Page 1 of 1
how to read a txt file from client's drive
Posted: Wed Sep 01, 2004 1:20 am
by ongray
HI all,
Does any know how to read a txt file from client's C: or A: drive, without the user knowing?
I m developing an application using PHP, and I m stuck when i try to read a special txt file (that i keep in their PC) from the user's PC. If I let the user browse the directory, I know i can use this, ...
<input type="file" class="Wf" name="userfile" size="24">
Any other way, if i dont wanna let the user to know that i m keep a special file in their PC?
Posted: Wed Sep 01, 2004 3:16 am
by anjanesh
No Browser/OS will allow that. It'll defy the laws of security.
Have it stored in the cookie - thats the only way to have this done.
Fopen()
Posted: Wed Sep 01, 2004 3:17 am
by PieroRuffino
Ciao from Italy,
perhaps but i'm a newby in PHP you should use :
$fp = fopen("c:\\data\\file.txt","r");
But I'm not completly sure because on my localhost it works, but in remote it doesn't ....
Anyone else can help us ????
Ciao Piero Ruffino
Posted: Wed Sep 01, 2004 3:20 am
by anjanesh
fopen() will open files on your server. Its working on your local machine because its acting like a server now - not really a client.
Posted: Wed Sep 01, 2004 3:22 am
by PieroRuffino
OK thanks, so the only way is upload the files on server and after read, correct ?
Ciao piero
Posted: Wed Sep 01, 2004 3:25 am
by PieroRuffino
Excuse me anjanesh, is it possible set a path for ex: c:\dati\file.txt ? I need to know becouse I don't want let visitors could insert from a form all file they want; I want that only "file.txt" located in c:\dati can be uploaded.
Thanks a lot for help.
Piero Ruffino Ciao
Posted: Wed Sep 01, 2004 3:30 am
by anjanesh
The only remote data that a script can read and write is whatever is in cache (Temporary Internet Files for IE). That way you dont need the user to know as well. To upload other files located elsewhere you need to have <INPUT TYPE=file> element which HAS to be entered by the user. Cannot set value for that file textbox - at least not in IE.
Posted: Wed Sep 01, 2004 4:07 am
by ongray
Thank a lot for the response.
can i have it store in the SSL/certificate? i am running my PHP in a Windows server, is this possible? if yes, i have problem on how to get this certificate things working.
Posted: Wed Sep 01, 2004 4:42 am
by CoderGoblin
Think about the design of your system. Can you explain why the file needs to be kept on the client machine. Why not store it on the server ?
Personally I see no reason to store a file on the client machine which they should not know about.
If you are storing information used by your system, designing your system to use a database and possibly Session/Cookies solves the problem and would also ensure the same user can access the same information from different machines. A win win situation rather the going through Certification processes.
Posted: Wed Sep 01, 2004 8:35 pm
by ongray
There are 2 wild reasons that i m looking at.
1st, if i read the file from the user's A: drive. As usual, the user need to provide username and password to get access. I have another key which is generated by the system and tie to the user account. The key could be 512 characters long, or longer. I store the key in the diskette and pass to valid user. User can access from any PC as long as they have the username, password and key.
2nd, if i read the file from the user's C: drive. In order to access the system, the user PC must have this file. This very much like a certificate, user can only get access to the system from particular PC.
Posted: Wed Sep 01, 2004 8:44 pm
by feyd
why do you want to access a physical key? that's silly and an annoyance to users most often. Now, if this has to be the most secure, that's a different story.. but those systems are not kept on a harddrive or a floppy..
I don't see a point to this.

Posted: Wed Sep 01, 2004 10:02 pm
by ongray
if i want the user to be able to access the server from the assigned PC only, what is a good approach to take?
Posted: Wed Sep 01, 2004 10:03 pm
by feyd
set a unique cookie.