Script I Am Looking For Kind of like a content management system

[Albus Dumbledore 0]

hmm, i dont know if i would need the security.. because even if they found that page they would not be able to do any damage unless they link porn through that page and google lists it...... so yeah maybe a small login page would be good heheI also have a quick question, how much of a code change would it take to change the directory in which the file is written to? so i could put all of the flle editor.zip in for say a folder called 'FiLE-EdiTor' and in the PHP code, have it direct all the written files to '/home/albus/public_html'

[shadowx 0]

I shall add the security then. Already got a script for that :wacko:and as for writing to a different file it shouldn't be anything difficult. I shall write a variable into the php code and add comments to show you what to change and show how it should be written and that way you can change the directory yourself to any folder you want. And if you're going to have the php file in a directory like "/editor" or something then you can use the cpanel directory protection tool to add a password t that folder so that only you can access it. *gets to work* Ill post back once ive sorted out the login thing and changing the folder[hr=noshade]The security has been added, remember its probably not 100% fool proof but if you do put this into a folder of its own you can definately use the cpanel/htaccess methods of securing that folder. Inside the check.php and login.php files is a bit with a big line of "/////"'s in those lines is instructions for how to change the username and password used to login. You have to change both values in both files for it to work properly. Also in the file_edit.php file is another similar block of slashes with instructions about how to change the directory. Its a little messy and complicated so ill explain again here.Basically if you put these files (and they need to go into the same folder together) into a folder like var/www/file_edit/ and you want to create files in the folder var/www then the $var_directry value you will need is "..//" Note there are two slashes on the end instead of one. This is because php will automatically remove one slash so putting two makes sure that a slash is left. In any directory containing a slash eg www/files/" or any other folder you will need to add an extra slash so it would be something like "..//files//" I hope that makes sense. Any problems let me know [/hr]

[Albus Dumbledore 0]

sweet!! thanks a whole bunch!! it works, it's awsome, and it's secure all thing to look for in a good script and a good script writer!

[shadowx 0]

Thanks Glad to know it can help. If you get problems with it then message me and hopefully we can sort it out

[Albus Dumbledore 0]

so far so good, i have it installed in three of my directories and they are working great this is going to be so much easier than my traditional way of making a page/switching layouts if i need to..I'll be sure to message you if i have any problems or questions.

[shadowx 0]

Glad to hear it and thanks for the feedback. Hopefully it will work perfectly forever!

[michaelper22 0]

i get this error

Warning: touch() [function.touch]: Unable to create file testingthis.php.php because Permission denied in /home/albus/public_html/test.php on line 24Warning: fopen(testingthis.php.php) [function.fopen]: failed to open stream: Permission denied in /home/albus/public_html/test.php on line 26Error!!

and nowhere in this do i see the HTML to my layout >_<

The problem with that lies directly in the permissions of the public_html folder. If you chmod it to 777, your script will work, but the directory may be open to hackers. The problem stems from the fact that the Web server isn't running as the same user as cPanel or the FTP server, and therefore the Web server can't write to a directory owned by cPanel.
See http://forums.xisto.com/index.php?shoc=41614= for some quick info on permissions.

[Albus Dumbledore 0]

lol thanks mike, i understand permissions and all that, and i didn't know that i had to change the permsions of the folder. But now that i do know i will go ahead and use the script that shadowx wrote for me since i allready have it set-up and all working

[Albus Dumbledore 0]

ok shadowx, i have a question for you :)apparently somehow, someone got a hold of the link to the page creator, and made an index.html page, and i guess the .html prevails over .php so um like, is there a small portion that can be added to this script to prevent any type of .html page from being created? because i use all .php so i don't need to worry about .html and there is already a script in there that prevents a page that already exists so thats all good

[shadowx 0]

ok shadowx, i have a question for you
apparently somehow, someone got a hold of the link to the page creator, and made an index.html page, and i guess the .html prevails over .php so um like, is there a small portion that can be added to this script to prevent any type of .html page from being created? because i use all .php so i don't need to worry about .html and there is already a script in there that prevents a page that already exists so thats all good

erm im sure it could be added in, ill have to do it abit later when im on my scripting machine as the keyboard n this one is screwed I should be able to do it, you only want .php file extensions?



**EDIT**

Okies AD Ive added a few lines of code in the attached file. Its only the file_edit.php file that has been updated so simply delete the one you have currently and replace it with this one

Can i ask what happened when this person created the HTML page? (or is this just a scenario and not something that happened?) Because i hoped that the login would prevent anyone except you from getting access to the file creation page? If they managed to get to the page and bypass the login page without the right username/password combo then i shall have to look at the security again. Did they have the user/pass do you know? or did they somehow bypass it?

Heres the file anyhow!

Edited December 2, 2006 by shadowx (see edit history)

[garbage 0]

man im so lost, I wish I new how to script really good, cause that stuff comes in handy.. im mean i was just reading everyhthing you guys posted in here and i just seem to be lostr big time..

[Albus Dumbledore 0]

thanks shadowx,i am guessing that they somehow bypassed it it was one of those stupid turkish hacker people

[shadowx 0]

was it spyhackerz as they call themselves? They hit me once trying my guestbook, failed miserably though When im home (currently at my dads again) ill give the script a good test and try to bypass it and if i can ill fix it if not then i/you can make another post and we will see if any members can see how it happened. Do you think they coud have guessed the password (eg was it something like admin/admin etc...)? @garbage:IF you want to write PHP scripts like this then there are many tutorials around and some good ones are on tizag.com so check them out. Im also writing a very begginer tutorial at the moment to cover the absolute basics of PHP so if i decide to finish it ill post the link

[shadowx 0]

AD: on their HTML page did the file they create have the header and footer HTML attatched or was it only their code? The reason im asking is if they did use the file creation script to make their index file then it should have the HP HTML above and below their code. If it is only their code on the page then i would imagine that the file creation script had not been used and they did it some other way perhaps through a guestbook or forum or other file uploading script? Or one other possibility is that they used their own file creation script to create a file remotely onto your server. I will give this a go when im at home trying to write to my Xisto site and see if im able to do that.

[Albus Dumbledore 0]

no it wasn't spyhackers, they are script kiddies that attack small things like uest books and other things that are easy to get to.the password was not easy, many people have tried hacking this password but no one has been able to (I've asked them to hehe)They created a brand new index.html page, and i am guessing that a .html page overides .php because both the index.html and index.php was there and the stuff in the index.php was in tact and they put all their HTML in the index.html page