Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder GSimpson's Avatar
    Join Date
    Aug 2006
    Location
    New Zealand
    Posts
    268
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Permission Errors

    Hey there,
    I've check the FAQ here at coding forums, but it didn't really help me. When I run the following script on my local server, it doesn't give me an error at all, I assume because I'm the owner. However when I run on my host, I get an error, about permission being denied.

    Code:
    Warning: fopen(modules/custom.php) [function.fopen]: failed to open stream: Permission denied in /home/a7981147/public_html/smurfBLOG/install.php on line 13Warning: fopen(modules/custom.php) [function.fopen]: failed to open stream: Permission denied in /home/a7981147/public_html/smurfBLOG/install.php on line 13
    I assume this question has been asked a fair bit, so sorry if it's a pain to answer it again. Anyone know what's causing this error or what I can change to fix it?

    Here is the script:

    PHP Code:
    <?php

        
    function fopen_secure($path$mode$chmod=0666)
        {
            
    $directory dirname($path);
            
    $file basename($path);
            if (!
    is_dir($directory)) {
                if (!
    mkdir($directory$chmod1)) {
                    return 
    FALSE;
                }
            }
            return 
    fopen ($path$mode);
        }

      if(isset(
    $_POST["attempt"])) {


      
    $mysql_template '<?php $connection = mysql_connect("' $_POST[server] . '","' $_POST[username] . '","' $_POST[password] . '","/"); mysql_select_db("' $_POST[database] . '",' '$connection);?>';

        
    $name "SmurfBLOG";
        
    $slogan "V1.0";
        
    $style "default";
        
    $copyright "SmurfWorks";
        
    $welcome '<b>Welcome to SmurfBLOG v1.0.</b><br/><br/>Do not forget to remove "install.php" from your directory, as it puts your blog at risk.<br/><br/>To access admin controls, click the link in the footer. You can then change this message, and your settings, such as the name and slogan above, the style of the website, the copyright owner and this welcome message.<br/><br/>Enjoy your Blog, <a href="http://www.SmurfWorks.net">SmurfWorks Administration</a>.';
        
    $password md5("smurfworks");


      
    $connection mysql_connect($_POST[server],$_POST[username],$_POST[password],"/");


      if(!
    $connection) {

        die(
    'Mysql Connection could not be opened.<br/>Please re-enter your mysql details. <a href="install.php">Click here to continue &raquo;</a>');

      }  else  {

      echo 
    'Mysql Connection Opened.<br/>';

      }

      
    $database mysql_select_db($_POST[database],$connection);

      if(!
    $database) {
        die(
    'Your database could not be selected.<br/>Please re-enter your mysql details. <a href="install.php">Click here to continue &raquo;</a><br/>');
      }

      else {  
    mysql_select_db($_POST[database],$connection); echo 'Database Selected.<br/>'; }

      
    $create_mysql fopen_secure("modules/mysql_connection.php""w+");
      
    fwrite($create_mysql$mysql_template);
      
    fclose($create_mysql);

      echo 
    '"modules/mysql_connection.php" has been created.<br/>';

      
    $create_custom fopen_secure("modules/custom.php""w+");
      
    fwrite($create_custom"<i>This is your custom module space. This can be customized or cleared in the administration control panel.</i>");
      
    fclose($create_custom);

      echo 
    '"modules/custom.php" has been created.<br/>';

      
    mysql_query('CREATE TABLE `smurfblog_settings` ( `name` VARCHAR( 255 ) NOT NULL , `slogan` VARCHAR( 255 ) NOT NULL , `style` VARCHAR( 255 ) NOT NULL , `copyright` VARCHAR( 255 ) NOT NULL , `welcome` TEXT NOT NULL , `password` VARCHAR( 255 ) NOT NULL ) COMMENT = \'This is where the SmurfBLOG settings are held.\';');

      echo 
    'Table "smurfblog_settings" created.<br/>';

      
    mysql_query("INSERT INTO `smurfblog_settings` (name, slogan, style, copyright, welcome, password) VALUES ('$name','$slogan','$style','$copyright','$welcome','$password')");

      echo 
    'Default settings entered.<br/>';

      
    mysql_query('CREATE TABLE `smurfblog_navlinks` ( `id` INT( 11 ) NOT NULL AUTO_INCREMENT, `url` TEXT NOT NULL , `display` VARCHAR( 255 ) NOT NULL , PRIMARY KEY ( `id` ) ) COMMENT = \'This table contains all of the links on the navigation.\';');

      echo 
    'Table "smurfblog_navlinks" created.<br/>';

