The Little Guy Posted November 19, 2010 Share Posted November 19, 2010 I want to make a file that I can edit from a form. I don't know what type of file I should use, and how I would edit that file. When someone goes to the file I don't want them to be able to see the contents (like a php file holding variables). I also don't want to use .htaccess for this. This file will have things in such as the database connection variables. When someone edits the form, and save it, it will edit the database connection variables to the proper values. Here is the file I have now: <?php $settings = array(); $settings['db']['host'] = 'xxxx'; $settings['db']['username'] = 'xxxx'; $settings['db']['password'] = 'xxxx'; $settings['db']['database'] = 'xxxx'; ?> Here is an example input field: <input type="text" name="host" value="<?php echo $settings['db']['host']; ?>" /> What would be the best way to do this? Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted November 19, 2010 Share Posted November 19, 2010 Just store it in a PHP file, and perhaps at the top make sure that a variable is defined that you can easily define prior to including this file. If the variable isn't defined, alert the user of the direct access. You could even log direct access. But yeah, just use a PHP file to store. Make use of functions like file, read over the lines and change them if applicable. Quote Link to comment Share on other sites More sharing options...
doni49 Posted November 19, 2010 Share Posted November 19, 2010 I created a folder outside of the publicly accessible area for php files that include sensitive info such as DB passwords. Then when I need to, I just include the file. By doing this a web user will not be able to read the file with the sensitive info. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted November 19, 2010 Author Share Posted November 19, 2010 I created a folder outside of the publicly accessible area for php files that include sensitive info such as DB passwords. Then when I need to, I just include the file. By doing this a web user will not be able to read the file with the sensitive info. I can't really do that, because I don't know how the owner of this software's server will be set up. This isn't for my use, it is going to be software I give away or sell. Thanks ProjectFear! file() works nice. what would be a good way for editing the value of each one? Right now I am thinking of using a loop and exploding the equal sign. editing the second value then putting the two new values back together. What do you think of that? Quote Link to comment Share on other sites More sharing options...
litebearer Posted November 19, 2010 Share Posted November 19, 2010 Just some rambling thoughts (obviously you need to sanitize and data and to put the files in 'secure' locations)... 4 files: 1. this is the content of the file that contains your data host|user|pass|database 2. this is the editing form page $file = "config_dat.php"; $lines=file($file); $old_value_array = explode("|", $lines[0]); ?> <form action="config_save.php" method="post"> <input type="text" name="hostname" size="40" maxlength="80" value="<?PHP echo $old_value_array[0]; ?>"><br> <input type="text" name="username" size="40" maxlength="80" value="<?PHP echo $old_value_array[1]; ?>"><br> <input type="text" name="password" size="40" maxlength="80" value="<?PHP echo $old_value_array[2]; ?>"><br> <input type="text" name="databasename" size="40" maxlength="80" value="<?PHP echo $old_value_array[3]; ?>"><br> <input type="submit" value="default value"> </form> 3. This processes the new/old data <?PHP $new_host = $_POST['hostname']; $new_user = $_POST['username']; $new_pass = $_POST['password']; $new_database = $_POST['databasename']; $new_content = $new_host . "|" . $new_user . "|" . $new_pass . "|" .$new_database . "\n"; $file = "config_dat.php"; $myFile = "testFile.txt"; $fh = fopen($file, 'w') or die("can't open file"); fwrite($fh, $new_content); fclose($fh); ?> and 4 (include this file wherever you make your database connections) $file = "config_dat.php"; $lines=file($file); $value_array = explode("|", $lines[0]); $settings = array(); $settings['db']['host'] = $value_array[0]; $settings['db']['username'] = $value_array[1]; $settings['db']['password'] = $value_array[2]; $settings['db']['database'] = $value_array[3]; Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted November 19, 2010 Share Posted November 19, 2010 Except that the config file is set up differently. There are a few ways you could do it TLG, the way your doing it or you could use regular expressions. Which ever works best for you is how you should approach it. Here is an example using regular expressions: <?php // Just an example line taken from your config. $lines = array( '$settings[\'db\'][\'host\'] = \'xxxx\';', '$settings[\'db\'][\'username\'] = \'xxxx\';' ); // Test post data. $post = array( 'host' => 'localhost', 'username' => 'ProjectFear' ); // The new replaced values array. $replaced = array(); // Loop over each post value. foreach($post as $key => $val){ // Use regular expressions. Replacing the correct key with value. $replaced[] = preg_replace("/settings['db']['{$key}'] = '(.*?)';/", array_search('\\0', $lines), '$settings[\'db\'][\'' . $key . '\'] = \'' . $val . '\';'); } print_r($replaced); ?> Of course the only requirement of that solution is that you need to name your form fields the same as what they are in the config. Or have another array which has the names of the fields and names of the config variables as the values, shouldn't be too hard to modify. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.