Msg#: 4535375 posted 11:24 pm on Jan 11, 2013 (gmt 0)
I want to be able create new .php files from a form with:
touch fopen fwrite fclose
It works on my server. My new .php file content begins with <?php and ends with ?> as it should, and the coding is in correctly, all as sent by the form. I know it's more normal to write to a .txt file so I'm wondering how reliable writing .php files is on all servers (not just mine).
Msg#: 4535375 posted 9:34 pm on Jan 20, 2013 (gmt 0)
Boy oh boy are you opening the door to get hacked by allowing this type of action. I would never allow this, period. First, what exactly is it you are attempting to accomplish? Perhaps there is a better solution.
Msg#: 4535375 posted 10:34 pm on Jan 20, 2013 (gmt 0)
Thanks for the reply. I have built a small flat file CMS that creates new pages using a password protected form. Each 'page' consists of a text file (the content) and a .php file (the output script). It has worked well for me for a number of years. However, the CMS is available to anyone who wants to download the scripts. I have seen some examples of websites other people have created with my system but I have no way of knowing whether it is reliable on all servers (Apache only). In other words, will the system work for everyone?
I hope that explains the reason for the question. I was wondering if 'touch', 'fwrite' etc can write any type of file in addition to text files and to what extent some Apache servers might impose restrictions on writing certain types. One example is .htaccess.
Msg#: 4535375 posted 11:00 pm on Jan 20, 2013 (gmt 0)
You can set permissions to read/write/execute however you wish for whatever file extension types you wish, including per-directory override files (.htaccess). But, as I said, this is a very scary practice.
Msg#: 4535375 posted 11:40 pm on Jan 20, 2013 (gmt 0)
The admin has to be able to write files from a form on a password protected page. It's the only way my CMS can work. If someone hacks past the password protection they can delete the whole website, I realise that (the same applies to WordPress). What I am trying to understand is whether a valid user will always be able to write new files to the server without setting up any special permissions.
Msg#: 4535375 posted 2:53 pm on Jan 22, 2013 (gmt 0)
I was wondering if 'touch', 'fwrite' etc can write any type of file in addition to text files and to what extent some Apache servers might impose restrictions on writing certain types. One example is .htaccess.
PHP files are text files and they don't necessarily need to have a .php file extension to be parsed by PHP so I don't see why a server would impose any kind of write restriction on these files (other than changing the usual file perms).
The other problem with writing directly to PHP files is that if anything invalid should get written that results in a fatal (untrappable) parse error when the file is later included then your system breaks.
One example is .htaccess.
Does Apache impose additional restrictions on writing to .htaccess?