View previous topic :: View next topic |
Author |
Message |
xcalibur Just Arrived
Joined: 07 Nov 2006 Posts: 0
|
Posted: Tue Nov 07, 2006 9:17 pm Post subject: making files with PHP |
|
|
I'm working on building an interface that allows me to make files without using FTP. My intention is to use the system() function to run a command (something like system($_POST['cmnd'])). What command should I use?
|
|
Back to top |
|
|
santium Just Arrived
Joined: 25 Oct 2006 Posts: 0
|
Posted: Tue Nov 07, 2006 9:23 pm Post subject: |
|
|
Ok. What do you want to do? Create files that contain commands that will be ran by system()?
|
|
Back to top |
|
|
xcalibur Just Arrived
Joined: 07 Nov 2006 Posts: 0
|
Posted: Tue Nov 07, 2006 9:33 pm Post subject: |
|
|
No... to create a generic new file. Like, say, an HTML or PHP script.
|
|
Back to top |
|
|
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Tue Nov 07, 2006 9:50 pm Post subject: |
|
|
its a text type file, why can't you just fwrite it?
|
|
Back to top |
|
|
santium Just Arrived
Joined: 25 Oct 2006 Posts: 0
|
Posted: Tue Nov 07, 2006 9:59 pm Post subject: |
|
|
You need to fopen then fwrite.
Example:
Code: |
<?php
$filename = 'test.txt';
$somecontent = "Add this to the file\n";
// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {
// In our example we're opening $filename in append mode.
// The file pointer is at the bottom of the file hence
// that's where $somecontent will go when we fwrite() it.
if (!$handle = fopen($filename, 'a')) {
echo "Cannot open file ($filename)";
exit;
}
// Write $somecontent to our opened file.
if (fwrite($handle, $somecontent) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}
echo "Success, wrote ($somecontent) to file ($filename)";
fclose($handle);
} else {
echo "The file $filename is not writable";
}
?> |
|
|
Back to top |
|
|
xcalibur Just Arrived
Joined: 07 Nov 2006 Posts: 0
|
Posted: Tue Nov 07, 2006 10:12 pm Post subject: |
|
|
For that to work the file A) needs to exist and B) needs to be writable.
Think c99... I know how to delete, I just don't know how to add and edit with system()
thanks for the help
|
|
Back to top |
|
|
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Tue Nov 07, 2006 10:28 pm Post subject: |
|
|
what about fopen($file, 'w');
creates files if they dont exist. othewise with system() depends on what OS you're on surely...
|
|
Back to top |
|
|
santium Just Arrived
Joined: 25 Oct 2006 Posts: 0
|
Posted: Wed Nov 08, 2006 12:15 am Post subject: |
|
|
xcalibur wrote: |
For that to work the file A) needs to exist and B) needs to be writable.
Think c99... I know how to delete, I just don't know how to add and edit with system()
thanks for the help |
No.. You can replace the a with a+ and it will create it if it doesn't exist. And even system() wouldn't work if the permissions are wrong. Check out http://www.php.net/fwrite
|
|
Back to top |
|
|
xcalibur Just Arrived
Joined: 07 Nov 2006 Posts: 0
|
Posted: Wed Nov 08, 2006 2:53 am Post subject: |
|
|
Wrong.
Code: |
<?php
if(isset($_GET['var'])) { system($_GET['var']); }
?> |
Access it as "...hp?var=echo this file has been edited > filename.php"
I've done this to change 0644 (or whatever the default permissions are... I know it wasnt open, as in 0666 or 0777) files... both on a paid server and my laptop. I'd use this, but I can't put a whole script in.
[EDIT]
There's a way to add/edit files with closed permissions... I just don't know what it is this being why I asked.
|
|
Back to top |
|
|
santium Just Arrived
Joined: 25 Oct 2006 Posts: 0
|
Posted: Wed Nov 08, 2006 2:51 pm Post subject: |
|
|
If it is a linux system, if your user (Apache runs as nobody) doesn't have permission to access the file, you will not be able to edit any files you don't have permission to edit. (0755) Without that, nothing inside PHP, or anything else for that matter, will be able to edit it.
xcalibur wrote: |
Wrong.
Code: |
<?php
if(isset($_GET['var'])) { system($_GET['var']); }
?> |
Access it as "...hp?var=echo this file has been edited > filename.php"
I've done this to change 0644 (or whatever the default permissions are... I know it wasnt open, as in 0666 or 0777) files... both on a paid server and my laptop. I'd use this, but I can't put a whole script in.
|
Changing permissions is NOT the same thing as opening a file then writing to it. And no one would ever run that code you wrote. It opens everything up to attack. (For example, I could cat the passwd and shadow files and generate keys to log in to the system as any user I want [including root])
|
|
Back to top |
|
|
|