tags:

views:

66

answers:

2
Q: 

PHP Form writing to file in https://

Hiya

I'm having issues getting a php form to write to a file hosted with the apache httpsdocs folder. The form works just fine if all parts of it are using the http protocol, but when I secure the form, form submission and the file the results are written to, it fails.

Can anyone help?

This is the php code:

$myFile = "files/data.txt";
$fh = fopen($myFile, 'a') or die ("Could not read file");
$stringData = "Data in pipe format\n";
fwrite($fh, $stringData);
fclose($fh);
header( 'Location: http://www.example.com/thankyou');

And the various LOCATIONS are:

  • /var/www/vhosts/example.com/httpdocs/files
  • /var/www/vhosts/example.com/httpsdocs/files

Additionally, my form page is https://example.com/form.php, and the form field redirects to action="processform.php", so why does it look for processform.php in httpdocs rather than httpsdocs? Surely it should stay within the same protocol/directory as it was called from!

Thanks for any help :)

+1  A: 

You are confusing things. The urls are not urls, they are directories. My first idea is to check the rights of the secure directory ( # /var/www/vhosts/mysite.co.uk/httpsdocs/files ) to see if your webserver user can write there.

Maarten  2009-10-06 13:53:54
Sorry, wrong term - they are the locations of the files, which, obviously, correspond to the urls being requested in the code. httpsdocs/files is assigned to user:psaserv, so apache can indeed write to the folder, and all contents.
hfidgen  2009-10-06 14:06:42
Also, my main problem is that even though https://example.com/form.php has the action of "processform.php, the file which is call is httpdocs/processform.php NOT httpsdocs/processform.php
hfidgen  2009-10-06 14:07:59
this last thing is only possible if the https server is also using the insecure docroot, or if you are don't have processform.php as action but e.g. http://yoursite../processform.php.
Maarten  2009-10-06 14:38:32
Yeah it was permissions problems - thanks Maarten!
hfidgen  2009-10-07 08:07:37
+1  A: 

I second Maarten, this is definetly a permission setting on the file. Have you chmod'd the file? That should be your only issue, however this type of submission is very insecure even if you do it over https. I would make the file called something like 'data.secured' Then you can use apache's permission settings to 'lock off' the file from external access/read.

<files "*.secured">
order allow,deny
deny from all
</files>
Jakub  2009-10-06 14:10:45
Thats a good idea - have done so!
hfidgen  2009-10-06 16:09:21

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases