Storing "views" in php or the database?

[eluser]garymardell[/eluser]
Should i be writing to the views folder itself (if they will be included dynamically) or just to a cache folder in the root or something?

[eluser]TheFuzzy0ne[/eluser]
If it was me, create some kind of file lock, which the loader can check for. If the file is locked, then the loader's view method can sleep for a tenth of a second, and repeat the process until the file lock is removed. Potentially, it will slow down anyone who happens to be accessing that view, but it should be a fairly safe process, so long as the file lock is removed. If the server happens to crash before the file lock is removed, you might have a problem, but it's quite unlikely.

[eluser]Johan André[/eluser]
[quote author="garymardell" date="1246487614"]Should i be writing to the views folder itself (if they will be included dynamically) or just to a cache folder in the root or something?[/quote]

I would have written the files to the views-folder directly since thats the most logical place for them (regardless if they are dynamically changed by backend users or not).

[eluser]Jondolar[/eluser]
You do open up a "can of worms" if you plan on writing to a file from PHP. You must make your directory world writable ( or writable to whatever user apache is running under) and your files must be set to 777 as well. If your script is run on a shared host then other website owners on that server might be able to copy files into your directory or change content of your files.

You can read/write a php "file" to a database and still have the variables (or any php code) executed by using the eval() function. You must be very careful when using the eval() function if your script code is coming from untrusted users but you'd have the same problem if you stored files to disk anyway.

Good luck with your project.

[eluser]jedd[/eluser]
[quote author="Jondolar" date="1246503943"] You must make your directory world writable ( or writable to whatever user apache is running under) [/quote]

These are substantially different things, and to clarify - you do not need to make a directory world-writable in order to open a file for writing.

and your files must be set to 777 as well.

This is not the case.

If your script is run on a shared host then other website owners on that server might be able to copy files into your directory or change content of your files.

If this is the case, then you definitely need to get better hosting.

[eluser]kalebheitzman[/eluser]

Code:

case 'templates':
                        $this->load->helper('file');

                        $this->template = $this->input->post('template');
                        $this->type = $this->input->post('type');
                        $this->value = $this->input->post('value');
                        $this->post_date = $this->input->post('post_date');
                        $this->post_revision = $this->input->post('post_revision');

                        $this->db->insert('textigniter_templates', $this);
                        write_file('./system/application/views/textg/templates_'.$this->input->post('type').'_'.$this->input->post('template').'.php');


                        break;

So this is the code I've been working with the last week. You can see that I load the file helper (database and form helper have been autoloaded). This switch writes the data to a database as well as writes the file to the views folder. This works great, integrates into a dashboard for the CMS I am creating (dashboard displays the last three revised templates based on post_revision). The pitfall is being able to edit the php file via an outside editor and the edits take effect in the database. I could code some logic that compares timestamps and write the file to the database after externally editing it but that's too messy. After reading the posts I am in favor of not storing the template in the database but only using the database to store relevant info on the file (creation date, revision date, type of template it is and etc.)

[eluser]Jondolar[/eluser]
[quote author="jedd" date="1246511219"][quote author="Jondolar" date="1246503943"] You must make your directory world writable ( or writable to whatever user apache is running under) [/quote]

These are substantially different things, and to clarify - you do not need to make a directory world-writable in order to open a file for writing.

and your files must be set to 777 as well.

This is not the case.

If your script is run on a shared host then other website owners on that server might be able to copy files into your directory or change content of your files.

If this is the case, then you definitely need to get better hosting.[/quote]

Jedd, your directory must be set to 777 if you want to create new files, as the op stated.

On many, if not most hosts you must set your files to 777 to make them writable. It really depends on the host and how apache is set up. Most hosts make your account as the user and your account as the group. Since apache runs under some other account, the other group must be set to 7 to allow for the file to be written. Hosts that are running SUPHP or PHP as a CGI don't have that requirement but I don't believe that is the majority of the hosts.

