CT30675E Application Development for the Web

1
CT30675E Application Developmentfor the Web

• Week 8Accessing Files Directories

2
Whats in store this week

• News
• Accessing Files Directories
• Permissions
• Perl/PHP file system access
• Accessing a file
• Manipulating files
• Manipulating directories
• Permissions, revisited

3
Accessing Files Directories

• Sometimes it is necessary for a program to
  interact with the file system of the machine it
  is running on.
• Both Perl and PHP allow this to happen (and even
  give some standard functions to aid you), but
  there are a few points you should be aware of.

4
Permissions

• A script can only read and write files and
  directories for which it has permission to do so.
• And if you are running a Perl/PHP script via a
  web server, all scripts will ordinarily be
  executed as the user running the web server.
• On holst this is a user called apache.
• How can we tell what permissions a file or
  directory has?

5
Permissions

• It depends on what system we are running from
• On Windows 95/98/Me, there are no permissions.
  Perl can read or write to any file or directory
  on the system.
• On Windows NT/2000/XP, file and directory
  permissions are governed by access control lists
  which are usually set by the administrator of the
  machine.

6
Permissions

• On UNIX/Linux, permissions are specified for
  three classes of users.
• The user that owns the file.
• members of the group that owns the file
  (excepting the user that owns the file).
• Everyone else.
• USER - GROUP - WORLD

7
Permissions

• Permissions are granted for read, write and
  execute.
• rwx
• When dealing with files, they do exactly what
  they say on the tin.
• For directories
• read allows you to get a list of directory
  contents.
• write allows you to create new files
• execute allows you to directly access files which
  already exist in the directory.

8
Permissions

• Each of the three groups (owner, group owner,
  world) can have any of those permissions granted
  or denied, by using the chmod command
• chmod 775 index.html
• The number consists of three octal digits.
• The first digit represents the permissions for
  the owner, the second for the group owner, and
  lastly the permissions for everyone else.

9
Permissions

• How do we work out what the three numbers should
  be?
• We add up the numbers for each permission
• read permission is worth 4
• write permission is worth 2
• execute permission is worth 1

10
Permissions

• So...
• 1 execute only.
• 2 write only.
• 3 1 2 write execute.
• 4 read only.
• 5 1 4 read execute.
• 6 2 4 read write.
• 7 1 2 4 read, write and execute.

11
Permissions
chi_at_holst htdocs chmod 775 index.html
12
File systems access

• We are now going to investigate how both Perl and
  PHP handle file access.
• This will be a bit of a whistle-stop tour, but
  the documentation for both Perl and PHP contain
  more complete instructions about the topic.
• We will look at Perl first, and then investigate
  the differences in PHP (they work in similar ways)

13
Perl and file system access

• Whilst we could access the file system by running
  system programs, Perl has a number of built in
  functions to save time and effort.
• open, getc, read, seek, eof, close, opendir,
  readdir, rewinddir, seekdir, closedir, truncate,
  chdir, chmod, chown, mkdir, rename, rmdir, unlink
• There are other functions (see the perlfunc
  manual page for more details).

14
PHP and file system access

• Similarly, PHP has a whole host of filesystem
  commands (see ref.filesystem in the PHP
  documentation for full details)
• fopen, fread, fwrite, ftruncate, fseek, is_file,
  is_uploaded_file, ...

15
Opening a file - Perl

• To access a file, you open a pipe to a file
  handle with the open function.
• open(FILE, 'gt', "../store/passwd")
• The most useful format of the open function takes
  three arguments.
• The first argument names the file handle - the
  name by which the pipe will be referred to until
  it is closed (so in this case - FILE).

16
Opening a file - Perl

• The second argument specifies what mode to open
  the file in
• 'lt' - open the file for reading (default).
• 'gt' - open the file for writing, but truncate the
  file first to clear all contents.
• 'gtgt' - open the file for editing, keeping the
  original contents intact.
• 'lt' - open the file for reading and writing, but
  keep the original contents.

