I'm never too thrilled with the idea of web-pages writing anything into anyone's home-directory. I suggest that you should designate one single directory – e.g. a root-level directory, possibly then subdivided – as being
"the (only) place that web-page code can write to." If you need to move the file somewhere else, feel free, but
"that's the one-and-only place to go looking for it."
This also simplifies permissions and helps avoid accidental compromise of "home directories." (The more elaborate you make things, the more likely it is that you'll screw something up
and not realize it.
) This clearly-distinct strategy also further ensures that "relative pathnames" won't bring surprises. (Use tools like
AppArmor to ensure that Apache can't get out-of-bounds.)
"A place for everything, and everything in its place."