php text file editor web page and file security

[dcell59]

I'm just getting started with WP and php, but I'm an old school Unix programmer. I found some code that will allow me to create a page that works kind of like the WP theme file editor. I want to be able to load up a text file, display it in an edit field on a form, and then when the user hits the submit button, the server will back up the old file contents and write the new data into the file. Pretty simple.

 

My problem is that I want to be able to keep people from viewing and modifying the files from the web site. I can secure the web page so that only specified roles can access the page, but if someone can guess the path to my text file on the server, they can read it (and possibly write it?). How do I prevent this, while still allowing my php code on the WP page to read and write the file?

 

(PS, in the long run, I'll probably put the data in the database so I don't have to worry about this, but I'm hoping there's an easy solution to get me going.)

Thanks!

 

[ignace]

Put the file under the webroot. PHP can still read/write it, but you can't request it through a browser.

[dcell59]

Thanks! I wasn't sure I could go outside of the web site. I assume I use something like ../../myprivatedirectory/myfile.txt

[KaiSheng]

Using specific roles codes by allowing access to certain roles is easier too.

 

thats wha't i am doing for my case.

Edited November 13, 2013 by KaiSheng