dcell59 Posted November 10, 2013 Share Posted November 10, 2013 I'm just getting started with WP and php, but I'm an old school Unix programmer. I found some code that will allow me to create a page that works kind of like the WP theme file editor. I want to be able to load up a text file, display it in an edit field on a form, and then when the user hits the submit button, the server will back up the old file contents and write the new data into the file. Pretty simple. My problem is that I want to be able to keep people from viewing and modifying the files from the web site. I can secure the web page so that only specified roles can access the page, but if someone can guess the path to my text file on the server, they can read it (and possibly write it?). How do I prevent this, while still allowing my php code on the WP page to read and write the file? (PS, in the long run, I'll probably put the data in the database so I don't have to worry about this, but I'm hoping there's an easy solution to get me going.) Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/283777-php-text-file-editor-web-page-and-file-security/ Share on other sites More sharing options...
Solution ignace Posted November 10, 2013 Solution Share Posted November 10, 2013 Put the file under the webroot. PHP can still read/write it, but you can't request it through a browser. Quote Link to comment https://forums.phpfreaks.com/topic/283777-php-text-file-editor-web-page-and-file-security/#findComment-1457771 Share on other sites More sharing options...
dcell59 Posted November 10, 2013 Author Share Posted November 10, 2013 Thanks! I wasn't sure I could go outside of the web site. I assume I use something like ../../myprivatedirectory/myfile.txt Quote Link to comment https://forums.phpfreaks.com/topic/283777-php-text-file-editor-web-page-and-file-security/#findComment-1457773 Share on other sites More sharing options...
KaiSheng Posted November 13, 2013 Share Posted November 13, 2013 (edited) Using specific roles codes by allowing access to certain roles is easier too. thats wha't i am doing for my case. Edited November 13, 2013 by KaiSheng Quote Link to comment https://forums.phpfreaks.com/topic/283777-php-text-file-editor-web-page-and-file-security/#findComment-1458075 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.