...

View Full Version : Help with posting data to text file



CloudWriter
12-08-2010, 03:35 PM
Is this considered a secure environment to prevent crossline attack, while posting programming code to a text file.
This is a quick editor to manage form code using a text editor.


Note:
The code would be stored in the database with the ability to edit, and posted to (overwriting) text file on submit.
In production the code would only be processed from the text file.



<?php
// ******************** SECURE LOGIN TO ACCESS DATABASE FILE ******************
session_start();
ob_start();
if($_SESSION[userdetails]->role != "Administrator") {
die("Access Denied! Please contact the administrator for permission");
}
require_once("plugins/connection.php");
// Check if he has the right info.
$sql = sprintf("SELECT * FROM users ORDER BY username ASC", $_SESSION[userdetails]->id);
$query = mysql_query($sql);
$username = $_SESSION[userdetails]->firstname ;
// ******************** SECURE ACCESS GRANTED SESSION STARTED ******************
// ******************** YOU MAY NOW EDIT THE FILE

$sql = "SELECT * FROM mycode WHERE file_id ='9901'";
$result = mysql_query($sql);
while($row = mysql_fetch_assoc($result)){
// ******************** ADD OR EDIT TEXT IN DATABASE WITH TEXT EDITOR
$your_data = $row[text_editor];
}
/// ******************* WRITE TEXT FROM DATABASE TO THE TEXT FILE
$fp = fopen("post_mydata.txt", "w");
fwrite($fp, $your_data);
fclose($fp);
// ******************** CLOSE THE CONNECTION AND REDIRECT YOU TO HOME PAGE
mysql_close($connection);
header("Location: ./index.php");
?>

CloudWriter
12-08-2010, 04:52 PM
Just curious if this is a safe way to write to a text file, or is my question unclear?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum