I'm running php on IIS 7 on my localhost for testing purposes. A user can upload a resume as part of a job application. The php receives the file and uploads it to the uploads directory.
Later, an employer can login to a company web portal and view all the current applications. They are able to click on View resume to download a copy of the resume. I have set the uploads folder to grant full permissions to both IUSR and IIS_IUSR.
For the existing resumes in this folder, the permissions are correctly passed on and the employer is able to download a copy of these files. However when a new file is uploaded, the permissions are not passed to this file and the employer is met with an error when trying to download it.
With this code I am able to download the resumes that existed before I changed the permissions of the folder, however I am met with a
HTTP Error 401.3 - Unauthorized You do not have permission to view this directory or page because of the access control list (ACL) configuration or encryption settings for this resource on the Web server.
when I try to download newly uploaded files.
Upload code:
$name = sprintf('uploads/%s.%s',
sha1_file($_FILES['file-0']['tmp_name']),
$ext
);
if (!move_uploaded_file(
$_FILES['file-0']['tmp_name'], $name
)) {
throw new RuntimeException('Failed to move uploaded file.');
}
Download code
echo "<h3><a href='" . $resume . "' class='linkText'>Link to resume</a></h3>";
How do I modify my setup to pass on the permissions to newly uploaded files?
In the end I just changed how I outputted the download link. Rather than making it a direct link to the file I used readfile
header('Content-Description: File Transfer');
header('Content-Type: ' . $array['filetype']);
header('Content-Disposition: attachment; filename='.basename($resume));
readfile($resume);
For some reason this works fine and there are no errors about permissions.