How to make php script delete itself (and includes dir)

Question

How do I make script delete itself after it'll finish its work?

edit:

It's for my installation script, I want it to delete itself for security reasons (so attacker won't be able to overwrite existing site).

I forgot to mention that it has its 'includes' directory that i would like to be deleted too... Could someone add how to also delete this dir? Includes directory is subdirectory of the same folder where install script is located.

Answer 1

Try unlink. The webserver user will need write permissions for the directory/script.

Answer 2

Hi,

You can use unlink to remove a file, and __FILE__ to get the full path to the current file :

unlink(__FILE__);

As a "proof" :

squale@shark:~/developpement/tests/temp
$ ll | grep 'remove-myself.php'
-rw-r--r-- 1 squale   squale      25 2009-08-01 17:01 remove-myself.php

=> The file exists

squale@shark:~/developpement/tests/temp
$ cat remove-myself.php
<?php

unlink(__FILE__);

=> It contains the code I gave

squale@shark:~/developpement/tests/temp
$ php ./remove-myself.php

=> I launch the script

squale@shark:~/developpement/tests/temp
$ ll | grep 'remove-myself.php'

=> It doesn't exist anymore

For this to work, you'll have to be sure you have the required privilegies... this means the user trying to delete the file needs to have right-access on the directory containing it.

When you are in command line, it's generally OK ; but if you are trying to do this via Apache, you will need to give Apache write-access to that directory/file -- Apache doesn't generally have that kind of privilege by default (not secure, and generally not needed)

Not sure it'd be possible on windows, though... It works on Linux, but Windows might kinda "lock" the file when it's being executed...

Answer 3

unlink($_SERVER['SCRIPT_FILENAME']);
or
unlink(__FILE__);

Answer 4

Wow..

Is it sad that the first thing that came to my mind when I read this question was:

"Hello SO! I've written a php script that I'm going to hack and upload to a web server, how do I make the script remove itself so there's no trace of ugliness when it's done doing his bad things?"

Then I realized I'm old, cynical and bitter and he's prolly got a "install routine" that he wants to clean up after it's done..

yea, I don't have that much faith in the human race anymore :(

Answer 5

Side note to other answers:

I would recommend renaming the file, or putting an exit statement in the beginning of the file, removing is IMHO not a good option. The user might want to read your installation script or re-run it. Maybe this could be a better solution:

$contents = file_get_contents(__FILE__);
file_put_contents(__FILE__,
    "<?php # Remove this line and the next line to re-configure the application
    die('The application has already been configured.'); ?>\n" . $contents
);

You could as well rename it to something the web server won't pass to clients, or even better, move it somewhere the web server does not have any access to, or even both:

rename(__FILE__, '/tmp/' . basename(__FILE__) . '.bak');

Don't forget to mention the place the installation script has been moved to in the installation script, though ...

About deleting directories: This is done with rmdir(), the directory must be empty, though. Moving folders is the same as with files, the function is called rename().