写入webroot目录之外的文本文件 [英] Write to text file outside of webroot directory

查看:101
本文介绍了写入webroot目录之外的文本文件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我试图用PHP来读写文本文件。使用html页面上的按钮读取文件。该文件是使用html页面上的按钮编写的,该页面从文本框中获取参数。当文本文件位于webroot目录中时,我成功写入了一个文本文件。我希望能够从webroot目录以外的文本文件读取/写入。



我在Beaglebone上使用lighttpd和PHP。 webroot目录位于 / var / www 。我要编辑的文本文件位于 / var / textFiles 。我到处寻找解决方案,但似乎没有任何工作。

以下是我找到的最有希望的解决方案,但似乎并不奏效。当我点击阅读或写按钮时,页面似乎陷入无限循环。我想知道是否有人知道为什么这不起作用,或者他们可以提供更好的解决方案。



这是我到目前为止:



index.php 

 <?php 
 echo'< script language =javascripttype =text / javascriptsrc =jquery-1.9.0.min.js>< / script>'; 
 echo< form name ='write'action ='writeFunctionCaller.php'method ='post'>输入文本到
写入文本文件:< input type ='text'name = 'input'> 
< input type ='submit'value ='Write'>< / form> 
< form name ='read'action ='readFunctionCaller.php'method = 'get'> 
< input type ='submit'value ='Read'>< / form>< br>< div id ='fileContent'>< / div> 
 $ b $ class readWriteModel {
 
 function readFile(){
 $ file_handle = fopen(secure.php?file = phpRead.txt,r); 
 while(!feof($ file_handle)){
 $ line = fgets($ file_handle); 
 echo $ line; 
 echo'< br>'; 
} 
 fclose($ file_handle); 
 
 
函数writeFile($ text){
 echo(Write Write!); 
 $ filename =secure.php?file = phpRead.txt; 
 file_put_contents($ filename,$ text,FILE_APPEND | LOCK_EX); 
} 
} 
?>

secure.php 

 <?php 
 //验证用户应该有权访问这里的文件
 
 //确保它存在
 $ folder = realpath( '的/ var / TEXTFILES'); 
 if(!$ file = realpath($ folder。'/'。$ _ GET ['file']))
 error(404); 
 if(!is_file($ file))
 error(404); 
 $ b $ //检查骗子
 if(substr($ file,0,strlen($ folder))!== $文件夹)
 error(401); 
 $ b header(sprintf(Content-type:%s;,getMimeType($ file))); 
 readfile($ file); 
出口; (b 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 $ b = >'未经授权',
 402 =>'需要付款',
 403 =>'禁止',
 404 =>'未找到',

 if(!$ msg)$ msg = $ msgs [$ code]; 
 header(sprintf('HTTP / 1.0%s%s',$ code,$ msg)); 
 printf('< html>< head>< title>%s%s< / title>< / head>< body>< h1>%s< / h1>< / body> ; 
< / html>',$ code,$ msg,$ msg); 
出口; 
 
 
函数getMimeType($ filename){
 // MIME MAP 
 $ mime_extension_map = array(
'txt'=>'text /简单',
); 
 //获取扩展
 $ ext = strtolower(substr($ filename,strrpos($ filename,'。')+ 1)); 
 if(empty($ ext))
 return'application / octet-stream'; 
 elseif(isset($ mime_extension_map [$ ext]))
 return $ mime_extension_map [$ ext]; 
返回'x-extension /'。 $ EXT; 
} 
?>

writeFunctionCaller.php 

 <?php 
 include_once('index.php'); 
 $ text = $ _POST ['input']; 
 $ model = new readWriteModel(); 
 $ model-> writeFile($ text); 
?>

readFunctionCaller.php 

 <?php 
 include_once('index.php'); 
 $ model = new readWriteModel(); 
 $ model-> readFile(); 
?>


解决方案

我能够读取和写入文本文件在根目录之外。只是为了看看它是否工作,我将webroot目录 / var 权限上的目录设置为 777 ,和 phpRead.txt 777 ,并使用绝对路径 / var /textFiles/phpRead.txt 这绝对不是最安全的方式,所以如果你正在读写webroot目录之外的文件,请参阅下面的stackoverflow答案: https://stackoverflow.com/a/3012330/2047335 了解更多关于PHP安全性的信息。



以下是我用于读取/写入webroot目录上的文本文件的文件:

index.php:

 <?php 
 echo'< script language =javascripttype =text / javascriptsrc =jquery-1.9。 0.min.js>< /脚本>'; 
 $ b $ echo< form name ='write'action ='writeFunctionCaller.php'method ='post'>; 
 echo输入要写入文本文件的文本:< input type ='text'name ='input'>< input type ='submit'value ='Write'>; 
 echo< / form>; 
 
 echo< form name ='read'action ='readFunctionCaller.php'method ='get'>; 
 echo< input type ='submit'value ='读取'>; 
 echo< / form>; 
 echo< br>; 
 echo< div id ='fileContent'>< / div>; 
 
 class readWriteModel {
 function readFile(){
 $ file_handle = fopen(/ var / textFiles / phpRead.txt,r); 
 while(!feof($ file_handle)){
 $ line = fgets($ file_handle); 
 echo $ line; 
 echo'< br>'; 
} 
 fclose($ file_handle); 
 
函数writeFile($ text){
 echo(Write Success!); 
 $ filename =/var/textFiles/phpRead.txt; 
 file_put_contents($ filename,$ text,FILE_APPEND | LOCK_EX); 
} 
} 
 
?>

readFunctionCaller.php: 

 <?php 
 include_once('index.php'); 
 $ model = new readWriteModel(); 
 $ model-> readFile(); 
?> 
 $ / pre 
 $ b $ writeFunctionCaller.php > <?php 
 include_once('index.php'); 
 $ text = $ _POST ['input']; 
 $ model = new readWriteModel(); 
 $ model-> writeFile($ text); 
?>

用户界面的图像:



谢谢大家的帮助!

I am trying to use PHP to read and write from a text file. A file is read using a button on an html page. The file is written using a button on an html page that takes a parameter from a textbox. I was successful in writing to a text file when the text file is in the webroot directory. I want to be able to read/write from a text file that lives outside of the webroot directory.

I am using lighttpd with PHP on a Beaglebone. The webroot directory is located at /var/www. The text file that I want to edit will be located at /var/textFiles. I have looked around everywhere for solutions, but none seem to work.

The following is the most promising solution that I have found, but it does not seem to work. When I click the "read" or the "write" button the page seems to be stuck in an infinite loop. I was wondering if anyone knows why this doesn't work or if they can offer a better solution.

This is what I have so far:

index.php

<?php 
echo '<script language="javascript" type="text/javascript" src="jquery-1.9.0.min.js"></script>';
echo "<form name='write' action='writeFunctionCaller.php' method='post'>Input text to 
write to text file: <input type='text' name='input'>
<input type='submit' value='Write' ></form>
<form name = 'read' action='readFunctionCaller.php' method='get'>
<input type='submit' value='Read'></form><br><div id='fileContent'></div>";

class readWriteModel {

   function readFile() {
        $file_handle = fopen("secure.php?file=phpRead.txt", "r");
        while (!feof($file_handle)) {
            $line = fgets($file_handle);
            echo $line;
            echo '<br>';
        }
        fclose($file_handle); 
    }

    function writeFile($text) {
        echo ("Write Success! ");
        $filename = "secure.php?file=phpRead.txt";
        file_put_contents($filename, $text, FILE_APPEND | LOCK_EX);
    }
}
?>

secure.php

<?php
//validate that the user should have access to the file here

//Make sure it exists
$folder = realpath('/var/textFiles');
if(!$file = realpath($folder.'/'.$_GET['file']))
    error(404);
if(!is_file($file))
    error(404);

//Check for cheaters
if(substr($file,0,strlen($folder)) !== $folder)
    error(401);

header(sprintf("Content-type: %s;",getMimeType($file)));
readfile($file);
exit;

function error ( $code = 401, $msg = null ) {
    $msgs = array(
      400 => 'Bad Request',
      401 => 'Unauthorized',
      402 => 'Payment Required',
      403 => 'Forbidden',
      404 => 'Not Found',
    );
    if(!$msg) $msg = $msgs[$code];
    header(sprintf('HTTP/1.0 %s %s',$code,$msg));
    printf('<html><head><title>%s %s</title></head><body><h1>%s</h1></body> 
    </html>',$code,$msg,$msg);
    exit;
}

function getMimeType ( $filename ) {
    //MIME MAP
    $mime_extension_map = array(
    'txt'           => 'text/plain',
    );
    //Get Extension
    $ext = strtolower(substr($filename,strrpos($filename,'.') + 1));
    if(empty($ext))
      return 'application/octet-stream';
    elseif(isset($mime_extension_map[$ext]))
      return $mime_extension_map[$ext];
    return 'x-extension/' . $ext;
}
?>

writeFunctionCaller.php

<?php 
include_once('index.php');
$text = $_POST['input'];
$model = new readWriteModel();
$model->writeFile($text);
?>

readFunctionCaller.php

<?php 
include_once('index.php');
$model = new readWriteModel();
$model->readFile();
?>

解决方案

I was able to read and write from a text file outside of the root directory. Just for the sake of seeing if it works, I set the directory above the webroot directory /varpermissions to 777, and the phpRead.txtto 777and referenced the file using the absolute path of /var/textFiles/phpRead.txt This is definitely not the most secure way of doing this, so if you are reading and writing to files outside of the webroot directory, see the following stackoverflow answer: https://stackoverflow.com/a/3012330/2047335 for more information on PHP security.

The following are the files I used to read/write to a text file above the webroot directory:

index.php:

<?php 
echo '<script language="javascript" type="text/javascript" src="jquery-1.9.0.min.js"></script>';

echo "<form name='write' action='writeFunctionCaller.php' method='post'>";
echo    "Input text to write to text file: <input type='text' name='input'><input type='submit' value='Write' >";
echo "</form>";

echo "<form name = 'read' action='readFunctionCaller.php' method='get'>";
echo    "<input type='submit' value='Read'>";
echo "</form>";
echo "<br>";
echo "<div id='fileContent'></div>";

class readWriteModel{
  function readFile() {
  $file_handle = fopen("/var/textFiles/phpRead.txt", "r");
  while (!feof($file_handle)) {
   $line = fgets($file_handle);
   echo $line;
   echo '<br>';
   }
  fclose($file_handle); 
  }
  function writeFile($text) {
   echo ("Write Success! ");
   $filename = "/var/textFiles/phpRead.txt";
   file_put_contents($filename, $text, FILE_APPEND | LOCK_EX);
   }
}

?>

readFunctionCaller.php:

<?php 
include_once('index.php');
$model = new readWriteModel();
$model->readFile();
?>

writeFunctionCaller.php:

<?php
include_once('index.php');
$text = $_POST['input'];
$model = new readWriteModel();
$model->writeFile($text);
?>

Image of the user interface:

Thank you all for your help!

这篇关于写入webroot目录之外的文本文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