[Tool/Web/Other] [PHP] Is this code safe to use?
#1

Hey,
I got this code:

Код:
/*[part of code removed]*/
$conn = ftp_connect("FTP") or die("Sorry!<br />....!");
	ftp_login($conn,"LOGIN","PASS");
	ftp_get($conn,"file.txt","/remotefile.txt",FTP_ASCII);
	$file = "file.txt";
	$handle = fopen($file, 'r');
	$data = fread($handle, filesize($file));
	ftp_close($conn);
	
	if(stristr($data, $keyword) != FALSE)
	{
		//Send a message
	}
	else {//Send a message}
	fclose($handle);
Do I have chmod file with this code?
Is the file is opened safely, and the connection is made safely?
Reply
#2

So...?
Reply
#3

Ask my friend ;MaVe he's pro scriptz0r and he will help you via PN.

- Creed
Reply
#4

Quote:
Originally Posted by Creed
Ask my friend ;MaVe he's pro scriptz0r and he will help you via PN.

- Creed
Thanks
Reply
#5

Depends on what you mean by safe.
I don't even know what your code should be able to perform.
Reply
#6

I belive that WAS the code to display banlist on a website. Connects to the server with FTP and echoes the content from .ban to the website.
Reply
#7

Quote:
Originally Posted by Ettans
I belive that WAS the code to display banlist on a website. Connects to the server with FTP and echoes the content from .ban to the website.
Well.. yeah..
And by 'safe' I mean if I write there a password, would anybody see it somehow? Or I need to chmod that file, or what?
Reply
#8

If it's your own dedicated server, and you are protecting your system, then it should be alright.
PHP source code will not be sent to the client when running
Reply
#9

If the file is on a live server as in people would be able to access the page then I would either create a folder called includes or w/e you want with a file which will contain the passwords you use to connect to FTP. So for example;

$username = "user123";
$password = "password123";

Be sure to include this file in you page. Then add a .htaccess to the includes folder. Any passwords used then wont be able to be reached and there will be no information in your main php file as you have referenced them by using variables.
Reply
#10

Quote:
Originally Posted by gotenks918
If the file is on a live server as in people would be able to access the page then I would either create a folder called includes or w/e you want with a file which will contain the passwords you use to connect to FTP. So for example;

$username = "user123";
$password = "password123";

Be sure to include this file in you page. Then add a .htaccess to the includes folder. Any passwords used then wont be able to be reached and there will be no information in your main php file as you have referenced them by using variables.
It's serverside, they can't access it anyway it wouldn't matter.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)