PDA

View Full Version : PHP and working with directories.




larswik
May 13, 2012, 03:57 PM
I am finishing my first PHP script. It works great on my computer and working with files on my server. But now as I upload my php file I am wondering if my links will work?

For example, this link I use to access a clients information.

somesite.com/apps/clients/redbarn/client_info.txt.

This works fin loading it from my home computer. But what if I want to place my php file in the 'clients' directory. Would my link still be the full URL to the file I want, or would it be the path from that point on like

/redbarn/client_info.txt



lee1210
May 13, 2012, 04:45 PM
The "normal" approach is allowing this to be configured. You could accept an argument with the path (commandline or query string), in a configuration file, etc. You can require this for the script to work at all so you can give a reasonable error.

-Lee

larswik
May 13, 2012, 05:25 PM
Hi Lee1210, it's been a while since you have helped me. I think I am a little over my head at the moment and trying to educate myself. I have a php script I wrote and works great on my local computer using XAMPP.

No I am trying to get it to run on my remote server and I'm having problems. I created this small script to test if it can write a file or not. It echos out the information fine but no txt file is written? The php file is here and it displays the info in the browser. http://sbtraveler.tv/test/myphp.php

<?php
echo 'Starting'.',<br>';

$fileLocation = 'http://sbtraveler.tv/test/test.txt';
$fp = fopen($fileLocation, "rb"); // get text file
$contents = stream_get_contents($fp);
fclose($fp);

echo $contents.'<br>'; //works and can see it

writeToFile($contents);

function writeToFile($file){
$location = "http://sbtraveler.tv/test/update_check.txt";
$fpw = fopen($location, "w+");
fwrite($fpw, $file);
fclose($fpw);
}
echo 'Done'.',<br>';
?>

I'm at a loss and don't know what to research to do this?

lee1210
May 13, 2012, 06:18 PM
This may come down to more of an administration issue than a coding issue. You need to have the user the web server runs as have write permission to the given directory/file. This is fairly dangerous for various reasons. I'd say for a start you'd create a new directory and assign such permissions. Controlling the size of this directory, etc. will be much more involved, but necessary to avoid a denial of service attack, and other nefarious deeds.

The other issue is if the host allows you to write files from PHP at all. This may be rare, but it seems like a possible precaution. I'd write add more echos throughout to see if an error is being encountered. I'm not big on PHP, but I'd guess that the open and write functions will return some status you can check/echo.

Good luck!

-Lee

larswik
May 13, 2012, 06:33 PM
Thanks lee. my iphone app iterates through a few hundred mod dates which takes time. I thought I would have a php file do the workload and write a txt file. the iPhone app would then just download the file and compare it to the last download for any mod date changes.

Writing the php script was kind of easy. Figuring out all of the server things to do it is a nightmare. Right now I am reading up on 'chmod' All the tutorials I am finding revolve around FTP things. Right click the file from within your FTP program and get info.

I thought this would be the easy part but it is harder then making the php script. But I am learning new things.

Thanks...

robvas
May 13, 2012, 08:34 PM
$location = "http://sbtraveler.tv/test/update_check.txt";



I really doubt you can open a file for writing this way. You'll have to use the relative path from where the PHP code runs on the server. You should be able to find the place your code executes from with $_SERVER['DOCUMENT_ROOT']

Echo that variable to see what it gives you, and use that to figure out how to get to the file you need to open. Then you'll have to make sure you have file permissions etc all setup properly for whatever user your web server runs as.

If it gave you '/var/www/larwsik/', you could do something like
$location = $_SERVER['DOCUMENT_ROOT'].'/test/update_check.txt'

Or something similar

larswik
May 14, 2012, 03:04 AM
Thanks robvas, tonight I had a huge learning break through. code writing in PHP was not that different then C. Thanks to Lee's help many years ago I got a good firm background in C.

It was a challenge figuring our the the permissions tonight, and the correct code to write a txt file but in the end it worked.

For the path I used ftp://user:pass@mySite.com/somefolder/myphp.php

It took most of the weekend and about 45 mins ago I started working. Lost to know.

smirking
May 14, 2012, 03:53 AM
Larswik, I'm having a little difficulty following your question and it seems like you've already discovered the answer you're looking for, but I can give you a tip that'll save you a lot of time if you want to read text contents from a file in its entirety and write it back to a different file.