Also, many, if not most hosts are set up exactly the way I described. There are great hosts still set up this way. It might be helpful for you to explain to us what host to get and how to set up the files and directories on that host to accomplish what the op wants to do.

I have sold thousands of scripts that work exactly as the op is asking and I have set up hundreds of domains with my script and I can tell you from experience that most hosts are set up to require the directory to be set to 777 to create files and the files to be set to 777 to write to them after they are created.

[eluser]kalebheitzman[/eluser]
If anyone is interested, this is my code solution

This is my create operation:

Code:

case 'templates':
                        $this->load->helper('file');

                        $this->template = $this->input->post('template');
                        $this->type = $this->input->post('type');
                        $this->post_date = $this->input->post('post_date');
                        $this->post_revision = $this->input->post('post_revision');

                        $this->db->insert('textigniter_templates', $this);
                        write_file('./system/application/views/textg/templates_'.$this->input->post('type').'_'.$this->input->post('template').'.php', $this->input->post('value')$


                        break;

This is my read operation:

Code:

case 'templates':
                        if ($section == '')
                        {
                              $query = $this->db->order_by('template','desc')->get('textigniter_templates', $num, $offset);
                        } else {
                              $query = $this->db->order_by('template','desc')->get_where('textigniter_templates',array('id' => $this->uri->segment($section)),$num,$offset);
                        }

                        $query = $query->result();
                        $query['0']->value = read_file('./system/application/views/textg/templates_'.$query['0']->type.'_'.$query['0']->template.'.php');

                        return $query;

                        break;

And this is my update operation:

Code:

case 'templates':
                        $this->load->helper('file');
                        $this->template = $this->input->post('template');
                        $this->type = $this->input->post('type');
                        $this->post_revision = $this->input->post('post_revision');

                        $this->db->where('id',$this->input->post('id'))->update('textigniter_templates', $this);
                        write_file('./system/application/views/textg/templates_'.$this->input->post('type').'_'.$this->input->post('template').'.php', $this->input->post('value')$

                        break;

[eluser]jedd[/eluser]
[quote author="Jondolar" date="1246527391"][quote author="jedd" date="1246511219"][quote author="Jondolar" date="1246503943"] You must make your directory world writable ( or writable to whatever user apache is running under) [/quote]

These are substantially different things, and to clarify - you do not need to make a directory world-writable in order to open a file for writing.
[/quote]

Jedd, your directory must be set to 777 if you want to create new files, as the op stated.[/quote]

I can't find where the op asserted this.

I stand by my original claim (above) but if you prefer I'll suffix the previously assumed qualifier: '... if you are on a non-broken system.'

On many, if not most hosts you must set your files to 777 to make them writable.

Your poor experience at choosing SP's aside, this is still not true - even though you have said it twice.

If you want to make a file writable, it's the w (or 2nd) bit. World-writable for a file would be 666 (rw-rw-rw-). Setting the 1-bit (x) is augmenting an already questionable security policy, as it opens you up to yet further exploits.

Aside: if you are intending to continue using these kinds of hosting providers, you should consider the sticky bit for your directories - it will give you a slight improvement in security (though it's very much in the category of deck-chair rearrangement).

Hosts that are running SUPHP or PHP as a CGI don't have that requirement but I don't believe that is the majority of the hosts.

suphp (and variants) are but one way of achieving a secure hosting environment. Even a cheap, nasty and age-old fakeroot approach resolves this problem - and I remember buying one of these for about $30/year ten years ago - and they were Australian dollars!

I can't believe that in 2009 anyone would consider a hosting environment that was so poorly managed that it let any other client modify your files (and look at your source, and consequently look at your database contents).

Virtualisation is very cheap these days - and not solely in terms of cash (though of course it's free in that sense too) but in terms of resources (CPU/memory/disk) and management software to wrap around it.

I'd suggest that if you are stuck on a host that doesn't understand, let alone respect your information security, that you spend the extra dollar and get one of those $2/month services that are run by people who do.