I'm currently makeing a page for someone and they need to be able to update their website via a web based interface... I have the bear bones of this web based interfece up and I was just wondering about 2 things first....
My update "who we are" or the main contents of index.php writes to file who.txt and index.php reads who.txt, when you request the php file for the we based updater it returns a form with a text box and a password box and a submit button. This text box for the main content automatically already contains the who.txt's contents so they can edit it rather then copy and paste and deal with html .......... when I request it, the html that has " <<< quotes in it is turned into /" or a slash and a quote. I am assumeing this is php's code for a quote, but when you request index.php and look at it, it has /" instead of " all over the place. This is no big deal but everytime they edit it it adds more slashes so now when i look at the source it has //////////////////////////////////" for every quote
SEcond of all is the form sends the request to update.php or who.php etc.... here is the source code of it:
<?
// Get the document root
// Set what will be written to file
$passwrd = $_REQUEST['passwrd'];
$outputstring = $_REQUEST['stringfile'];
//passwrd
if ($passwrd == "my_password_here"){
$filename = 'who.txt';
$outputstringtwo = file_get_contents($filename);
// Set file for opening
$fp = fopen("who.txt", 'w');
echo ("File main.txt has been opened<BR>");
$fo = $fp;
// Finally, write to file
fwrite($fp, $outputstring);
echo ("File main.txt has been written<BR>");
// Close the written file
fclose($fp);
echo ("File who.txt has been closed<BR>");
echo ("Done, check the file <a href=index.php>here</a><BR><BR>");
echo ("File who.txt has been chenged to:<BR>");
echo ($outputstring);
echo ("<P>from<P>");
echo ($outputstringtwo);
} else {
echo ("Incorrect pass");
}
?>
Is this part secure?
if ($passwrd == "my_password_here"){
Or can they view my php somehow because when I goto the php file normally in my browser it returns incorrect pass like I want it too.
Thanks in advanced for your help. Any suggestions or anything at all?
If I could just figure out how to do
replace (" //" " with " /" " );
or soemthing like that but im not sure what the command is to replace things
Help on a php script annoying "bug"
Moderator: General Moderators
Yes that is secure. Remember that PHP is server-side, so all code is executed by the server before it goes to the client. There is no way a client can ever see the PHP code.
To get rid of the slashes do this:
To get rid of the slashes do this:
Code: Select all
// Finally, write to file
$outputstring = stripslashes($outputstring); //I added this line
fwrite($fp, $outputstring);
echo ("File main.txt has been written<BR>");