I can't use fopen because PHP is in safemode and admin wont change this. How can I write a static html file using php?
With difficulty, unfortuantely. If your sysadmin has not set up user permissions that allow you to do this, then there's no general workaround. Other answers (e.g. FTP-ing) may work in certain circumstances (again, if user permissions allow it).
The only foolproof solution is to talk to the sysadmin.
You can only open (and thus write) to files in directories, that are permitted by the safemode settings.
You can use FTP.
You can still do with safe mode enabled
Beware: Safe mode will not permit you
to create new files in directories
which have different owner than the
owner of the script. This typically
applies to /tmp, so contrary to Unix
intuition, you will not be able to
create new files there (even if the
/tmp rights are set correctly).
If you need to write into files in
/tmp (for example to put logfiles of
your PHP application there) create
them first on the command line by
doing a
touch /tmp/whatever.log
as the same user who owns the PHP
script. Then, provided the rest is
configured correctly, the PHP script
will be able to write into that file.
http://php.net/manual/en/features.safe-mode.php
Related
It sounds perhaps hackish but if I use file_put_contents to write a .php file, what permissions does the file get? I couldn't find any documentation regarding what permissions file_put_contents sets. (Assuming the file did not exists before).
In this case this file is not written from any user input or even from the web at all.
This would typically be 644 for a user.
But it can depend on the application setting that called the function. You can modify the default creation permissions for httpd and lot's of other applications.
You said, it's not from any user input or the web. But however it's called, there will be an associated user.
I have a situation where I want to protect a file from public access, but enable read and write from php. The file contains sensitive information like passwords.
The problem is that
I cannot put the file outside the web root (server security restriction on access from php)
I would like to avoid mysql database.
Also I would try to avoid .htacess files.
So if I make a folder, say private, in the web root, and do
chmod 700 private
Then, if the file to protect is private/data, I do
chmod 700 private/file
will this be a safe setup? So now I can read and write to the file from php but it is not accessible for the public?
Is this a safe setup?
PHP runs as the same user as the webserver so if PHP can read it, so can your webserver (and vice versa).
If you don't want to use .htaccess there is another trick: save the file as a .php file. Even if someone accesses the file from the web they can't see the source, they might just get a white page or maybe an error depending on what exactly is in the file.
If you're running suPHP or fastCGI php, you can use a setup similar to what you've described to limit access to files. Otherwise, PHP will use the same user as the web server, and any file PHP can access is also accessible via url.
If want to keep the restrictions stipulated (which are rather strange), and as (i guess) you do not wish/have access to apache config directives, consider adding PHP to some group and give the group only rights to the file, ie. apache cannot read (if its not in root/wheel).
Or make it a valid .php file (so only php would be invoker when the file is requested) which returns nothing or redirects when invoked with php. or just cipher it.
Is it possible to arrange file permissions/group ownership/etc in such a way that a file can be read by the function readFile() for a forced download, but it cannot be downloaded by navigating to the literal url of the file?
Maybe you could add the user that is running apache / php to the group that owns the file. And set config to read and write for owner and owner group, and no permission at all for others. (-rwxrw---- 0r 0760)
Never tested it, but it should work.
The Apache user will need read permissions. To prevent it from being navigated to, the best (and easiest) solution is to store the file outside of the web folder.
I want list files of a particular directory using php exec function. I have used this
exec('ls /home/vikas/hft/a5/traders/sa/*.bin', $NameOfBinaries);
code for listing the bin files from /home/vikas/hft/a5/traders/sa/ directory. It works fine when I run the script in CLI mode but when I run in browser it return empty array.
Apache probably doesn't have rights to read files in your home directory.
Why not move the files somewhere that Apache can see them and use PHP's readdir() function?
http://php.net/manual/en/function.readdir.php
You can use the glob() PHP function instead, enabling error reporting and stopping at first error, like this:
error_reporting(E_ALL);
ini_set('display_errors',1);
ini_set('display_startup_errors',1); // This is not necessary, but can add info
$nameOfBinaries = glob( '/home/vikas/hft/a5/traders/sa/*.bin', GLOB_ERR );
Please note: the GLOB_ERR flag works only with PHP versions above 5.1.0.
Moreover, this seems a permission issue, so you can check if you have the correct access permissions to the directory:
$handle = fopen("/home/vikas/hft/a5/traders/sa/", "r");
echo ($handle===false)? "Readable dir":"Unreadable dir";
This, in turn, is due to the different users under which the PHP webserver and commandline binary run, i.e. when run from the commandline, PHP inherits permissions from the currently logged user, while, when run from the web, it inherits user permissions from the webserver (Apache/ISS or whatever).
To be able to read that dir (when run from the web), appropriate permissions must be set on that directory. It must be readable from the user or group under which the webserver runs.
If you have an Apache server, in httpd.conf the User and Group directives contain respectively the user name and group name under which Apache will run.
If you cannot access server config, you should contact your system administrator asking for read permissions of that directory. A less secure option would be to set that directory (via FTP or shell) as "world readable".
Make sure that the user-account -- that the webserver runs as -- has permission to read that directory.
How about system? http://au.php.net/manual/en/function.system.php
Don't use external functions for this, but instead use built-in PHP directory functions.
I have a file in my project folder.How i can i give file write permission using php.I used this code
chmod($file,0777);
But it giving an error
Warning: chmod() [function.chmod]: Operation not permitted
The file is created by another user.Is their any way to do this .Thanks in advance
This happens because PHP does not have rights to do the change. The user under which PHP runs is usually the web server's user and different from the user you use to add files.
You generally only do chmod on files created with PHP. To be able to do this on other files you need to change the owner (chown).
The current user is the user under
which PHP runs. It is probably not the
same user you use for normal shell or
FTP access. The mode can be changed
only by user who owns the file on most
systems.
From http://php.net/manual/en/function.chmod.php
Well - you just can't if it says you are not permitted to.
Point is - the file belongs to some user and group, most likely root:root - and you are just a user on the server. If root's the owner of that file, you can't change the permissions at all.
Notes:
$file must be a filename. If you put the handle there, the file (most likely) doesn't exists, but still.
Check if the filename is not beginning with / or something. Try different variations.
you can install php via SUEXEC or SUPHP instead of mod_php which allows to change the user as which php is executed, still this dosnt solve anything if the owner is set wrong