mm22
May 31 2008, 05:42 AM
| | I am quite new to PHP and this concern came to my mind after playing around a bit with it...
When PHP is not correctly configured on the web server the source code of a php file we try to access through a browser will be shown instead of the result of the code itself. This will normally not happen when PHP is working properly, but I was just wondering if it could still be possible to see that code if a user wanted to or if something on the server failed.
This would for example expose sensitive information like mysql passwords and so on...
Is anything like that possible and/or likely to happen?
thanks! |
Comment/Reply (w/o sign-up)
Live-Dimension
May 31 2008, 06:19 AM
Is it possible if the server is not setup right? Yes. Php has extensive logging abilities. You can log to error logs, or display errors straight into pages that are outputted. This displaying of errors is useful in production/development machines only, as the web programmer can easily find out what error it is without consorting to error logs. Of course, this should be disabled in the final version which goes online, as we don't want visitors seeing sensitive data do we? For some reason, I find a lot of web servers don't do this. In php.ini - I *think* it's display_errors. You'll need to find out yourself, or ask and let someone else answer. Minus this, there isn't a really easy way to simply see the source code. Naturally, if someone was to hack into your ftp account, and steal/download the php files, they'd get the php source.
Comment/Reply (w/o sign-up)
truefusion
May 31 2008, 06:57 PM
Normally, if you want someone to view the source code of a PHP file, you just end the PHP file with the extension "phps". Most Apache configurations have it set up like that. It's not necessarily PHP's configuration that deals with the scenario you're talking about, it could just be how the server has its extensions set up. Another reason why a PHP file would output its source code is when PHP itself is not installed.
Comment/Reply (w/o sign-up)
tracdoor
Jun 1 2008, 08:26 PM
I don't think so, if it did it would probably be the fault of the server. If you want people to be able to see the source code put the extension to something like .txt or .phps
Comment/Reply (w/o sign-up)
mm22
Jun 2 2008, 02:18 AM
thank you guys for your answers! so just to wrap it up, it seems like the possibility of unwanted disclosure of php code in browsers is quite remote, unless we want it to happen by explicitly indicating it (for example changing the extension to phps or txt depending on the server configuration) anyway nothing is impossible and ultimately is up to the server to do a good job and prevent that to happen 
Comment/Reply (w/o sign-up)
galexcd
Jun 2 2008, 03:59 PM
Unfortunately. this exact issue happened to me. Apparently xisto was updating their version of php and for about an hour the php code was not being parsed out. My only suggestion is to hide the sensitive information that you do not want to be revealed in a directory that only php can access and not a client.
Comment/Reply (w/o sign-up)
coolcat50
Jun 2 2008, 05:16 PM
Well, under normal circumstances, the code is not revealed. It is parsed from the server and is not shown in the HTML source. If something fails though, the source could leak out. I would just suggest to make it so that only PHP can read sensitive files, and that the browser cannot access them.
Comment/Reply (w/o sign-up)
mm22
Jun 10 2008, 11:44 AM
QUOTE(coolcat50 @ Jun 3 2008, 01:16 AM)  Well, under normal circumstances, the code is not revealed. It is parsed from the server and is not shown in the HTML source. If something fails though, the source could leak out. I would just suggest to make it so that only PHP can read sensitive files, and that the browser cannot access them. QUOTE(galexcd @ Jun 2 2008, 11:59 PM) My only suggestion is to hide the sensitive information that you do not want to be revealed in a directory that only php can access and not a client. I think these are very good and simple suggestions to work around the issue thanks
Comment/Reply (w/o sign-up)
Similar Topics
Keywords : php, source, code, unveiled, browser,
- Php Code For Login Form With Validation In Php
(7)
Create Table - Mysql Code - Help
(1) I need your feedback about setting the database issues. Please, review them and correct some entries
in the code if they got some mistakes. This is the code itself: SQL CREATE TABLE `news` (
`id` int(250) NOT NULL auto_increment, `title` varchar(255) NOT NULL default '',
`text` text NOT NULL, `author` varchar(255) NOT NULL default '', `valid` varchar(255)
NOT NULL default '', `date` varchar(255) NOT NULL default '', PRIMARY KEY
(`id`) ) ENGINE = MyISAM ; ....
