Check out:
fopen()
fwrite()

Tough keep in mind that this is really insecure. To improve the security, you can move the config.php out of the web server root or place it in a password protected directory.

Its easier to do if you have every variable in the config file saved in an array.

Eg:

[php]
$myConfig = array();
$myConfig['db_user'] = 'username';

// etc...
[/php]

This allows you to iterate through each value in the $myConfig array and not through the values retrieved via HTTP...

eg:

[php]
include('config.php');

$config_str = "\$myConfig = array();\r\n"; // note you have to escape the $ character with \ so php treats it as a string literal instead of a variable designator..

foreach($myConfig as $key=>$val) {

$new_val = false;

if (isset($_REQUEST[$key])) {
// you know you have a value from HTTP to ovewrite the old one..
$new_val = $_REQUEST[$key];
} else {
// you should use the old value
$new_val = $myConfig[$key];
}

// you'll be creating a string representation of the PHP code to write to your config file here...
$config_str = "\$myConfig[{$key}] = '{$new_val}'; \r\n";

}

// write your new config string to the config file

if ($fp = fopen('/path/to/config.php', 'w')) {
fwrite($fp, $config_str, strlen($config_str));
} else {
echo 'Config file unwritable... '; // have to chmod
}


[/php]

usually, you'd want to check the original data type of the config value and cast this type to the value retrieved via HTTP, as data from HTTP always has a type of string for single values.. (I think)..
This way you can preserver boolean, int and floats.. etc.