Chmod problem

Does anyone else have a problem chmoding files? I'm running some plugboards on my site and I can't get them to work correctly. I've made the files writable by setting them to 666 but it doesn't seem to be working, anyone else have this problem? Have any idea what I can do to solve it? Thanks :)

Edited by Natasha on 09/26/06 09:10 AM (server time).

Natasha,

Due to the way DH runs cgi scripts using suexec (where the scripts run as "your" user rather than as the webserver ("nobody", etc)), the scripts will not run unless set to 755. This is true *even if the script instructions say otherwise*, and is a significant security enhancement for scripts running on a shared server.

You didn't indicate whether the "files" you were setting to 666 were datafiles, scripts, or what - but either way, you should not need to set anything (including directories!) to 666 for it to run successfully on DH. Setting them to 755 allows them to be "writeable" under suexec by the script, which is running as "you".

Try setting them to 755, and see if that solves your problem. Otherwise, please provide additional information about the scripts in question (url, code, etc.) so we can look at it further.

--rlparker

Thanks. I've given that a try but unfortunately it still isn't working :(

I am using a plugboard script and one of the files I am attempting to chmod is: http://exposure.somber-resplendence.net/80x15buttonboard/plug.db.php located in this directory - http://exposure.somber-resplendence.net/80x15buttonboard

This is the script by the way:

<html>
<head>
</head>
<body bgcolor="ffffff">

<?
//#########################
//SETTINGS
//#########################
$font = "tahoma"; //Font used to display plugs.
$fontsize = "1"; //Font size used to display plugs.
$fontcolor = "000000"; //Font color used to display plugs.
$bgcolor = "ffffff"; //Background color.
$bordercolor = "000000"; //Bordercolor of the input boxes and button.
$tablewidth = "370"; //Width of the plugboard's table.
$maxdata = "15"; //Maximum plugs to show on the list at one time -1 (If you want it to display 5 buttons but 4 here).
$maxchars = "300"; //Maximum number of characters a person is allowed to use for their button url.
$blocked = Array('http://halohosting.net/'); // These URLS are not allowed.
//##############################################################################
//SETTINGS END. DO NOT EDIT BELOW THIS LINE UNLESS YOU HAVE PHP SKILLS!
//##############################################################################
if($action == "plug")
{
//SAVE PLUG
if ($url == "" || $url == "http://" || $sitename == "sitename" || $sitename == ""){die("<font face=$font><center>Error: one of the fields you submitted are invalid, please hit your back button and try again</center>");}
if(in_array($url, $blocked))
{die("<font face=$font><center>Domain not allowed.</center>");}
$savefile = "plug.db.php";
if (!file_exists($savefile))
{
$newfile = fopen($savefile,"w ");
fclose($newfile);
}
$ip = gethostbyname($REMOTE_ADDR);
$url = htmlentities(strip_tags($url));
$url = str_replace(array("r", "n"), '', $url);
$sitename = htmlentities(strip_tags($sitename));
$sitename = str_replace(array("r", "n"), '', $sitename);
$lines = file("$savefile");
$add = "<?die ('Access unempowered')?>|$url|$sitename|$ip|";
$openfile = fopen("$savefile","w");
fwrite($openfile, "$addn");
for ($i = 0; $i < $maxdata; $i )
{
@fwrite($openfile, "$lines[$i]");
}
fclose($openfile);
echo "<script language="JavaScript">window.location='http://exposure.somber-resplendence.net/80x15buttonboard/plug.php'</script>";
}
else
{
//SHOW PLUGS
echo
<<<HTML
<table width=$tablewidth cellspacing=0 cellpadding=0 style="border: none #$bordercolor; background-color: #$bgcolor;" >
<form method='post' action='http://exposure.somber-resplendence.net/80x15buttonboard/plug.php?action=plug' name='plug'><td>
HTML;
$openfile = file("plug.db.php");
$total = count($openfile);
for ($i=0; $i<$total; $i ):
list($UNEMPOWERED,$url,$sitename,$ip) = explode('|',chop($openfile[$i]));
$url = str_replace("http://","",$url);
$sitename = str_replace("=","",$sitename);
echo "<a href=http://$url target=_new title=$url><img src=$sitename border=0 width=80 height=15></a>n";
endfor;
echo <<<HTML
<BR><center><input maxlength='$maxchars' value='Button' type='text' name='sitename' size='20' style='font-family: $font; color: #$fontcolor; font-size: 7pt; background-color: #efefef; font-weight: none; border: 1px solid #$bordercolor'>
<input value='http://' type='text' name='url' size='20' style='font-family: $font; color: #$fontcolor; font-size: 7pt; background-color: #efefef; font-weight: none; border: 1px solid #$bordercolor'>
<input type='submit' size='30' value='plug' style='background-color: #efefef; font-family: $font; color: #$fontcolor; font-size: 7pt; border: 1px solid #$bordercolor'></center></td></form><tr></tr>
<td align="center" style="border-top: 1px solid #$bordercolor"></td></table>
HTML;
}
?>


</body>
</html>


Edited by Natasha on 09/26/06 09:42 AM (server time).

Natsha,

From a quick "first look" at the code, I can see several issues that might be a problem (though I don't think the fix is chmod related). Can you post the error message(s) you are getting, and indicate what version of PHP your site is set up to use?

--rlparker

There are unfortunately no error messages, it just doesn't write to the file. It's as if it was never chmodded at all :( I believe it is set up to use 5.1.2 though.

Edited by Natasha on 09/26/06 10:36 AM (server time).

I see. And what version of PHP are you running (it's improtant as it relates to how certian variables are passed)?

--rlparker

I believe it is set up to 5.1.2.

Thank you so much for helping me, even if we don't get this resolved I really really appreciate it. I'm going mad trying to get this fixed :(

No problem. Have you tried "temporarily" resetting your domain to use 4.42 and see if it works? It is a very easy thing to do from the Control Panel-> Manage Domains-> Edit (far right side of the screen on each domain line.)

I'm still looking at the code, but I think the way the variables are built may not be PHP5 compliant - (I suspect it is not writing to the file as it has "borked" the filename within the code, but I'm still looking)
--rlparker

Okay, I'll give that a try :) I'm waiting for the changes in the subdomain to take effect now, I hope it works :)

Good deal; let me know how that goes. In the meantime, do you have a link to the "buttonboard" script you are using (if it is opensource, I'd like to look at the whole package in hopes of deciphering better how it is working)

--rlparker

There's a newer version of it available http://plugboard.org/download.php. I installed the newest one but it isn't working either :( I can upload a zip file of the older version but most of the script is contained within the post I made earlier, there's only a page that displays the plugs and the plug database (plug.db.php) in addition to that :)

Thanks again so much :)

Edited by Natasha on 09/26/06 11:04 AM (server time).

SUCCESS!!! Thank you so much! :D

Just from a quick glance at the posted code... and not sure if it's your actual/only problem or not, but the for() loops appear to be infinite, since they lack ++ after the last $i's. Other notes:

$savefile = "plug.db.php";
if (!file_exists($savefile))
{
$newfile = fopen($savefile,"w ");
fclose($newfile);
}

That part seemed unnecessary. The script can just check to see if it exists if it only needs to read from it, or create it automatically when it comes time to write to it.

In any case, it probably wouldn't hurt to remove that space and change "w " to "w".

The inconsistent quoting of variables also seems sloppy. While not a problem by itself, sloppiness in coding often ends up equalling a security hole for end users.


fwrite($openfile, "$addn");
for ($i = 0; $i < $maxdata; $i )
[/pre]

I'm guessing that last $i should be $i++, if you're trying to walk through an array...

{
@fwrite($openfile, "$lines[$i]");

... otherwise, that part would probably just keep printing $line[0] forever.

Not to mention, is all of that work, just to append one line to an existing file? If so, I don't see why it's assigning its own contents to a new variable, adding one line, then completely rewriting everything to itself.

I'd have a look at fopen() on the PHP site and decide if r+, a, or a+ would be better than the w flag as it's being used.

There are also other for() loops in the code that look to be infinite. See this page for more info on for() loops.

yea, it looks a little wonky to me too , thouigh I don't think it is something that I'm that interested in re-writing. The original poster got it to run under PHP4 (variables/scope issues I'm sure), so, since she is happy, I'm just gonna let further investigation of this one alone for now

--rlparker

Good deal! I'm glad you got it sorted out.

--rlparker