Malicious Code Injection
(3) Hi everyone! This is my first post, so be kind! Basically, I'm trying to get a free host
together so am writing some posts. Here's a little summin' summin' about malicious code
injection with PHP applications. Basically, this security exploit is one of the oldest tricks in
the books and all comes down to the fact that PHP allows execution of both local and remote scripts
with the SAME function... dur. Anyway, this is how it works. Image you've just employed a young
go getter, straight outta uni, who has found becoming a Jack of all trades a sinch. Y....
Php And Mysql Programming
anyone knows a code for mysql and php (2) hi everyone! I am making a program using php and mysql...I am a noob on this so i need your help
guys...I want to make a simple program that will some values and then store them on a database and
then retrieve them...uhmm let me give an example out put of what i need. This is the example say..:
Enter First Name: Enter Last Name:
Enter Age: Enter Address: ..those are the
data needed for input values...my question now is how can I make a database whi....
Need Some Help In File Browser
listing all sub folders and files in them. (8) Hey I want to create a very simple file browser, so that, it reads all the sub-folders which are
places in a directory, and the files inside the sub-folders (It reads only files inside sub-folders
and list them in simply. ) Also, it creates a directory (any name) inside each sub folder. My
Following code reads on the files inside the main directory, it does not read the files inside the
sub-folders.. I appreciate any help. CODE $path = "./"; $dir_handle = @opendir($path) or
die("Unable to open $path"); while ($file = readdir($dir_handle)) { if($file == "." || $fil....
Php Code Needed Iii
(10) Hello, everyone. I need your help again! Who might create the PHP code, the picture is above
this text. Basically, I want when the user fill in all the information in this form, it
automatically was sent to my email. And, then, the dialog box appears or on the same window, it was
said that your request has been sent. Moreover, if the user did not fill the entire information,
the dialog box appears stating that you did not fill some field. Thanks, for help. You always do
that.....
Php Code?
Mathematical Applications (12) Hello, everyone. The help is needed again. How can I make calculator in PHP language? That will act
like that a user just type in the fields known values, then click the button, and it's going to
be solved automatically. In other words, have can I write a formula in PHP, how to plug it inside
that language. For example, the formula to find a peremeter of square is: P=4a. So, a user
just can write the known value which is peremeter itself and it will find the side of a square; and
vice versa. If you can write many things how to do such formulas, such as comp....
Php Code Needed
Working Together? (5) Hello, everyone. I need your help again. This forum is quite good for it. Well, I need create a
registration form for my web-site using PHP and SQL. The information it should contain: 1) User
Name 2) First Name 3) Last Name 4) Password 5) e-mail Address 6) Security Image: that images helps
to protect a random registration, for instance, 56+2=where user have to type an answer in order to
finish registration. That's all for today. Anymore things, I will post another post over here.
....
Php Code
Needed?! (15) Well, I am a novice in PHP programming, so there is a script which I wanna get: 1. You go the
web-site 2. On the main screen, there is a some kind of field windows, the one you get used to type
in, when you go to google, for instance. 3. He or she types her email address and it's going to
be saved in my SQL database. 4. That's it. Help me if you can.....
Use Rss In Php Code
(3) so, how can I make RSS reader on my website? thanks in advance....
Will This Code Work
php linking script ?p= (5) hi i'm not that great at php so i'm not to sure if this will work or not. but what i want to
do is be able to use ?p=staff or what ever page name, with out the php extion, and i would like to
no if this simple script i made would work. the code is: CODE $p = $_GET ; if ( !empty($p) &&
file_exists('./' . $p . '.php') && stristr( $p, '.' ) == False ) { // pages
= directory where you store your pages $file = './' . $p . '.php'; } else { //
1.php = defult page $file = './index.php'; } include $file; ?> ....
I Need Some Proof Reading For My Code Please! [resolved]
(7) Well... everything is fine except the Content Select section (refer to the in-code headings)...
thats where it says the error is... could anyone find out why it wont work when I click one of my
links? http://2kart.trap17.com/progress.php for an example of what happens...
