Filesystem Object in PHP

Jeyaseelansarc · #41 (**permalink**) 04-18-2008, 06:11 AM

flock() example

PHP Code:

  <?php

 
$fp = fopen("/tmp/lock.txt", "w+");

 
if (flock($fp, LOCK_EX)) { // do an exclusive lock

    fwrite($fp, "Write something here\n");

    flock($fp, LOCK_UN); // release the lock

} else {

    echo "Couldn't lock the file !";

}

 
fclose($fp);

 
?>

flock() requires a file pointer, you may have to use a special lock file to protect access to a file that you intend to truncate by opening it in write mode (with a "w" or "w+" argument to fopen()).

Jeyaseelansarc · #42 (**permalink**) 04-18-2008, 06:15 AM

flock() will not work on NFS and many other networked file systems. Check your operating system documentation for more details.

On some operating systems flock() is implemented at the process level. When using a multithreaded server API like ISAPI you may not be able to rely on flock() to protect files against other PHP scripts running in parallel threads of the same server instance!

flock() is not supported on antiquated filesystems like FAT and its derivates and will therefore always return FALSE under this environments (this is especially true for Windows 98 users).

Jeyaseelansarc · #43 (**permalink**) 04-18-2008, 09:28 PM

The glob() function searches for all the pathnames matching pattern according to the rules used by the libc glob() function, which is similar to the rules used by common shells. No tilde expansion or parameter substitution is done.

Jeyaseelansarc · #44 (**permalink**) 04-18-2008, 09:30 PM

Valid flags:

GLOB_MARK - Adds a slash to each item returned
GLOB_NOSORT - Return files as they appear in the directory (no sorting)
GLOB_NOCHECK - Return the search pattern if no files matching it were found
GLOB_NOESCAPE - Backslashes do not quote metacharacters
GLOB_BRACE - Expands {a,b,c} to match 'a', 'b', or 'c'
GLOB_ONLYDIR - Return only directory entries which match the pattern
GLOB_ERR - Stop on read errors (like unreadable directories), by default errors are ignored

Jeyaseelansarc · #45 (**permalink**) 04-18-2008, 09:31 PM

Convenient way how glob() can replace opendir()

PHP Code:

  <?php

foreach (glob("*.txt") as $filename) {

    echo "$filename size " . filesize($filename) . "\n";

}

?>

Jeyaseelansarc · #46 (**permalink**) 04-22-2008, 04:46 AM

ftell() Returns the position of the file pointer referenced by handle; i.e., its offset into the file stream.

For e.g

PHP Code:

  <?php

 
// opens a file and read some data

$fp = fopen("/etc/passwd", "r");

$data = fgets($fp, 12);

 
// where are we ?

echo ftell($fp); // 11

 
fclose($fp);

 
?>

Jeyaseelansarc · #47 (**permalink**) 04-22-2008, 04:47 AM

From the above example the file pointer must be valid, and must point to a file successfully opened by fopen() or popen(). ftell() gives undefined results for append-only streams (opened with "a" flag).

Jeyaseelansarc · #48 (**permalink**) 04-22-2008, 04:48 AM

fstat() gathers the statistics of the file opened by the file pointer handle. This function is similar to the stat() function except that it operates on an open file pointer instead of a filename.

For example

PHP Code:

  <?php

 
// open a file

$fp = fopen("/etc/passwd", "r");

 
// gather statistics

$fstat = fstat($fp);

 
// close the file

fclose($fp);

 
// print only the associative part

print_r(array_slice($fstat, 13));

 
?>

Returns an array with the statistics of the file; the format of the array is described in detail on the stat() manual page.

Jeyaseelansarc · #49 (**permalink**) 04-22-2008, 11:17 PM

To get of the owner of the file the we can use fileowner()

Returns the user ID of the owner of the file, or FALSE in case of an error. The user ID is returned in numerical format, use posix_getpwuid() to resolve it to a username.

As of PHP 5.0.0 this function can also be used with some URL wrappers

Jeyaseelansarc · #50 (**permalink**) 04-22-2008, 11:23 PM

To get file permission we can use fileperms() function.

Jeyaseelansarc · #51 (**permalink**) 04-22-2008, 11:24 PM

example for displaying full permissions on the files:

PHP Code:

  <?php

$perms = fileperms('/etc/passwd');

 
if (($perms & 0xC000) == 0xC000) {

    // Socket

    $info = 's';

} elseif (($perms & 0xA000) == 0xA000) {

    // Symbolic Link

    $info = 'l';

} elseif (($perms & 0x8000) == 0x8000) {

    // Regular

    $info = '-';

} elseif (($perms & 0x6000) == 0x6000) {

    // Block special

    $info = 'b';

} elseif (($perms & 0x4000) == 0x4000) {

    // Directory

    $info = 'd';

} elseif (($perms & 0x2000) == 0x2000) {

    // Character special

    $info = 'c';

} elseif (($perms & 0x1000) == 0x1000) {

    // FIFO pipe

    $info = 'p';

} else {

    // Unknown

    $info = 'u';

}

 
// Owner

$info .= (($perms & 0x0100) ? 'r' : '-');

$info .= (($perms & 0x0080) ? 'w' : '-');

$info .= (($perms & 0x0040) ?

