File security and editing page

  • I’m just getting started with WP and php, but I’m an old school Unix programmer. I found some code that will allow me to create a page that works kind of like the WP theme file editor. I want to be able to load up a text file, display it in an edit field on a form, and then when the user hits the submit button, the server will back up the old file contents and write the new data into the file. Pretty simple.

    My problem is that I want to be able to keep people from viewing and modifying the files from the web site. I can secure the web page so that only specified roles can access the page, but if someone can guess the path to my text file on the server, they can read it (and possibly write it?). How do I prevent this, while still allowing my php code on the WP page to read and write the file?

    (PS, in the long run, I’ll probably put the data in the database so I don’t have to worry about this, but I’m hoping there’s an easy solution to get me going.)

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter dcell59

    (@dcell59)

    Is this more of a php or web site administration question than a WP question?

    Moderator bcworkz

    (@bcworkz)

    As you’ve framed the question, I don’t see how WP is involved at all. Since you have my attention, you could use PHP to restrict access to only the file(s) you wish to allow to be edited. Do not allow open file selection, only allow the selection from a list.

    Preventing viewing by unauthorized people is a typical server administration issue. It’s mainly a matter of properly setting file permissions and using .htaccess. Even though you’ve managed access via PHP code, you will want redundant protections through permissions as well.

    I can’t advise with any specifics, this sort of security is not my expertise. Do be very careful, allowing people to access and edit files on a server can be very dangerous unless implemented properly. I would seriously consider going straight to saving in a database and forget the file access issues.

    Thread Starter dcell59

    (@dcell59)

    The reason I asked here is that it’s something that WP seems to handle fine, and because the code will be hosted in a WP page (eventually via a WP plugin).

    At this point, we’re going to go with the database. I can still do what I want in the short term, and eventually rewrite all of my bash scripts in php.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘File security and editing page’ is closed to new replies.