Instead of dealing with fopen and having to open and close the file and set the file pointer, you can use file_get_contents() and file_put_contents().

http://php.net/manual/en/function.file-get-contents.php
Example: file_get_contents('/path/or/url/file.txt');

http://www.php.net/manual/en/function.file-put-contents.php
Example: file_put_contents('/path/or/url/file.txt', $content, FILE_APPEND);

FILE_APPEND is a settings flag. It's not a variable. You use it if you don't want to overwrite the current contents of the file.

larswik
May 14, 2012, 03:54 PM
Sorry smirking for being confusing. I did not have 1 problem but a few of them. 1 was the code and the other was dealing with permissions on my server which I have never had to do before.

But in order to make changes I had to provided the username and password and do it via an ftp://

ftp://user : password @mySite.com/somefolder/myphp.php

This allowed me to do what I needed. I did look at the file_put_contents manual before. I will look over it again though. I have no need to read in the file. The goal is to have my iphone app download this txt file and parse that information. I just needed my php script to create the txt file or overwrite it with the new content.

Last night I got it all working with Cron. But I am a little confused why I need to included my user and password in the to write the file if the php script is already sitting on my server? It is all happening internally and seems like a small security risk by including it in the file?

smirking
May 14, 2012, 05:16 PM
Hi larswik,

I'm going to make a guess as to what your issue is, but I'm still having some difficulty understanding exactly what the setup looks like. Can you repost your test script that you have running here?
http://sbtraveler.tv/test/myphp.php

Please repost it with the revisions you made to the file location with the username and password in it.

Now for my guess as to why you need to include your FTP credentials in your filepath... it's probably because your server has "allow_url_fopen" set to off, which is the default behavior in most PHP installs because it's a security risk to allow the server to read a remote file into your filesystem. If the wrong user gets a hold of that functionalty, it can be used to compromise your host.

The "allow_url_fopen" discussion shoudl be academic for your case because if your script is on the same host as the file you want to access, you don't need to reference the file as a URL and shouldn't be. Just change your file location to an absolute or relative path instead of a URL. If you have the option to reference a resource either as a path or as a URL always choose the path because it's more direct. Referencing local files by URL can sometimes lead to extreme performance slowdowns under certain conditions.

larswik
May 14, 2012, 11:00 PM
Actually you guessed right. I feel bad that I am not explaining my self accurately but I understood your description quite well. My php script works great. I was / am just a little insecure as to where I put the php document where it is safe.

I am still learning a lot about my server and how to make paths to files on my server. You are right about adding my credentials to my php file. I was worried that someone could navigate to that folder, download my php script, open it and see my credentials.

But I think I discovered the correct place to put php files. There seems to be a folder just before the 'public_html folder which is the main folder I guess. If I put my .php file in mysite.com/public_html/somefolder/my.php people can navigate to that folder and see the php file. But by placing that php file in my root directory I think it is called you can see it but if I would enter mySite.com/my.php it would run the script.

I hope I said all that right. I have an iphone app out but I have not had to do much work with FTP and working with directory paths.

Thanks though for you help.

smirking
May 15, 2012, 12:04 AM
Hi Lars,

Putting a file "just before" your public_html folder is usually referred to as locating a file "below the Web root" level. The Web root level is the folder where all files are exposed for public display.

That's a generalization. It's certainly possible to protect a file that's located above the Web root level or open expose content you have below the Web root level by tweaking some configuration settings.

robvas
May 15, 2012, 09:09 AM
But I think I discovered the correct place to put php files. There seems to be a folder just before the 'public_html folder which is the main folder I guess. If I put my .php file in mysite.com/public_html/somefolder/my.php people can navigate to that folder and see the php file. But by placing that php file in my root directory I think it is called you can see it but if I would enter mySite.com/my.php it would run the script.


You can configure the web server to run PHP files in any directory, if you want. But there are security issues if you allow that. Someone could upload their own code somehow and run it...

larswik
May 15, 2012, 04:18 PM
I think I need a good PHP book. I started learning it last week but it was so close to C that I already have a php file running smoothly as of this morning (thanks guys!). But I have no clue about security features I should use or even how to implement them. I have Cron executing my php file but I have no clue if it is using Apache, or how I even use Apache.

All my script dose is to look at a bunch of files and check to see if their mod dates have change. Then it takes that information and saves it to a txt file. Next time it runs it loads the last list and compares it to the new one for any modification dates. and updates the text file if there is.

This takes the work load off of my iPhone app doing this and speeds it up. So to really get a grasp of what is happening I need to do some reading.

Can you recommend a good book? PHP seems to be easy(like C) but I guess you can use it as an OOP or procedural, which I did procedural. I am more or less wondering about the server side and how Apache works, server permissions, security and such.

Thanks!