Welcome to WebmasterWorld Guest from 54.227.1.130

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Writing to .php file, not .txt

How reliable?

     

Patrick Taylor

11:24 pm on Jan 11, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I want to be able create new .php files from a form with:

touch
fopen
fwrite
fclose

It works on my server. My new .php file content begins with <?php and ends with ?> as it should, and the coding is in correctly, all as sent by the form. I know it's more normal to write to a .txt file so I'm wondering how reliable writing .php files is on all servers (not just mine).

coopster

9:34 pm on Jan 20, 2013 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Boy oh boy are you opening the door to get hacked by allowing this type of action. I would never allow this, period. First, what exactly is it you are attempting to accomplish? Perhaps there is a better solution.

Patrick Taylor

10:34 pm on Jan 20, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks for the reply. I have built a small flat file CMS that creates new pages using a password protected form. Each 'page' consists of a text file (the content) and a .php file (the output script). It has worked well for me for a number of years. However, the CMS is available to anyone who wants to download the scripts. I have seen some examples of websites other people have created with my system but I have no way of knowing whether it is reliable on all servers (Apache only). In other words, will the system work for everyone?

I hope that explains the reason for the question. I was wondering if 'touch', 'fwrite' etc can write any type of file in addition to text files and to what extent some Apache servers might impose restrictions on writing certain types. One example is .htaccess.

coopster

11:00 pm on Jan 20, 2013 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You can set permissions to read/write/execute however you wish for whatever file extension types you wish, including per-directory override files (.htaccess). But, as I said, this is a very scary practice.

Patrick Taylor

11:40 pm on Jan 20, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The admin has to be able to write files from a form on a password protected page. It's the only way my CMS can work. If someone hacks past the password protection they can delete the whole website, I realise that (the same applies to WordPress). What I am trying to understand is whether a valid user will always be able to write new files to the server without setting up any special permissions.

penders

2:53 pm on Jan 22, 2013 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



I was wondering if 'touch', 'fwrite' etc can write any type of file in addition to text files and to what extent some Apache servers might impose restrictions on writing certain types. One example is .htaccess.


PHP files are text files and they don't necessarily need to have a .php file extension to be parsed by PHP so I don't see why a server would impose any kind of write restriction on these files (other than changing the usual file perms).

The other problem with writing directly to PHP files is that if anything invalid should get written that results in a fatal (untrappable) parse error when the file is later included then your system breaks.

One example is .htaccess.


Does Apache impose additional restrictions on writing to .htaccess?

swa66

2:59 pm on Jan 22, 2013 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I feel allowing the user running the httpd write acces to you docroot is asking for trouble.

Patrick Taylor

5:43 pm on Jan 22, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



PHP files are text files...


That's the answer I was looking for. Thanks.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month