best way to update congfig.php
I h开发者_如何转开发ave a config.php file for one of my site which holds information needed to run the site. It somewhat looks like this:
<?php
$site_name="The Site";
$base_url = "http://site.com";
$upload_path = "/images";
?>
Getting the values from that is easy, I just use require 'config.php';
but how can i give an option to add this from a html form? Means how can i update the values? One of the way i have in mind is using fopen and fsave, somewhat like this:
<?php
$filename = 'config.php';
$somecontent = "config here";
if (is_writable($filename)) {
if (!$handle = fopen($filename, 'w')) {
echo "Cannot open file ($filename)";
exit;
}
// Write $somecontent to our opened file.
if (fwrite($handle, $somecontent) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}
echo "Success, wrote ($somecontent) to file ($filename)";
fclose($handle);
} else {
echo "The file $filename is not writable";
}
?>
But is this the standard way to do this? Is this how all those cms write their config file?
$cfg['sitename'] = $_POST['sitename'];
$file = "config.php";
$contents = "<?php\r\n\$cfg=".var_export($cfg,1).";\r\n?>";
file_put_contents($file,$contents);
Well, I don't like the idea of rewriting PHP scripts (config.php).
I think that a nicer solution is to have a config.ini file (you have to secure the access to the file. You can do that via .htaccess file or you can move the file out of document_root scope) and just read the file.
config.ini content:
key1 = value
key2 = value
key3 = value
key4 = value
Notes:
- config.ini will be a little slower than config.php but for non-critical sites it will be ok
- config.ini should be still better option than using database
- As an advantage of config.ini I see the fact that nobody can add a php script to your config.php
- PHP contains the function parse_ini_file for parsing ini files (example of usage)
- You can divide the content of ini file to sections and modes:
[Production]
mysql_server = value
mysql_username = value
...
[Development] mysql_server = value mysql_username = value ...
Writing into .php file is not a good idea at all. Better to store your config in database, .ini file or xml file. Using this "storages" for config make it really easy to read and write.
Attention: please note that you should put .ini, .xml files out from your document root directory to avoid accessing it from web.
Also, I advise you to check Zend Config http://framework.zend.com/manual/ru/zend.config.html to see how writing to config is implemented in OOP MVC framework.
You can use create a template for config.php using a template engine, e.g. Smarty
config.tpl
<?php
// DB Settings
$db_host = "{$db->host}";
$db_user = "{$db->user}";
$db_password = "{$db->password}";
...
And use Smarty to render the config.php for you and capture the output and save to the real config file.
<?php
$smarty->assign('db', $db);
$output = $smarty->fetch('config.tpl');
// ...save the output into config.php
The advantage in using this approach is you can separate the layout and content of your config file, e.g. you can add extra comments in the config file, or arrange the item's order easily.
Also, using this approach, you can easily move to other formats such as INI or XML format, as suggested by others.
I've been using tszming's template solution for a while and it works fine - provided you're already at ease with Smarty or other templating systems, otherwise it might be too much effort just for saving your config.
A simpler solution is to have all configuration options in an array, and keep it in a file encoded as JSON. At the start of each script you file_get_contents()
and json_decode()
the settings file into the array. Any time you want to save the current options you json_encode()
the options array and write to the settings file with file_put_contents()
.
This allows PHP to read and write the configuration with minimal fuss, but you're still able to edit it with a text editor should need arise.
I imagine that's how the admin panel of most CMSes would allow you to write directly to the config file, but:
- You should make absolutely sure that the submitter is authenticated as an administrator before doing this.
REGISTER_GLOBALS
should preferably also be turned off, although that's more of a general security concern than something specifically related to this.
My suggestion from personal experience would be to keep the most basic stuff in the config file (database connection) and everything else in a database table. You should always try to keep away from writing stuff on the server unless you really have to otherwise you will run into permission problems, security issues ans so on...
It's getting biggie when you want to distribute scripts like this.
The rest, is pretty similar to the above answer:
<?php
$config = "<?php\r\n";
$file = "/path/to/config.php";
foreach ( $_POST [ 'config' ] as $config_label => $config_value ):
$config .= "$$config_label = '{$config_value}'\r\n";
endforeach;
file_put_contents($file,$config);
Good luck.
精彩评论