//----------------- //portfolio paths //----------------- $portfolio = "/portfolio"; $lay =
"/images"; //------------------ //navigation //------------------ $link = · Home html; $link
= · Portfolio html; $link = · Programming html; $link = · Graphics html; $link
= ....
Html Code Tester. Online Script
(15) Yes, yes. I have another script that I have written and I am distributing. I am not entirely sure if
this works. I have not tested it yet, but I will later and post back with a demo and fix it up.
Current script: CODE //Save this as something like htmltest.php function CheckForm() {
$html_unsafe=$_POST ; //Gives us our user input $html_safe=str_replace(" //Starts security measures
$html_safe=str_replace("?>"," ",$html_safe); //User input now secure server side //Still security
issues client side echo $html_safe; //echos our statement } //End function //Main script....
Awesome Source Code Viewer Script
(7) Hello! I have just came up with a sweet script to show the source code of any website and it only
requires one file. This is the basis of the script and can be customized with CSS and other things
and can be instituted as a public resource. Well I will provide the code and a step-by-step tutorial
on each of its parts. This code has been tested by me. Enjoy! CODE //This little tag starts
our php script and is easily the most important part of the script. //We will start our base script
here. //You can change some of the styles used here to your desired color. if (....
Whats Wrong>?
please see this piece of code and see whats wrong: (9) CODE require('connection2.php'); $select=mysql_query("SELECT * from `users` WHERE
password='$_GET '"); $co=mysql_num_rows($select); if ($co = 1) { session_start();
$s=session_id(); $_SESSION ="yes"; $username=$_GET ; header("location:../main/index2.php?a=$_GET
&s=$s"); //echo " Proceed to Game "; //echo $s; } Now that is a bit of my script for my
login script to authenticate and stuff. Recently my game went down because there was some error in
this. So i kept on trying and it didnt work. Now i found out, wait first let me tell you th....
How To Make A Random 7 Number Code?
(2) I am making a script in php, and for it I need to know how to make a random 7 digit code. I think it
has something to do with md5, but i am not sure. Thanks! EDIT- Can someone please change the title
to "How to make a random 7 digit code in php?" Thanks!....
Php Education Class (first Code)
(0) Hi I want to educate some PHP codes that i think they will be useful for all of you! My 1st code is
this: CODE class calculator { /** * Variable for holding all the numbers to add
* * @var array */ private $numbers = array(); /** * Variable
holding all the digits after the point * * @var array */ private $afterPoint =
array(); /** * Maximum number of digits after the point * that a number has
* * @var int */ private $afterPointLength = 0; /** * Fi....
My Code Doesnt Resize Large Images, Please Help.
(2) Can someone please have a look at the following code, this uploads an image, and make it in 2 sizes,
one size is max. 600 x 800, uploads to images folder and second 120 x 120 and uploads to thumbs
folder. this script works fine, with normal size images, but if i try to upload large pics( for
example, an image with dimension 2432 x 3300, it shows blank page, and uploads the original image
without sizing to "image" folder, and doesnt make any small thumbnail... I hope u understand..
Please someone help me, i shall be so thankful. session_start(); header("Cache-contro....
Display The Current Date/time
With a simple PHP code (4) Use this code to display the current date and time. CODE $date = date('l dS \of F Y
h:i:s A'); echo "$date"; ?> "l" would display the current day of the week such as
Sunday. d displays the day of the month... such as 1 and S adds the appropriate suffix(st). /of
simply displays the word "of". F displays the current month with no abbreviations while Y displays
the four digit year(2007). "h" displays the current hour with leading zeros if necessary(Ex. 06 for
6 o'clock). "i" displays the minute of the hour with leading zeros if necessary. ....
Good Source For Learning Php
(13) http://www.bicubica.com/ This website explains everything about PHP, right from the basics. it
also explains about Installing apache and PHP and configuring them. The site is very useful for
newbies and also experts.....
