Jump to content

Using PHP to update config file


Recommended Posts

I have a very simple password protection set-up on a page as a temporary measure until I can set something better up. The person I set it up for wants to be able change the Username and Password occasionally but wants me to set up a simple form which will overwrite the data in the config file (connection.php) instead of having to open the file himself (don't ask!).


I have has a read round to see if there is any obvious and simple solutions but none seem as simple as I had hoped. I intend to work on a system via MySQL where there can be multiple users and passwords but as time is tight at the moment I just want to get something basic and working.


The nature of the 'hidden' content is not sensitive (it is just a football clubs live commentary stream that they are hoping to get people to subscribe to) so there are no issues at this moment with security. All he needs to do is choose a new Username and Password every game and email it to the subscribers.


The data that he wants to update in connection.php, via a form, is

$username = "user";
$password = "pass";


The code in the actual page with the log-in is

if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) { 
<h1 style="color: #FFF">Login</h1> 

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> 
  <p class="white_text"><label for="txtUsername">Username:</span></label> 
     <br />
  <input type="text" title="Enter your Username" name="txtUsername" /></p> 

  <p class="white_text"><label for="txtpassword">Password:</label> 
     <br />
  <input type="password" title="Enter your password" name="txtPassword" /></p> 

  <p><input type="submit" name="Submit" value="Login" /></p> 


else { 
CONTENT TO BE SHOWN................

Is there a simple way of creating a form just to update those two bits in the connection.php or will I have to bite the bullet and set it up via MySQL from the off?


Thanks in advance



Link to comment
Share on other sites

in case you rather use a textfile, maybe try this out I adjusted a little script at php.net to do the following.


$username = 'lalala'; // you can use $_POST values for this but make sure you sanitize them very well
$password = 'moo';

$filename = 'test.php';
$somecontent = 
    \$username ='".$username."';
    \$password ='".$password."';

// Let's make sure the file exists and is writable first.
//if (is_writable($filename)) {

// In our example we're opening $filename in append mode.
// The file pointer is at the bottom of the file hence
// that's where $somecontent will go when we fwrite() it.
if (!$handle = fopen($filename, 'w')) {
echo "Cannot open file ($filename)";

// Write $somecontent to our opened file.
if (fwrite($handle, $somecontent) === FALSE) {
echo "Cannot write to file ($filename)";

echo "Success, wrote ($somecontent) to file ($filename)";


//} else {
//echo "The file $filename is not writable";


this script creates or overwrites a file named test.php where it will set 2 variables, which you can insert from a from, make sure though that before you allow this you check if someone allready had the right credentials.


Hope this helps, I just looked at php.net ::)  The comments in the file might not be correct, i am using the write modus instead of append one.


it's also wise to check if the post values are set, and otherwise exit the script.

Link to comment
Share on other sites

Why don't you store the credentials in a database? Isn't that much easier, and maybe even more secure?

That is the plan eventually (in fact I will hit it as soon as I next get some time of work), but for now I just need to get something simple set up that he can try in the next couple of days and be happy with, with very little time to spend on it.


Having said that, if it is just as easy to put it in a database then I will happily do it that way. If I had 2 fields ('Username' and 'Password') would it be as simple as changing 

$username = "user";
$password = "pass";


$username = "SELECT username from table";
$password = "SELECT password from table";

or would there be a bit more to it than that? All of the examples I have seen are more complex and involve separate log-in pages but I would rather (for now) have it all in the one page.




Link to comment
Share on other sites

All your above example does is assigns a string to $username and another to $password. So yeah, it's a little more complex than that.


If however you are going to be using a database eventually you may as well do it now. It is a relatively simple concept.

Link to comment
Share on other sites

Nice one! make sure you use mysql_real_escape_string or mysqli_real_escape_string when processing queries, otherwise someone could do unkind things. And use some filter like htmlentities or html_specialchars on output.


Best is to read the security tutorial on this website :) anyways nice you managed to do it with a database.

Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.