Hello members

Is it possible to edit the values (say, admin logon/password) in a config file (say, config.php) WITHOUT editing the php script config.php??

In other words, can I write another file (configeditor.php) that will alter the values (or just SOME) based on data entered into in a form??

To do this would I have to use the set function?

Thanks

Check out:
fopen()
fwrite()

Tough keep in mind that this is really insecure. To improve the security, you can move the config.php out of the web server root or place it in a password protected directory.

Its easier to do if you have every variable in the config file saved in an array.

Eg:

$myConfig = array();
$myConfig['db_user'] = 'username'; 

// etc...

This allows you to iterate through each value in the $myConfig array and not through the values retrieved via HTTP...

eg:

include('config.php');

$config_str = "\$myConfig = array();\r\n"; // note you have to escape the $ character with \ so php treats it as a string literal instead of a variable designator.. 

foreach($myConfig as $key=>$val) {

$new_val = false;

if (isset($_REQUEST[$key])) {
// you know you have a value from HTTP to ovewrite the old one..
$new_val = $_REQUEST[$key];
} else {
// you should use the old value
$new_val = $myConfig[$key];
}

// you'll be creating a string representation of the PHP code to write to your config file here... 
$config_str = "\$myConfig[{$key}] = '{$new_val}'; \r\n";

}

// write your new config string to the config file

if ($fp = fopen('/path/to/config.php', 'w')) {
fwrite($fp, $config_str, strlen($config_str));
} else {
echo 'Config file unwritable... '; // have to chmod
}

usually, you'd want to check the original data type of the config value and cast this type to the value retrieved via HTTP, as data from HTTP always has a type of string for single values.. (I think)..
This way you can preserver boolean, int and floats.. etc.

This article has been dead for over six months. Start a new discussion instead.