1

I have the following script which is working well at taking the data from my HTML form and writing it to a .conf file.

<?php
 $path = '/usr/local/flowsim/data/phptest.conf';
 if (isset($_POST['CollectorIP']) && isset($_POST['CollectorPort']) && isset($_POST['NetflowVersion'])) {
    $fh = fopen($path,"a+");
    $string = 'collector-ip='.$_POST['CollectorIP']. "\n". 'collector-port='.$_POST['CollectorPort']. "\n". 'engine='.$_POST['NetflowVersion'];
    fwrite($fh,$string); // Write information to the file
    fclose($fh); // Close the file
 }
?>

However I am needing this script to "auto-name" the .conf files differently using the variables from the HTML form. For example, at the moment the script is creating the file phptest.conf and writing the below info (which will be different each time) which was inputted via the HTML form:

collector-ip=10.0.0.0
collector-port=9000
engine=Netflow Version 10 (IPFIX)

As these three inputs will be unique every time the script is run I would like to use them to name the new file each time the form is submitted.

For example if the collector-ip was 5.5.5.5, collector-port 9996 and engine Netflow Version 10 (IPFIX) the filename would be 5.5.5.5:9996:Netflow Version 10 (IPFIX).conf.

I am quite new to PHP but I believe this could be achieved by using the (isset($_POST['CollectorIP']), ($_POST['CollectorPort']) and isset($_POST['NetflowVersion']) variables in the file path which would complete from the inputted data and name the files as expected each time the form is submitted.

Is this correct or do I have it wrong? Would the following script work or is there a better way to do this?

<?php
 $path = '/usr/local/flowsim/data/(isset($_POST['CollectorIP']):isset($_POST['CollectorPort']):isset($_POST['NetflowVersion']).conf';
 if (isset($_POST['CollectorIP']) && isset($_POST['CollectorPort']) && isset($_POST['NetflowVersion'])) {
    $fh = fopen($path,"a+");
    $string = 'collector-ip='.$_POST['CollectorIP']. "\n". 'collector-port='.$_POST['CollectorPort']. "\n". 'engine='.$_POST['NetflowVersion'];
    fwrite($fh,$string); // Write information to the file
    fclose($fh); // Close the file
 }
?>

Update

<?php
if ( isset( $_POST['CollectorIP'] ) && isset($_POST['CollectorPort']) && isset($_POST['NetflowVersion']) && isset($_POST['Flowrate']) && isset($_POST['TemplateFrequency']) && isset($_POST['SourceIPAddress']) && isset($_POST['DestinationIPAddress']) ) {
    // ok let's try to create the file
    $path = '/usr/local/flowsim/data/' . trim($_POST['CollectorIP']) . ':' . trim($_POST['CollectorPort']) . ':' . trim($_POST['NetflowVersion']) . '.conf';
    $contents = "";
    if ( $fh = fopen($path,"a+") ) {
        if ( trim( $_POST['CollectorIP'] ) != "" ) {
            $contents .= 'collector-ip=' . $_POST['CollectorIP'];
        }
        if ( trim( $_POST['CollectorPort'] ) != "" ) {
            $contents .= "\n" . 'collector-port=' . $_POST['CollectorPort'];
        }
        if ( trim( $_POST['NetflowVersion'] ) != "" ) {
            $contents .= "\n" . 'engine=' . $_POST['NetflowVersion'];
        }
          if ( trim( $_POST['Flowrate'] ) != "" ) {
            $contents .= "\n" . 'flow-rate=' . $_POST['Flowrate'];
        }
          if ( trim( $_POST['TemplateFrequency'] ) != "" ) {
            $contents .= "\n" . 'template-freq=' . $_POST['TemplateFrequency'];
        }
          if ( trim( $_POST['SourceIPAddress'] ) != "" ) {
            $contents .= "\n" . 'src-ip=' . $_POST['SourceIPAddress'];
        }
          if ( trim( $_POST['DestinationIPAddress'] ) != "" ) {
            $contents .= "\n" . 'dst-ip=' . $_POST['DestinationIPAddress'];
        }
        if ( fwrite( $fh, $contents ) ) {
        }
        fclose($fh); // Close the file
    }
else {
    if (fclose($fh)) {
        echo "Netflow traffic is now being sent to the collector at ". ( $_POST['CollectorIP'] ). " on port ". ( $_POST['CollectorPort'] ). ".";
    } else { 
        echo "The simulator was unable to start the traffic flow, please try again.";
    }
    }
}
?>
Improve this question
3
  • How do you intend to link these different files to the code that will use them? Commented Oct 17, 2022 at 17:09
  • Big LOGIC Note You use the $_POST occurances to build a path BEFORE you check if they actually exist Commented Oct 17, 2022 at 17:21
  • If you're just writing a single string to the file, use file_put_contents() instead of fopen/fwrite/fclose Commented Oct 17, 2022 at 17:25

