Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Editing files automatically from a php script

Status
Not open for further replies.
musichax0r

musichax0r

Programmer
Sep 19, 2003
10
US
Hi all,

I've written a php script/web page form which finds certain files and modifies them according to the user's choices. I currently have two different versions: One that can be executed through a web page form and one that can be run from the command line. My problem is one of user rights. Normally, it is not possible to make changes to files on the web server through a web page because the apache user doesn't have write permissions on any files. So, how can you get around this? Here are the ways that the script can be executed the way I understand it. One additional way not listed below is using the php POSIX functions to execute the script as a particluar user, but I am sure that most people's hosting companies don't allow this these functions. PLEASE correct me if I am wrong or if there is another or better way.

POSSIBILITIES:

1) Web Based Locally
Requirements:
a) Apache/mySQL/PHP installed on your local machine. Basically this must be a repication of your production web server environment.
b) Read/Write/Execute Access on all files.
- The apache user which is assigned to run all http connections must have full access rights to all files OR you must change the permissions to be 777 on all files.
- If you have created a user with full access rights, then you can upload your installation to production without having to modify any permissions. If not, and you changed permissions, you must change the permissions back to an acceptable production state.

2) Web Based Remote
Requirements:
a) Production web server environment (Apache/mySQL/PHP etc...)
b) Read/Write/Execute Access on all files.
- It is not possible to allow the apache user to have full access rights on a production server, so you must change the permissions to be 777 on all files
- This is acceptable ONLY on a test installation. Never "chmod 777" your production installation. You can perform the installation on a test site, and change the permissions back to an acceptable production state and THEN move it into production.

3) Shell Based Locally
Requirements:
a) A web server installed locally is NOT needed, however, mySQL and PHP are required.
b) The user running the script must have full access to all files. (NO need to chmod 777.)
NOTE: The user in this case is any user logged into Linux/Windows which has the appropriate access rights.

4) Shell Based Remote
Requirements:
a) Production web server environment (Apache/mySQL/PHP etc...)
b) The user running the script must have full access to all files. (NO need to chmod 777.)
NOTE: This user is significantly different than the user referred to in the "Web Based" version. The shell user is the user you were assigned by your hosting company and NOT the apache user which has been assigned to http connnections. Basically, this is the Linux/Windows user.
 
Sort by date Sort by votes
I have to say that I really don't understand what you are asking for.
 
Upvote 0 Downvote
I thought that might happen. Ok, well here is another way to phrase it: How do you write a php web page which can modify files on the server that you don't want just any user to be able to modify? The form allows the user to select various options which, if selected, insert or replace code in the core files of the site. Basically the changes completely alter the way the site behaves because they are directly changing the php code in the files. Obviously if this were easily possible, you would have random people changing the code on your site at will. So, you want to allow yourself to perform this task, but no one else. See, the files you want to modify have restrictive permissions on them so they can't be modified by just anyone, but you want to be able to use the web form to alter the files. The way I see it, there must be a way to log in as a certain user which has rights to change the files (such as the php POSIX functions I mentioned) or you must temporarily change the rights on all the files and then change them back when you are done. Please let me know if you still don't understand. Maybe there is some really easy way to do this that I am just not seeing or don't know about. I am fairly new to web programming, however I am experienced in other areas.
Thanks.
 
Upvote 0 Downvote
The script works on my local web server because I the apache user has full rights to everything. Obviously this is not possiblel on a production web server.
 
Upvote 0 Downvote
PHP's filesystem functions are not necessarily limited to files in the current document root.

Depending on the settings of safe_mode and open_basedir, you can manipulate files outside of the current web site.

Put the files outside of any document root and let PHP modify them. They'll be completely unavailable to the Apache virtual web server.

For more information:
Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Actually, the files that are modified are in the document root. The script modifies files for a php ecommerce system. Users create contributions which can be integrated into the store, but other users must add and remove code from the php files manually in order to make the contribution work. I have created a system which automatically edits the files for the user.

Maybe I'm missing something, but I think in most cases, the user will not be able to use the script through the web page form because they will get access denied errors. If they chmod -R 777 their entire store before they run the script (through the web page form) it would work fine, but this isn't the best way to do things.

Its like some php file manager's I've seen. They have the ability to edit files on the server, but if the permissions aren't right, the file can't be saved.
 
Upvote 0 Downvote
Ok, so you give the web server's user or group permissions to write to the files. Then any person that visits the page has these same permissions and can modify the files?
 
Upvote 0 Downvote
Well, I suppose. But your metaphor of web-server operation is a little off.

A better question is, "Then any person that has permission to visit the page has the ability to cause the web server to run a script that will use permissions granted to the server's userid to modify the files?"

The answer to that question is, "Yes". But the operative phrase becomes "any person that has permission to visit the page". This is where user permission systems between the web server and user come in.

Apache provides a user authentication mechanism through the use of .htpasswd files (At the most basic. There are also other methods available through Apache). You can also create a user authenticaion system using PHP code.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Point taken, however if the files were protected with .htaccess, no one could shop at the store unless they had a username and password...not exactly the best way to make a sale.

So, I'd like the files to be accessible to everyone and changeable by the script/admin running the script. I still don't see a way to keep the file permissions the same (so that they aren't all 777) and keeping the apache user with restriced rights, but still being able to run the script through a web form which does have rights to modify the files. I think what I need is a way to run the script as a certain local user with the correct rights. The only ways I know of (in theory, I've never done it myself) are to use the apache suEXEC module or using the php POSIX functions. The problem with both of those methods are that I'm trying to make this user friendly and not all hosts will support those methods. I'm not trying to be a PIA, I'm just trying to dig as far as I can to find the most acceptable way to accomplish the task.

Thanks.
 
Upvote 0 Downvote
Here's an idea - just to stimulate some thought:

What about putting those "customizable" parts of the scripts into a database? No matter what the host is, you'll be able to create database specific users that have very granular access rights.
The script editors have update/insert/delete privileges while the e-commerce public scripts just use the select only privileges user.

I assume that there is a database backend since you are talking about an e-commerce system.

This way you need not modify any files sitting in the filesystem. There is only little overhead with retrieveing the code.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cdlvj
  • Locked
  • Question
PHP Debugging
Replies
1
Views
293
cdlvj
cdlvj
W
  • Locked
  • Question
how to send checked row data in php
Replies
0
Views
140
wiltang2004
W
P
  • Locked
  • Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
441
Chris Miller
Chris Miller
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
492
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
391
PeDa
PeDa

Part and Inventory Search

Sponsor

Back
Top