Uploading a file is not working in Unity

I’ve been searching for a solution for this for a few days now and haven’t found anything (obviously) that works.

I’m trying to upload basic text files to my server from Unity so that players can share their levels. I’m using a php script to handle the file upload and I’ve tested the script using Postman and it works just fine. But it does not work within Unity via WWW & WWWForm, any (free) alternatives are welcome.

The error I’m getting:

Forbidden

You don't have permission to access /scripts/upload.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

PHP Script
<?php
//
// Uploads a user created maze (POST REQUEST)
//
// Parameters:
// author : the creator
// file : the uploaded file
//
// Returns:
// success : uploaded
// error : File wasn’t successfully uploaded
// no name : Uploaded file didn’t contain a name
// bad name : The given name contains profanity
// arg error : Not all parameters were passed
// no result : No post action was made
//

	// Configuration
	$dbhost 	        = 'localhost';
	$dbname	= 'dbname';
	$user 		= "dbuser";
	$pass 		= "dbpass";

	// Profanity check
	function is_profanity($q,$json=0) 
	{
		$q=urlencode(preg_replace('/[\W+]/',' ',$q));
		$p=file_get_contents('http://www.wdyl.com/profanity?q='.$q);
		if ($json) { return $p; }
		$p=json_decode($p);
		return ($p->response=='true')?1:0;
	}
 
	if ($_POST) 
	{
		if (isset($_POST['author'])) 
		{
			if ($_FILES['file']['error'] === UPLOAD_ERR_OK)
			{
				if ($_FILES['file']['name'] !== "")
				{
					$name 		= $_FILES['file']['name'];
					$author		= $_POST['author'];
					
					if (is_profanity($name) == 1)
					{
						echo "bad name";
					}
					else
					{
						try
						{
							$db = new PDO("mysql:host=$dbhost;dbname=$dbname",$user,$pass);
							
							$uploadfile = '/home/site/public_html/levels/' . $name;
							move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile);
							
							$insert = $db->prepare("INSERT INTO UserLevels (name, author, location) VALUES (:name, :author, :path)");
							$insert->bindParam(':name', $name, PDO::PARAM_STR, 255);
							$insert->bindParam(':author', $author, PDO::PARAM_STR, 255);
							$insert->bindParam(':path', $uploadfile, PDO::PARAM_STR, 255);
							$insert->execute();
								
							echo "success";
						} 
						catch(PDOException $e) 
						{
							echo 'genral error' .$e->getMessage();
						}
					}
				}
				else
				{
					echo "no name";
				}
			}
			else
			{
				echo "upload error";
			}
		}
		else
		{
			echo "argument error";
		}
	}
	else
	{
		echo "no result";
	}
?>

CS Code
public TextAsset testLvl;
public string name = “person”;

        void UploadMaze()
	{
		byte[] data = testLvl.bytes;
		string fileName = testLvl.name;

		WWWForm form = new WWWForm();
                form.AddField("author", name);
		form.AddField("file", "file");
		form.AddBinaryData("file", data, fileName, "text/xml");

		StartCoroutine(Request(new WWW(baseUrl + "upload.php", form)));
	}

        IEnumerator Request(WWW www)
	{
		yield return www;

		if (www.error == null)
		{
			Debug.Log("Success: " + www.text);
		}
		else
		{
			Debug.Log("Error: " + www.error);
			Debug.Log(www.text);
		}
	}

The Chmod on the script is 644 (default)
The folder is 755 (default)

Well, the error “403 Forbidden” as well as “404 Not Found” are server side errors. So it most likely is a problem on your server. It’s possible that you use a misformed request of some sort.

For example you add two fields with the same name “file”. That’s the point of that field anyways:form.AddField("file", "file");?

Do you use http or https? What’s your target platform and where do you test your code? In the editor or in a build?

Looks like I can get around this by simply creating the file with php (using fopen) and then writing the contents (using fwrite) from posting the text.