Jump to content

Fwrite Permission Denied


Redredc

Recommended Posts

Hey, guys. I'm having trouble with something, and I'm hoping you can help. I'm trying to have it to where you can edit files directly on the website itself. But the problem is, is when I go to edit them, I get an error, and it immediately takes me to my error 403 page that I've set up. So I changed it to permission 777 (and then immediately changed it back afterward, it is now on 644) to see if that was the problem, but I got the same result every time. I was hoping you could take a look at my code, and see if you could tell me what's happening.

 

$edit=$_POST['edit']; $page=$_POST['page']; $file=fopen($page,'w'); if(!mysql_query($file)){ die('Error: '.mysql_error()); } else fwrite($file,$page);

 

Please let me know if you can figure out the problem. And I've also tried removing the 4th 5th and 6th line to see if that was the problem, but still nothing has changed.

Link to comment
Share on other sites

It's a local file path. I tried editing my index.php (which is one folder backwards, so it's "../index.php") page. It's a series of three links (because I couldn't find any other way to do it) and I can show you the coding for each of them.

Link to comment
Share on other sites

I see "../index.php". I'll just show you every bit of coding:

 

 

---/admin/pages.php---

 

echo'<form action="edit_page.php" method="get"> <p>Type in a url (this site only) starting with "../" and type the rest in as if you were doing a self-hosted link. For example: "../index.php"</p> <input type="text" name="url"/> <input type="submit" value="Edit Page"/> </form>';

 

 

---/admin/edit_page.php---

 

$url=$_GET['url']; $edit=fopen(''.$url.'','r') or die('Unable to open file.'); $read=fread($edit,filesize($url));

echo'<form action="confirm_edit.php" method="post"> <textarea width="90%" height="200px" name="edit"> '.$read.' </textarea><br/> You are currently editing: <input type="text" name="page" value="'.$url.'"/> <input type="submit" value="Edit Page"/> </form>';

 

 

---/admin/confirm_edit.php---

 

$edit=$_POST['edit']; $page=$_POST['page']; $file=fopen($page,'w'); if(!mysql_query($file)){ die('Error: '.mysql_error()); } else fwrite($file,$page);

Link to comment
Share on other sites

Why are you passing the file handler to a mysql_query() function?

mysql_query() is going to fail because you haven't opened a connection and $file is not a valid SQL string.

Link to comment
Share on other sites

Why are you passing the file handler to a mysql_query() function?

mysql_query() is going to fail because you haven't opened a connection and $file is not a valid SQL string.

 

Like I said earlier in my first post, I removed those lines to see if that was the problem, which it wasn't. As for the connection, I have connected it to my server's database. I'm only showing you the necessary code for what you should need to figure this out. If you want, I can show you the code for how I'm doing it.

 

 

Yikes, a form that lets people read, and then write, any file which PHP has access to? That's the #1 easiest way to completely compromise a server, so hopefully you have that locked down pretty tight.

 

Don't worry. I have it coded to where it's only visible to me. For each portion of coding, I put in: if(isset($_SESSION['user']) && $_SESSION['user']=='Redredc'){

(insert text here)

}

else echo'You do not have the correct access to enter this page! <a onClick="goBack()" style="color:blue;">Click Here</a> to go back, or <a href="/index.php">Click Here</a> to return home.';

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...