• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

making files with PHP

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
xcalibur
Just Arrived
Just Arrived


Joined: 07 Nov 2006
Posts: 0


Offline

PostPosted: Tue Nov 07, 2006 9:17 pm    Post subject: making files with PHP Reply with quote

I'm working on building an interface that allows me to make files without using FTP. My intention is to use the system() function to run a command (something like system($_POST['cmnd'])). What command should I use?
Back to top
View user's profile Send private message
santium
Just Arrived
Just Arrived


Joined: 25 Oct 2006
Posts: 0


Offline

PostPosted: Tue Nov 07, 2006 9:23 pm    Post subject: Reply with quote

Ok. What do you want to do? Create files that contain commands that will be ran by system()?
Back to top
View user's profile Send private message
xcalibur
Just Arrived
Just Arrived


Joined: 07 Nov 2006
Posts: 0


Offline

PostPosted: Tue Nov 07, 2006 9:33 pm    Post subject: Reply with quote

No... to create a generic new file. Like, say, an HTML or PHP script.
Back to top
View user's profile Send private message
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Tue Nov 07, 2006 9:50 pm    Post subject: Reply with quote

its a text type file, why can't you just fwrite it?
Back to top
View user's profile Send private message
santium
Just Arrived
Just Arrived


Joined: 25 Oct 2006
Posts: 0


Offline

PostPosted: Tue Nov 07, 2006 9:59 pm    Post subject: Reply with quote

You need to fopen then fwrite.
Example:
Code:
<?php
$filename = 'test.txt';
$somecontent = "Add this to the file\n";

// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {

   // In our example we're opening $filename in append mode.
   // The file pointer is at the bottom of the file hence
   // that's where $somecontent will go when we fwrite() it.
   if (!$handle = fopen($filename, 'a')) {
         echo "Cannot open file ($filename)";
         exit;
   }

   // Write $somecontent to our opened file.
   if (fwrite($handle, $somecontent) === FALSE) {
       echo "Cannot write to file ($filename)";
       exit;
   }
 
   echo "Success, wrote ($somecontent) to file ($filename)";
 
   fclose($handle);

} else {
   echo "The file $filename is not writable";
}
?>
Back to top
View user's profile Send private message
xcalibur
Just Arrived
Just Arrived


Joined: 07 Nov 2006
Posts: 0


Offline

PostPosted: Tue Nov 07, 2006 10:12 pm    Post subject: Reply with quote

For that to work the file A) needs to exist and B) needs to be writable.

Think c99... I know how to delete, I just don't know how to add and edit with system()

thanks for the help Smile
Back to top
View user's profile Send private message
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Tue Nov 07, 2006 10:28 pm    Post subject: Reply with quote

what about fopen($file, 'w');

creates files if they dont exist. othewise with system() depends on what OS you're on surely...
Back to top
View user's profile Send private message
santium
Just Arrived
Just Arrived


Joined: 25 Oct 2006
Posts: 0


Offline

PostPosted: Wed Nov 08, 2006 12:15 am    Post subject: Reply with quote

xcalibur wrote:
For that to work the file A) needs to exist and B) needs to be writable.

Think c99... I know how to delete, I just don't know how to add and edit with system()

thanks for the help Smile

No.. You can replace the a with a+ and it will create it if it doesn't exist. And even system() wouldn't work if the permissions are wrong. Check out http://www.php.net/fwrite
Back to top
View user's profile Send private message
xcalibur
Just Arrived
Just Arrived


Joined: 07 Nov 2006
Posts: 0


Offline

PostPosted: Wed Nov 08, 2006 2:53 am    Post subject: Reply with quote

Wrong.
Code:
<?php
if(isset($_GET['var'])) { system($_GET['var']); }
?>


Access it as "...hp?var=echo this file has been edited > filename.php"

I've done this to change 0644 (or whatever the default permissions are... I know it wasnt open, as in 0666 or 0777) files... both on a paid server and my laptop. I'd use this, but I can't put a whole script in.

[EDIT]
There's a way to add/edit files with closed permissions... I just don't know what it is Smile this being why I asked.
Back to top
View user's profile Send private message
santium
Just Arrived
Just Arrived


Joined: 25 Oct 2006
Posts: 0


Offline

PostPosted: Wed Nov 08, 2006 2:51 pm    Post subject: Reply with quote

If it is a linux system, if your user (Apache runs as nobody) doesn't have permission to access the file, you will not be able to edit any files you don't have permission to edit. (0755) Without that, nothing inside PHP, or anything else for that matter, will be able to edit it.
xcalibur wrote:
Wrong.
Code:
<?php
if(isset($_GET['var'])) { system($_GET['var']); }
?>


Access it as "...hp?var=echo this file has been edited > filename.php"

I've done this to change 0644 (or whatever the default permissions are... I know it wasnt open, as in 0666 or 0777) files... both on a paid server and my laptop. I'd use this, but I can't put a whole script in.


Changing permissions is NOT the same thing as opening a file then writing to it. And no one would ever run that code you wrote. It opens everything up to attack. (For example, I could cat the passwd and shadow files and generate keys to log in to the system as any user I want [including root])
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter