write to .php pages with php?

boebi · 06-02-2007, 03:50 AM

Is it possible to write a small script that allows me to write a php page?
I am not looking for a existing script, but for help on how to make one.

What I would like to do is make a small textbox, write in it what i want, and press submit. It will then write the body of the textbox to that php file.

Again, i am looking for help on how to make one.
Please do NOT give me other ways, like mysql or anything, just answer to my question, thanks.

**Eric** · 06-02-2007, 04:19 AM

Something like..

PHP Code:

 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<title>Write to File</title>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<meta http-equiv="Pragma" content="no-cache" />

<meta http-equiv="Content-Language" content="en" />

</head>

 
<body>

 
<?php

 
if (isset($_POST['submit']) AND !empty($_POST['submit']))

{

    $content = trim(stripslashes($_POST['content']));

    $time = time();

 
    @touch("$time.php");

    @chmod("$time.php", 0666);

 
    // There's two ways this could be done, depending on the PHP version

    if (PHP_VERSION >= 5)

    {

        if (file_put_contents("$time.php", $content) === false)

        {

            echo "Could not write to file: $time.php";

        }

        else

        {

            echo 'Created!';

        }

    }

    else

    {

        if (!($fp = @fopen("$time.php", 'w')))

        {

            echo "Could not open/create file: $time.php";

????: NamePros.com http://www.namepros.com/programming/334586-write-to-php-pages-with-php.html
        }

        else

        {

            fwrite($fp, "$time.php", strlen($content));

            echo 'Created!';

        }

        @fclose($fp);

    }

}

else

{

?>

<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">

<div>

    <p>Content:</p>

    <p>

        <textarea name="content" rows="5" cols="80"></textarea><br />

        <input type="submit" name="submit" value="Submit" />

    </p>

</div>

</form>

<?php

}

?>

 
</body>

</html>

p.s: and this is no existing script, I wrote it "on the fly"

????: NamePros.com http://www.namepros.com/showthread.php?t=334586

If you need any of it explained, let me know which parts, etc.

boebi · 06-02-2007, 07:36 AM

thanks, i will have a good look at this, on the first sight it looks great,thanks again

+rep

Peter · 06-02-2007, 11:00 AM

just a note a php file is just a text file nothing more so as long as you use a standard server path to the file (as opposed to a url) it will act the same when you try and read/write to it

boebi · 06-02-2007, 11:21 AM

thanks, ill try figuring out everything now

Amnezia · 06-04-2007, 06:56 AM

So you taking text from a textbox and writing it in a php file.

Expect your website to be hacked fairly quickly.

maximum · 06-04-2007, 08:22 AM

Originally Posted by Amnezia

So you taking text from a textbox and writing it in a php file.
????: NamePros.com http://www.namepros.com/showthread.php?t=334586

Expect your website to be hacked fairly quickly.

I'd hope this is not put in a publically-known or linked-to area, or that it is password/login protected, and that the directory is permission-set so that the script can write to it but it is not writable by outside-of-the-domain scripts - an amost given. If so, this is not that big issue

Peter · 06-04-2007, 09:37 AM

Originally Posted by Amnezia

So you taking text from a textbox and writing it in a php file.

Expect your website to be hacked fairly quickly.

That's an exact feature cpanel has,

samuofm · 06-06-2007, 09:49 AM

Originally Posted by peter@flexiwebhost

That's an exact feature cpanel has,

yea and it sits behind ssl on cpanel.

StWA · 06-06-2007, 01:46 PM

But shouldn't it be

PHP Code:

      @chmod("$time.php", 0777); 

????: NamePros.com http://www.namepros.com/showthread.php?t=334586

if you want to be able to execute the file written?

beaver6813 · 06-06-2007, 02:34 PM

Usually 755 or 766 should suffice (depends what is executing it, if its apache it depends what its running under, nobody etc), you only want to give enough permissions as necessary to do the job.

monaco · 06-06-2007, 11:31 PM

Originally Posted by Amnezia

So you taking text from a textbox and writing it in a php file.

Expect your website to be hacked fairly quickly.

I'm in agreement on this one...if you don't know how to handle php so that you can write executable scripts, it worries me that you may not fully understand the ramifications and risks associated with what you're doing. Definitely secure this "feature"...
????: NamePros.com http://www.namepros.com/showthread.php?t=334586

I'd say play with this on your own server behind a firewall or something...I can't really think of a practical use for this sort of feature in a production environment...

Peter · 06-06-2007, 11:39 PM

Originally Posted by samuofm

yea and it sits behind ssl on cpanel.

cPanel by default does not sit on a https connection so is not ssl protected. A host has to specifically set it up in a way that it is protected.

06-02-2007, 03:50 AM	THREAD STARTER #1 (permalink)
boebi NamePros Regular Join Date: Oct 2006 Location: Inside your firmware....... Posts: 217	write to .php pages with php? Is it possible to write a small script that allows me to write a php page? I am not looking for a existing script, but for help on how to make one. What I would like to do is make a small textbox, write in it what i want, and press submit. It will then write the body of the textbox to that php file. Again, i am looking for help on how to make one. Please do NOT give me other ways, like mysql or anything, just answer to my question, thanks.

06-02-2007, 04:19 AM	#2 (permalink)
Eric Tech Support Join Date: Mar 2005 Posts: 4,944	Something like.. PHP Code: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Write to File</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Content-Language" content="en" /> </head> <body> <?php if (isset($_POST['submit']) AND !empty($_POST['submit'])) { $content = trim(stripslashes($_POST['content'])); $time = time(); @touch("$time.php"); @chmod("$time.php", 0666); // There's two ways this could be done, depending on the PHP version if (PHP_VERSION >= 5) { if (file_put_contents("$time.php", $content) === false) { echo "Could not write to file: $time.php"; } else { echo 'Created!'; } } else { if (!($fp = @fopen("$time.php", 'w'))) { echo "Could not open/create file: $time.php"; ????: NamePros.com http://www.namepros.com/programming/334586-write-to-php-pages-with-php.html } else { fwrite($fp, "$time.php", strlen($content)); echo 'Created!'; } @fclose($fp); } } else { ?> <form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>"> <div> <p>Content:</p> <p> <textarea name="content" rows="5" cols="80"></textarea><br /> <input type="submit" name="submit" value="Submit" /> </p> </div> </form> <?php } ?> </body> </html> p.s: and this is no existing script, I wrote it "on the fly" ????: NamePros.com http://www.namepros.com/showthread.php?t=334586 If you need any of it explained, let me know which parts, etc.

06-04-2007, 06:56 AM	#6 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 907	So you taking text from a textbox and writing it in a php file. Expect your website to be hacked fairly quickly. __________________ Webmaster Words

06-06-2007, 01:46 PM	#10 (permalink)
StWA First Time Poster! Join Date: Jun 2007 Posts: 1	But shouldn't it be PHP Code: `@chmod("$time.php", 0777); ????: NamePros.com http://www.namepros.com/showthread.php?t=334586` if you want to be able to execute the file written?

06-06-2007, 02:34 PM	#11 (permalink)
beaver6813 NamePros Regular Join Date: May 2005 Location: England Posts: 390 Follow @beaver6813	Usually 755 or 766 should suffice (depends what is executing it, if its apache it depends what its running under, nobody etc), you only want to give enough permissions as necessary to do the job. __________________ -Beaver6813.com - Web Developer Extraordinaire!

06-02-2007, 07:36 AM	THREAD STARTER #3 (permalink)
boebi NamePros Regular Join Date: Oct 2006 Location: Inside your firmware....... Posts: 217	thanks, i will have a good look at this, on the first sight it looks great,thanks again +rep

06-02-2007, 11:00 AM	#4 (permalink)
Peter NamePros Expert Join Date: Nov 2003 Location: Scotland Posts: 5,074	just a note a php file is just a text file nothing more so as long as you use a standard server path to the file (as opposed to a url) it will act the same when you try and read/write to it

06-02-2007, 11:21 AM	THREAD STARTER #5 (permalink)
boebi NamePros Regular Join Date: Oct 2006 Location: Inside your firmware....... Posts: 217	thanks, ill try figuring out everything now

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)