0

I know a lot of questions similar to this have been asked before which I have checked out but I am still having trouble writing my HTML form data to a .conf file. I am trying to write a script which will take the data from a submitted HTML form, create a new .conf file and write the data to the file.

HTML:

<form action="filewrite.php" class="u-clearfix u-form-spacing-10 u-form-vertical u-inner-form" method="POST" name="form" style="padding: 10px;">
            <div class="u-form-group u-form-name">
              <label for="name-26a2" class="u-custom-font u-heading-font u-label u-text-body-alt-color u-label-1">Collector IP Address</label>
              <input type="text" placeholder="Collector IP address" name="CollectorIP" minlength="7" maxlength="15" pattern="^((\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$" input required class="u-border-1 u-border-custom-color-1 u-custom-font u-heading-font u-input u-input-rectangle u-radius-14 u-white u-input-1" required="required">
            </div>
            <div class="u-form-email u-form-group">
              <label for="email-26a2" class="u-custom-font u-heading-font u-label u-text-body-alt-color u-label-2">Collector Port</label>
              <input type="number" placeholder="Collector Port" name="CollectorPort" class="u-border-1 u-border-custom-color-1 u-custom-font u-heading-font u-input u-input-rectangle u-radius-14 u-white u-input-2" required="required">
            </div>
            <div class="u-form-group u-form-select u-form-group-3">
              <label for="select-7512" class="u-custom-font u-heading-font u-label u-text-body-alt-color u-label-3">Netflow Version</label>
              <div class="u-form-select-wrapper">
                <select id="select-7512" name="NetflowVersion" class="u-border-1 u-border-custom-color-1 u-custom-font u-heading-font u-input u-input-rectangle u-radius-14 u-white u-input-3" required="required">
                  <option value="Netflow Version 10 (IPFIX)">Netflow Version 10 (IPFIX)</option>
                  <option value="Netflow Version 9">Netflow Version 9</option>
                  <option value="Netflow Version 7">Netflow Version 7</option>
                  <option value="Netflow Version 5">Netflow Version 5</option>
                </select>
                <svg xmlns="http://www.w3.org/2000/svg" width="14" height="12" version="1" class="u-caret"><path fill="currentColor" d="M4 8L0 4h8z"></path></svg>
              </div>
            </div>
            <div class="u-align-left u-form-group u-form-submit">
              <a href="#" class="u-btn u-btn-round u-btn-submit u-button-style u-custom-color-2 u-custom-font u-heading-font u-radius-50 u-btn-1">Submit</a>
              <input type="submit" name="submit"  value="Save Data" class="u-form-control-hidden">
            </div>
            <div class="u-form-send-message u-form-send-success">Success, Netflow traffic is now being sent to x.x.x.x:xxxx</div>
            <div class="u-form-send-error u-form-send-message">The simulator was unable to process the request, please try again.</div>
            <input type="hidden" value="" name="recaptchaResponse">
            <input type="hidden" name="formServices" value="b7574ca92d30e67a7edd501c5be4f581">
          </form>

PHP:

    <?php
 $path = '/usr/local/flowsim/data/phptest.conf';
 if (isset($_POST['CollectorIP']) && isset($_POST['CollectorPort']) && isset($_POST['NetflowVersion'])) {
    $fh = fopen($path,"a+");
    $string = $_POST['CollectorIP'].' - '.$_POST['CollectorPort'].' - '.$_POST['NetflowVersion'];
    fwrite($fh,$string); // Write information to the file
    fclose($fh); // Close the file
 }
?>

The reason for this is to build a tool which is only used internally, I realise having a system that allows users to write .conf files to the server is not best practise however the options available on the HTML form are limited.

Any idea where I might be going wrong in my code?

Thanks

Improve this question
4
  • Well, perhaps if you want to write a .conf file you should actually write to such a file? It seems that currently you're writing to a .php file. Commented Oct 16, 2022 at 21:18
  • 3
    Your code opens a loophole as you allow unsanitized external input to be written to a file on your server! Worse than that, it's a PHP file and can be executed. Commented Oct 16, 2022 at 21:18
  • 1
    I think whatever project you are doing, allowing an interface to write (or even worse: access) sensitive informations such as .conf file is an antipattern, just like putting configuration in a database read by the code is also an anti pattern. Maybe you can try editing your post and expose your business problem so the community can guide you towards a better programming approach? Commented Oct 16, 2022 at 22:12
  • Fixed the PHP code to actually write to a .conf file, I slipped up their. Any thoughts? Commented Oct 17, 2022 at 7:57

1 Answer 1

Reset to default
1

The code was not the issue here. NGINX and PHP-FPM were using mismatched sockets. Checked /var/log/nginx/error.log and was getting errors like the below:

connect() to unix:/var/run/php/php7.0-fpm.sock failed (2: No such file or directory) while connecting to upstream

Followed the guide here and was able to fix the problem - https://www.datadoghq.com/blog/nginx-502-bad-gateway-errors-php-fpm/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.