PHP
Version vom 21. September 2022, 10:31 Uhr von Geist (Diskussion | Beiträge) (→SETCOOKIE WITH PHP AND CHECK|READ)
Inhaltsverzeichnis
Secure "included php files"
index.php
<?php
if((!defined('z'))){ define('z','0'); }
include('file.php')
?>
file.php
<?php
if((!defined("z"))){exit;}
?>
HackBugZ | PHP-SECURE-INCLUDE-FILE
f611e2d0c2b292bce687e6c090956d63e396124abc17c2a2fa662c7ff6118ef2b43388c9d007cd2fadcad7d7952e6f855826028d58e5b1edd7264b2797996381
Secure php dynamic code build.
Example 1
<?php
$PAGES = array();
$PAGES = [
'home' => 'home.html'
,'about' => 'about.php'
,'contact' => 'somedir/contact.php'
];
@include(substr($PAGES[$_GET['p']] ?? ('home'), 0, 255));
exit;
?>
Example 2
<?php
$PAGES = array();
$PAGES = [
'home' => 'home.html'
,'about' => 'about.php'
,'contact' => 'somedir/contact.php'
];
@include($PAGES[$_GET['p']] ?? ('home'));
exit;
?>
CHANGE MAX UPLOAD FILESIZE
You can try it with .user.ini or .htaccess or ini_set(in your php script) For me .user.ini works perfectly
1. Create a new file(0644 on Linux) .user.ini on your webspace/working dir with max_execution_time = 10000 upload_max_filesize = 5000M post_max_size = 5000M
This is my config file .user.ini on my webspace and it works. You can change the values to your needs.
2. Create a new file(0644 on Linux) .htaccess on your webspace/working dir with php_value upload_max_filesize 1000M php_value post_max_size 1000M ! Don't forget the first dot/point at the beginning of the file.
3. Put this on the beginning of your php script
ini_set('upload_max_filesize', '1000M');
ini_set('max_execution_time', '1000');
ini_set('memory_limit', '128M');
ini_set('post_max_size', '1000M');
If this won't work(and you can't modify php.ini) than call your webhoster and ask him, what you can do :)
CHECK FOR DUPLICATE FILE WITH
$ sha1_file($file)
$ md5_file($file)
$ file_get_contents($file) Is SHA sufficient for checking file duplication? (sha1_file in PHP)
GET PATH OR FILE URL
echo __DIR__; echo __FILE__;
ternary operator
php short if/else PHP Shorthand If / Else Examples Shorthand comparisons in PHP
PHP ERROR HANDLING IN SCRIPT
Exceptions try{} catch{} finally{} Laufzeit-Konfiguration
prevent code injection attacks in PHP
mysql_real_escape_string used when insert into database htmlentities() used when outputting data into webpage htmlspecialchars() used when? strip_tags() used when? addslashes() used when?
htmlspecialchars() used when? htmlspecialchars
htmlspecialchars is roughly the same as htmlentities. The difference: character encodings.
Both encode control characters like <, >, & and so on used for opening tags etc. htmlentities also encode chars from other languages like umlauts, euro-symbols and such. If your websites are UTF, use htmlspecialchars(), otherwise use htmlentities(). How to prevent code injection attacks in PHP?
ALL POST DATA PHP
foreach ($_POST as $key => $value) {
echo "Field ".htmlspecialchars($key)." is ".htmlspecialchars($value);
}
PHP: Possible to automatically get all POSTed data?
How can I prevent SQL injection in PHP?
How can I prevent SQL injection in PHP?
SETCOOKIE WITH PHP AND CHECK|READ
[ https://stackoverflow.com/a/73766732/15125291 ]