...

View Full Version : Permission Errors



GSimpson
05-12-2009, 09:14 AM
Hey there,
I've check the FAQ here at coding forums, but it didn't really help me. When I run the following script on my local server, it doesn't give me an error at all, I assume because I'm the owner. However when I run on my host, I get an error, about permission being denied.


Warning: fopen(modules/custom.php) [function.fopen]: failed to open stream: Permission denied in /home/a7981147/public_html/smurfBLOG/install.php on line 13Warning: fopen(modules/custom.php) [function.fopen]: failed to open stream: Permission denied in /home/a7981147/public_html/smurfBLOG/install.php on line 13

I assume this question has been asked a fair bit, so sorry if it's a pain to answer it again. Anyone know what's causing this error or what I can change to fix it?

Here is the script:



<?php

function fopen_secure($path, $mode, $chmod=0666)
{
$directory = dirname($path);
$file = basename($path);
if (!is_dir($directory)) {
if (!mkdir($directory, $chmod, 1)) {
return FALSE;
}
}
return fopen ($path, $mode);
}

if(isset($_POST["attempt"])) {


$mysql_template = '<?php $connection = mysql_connect("' . $_POST[server] . '","' . $_POST[username] . '","' . $_POST[password] . '","/"); mysql_select_db("' . $_POST[database] . '",' . '$connection);?>';

$name = "SmurfBLOG";
$slogan = "V1.0";
$style = "default";
$copyright = "SmurfWorks";
$welcome = '<b>Welcome to SmurfBLOG v1.0.</b><br/><br/>Do not forget to remove "install.php" from your directory, as it puts your blog at risk.<br/><br/>To access admin controls, click the link in the footer. You can then change this message, and your settings, such as the name and slogan above, the style of the website, the copyright owner and this welcome message.<br/><br/>Enjoy your Blog, <a href="http://www.SmurfWorks.net">SmurfWorks Administration</a>.';
$password = md5("smurfworks");


$connection = mysql_connect($_POST[server],$_POST[username],$_POST[password],"/");


if(!$connection) {

die('Mysql Connection could not be opened.<br/>Please re-enter your mysql details. <a href="install.php">Click here to continue &raquo;</a>');

} else {

echo 'Mysql Connection Opened.<br/>';

}

$database = mysql_select_db($_POST[database],$connection);

if(!$database) {
die('Your database could not be selected.<br/>Please re-enter your mysql details. <a href="install.php">Click here to continue &raquo;</a><br/>');
}

else { mysql_select_db($_POST[database],$connection); echo 'Database Selected.<br/>'; }

$create_mysql = fopen_secure("modules/mysql_connection.php", "w+");
fwrite($create_mysql, $mysql_template);
fclose($create_mysql);

echo '"modules/mysql_connection.php" has been created.<br/>';

$create_custom = fopen_secure("modules/custom.php", "w+");
fwrite($create_custom, "<i>This is your custom module space. This can be customized or cleared in the administration control panel.</i>");
fclose($create_custom);

echo '"modules/custom.php" has been created.<br/>';

mysql_query('CREATE TABLE `smurfblog_settings` ( `name` VARCHAR( 255 ) NOT NULL , `slogan` VARCHAR( 255 ) NOT NULL , `style` VARCHAR( 255 ) NOT NULL , `copyright` VARCHAR( 255 ) NOT NULL , `welcome` TEXT NOT NULL , `password` VARCHAR( 255 ) NOT NULL ) COMMENT = \'This is where the SmurfBLOG settings are held.\';');

echo 'Table "smurfblog_settings" created.<br/>';

mysql_query("INSERT INTO `smurfblog_settings` (name, slogan, style, copyright, welcome, password) VALUES ('$name','$slogan','$style','$copyright','$welcome','$password')");

echo 'Default settings entered.<br/>';

mysql_query('CREATE TABLE `smurfblog_navlinks` ( `id` INT( 11 ) NOT NULL AUTO_INCREMENT, `url` TEXT NOT NULL , `display` VARCHAR( 255 ) NOT NULL , PRIMARY KEY ( `id` ) ) COMMENT = \'This table contains all of the links on the navigation.\';');

