PDA

Click to See Complete Forum and Search --> : making php file with fopen()

cgi
Dec 25th, 2003, 07:08 AM
how could i save a php code into a php file with fopen()

for examble i want to save this code into php file


<?php
$a=fopen("one.php","w");
fwrite($a,"any thing");
fclose($a);
?>




:confused:
morrowasted
Dec 25th, 2003, 01:18 PM
<?
$input_code = "whatever";
$file="file.php";
$write=fopen($file,'w');
fputs($write,$input_code);
fclose($write);
?>

im not php expert, mind you, but i think that works
CornedBee
Dec 28th, 2003, 09:53 AM
Yep, it works, and you can even include() the file afterwards.

Though eval is probably more efficient in that case.
morrowasted
Dec 28th, 2003, 02:38 PM
:eek: i made a PHP script that works without any help!!!!
cgi
Dec 30th, 2003, 06:00 AM
thank's all for your reply's

but

look at this code



<?
$input_code = "
<?
$input_code = "whatever";
$file="file.php";
$write=fopen($file,'w');
fputs($write,$input_code);
fclose($write);
?>
";

$file="file.php";
$write=fopen($file,'w');
fputs($write,$input_code);
fclose($write);
?>



i inserted just a few lines in the $input_code

but what's happened if i inserted a big script in it ??

it will be alot of error's , parse and etc , so is there any way to do it with out error's , some way make the parser get over the inputed code ?? :confused:
techgnome
Dec 30th, 2003, 08:30 AM
Why are you doing it like that?
If you already have the code, why not jsut put it in a PHP file to begin with?

TG
CornedBee
Dec 30th, 2003, 01:22 PM
The problem is the matching of quotes. As the syntax highlighter points out, the quotes within your string end your string. You must escape them.
kows
Dec 30th, 2003, 11:58 PM
For PHP to manually escape characters for you, try addslashes().

To use it with what you are doing, you're going to have to grab the actual code from somewhere, like a POST or GET form.

EG:

$input_code = addslashes($_POST['code']);

Where the user has inputted the code into a text box named "code".
CornedBee
Dec 31st, 2003, 04:33 AM
Which is about the worst security leak you could ever open.
phpman
Jan 6th, 2004, 12:43 PM
how is addslashes a security leak?

if you write to a file how is it a security leak? unless of course they stripslahes and inlcude it somewhere
CornedBee
Jan 6th, 2004, 01:48 PM
The security leak is taking code from the user and executing it as PHP.
phpman
Jan 6th, 2004, 02:07 PM
yes, I agree, I just read your post a different way.

why would you take code from a user and execute it?

that is almost like saying, here, delete my database. :p
CornedBee
Jan 6th, 2004, 02:35 PM
Well, combine the results of this thread and you have it.

1)$input_code = addslashes($_POST['code']);
2)$file="file.php";
$write=fopen($file,'wt');
fputs($write,$input_code);
fclose($write);
3) (as according to my first post) include($file);

Happy cracking :)
The Hobo
Jan 6th, 2004, 03:42 PM
Sounds like fun. I'll try it. :thumb:
cgi
Jan 12th, 2004, 05:38 PM
thank's all

i found a new code which made the parser getover the code


$link= <<<EOF

$fp = fopen ("file.txt", "w+");
<br/>fwrite ($fp, "Test");
fclose ($fp);

EOF;


i think it's great


The security leak is taking code from the user and executing it as PHP.


thank's for the advice , it's very important

the user's maybe put a dangours code like phpshell code of other

but i will need the way soon

:)