17
Opening a file - Perl

• Notes
• If you open a file for reading (lt) or appending
  (gtgt), the file must exist.
• If you open a file for exclusive writing (gt), the
  file will be created (so long as directory
  permissions allow) if it does not already exist.

18
Opening a file - PHP

• PHP works in the same way, except
• The open function is called fopen()
• It takes two parameters, the filename, and the
  access mode
• The close function is called fclose()
• You must assign the result to a variable
• e.g.
• handle fopen("../store/data.txt", "r")

19
Opening a file - PHP

• The access mode is specified as one of
• r - read only access (same as lt in Perl)
• r - read/write access (like lt)
• w - truncate for writing, or create
• w - truncate for reading/writing (like gt)
• a - open for appending, or create (like gtgt)
• a - open for appending/reading, or create
• x - create and open for writing - error if file
  exists
• x - create and open for read/write - error if
  exists

20
Errors opening a file - Perl

• Very often opening a file for reading/writing is
  such a vital part of a program that we wouldnt
  want to continue if for some reason it fails. We
  can do this by specifying or die after the open
  command.
• open(README, 'gt', "readme.txt") or die
  "readme.txt missing!\n"
• Please refer to the perlopentut manual page for
  more information on opening files.

21
Errors opening a file - PHP

• Since PHP assigns the handle to a variable, we
  can test whether the variable returns false, and
  a warning generated.
• handle fopen("../store/data.txt", "r")
• if(!handle)
• // print nice error message
• die()

22
Accessing a file - Perl

• Once the file has been opened to a pipe, we can
  read data from it
• by using the lt gt operator, or the readline
  function, for an entire line.
• line ltFILEHANDLEgt
• line readline(FILEHANDLE)
• Character by character using the getc function.
• char getc FILEHANDLE

23
Accessing a file - Perl file

• In whole blocks of arbitrary size using the read
  function.
• read(FILEHANDLE, usrname, 8)
• We can also jump to a specified position in the
  file using the seek function.
• seek(FILEHANDLE, 255, 0)
• These functions all return undef if the end of
  file is reached.
• To explicitly test whether the file handle is at
  the end of file, you can use the eof function -
  Although in practice you will probably never need
  to do this.

24
Accessing a file - Perl

• or write to it (if it has been opened for
  writing), by using the print function
• print FILEHANDLE "line of text\n"
• You can truncate a file which has been opened for
  writing to a certain length (in bytes) by using
  the truncate function
• truncate FILEHANDLE, 1024

25
Accessing a file - Perl

• When you are finished with a file, ensure that
  you close it by using the close function.
• close FILEHANDLE
• You should always be sure to close pipes when you
  have finished using them. Perl writes to files
  in buffered mode, so you cannot guarantee all
  data is saved to the file until after it ha been
  closed.

26
Accessing a file - Perl

• Example - writing to file
• open(COUNTER,"gtgt","../logs/error.log") or
  die("counter log missing!\n")
• print COUNTER "Record entry\n"
• print COUNTER "Number of hits cnt_hit\n"
• print COUNTER ltltHERE
• Interesting.
• We can perform multi-line print ltltHERE
• statements to a file handle.
• HERE
• close COUNTER

27
Accessing a file - Perl

• Example 2 - performing an action on a whole file,
  line by line
• my count 0
• open(DATAFILE,"lt","../logs/data.txt") or
  die("data file missing!\n")
• while(line ltDATAFILEgt)
• _at_bits split(/","/, line)
• print "Name bits0 bits1\n"
• count
• close DATAFILE
• print "Total number of records count\n"

28
Accessing a file - PHP

• PHP provides a number of functions for getting
  input...
• fgetc() - get a character from the file
• fgets() - get a line from the file
• fgetss() - get a line, and strip out HTML
• and putting data into a file
• fwrite() - puts a string into a file
• fputs() - alias for fwrite()

29
Accessing a file - Perl

• Example - writing to file
• lt?php
• handle fopen("../logs/error.log, "a)
• fwrite(handle, "Record entry\n")
• fwrite(handle, "Number of hits cnt_hit\n)
• text "Perhaps this line of text must be
  written, else the file is corrupt?")
• if(fwrite(handle, text) FALSE)
• echo "ltpgtFailed to write to filelt/pgt"
• die()
• fclose(handle)
• ?gt

