Reputation: 52
Interacting with a file in PHP causes second interaction to just not happen
This is probably going to have a simple answer, but here is my problem. I am currently writing a weak permissions filesystem, I want the user to not have to do any authentication checks if the given file is empty (this is the $filedir variable). I can successfully check if this file is empty, however, if I try to read anything else (shown by file_get_contents(data.data)), it just simply will not work. There are no errors, but the condition will always evaluate as true. I have been stuck on this forever, and I'm still new to PHP, so hopefully, someone can help me out here!
Thank you in advance! Karl
<?php
$filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is/' . $_SESSION['user_name'] . '/a' . '/' . $_POST['dataName'];
if ($_POST['c'] == "true") {
$filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is/a' . '/' . $_POST['dataName'];
}elseif ($_POST['c'] == "") {
// code...
}else {
$filedir = substr(getcwd(), 0, strpos(getcwd(), "this")).'this/is' . '/' . $_POST['c'] . '/a' . '/' . $_POST['dataName'];
}
**//THIS IS THE FIRST CONDITION THAT, WHEN IMPLEMENTED, CAUSES THE SECOND CONDITION TO ALWAYS EVALUATE TO TRUE FOR SOME REASON**
$pass = false;
if (readfile($filedir) == 0) {
$pass = true;
echo "check";
}else {
echo "pass";
}
if ($_POST['auth'] == "1") {
$prev = getcwd();
chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/adir');
$cue = file_get_contents("data.data");
// throw new \Exception("Incorrect auth token", 1);
if ($_POST['token'] == $cue) {
$_SESSION['apiauth'] == $_POST['token'];
}elseif (file_get_contents($filedir) == '') {
$_SESSION['apiauth'] == '';
}else {
throw new \Exception("Incorrect auth token", 1);
}
chdir($prev);
}elseif ($_POST['permissions'] == true) {
addLog($fn,'Permissions were changed', 'DATABASE-PERMISSIONS', null, null, 'Target: '. $_POST['dataName'] . 'Change: {Type: '.$_POST['type'].', Usertype: '.$_POST['user'].', Name: '.$_POST['name']);
if ($_POST['revoke'] == true && ($_POST['user'] != 'u' || ($_POST['user'] == 'e' || $_POST['user'] == 'a' || $_POST['user'] == 'm' || $_POST['user'] == null))) {
throw new \Exception("Cannot revoke access without proper format", 1);
}
$prev = getcwd();
chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/adir');
$cue = file_get_contents("data.data");
**//BELOW THIS IS THE SECOND CONDITION THAT FAILS IF THE FIRST CONDITION IS IMPLEMENTED, AND WORKS FINE IF ITS LEFT OUT**
if ($cue === $_POST['token'] || $cue === $_SESSION['apiauth'] || $pass) {
if ($_POST['type'] == 'r') {
chdir(substr(getcwd(), 0, strpos(getcwd(), "this")) . 'this/is/a/dir/path');
if ($_POST['user'] == 'e' || $_POST['user'] == 'a' || $_POST['user'] == 'm') {
$cue = fopen($_POST['dataName'].".data", "w");
fwrite($cue, '**'.$_POST['user'].'**');
fclose($cue);
}elseif ($_POST['user'] == 'u') {
$d = file_get_contents($_POST['dataName'].".secure");
if ($d == '**a**' || $d == '**e**' || $d == '**m**') {
$cue = fopen($_POST['dataName'].".data", "w");
fwrite($cue, '');
fclose($cue);
}
if ($_POST['revoke'] == true) {
$writein = str_replace($_POST['name']."||","",file_get_contents($_POST['dataName'].".secure"));
$cue = fopen($_POST['dataName'].".data", "w");
fwrite($cue, $writein);
fclose($cue);
}else {
if (strpos(file_get_contents($_POST['dataName'].".secure"), $_POST['name']) !== false) {
// throw new \Exception("User already exists in permission slot", 1);
}else{
$cue = fopen($_POST['dataName'].".data", "a");
fwrite($cue, $_POST['name'].'||');
fclose($cue);
}
}
}else {
throw new \Exception("Invalid parameter.", 1);
}
}
}else {
addLog($fn,'Permission changed was blocked due to incorrect token', 'DATABASE-PERMISSIONS', 'danger', null, 'Target: '. $_POST['dataName'] . 'Change: {Type: '.$_POST['type'].', Usertype: '.$_POST['user'].', Name: '.$_POST['name']);
throw new \Exception("Incorrect auth token", 1);
}
chdir($prev);
}
?>
Upvotes: 0
Views: 26
Answers (1)
Reputation: 1328
From the manual
Returns the number of bytes read from the file. If an error occurs, FALSE is returned and unless the function was called as @readfile(), an error message is printed.
You make a weak comparison on this line
if (readfile($filedir) == 0) {
}
If the call fails false == 0 will evaluate to true, because the int value will evaluate to false. false == false is true. So use strict comparison operator === and try to figure out why the call fails anyway.
if (readfile($filedir) === 0) {
}
or use, if intended if the call succeded, and returned anything (but also 0)
if (readfile($filedir) !== false) {
}
Upvotes: 1
Related Questions
- File is being overwritten in some scenarios
- concurrent file read/write
- PHP and concurrent file access
- file_exists returns false between file_put_content (or fwrite) and unlink in second execution
- file_put_contents appending data on a file being written by another process
- Why would file_put_contents() succeed but touch() fail?
- PHP Simultaneous File Writes
- Writing to same file at the very same time
- PHP simultaneous file access
- Simultaneous File Access