Re: write with cURL

Tim Greer wrote:
Ylva Poelman wrote:

Tim Greer wrote:
user@xxxxxxxxxxxxxx wrote:

Hi,

I want do create a new file and write something in it like:

$file = fopen("test.txt","w");
fwrite($file,"Hello World. Testing!");
fclose($file);

My provider doesn't allow this action for security reasons. However
they mention using cURL to do the same thing.

I have been searching the Internet to find out how to do this, but
did not find the answer. A did find a lot of answers to others
questions, but not this one. ;-))

So any help is appreciated very much.

Cheers,

Ylva
If your host says they deny opening and writing to a local file
because it's insecure, then it's time you find a new host that knows
what they
are doing. There's not much point to hosting on someone that offers
PHP, if they don't allow PHP to open (or create) and write to files.
Are you sure there's not some other specific issue of why it's
failing?
How exactly is is failing? I don't see the reason for them to
mention Curl as a replacement method for your task (that doesn't make
sense). Perhaps it's a permissions/ownership issue, or you're trying
to open a
file over FTP/http or something on another site or system? A lot of
people deny open for URL's, which can be a good thing, so it might
depend.

I have just this little script:
<?php
$file = fopen("test.txt","w");
fwrite($file,"Hello World. Testing!");
fclose($file);
?>

nothing else

Sorry, I wasn't implying that you had anymore to the situation, but was
just curious if perhaps there was a URL you were trying to open at some
point or it there was more to the script. Anyway, this could be a
permissions (or ownership/permissions) issue. I'd be surprised if any
qualified web host denied people from using fopen in PHP to create or
write to a file. Check the permissions on the directory the file is to
be created in (or written to in) as well as the file itself, if
test.txt exists already.

Consider testing world write permissions, such as chmod 0666 test.txt or
chmod 0777 test.txt and see if you can write to it then. If the file
doesn't exist, ensure the directory itself is set to chmod 0777 and
test it. I'd recommend putting it back to chmod 0755 or 0711 or 0750
or 0710, depending on what it is now, because you'd not want your main
web root world writable if that's what you have to do to test it. Which is also another point, you can just change the path and use a
test directory with world write permissions, so it doesn't risk
anything else being at risk from too open permissions, in case you
don't remember to change it back -- this also depends on how secure
their server configuration is, too, though.

The web host staff might have been confused about the issue or question
that you've reported, especially if they claim it's a security issue
and then recommend using curl (that really doesn't make sense). I'm
thinking it's a permissions issue for the global web server user that
PHP is likely running as, rather than them somehow disabling fopen
itself.


This was the reply (in Dutch) from the helpdesk:

Remote PHP execution (allow_url_fopen) betekent eigenlijk dat je vanaf afstand PHP uitvoert op een server.
Dus de PHP code staat op server B en die wordt gelezen en uitgevoerd op server A.
Op deze manier worden heel veel website misbruikt (gehacked).

It means:

Remote PHP execution (allow_url_fopen) means that you remotely run PHP on a server. So the PHP code is on server B and is executed on server A. This is exactly the way in which a lot of websites are hacked.

If I already have a file present


$file=fopen("test.txt","r");
fclose($file);

is ok, but

$file=fopen("test.txt","w");
fclose($file);

gives me
Warning: fopen(attachment.txt) [function.fopen]: failed to open stream: Permission denied in /home/ypo...
.

Relevant Pages

  • Re: write with cURL
    ... execute permissions. ... This is assuming that the PHP script runs ... of potential security risks from other users on the same server. ... Apache as the global web server user and thus needs world write ...
    (alt.php)
  • Re: write with cURL
    ... execute permissions. ... This is assuming that the PHP script runs ... of potential security risks from other users on the same server. ... web server itself is part of the group. ...
    (alt.php)
  • Re: PHP chmod Newbie Question
    ... How does the server keep ... how do I create user groups for chmod to recognize? ... CHMOD is for UNIX based servers, and the PHP chmod() ... edited or removed by the PHP script, and only read by the UNIX ...
    (comp.lang.php)
  • Re: write with cURL
    ... execute permissions. ... This is assuming that the PHP script ... runs as the global web server user (and it surely does given ... Apache as the global web server user and thus needs world write ...
    (alt.php)
  • Re: write with cURL
    ... offers PHP, if they don't allow PHP to open and write ... Check the permissions on the directory the file is ... such as chmod 0666 test.txt ... their server configuration is, too, though. ...
    (alt.php)
Loading