Results 1 to 9 of 9

Thread: view php contents

  1. #1
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    2,283
    Thanks
    97
    Thanked 104 Times in 102 Posts

    Default view php contents

    This is mostly to help me test some of the security on my site, but how would I view the php on my site? For example
    PHP Code:
    <?php
    $handle 
    file_get_contents("http://www.mysite.com",NULL);
    $handle=htmlentities($handle);
    $handle=str_replace("\r\n","<br>",$handle);
    echo 
    "$handle";
    ?>
    will allow me to view the source code, but how do I view the include files and such that are in my php files.

  2. #2
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    Using an absolute url (including http, etc.), will just get the source, like from a remote server.
    Use a path, like ../index.php and then you can load it that way with file_get_contents.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  3. #3
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    2,283
    Thanks
    97
    Thanked 104 Times in 102 Posts

    Default

    does this mean that someone else can't do the same or similar to view my website's php code?
    Last edited by james438; 09-18-2007 at 02:03 AM.

  4. #4
    Join Date
    May 2006
    Location
    Sydney, Australia - Near the coast.
    Posts
    1,995
    Thanks
    0
    Thanked 8 Times in 7 Posts

    Default

    Depends on how secure your server is. Most likely, yes.
    Peter - alotofstuffhere[dot]com - Email Me - Donate via PayPal - Got spare hardware? Donate 'em to me :) Just send me a PM.
    Currently: enjoying the early holidays :)
    Read before posting: FAQ | What you CAN'T do with JavaScript | Form Rules | Thread Title Naming Guide

  5. #5
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    Nothing to do with the server in terms of PHP includes, etc. The server will only output it's generated text, not the full PHP source if called from a remote server.
    (Though, yes, if you have another way of being hacked, that's a problem in itself.)
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  6. #6
    Join Date
    Sep 2007
    Location
    Calgary alberta
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    in most cases the, if using the .inc extension, you can just type the absolute url in your browser and it will echo the source out as straight text depending on the server config. It is best in all cases to use .inc.php in place of include for this very reason, Or just straight .php for you includes.

    Some versions of forums use this .inc extension, and in some case the db_connect file is .inc. You can see why this would pose real security issue.

    if your security is this accessible there are several fixes located at the php.net site. All very simple but the most important of them revolve around the apache server. a combination of all and .htaccess files, i feel, is recommended.

  7. #7
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    Well, yeah, don't store your sensitive data in any unsecure file.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  8. #8
    Join Date
    Jul 2006
    Location
    just north of Boston, MA
    Posts
    1,806
    Thanks
    13
    Thanked 72 Times in 72 Posts

    Default

    personally I like the use of .inc

    however if you do store sensitive data in this type of file, just be sure to store it above the document root, so that it wont be able to be accessed

  9. #9
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    If you need a distinction, use .inc.php. Or set .htaccess to parse .inc as php.
    Storing outside the root is fine, but also seems sorta silly. What if you just want it in the same directory? Then settle for .php? I'd rather have a more consistent system.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •