8

How do I make script delete itself after it'll finish its work?

edit:

It's for my installation script, I want it to delete itself for security reasons (so attacker won't be able to overwrite existing site).

I forgot to mention that it has its 'includes' directory that i would like to be deleted too... Could someone add how to also delete this dir? Includes directory is subdirectory of the same folder where install script is located.

Phil
  • 3,628
  • 8
  • 34
  • 36
  • 6
    In Unix Like systems you could remove the file from itself, since basically the remove just unlink the file inode from the directory, when the program stops executing then the last unlink (the program itself) is removed and the inode does not have any more links (so is deleted). In windows like operating systems you could not this, since the remove checks if there are other programs accessing it (which it will) and it could not be deleted unless you have an external thread which will be triggered by the calling program. – Freddy Aug 01 '09 at 15:07

4 Answers4

12

You can use unlink to remove a file, and __FILE__ to get the full path to the current file :

unlink(__FILE__);

As a "proof" :

squale@shark:~/developpement/tests/temp
$ ll | grep 'remove-myself.php'
-rw-r--r-- 1 squale   squale      25 2009-08-01 17:01 remove-myself.php

=> The file exists

squale@shark:~/developpement/tests/temp
$ cat remove-myself.php
<?php

unlink(__FILE__);

=> It contains the code I gave

squale@shark:~/developpement/tests/temp
$ php ./remove-myself.php

=> I launch the script

squale@shark:~/developpement/tests/temp
$ ll | grep 'remove-myself.php'

=> It doesn't exist anymore


For this to work, you'll have to be sure you have the required privilegies... this means the user trying to delete the file needs to have right-access on the directory containing it.

When you are in command line, it's generally OK ; but if you are trying to do this via Apache, you will need to give Apache write-access to that directory/file -- Apache doesn't generally have that kind of privilege by default (not secure, and generally not needed)


Not sure it'd be possible on windows, though... It works on Linux, but Windows might kinda "lock" the file when it's being executed...

Pascal MARTIN
  • 395,085
  • 80
  • 655
  • 663
  • Great, I'll test it. I'm on linux and i have to say i'm avoiding windows servers so don't worry about windows :) – Phil Aug 01 '09 at 16:20
4

Try unlink. The webserver user will need write permissions for the directory/script.

Glass Robot
  • 2,438
  • 19
  • 11
4

Side note to other answers:

I would recommend renaming the file, or putting an exit statement in the beginning of the file, removing is IMHO not a good option. The user might want to read your installation script or re-run it. Maybe this could be a better solution:

$contents = file_get_contents(__FILE__);
file_put_contents(__FILE__,
    "<?php # Remove this line and the next line to re-configure the application
    die('The application has already been configured.'); ?>\n" . $contents
);

You could as well rename it to something the web server won't pass to clients, or even better, move it somewhere the web server does not have any access to, or even both:

rename(__FILE__, '/tmp/' . basename(__FILE__) . '.bak');

Don't forget to mention the place the installation script has been moved to in the installation script, though ...

About deleting directories: This is done with rmdir(), the directory must be empty, though. Moving folders is the same as with files, the function is called rename().

soulmerge
  • 73,842
  • 19
  • 118
  • 155
1

unlink($_SERVER['SCRIPT_FILENAME']);
or
unlink(__FILE__);

Tyler Carter
  • 60,743
  • 20
  • 130
  • 150