2 Answers 2

Reset to default
2

Before showing the code I think there are a couple of things worth pointing out:

  1. it looks like you're receiving this data via a post on a web form. Therefore, your intention is to allow users to send data that will be written to a file on your server. This is a big security risk, so you'll want to be 100% certain that whatever they're entering is trustworthy.

  2. Assuming the above is correct and this script will live on a web server, most of the time the script will not have write access to create a file / write to a file. So you'll have to modify permissions etc, which again has security concerns that you'll have to be aware of

Anyway, as far as the script itself, the line where you're using isset won't work as it's written. I would separate the test out and do it like so:

if ( isset( $_POST['CollectorIP'] ) && isset($_POST['CollectorPort']) && isset($_POST['NetflowVersion']) ) {
    // ok let's try to create the file
    $path = '/usr/local/flowsim/data/' . trim($_POST['CollectorIP']) . ':' . trim($_POST['CollectorPort']) . ':' . trim($_POST['NetflowVersion']) . '.conf';
    $contents = "";
    if ( $fh = fopen($path,"a+") ) {
        if ( trim( $_POST['CollectorIP'] ) != "" ) {
            $contents .= 'collector-ip=' . $_POST['CollectorIP'];
        }
        if ( trim( $_POST['CollectorPort'] ) != "" ) {
            $contents .= "\n" . 'collector-port=' . $_POST['CollectorPort'];
        }
        if ( trim( $_POST['NetflowVersion'] ) != "" ) {
            $contents .= "\n" . 'engine=' . $_POST['NetflowVersion']
        }
        if ( fwrite( $fh, $contents ) ) {
            // yay
        } else {
            // do some sort of error handling because the file couldn't be written to
        }
        fclose($fh); // Close the file
    } else {
        // do some sort of error handling because the file couldn't be opened
    }
} else {
    // do some sort of error handling because they didn't provide the necessary data
}
Improve this answer
Sign up to request clarification or add additional context in comments.

14 Comments

Thanks for your help! Yes I understand the security concerns, this is an internal tool I am building which is only going to create limited config files spun up by a backend engine. I tried your modified script and it works perfectly, thanks again!
Hi @Davearoo32, check out my edit to the original script. I set it to check each entry in the array to see if it's filled with something other than spaces by using the trim() function, and only write that entry to the file if so. I also changed the variable name from $string which isn't very descriptive, to $contents, but that's not all that important. Note that $contents defaults to an empty string, and it's possible for you to write a blank file if all 3 entries in the POST array are empty
I just tested the script and it works perfectly, thanks again for your help! :)
I was missing a closing ) on the if line
Thanks @MikeWillis. I managed to get this sorted. Thanks again for all your help!
|
-1

Expressions aren't evaluated inside string literals. You need to use concatenation.

 $path = '/usr/local/flowsim/data/' . (isset($_POST['CollectorIP']):isset($_POST['CollectorPort']):isset($_POST['NetflowVersion']) . '.conf';

You should be very careful when using POST data in filenames, since the user could put ../../.. in the value to access outside the directory you want to write to. Add some data validation, or use basename() to discard the directory part.

Improve this answer

2 Comments

String are correctly escaped, he even uses double quote to concatenate EOL. Your code is not related to the issue, which is about the file content and not its path
No it isn't. 1. Variables are only expanded inside double quotes, not single quotes. 2. If the variable is an array with quotes around the index, you need to put {} around it. 3. You can't call functions like isset() or use operators like ?:.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.