In my project, I have to upload some video files to a folder which lies outside the root folder. I am using simple php function move_uploaded_file to upload the file. I have tried with the code below.

$source  = $_FILES['Filedata']['tmp_name'];
$targetFile = '/usr/local/WowzaMediaServer-3.1.1/content/video.mp4'
move_uploaded_file($source,$targetFile);

But it is not working. Can we done it through move_uploaded_file. if not, suggest a better option to do this.

I have seen some similar question but nothing helps. So any help would be appreciated..

More than likely this is a simple permissions issue and quite easy to solve.

1. Find the user that apache uses. To do this open up your httpd.conf file and look for something like:

   User apache
   Group apache

2. Change the ownership of the folder that you're trying to upload to.

   chown -R apache.apache /usr/local/WowzaMediaServer-3.1.1/content/

3. Change the permissions of the folder

   chmod -R 775 /usr/local/WowzaMediaServer-3.1.1/content/

And that should be that.

Are you sure you're not in a chroot jail?

If so, your "absolute" path name could be pointing to the wrong place-- somewhere that doesn't exist.

If so, change the path to point to somewhere within the jail.

It may be necessary to mount --bind the directory you want this to go in into some location within the jail. (Note that a symbolic link will not work for getting out of jail.)

I'm going to assume you're using Apache for the purposes of this answer.

First off, is the file being uploaded ok? One possible reason you might have trouble is that the tmp directory isn't writable by the webserver, or readable come to that. Assuming that's ok then move_uploaded_file should work fine.

Create a folder next to your DOCUMENT_ROOT, let's call it "filestore". Make sure it's writable by www-data or whichever user runs apache. Now, you should be able to move the files into that folder. Note they will be owned by www-data:www-data typically - or whatever user and group your server is set up to run as. The reason I put the "filestore" folder next to the DOCUMENT_ROOT folder is that you can be sure the webserver can read the file path up to DOCUMENT_ROOT. Otherwise you run the risk of a folder part way up the path not being readable, and that'll stop you dead. e.g. if you have /usr/local/media as your target folder and /usr/local isn't readable (and executable) by the webserver, you're toast.

If all this works and you absolutely must have you media elsewhere, you can have the "filestore" folder anywhere so long as the whole path to it is read/executable by the webserver. Check each directory in the path.

If these uploaded files are being downloaded by other users via the web then the "filestore" folder only needs to have permissions of 700 since it's always going to be the web server's user which reads them. If other users need access, typically because other software running as a different user needs to use them then you might need permissions to be 750 to allow group members to read (and execute) the directory. You'll also need to add that other user to the www-data group.

For downloads you will need to write a simple script which dumps the file to the browser after doing some authentication checks. That way, you avoid having the media accessible just via http without having any authentication done first - which could make your service into an attractive place for illegal files (copyright violations being the least concern here).

This is a dangerous approach as it gives root privileges to the apache user, so use with caution.

Add the apache user to the list of sudoers - which will let you execute commands as root in php via system('sudo the_command'). Then move the uploaded file to a temporary location that the apache user can write do (eg. create a 'tmp' directory in the doc root). Then use system("sudo mv \"$source\" \"$destination\""); to move the temporary file to it's final location.

You can find the apache user by executing <?php echo exec('whoami'); ?>. Then add the following entry to sudoers the-apache-user ALL=(ALL) NOPASSWD: ALL. Use visudo to add the sudoer entry.

Example:

$source  = $_FILES['Filedata']['tmp_name'];
$targetFile = '/usr/local/WowzaMediaServer-3.1.1/content/video.mp4'

$tempLocation = 'tmp/temp-file.mp4';

move_uploaded_file($source, $tempLocation);

system('sudo mv "' . $tempLocation . '" "' . $targetFile . '"');

Edit: Related question - How to run PHP exec() as root?

Always you face a problem with your code, look at the server log or easier turn on errors display. That said, your problem could be related to upload_tmp_dir setting. Check what a phpinfo() tells about that or look at your php.inifile.

A better solution would be to write the file somewhere where you can write (i.e. under the webroot) and then create a symlink from the media directory to be to where you wrote it.

For example:

• Web Root is /var/www/html
• You want it at /usr/local/WowzaMediaServer-3.1.1/content/
• Create directory /var/www/html/mediaserver/content/
• Make permissions on /var/www/html/mediaserver/content/ 777 (so apache can write to it)
• Copy files from /usr/local/WowzaMediaServer-3.1.1/content/ to /var/www/html/mediaserver/content/
• Delete /usr/local/WowzaMediaServer-3.1.1/content/ (just the "content" directory)
• Create symlink from /usr/local/WowzaMediaServer-3.1.1/content/ to /var/www/html/mediaserver/content/

Then you have permissions to read/write, and the media server should too. Only issue would be if the media server is trained not to read symlinks - but you can find that out quickly enough.