simple question

[marklarah]

Okay, so I have a plain text editor that works mostly, but occasionally when editing big php files, it messes up with all different types of errors. The paes are stored as flat files, and my code reads it and edits it....my code:

<?php
session_start();  
include 'config.inc.php';
if(!isset($_SESSION['auth'])){
if(isset($_POST['pass'])){
$pass = $_POST['pass'];

if ($security == "0"){

if ($pass == $password){
  $_SESSION['auth'] = 1;
echo 'Aye. <a href="">Continue</a>';
}else{
echo "Retry";
}

}else if ($security == "1"){

if (md5($pass) == $md5pass){
  $_SESSION['auth'] = 1;
echo 'Aye. <a href="">Continue</a>';
}else{
echo "Retry";
}

}else{
echo "Passwording Error";
}

}else{
?>
<title><?=$title?> Login</title>
<h1>Login</h1>
<br><br><form action="" method="POST">
Pass: <input type="password" size="50" name="pass">
<br><br><input type="submit" value="Enter"></form>
<?
}
}else{
?>
<title><?=$title?></title>
<script language="JavaScript" type="text/JavaScript">
<!--
menu_status = new Array();

function showHide(theid, name, idl){

    if (document.getElementById) {

    var switch_id = document.getElementById(theid);

        if(menu_status[theid] != 'show') {
           switch_id.className = 'show';
           menu_status[theid] = 'show';
  document.getElementById(idl).innerHTML = name+' [-]';


        }else{
           switch_id.className = 'hide';
           menu_status[theid] = 'hide';
// var head1 = document.getElementById(switch_id);

  document.getElementById(idl).innerHTML = name+' [+]';
        }
    }
}

//-->
</script>

<style type="text/css">


.submenu{
      background-color:inherit;
      display: block;
      padding-left: 10px;
      padding-bottom: 5px;

font-size: 11px;
}

.hide{
      display: none;
}

.show{
      display: block;
}

textarea{

background-image: url(images/bg.png);
background-position: bottom right;
background-repeat: no-repeat;
border: 3px solid #cccccc;
}
</style>

<body bgcolor="#778899">



<?
if (isset($_POST['open'])){
$path = $_POST['file'];
}


if (!isset($path)){
$path="welcome.txt";
}

function read($name){

if (file_exists($name)){

$size = filesize($name);
if ($size != 0){
$F = fopen($name,"r");
$data = fread($F, $size);
fclose($F);
if ($data != ""){
print htmlentities($data);
}else{
print "";
}
}else{
print "";
}

}else{
print "";
}

}

function write($name, $content){
$W = fopen($name, 'w');
fwrite($W, html_entity_decode($content)); 
fclose($W);
}

if (isset($_POST['save'])){
$path = $_POST['file'];
$cont = htmlentities(stripslashes($_POST['cont']));
write($path, $cont);
echo '<p align="center"><font face="Verdana" color="#FFEBCD">Saved!</font></p><hr><br>';
}


echo '<form action="" method="POST">';
?>



<script type="text/javascript">
<!--

function logoutlaa(){
var answer = confirm ("You sure you wish to logout?")
if (answer)
window.location="?logout=yes"
}

// -->
</script>


<table width="900" border="0" align="center"><tr><td align="left" width="50%">Editing: <input type="text" size="40" value="<?=$path?>" name="file"> <input type="submit" value="Open" name="open"></td><td align="right" width="50%"><button type="button" value="Logout" onclick="logoutlaa()">Logout</button> 


</td></tr></table>
<?
echo '<center>';
echo '<textarea cols="125" rows="40" name="cont">';
read($path);
echo '</textarea><br>';
echo '<input type="submit" value="Save" name="save"></form>';
echo '</center>';
?>

<br>

<p align="right"><font color="#F0F0F0" size="-1" face="Verdana, Arial"><i>Webitor v0.1a © AwesomeAlpha</i></font></p>
<hr><br>
<big><a class="menu" id="head1" href="javascript:showHide('mymenu1', 'Directory Tree', 'head1')">Directory Tree [+]</a></big><br><br>
    <div id="mymenu1" class="hide">


