I have a check file located in a cgi-bin/data directory.
The reason it is located there is that I want it to be "out of reach" for website hacking in the htdocs tree.
This file is used to limit the number of times a user is allowed to download certain files from the site.
They get a download code from us in order to download a file and there is a form into which they enter this code. The PHP script handling the download request verifies the entered code and username against a file with valid codes, which we update through our internal system, and if ok it sends the target file as the response to the submit. This file is read from cgi-bin/data.
The way to limit the number of downloads I try to use is to have a second code file in the same dir where for each successful request the PHP script writes the code (appending) to the file.
And this file is checked at the beginning of the request for the supplied code. If it exists then the download is denied.
I have verified that all PHP functions work as expected except for one and this is the function that writes the used code to the file. I get no errors but the file is simply not updated.
Here is the function I use:
$ret = FALSE;
if ($fh = @fopen($usedcodes, 'a'))
fwrite($fp, $code . PHP_EOL);
$ret = TRUE;
$usedcodes is defined at the top of the script as:
$usedcodes = $_SERVER["DOCUMENT_ROOT"] . "/../cgi-bin/data/usedeidcodes.txt";
The reading from this file in order to verify against double use works fine (I have manually entered codes there), but the SaveUsedCode seems not to be able to write anything to the file even though I have set permissions to 777 on it.