FTP functions in php

Posted: February 2, 2010 in Uncategorized

Most of the PHP applications store and read their settings from a configuration file. Normally an installer script is used to write the settings to the config file and then an admin section is provided through which the administrator can manage these settings. Normal PHP file functions like fopen and fputs can be used to create and write to the configuration file.

But there is a major drawback with this approach. If you want to create a file/directory through a PHPscript in another directory, say, includes, then the directory includes need to be writable by the PHPscript. Most of the times this means that you will need to chmod the directory to 777. This is a big security hole.

Another problem is that, more often than not, the owner/group of the newly created file is set to that of the PHP process. PHP process normally run as “nobody” or “www”. This means that the newly created file will be owned by “nobody” or “www” and you might not be able to delete the file through FTP. You will have to delete the file through a PHP script.

<?php
	//Make the file writable by all
	chmod('somefile',0777);
	//Open the file and write to it
	$fp = fopen('somefile', 'w');
	fputs($fp,$data);
	fclose($fp);
	//Make the file writable only by the owner
	chmod('somefile',0644);
?>

Connecting to FTP server

Use ftp_connect function to connect to FTP server and use ftp_login function to login to FTP server.  
<?php
	//Connect to the FTP server
	$ftpstream = @ftp_connect('localhost');
	//Login to the FTP server
	$login = @ftp_login($ftpstream, 'user', 'secret');
	if($login) {
		//We are now connected to FTP server.
	}
	//Close FTP connection
	ftp_close($ftpstream);
?>

Creating directory through FTP

Now that we have connected to FTP server, we can create a directory on the server using ftp_mkdirfunction.  
<?php
	//Create a directory 'config' at the root of your website
	@ftp_mkdir($ftpstream, '/public_html/config');
?>

Notice that path specified here is not the filesystem path, its the FTP path. /public_html here is theFTP root and is often different from web server’s document root. Couple of points to keep in mind:

  1. Path specified is not the filesystem path
  1. FTP root is different from web’s server document root

You may specify the directory name only, that is, without the full path. In that case, the new directory will be created where ever you ended up when you logged into the FTP server.

Create file through FTP

Creating a new file through FTP functions is a two step process. First we create a new temporary file using the tmpfile function. Next we upload this temporary file to the server using ftp_fput function.

<?php
	//Create a temporary file
	$temp = tmpfile();
	//Upload the temporary file to server
	@ftp_fput($ftpstream, '/public_html/config/config.inc', $temp, FTP_ASCII);
?>

Change mode of file using ftp_site

We can change the file mode/permissions using the ftp_site function.  
<?php
	//Make the file writable by all
	ftp_site($ftpstream,"CHMOD 0777 /public_html/config/config.inc");
	//Write to file	
	$fp = fopen('/home/jatinder/public_html/config/config.inc', 'w');
	fputs($fp,'Learnt this at PHPSense.com');
	fclose($fp);
	//Make the file writable only to owner
	ftp_site($ftpstream,"CHMOD 0644 /public_html/config/config.inc");
?>

PHP5 has built in ftp_chmod, so if you are running PHP5 you can use the ftp_chmod function instead of the above PHP code snippet.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s