I am on a personal project of creating a web-based ide, or lets say, just a text-editor, and the app would allow users to register and start their own javascript project.
The backend language that would write the files is php.
Questions.
How do I safely write user-input files into server, having a fwrite would mean that I can write everything on the server, and would definitely be a major security issue.
If.
I wonder if I could implement dvcs (distributed version control), e.g. git (heroku, github), service and ask php to git push the files to the repository, would that save me from the issue?
If I just store his codes, the file type, and the content to a database, would that make sense?
Related
I have read several posts on this site that ask similar questions but the key difference is they involve a client and a server. For my use, this is not the case. I am simply pasting a file directory on my computer into my browser in order to view a local HTML file, packed with CSS and some jQuery.
I've been looking around and the answers I've found are "No; a client can not write to a server", and "No; a server can not write to a client". But there is no answer to "can a client write to a client with JavaScript?"
Use case:
I'm building a webapp (website? JS app?) as a college project for a stock management tool that will be locally hosted and never connect to the internet. Sure, I could knock one together in python in a couple hours, but I wouldn't learn anything. I need to create an access a txt file containing an array of the current stock of all the items so that when the application is loaded, the user doesn't have to manually enter anything but the changes to stock levels.
Honestly, I'm a beginner at JS and JQ and I'm only going off of what makes sense based on a mix of HTML and Python that I know.
Maybe PHP would be the better option for this particular option, or maybe JS will work well enough.
You still won't be doing client-to-client, your browser will just act as though the local file system is the server using the file:// protocol which means the same rules about a "client" (the browser) cannot write to a "server" (your local file system) apply.
If you wan't to be able to write an application that can interface directly with the filesystem, then look into something like Electron which is essentially an augmented website that gives you APIs to interact with the actual computer the app is being run on, including filesystem stuff.
I'm currently working on a web project(js, html, php with no frameworks) using AWS technology, including AWS version control. I work locally with Xampp and when I push my code to the master branch there is a trigger that deploys the code to the Production environment.
My main problem now is that I need to manually change the development-production urls or use a html tag and relative URLs, and it's a mess.. When working on development my url is something like: "192.168.64.2/web" and when production it's "myweburl.com". So I need something that checks out my actual URL and change all those over the project. Something like a global variable with the URL to use.
I've read about using "dotenv" and "dotenv-webpack" for environment manage, but I do need to install it on the server, as well as nodejs, and configure .gitignore, and I expect an easier solution. I would like to avoid nodejs. I've searched about my question all around internet but I just find ways that do not convince me, but if this question is repeated just redirect me there.
Is there any secure approach just using javascript, php or a config file?
The objective is having something that depending on my URL (DEV, TEST, PROD) changes all the URLs of my project, and protect the other environment URLs from being seen.
Thank you
I'm working on a Quizz with Html/JS on Github and which will be dedicated to my comrades.
I would like to be able to read everyone’s answers so I thought about creating a text or csv file with their answers that would be saved in a specific directory of the github project.
But I’m a beginner and I don’t know if that’s possible, i’ve seen tracks that use PHP or NodeJs with FileSaver.js, but I haven’t managed any of them because i would like it to be automatic, not to ask the user to download his answers.
If some people knwo how to do it or explain me why it’s impossible and how to do it otherwise it’ll be cool.
Thanks ! ;)
Unless you want to make every person using the quiz a contributor to your Github project (which will require that they sign up for Github accounts and tell you their account name so you can manually grant them permission) and then use the API to read the CSV file, modify it, then commit the change (and resolve any merge conflicts caused by race conditions): This is not possible (and if you are willing to do that, then it is among the most complex approach that you could take).
If you want to store and aggregate data submitted by visitors to a website then write some server-side code (using whatever language and frameworks you like, PHP and Node.js are both options) and use a web hosting service designed to support them. Github Pages is designed only for static pages and doesn't support any form of server-side programming.
Once you store the data in a file, just use git commands to commit and push it.
I am trying to build a simple application for managing a database (most likely sqlite) of members of a society. The resulting app needs to be useable on windows and OSX and ideally be packaged as a single file.
My plan was to use a single HTML file that embeds all the javascript needed within the same file, which would be stored on the user's computer. The user could then simply double-click and open the page in their favourite browser, where the JS would be executed to handle the user interactions with the database and so on. On first running the sqlite database would be created on the user's machine which would persist the data and could also be backed up as needed.
My question is, how can I go about creating and modifying the database file from within the browser? Traditionally this has been a big no-no (for obvious security reasons) but looking into things like app.js and others I feel like there might be another option for achieving this simply. An option might be to have a "save/load" dialog if nothing else. The key factor is to avoid having the user install any extra dependencies like node.js etc, as this is a very simple tool.
You can create html and js desktop applications with AIR or XUL. AIR needs the AIR runtime and will be one file to install your application and XUL needs either xulrunner or Firefox to start it. You can deliver XUL applications as a zip file and run them with firefox --app application.ini.
There may be more options out there
Html5 supports both key/value and sqlite type persistence out of the box. Depending on your needs you may be to use either or both. They are mostly portable among most browsers now.
I am developing a web application that will manage directories and files through its web interface.
Developing a web interface is one part, and it is in advanced progress. However, I start thinking, how should I develop the server application, that will manage the files and directories based on user input.
The client will be created using standard tools:
HTML5
CSS3
JavaScript
PHP - Despite it is server side application, it will be responsible mostly for Dynamic Websites
MySQL - Despite it is server side application, it will be responsible mostly for keeping information about users, their settings, etc..
Would you advise me please, what would be a server-side programming language of choice to manage server-side file system? Is there any API available, that will allow me to do exactly what I wish? Is it possible to manage the server-side file system in server-side JavaScript, or should I chose another tool? Server-side JavaScript comes to my mind as a logical chocie, as I use it for the client side as well.
This is what I wish to achieve:
To create new directories and files
To delete directories and files
To track the directory and file size
To move files between directories
To provide content of the directories and subdirectories
Ideally, the solution should be platform independent and should work on both, Linux Ubuntu and Windows Server OS.
I understand that my question is a bit broad. I would be thankful, if you point me to the right direction, which technologies to start studying, to be able to accomplish the above mentioned.
Thank you.
You already have a very capable serverside language in your list. PHP.
PHP can do all of the things you listed above... and a few you didn't list as well :)
To create new directories and files
New files can be created with the touch() function, and new directories with the [mkdir()](http://php.net/manual/en/function.mkdir.php function.
To delete directories and files
Deletion is done with rmdir() and unlink().
To track the directory and file size
File sizes can be monitored using the filesize() function. Couldn't find a native folder size function but this Stack Overflow post may be useful - https://stackoverflow.com/a/478161/558021
To move files between directories
Moving files and directories can be accomplished by using the rename() function.
To provide content of the directories and subdirectories
One of the functions PHP gives us to scan folders is called glob() it glob - it allows you to find pathnames matching a pattern, so if you give it a wildcard character * it will find all the files in a certain location.