homepage Welcome to WebmasterWorld Guest from 54.226.213.228
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Writing to .php file, not .txt
How reliable?
Patrick Taylor




msg:4535377
 11:24 pm on Jan 11, 2013 (gmt 0)

I want to be able create new .php files from a form with:

touch
fopen
fwrite
fclose

It works on my server. My new .php file content begins with <?php and ends with ?> as it should, and the coding is in correctly, all as sent by the form. I know it's more normal to write to a .txt file so I'm wondering how reliable writing .php files is on all servers (not just mine).

 

coopster




msg:4537792
 9:34 pm on Jan 20, 2013 (gmt 0)

Boy oh boy are you opening the door to get hacked by allowing this type of action. I would never allow this, period. First, what exactly is it you are attempting to accomplish? Perhaps there is a better solution.

Patrick Taylor




msg:4537806
 10:34 pm on Jan 20, 2013 (gmt 0)

Thanks for the reply. I have built a small flat file CMS that creates new pages using a password protected form. Each 'page' consists of a text file (the content) and a .php file (the output script). It has worked well for me for a number of years. However, the CMS is available to anyone who wants to download the scripts. I have seen some examples of websites other people have created with my system but I have no way of knowing whether it is reliable on all servers (Apache only). In other words, will the system work for everyone?

I hope that explains the reason for the question. I was wondering if 'touch', 'fwrite' etc can write any type of file in addition to text files and to what extent some Apache servers might impose restrictions on writing certain types. One example is .htaccess.

coopster




msg:4537811
 11:00 pm on Jan 20, 2013 (gmt 0)

You can set permissions to read/write/execute however you wish for whatever file extension types you wish, including per-directory override files (.htaccess). But, as I said, this is a very scary practice.

Patrick Taylor




msg:4537814
 11:40 pm on Jan 20, 2013 (gmt 0)

The admin has to be able to write files from a form on a password protected page. It's the only way my CMS can work. If someone hacks past the password protection they can delete the whole website, I realise that (the same applies to WordPress). What I am trying to understand is whether a valid user will always be able to write new files to the server without setting up any special permissions.

penders




msg:4538346
 2:53 pm on Jan 22, 2013 (gmt 0)

I was wondering if 'touch', 'fwrite' etc can write any type of file in addition to text files and to what extent some Apache servers might impose restrictions on writing certain types. One example is .htaccess.


PHP files are text files and they don't necessarily need to have a .php file extension to be parsed by PHP so I don't see why a server would impose any kind of write restriction on these files (other than changing the usual file perms).

The other problem with writing directly to PHP files is that if anything invalid should get written that results in a fatal (untrappable) parse error when the file is later included then your system breaks.

One example is .htaccess.


Does Apache impose additional restrictions on writing to .htaccess?

swa66




msg:4538354
 2:59 pm on Jan 22, 2013 (gmt 0)

I feel allowing the user running the httpd write acces to you docroot is asking for trouble.

Patrick Taylor




msg:4538381
 5:43 pm on Jan 22, 2013 (gmt 0)

PHP files are text files...


That's the answer I was looking for. Thanks.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved