Write to .php pages with Php?

[boebi]

Is it possible to write a small script that allows me to write a php page?
I am not looking for a existing script, but for help on how to make one.

What I would like to do is make a small textbox, write in it what i want, and press submit. It will then write the body of the textbox to that php file.

Again, i am looking for help on how to make one.
Please do NOT give me other ways, like mysql or anything, just answer to my question, thanks.

 

[Eric]

Something like..

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Write to File</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Content-Language" content="en" />
</head>

<body>

<?php

if (isset($_POST['submit']) AND !empty($_POST['submit']))
{
	$content = trim(stripslashes($_POST['content']));
	$time = time();

	@touch("$time.php");
	@chmod("$time.php", 0666);

	// There's two ways this could be done, depending on the PHP version
	if (PHP_VERSION >= 5)
	{
		if (file_put_contents("$time.php", $content) === false)
		{
			echo "Could not write to file: $time.php";
		}
		else
		{
			echo 'Created!';
		}
	}
	else
	{
		if (!($fp = @fopen("$time.php", 'w')))
		{
			echo "Could not open/create file: $time.php";
		}
		else
		{
			fwrite($fp, "$time.php", strlen($content));
			echo 'Created!';
		}
		@fclose($fp);
	}
}
else
{
?>
<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
<div>
	<p>Content:</p>
	<p>
		<textarea name="content" rows="5" cols="80"></textarea><br />
		<input type="submit" name="submit" value="Submit" />
	</p>
</div>
</form>
<?php
}
?>

</body>
</html>

p.s: and this is no existing script, I wrote it "on the fly" :p

If you need any of it explained, let me know which parts, etc.

 

[boebi]

thanks, i will have a good look at this, on the first sight it looks great,thanks again +rep

 

[Peter]

just a note a php file is just a text file nothing more so as long as you use a standard server path to the file (as opposed to a url) it will act the same when you try and read/write to it

 

[boebi]

thanks, ill try figuring out everything now

 

[Amnezia]

So you taking text from a textbox and writing it in a php file.

Expect your website to be hacked fairly quickly.

 

[maximum]

So you taking text from a textbox and writing it in a php file.

Expect your website to be hacked fairly quickly.

I'd hope this is not put in a publically-known or linked-to area, or that it is password/login protected, and that the directory is permission-set so that the script can write to it but it is not writable by outside-of-the-domain scripts - an amost given. If so, this is not that big issue

 

[Peter]

So you taking text from a textbox and writing it in a php file.

Expect your website to be hacked fairly quickly.

That's an exact feature cpanel has,

 

[samuofm]

That's an exact feature cpanel has,

yea and it sits behind ssl on cpanel.

 

[StWA]

But shouldn't it be

    @chmod("$time.php", 0777);

if you want to be able to execute the file written?

 

[beaver6813]

Usually 755 or 766 should suffice (depends what is executing it, if its apache it depends what its running under, nobody etc), you only want to give enough permissions as necessary to do the job.

 

[monaco]

So you taking text from a textbox and writing it in a php file.

Expect your website to be hacked fairly quickly.

I'm in agreement on this one...if you don't know how to handle php so that you can write executable scripts, it worries me that you may not fully understand the ramifications and risks associated with what you're doing. Definitely secure this "feature"...

I'd say play with this on your own server behind a firewall or something...I can't really think of a practical use for this sort of feature in a production environment...

 

[Peter]

yea and it sits behind ssl on cpanel.

cPanel by default does not sit on a https connection so is not ssl protected. A host has to specifically set it up in a way that it is protected.