写入webroot目录之外的文本文件 [英] Write to text file outside of webroot directory
问题描述
我在Beaglebone上使用lighttpd和PHP。 webroot目录位于 / var / www
。我要编辑的文本文件位于 / var / textFiles
。我到处寻找解决方案,但似乎没有任何工作。
以下是我找到的最有希望的解决方案,但似乎并不奏效。当我点击阅读或写按钮时,页面似乎陷入无限循环。我想知道是否有人知道为什么这不起作用,或者他们可以提供更好的解决方案。
这是我到目前为止:
index.php
<?php
echo'< script language =javascripttype =text / javascriptsrc =jquery-1.9.0.min.js>< / script>';
echo< form name ='write'action ='writeFunctionCaller.php'method ='post'>输入文本到
写入文本文件:< input type ='text'name = 'input'>
< input type ='submit'value ='Write'>< / form>
< form name ='read'action ='readFunctionCaller.php'method = 'get'>
< input type ='submit'value ='Read'>< / form>< br>< div id ='fileContent'>< / div>
$ b $ class readWriteModel {
function readFile(){
$ file_handle = fopen(secure.php?file = phpRead.txt,r);
while(!feof($ file_handle)){
$ line = fgets($ file_handle);
echo $ line;
echo'< br>';
}
fclose($ file_handle);
函数writeFile($ text){
echo(Write Write!);
$ filename =secure.php?file = phpRead.txt;
file_put_contents($ filename,$ text,FILE_APPEND | LOCK_EX);
}
}
?>
secure.php
<?php
//验证用户应该有权访问这里的文件
//确保它存在
$ folder = realpath( '的/ var / TEXTFILES');
if(!$ file = realpath($ folder。'/'。$ _ GET ['file']))
error(404);
if(!is_file($ file))
error(404);
$ b $ //检查骗子
if(substr($ file,0,strlen($ folder))!== $文件夹)
error(401);
$ b header(sprintf(Content-type:%s;,getMimeType($ file)));
readfile($ file);
出口; (b
$ b = >'未经授权',
402 =>'需要付款',
403 =>'禁止',
404 =>'未找到',
)
if(!$ msg)$ msg = $ msgs [$ code];
header(sprintf('HTTP / 1.0%s%s',$ code,$ msg));
printf('< html>< head>< title>%s%s< / title>< / head>< body>< h1>%s< / h1>< / body> ;
< / html>',$ code,$ msg,$ msg);
出口;
函数getMimeType($ filename){
// MIME MAP
$ mime_extension_map = array(
'txt'=>'text /简单',
);
//获取扩展
$ ext = strtolower(substr($ filename,strrpos($ filename,'。')+ 1));
if(empty($ ext))
return'application / octet-stream';
elseif(isset($ mime_extension_map [$ ext]))
return $ mime_extension_map [$ ext];
返回'x-extension /'。 $ EXT;
}
?>
writeFunctionCaller.php
<?php
include_once('index.php');
$ text = $ _POST ['input'];
$ model = new readWriteModel();
$ model-> writeFile($ text);
?>
readFunctionCaller.php
<?php
include_once('index.php');
$ model = new readWriteModel();
$ model-> readFile();
?>
我能够读取和写入文本文件在根目录之外。只是为了看看它是否工作,我将webroot目录 / var
权限上的目录设置为 777
,和 phpRead.txt
到 777
,并使用绝对路径 / var /textFiles/phpRead.txt
这绝对不是最安全的方式,所以如果你正在读写webroot目录之外的文件,请参阅下面的stackoverflow答案: https://stackoverflow.com/a/3012330/2047335 了解更多关于PHP安全性的信息。
以下是我用于读取/写入webroot目录上的文本文件的文件:
index.php:
<?php
echo'< script language =javascripttype =text / javascriptsrc =jquery-1.9。 0.min.js>< /脚本>';
$ b $ echo< form name ='write'action ='writeFunctionCaller.php'method ='post'>;
echo输入要写入文本文件的文本:< input type ='text'name ='input'>< input type ='submit'value ='Write'>;
echo< / form>;
echo< form name ='read'action ='readFunctionCaller.php'method ='get'>;
echo< input type ='submit'value ='读取'>;
echo< / form>;
echo< br>;
echo< div id ='fileContent'>< / div>;
class readWriteModel {
function readFile(){
$ file_handle = fopen(/ var / textFiles / phpRead.txt,r);
while(!feof($ file_handle)){
$ line = fgets($ file_handle);
echo $ line;
echo'< br>';
}
fclose($ file_handle);
函数writeFile($ text){
echo(Write Success!);
$ filename =/var/textFiles/phpRead.txt;
file_put_contents($ filename,$ text,FILE_APPEND | LOCK_EX);
}
}
?>
readFunctionCaller.php:
<?php
include_once('index.php');
$ model = new readWriteModel();
$ model-> readFile();
?>
$ / pre
$ b $ writeFunctionCaller.php > <?php
include_once('index.php');
$ text = $ _POST ['input'];
$ model = new readWriteModel();
$ model-> writeFile($ text);
?>
用户界面的图像:
谢谢大家的帮助!
