Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    SWG
    SWG is offline
    New Coder
    Join Date
    Nov 2006
    Location
    Oklahoma City, Oklahoma, United States
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts

    PHP CHMOD. Allowing a Folder or File to Write Files

    Let me explain to you what I'm doing here... I'm creating a installation wizard/page for a automated user/member system in PHP (of course). Everything is to be done by the installation wizard so my clients may use it to have their own member system on their Web sites even though they don't know how to code one.

    There are three steps of the installation, during these steps, this is what happens:

    Step 1.) You enter the path to the directory in which the install file (installation.php) is stored and it CHMOD's it.
    Step 2.) You enter your MySQL database information and it writes it to a file (configuration.php). (WHICH REQUIRES CHMOD TO 777!)
    Step 3.) The query will run to create the members table in the database. If the query is successful, it will present the form to create the first administrator. If the query is not successful, it will present an error. (I haven't started the third step yet.

    Here's the code:

    Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="content-type" content="text/html;charset=utf-8">
    <meta name="author" content="Connor Hart-Bowlan">
    <meta name="keywords" content="data, database, install, installaion, system">
    <meta name="description" content="The installation page for the CHB Member System.">
    <meta name="robots" content="all">
    <title>CHB Member System Installation Wizard</title>
    <link rel="stylesheet" href="design/css/default.css" type="text/css">
    </head>
    <body>
        <div align="center">
            <div id="container">
    <?php
    if($_GET['step'] == "") {
    ?>
                <div id="content_module">
                   <h1>Welcome to the CHB Member System Installation Wizard</h1>
                   <p class="black">Hello, and welcome to the member system's installation wizard (page). Here you will install, setup, and customize your own member system into your Web site!</p>
                    <div align="right">
                       <p><a href="?step=1">Continue to the First Step »</a></p>
                    </div>
                </div>
    <?php
    } elseif($_GET['step'] == "1") {
        if(!isset($_POST['submit'])) {
    ?>
                <div id="content_module">
                   <h1>Installation Step 1: Path Information</h1>
                   <p class="black">First off, the member system will require the path to all the files for the member system to automatically CHMOD the path given. Please enter the path as it is required for the member system to function.</p>
                    <form method="post" action="installation.php?step=1">
                        <input type="text" name="path" size="30">
                        <input class="submit" type="submit" name="submit" value="Submit">
                    </form>
                   <p><i>If you are unsure what your path is, or what a path is, please visit <a href="manual/ii-b.html" target="blank">section II-B</a> of the CHB Member System manual.</i></p>
                </div>
    <?php
        } else {
        $path = $_POST['path'];
        chmod($path, 0777);
        }
    } elseif($_GET['step'] == "2") {
        if(!isset($_POST['submit2'])) {
    ?>
                <div id="content_module">
                   <h1>Installation Step 2: Database Information</h1>
                   <p class="black">Second, the member system will require a database to store all the members in. Please enter and submit this information as it is required for the member system to function.</p>
                    <form method="post" action="installation.php?step=2">
                        <table align="center" border=\"0\" cellspacing=\"10\" cellpadding=\"0\">
                            <tr>
                                <td width="150">
                                Database Name:
                                </td>
                                <td>
                                <input type="text" name=\"database_name\" size=\"25\">
                                </td>
                            </tr>
                            <tr>
                                <td width="150">
                                Database Host:
                                </td>
                                <td>
                                <input type="text" name="database_host" value="localhost" size=\"25\">
                                </td>
                            </tr>
                            <tr>
                                <td width=\"150\">
                                Database User:
                                </td>
                                <td>
                                <input type="text" name="database_user" size="25">
                                </td>
                            </tr>
                            <tr>
                                <td width=\"150\">
                                Database User Password:
                                </td>
                                <td>
                                <input type="text" name=\"database_user_password\" size=\"25\">
                                </td>
                            </tr>
                            <tr>
                                <td width="150">
                                </td>
                                <td>
                                <input class="submit" type="submit" name="submit2" value="Submit">
                                </td>
                            </tr>
                        </table>
                    </form>
                </div>
    <?php
        } else {
            $database_name1 = $_POST['database_name'];
            $database_host1 = $_POST['database_host'];
            $database_user1 = $_POST['database_user'];
            $database_user_password1 = $_POST['database_user_password'];
                $file_contents = "<?
                \$database_name = \"$name\";
                \$database_host = \"$host\";
                \$database_user_password = \"$pass\";
                \$database_user = \"$user\";
                \$connect_db = mysql_connect(\$database_host,\$database_user,\$database_user_password);
                mysql_select_db(\$database_name) or die(\'Error: could not connect to database.\');
                ?>";
                $file_open = fopen('configuration.php', 'w');
                fwrite($file_open, $file_contents);
                fclose($file_open);
        }
    }
    ?>
            </div>
        </div>
    </body>
    </html>
    You can view a temporary upload of the file here: http://www.connorhb.com/installation.php

    I've considered changing "chmod($path, 0777);" to "$chmod = chmod($path, 0777);" but I thought I should just ask you people on the forums first.

    Thanks in advance.
    Signatures are for squares.

  • #2
    Mega-ultimate member
    Join Date
    Jun 2002
    Location
    Winona, MN - The land of 10,000 lakes
    Posts
    1,855
    Thanks
    1
    Thanked 45 Times in 42 Posts
    What would be the benefit of assigning it to a variable? According to php.net, chmod returns a boolean, so the value of $chmod would either be "true" or "false". I suppose if you wanted to use that later on in the script, it might be worth it. Otherwise, I'd leave it as is.

    Also, be careful not to pass straight user input into a file function like chmod (or fopen, fsockopen, etc). Someone might enter something like "/etc/passwd" and be able to ruin your system.

  • #3
    SWG
    SWG is offline
    New Coder
    Join Date
    Nov 2006
    Location
    Oklahoma City, Oklahoma, United States
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It doesn't really matter. Apparently not all servers allow CHMOD'ing in PHP or something. I tested it on three different hosts, and it worked on one. I think maybe it's just an insecure way to do it.

    I took a look at PHP.net and apparently it does it for sure if you are connected with FTP(?). I'll see if I can connect with FTP then have it CHMOD.

    I'll probaby make a thread about it because from what I see now, I'm a bit confused.
    Signatures are for squares.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •