using touch and unlink

[devdavad]

Here's what I have so far for my short script about creating and deleting files. Currently this script doesn't do anything (only shows the two buttons). Does anyone know what I might be doing wrong? Currently I'm working in /var/www/php and I am the owner of this folder and owner, root, and others have rights to create and delete files from this directory.

<?php
#touch() creates files and unlink() removes them
#this script will create a file with the click of the button and then remove it
echo "
<html>
<body>
<form action = " . $_SERVER['PHP_SELF'] . " method = 'POST'>
<input type = 'button' name = 'create' value = 'Create file' />
<input type = 'button' name = 'destroy' value = 'Destroy file' /><p>";
settype ($_POST['create'], "bool");
settype ($_POST['destroy'], "bool");
$file = 'createdbyphp';
if ($_POST['create'] == true) {
touch ("createdbyphp");
echo "file created";
}
else {
exit;
}
if ($_POST['destroy'] == true) {
unlink ("createdbyphp");
echo "file deleted";
}
elseif (file_exists($file)) {
echo "file does not exist";
}
else {
exit;
}
echo "</p></body></html>";
?>

[vbnullchar]

you should change the input type to submit

 

<input type = 'submit' name = 'create' value = 'Create file' />

[dannyb785]

it doesnt matter if you have rights, does the php script know that? The answer is no. You need to connect through ftpconnect() with your username and password. Then chmod the folder to be writeable. Delete or whatever. and then restore the settings to how they were before.

[devdavad]

you should change the input type to submit

 

<input type = 'submit' name = 'create' value = 'Create file' />

Tried that and I got the "createdbyphp" file created. Thanks for the help everybody. However the unlink is not working (the file does not delete itself).

[dannyb785]

^ of course, you can create a folder long as there are no restrictions in the folder that you're trying to create the new one in. Did you even read my post? You need permissions to be able to delete a folder.

[br0ken]

Your coding style could be improved greatly. Consider the following:

 

<?php

settype ($_POST['create'], "bool");
settype ($_POST['destroy'], "bool");

if ($_POST['create'] == true || $_POST['destroy'] == true)
{
$file = "createdbyphp.txt";

if ($_POST['create'] == true)
{
	touch ($file);
	echo "file created";
}
if ($_POST['destroy'] == true)
{
	unlink ($file);
	echo "file deleted";
}
elseif (file_exists($file))
{
	echo "file does not exist";
}


exit;
}
else
{
echo "<html>\n<head>\n<title>\nCreate/Destroy A File\n</title>\n</head>\n\n<body>\n";
echo "<form action=".$_SERVER['PHP_SELF']." method=\"POST\">\n";
echo "<input type=\"button\" name=\"create\" value=\"Create file\" />\n";
echo "<input type=\"button\" name=\"destroy\" value=\"Destroy file\" />\n";
echo "\n</body>\n</html>";
}

?>

[devdavad]

^ of course, you can create a folder long as there are no restrictions in the folder that you're trying to create the new one in. Did you even read my post? You need permissions to be able to delete a folder.

I wanted to just stick with the script I had while working sequentially through my php book, I didn't want to skip ahead and try and understand FTP quite yet. (I'm teaching myself because I can't pay the extra money for a summer class). After reading your post I understand that the things I wanted my script to do are way out of league for now and I better pause working on this script and resume when I've learned more important things (like how an FTP server works and learn more about how UNIX file permissions work). The learning php book I am reading did not ask me to try and do something like what I was attempting in this post, I just wanted to experiment a little (current chapter is basic commands with working with files like fopen() and fileatime()). Sorry for being noobish.

[dannyb785]

If you want to experiment with the touch and unlink, you'll need to set your folder's properties to writeable by all people(777), which is not really a good idea. So set it to 777 when doing your testing, and then set it back to 711 or lower when you finish.

 

 

I was hacked multiple times and files were installed on my server without me knowing and I got a call from paypal saying that a phishing scam was using my domain to host its page. Yeah, it's that important. I wasn't in trouble, but actually after the 2nd time being hacked, my hosting provider shut down my server til I could get it cleaned out. If you're not hacked now(with 777 permissions), you will be later... guaranteed

[devdavad]

If you want to experiment with the touch and unlink, you'll need to set your folder's properties to writeable by all people(777), which is not really a good idea. So set it to 777 when doing your testing, and then set it back to 711 or lower when you finish.

 

 

I was hacked multiple times and files were installed on my server without me knowing and I got a call from paypal saying that a phishing scam was using my domain to host its page. Yeah, it's that important. I wasn't in trouble, but actually after the 2nd time being hacked, my hosting provider shut down my server til I could get it cleaned out. If you're not hacked now(with 777 permissions), you will be later... guaranteed

Currently I've been doing all of my php and mysql testing on my laptop in my private home network. I've set the permissions for others lower than 711 for now though. Thanks for your security help.