> I am trying to make am admin page for a few other pages in PHP but I dont
> know how to save the changes made.
>
> ie. The page has a few checkboxes & select boxes that when changed, change
> some variables that are then used in other pages.
>
> However I want the changes in the admin page to be permanent, until they
are
> changed again. Not just for that session or user, but if the change is
made
> it stays changed until the administrator decideds to go back in and change
> it again.
>
> How do you save the changes in that file on the server, by just using a
> browser?
The *easiest* way to do this is to store those changable values and their
possible settings in a database. Really. Even if you've never used a
database before, it's the easiest. Honest.
Then just have the pages access the database to get their settings.
*HOWEVER*, if you are not already using a database, opening a database
connection can be expensive time and resource-wise.
So, if you don't already use a database, and *IF* (*huge* *IF* there) you
can guarantee that no two administrators will attempt to alter settings at
the same time, and *IF* you really, really need to worry about performance,
you could fopen() the file to write the current settings to it.
This comes with a security penalty -- You have a file somewhere on your file
system that PHP's user (usually 'nobody') can write to and that gets read by
all your pages to set your variables.
In an ideal world, you should *at* *least* make sure that:
o This file is *not* in your web-tree, but is somewhere else
o This file does *not* have .php extension
o All settings are explicitly checked for by the reader code, not this file.
To further explain this third point:
You *could* (bad idea) just have your file look like this:
--------- settings.inc -----------------
<?php
$forecolor = 'FF0000';
?>
And you *could* (bad idea) just include() it in your scripts.
But, this file is essentially world-writable. (Well, okay, it's only
'nobody' writable, but any other person on your server can write to that, so
it's pretty darn close to world-writable.)
So, they could put all sorts of malicious code in there.
Far better to have your nobody-writable settings file look like this:
---------- settings.ini ---------------
forecolor = 'FF0000'
backcolor = '00FF00'
And have another file you include() that looks like this:
<?php
$settings = file('/full/path/to/settings.ini');
while (list(,$line) = each($settings)){
list($var, $val) = explode('=', $line);
switch ($var){
case 'forecolor':
$forecolor = $val;
break;
case 'backcolor':
$backcolor = $val;
break;
default:
mail('[EMAIL PROTECTED]', 'HACKER ALERT', 'Somebody has
altered settings.ini!');
break;
}
}
?>
You can even be more cautious by validating the individual inputs for the
settings.
IE, forecolor should be exactly 8 characters, starting with ' and ending
with ' and only [0-9a-fA-F] in between. (Regex is your buddy here.)
The point is to make it harder for a hacker to exploit this file they can
all too easily write into. *YOU* make sure that the data you have there is
what you expect, and you are only setting variables you expect, not just
executing what is essentially arbitrary code that anybody else on your
server could alter.
--
Visit the Zend Store at http://www.zend.com/store/
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
