Announcement

Collapse
No announcement yet.

Problem with upload file in PROD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with upload file in PROD

    Hi,
    I already deployed the web to prod, all seems fine, except when I access forms with upload fields.
    After I browse the file, and click start, nothing happened. Just some kind of progress bar that isn't moving, and the status of the file is still pending upload.
    The problem also exists when I try to access the file that already in the database table. The link to the file is there, but it said the file does not exist.

    In development, everything is fine.

    I've tried the previous thread's workarounds. I've edited file index in \scriptcase\devel\lib\third\blueimp\index.php, and also change the directories in advanced deployment. I also edited index files in each forms related that have upload fields. Still didn't work when uploading.

    I can't find any solution for this bug. Has Scriptcase team fixed this? Or is there something I still need to do?

  • #2
    Most likely it's a security issue, you lack the rights of saving files in the requested directory.
    Albert Drent
    aducom software netherlands
    scriptcase partner, reseller, support and (turn-key) development
    www.scriptcase.eu / www.scriptcase.nl

    Comment


    • #3
      But there is no problem in development environment. And I set same folder for both.
      Can you tell me how to check the rights? and how to set it? I Windows Server 2008.,

      Many thanks!

      PS: I made a blank page containing html/php code for uploading file as a temporary solution. The uploaded file is moved to the requested directory successfully (that means it's not permission issue, right?). And there is no problem after deployment to PROD. But the problem is it's a little too tricky to link a blank page to existing form or grid. So still not a perfect solution either.
      Last edited by anjellz; 08-24-2015, 05:39 AM.

      Comment


      • #4
        On windows server in the directiry where you upload you have to allow the proper user (see https://support.microsoft.com/en-us/kb/313075) to have full access to the directory.
        See the quote: The IUSR_computername account is granted NTFS permissions for the folders that make up the Web sites on your server. However, you can change the permissions for any folder or file in your site. For example, you can use Web server permissions to control whether visitors to your Web site are allowed to view a particular Web page, upload information, or run scripts.

        ALternatively the solution is to create a special user and give that user the exact proper rights. Then run your IIS webservice under that user.
        This works for sure (since we do it here).

        Comment


        • #5
          We use Apache here.. development and prod are both using the same Windows Server 2008.
          I don't really understand how to configure webservice as usually I use it as it is.

          The problem with uploading seems to occur when using Scriptcase template only. Because I make a blank page containing some form with <input type=file>, and the files can be uploaded successfully and moved to any requested folder.

          (Sorry for the double threads in another subforum.)

          Comment


          • #6
            Originally posted by anjellz View Post
            We use Apache here.. development and prod are both using the same Windows Server 2008.
            I don't really understand how to configure webservice as usually I use it as it is.

            The problem with uploading seems to occur when using Scriptcase template only. Because I make a blank page containing some form with <input type=file>, and the files can be uploaded successfully and moved to any requested folder.

            (Sorry for the double threads in another subforum.)
            This is not an apache issue, but a directory rights issue. This could be complicated on windowsserver, we use plesk to do just that. If needed you could change the upload directory by using an advanced deploy where you can define these locations.
            Albert Drent
            aducom software netherlands
            scriptcase partner, reseller, support and (turn-key) development
            www.scriptcase.eu / www.scriptcase.nl

            Comment


            • #7
              We use apache too for the scriptcase dev environment AND for the deployment.
              On win 2008 you will see in the services an apachescriptcase8 (or similar I dont recall the exact name) service for you development environment.
              On win 2008 you should see another service for your deployment service, that is normally also named something like apache, tho it can be a different name. For example with uniform (another apache+php+mysql etc clone which we use) or uniserverz (also an apache thing).
              You can quickly find out which one it is, just turn the service off. If you cant login anymore then you have the right one.
              Do logout first!
              Anyway I assume you can find the service for the deployment. This one you can right click and study the properties. Here you find a Log On tab. Here you need to
              use another account which you can create on your computer. An account with a bit more rights.

              This is actually the trick we use to store sensitive data on a place
              somewhere on the drive where nobody can reach it via a normal www path. There is no way anyone can reach our sensitive data since the webserver doesnt translate any www path to a root path outside the www root.

              The issue is the requested folder. The user under which the requested folder is accessed should also have the rights to the requested folder.
              The default user is for apache is a limited user and thus it does not have the proper rights.
              Due to that reason you should either create a special user or change the rights of the apache service user so that it can access the requested directory.

              So my point is here: check the user under each apache service and change the rights for that user or use a new user with specific rights.
              Be very carefull of giving too many rights, you dont want people to access your windows dir or your root directory.

              Your windows event logger (view windows event logs, also named event viewer) holds a nice detailed log of things that go wrong and why. This info can hepl you to set things up properly.

              Comment


              • #8
                Originally posted by aducom View Post
                This is not an apache issue, but a directory rights issue. This could be complicated on windowsserver, we use plesk to do just that. If needed you could change the upload directory by using an advanced deploy where you can define these locations.
                I have tried with a number of different folders. Out of root folder,.. subfolder of the root,.. still not working.

                Originally posted by rr View Post
                We use apache too for the scriptcase dev environment AND for the deployment.
                On win 2008 you will see in the services an apachescriptcase8 (or similar I dont recall the exact name) service for you development environment.
                On win 2008 you should see another service for your deployment service, that is normally also named something like apache, tho it can be a different name. For example with uniform (another apache+php+mysql etc clone which we use) or uniserverz (also an apache thing).
                You can quickly find out which one it is, just turn the service off. If you cant login anymore then you have the right one.
                Do logout first!
                Anyway I assume you can find the service for the deployment. This one you can right click and study the properties. Here you find a Log On tab. Here you need to
                use another account which you can create on your computer. An account with a bit more rights.

                This is actually the trick we use to store sensitive data on a place
                somewhere on the drive where nobody can reach it via a normal www path. There is no way anyone can reach our sensitive data since the webserver doesnt translate any www path to a root path outside the www root.

                The issue is the requested folder. The user under which the requested folder is accessed should also have the rights to the requested folder.
                The default user is for apache is a limited user and thus it does not have the proper rights.
                Due to that reason you should either create a special user or change the rights of the apache service user so that it can access the requested directory.

                So my point is here: check the user under each apache service and change the rights for that user or use a new user with specific rights.
                Be very carefull of giving too many rights, you dont want people to access your windows dir or your root directory.

                Your windows event logger (view windows event logs, also named event viewer) holds a nice detailed log of things that go wrong and why. This info can hepl you to set things up properly.
                I've also checked the services, and the Apache is logged on as Local System, so it should have full control over file and folders, right?

                Maybe it didn't work because I skip the log out step...? I'll try again and maybe create new user (I didn't create the new one because I didn't think it was necessary to change from Local System user.)

                Anyway, thank you very much for the thorough explanation. I guess it means I'm not really far off from the correct steps.

                Comment


                • #9
                  Local System has no outgoing network rights as far as I know.
                  https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx

                  Check your system and apache error logs, they might give you the clue.
                  We have apache here running as a specific user with a few more rights otherwise we cant access certain remote directories.
                  So you could always use another user with a few more rights.

                  Comment

                  Working...
                  X