Hi everybody,

Today I slapped together a neat little project. It's a forum, located at: http://www.mikeburt.net/forum (designed it myself)

It works well, the only thing is that I haven't implemented "edit" features yet.

Sign up if you want.

Your design style is very op-art. I like it.

attempted to be the first person to reply and received the error below while trying to respond to the "forum is up" announcement

Not to bad thus far though

http://www.mikeburt.net/forum/?q=post&dir=community/announcements/forum_is_up&tid=001

Warning: fopen(structure/community/announcements/forum_is_up.php) [function.fopen]: failed to open stream: Permission denied in /home/mburt/public_html/forum/member/post.php on line 5

Warning: fwrite(): supplied argument is not a valid stream resource in /home/mburt/public_html/forum/member/post.php on line 7

Warning: fclose(): supplied argument is not a valid stream resource in /home/mburt/public_html/forum/member/post.php on line 8

Thanks guys... I know the reply is a problem. My cpanel won't let me change my folder permissions (for whatever reason) on the thread folders. It's really annoying, and I've tried practically everything.

Is there some kind of flag with fwrite I can use to automatically set the permissions to 777?

Nope, got to use chmod (http://php.net/chmod).

Ahh that's just what I was looking for. Thanks man.

This is the error I get however:

Warning: chmod() [function.chmod]: Operation not permitted in /home/mburt/public_html/forum/member/post.php on line 5

Do I absolutely need 777 permissions to use fwrite?

no its not mandatory. generally the permissions should be set at

751 (folders)
644 (files)

I believe that chmod() can only be executed from the machine, not in a script... If you have a ftp login, try to use that? or possibly a cli client like PuTTy

When you create a file with PHP, you should have writes to modify it with any other PHP script on your server.

Could you explain that boogyman?

Yeah I know... It's weird. I should be able to modify it.

Could you explain that boogyman?

When talking about file permissions, the three digits represent what the owner, what the group and what the world has access to.
The second bit is knowing what each number 1-7 means, and for that i defer to



0 --- no permissions
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read, write and execute


0 being no access
7 being full control

so for a file folder,
the owner has full control
the group can read the file (view) and can execute (perform/carry out) the file
the world can execute the file

this means that whoever is listed as the owner can do anything and everythig they want to that folder (view the files / edit the files / execute the files)
other members of the same group can view the contents fo the files and they can execute the files
everyone else can only execute the files


recommended specific file permissions (644) mean
the owner can view the file and can execute the file
the group the owner belongs to can view the file
everyone else can view the file


644 basically means that the owner has moderate control over the file, but everyone else can really only just view the file

So ... Any reasons why my fwrite doesn't work?

This is the full script:


<?php
global $dir, $user;
$xdir = $dir."/".$_GET["dir"].".php";
$dir2 = $dir."/".$seg[0]."/".$seg[1];
$seg = explode("/", $_GET["dir"]);
$orig = phpinclude($xdir, "");
$handle = fopen($xdir, "w");
$data = $orig.'<div class="thread"><div class="author">by '.$user.'</div><div class="text">'.s("text").'</div></div>';
fwrite($handle, $data);
fclose($handle);
//redirect("?sub=".$seg[0]."&f=".$seg[1]."&t=".$_GET["tid"]);
?>

its generally refrained upon to use global variables, and you can get into trouble when you do.

To troubleshoot, have you tried explicitly setting the folder directory and the user's name? If that works than you have a problem with the variables.

its general security and coding practice to sanitize all of your content, to avoid malicious code being executed either by intent or by accident. PHP offers the function strip_tags() (http://www.php.net/strip_tags) to sanitize for php, however you should also do some research for sanitizing content when dealing with databases.


Move the $seg declaration before you use it, because right now you are technically re-declaring the variable after "it" is being used.



$seg = explode("/", strip_tags($_GET["dir"]));
$xdir = $dir."/".strip_tags($_GET["dir"]).".php";
$dir2 = $dir."/".$seg[0]."/".$seg[1];


Please watch your abuse of the <div> tag. It was meant to contain blocks of code, but not actual content. So just replace your author and text div with p and you will syntactically back in order.
More good coding practice is to also separate the syntax from the content, and php offers a function to do just that sprintf() (http://php.net/sprintf)

Applying those two suggestions on the line you receive



$data = sprintf('%s <div class="thread"><p class="author">%s</p><p class="text">%s</p></div>', $orig, $user, s("text"));

The s("text") function does the following things:

return stripslashes(strip_tags($_POST["s"]));

And the variables are fine, I echoed them.

I found the problem... I copied all of the files from my site to my computer, then back on my site again. That's why fwrite wouldn't work. I have to make the threads from my site.

There's some big updates... Now you can rename or delete your main thread, and you can also edit your individual posts, or delete them.

http://www.mikeburt.net/forum

Control panel update and "users online" update.

Now you can manage your signature, e-mail and website address.