echo 'Table "smurfblog_navlinks" created.<br/>';

mysql_query("INSERT INTO `smurfblog_navlinks` (id, url, display) VALUES ('0','index.php','Home')");
mysql_query("INSERT INTO `smurfblog_navlinks` (id, url, display) VALUES ('0','index.php?p=archive','Archive')");
mysql_query("INSERT INTO `smurfblog_navlinks` (id, url, display) VALUES ('0','./','Example Link')");
mysql_query("INSERT INTO `smurfblog_navlinks` (id, url, display) VALUES ('0','','')");
mysql_query("INSERT INTO `smurfblog_navlinks` (id, url, display) VALUES ('0','','')");

echo 'Default navigation links entered.<br/>';

mysql_query('CREATE TABLE `smurfblog_entries` ( `id` INT( 11 ) NOT NULL AUTO_INCREMENT, `title` VARCHAR( 255 ) NOT NULL , `content` LONGTEXT NOT NULL , `tags` VARCHAR( 255 ) NOT NULL , `timestamp` VARCHAR( 255 ) NOT NULL , `author` VARCHAR( 255 ) NOT NULL , PRIMARY KEY ( `id` ) ) COMMENT = \'This is the table that all of the blog entries are held.\';');

echo 'Table "smurfblog_entries" created.<br/>';

mysql_query('INSERT INTO `smurfblog_entries` ( `id` , `title` , `content` , `tags` , `timestamp` , `author` ) VALUES ( \'0\', \'The Default Entry\', \'This entry to your SmurfBLOG was created by the install file as an example for the administrator. It allows them to understand a blog entries position within different aspects of the SmurfBLOG script.<br/><br/>As soon as you\\\'re ready, head in to the control panel and remove this entry, then get posting your own.\', \'SmurfBlog, Default, Entry, Script, Test, Blog, SmurfWorks Loves You\', \'23 April 2009, 2:36am\', \'Install File\' );');

echo 'Default Blog Entry Created.<br/>';

mysql_query('CREATE TABLE `smurfblog_comments` ( `id` INT( 11 ) NOT NULL AUTO_INCREMENT, `entry` INT( 11 ) NOT NULL , `comment` TEXT NOT NULL , `name` VARCHAR( 255 ) NOT NULL , `email` VARCHAR( 255 ) NOT NULL , `website` VARCHAR( 255 ) NOT NULL , `status` INT( 1 ) NOT NULL , PRIMARY KEY ( `id` ) ) COMMENT = \'This table contains comments on blog entries.\';');

echo 'Table "smurfblog_comments" created.<br/>';

mysql_query('INSERT INTO `smurfblog_comments` ( `id` , `entry` , `comment` , `name` , `email` , `website` , `status`) VALUES ( \'0\', \'1\', \'This is what a comment looks like. The name and the website are published, but the email is stored for administrators to view for moderation purposes, and also for the gravatar application.\', \'Install File\', \'\', \'http://www.smurfworks.net/downloads/view.php?id=1\',\'1\' );');

echo 'Default Blog Comment Entered.<br/>';

mysql_close($connection);

echo 'Mysql Connection Closed.<br/>';
echo 'Blog Setup Complete.<br/>';
echo 'Please delete "install.php" from your server to close security hole.<br/>';
echo '<a href="index.php">Continue to your blog &raquo;</a>';

} else {

?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Install SmurfBLOG v1.0</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>

<body>

<p style="width:500px">In order for SmurfBLOG to install itself on your server, it requires you have a database in place for it to store tables on. SmurfBLOG can only be installed once on a single database unless all of the data tables are manually removed using database scripts or a UI such as phpMyAdmin. Otherwise it will keep all previous entries from other blogs on the same database and display them where ever this blog has been installed. Along with a clean database set up, it needs to know where that database is - you can set these below. It will use these to create the tables, aswell as the mysql connection file that is used by all queries to the database in this blog.<br/><br/><i>(It will create a file named "mysql_connection.php" in this directory containing what information you type in now)</i><br/><br/>Please note, that the default administration password is "smurfworks".</p>