30
Accessing a file - PHP

• Example 2 - performing an action on a whole file,
  line by line
• lt?php
• my count 0
• if(! handle fopen("../logs/data.txt","r"))
• echo "ltpgtData file missing.lt/pgt"
• die()
• while(line fgetcsv(handle, 1000, ",") !
  FALSE)
• echo "Name line0 line1\n"
• count
• fclose(handle)
• print "Total number of records count\n"

31
Manipulating files

• So that is how to access and change data within a
  file - but how do we actually deal with files
  themselves?
• Well, if we know the filenames of files we want
  to deal with, we can use a number of functions to
  interact with them.
• Well talk about how to actually look at
  directory contents shortly...

32
Manipulating files - Perl

• There are also a whole host of file/directory
  functions collectively known as the -X functions
• -r File is readable by effective uid/gid.
• -w File is writable by effective uid/gid.
• -x File is executable by effective uid/gid.
• -o File is owned by effective uid.
• -e File exists.
• -z File has zero size (is empty).
• -s File has nonzero size (returns size in bytes).

33
Manipulating files - Perl

• -f File is a plain file.
• -d File is a directory.
• -T File is an ASCII text file.
• -B File is a "binary" file (opposite of -T).
• -M Age of file in days when script started.
• -A Same for access time.

34
Manipulating files - Perl

• rename - tries to rename a file (or directory).
• rename 'home.html', 'home.html.old'
• unlink - tries to delete a file.
• unlink '/home/chi/index.html'
• chmod - tries to change permissions.
• chmod 0755, '/home/chi/index.html'
• chown - tries to change ownership.
• chown -1, student, index.html'

35
Manipulating files - PHP

• PHP has similar functions, but watch the syntax,
  as it is often a little different
• chmod('/home/chi/index.html', 0755)
• rename('home.html', 'home.html.old')
• file_exists('home.html')
• is_readable('home.html')
• is_writable('home.html')

36
Manipulating directories

• Aside from some small syntax differences, this is
  the same in both Perl and PHP (see ref.dir in the
  documentation for the syntax)
• We can search through directories by using
  directory handles.
• These work in much the same way as file handles,
  in that we open them, can read entries, and close
  them.

37
Manipulating directories

• We open directory handles with the opendir
  function.
• opendir DIRECTORY, '/home/chi/'
• readdir returns the next directory entry in the
  directory list (or, if you assign it to an array
  variable, all the remaining directory names).
• next readdir DIRECTORY

38
Manipulating directories

• rewinddir resets the position of the directory
  handle to the very first entry.
• rewinddir DIRECTORY
• When you have finished with the directory handle,
  close it with the closedir function.
• closedir DIRECTORY

39
Manipulating directories

• You can try to create or delete directories using
  the mkdir and rmdir functions.
• mkdir "/home/chi/temp/"
• rmdir "/home/chi/oldtemp/"

40
Manipulating directories

• Example Prints directory contents to a web page.
• Use CGI
• my query new CGI
• print query-gtheader()
• opendir(DIRECTORY, "../logs/") or die("couldnt
  open /logs !\n")
• while(linereaddir(DIRECTORY))
• print "line ltbrgt\n"
• closedir DIRECTORY

41
Permissions, revisited

• Since all Perl scripts are run as apache, that
  means that in principle any other script on the
  server can access files you created using Perl.
• This could be a security risk especially if you
  are storing credit card numbers or the like.
• There is a solution setuid.

42
Permissions, revisited

• By making a script setuid, which means set User
  ID (or setgid - set Group ID) it will run with
  the effective user ID of the user who owns the
  file.
• So if a Perl script is owned by the user chi,
  making the script setuid will make the script run
  as if it is the user chi and not apache.
• Setuid/setgid have serious security implications,
  and Perl will always run a setuid/setgid script
  in taint mode.

43
Next Week

• JavaScript DOM validation
• Cookies