Edit PHP: Online code and HTML editor

Recommend this page to a friend!
  Info   View files View files (6)   DownloadInstall with Composer Download .zip   Reputation   Support forum (2)   Blog    
Ratings Unique User Downloads Download Rankings
StarStarStar 59%Total: 7,185 All time: 264 This week: 347Down
Version License PHP version Categories
edit-php 1.0.0GNU General Publi...3HTML, Content management
Description Author

This class can be used to let the users edit the contents of files on a Web page.

It can output a form inside a frame to let the user edit the contents of a file on the server side.

The access to the editor page is protected with a password, so the user is prompted to enter the user name and password before he can edit the file.

Picture of Pierre Marceau
Name: Pierre Marceau <contact>
Classes: 7 packages by
Country: Canada Canada
Age: 57
All time rank: 896 in Canada Canada
Week rank: 811 Down15 in Canada Canada Down

This script is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
General Public License for more details. 

This file and the whole EditPHP distribution is copyright
(c) 2000 Pierre Marceau all rights reserved. You may freely
use and redistribute under the terms of the GNU General Public
License as described later in this document. 

by Pierre Marceau 

Enables the developer of PHP scripts to work from a browser.
The current version can be found at http://www.skynet.ca/~pierre/ 

Got a minute? Fill out my user survey at:

Go to changes section
Go to todo section 

Backup your PHP/HTML directory. 
Copy the distribution files to your web server. 
editphp.inc, contains the editphp class 
editphp.js, contains most of the javascript code 
editphp.css, contains cascading style sheet code 
editphp.php3, instance initialization and user configuration script 
readme.htm, this file 
Initially it would be best to create a new directory on your server and copy the distribution into it. At the same time copy a few of your HTML and PHP files in there. This will let you play without having to worry about losing anything. 
Later you can move the .js, .inc, and .css files to your PHP include directory only editphp.php3 *needs* to be in your html/php3 directory. This is the better way, but more difficult for the new user. 
For Apache ensure user 'nobody' has read/write access to the PHP/HTML files that you plan to edit eg: chown nobody *, this is not an issue with PHP for Win32.
Alternatively, you could try: 
  $ chmod 666 *.php3
  ## To set the rights back to something more secure:
  $ chmod 644 *.php3
Only do this if you are on a private network that is not connected to the internet. You can still try EditPHP without write privileges, it will just report an access denied message when you attempt to save. 
Point your browser at editphp.php3 
Assuming the EditPHP script ran successfully you should now see the empty 'edit buffer window' at the top of which should be some buttons and links. At the top-right of the screen should be a select list of your PHP and HTML files. OK? Good. Lets continue. 
Select a file to edit from the select list. 
Modify the file... 
Go - The go button saves changes to disk, if any, then loads and runs the file, in a new window. Close the new window (ctrl-w) and you should be right back to the edit session, make changes, press go, etc. 
Save - Save changes to disk. 
Delete - Remove file from disk, clear edit buffer. 
Print - OK so 'Print' does not really print, but what it does do is open a _new_, no frames, super clean, window. Now just choose File->Print from the browser tool bar. Note that since the print feature reads the file from disk you should 'Save' any changes to disk before selecting the 'Print' link. 
Reset - Clear all, lose any changes, clear away javascript or other errors. 

Array $mylinks
There are other user configurable links at the bottom see the variable array '$mylinks'. You could make a link to a second copy of editphp.php3 in another directory or even on a remote server, this could facilitate copy and paste between installations. 

Array $myfileextensions
About the select list (top right), see the variable '$myfileextensions' to add or remove file types. This list is always sorted chronologically. After deletions and saves this list can be out of date, if this bothers you just press the 'Reset' link. 

Security & authentication
Other than basic authentication I have paid little attention to security, specifically how to keep unauthorized persons from running this script. I am interested in security holes and fixes to authentication as I have implemented it. 

Set $mustauthenticate=1 to turn on basic authentication. As you can read in the PHP manual, basic authentication only works with MOD PHP (Apache with PHP installed as a module), it does not work with the CGI version of PHP, for example all Windows servers. 

What's wrong with the passwords?
Basic authentication only works with the Apache/MODPHP combination. AFAIK this means UNIX/Apache/MODPHP. Basic authentication does not work with PHP running in CGI mode. All Windows servers and some UNIX servers run PHP in CGI mode, authentication will not work on these servers. Even a Windows server running Apache software must use PHP in CGI mode. 
$must authenticate=1 // Unix servers with Apache/MODPHP
$must authenticate=0 // Windows servers, and all other
                     // PHP CGI implementations

Apache feature to restrict access
You can add a very simple 'directive' to your httpd.conf file to restrict access to EditPHP. 
<Files ~ "^editphp">
  Order Deny,Allow
  Deny from All
  Allow from .fargo.fi
  Allow from

Now Apache will reject everybody except .fargo.fi domain such as pierre.fargo.fi or b2.fargo.fi and the specific IP address 

Note that this denies access to editphp.php3, editphp.inc, editphp.js, etc. This really secures things up nicely. 

It is possible for somebody to disguise themselves to look like they are coming from .fargo.fi (spoofing), nothings perfect. Enable EditPHP authentication and they will need to know the password too. 

EditPHP is very configurable. This configuration is done in the editphp.php3 file. Other changes can be made in the editphp.css file. Of course everything is changeable in the source code, but its better to see what you can do by changing settings in the editphp.php3 file first. 

You should not need to change anything in any of the other files. If you like you can rename editphp.php3 to "anything you like.php3". 

Here is a step by step explanation of how you create an 'editphp.php3' file. 

First, include the editphp class. This class is in the file editphp.inc 

// Start of example editphp.php3 file.

  include ('editphp.inc');

Next, create an instance of the class editphp. 
  $myEditPHPInstance = new editphp;

Now set your options. All the properties have defaults so you could skip this part. 
// Number of characters in
// the edit buffer window width.
// Depending on the font size
// you are using this number
// can vary greatly.

  $myEditPHPInstance->ebwidth = 106;

// Number of lines to display
// in the edit buffer window.
// Again font size matters.

  $myEditPHPInstance->ebheight = 34;

// Select the type of files you would
// like to see in the select list (top
// right)

  $myEditPHPInstance->myfileextensions = "(php3|htm|html|inc|css|js)\$";

// If the $myrestrictedfiles property matches a file
// name then EditPHP will not work with that file.
// The default is "/|^\\."


// Regular expression breakdown:
//   /   ; any occurrence of a / anywhere in a string.
//   |   ; or
//   ^   ; At the beginning of the string
//   \   ; (The escape character, to escape the next escape character)
//   \   ; (The escape character)
//   .   ; In a regular expression . (wildcard) usually means
//         any character. In this case, because . is preceded
//         by an escape character it literally means a . character.
//   So if I translate my regular expression into english:
//   "Restrict any filename that has a / anywhere
//   in it or a . at the beginning of it."
//   This means that EditPHP will not attempt to load, delete
//   or save any file that begins with a . such as .htaccess
//   and any file names that have a '/' will be
//   rejected also. For example:
//      /etc/hosts
//      otherdir/special.htm
//   This should mean that EditPHP will only work with files
//   in it's current directory. Furthermore they must have file
//   extensions that match the $myfileextensions array.
//   These restrictions are really quite cosmetic, since you
//   could modify or create a script in the current directory,
//   that when run, could do any of these things for you.
//   A properly configured server will not let EditPHP or any
//   other PHP script anywhere that it need not be.

To work with files in another directory, place an editphp.php3 file in that directory, and add a link to the bottom right frame More 

  $myEditPHPInstance->mylinks["EditHomepage"] = "http://www.skynet.ca/~pierre/editphp.php3";

// There are three links in the bottom right.
// Home, PHP and About. These are 'hard coded'
// and cannot be changed, unless you change the
// source code of course. However you can add
// more links as follows.

  $myEditPHPInstance->mylinks["Skynet"] = "http://www.skynet.ca/";
  $myEditPHPInstance->mylinks["Hotmail"] = "http://www.hotmail.com/";
  $myEditPHPInstance->mylinks["Lycos"] = "http://www.lycos.com/";

// Even though you are stuck with the link
// names Home and PHP you are not stuck on
// where you go when you click them.
// Like all other default properties (variables)
// they can be reassigned.

  $myEditPHPInstance->mylinks["Home"] = "http://www.humble_abode.com/";
  $myEditPHPInstance->mylinks["PHP"] = "http://fi2.php.net/mailsearch.php3";

// When 'expertmode' is enabled ($expertmode = 1)
// Some dialogs will no longer pop up
// telling you stuff that you already know and
// forcing you to click 'OK' to continue.

  $myEditPHPInstance->expertmode = 1;

// Basic authentication only works with PHP when
// it is running as an Apache module. Basically
// this means it does not work with Windows
// servers.
// Change to 1 to turn on basic authentication (passwords)

  $myEditPHPInstance->must authenticate = 1;

// Your user name and password are initially set to
// pierre and finland (lowercase) and encrypted.
// To change your user name and password click the Password link

  $myEditPHPInstance->$editphpusername="ZaoIXSbARx.YUPZSWa/KhFx2"; // pierre
  $myEditPHPInstance->$editphppassword="oIyBa5BOTlG1cDI7APAOofvY"; // finland

OK, everything is set. First you created an instance, the instance had default values for all of its properties (variables) but you then changed some of them. Now the instance is ready to go. There are many methods (functions) in the instance I have arbitrarily named the top most method 'main'. This will set the instance in motion. 



// End of example editphp.php3 file.

As stated previously you can rename editphp.php3 to anything you like. 

For example: 

// begin kuusamo.php3
  require ('editphp.inc');
  $editphp = new editphp;
  $editphp->myfileextensions = "(php3|class)\$";
  $editphp->must authenticate = 1;
  $editphp->editphppassword = "ZaoIXSbARx.YUPZSWa/KhFx2";
// end kuusamo.php3
// The file  .editphp.php3  will not
// show up in the select pull down
// because EditPHP will not deal with
// any file beginning with a  .  (see $myrestrictedfiles)
// To make this perfectly clear
// normally your url would be:
//        http://www.fargo.fi/sales/editphp.php3
// to hide this file so that it
// does not show up in the list
// of editable files rename it
// to .editphp.php3
//        http://www.fargo.fi/sales/.editphp.php3
// (In case you didn't notice the hidden file begins
//  with a  --> . <-- period. This might be hard to see
//  on some monitors.)
// Begin .editphp.php3
  require ('editphp.inc');
  $youCantSeeMe = new editphp;
// end .editphp.php3

// You can run a default instance.
// begin mydefaulteditphp.php3
  require ('editphp.inc');
  $minimal_config_editphp = new editphp;
// end mydefaulteditphp.php3

// How about . . .
// begin kiss.php3
  require ('editphp.inc');
  $i = new editphp;
// end kiss.php3

The default setup, as described above, is designed to work on monitors set to 800x600. So you will want to play with the following properties to get the optimum real estate for EditPHP on your monitor. Here is an example that works well on my monitor at 1024x768. 

// begin myCrappySamtronMonitor.php3

include ('editphp.inc');
$wOw = new editphp;
$wOw->winwidth = 850;  // Pixels, outside border window width
$wOw->winheight = 550; // Pixels, outside border window height
$wOw->infowidth = 23;  // Percentage, bottom left frame width
$wOw->infoheight = 5;  // Percentage, bottom frame height
$wOw->ebwidth = 103;   // Edit buffer, characters wide
$wOw->ebheight = 29;   // Edit buffer, number of lines

// end myCrappySamtronMonitor.php3

// When playing with these properties you
// should adjust in this order.
// winwidth and height
// infowidth and height
// ebwidth and height
// finally...
// Micro tune the winwidth and height (again)
// by the pixel to come up nice and snug
// against the edit buffer. Because the edit buffer
// is adjusted by line width and character width you
// can't get as 'close a shave' as with the winwidth
// and height that are adjusted by the pixel.
// You may play with the margin settings in the
// editphp.css file for even more control with _some_
// browsers.
// For details about margin settings and other CSS
// features refer to your copy of:
//           HTML - The Complete Reference
//                by Thomas A. Powell
// a truly good book.

OK. So you have screwed around and now you have an editphp.php3 file that you like. You copy it into five other directories and sure enough you decide to make a change to one of them, 'but jeeze do I have to go and change all those copies too?' Of course not, if you do it like this: 
// Create one 'master' editphp.php3 file.
// In the other directories create a 'slave' file like this:
// Begin /home/www/otherdir/editphp.php3 ; this is a slave

  // not like this:
  // include ('editphp.php3');
  // Like this:
  include ('/home/www/maindir/editphp.php3'); or '../maindir/editphp.php3'
  // 1 - You must specify the complete path or the file
  //     may try to include itself!
  // 2 - For this to work the editphp distribution files must be
  //     in your PHP include_path.
  // Create a symbolic link instead? Sure, go ahead, see if I care. :)
  // ln -s /home/www/maindir/editphp.php3 /home/www/otherdir/editphp.php3
  // Question: - Is your web server configured to follow symbolic links?

// End /home/www/otherdir/editphp.php3

Don't Worry!
Only the 'Go', 'Save' and 'Delete' buttons will write changes back to your files. Every other clickable feature is readonly. 

Software versions
EditPHP works fine via HTTP and HTTPS either directly or through the proxy server using both IE and Navigator as the client browser. I do not have SSL for NT so only HTTP has been tested with it. 
Caldera Open Linux 2.2 
Apache 1.3.9 
PHP 3.0.12 
OpenSSL / ModSSL 
Caldera Open Linux 2.2 
Apache 1.3.9 
PHP 4.0b3 
Caldera Open Linux 2.2 
Squid Proxy Server 
Windows 2000 Professional (whatever that means) 
Internet Information Server 
PHP 3.0.14 
Internet Explorer V5.0 
Bugs and known limitations
Certain combinations of platform, webserver, browser and bigger text files can create a situation where EditPHP does not load the complete file. I have only seen this situation with files greater than 25 KB or so. You can easily test to see if your setup is affected. Simply load a big, 40KB, text file (or as big as the biggest files you hope to edit) make a small change and save it. If this is successful then you don't have the problem. 
Sometimes when I try to save or load through a https connection I get an error message from the browser stating that 'an unrecognized command was received' so I click Save again and everything works fine on the second attempt. I think it is an MODSSL / OPENSSL issue but I can't be sure. Are you using an HTTPS connection? Any problems? 
The print feature is escaping some characters such as & and less than and greater than signs, to be fixed soon. 
EditPHP makes use of Javascript, cookies and frames. If these features are not available EditPHP will not work properly. 
You cannot use EditPHP from the text based LYNX browser. 
Disclaimer & Copyright
This script is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.
This script is free software;  you can redistribute  it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of
the License, or (at your option) any later version.
Since PHP comes with the license,  and I am not  in control of
the distribution  of this code,  I will refer  you to the file
COPYING that came with PHP. If you can't find it there, go see
Copyright 2000 Pierre Marceau <pierre.marceau@skynet.ca>

A little bit of theory
About classes, instances, properties,
methods and constructors.
Think of an instance as like a photocopy of a master form. Many of the fields on the master can have default values already filled in, if you like you can scratch out a default and write in something else, its easy to fill in the blanks. Afterwards, when you hand the completed form in it can easily be processed in a standard way. Visualize how structured this approach is compared to, lets say, a police officer giving you a blank piece of paper and saying, write down what happened. Imagine the mayhem back at headquarters with all these 'reports' piled up on a clerks desk, yes, there is a lot of information on that desk, useless information. 
Master form:                  Class
Photocopy of master form:     Instance
Named fields on the form:     Properties
As soon as the  copy comes
out of  the  copy  machine
it is  a  certain  persons
job to look  it over, fill
in the date, the time, the
weather   conditions,  the
cross streets.  All  stuff
that  is  easy  and  quite
matter  of  fact.  We  can
call this person:             Constructor method

The Police officer and
you  and  the clerk at
headquarters can mani-
pulate  the properties
of  the  form  so  you
guys  are:                    Methods

class carAccident {

  var $date;
  var $officerID;
  var $clerksID;

  function carAccident(){ //constructor method, only because
    ...                   //it has the same name as the class.

  function officer{){
   . . .

}// end of class

Here is another theoretical example:

class painter{
  var $BrushSize="big";

  function $roomPainter(){
    paintfast($this->BrushSize,'blue');  // fictitious PHP
  }                                      // function 'paintfast'

$johnny = new painter;
$johnny->BrushSize = "wide";
$johnny->roomPainter();      //should put John to work, you have no
                             //options about color but you can decide
                             //on what size of brush he should use.
                             //Had you not set his brushsize to wide
                             //he would have used the a big one, by

Lets use this same example to look
at what a constructor method is.

class painter{
  var $BrushSize="big";

  function $painter(){ <-- Notice the difference here
    paintfast($this->BrushSize,'blue');  // fictitious PHP
  }                                      // function 'paintfast'

new painter;   // Thats it! 'Somebody' painted it blue with
               // a big brush.

When you instantiate a class PHP looks to see if there is a method within the class that has the same name as the class itself. If so this method is considered the constructor method of this class, and the constructor method is run like 'autoexec.bat' each time an instance is created. Notice I did not name the instance (Where's Johnny?), you only need to name an instance if you are going to need to refer to it's properties and methods. I _could_ have named the instance, $mary = new painter;, with the same result. 'Mary' painted it blue with a big brush. I guess the down side of a constructor method is that I did not get a chance to decide on a brush size, and now that the job is done it's too late. It occurs to me that due to the lack of state in HTTP client/server interaction we can very easily never use, or miss constructor methods. You see: 
  var $brushSize     = "narrow";    // class default at instantiation.
  $this->BrushSize   = "regular";   // method of class can change value for
                                    // this instance progmatically notice
                                    // that 'this' is a crucial concept to
                                    // understand.
  $johnny->BrushSize = "wide";      // Allows 'user' (user of the class) to
                                    // set the value for his instance.

var       Hard coded. A known set value at instantiation. This
          value may be undefined, but it is 'known' to be undefined.

$this->   Hard coded, manipulated by a computer program, so there
          are a finite number of possible values. You had better ask
          Spock if you want to know how many different possibilities,
          given all the variables.

$johnny-> User configurable, per named instance.

Change log
EditPHP Changes Log

V0.21 released Apr 23, 2000
 - Because I could never be sure that the background image
   would be available (where it was expected to be) I have
   incorporated the image into the script itself, so now it
   is always available. The body tags have been changed from
   <body background="editphp.gif"> to
   <body background="$PHP_SELF?mode=image">.
   This means that the editphp.gif file and the $mybackgroundimage
   variable are no more.  
 - Added some \ (escape) characters to the $myrestricted and
   $myfileextensions variables, this fixes the error messages
   generated by PHP4.
 - Added the $winmoveto variable to let you move to a
   predetermined screen coordinate upon open.
 - Tested on PHP4, fixed minor issues, seems OK.
 - Added the Colours link.
 - Removed 30 KB alert dialog, see 'Bugs and known limitations'.

V0.20 released Apr 7, 2000
 - Fixed minor issue with the openwin() method. Added alert
   message when user opens a file larger than 30 KB to warn
   about issues with Navigator and it's problem with this.

v0.19 released Apr 2, 2000
 - Added $mybackgroundimage property so you can now choose
   your own background graphic file. (obsolete as of v0.21)
 - Removed changes.txt, readme.txt and todo.txt and replaced
   them with the single readme.htm file.
 - Added instructions on a better way to setup when you want
   to work in multiple directories on the same server. See
   details section. More

v0.18 release 18.3.2000
 - Minor maintenance. Added code to test for PHP crypt()
   function availability before calling it.
 - Cleaned up EditPHP crypter() method a little.

v0.17 release 6.3.2000
 - Changed authentication method so that user name and
   password are stored encrypted.
 - Added instructions on how you might setup your Apache
   environment to make EditPHP more secure.

v0.16 release 10.2.2000
 - Added code to restrict names of files. All file actions
   (delete, save, load) must match the $myfileextensions
   regular expression variable. Additionally I added the
   variable $myrestrictedfiles. More

v0.15 release  8.2.2000
 - Changed the name from PHPEdit to EditPHP, because I found
   out there is already an editor for PHP called PHPEd.
 - Added a survey to the EditPHP home page. Please fill it out
   so I can get some coding inspiration in the thought that
   somebody (besides me) uses this thing.

