hi all
I'm trying to do the following: a user can log in on a site where he/she can change the contents of a css-stylesheet file with the aid of forms. The results of the form input are used to wrie a css file on the webserver which later will be used in the HTML files of the website. I know how to read/write to the server. But after the action I have to chmod the file which was created. I don't want users to input php code or perl code which can then be executed by calling the url....Anybody knows how to do this? In the example file below I use the chmod function. I tried nearly every value (not only 0777), but still you are able to enter php code, goto the url and ...voila the script is executed. Any ideas would be most welcome. Wilbert //start of fwrite.php-------------------------------------------------------------------------- <?php //this file is called write.php global $filename,$filecontent; if (!(isset($stage))) { if (file_exists("$filename") and ($filename<>"")) { $fd=fopen("$filename", "r");//open file read only $fstring=fread($fd,filesize($filename)); } ?> <html> <body> <form action="fwrite.php" method="post" name="writefile" id="writefile"> <input type="hidden" name="stage" value="1"> <input type="text" name="filename" value="<?php echo "$filename"?>">file name<BR> <textarea cols="20" rows="20" name="filecontent" id="filecontent"> <?php echo "$fstring"?> </textarea> <input type="submit" name="submit" value="save to file"> </form> <a href="<?php echo "$filename"?>"><?php echo "$filename"?></a> </body> </html> <?php } else { $fd2=fopen("$filename", "w+");//open file chmod($filename,0777); $fout=fwrite($fd2,$filecontent); header("location:fwrite.php?filename=".$filename); } ?> //end of fwrite.php ------------------------- Pas de Deux Van Mierisstraat 25 2526 NM Den Haag tel 070 4450855 fax 070 4450852 http://www.pdd.nl [EMAIL PROTECTED] -------------------------