-2

Basically, the file.php has variable name $email whose value I have to change. This is how far I have done it and it doesn't seem to work:

function updateFile($email) {

$file = 'file.php';
$content = file_get_contents($file, NULL);
$varname = '$email';
$newvalue = $email;
$content = preg_replace('/('. preg_quote($varname) .'=")[^"]+(")/', 
$varname."=\"".$newvalue."\"", $content);
file_put_contents($file, $content);

}

updateFile("test@gmail.com");
TheNoobster
  • 1
  • 1
  • 8
  • I didn't understand what you are trying to say. Can you apply your fix to my code? So I can see where you are suggesting the change. – TheNoobster Feb 01 '18 at 12:07
  • So you want to replace `$email='some@valu.tld'` to `$email='test@gmail.com'`? If this is true, why do you need to do so? – maxhb Feb 01 '18 at 12:12
  • My API requires it. – TheNoobster Feb 01 '18 at 12:27
  • The fix provided by some guy whose comment vanished. I have tried the $$varname it seems to work but it changes values of other variable names in the file to the email. – TheNoobster Feb 01 '18 at 12:28
  • In my experiance the biggest challenge with this kind of code is to get the regexpression right. Here is a useful online tool, which allows you to test your regexp easily and even generates the php code for it: https://regex101.com/ Once you are sure that your regexpression is correct and the code still doesn't work, than using a php debugger and going throught code line by line will help. – Kağan Kayal Feb 01 '18 at 12:34
  • Seems nice way to debug but complicated for a noob like me. – TheNoobster Feb 01 '18 at 12:39
  • You really, *REALLY* do not want to use self-modifying code - the security issue MikeT has mentioned is just the start of your problems. **DO NOT DO THIS** see also https://stackoverflow.com/questions/14752470/creating-a-config-file-in-php – symcbean Feb 01 '18 at 13:12
  • 1
    I'm voting to close this question as off-topic because the predicate for the question is invalid and the poster is asking how to implement a very dangrous solution. – symcbean Feb 01 '18 at 13:13

1 Answers1

2

the best answer for this is even if you could, you shouldn't, it is a massive security risk to allow remote rewriting of your server files

as for why it is not safe lets say your file.php contains

$email = "defaultValue";

i then used your function to set the email to "; file_put_contents("file.php", ""); $junk = "

afterwards your file.php would read 

$email = ""; file_put_contents("file.php", ""); $junk = "";

then when you ran file.php it would wipe itself

better ways to do the things you are describing are

parameters so in file.phpyou have a function that accepts $email as a parameter and uses that

file inclusion

if you have this code

$email = "blah@foo.bar";
include('file.php');

where "file.php' is

<?php echo $email;?>

will output blah@foo.bar

you could also combine this with a config file

ie

include('config.php');
echo $email;

where "config.php' is

<?php $email = "blah@foo.bar";?>

Session if you set a session variable of Email then you can use that from any file that is on the same session

if(!isset($_SESSION))
{
    session_start();        
}
$email = "defaultValue"
if (array_key_exists("email", $_SESSION)) 
    $email = $_SESSION["email"];

EDIT: to clarify the examples above as you are having trouble conceptualising

send an email via a parameter

lets say you have a PHP file as so

function SendEmail(array $email)
{
    $transport = Swift_SmtpTransport::newInstance();
    $transport->setLocalDomain();


    // Create the message
    $message = Swift_Message::newInstance();

    $message->setTo($email);
    $message->setSubject("This email is sent using Swift Mailer");
    $message->setBody("Test");
    $mailer = Swift_Mailer::newInstance($transport);
    return $mailer->send($message);
}

or using an externally defined variable

$email = "blah@foo.bar";
include('file.php');

where file.php is 

$transport = Swift_SmtpTransport::newInstance();
$transport->setLocalDomain();


// Create the message
$message = Swift_Message::newInstance();

$message->setTo($email);
$message->setSubject("This email is sent using Swift Mailer");
$message->setBody("Test");
$mailer = Swift_Mailer::newInstance($transport);
return $mailer->send($message);

$email = "blah@foo.bar";
include('file.php');

or using a session

function updateEmail($email) {

    if(!isset($_SESSION))
    {
        session_start();        
    }
    $_SESSION["email"] = $email;
}

updateEmail("test@gmail.com");

where file.php is

if(!isset($_SESSION))
{
    session_start();        
}
$email = "defaultValue"
if (array_key_exists("email", $_SESSION)) 
    $email = $_SESSION["email"];

$transport = Swift_SmtpTransport::newInstance();
$transport->setLocalDomain();


// Create the message
$message = Swift_Message::newInstance();

$message->setTo($email);
$message->setSubject("This email is sent using Swift Mailer");
$message->setBody("Test");
$mailer = Swift_Mailer::newInstance($transport);
return $mailer->send($message);

all of the above are safe ways to change a variable in a external code file with out opening your system to hacking

MikeT
  • 5,398
  • 3
  • 27
  • 43
  • I don't want to print the $email nor want to use it. Just want to replace the email value in the file without affecting other variables in the file. – TheNoobster Feb 01 '18 at 12:40
  • printing is just an example of how you can affect the value of a variable in a file with out altering the file – MikeT Feb 01 '18 at 12:42
  • I don't want to do the above way. Can you suggest preg_replace way? I am able to manipulate the email value if I define the exact email value but I don't want that what I want is to change the variable value without knowing the value of it. – TheNoobster Feb 01 '18 at 12:48
  • as i said editing your source PHP files directly is a security risk, your API can not require that functionality, what your API requires is to change the value of the $email variable, of which writing the file is the wrong way to do it and i've provided several ways. – MikeT Feb 01 '18 at 12:58