I am trying to use PHP to read and write from a text file. A file is read using a button on an html page. The file is written using a button on an html page that takes a parameter from a textbox. I was successful in writing to a text file when the text file is in the webroot directory. I want to be able to read/write from a text file that lives outside of the webroot directory.
I am using lighttpd with PHP on a Beaglebone. The webroot directory is located at /var/www
. The text file that I want to edit will be located at /var/textFiles
. I have looked around everywhere for solutions, but none seem to work.
The following is the most promising solution that I have found, but it does not seem to work. When I click the "read" or the "write" button the page seems to be stuck in an infinite loop. I was wondering if anyone knows why this doesn't work or if they can offer a better solution.
This is what I have so far:
index.php
<?php
echo '<script language="javascript" type="text/javascript" src="jquery-1.9.0.min.js"></script>';
echo "<form name='write' action='writeFunctionCaller.php' method='post'>Input text to
write to text file: <input type='text' name='input'>
<input type='submit' value='Write' ></form>
<form name = 'read' action='readFunctionCaller.php' method='get'>
<input type='submit' value='Read'></form><br><div id='fileContent'></div>";
class readWriteModel {
function readFile() {
$file_handle = fopen("secure.php?file=phpRead.txt", "r");
while (!feof($file_handle)) {
$line = fgets($file_handle);
echo $line;
echo '<br>';
}
fclose($file_handle);
}
function writeFile($text) {
echo ("Write Success! ");
$filename = "secure.php?file=phpRead.txt";
file_put_contents($filename, $text, FILE_APPEND | LOCK_EX);
}
}
?>
secure.php
<?php
//validate that the user should have access to the file here
//Make sure it exists
$folder = realpath('/var/textFiles');
if(!$file = realpath($folder.'/'.$_GET['file']))
error(404);
if(!is_file($file))
error(404);
//Check for cheaters
if(substr($file,0,strlen($folder)) !== $folder)
error(401);
header(sprintf("Content-type: %s;",getMimeType($file)));
readfile($file);
exit;
function error ( $code = 401, $msg = null ) {
$msgs = array(
400 => 'Bad Request',
401 => 'Unauthorized',
402 => 'Payment Required',
403 => 'Forbidden',
404 => 'Not Found',
);
if(!$msg) $msg = $msgs[$code];
header(sprintf('HTTP/1.0 %s %s',$code,$msg));
printf('<html><head><title>%s %s</title></head><body><h1>%s</h1></body>
</html>',$code,$msg,$msg);
exit;
}
function getMimeType ( $filename ) {
//MIME MAP
$mime_extension_map = array(
'txt' => 'text/plain',
);
//Get Extension
$ext = strtolower(substr($filename,strrpos($filename,'.') + 1));
if(empty($ext))
return 'application/octet-stream';
elseif(isset($mime_extension_map[$ext]))
return $mime_extension_map[$ext];
return 'x-extension/' . $ext;
}
?>
writeFunctionCaller.php
<?php
include_once('index.php');
$text = $_POST['input'];
$model = new readWriteModel();
$model->writeFile($text);
?>
readFunctionCaller.php
<?php
include_once('index.php');
$model = new readWriteModel();
$model->readFile();
?>
I was able to read and write from a text file outside of the root directory. Just for the sake of seeing if it works, I set the directory above the webroot directory /var
permissions to 777
, and the phpRead.txt
to 777
and referenced the file using the absolute path of /var/textFiles/phpRead.txt
This is definitely not the most secure way of doing this, so if you are reading and writing to files outside of the webroot directory, see the following stackoverflow answer: https://stackoverflow.com/a/3012330/2047335 for more information on PHP security.
The following are the files I used to read/write to a text file above the webroot directory:
index.php:
<?php
echo '<script language="javascript" type="text/javascript" src="jquery-1.9.0.min.js"></script>';
echo "<form name='write' action='writeFunctionCaller.php' method='post'>";
echo "Input text to write to text file: <input type='text' name='input'><input type='submit' value='Write' >";
echo "</form>";
echo "<form name = 'read' action='readFunctionCaller.php' method='get'>";
echo "<input type='submit' value='Read'>";
echo "</form>";
echo "<br>";
echo "<div id='fileContent'></div>";
class readWriteModel{
function readFile() {
$file_handle = fopen("/var/textFiles/phpRead.txt", "r");
while (!feof($file_handle)) {
$line = fgets($file_handle);
echo $line;
echo '<br>';
}
fclose($file_handle);
}
function writeFile($text) {
echo ("Write Success! ");
$filename = "/var/textFiles/phpRead.txt";
file_put_contents($filename, $text, FILE_APPEND | LOCK_EX);
}
}
?>
readFunctionCaller.php:
<?php
include_once('index.php');
$model = new readWriteModel();
$model->readFile();
?>
writeFunctionCaller.php:
<?php
include_once('index.php');
$text = $_POST['input'];
$model = new readWriteModel();
$model->writeFile($text);
?>
Image of the user interface:
Thank you all for your help!
这篇关于写入webroot目录之外的文本文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!