            (($perms & 0x0800) ? 's' : 'x' ) :

            (($perms & 0x0800) ? 'S' : '-'));

 
// Group

$info .= (($perms & 0x0020) ? 'r' : '-');

$info .= (($perms & 0x0010) ? 'w' : '-');

$info .= (($perms & 0x0008) ?

            (($perms & 0x0400) ? 's' : 'x' ) :

            (($perms & 0x0400) ? 'S' : '-'));

 
// World

$info .= (($perms & 0x0004) ? 'r' : '-');

$info .= (($perms & 0x0002) ? 'w' : '-');

$info .= (($perms & 0x0001) ?

            (($perms & 0x0200) ? 't' : 'x' ) :

            (($perms & 0x0200) ? 'T' : '-'));

 
echo $info;

?>

Jeyaseelansarc · #52 (**permalink**) 04-25-2008, 05:16 AM

The function fscanf() is similar to sscanf(), but it takes its input from a file associated with handle and interprets the input according to the specified format, which is described in the documentation for sprintf(). If only two parameters were passed to this function, the values parsed will be returned as an array. Otherwise, if optional parameters are passed, the function will return the number of assigned values. The optional parameters must be passed by reference.

Any whitespace in the format string matches any whitespace in the input stream. This means that even a tab \t in the format string can match a single space character in the input stream.

Jeyaseelansarc · #53 (**permalink**) 04-25-2008, 05:16 AM

fscanf() Example

PHP Code:

  <?php

$handle = fopen("users.txt", "r");

while ($userinfo = fscanf($handle, "%s\t%s\t%s\n")) {

    list ($name, $profession, $countrycode) = $userinfo;

    //... do something with the values

}

fclose($handle);

?>

Jeyaseelansarc · #54 (**permalink**) 04-29-2008, 10:52 PM

is_uploaded_file() tells whether the file was uploaded via HTTP POST

This is useful to help ensure that a malicious user hasn't tried to trick the script into working on files upon which it should not be working--for instance, /etc/passwd.

Jeyaseelansarc · #55 (**permalink**) 04-29-2008, 10:52 PM

This sort of check is especially important if there is any chance that anything done with uploaded files could reveal their contents to the user, or even to other users on the same system.

For proper working, the function is_uploaded_file() needs an argument like $_FILES['userfile']['tmp_name'], - the name of the uploaded file on the clients machine $_FILES['userfile']['name'] does not work.

Jeyaseelansarc · #56 (**permalink**) 04-29-2008, 10:53 PM

is_uploaded_file() example

PHP Code:

  <?php

 
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {

   echo "File ". $_FILES['userfile']['name'] ." uploaded successfully.\n";

   echo "Displaying contents\n";

   readfile($_FILES['userfile']['tmp_name']);

} else {

   echo "Possible file upload attack: ";

   echo "filename '". $_FILES['userfile']['tmp_name'] . "'.";

}

 
?>

Jeyaseelansarc · #57 (**permalink**) 04-29-2008, 10:54 PM

is_uploaded_file() is available only in versions of PHP 3 after PHP 3.0.16, and in versions of PHP 4 after 4.0.2. If you are stuck using an earlier version, you can use the following function to help protect yourself:

PHP Code:

  <?php

/* Userland test for uploaded file. */

function is_uploaded_file_4_0_2($filename) 

{

    if (!$tmp_file = get_cfg_var('upload_tmp_dir')) {

        $tmp_file = dirname(tempnam('', ''));

    }

    $tmp_file .= '/' . basename($filename);

    /* User might have trailing slash in php.ini... */

    return (ereg_replace('/+', '/', $tmp_file) == $filename);

}

 
/* This is how to use it, since you also don't have

 * move_uploaded_file() in these older versions: */

if (is_uploaded_file_4_0_2($HTTP_POST_FILES['userfile'])) {

    copy($HTTP_POST_FILES['userfile'], "/place/to/put/uploaded/file");

} else {

    echo "Possible file upload attack: filename '$HTTP_POST_FILES[userfile]'.";

}

?>

Jeyaseelansarc · #58 (**permalink**) 04-29-2008, 10:55 PM

File Upload Form

Code:

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="__URL__" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>