      
    mysql_query("INSERT INTO `smurfblog_navlinks` (id, url, display) VALUES ('0','index.php','Home')");
      
    mysql_query("INSERT INTO `smurfblog_navlinks` (id, url, display) VALUES ('0','index.php?p=archive','Archive')");
      
    mysql_query("INSERT INTO `smurfblog_navlinks` (id, url, display) VALUES ('0','./','Example Link')");
      
    mysql_query("INSERT INTO `smurfblog_navlinks` (id, url, display) VALUES ('0','','')");
      
    mysql_query("INSERT INTO `smurfblog_navlinks` (id, url, display) VALUES ('0','','')");

      echo 
    'Default navigation links entered.<br/>';

      
    mysql_query('CREATE TABLE `smurfblog_entries` ( `id` INT( 11 ) NOT NULL AUTO_INCREMENT, `title` VARCHAR( 255 ) NOT NULL , `content` LONGTEXT NOT NULL , `tags` VARCHAR( 255 ) NOT NULL , `timestamp` VARCHAR( 255 ) NOT NULL , `author` VARCHAR( 255 ) NOT NULL , PRIMARY KEY ( `id` ) ) COMMENT = \'This is the table that all of the blog entries are held.\';');

      echo 
    'Table "smurfblog_entries" created.<br/>';

      
    mysql_query('INSERT INTO `smurfblog_entries` ( `id` , `title` , `content` , `tags` , `timestamp` , `author` ) VALUES ( \'0\', \'The Default Entry\', \'This entry to your SmurfBLOG was created by the install file as an example for the administrator. It allows them to understand a blog entries position within different aspects of the SmurfBLOG script.<br/><br/>As soon as you\\\'re ready, head in to the control panel and remove this entry, then get posting your own.\', \'SmurfBlog, Default, Entry, Script, Test, Blog, SmurfWorks Loves You\', \'23 April 2009, 2:36am\', \'Install File\' );');

      echo 
    'Default Blog Entry Created.<br/>';

      
    mysql_query('CREATE TABLE `smurfblog_comments` ( `id` INT( 11 ) NOT NULL AUTO_INCREMENT, `entry` INT( 11 ) NOT NULL , `comment` TEXT NOT NULL , `name` VARCHAR( 255 ) NOT NULL , `email` VARCHAR( 255 ) NOT NULL , `website` VARCHAR( 255 ) NOT NULL , `status` INT( 1 ) NOT NULL , PRIMARY KEY ( `id` ) ) COMMENT = \'This table contains comments on blog entries.\';');

      echo 
    'Table "smurfblog_comments" created.<br/>';

      
    mysql_query('INSERT INTO `smurfblog_comments` ( `id` , `entry` , `comment` , `name` , `email` , `website` , `status`) VALUES ( \'0\', \'1\', \'This is what a comment looks like. The name and the website are published, but the email is stored for administrators to view for moderation purposes, and also for the gravatar application.\', \'Install File\', \'\', \'http://www.smurfworks.net/downloads/view.php?id=1\',\'1\' );');

      echo 
    'Default Blog Comment Entered.<br/>';

      
    mysql_close($connection);

      echo 
    'Mysql Connection Closed.<br/>';
      echo 
    'Blog Setup Complete.<br/>';
      echo 
    'Please delete "install.php" from your server to close security hole.<br/>';
      echo 
    '<a href="index.php">Continue to your blog &raquo;</a>';

      } else {

    ?>


      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
        <html xmlns="http://www.w3.org/1999/xhtml">

          <head>
            <title>Install SmurfBLOG v1.0</title>
            <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
          </head>

          <body>

          <p style="width:500px">In order for SmurfBLOG to install itself on your server, it requires you have a database in place for it to store tables on. SmurfBLOG can only be installed once on a single database unless all of the data tables are manually removed using database scripts or a UI such as phpMyAdmin. Otherwise it will keep all previous entries from other blogs on the same database and display them where ever this blog has been installed. Along with a clean database set up, it needs to know where that database is - you can set these below. It will use these to create the tables, aswell as the mysql connection file that is used by all queries to the database in this blog.<br/><br/><i>(It will create a file named "mysql_connection.php" in this directory containing what information you type in now)</i><br/><br/>Please note, that the default administration password is "smurfworks".</p>

    <form name="mysql-data" method="post" action="install.php">
            <table style="width:500px">
              <tr><th colspan="2">MySQL Settings</th></tr>
              <tr>
                <td>Mysql Server</td>
                <td><input type="text" name="server"/></td>
              </tr>