<?
// Directory listing copyright somewhere else
// This is the directory to list files for.
$theDirectory            = ".";
// Do you want to show directories? change to false to hide directories.
$listDirectories    = true;

if(is_dir($theDirectory))
{
    echo "<table><tr><td><u><b>Name</u></b></td><td><u><b>Type</u></b></td><td><u><b>Size</u></b></td></tr>";
    $dir = opendir($theDirectory);
    while(false !== ($file = readdir($dir)))
    {
        $type    = filetype($theDirectory ."/". $file);
        if($listDirectories || $type != "dir")
        {
            echo "<tr><td>" . $file . "</td>";
            echo "<td>" . $type . "</td>";
            echo "<td>";
            if($type == "file")
                echo filesize($file);
            echo "</td></tr>";
        }
    }
    closedir($dir);
    echo "</table>";
}
else
{
    echo $theDirectory . " is not a directory";
}
?>
</div> 
</body>
<?
}


if (isset($_GET['logout'])){

   unset($_SESSION['auth']);
echo'<meta HTTP-EQUIV="REFRESH" content="0; url=editor.php">';

} 
?>

 

(the config include just includes the password to set it up with)

 

So how should I be displaying and saving the string that contains the file? what functions to stop it messing up?

[wildteen88]

You're not making sense. You need to be more specific.

[marklarah]

Whenever I save a file, an error (a php) error displays. Its because the php in the file is messing with the php on the page. How to I output the file so it doesn't mess with the page? (what php functions?) eg htmlentities(), but where would I put that?

[PFMaBiSmAd]

If you have entered and submitted php code in a form field, it cannot "mess up" the running code in a page unless you are using eval() on it or saving it to a file and including it.

 

To get help, you need to show a specific example of what you are doing and what the result are. Also, post the error message to get specific help with it.

[marklarah]

I use this to edit .php files, so code must be stored within a string. That may be messing it up. Be that as it may, the errors are different each time, mostly due to the content of the php within the string, but usually stuff like

Warning: fopen(editor.php) [function.fopen]: failed to open stream: Permission denied in **** on line 141

 

Warning: fwrite(): supplied argument is not a valid stream resource in **** on line 142

 

Warning: fclose(): supplied argument is not a valid stream resource in **** on line 143

 

 

[wildteen88]

That error says it all, your do not have the correct permissions for the file you're tying to edit (editor.php).

 

PHP will not parse code within a string.

 

Also with the code you posted (in your first post) those error messages do not correlate

141 fclose($W);
142 }
143 

 

Whats behind the **** wee need to see the file paths.

 

EDIT: I have tested your code and it works fine for me, whether I'm editing a php script or a plain text file.

[marklarah]

So I just need to chmod it? 666 do you recon? Also, yeah, I just edit the code slightly to include another save button, so bump the line numbers a few. The *** is because it includes the file path, and I host this on my own server...the file name is editor2.php. I was editing editor.php. I made a clone of editor, and from the clone, I was editing the original, which gave me the error. Thing is, it works vice versa???

[marklarah]

Okay, with the help from google and some noggin, it turns out its not the code....dun dun duuun

 

Its the permissions. Its odd really... anyway, I found the problem

 

Basically, if its a file created on the server physically (me on the server from the GUI), its gives the error on the web. However, if its created from the editor, its works fine, BUT, that then makes it so the file is locked on the server desktop (so I can't physically edit it from the GUI, without logging in as root and changing the permissions manually). So the problem arises, how do have a permission that is universal that I can make it on the server or on the editor, and edit in both? Im preeeety sure its 777 I want (maybe 755...no 777)? I tried doing that in fwrite as an argument but it doesn't seem to work. Also how do I change it so when I create it on the desktop, it has the permission so i can edit it from the editor?

 

Hope thats clear enough...

[wildteen88]

I am no expert, but this is to do with user groups and permissions. When PHP creates files they are owned the by the user group Apache uses (http server). Not the user group you as a user logs in to your computer as.

 

Due to the user groups not matching (and you not being part of the Apache user group) you cannot edit the file, instead you have to login as root in order to edit it.

 

PHP has built in functions, such as chmod and chown for changing file permissions and ownership.

[marklarah]

I was aware of the group problem, however i was unaware of php being able to change the group. So all I would  have to do, is straight after any file is saved in the code, in the function write, just also do chown?

 

I have tried doing chmod() for other stuff as well, but I get the error "Warning: chmod() [function.chmod]: Operation not permitted in..." My code is fine there, and I have checked php.ini, and its not disabled. I can't get chmod() to work. Any ideas or is this getting beyond php?