Jump to content

Php Storage


Recommended Posts

Hi(this is my first post, but I'm not new on the forum, this is simply a new identity. My old, deprecated one is global.user. )I was wondering about flat file storage. I actually have made a small cms which uses html files to store the pages data. (It is called fsc, and I plan on developing it further, although by lack of time I haven't had been able to even upload it on svn.)The problem with flat file storage, I have read (and it's quite obvious) is security. Everybody can access the data stored more or less easily because it is a file, so you just need to find out its name.Now, an example of a storage html file in my cms looks like this:

<h1>Sample page</h1><h2>Lorem ipsum will not follow because I'm too lazy to get it</h2><h3>Instead I'll put Bla Bla</h3><h4>Sorry.</h4><p>Bla Bla</p><p>etc...</p>

There is no structure, as it is provided by a (overly simple) templating system.Everyone can just go and grab that, but it is not really an issue, because there is no private pages.Now if I wanted privacy (and I think I'll implement it anyway), I have thought of doing that:

<?php /*<h1>Sample page</h1><h2>Lorem ipsum will not follow because I'm too lazy to get it</h2><h3>Instead I'll put Bla Bla</h3><h4>Sorry.</h4><p>Bla Bla</p><p>etc...</p>*/ ?>

Then I open the file with php, remove the first and last lines, and echo it out.That's the first use of php storage I want.The second one is slightly more different.Say I have a settings page, where the user can change things like the website's title, tagline, ui language, template... you know the kind. I don't have a page like that right now, but just say.I want to store these settings somewhere. I want the user to be able to change them when he wants, through that settings page. I want the storage to be flat file, because that's what my cms is about. And I want the most security.So, I thought, let's store everything into an array.Then print the array in a php parsable format and store it in a file. Somehow make it secure.Then I thought a bit more, and I found that maybe I could store it like that:

<?php$settings = array();$settings['title'] = 'Website';$settings['tagline'] = 'Sample';$settings['lang'] = 'en';?>

I didn't know if there was a function to print out an array like that, so I did it myself:

function print_php_array($array, $php_name){	$end_str = "\n$" . $php_name . " = array();";		foreach( $array as $key => $value )	{		if ( is_string($value) )		{			$end_str = $end_str . "\n$" . $php_name . "['" . $key . "'] = '" . $value . "';";		}		if ( is_array($value) )		{			$end_str = $end_str . "\n$" . print_php_array($value, $php_name . "['" . $key . "']");		}	}	return $end_str;}

I figured that it would be quite good in a matter of security (same reason as my first use). I also figured that it would be good in terms of loading speed, becuase it's php code, there no parsing I need to do, as would be the case for xml.Then I considered using that kind of storage for bigger arrays. With larger contents. Maybe store all the data of the cms in there.But then there may be some issues in term of writing speed.So, here's the deal: I want your opinion on this. What do you think would be the pros and cons. So then I can decide whether to use it or not, and to what extent.(and by the way, I'm not sure how the $ signs in the code above will do. Will they try to get a variable or something? Should I put them in 'single quotes'?)Thankspasscod

Edited by passcod
Link to comment
Share on other sites

Instead of writing your own array out, just use serialize and unserialize. That's exactly what they're for.If you don't want the files to be accessible, then you should store them outside of the web root. If your web server uses public_html as the web root, store all of your files above that folder, not inside it. People won't be able to access them from online.

Link to comment
Share on other sites

Agree with jsgAnother method to secure the pages is to check the SERVER['REQUEST_URI'], or ['HTTP_REFERER'] to see where the request id coming from. Or set a SESSION variable. If the SESSION is not set, bounce them to the index page???http://php.net/manual/en/reserved.variables.server.php

Edited by jlhaslip
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...