> As part of a CMS I wanted to get the user to: > 1) Create a new recordset via a form (with a uniqueid). > 2) Press submit whereupon php gets the ID of the record just created in > the DB, writes a new page to the server with that unique id and saves it > as a filename determined by the user.
Seriously, aren't you really just trying to re-invent sessions? A cookie tracks your session id, your php uses the session id to maintain persistent data on the visitor, you use the persistent data to customize the page that gets presented. You don't need to know about file permissions beyond setting up apache and php. If you want more than sessions can give you, then you probably want to set up a directory that is not underneath your web root (maybe under /var somewhere?) and is only accessible to your apache user. The functions to read and write files in that directory should be declared in include files, which should also not be underneath your web root. If you want to really tighten the lid down, you can set up a separate server process and communicate with it through local sockets instead of IP. Or you could install a database and configure the database to not listen to anything coming in over the network. -- Joel Rees, programmer, Kansai Systems Group Altech Corporation (Alpsgiken), Osaka, Japan http://www.alpsgiken.co.jp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php