              <tr>
                <td>Mysql Username</td>
                <td><input type="text" name="username"/></td>
              </tr>

              <tr>
                <td>Mysql Password</td>
                <td><input type="password" name="password"/></td>
              </tr>

              <tr>
                <td>Mysql Database</td>
                <td><input type="text" name="database"/></td>
              </tr>

    <input type="hidden" name="attempt" value="yes"/>

              <tr>
                <td colspan="2"><input type="submit" value="Install!"/></td>
              </tr>
            </table>
            </form>
          </body>
        </html>


    <!-- SmurfBLOG Copyright Smurfworks, <?php echo date("Y"); ?>. All rights reserved. http://www.smurfworks.net/ -->



    <?php ?>
    Thank you
    The internet is my Sandbox, and notepad is my Spade n' Bucket.

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Just open you're ftp client or control panel and chmod this entire directory recursively to include read privilege for the everybody group.
    If I had to guess it off the bat, I'd say that the user the apache is using (apache, nobody whatever it is) is not set as an owner or group on the file, and that the current permissions have 0 for everybody. Use 644 or 664 and you're good to go.

    This isn't an actual problem with you're code (but I'll admit that I didn't look at the code :P)
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Regular Coder GSimpson's Avatar
    Join Date
    Aug 2006
    Location
    New Zealand
    Posts
    268
    Thanks
    9
    Thanked 0 Times in 0 Posts
    I would have done this usually, but I'm trying to create a friendly install script, so that whenever I use it, all I have to do is sort out a database, upload and fill out the form. I'm unsure what files I have to chmod, to get install.php to create modules/mysql_connection.php and modules/custom.php
    The internet is my Sandbox, and notepad is my Spade n' Bucket.

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    When it comes to an installation script, you really cannot do a lot to fix a permission issue. The problem is that the apache simply cannot read the file. Its up to the user to chmod the file(s) so that they can be read by apache.
    The one you'll need to chmod for certain is the custom.php file. You will not need to worry about the mysql one, since its created at runtime (PHP will assign ownership to the file on whatever the executor is, which should be you're apache user / group).

    The best you can do with the remaining files is to iterate over them with a directory pointer or glob or whatever, use an is_readable call to see if you can read them, and if you can't, inform the user 'Module xxx cannot be installed; ensure permissions 'read' have been assigned to Everybody.'.

    There is only so much we can do from our end
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #5
    Regular Coder GSimpson's Avatar
    Join Date
    Aug 2006
    Location
    New Zealand
    Posts
    268
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Ahhh I see.

    I have a file that opens custom.php once it's created, and can edit it based on the form. If I create a file named "custom.php" and leave it in the script, so that when I run the install, it doesn't have to do that end itself, will I run into any problems when running the page that edits it?

    Also, I do recieve an error for the mysql one when running it, I believe it's also a permission error. Again, if I bundle an empty file within the script, under the name mysql_connection.php, will it write to the file ok?
    The internet is my Sandbox, and notepad is my Spade n' Bucket.

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Empty files will still create a problem unless apache can read it and write to it (I should have mentioned this before, but I assumed apache).
    If having no file for the mysql_connection within the directory prior to trying to create it, and it fails on fwrite, you'll need to make sure that the apache user also has write access to the directory. This would require one of two things: either set the apache user / group as the directory owner / group, or set read + write to everybody.

    Easiest way to fix - find out the group name for apache, chgrp the group of the file to the apache group with read + write privilege.

    Edit:
    I meant write access on directory, not drive, I fixed.
    Last edited by Fou-Lu; 05-12-2009 at 09:30 AM.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #7
    Senior Coder timgolding's Avatar
    Join Date
    Aug 2006
    Location
    Southampton
    Posts
    1,517
    Thanks
    114
    Thanked 110 Times in 109 Posts
    Quote Originally Posted by Fou-Lu View Post
    Empty files will still create a problem unless apache can read it and write to it (I should have mentioned this before, but I assumed apache).
    If having no file for the mysql_connection within the directory prior to trying to create it, and it fails on fwrite, you'll need to make sure that the apache user also has write access to the directory. This would require one of two things: either set the apache user / group as the directory owner / group, or set read + write to everybody.

    Easiest way to fix - find out the group name for apache, chgrp the group of the file to the apache group with read + write privilege.

    Edit:
    I meant write access on directory, not drive, I fixed.
    how do you do that edit box. Its been driving me crazy

    Edit:
    oh the clues in the quote lol
    You can not say you know how to do something, until you can teach it to someone else.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •