Creating a subfolder in directory based off of Username then inserting a CSV file in that username-subfolder created

Question

I have the php working for when a user registers his user name and password it takes the user name and his/her password and inserts it into the users.txt file. I also got it to work to create a subfolder with that users name within the general users folder. What i want it to do is to create a books.csv file and put that into the subfolder that was just created after the users name.

This is what i have so far that i have i tried but it does not work:

<?php 

// Identify the directory and file to use:
$dir = 'C:/xampp/htdocs/users/';
$file = $dir . 'users.txt';



if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.

    $problem = FALSE; // No problems so far.

    // Check for each value...
    if (empty($_POST['username'])) {
        $problem = TRUE;
        print '<p class="error">Please enter a username!</p>';
    }   

    if (empty($_POST['password1'])) {
        $problem = TRUE;
        print '<p class="error">Please enter a password!</p>';
    }

    if ($_POST['password1'] != $_POST['password2']) {
        $problem = TRUE;
        print '<p class="error">Your password did not match your confirmed password!</p>';
    } 

    if (!$problem) { // If there weren't any problems...

        if (is_writable($file)) { // Open the file.

            // Create the data to be written:
            $subdir = $_POST['username']; // folder to be created after the user name 
            $data = $_POST['username'] . "\t" . sha1(trim($_POST['password1'])) . "\t" . $subdir . PHP_EOL; // data is users name encrypted password

            // Write the data:
            file_put_contents($file, $data, FILE_APPEND | LOCK_EX);

            // Create the directory:

            mkdir ($dir . $subdir); // making a directory within a directory of folder name of user name

Everything works great here. A user registers with a user name, this then creates a folder within the users folder like

C:/xampp/htdocs/users/username

Now, what i want this code to do is to after making that subfolder of that users name to insert a .csv file into that new username sub folder so the end result will look like this

C:/xampp/htdocs/users/username/books.csv

I tried using this:

$filename = 'books.csv';
file_put_contents($dir . $subdir . PATH_SEPARATOR . $filename);

and what this does is generate a .csv file called usernamebooks.csv so it looks like this

C:/xampp/htdocs/users/usernamebooks.csv

Example. I register myself and this happens:

C:/xampp/htdocs/users/Proximus/ <-- thats new folder created (great)

when i use the file_put_contents it just does this

C:/xampp/htdocs/users/Proximusbooks.csv it creates a .csv called "proximusbooks" in the users folder. I want a "books.csv" to be inserted within the proximus folder so it looks like this:

C:/xampp/htdocs/users/proximus/books.csv

I also tried:

$filename = $dir . $subdir . 'boosk.csv';
$fd = fopen($filename, "w+");
fputs($fd, $fielname);
fclose($fd);

That just created a folder but did nothing with the .csv insertion.

`PATH_SEPARATOR` is a semicolon `;` maybe you meant to use `DIRECTORY_SEPARATOR` instead? Check the [man page](http://php.net/manual/en/dir.constants.php) — IsThisJavascript, Apr 23 '18 at 12:58
Is there a reason why you aren't using a database for this? Specially since you seem to be saving the users credentials in a text file, accessible for anyone to fetch? Btw, `sha1()` is _not_ a good function to create passwords hash with. It's old and fast, which means that it's not hard to brute force it. You're also not using a hash, which means that it's easy to run the hashes against a rainbow table. Use PHP's password_hash() and password_verify() instead. — M. Eriksson, Apr 23 '18 at 12:59
If I were you, I would probably also not actually create real folders for the users, but rather use some router and fetch the correct user based on the URL. If you create actual folders, you need to protect your self against [Path Traversal](https://www.owasp.org/index.php/Path_Traversal) — M. Eriksson, Apr 23 '18 at 13:03
@MagnusEriksson this is part of a project, and for now we have to use hash and then later we will use password_verify(). Also, This project it will be doing both (it already does) It will create these folders with .csv files and also create/update a table in mysql. The project requires both. I already have the mysql part down. — Proximus Seraphim Dimitri Davi, Apr 23 '18 at 13:13
_"for now we have to use hash"_ - Sure, but `sha1()` is a _bad_ way to hash passwords. It's insecure. It even says so in the manual _"Warning It is not recommended to use this function to secure passwords, due to the fast nature of this hashing algorithm."_ Why not just use `password_hash()` from the start? I still feel like all this would be both faster an way safer if it was all used using databases. Who tells you that you must do it like this first? That just seems crazy. — M. Eriksson, Apr 23 '18 at 13:17
@MagnusEriksson class assignment. Basically this is a website used for users to upload quotes. I already did it in a way that after the user registers, and uploads a quote, the books.csv file is created wtihin that user subfolder and the quote is inserted in the books.csv file. I asked the teacher about this and he said he wants the books.csv file to be created when the users subfolder is created. I guess this is to learn how to do it all types of ways and not just the database way :(. Trust me i tried arguing about efficiency with the Prof. no avail. — Proximus Seraphim Dimitri Davi, Apr 23 '18 at 13:21
Fair enough. How ever, if it was your professor that told you to hash the password using sha1() and to put the `users.txt` accessible under the htdocs-folder, I would fight to get the professor fired, if I were you. Teaching people bad and insecure habits is... bad! Anyway, regarding your issue, this row: `file_put_contents($dir . $subdir . PATH_SEPARATOR . $filename);` is actually missing the second argument, the data. [Here's the manual](http://php.net/manual/en/function.file-put-contents.php). As you can see, the second argument isn't optional. Check your servers error log. — M. Eriksson, Apr 23 '18 at 13:27
@IsThisJavascript i just used the DIRECTORY_SEPARATOR and i think it worked but gave me this error: Warning: File_put_contents(C:\xampp\htdocs\users\proximus): failed to open stream. Permission denied in C:\xampp\.metadata\.plugins\org.eclips.wst.server.core\tmp\htdocs\Test\register.php I'm assuming this means that the folder created is "read" only? — Proximus Seraphim Dimitri Davi, Apr 23 '18 at 13:28
Could be, but also could be that your webserver user does not have permission to view/edit those folders. — IsThisJavascript, Apr 23 '18 at 13:30
@IsThisJavascript how would i go about changing that so i do not receive this error? — Proximus Seraphim Dimitri Davi, Apr 23 '18 at 13:34
https://stackoverflow.com/questions/9210823/php-iis-failed-to-open-stream-permission-denied — IsThisJavascript, Apr 23 '18 at 13:38

score 0 · Accepted Answer · answered Apr 23 '18 at 17:17

THe solution is as follows:

        $file1 = 'books.csv';
        $filename = $dir . $subdir . DIRECTORY_SEPARATOR . $file1;
        $fd = fopen ($filename, "w+");
        fputs($fd, $filename);
        fclose($fd);

The other way of using

$filename = 'books.csv';
file_put_contents($dir . $subdir . DIRECTORY_SEPARATOR . $filename);

Was giving me permission denies to write into the folder.

Creating a subfolder in directory based off of Username then inserting a CSV file in that username-subfolder created

1 Answers1