creating and writing to a new file...

[JSlime]

Hello everyone, l'm trying to make a script that will create a new file (variable $new_url), and then write to it. But l'm having problems:

Code:

Warning: fopen(/home/mylogin/public_html/testing.html): failed to open stream: Permission denied in /home/mylogin/public_html/pagemaker.php on line 81

Warning: fwrite(): supplied argument is not a valid stream resource in /home/mylogin/public_html/pagemaker.php on line 82

Warning: fclose(): supplied argument is not a valid stream resource in /home/mylogin/public_html/pagemaker.php on line 83

I've tried chmodding the actual pagemaker.php file at 755, didn't work.. tried it at 777, still didn't work. So l'm officially stuck. Here's the actually "write" function of my script:

PHP Code:

$fstring = "this is getting written to my new page!";

$fp = fopen("/home/mylogin/public_html/$new_url", "w+");

$fout = fwrite($fp, $fstring);

fclose($fp); 


What can l do to get this script to work?
Any help would be greatly appreciated!

~JSlime

[gerilya]

Hello,

Most probable explanations are
- wrong filename parameter to fopen function
- permissions

Try some debugging first:
1. SSH into your account
2. Add

Code:

print "/home/mylogin/public_html/$new_url" . "\n";

to your code example above and run your script from command line:

Code:

php pagemaker.php

See if it works. If not run

Code:

ls -la /home/mylogin/public_html/some_file.txt

where some_file.txt should be taken from the debug line above.
chmod only works if you are an owner of that file, otherwise it fails.
Let us know how it is going.

[Ron]

Maybe he'll need to chmod the directory to allow the script to create a new file?

For certain if it's being done through a cgi or ssi program via Apache (since Apache runs under the "nobody" user (I think))

[JSlime]

Ron hit the nail directly on the head... l forgot to chmod the actual directory that was getting the new files.

Thanks for the help folks

~JSlime

[gerilya]

Ron, I just saw your comment and I think you are right, I somehow assumed that

I've tried chmodding the actual pagemaker.php file at 755, didn't work.. tried it at 777, still didn't work.

refers to chmoding a text file to be opened, not chmoding script file.

[gerilya]

Ops, too late :-)

JSlime, do not make your public_html directory world-writable, use subdirectory instead, better out of public_html scope.

[JSlime]

Originally posted by gerilya
Ops, too late :-)

JSlime, do not make your public_html directory world-writable, use subdirectory instead, better out of public_html scope.

Yes, the file is off in a distant subdirectory, l just edited that stuff out to make everything more easily understood.

However, l've heard time and time again, that having any directories chmodded at 777 is a BAD thing... Why's it so bad, what would someone need to exploit that weakness, furthermore what could they do?

~JSlime

[gerilya]

777 means that every user on that server has permission to write to that directory, including putting there script files or some content that you might not like seeing on your site

On FreeBSD, group id of those script files will be yours, which is a good starting point to gain more control over your account.

If such directory can't be accessed via web, it's much harder to exploit it.