PHP Files Reading a File into a String

PHP Files

Reading a File into a String

Problem

You want to load the entire contents of a file into a variable. For example, you want to determine if the text in a file matches a regular expression.

Solution

Use file_get_contents():

       $people = file_get_contents('people.txt');

       if (preg_match('/Names:.*(David|Susannah)/i',$people)) {

              print "people.txt matches.";

       }

Discussion

If you want the contents of a file in a string to manipulate, file_get_contents() is great, but if you just want to print the entire contents of a file, there are easier (and more efficient) ways than reading it into a string and then printing the string. PHP provides two functions for this. The first is fpassthru($fh), which prints everything left on the filehandle $fh and then closes it. The second, readfile($filename), prints the entire contents of $filename.

You can use readfile() to implement a wrapper around images that shouldn’t always be displayed. This program makes sure a requested image is less than a week old:

       $image_directory = '/usr/local/images';

       if (preg_match('/^[a-zA-Z0-9]+\.(gif|jpe?g)$/',$image,$matches) &&

            is_readable($image_directory."/$image") &&

            (filemtime($image_directory."/$image") >= (time() - 86400 * 7))) {

         header('Content-Type: image/'.$matches[1]);

         header('Content-Length: '.filesize($image_directory."/$image"));

         readfile($image_directory."/$image");

       } else {

         error_log("Can't serve image: $image");

       }

The directory in which the images are stored, $image_directory, needs to be outside the web server’s document root for the wrapper to be effective. Otherwise, users can just access the image files directly. The code tests the image file for three things. First, that the filename passed in $image is just alphanumeric with an ending of either .gif, .jpg, or .jpeg. 

You need to ensure that characters such as .. or / are not in the filename; this prevents malicious users from retrieving files outside the specified directory. Second, use is_readable() to make sure the program can read the file. Finally, get the file’s modification time with filemtime() and make sure the time is after 86,400 × 7 seconds ago. There are 86,400 seconds in a day, so 86,400 × 7 is a week.1

If all of these conditions are met, you’re ready to send the image. First, send two headers to tell the browser the image’s MIME type and file size. Then use readfile() to send the entire contents of the file to the user.