Attention!!™
SMB3 Hacking Forum Opened!
Information needed!
If you have any useful data on hacking SMB3, please post it in the this stickied thread in the new SMB3 Forum. We are also looking for someone to help run a SMB3 hacking Wiki.
Join the Kafuka Discord! (Click here)
Views: 5,554,013
Main | FAQ | IRC chat | Memberlist | Active users | Latest posts | Calendar | Stats | Ranks | Online users | Search
10-15-18 11:03 PM
Guest: Register | Login

0 users currently in msg db 'Computer Address',0xa | 1 guest

Main - msg db 'Computer Address',0xa - php struggles
Next newer thread | Next older thread


Jamie
Posted on 07-26-18 12:08 AM (rev. 2 of 07-26-18 12:09 AM by Jamie) Link | ID: 138538

Kafuka's Resident Ice Fairy
Level: 64


Posts: 1137/1426
EXP: 2150720
Next: 63377

Since: 06-03-14
From: Margate, GB

Last post: 4 hours
Last view: 4 hours

<?php

require('lib/common.php');

if(!file_exists('config/database.php')) {
die(header("Location: install.php"));
}

$page = $_GET['page'];

if(!isset($_GET['page']))
$page = "home";
?>

<!DOCTYPE html>
<html>
<head>
<title>you make a bloody show of meh</title>
</head>
<body>
<?php echo file_get_contents("lib/top.php"); ?>
<?php file_get_contents("pages/$page.php");
echo $page_contents; ?>
<?php echo file_get_contents("lib/footer.php"); ?>
</body>
</html>


basically trying to write a script that fetches a page and then displays its contents, using the URL param "page" after "index.php" or whatever

i.e. something like ABXD's index.php

currently unfinished. it DOES seem to do its job somewhat:

having some trouble with stuff tho. I'm unable to make a 404 fallback, for a start. plus I feel this is inefficient as hell.

as a new coder, I'm probably making basic mistakes :p

also none of this was copypasted from ABXD, even though I used the same setup and variable names as it. i'm actually trying to write a small PHP blog script :P

any suggestions?

____________________

Jamie | Hexafairy
My Blog

Epele
Posted on 07-26-18 12:25 AM (rev. 2 of 07-26-18 12:35 AM by Epele) Link | ID: 138539
Administrator
The Sorceress.
My servants never die!

Level: 209


Posts: 18619/19227
EXP: 132742369
Next: 1462271

Since: 01-01-12
From: UK

Last post: 12 hours
Last view: 33 min.
Let's see..
using file_get_contents() will pull the exact contents of the file. It will not render that page as php, but print the entire source code.. Consider using Include instead and letting the page print its own output. I believe you can also use include in an if() statement for error reporting - 404s.

Personally, I've not had a need to use include statements yet. Gonna go test that theory out.

Editorial:
I've just played with it.
<?php
error_reporting(E_ERROR);
if(!isset($_GET['src'])) $src="index.php"; else $src=$_GET[,];
if((include $src) == false){
echo "Source file not found.";
}
?>

Include statements must be encapsulated in brackets inside an if() statement. In the case of this, it will include index.php which prints its own output normally, so it displays as part of the page.

file_get_contents is more useful when you are dealing with stored files, such as caches, or doing operations on a binary file.

Personally, I'm not a fan of breaking in and out of php, and prefer to do the entire operation in one go.

If I need to inject a piece of php in the middle of a print, I'd do it like:
print "Ooh, I just rolled a ".rand(1,6)." on my first die, and a ".(rand(0,5)+1)." on my second!";



<Nicolyn> Thierry doesn't sleep
<Nicolyn> she is powered solely by those little floating hearts

Moonlight Capital
Posted on 07-26-18 03:31 PM (rev. 2 of 07-26-18 04:10 PM by Moonlight Capital) Link | ID: 138621
Click here for catgirls
Level: 27


Posts: 233/241
EXP: 112379
Next: 3780

Since: 04-26-16
From: Italy

Last post: 10 days
Last view: 2 days
This is my page rendering handler:


<?php

$pageArr = explode('/', $_SERVER['REQUEST_URI']);
array_shift($pageArr);
array_shift($pageArr);

$pageArr = array_map('htmlspecialchars', $pageArr); // prevents XSS

$pagename = explode('?', $pageArr[0], 2)[0];

if(file_exists('pages/'.$pagename.'.html')) {
echo file_get_contents('pages/'.$pagename.'.html');
} else if($pagename == '') {
echo file_get_contents('pages/main.html');
} else {
echo file_get_contents('pages/notfound.html');
}

?>


Though you need a .htaccess rule to achieve this, see https://stackoverflow.com/a/51362256/7486110

StapleButter
Posted on 07-26-18 04:45 PM Link | ID: 138630
Developer
Acmlmboard has... side effects
Level: 72


Posts: 1601/1626
EXP: 3262065
Next: 61697

Since: 01-05-12
From: France

Last post: 9 days
Last view: 1 day
you don't seem to really know what XSS is...


also, while you're at it with .htaccess-level URL rewriting, might as well just rewrite it to page.php?shit=foo&crap=bar so there's less overhead on the PHP side (you don't have to do decoding/etc there). but whatever, this works too.

____________________
Kuribo64 - we hack shit
obsolete advert is obsolete

Moonlight Capital
Posted on 07-26-18 04:56 PM Link | ID: 138633
Click here for catgirls
Level: 27


Posts: 234/241
EXP: 112379
Next: 3780

Since: 04-26-16
From: Italy

Last post: 10 days
Last view: 2 days
Posted by StapleButter
also, while you're at it with .htaccess-level URL rewriting, might as well just rewrite it to page.php?shit=foo&crap=bar so there's less overhead on the PHP side (you don't have to do decoding/etc there). but whatever, this works too.


I used to do it that way, but url rewriting was hard if you had parameters with different names.

Next newer thread | Next older thread
Main - msg db 'Computer Address',0xa - php struggles


Acmlmboard v2.5.4 (10/13/2018)
© 2005-2018 Acmlm, Emuz, et al.

Page rendered in 0.057 seconds. (625KB of memory used)
MySQL - queries: 92, rows: 482/515, time: 0.029 seconds.