this error can be fixed. I think this is some security issues of MacOS.


Solution

  • some Notes to the Question:

    first: For me, I don't use a Apple OS. nor I have a MacPC. second: XAMPP is for Development usage (mainly under Microsoft Windows).

    If You have a Windows OS, You can Install the IIS Express Version of a WebServer when You would like to administrate on Desktop (with no Text-Editor stuggling on Config-Files).

    I don't know, if MacOS has it's own WebServer, too. But XAMPP should not be running in Productive-System's - because the XAMPP Service Thread need Admin Rights (id You would like to use all Things that XAMPP provides).

    If You are running Linux, then You can install Apache WebServer. But then, You have to modify the Config-Files by Your own. It is True, that You can download a Linux Version of XAMPP - it is called LAMP.

    So far I know, is MacOS running over a Unix Kernel (don't sure). So, You have theoretically a Linux Kernel.

    Under some Linux-Systems, You have to create a special User, and Group for running Apache a little bit secured. The default User/Group are 'nobody'. If You can create new User on Your System, that have the /bin/false as last Attribut in the passwd file. So, You can prevent other User Logged-In with this User/Group. For usally, a /bin/bash will be open, and the User can perfom Task on Your Server, after he is knowing, and typing Your Password for such User Account.

    On my develop-PC, I did this: chown -R www-data:www-data ./.

    at Your document root.

    www-data group, and user is need by Apache2.4 - see Settings in Manual.

    The group, and user www-data is important under *nix like Operation Systems. Under Windows, You have to start XAMPP with Administrator Rights. So be warned !!!

    And: You should never be use XAMPP in Productive Systems. !!! The alternative is the Microsoft IIS - Internet Information Server.

    Thanks for reading