<form name="mysql-data" method="post" action="install.php">
<table style="width:500px">
<tr><th colspan="2">MySQL Settings</th></tr>
<tr>
<td>Mysql Server</td>
<td><input type="text" name="server"/></td>
</tr>

<tr>
<td>Mysql Username</td>
<td><input type="text" name="username"/></td>
</tr>

<tr>
<td>Mysql Password</td>
<td><input type="password" name="password"/></td>
</tr>

<tr>
<td>Mysql Database</td>
<td><input type="text" name="database"/></td>
</tr>

<input type="hidden" name="attempt" value="yes"/>

<tr>
<td colspan="2"><input type="submit" value="Install!"/></td>
</tr>
</table>
</form>
</body>
</html>


<!-- SmurfBLOG Copyright Smurfworks, <?php echo date("Y"); ?>. All rights reserved. http://www.smurfworks.net/ -->



<?php } ?>



Thank you :)

Fou-Lu
05-12-2009, 09:43 AM
Just open you're ftp client or control panel and chmod this entire directory recursively to include read privilege for the everybody group.
If I had to guess it off the bat, I'd say that the user the apache is using (apache, nobody whatever it is) is not set as an owner or group on the file, and that the current permissions have 0 for everybody. Use 644 or 664 and you're good to go.

This isn't an actual problem with you're code (but I'll admit that I didn't look at the code :P)

GSimpson
05-12-2009, 10:01 AM
I would have done this usually, but I'm trying to create a friendly install script, so that whenever I use it, all I have to do is sort out a database, upload and fill out the form. I'm unsure what files I have to chmod, to get install.php to create modules/mysql_connection.php and modules/custom.php

Fou-Lu
05-12-2009, 10:14 AM
When it comes to an installation script, you really cannot do a lot to fix a permission issue. The problem is that the apache simply cannot read the file. Its up to the user to chmod the file(s) so that they can be read by apache.
The one you'll need to chmod for certain is the custom.php file. You will not need to worry about the mysql one, since its created at runtime (PHP will assign ownership to the file on whatever the executor is, which should be you're apache user / group).

The best you can do with the remaining files is to iterate over them with a directory pointer or glob or whatever, use an is_readable call to see if you can read them, and if you can't, inform the user 'Module xxx cannot be installed; ensure permissions 'read' have been assigned to Everybody.'.

There is only so much we can do from our end :D

GSimpson
05-12-2009, 10:19 AM
Ahhh I see.

I have a file that opens custom.php once it's created, and can edit it based on the form. If I create a file named "custom.php" and leave it in the script, so that when I run the install, it doesn't have to do that end itself, will I run into any problems when running the page that edits it?

Also, I do recieve an error for the mysql one when running it, I believe it's also a permission error. Again, if I bundle an empty file within the script, under the name mysql_connection.php, will it write to the file ok?

Fou-Lu
05-12-2009, 10:28 AM
Empty files will still create a problem unless apache can read it and write to it (I should have mentioned this before, but I assumed apache).
If having no file for the mysql_connection within the directory prior to trying to create it, and it fails on fwrite, you'll need to make sure that the apache user also has write access to the directory. This would require one of two things: either set the apache user / group as the directory owner / group, or set read + write to everybody.

Easiest way to fix - find out the group name for apache, chgrp the group of the file to the apache group with read + write privilege.


I meant write access on directory, not drive, I fixed.

timgolding
05-12-2009, 09:14 PM
Empty files will still create a problem unless apache can read it and write to it (I should have mentioned this before, but I assumed apache).
If having no file for the mysql_connection within the directory prior to trying to create it, and it fails on fwrite, you'll need to make sure that the apache user also has write access to the directory. This would require one of two things: either set the apache user / group as the directory owner / group, or set read + write to everybody.

Easiest way to fix - find out the group name for apache, chgrp the group of the file to the apache group with read + write privilege.


I meant write access on directory, not drive, I fixed.


how do you do that edit box. Its been driving me crazy


oh the clues in the quote lol



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum