Skip navigation.
Home

archives

How not to shell script with PHP...

Bad Architecture

Since I'm doing a Shell Scripting with PHP presentation today's WTF is well timed for some shameless self promotion. It's a great example of one of the worst application requirements I've seen.

Props to Eero for sending this in. This script basically rotates an image on a web site. There are dozens of ways to do this with PHP and none of the good ways I know uses an FTP connection!

I particularly like how the permissions are changed to 0777, renamed, and then permissions changed back to 0444! Hmm...

#!/usr/bin/php
<?php
// ftp-connection to change rights
require("ftpconnect.php");
// get actual picture-infos
$filename = "actual_pic.txt";
$file = fopen($filename,"r+");
$actual_pic = fread ($file, filesize ($filename));
fclose($file);
// find out which pic is next
if($actual_pic == 10)
       $new_pic = 1;
else
       $new_pic = $actual_pic + 1;
// write new pic into log
$filename = "actual_pic.txt";
$file = fopen($filename,"w+");
fwrite( $file, $new_pic );
fclose($file);
// change access of folders/files
$ftp_actual_pic = "/www/folder/realpicture.jpg";
$ftp_new_pic = "/www/folder/$new_pic.jpg";
$ftp_folder = "/www/folder";
$chmod=ftp_site($conn_id, "CHMOD 0777 ".$ftp_folder."/realpicture.jpg");
$chmod=ftp_site($conn_id, "CHMOD 0777 ".$ftp_folder."/$new_pic.jpg");
$chmod=ftp_site($conn_id, "CHMOD 0777 ".$ftp_folder);
// rename pictures
rename("superheroes.jpg", "$actual_pic.jpg");
rename("$new_pic.jpg", "realpicture.jpg");
// Folder-Access reset
$chmod=ftp_site($conn_id, "CHMOD 0444 ".$ftp_folder."/realpicture.jpg");
$chmod=ftp_site($conn_id, "CHMOD 0444 ".$ftp_folder."/$actual_pic.jpg");
$chmod=ftp_site($conn_id, "CHMOD 0555 ".$ftp_folder);
ftp_quit($conn_id);
?>

I can think of only one reason why this code exists. Somebody has a web server that does not support scripting and wrote this shell script to rotate the images over FTP via a cron job. Still qualifies as a WTF because anything that automaticaly logs in to make updates to the website is just bad. I can't help thinking this code was written by a 12 year old updating his geocities site...