Skip navigation.
Home

How not to shell script with PHP...

Bad Architecture

Since I'm doing a Shell Scripting with PHP presentation today's WTF is well timed for some shameless self promotion. It's a great example of one of the worst application requirements I've seen.

Props to Eero for sending this in. This script basically rotates an image on a web site. There are dozens of ways to do this with PHP and none of the good ways I know uses an FTP connection!

I particularly like how the permissions are changed to 0777, renamed, and then permissions changed back to 0444! Hmm...

#!/usr/bin/php
<?php
// ftp-connection to change rights
require("ftpconnect.php");
// get actual picture-infos
$filename = "actual_pic.txt";
$file = fopen($filename,"r+");
$actual_pic = fread ($file, filesize ($filename));
fclose($file);
// find out which pic is next
if($actual_pic == 10)
       $new_pic = 1;
else
       $new_pic = $actual_pic + 1;
// write new pic into log
$filename = "actual_pic.txt";
$file = fopen($filename,"w+");
fwrite( $file, $new_pic );
fclose($file);
// change access of folders/files
$ftp_actual_pic = "/www/folder/realpicture.jpg";
$ftp_new_pic = "/www/folder/$new_pic.jpg";
$ftp_folder = "/www/folder";
$chmod=ftp_site($conn_id, "CHMOD 0777 ".$ftp_folder."/realpicture.jpg");
$chmod=ftp_site($conn_id, "CHMOD 0777 ".$ftp_folder."/$new_pic.jpg");
$chmod=ftp_site($conn_id, "CHMOD 0777 ".$ftp_folder);
// rename pictures
rename("superheroes.jpg", "$actual_pic.jpg");
rename("$new_pic.jpg", "realpicture.jpg");
// Folder-Access reset
$chmod=ftp_site($conn_id, "CHMOD 0444 ".$ftp_folder."/realpicture.jpg");
$chmod=ftp_site($conn_id, "CHMOD 0444 ".$ftp_folder."/$actual_pic.jpg");
$chmod=ftp_site($conn_id, "CHMOD 0555 ".$ftp_folder);
ftp_quit($conn_id);
?>

I can think of only one reason why this code exists. Somebody has a web server that does not support scripting and wrote this shell script to rotate the images over FTP via a cron job. Still qualifies as a WTF because anything that automaticaly logs in to make updates to the website is just bad. I can't help thinking this code was written by a 12 year old updating his geocities site...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

I love how they open r/w, close, then open r/w again.

Gotta hand it to the d00d... he at least utilizes comments well.. :p

I don't see how having something automatically log in to update sites is automatically bad... If your hosting site doesn't support PHP/perl etc, it's not bad. Actually sites that get A LOT of traffic stick to generated HTML files because of the performance hit of dynamically generating every page call (or every few page calls if you have some sort of caching mechanism), so in this case having static HTML is GOOD. I think Blogger does something like this.. ever notice how blogger sites never have a php or phtml extension, and it works with any hosting site that supports FTP logins...?

That isn't true as often as it seems, I've seen quite a few sites that use .html pages that are really php/pl/aspx with a "canonical" name, just passing .html through their isapis. It works until you see arguments being passed in the old fashioned way. :p

But yeah, the web swung from static pages with a few cgis to entirely dynamic sites, and now people are trying to figure out the best medium between the two.

(Let's be kind to the guy and assume he didn't know which bit he needed to set to rename it. And that his script and images and server were flawless and never generated as error that needed to be checked.)