Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New Coder
    Join Date
    Mar 2012
    Posts
    91
    Thanks
    2
    Thanked 0 Times in 0 Posts

    dynamically change the write to text file name in php code

    Hi All,

    Using the example below I have a simple PHP file which will write sent data to a text file named 'Tom'.

    It would be possible to have another php that could write to a different txt file named 'Sally' by changing the $myTextFile = "Tom.txt"; to read $myTextFile = "Sally.txt";

    My question is. Is there a way to send a variable from the sending form as a name entered into an input field say to dynamically change Tom to Sally so only one php file needs exist to be able to write to more than one .txt file as and when needed.

    So for example an addition to php code below like in javascript may show it.... var changedName = document.getElementById("somename").value; could be shown as $myTextFile = "changedName" +.txt; or something in that fashion.


    Code:
    <?php
    # initialise variables
    $someinput = "";
    $data = array();
    $changed = false;
    $myTextFile = "Tom.txt";
    if (file_exists($myTextFile))
    $data = parse_ini_file($myTextFile, true);
    if (isset($_POST['userdata'])) {
    $data[$_POST['']]['someinput'] = $_POST['someinput'];
    $changed = true;
    }
    if ($changed) {
    $fp = fopen($myTextFile, 'a');
    ksort($data);
    foreach ($data as $key=>$dataArray){
    foreach ($dataArray as $k => $v){fwrite($fp, "$v\n");}}
    fclose($fp);
    }
    ?>

    An additional question about the above php. Is it possible to introduce a basic and simple password protection to stop the php executing an operation if the form did not send the correct password from an input field on the form.
    In the sense of simple I mean the actual password to be matched would be in the php code above and something like.... if ($thepasswordsent == "pass") { all the above php code } to encase the function. So if in the form an input field named thepasswordsent did not have the word required such as 'pass' the PHP write function could not execute.


    Martin.

  • #2
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    sure,

    just get another variable from the post;
    like $_POST['FileName'];

    PHP Code:

    <?php
    # initialise variables
    $someinput "";
    $data = array();
    $changed false;
    $myTextFile $_POST['FileName'];
    if (
    file_exists($myTextFile))
    $data parse_ini_file($myTextFiletrue);
    if (isset(
    $_POST['userdata'])) {
    $data[$_POST['']]['someinput'] = $_POST['someinput'];
    $changed true;
    }
    if (
    $changed) {
    $fp fopen($myTextFile'a');
    ksort($data);
    foreach (
    $data as $key=>$dataArray){
    foreach (
    $dataArray as $k => $v){fwrite($fp"$v\n");}}
    fclose($fp);
    }
    ?>

  • #3
    Senior Coder
    Join Date
    Aug 2006
    Posts
    1,208
    Thanks
    7
    Thanked 268 Times in 267 Posts
    Just be very careful of the security ramifications of this feature. A user of the form can enter any file name on your server, which will then be overwritten by your program. Pretty scary possibilities. I'd do something to force these files into a specific directory, or check the names to make sure there's not a potential issue.

    Dave

  • #4
    New Coder
    Join Date
    Mar 2012
    Posts
    91
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Hi Dave,

    Understood.

    The actual forms which send the data to the php file are NOT for public use, they are on a PC in the form of an editor which then sends data from the editors forms to the host to append an existing or make a new file in a specific folder location. The editor generates specific file names and the operator of the editor cannot change them.

    In addition, which was the other part of my original question, I have in place a simple password like this.... if(isset($_POST[userdata]) && $_POST[password] == "qwerty") to stop the file being written if the form does not send the indicated password and was just trying to get a view as to the best location to place such a password block, either right at the start so nothing happens or where I have it which does seem stop the file being made or written.

    My thoughts on the use of the password are that no one can read the .php file even if they know it's actual host address so the word for use is fairly safe. Then if by chance someone happened to actually know the address of the .php file which holds the writing code and made up there own form it is unlikely they would ever know or guess the password that would need to be used and therefore could not inject their own changes to an existing file name or make a new one. I am however all ears to any comments if I have misunderstood anything regarding the use of a password block.

    Martin.

  • #5
    Senior Coder
    Join Date
    Aug 2006
    Posts
    1,208
    Thanks
    7
    Thanked 268 Times in 267 Posts
    You're understanding the password business correctly, Martin.

    Dave

  • #6
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    721
    Thanks
    20
    Thanked 84 Times in 84 Posts
    if you dont want people who can access the file via ftp ie staff to know the password

    you can hash it with md5 or similar

    PHP Code:
    //md5("qwerty") = d8578edf8458ce06fbc5bb76a58c5ca4

    if(isset($_POST[userdata]) && (md5($_POST[password]) == "d8578edf8458ce06fbc5bb76a58c5ca4")) 
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  • #7
    New Coder
    Join Date
    Mar 2012
    Posts
    91
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Hi Arcticwarrio,

    Thanks for the suggestion but I have a question.

    I follow the idea you suggest and like the extra security, but if as you mention staff with a level of access to be able to enter the host with FTP were in the host storage I would have thought they could access and modify any file they wished to, or am I missing something here.

    Martin.

  • #8
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    721
    Thanks
    20
    Thanked 84 Times in 84 Posts
    looking at a password is one thing but editing a file is tracable
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  • #9
    New Coder
    Join Date
    Mar 2012
    Posts
    91
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Additional question has been moved.
    Last edited by SpidersWebHelp; 05-21-2013 at 08:50 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •