Is it possible to edit the values (say, admin logon/password) in a config file (say, config.php) WITHOUT editing the php script config.php?? In other words, can I write another file (configeditor.php) that will alter the values (or just SOME) based on data entered into in a form?? To do this would I have to use the set function? (if that doesnt make sense - sorry, I found out about it http://www-128.ibm.com/developerworks/opensource/library/os-php-config/ , but dont really understand what it means. Thanks a lot, Paul
You could do this by File object,, or there is another way to write a full config file using new user/password.... you have to apply chmod to writable for config.php before doing this
<? if(!function_exists("file_put_contents")) { function file_put_contents( $filename, $data, $mode = "w+" ) { $h = @fopen($filename, $mode); if(!$h) { return false; } if(fputs($h, $data)) { @fclose($h); return true; } @fclose($h); return false; } } function write( $filename, $data ) { $old = @str_replace(array("<?", "?>"), array("", ""), file_get_contents( $filename )); $new = ""; if(!is_array($data)) { return false; } foreach($data as $key => $value) { $old = stripline( $key, $old ); $new .= "\$" . stripslashes(trim($key)) . " = \"".stripslashes(trim($value))."\";\n"; } if($new == "") { return false; } if(@file_put_contents( $filename, "<?\n\n" . $old . $new . "\n?>" )) { return true; } return false; } function stripline( $with, $data ) { $data = @split( "\n", $data ); foreach( $data as $key => $value ) { if(!preg_match("/\\$$with/si", $value ) and $value != "") { $return .= $value . "\n"; } } return $return; } if($_POST) { if(@write("config.php", $_POST)) { echo "Config Written"; } else { echo "Config NOT written"; } } ?> <form action="" method="post"> <input type="text" name="admin_user" /> <input type="text" name="admin_pass" /> <input type="submit" value="SAVE" /> </form> PHP: config.php needs to have the same data structure as the form, like this <? $admin_user = "username"; $admin_pass = "pass"; ?> PHP: Things to remember, keep the config file neat, comments will be stripped so will anything other than the variables and thier values.... also, if php has write access to the folder where the script resides the config.php file will be created from scratch if it's not found ....
As a recommendation, don't make your config file writeable. I agree that it is common practice for web applications to require it as such to do the initial install but some people forget to throttle permissions back to something sensible afterwards. I suggest you define the DB connection parameters in the config.php file and pull the rest of the application settings from DB. Further, I don't suggest using arrays or variables for settings. Instead use define() which is immutable through the life of the script. Just my 2 cents... Bobby
if you wanted to you could make the config file change the text to define those variables also, having writable permissions on config files is pretty common, if your server is setup correctly only you will be able to access them so it's not an issue in the correct environment.
oh my...when you grow up to be a programmer you'll look back on these posts and shake your head. Bobby
I'm grown up enough thanks, like I said in the right conditions you wont have to worry about permissions, more and more shared hosting companies use phpsuexec as a security measure meaning the files cannot be opened for reading or writing no matter what thier permissions are, it's even the default settings when you install a bleeding edge cpanel, so soon will be the norm.
Your posts allude to your inexperience in creating applications meant for public consumption. What happens if you create an application that eventually moves to a different host with a different configuration? You are counting on environment when security starts with good architecture and code level measures. I agree you might get away with that if you're building an application for yourself...on your server...and you configured it. However, if you're coding it professionally (for compensation) it is your JOB to know these things. Bobby
Whoa...slightly off topic? Seems to have turned into a progammer vs. programmer thread. Thanks v. v. much for the idea krakjoe no matter how much Chemo disagrees. It will come in useful definitely.