v0.14 release 31.1.2000
 - Cleaned up readme.txt
 - By 'popular demand' (two requests), released distribution
   as a tar.gz as well as a zip.
 - New $Expertmode setting. Set to 1 to turn off annoying dialogs
   that pop up now and then and tell you things like:
   "EditPHP session will remain open  in  the  background."

v0.13 release 28.1.2000
 - Changed target="" to target="display". The 'target=""' was
   working fine. Since the current frame was "display". Not with
   Navigator 4.6. However it works too when I explicitly name
   "display" as the target.
   Moral: Be explicit if you can.

v0.12 release 26.1.2000
 - Fixed Javascript 'object not found error'.
 - Fixed problem where some installations add slashes to a
   script when saving. There is no longer any reason to set
   'magic_quotes_gpc=Off' as I had previously recommended to fix
   this problem.

v0.11 release 25.1.2000
 - Removed 'squigglies' (don't ask) in favor of
 - Added limited instructions about permissions on Apache.
 - Explain php3.ini changes required for Win95 platform.
 - Fixed operation of GO button so that it really does SAVE then
   display the page, as stated in the documentation.

v0.10 initial release 22.1.2000

TODO Section
- Automatic backup on save. I'm thinking a file named editphp.bak.
  Every time you want to save over an existing file the existing
  file should simply be appended to the end of editphp.bak of
  course the bak file would quickly grow out of control (but don't
  all backup strategies?) so whenever the file hits 30MB a dialog
  should come up offering to trim it back to 10MB (remove the first
  x number of lines) or delete it completely or (and I hate to do
  it) give you the option to rename it. As you might be
  able to tell I don't like automatic backups, but then again I
  don't like retyping a bunch stuff 'cause I pressed the wrong
  button either.
- Javascript validation of script before saving, check that all
  opening brace/quotes have a matching closing brace/quotes etc.
  Maybe this could be done at the server with PHP while saving.
  Maybe somebody has already written some code like this.
- User authentication. Better security.
- Allow for changing directories.
- Replace the hodgepodge of ugly buttons and links across the top
  of the edit buffer window with something more aesthetic.
- Figure out a way, Javascript or otherwise, to go to a particular
  line, for example, go to line 56. PHP will report an error on a
  particular line number and even tell you the file name. It's a
  real pain to try and count the number of times you hit the down
  arrow key, especially when the error is on line 30 or greater.
  I'm thinking that I could grab just the part of the file that I
  need to fix. So, at server open file, move to line 56, grab the
  seven lines before 56 and the seven lines after 56. Now you have
  15 lines of code on your screen and your problem is dead center.
  Fix it and send it back to the server which places those 15 lines
  right back where they came from. And the cats meow would be if
  you could get a link on the PHP error page that would fire up
  EditPHP with these fifteen lines ready to edit.
- Figure out a way, Javascript or otherwise, to search and replace
  within the edit buffer.
- Text search and replace at the server? Since I don't believe it
  is possible to search and replace within a <textarea> with
  Javascript I think this job will have to be delegated to PHP and
  the server. My idea is to have PHP send the file formatted with
  inline style to show the word searched for in red. Beside this
  highlighted word, and inline with, should be a checkbox. The
  document should continue and all matching words should be
  highlighted and have a checkbox. Furthermore you should be
  able to click on the highlighted word to move to the next match.
  So, move to the first match, if you want to replace it check the
  checkbox, click the highlighted word, etc. Click submit to send
  the form back to the server to do it's magic.

Please participate in my online survey at:
  Files folder image Files  
File Role Description
Accessible without login Plain text file editphp.css Data Style sheet
Plain text file editphp.inc Class Main class file
Accessible without login Plain text file editphp.js Data Javascript code
Accessible without login Plain text file editphp.php3 Example Instance initialization
Accessible without login Plain text file readme.htm Doc. Documentation
Accessible without login Plain text file readme.txt Doc. see readme.htm

 Version Control Unique User Downloads Download Rankings  
This week:0
All time:264
This week:347Down
User Ratings User Comments (2)
 All time
was nice
12 days ago (Mario Carrocera)
11 years ago (kishore kumar)

For more information send a message to info at phpclasses dot org.