Jump to content
Sign in to follow this  
Redredc

Fwrite Permission Denied

Recommended Posts

Hey, guys. I'm having trouble with something, and I'm hoping you can help. I'm trying to have it to where you can edit files directly on the website itself. But the problem is, is when I go to edit them, I get an error, and it immediately takes me to my error 403 page that I've set up. So I changed it to permission 777 (and then immediately changed it back afterward, it is now on 644) to see if that was the problem, but I got the same result every time. I was hoping you could take a look at my code, and see if you could tell me what's happening.

 

$edit=$_POST['edit']; $page=$_POST['page']; $file=fopen($page,'w'); if(!mysql_query($file)){ die('Error: '.mysql_error()); } else fwrite($file,$page);

 

Please let me know if you can figure out the problem. And I've also tried removing the 4th 5th and 6th line to see if that was the problem, but still nothing has changed.

Share this post


Link to post
Share on other sites

What are you passing to the $page variable? Is it a URL or a local file path?

Share this post


Link to post
Share on other sites

It's a local file path. I tried editing my index.php (which is one folder backwards, so it's "../index.php") page. It's a series of three links (because I couldn't find any other way to do it) and I can show you the coding for each of them.

Share this post


Link to post
Share on other sites

When you echo $page what do you see?

 

fwrite() shouldn't show a 403 page when it fails, it should just show a PHP error.

Share this post


Link to post
Share on other sites

I see "../index.php". I'll just show you every bit of coding:

 

 

---/admin/pages.php---

 

echo'<form action="edit_page.php" method="get"> <p>Type in a url (this site only) starting with "../" and type the rest in as if you were doing a self-hosted link. For example: "../index.php"</p> <input type="text" name="url"/> <input type="submit" value="Edit Page"/> </form>';

 

 

---/admin/edit_page.php---

 

$url=$_GET['url']; $edit=fopen(''.$url.'','r') or die('Unable to open file.'); $read=fread($edit,filesize($url));

echo'<form action="confirm_edit.php" method="post"> <textarea width="90%" height="200px" name="edit"> '.$read.' </textarea><br/> You are currently editing: <input type="text" name="page" value="'.$url.'"/> <input type="submit" value="Edit Page"/> </form>';

 

 

---/admin/confirm_edit.php---

 

$edit=$_POST['edit']; $page=$_POST['page']; $file=fopen($page,'w'); if(!mysql_query($file)){ die('Error: '.mysql_error()); } else fwrite($file,$page);

Share this post


Link to post
Share on other sites

Why are you passing the file handler to a mysql_query() function?

mysql_query() is going to fail because you haven't opened a connection and $file is not a valid SQL string.

Share this post


Link to post
Share on other sites

Yikes, a form that lets people read, and then write, any file which PHP has access to? That's the #1 easiest way to completely compromise a server, so hopefully you have that locked down pretty tight.

Share this post


Link to post
Share on other sites

Why are you passing the file handler to a mysql_query() function?

mysql_query() is going to fail because you haven't opened a connection and $file is not a valid SQL string.

 

Like I said earlier in my first post, I removed those lines to see if that was the problem, which it wasn't. As for the connection, I have connected it to my server's database. I'm only showing you the necessary code for what you should need to figure this out. If you want, I can show you the code for how I'm doing it.

 

 

Yikes, a form that lets people read, and then write, any file which PHP has access to? That's the #1 easiest way to completely compromise a server, so hopefully you have that locked down pretty tight.

 

Don't worry. I have it coded to where it's only visible to me. For each portion of coding, I put in: if(isset($_SESSION['user']) && $_SESSION['user']=='Redredc'){

(insert text here)

}

else echo'You do not have the correct access to enter this page! <a onClick="goBack()" style="color:blue;">Click Here</a> to go back, or <a href="/index.php">Click Here</a> to return home.';

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...