Using PHP to update config file

[MargateSteve]

I have a very simple password protection set-up on a page as a temporary measure until I can set something better up. The person I set it up for wants to be able change the Username and Password occasionally but wants me to set up a simple form which will overwrite the data in the config file (connection.php) instead of having to open the file himself (don't ask!).

 

I have has a read round to see if there is any obvious and simple solutions but none seem as simple as I had hoped. I intend to work on a system via MySQL where there can be multiple users and passwords but as time is tight at the moment I just want to get something basic and working.

 

The nature of the 'hidden' content is not sensitive (it is just a football clubs live commentary stream that they are hoping to get people to subscribe to) so there are no issues at this moment with security. All he needs to do is choose a new Username and Password every game and email it to the subscribers.

 

The data that he wants to update in connection.php, via a form, is

$username = "user";
$password = "pass";

 

The code in the actual page with the log-in is

<?php 
require_once('connection.php');
if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) { 
?> 
<h1 style="color: #FFF">Login</h1> 

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> 
  <p class="white_text"><label for="txtUsername">Username:</span></label> 
     <br />
  <input type="text" title="Enter your Username" name="txtUsername" /></p> 

  <p class="white_text"><label for="txtpassword">Password:</label> 
     <br />
  <input type="password" title="Enter your password" name="txtPassword" /></p> 

  <p><input type="submit" name="Submit" value="Login" /></p> 

</form> 

<?php 
} 
else { 
?> 
CONTENT TO BE SHOWN................

Is there a simple way of creating a form just to update those two bits in the connection.php or will I have to bite the bullet and set it up via MySQL from the off?

 

Thanks in advance

Steve

 

[cssfreakie]

Why don't you store the credentials in a database? Isn't that much easier, and maybe even more secure?

[cssfreakie]

in case you rather use a textfile, maybe try this out I adjusted a little script at php.net to do the following.

 

<?php
$username = 'lalala'; // you can use $_POST values for this but make sure you sanitize them very well
$password = 'moo';

$filename = 'test.php';
$somecontent = 
"<?php
    \$username ='".$username."';
    \$password ='".$password."';
?>";

// Let's make sure the file exists and is writable first.
//if (is_writable($filename)) {

// In our example we're opening $filename in append mode.
// The file pointer is at the bottom of the file hence
// that's where $somecontent will go when we fwrite() it.
if (!$handle = fopen($filename, 'w')) {
echo "Cannot open file ($filename)";
exit;
}

// Write $somecontent to our opened file.
if (fwrite($handle, $somecontent) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}

echo "Success, wrote ($somecontent) to file ($filename)";

fclose($handle);

//} else {
//echo "The file $filename is not writable";
//}
?>

 

this script creates or overwrites a file named test.php where it will set 2 variables, which you can insert from a from, make sure though that before you allow this you check if someone allready had the right credentials.

 

Hope this helps, I just looked at php.net   The comments in the file might not be correct, i am using the write modus instead of append one.

 

it's also wise to check if the post values are set, and otherwise exit the script.

[MargateSteve]

Why don't you store the credentials in a database? Isn't that much easier, and maybe even more secure?

That is the plan eventually (in fact I will hit it as soon as I next get some time of work), but for now I just need to get something simple set up that he can try in the next couple of days and be happy with, with very little time to spend on it.

 

Having said that, if it is just as easy to put it in a database then I will happily do it that way. If I had 2 fields ('Username' and 'Password') would it be as simple as changing 

$username = "user";
$password = "pass";

to

$username = "SELECT username from table";
$password = "SELECT password from table";

or would there be a bit more to it than that? All of the examples I have seen are more complex and involve separate log-in pages but I would rather (for now) have it all in the one page.

 

Thanks

Steve

[MargateSteve]

in case you rather use a textfile, maybe try this out I adjusted a little script at php.net to do the following.

...snip...

That looks like it may well be just what I was after but will have to wait until after work tomorrow to try it as it is time for bed!

Thanks

Steve

[trq]

All your above example does is assigns a string to $username and another to $password. So yeah, it's a little more complex than that.

 

If however you are going to be using a database eventually you may as well do it now. It is a relatively simple concept.

[cssfreakie]

you may also want to have a look at the tutorial by Crayon Violent: http://www.phpfreaks.com/tutorial/php-basic-database-handling

about database handeling

[MargateSteve]

Thanks for all the suggestions. Through tired eyes and head I was having a bit of a mental block last night.

 

I ended up knocking together a very simple script using MySql that does just the job I am looking for at the moment.

 

Steve

[cssfreakie]

Nice one! make sure you use mysql_real_escape_string or mysqli_real_escape_string when processing queries, otherwise someone could do unkind things. And use some filter like htmlentities or html_specialchars on output.

 

Best is to read the security tutorial on this website anyways nice you managed to do it with a database.