Wap Source Code Viewer
Mobile/wap source code viewer page (4) This is a source code viewer that will workl on wap/mobile sites but you can easily convert it to
work on web im sure ;-) CODE header("Content-Type: text/vnd.wap.wml"); echo '
'; print " "; if ($url == "") { echo " Enter url: »View source code "; }
if ($url == "$url") { $udata=@file_get_contents("$url"); $udata = str_replace("$","$$",$udata);
$udata = str_replace("&","&",$udata); $udata = str_replace("'","'",$udata); $udata =
str_replace(" $udata = str_replace(">",">",$udata); $udata = str_replace("\"....
Requesting Auto Generating Id Tag In Php Code
Php Coding (3) Hello...I'm designing a website in PHP where ppl can submit their links for "cool sites".
Anyway, when somebody submit's a link to a website for example "http://www.google.com" it
creates an id such as "index.php?id=1134411593". I dont want the links to be converted into
id's. I want it to remain as "http://www.google.com". I have the following coding on
( echo " ). I'm a novice. Please Help!!!! Thanks... Plus I
also want to add the date on when the link was submitted. Please follow our forum rule by making....
Dynamic Image / Signature Generator
a simple code to change text on an image (12) In search of dynamically changing quote, saying or all other types of text on an image I came across
a code that I have modified to fit my initial usage. This procedure requires two files and short
knowledge of PHP. If you are familiar with Trap17's sig rotation code you will understand this
procedure very fast. Code 1: dynamic_sig.php (you can rename this to index.php and you'll see
at the end why) Code 2: a simple text file named anything (I will call it name.txt ) Code 1
CODE header("Content-type: image/png"); $image = imagecreatefrompng("../i....
Adapting Html Code Embed To Work On Phpnuke
Help With This Html Code Pls (7) QUOTE how can get this html code to work on my phpnuke site? what tags would i
have to enable in the $Allowable HTML part of my config.php file?? Edited topic title. Moved to
Programming. ....
When The Browser Is Closed
(8) Hi, I am storing data in a table based on the session id. When the user closes their browser, I
want to run a quick delete so that the entery to the db with that session id is removed. How can I
do this? Thanks....
Just About Completed My Own Message Board Source.
This one looks nice! (10) I've finally completed my message board source code! This one is very nice, and it has many,
many features. So if you can, please rate them and possibly register if you like this /wink.gif'
border='0' style='vertical-align:middle' alt='wink.gif' /> http://subzer0.net/boards/ ....
Change Permission With Php Code
code to change files' and folders' permissions? (3) As everyone know, there two ways (that I can think of) to change files' and directories'
permissions. One is to change it in your cPanel's Disk Manager and the other is with an FTP
client that supports chmod. Well, I'm doing something for my site that requires files to have
full permissions (Execute, Write, and Read on all three groups). At first, I thought that if I made
the directory 777, then every file created in that directory will be 777 as well. I'm wrong. An
alternative to doing this is to change each file permission myself, but that would be....
Get Filename Of Referring Url
php code to get filename of referring URL (9) Hey /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /> I want to know how
to get the filename of the referring URL. Look at the following example: Page A which has a URL of
http://blah.trap17.com/blah/blah1.php redirects the user to Page B which has a URL of
http://blah.trap17.com/blah/blah2.php . Is there a PHP code that I can put on blah2.php that will
output blah1.php? I tried _SERVER ; (please note the code may not exactly be correct as I do not
remember the code /laugh.gif' border='0' style='vertical-align:middle' alt='laugh.gif' />....
Php Clock
source Code (8) Hi Every one i find this code its very easy simple php clock i think you can use it /blink.gif'
border='0' style='vertical-align:middle' alt='blink.gif' /> CODE // Binary Clock // script
copyright© 2002 Andreas Tscharnuter // questions? contact: psychodad@psychodad.at ||
http://www.psychodad.at/clock/ // free to use, copy and modify but leave comments untouched;) //
just include this file where your binary clock should appear // version 1.2 03 September 2003 //
below you can change different settings // and remember to drink m000re milk! $size = "40"; ....
How do you test your php code
(97) We know that php is a server side scripting language. So we will need a server with the php parser
to parse/test our code. How are you doing that. Do you upload it to a server for testing or did you
instal php and the server (apache) on your computer (localhost)....
Looking for php, source, code, unveiled, browser,
|
Searching Video's for php, source, code, unveiled, browser,
See Also,
|
advertisement
|
|
