php Failed to open stream error for some users but not others

Question

I've been searching StackExchange topics on this error but not have found any that mirror what I'm experiencing.

My current state is that I have a web page that contains a visualization set up with d3.js where some of the objects are clickable. Upon clicking on one of them, a php script is executed via AJAX (with variables passed base on which object is clicked) by which a query is run to an MSSQL database that returns a list of images to be retrieved via FTP. So far I know that this part is working.

The code is hosted on a Win 2008 r2 server running IIS.

After retrieving the array of images, a loop is executed where I look to see if they have already been downloaded and, if not, the image is fetched via FTP in the loop below:

        if(in_array($fileName,$files)) {
            //*** Look to see if the image has already been FTP'd
            $fileTo = "C:/inetpub/wwwroot/IRIS/images/" . $fileName;
        } else {
            $FTP_HOST = $wrow["serverId"] . ".prod.com";

            // *** Create the FTP object
            $ftpObj = new FTPClient();

            // *** Connect
            try{
                $ftpObj->connect($FTP_HOST,$FTP_USER,$FTP_PASS);
            } catch (PDOException $uc) {
                header('Content-type: application/json');
                echo json_encode("Error making the FTP connection");
                die();
            }

            $fileFrom = $wrow["fileSpec"];
            $fileTo = "C:/inetpub/wwwroot/IRIS/images/" . $fileName;

            try {
                $ftpObj->downloadFile($fileFrom,$fileTo);
            }catch (PDOException $uc) {
                header('Content-type: application/json');
                echo json_encode("Error transfering the file");
                die();
            }
        }

The code makes it to the final try/catch loop, making a call to an FTP class that I have where downloadFile resides. Note that in making the connection the same username and password are used for all users.

In ftp_class.php the connection is as follows:

public function connect ($server, $ftpUser, $ftpPassword, $isPassive = false) {

    // *** Set up basic connection
    $this->connectionId = ftp_connect($server);

    // *** Login with username and password
    $loginResult = ftp_login($this->connectionId, $ftpUser, $ftpPassword);

    // *** Sets passive mode on/off (default off)
    ftp_pasv($this->connectionId, $isPassive);

    // *** Check connection
    if ((!$this->connectionId) || (!$loginResult)) {
        $this->logMessage('FTP connection has failed!',true);
        $this->logMessage('Attempted to connect to ' . $server . ' for user ' . $ftpUser, true);
        return false;
    } else {
        $this->logMessage('Connected to ' . $server . ', for user ' . $ftpUser);
        $this->loginOk = true;
        return true;
    }
}

and download file is as follows:

 public function downloadFile($fileFrom,$fileTo) {
    $asciiArray = array('txt','csv');
    $extension = end(explode('.',$fileFrom));

    if(in_array($extension,$asciiArray)) {
        $mode = FTP_ASCII;
    } else {
        $mode = FTP_BINARY;
    }

    if(ftp_get($this->connectionId,$fileTo,$fileFrom,$mode,0)) {
        $this->logMessage("file " . $fileTo . " successfully downloaded");
        return true;
    } else {
        $this->logMessage("There as an error downloading file " . $fileTo,true);
        return false;
    }
}

I manage security access to my application via Active Directory roles (this is all on a corporate intranet) but note, again, that the ftp username and password does not rely on these roles.

Here is the problem that I'm running into. If any server administrator tries to fetch, save on my server, and display, it works fine. If some users, who are not administrators, try to do the same it works fine but MOST users can't fully execute. Since the user has to write the files to the image folder (seen in the path above), I have made that folder shareable to the Active Directory role that I require for access and give them read and write priv's to that specific folder.

The error that is returned is:

Warning: ftp_get(C:/inetpub/wwwroot/IRIS/images/041351W0006010251F00000064I04.jpg): failed to open stream: Permission denied in C:\inetpub\wwwroot\dred\ftp_class.php on line 113

Warning: ftp_get(): Error opening C:/inetpub/wwwroot/IRIS/images/041351W0006010251F00000064I04.jpg in C:\inetpub\wwwroot\dred\ftp_class.php on line 113

Line 113 is the line that ftp_get is on (see above).

I have tried a few things in troubleshooting:

1. Give the Active Directory role administrator writes to my server (not something that I was going to keep, just experimenting): this worked
2. Give the Active Directory role full read/write/change access to the servers c-drive (again, just testing), as well as the inetpub and and wwwroot: did not work
3. Setting ftp_pasv() to True: did not work

I think that's it! Any advice would be much appreciated.

Answer 1

After many hours of troubleshooting I discovered the problem. As mentioned in the question, the goal was to FTP images to an images folder on my local server so that they could be embedded in a web page. Through Windows File Explorer I was trying to provide write access to this folder by SHARING the folder based on the AD role. This was not enough.

What solved the problem was to use the SECURITY tab under System Properties and to provide write access to the defined image folder to IIS_IUSRS. Once that was in place, the FTP process could write the image to the image folder.