making php file with fopen()

Printable View

Dec 25th, 2003, 08:08 AM
cgi

making php file with fopen()

how could i save a php code into a php file with fopen()

for examble i want to save this code into php file

PHP Code:

<?php $a=fopen("one.php","w"); fwrite($a,"any thing"); fclose($a); ?>

:confused:
Dec 25th, 2003, 02:18 PM
morrowasted

PHP Code:

<? $input_code = "whatever"; $file="file.php"; $write=fopen($file,'w'); fputs($write,$input_code); fclose($write); ?>

im not php expert, mind you, but i think that works
Dec 28th, 2003, 10:53 AM
CornedBee

Yep, it works, and you can even include() the file afterwards.

Though eval is probably more efficient in that case.
Dec 28th, 2003, 03:38 PM
morrowasted

:eek: i made a PHP script that works without any help!!!!
Dec 30th, 2003, 07:00 AM
cgi

thank's all for your reply's

but

look at this code

PHP Code:

<? $input_code = " <? $input_code = "whatever"; $file="file.php"; $write=fopen($file,'w'); fputs($write,$input_code); fclose($write); ?> "; $file="file.php"; $write=fopen($file,'w'); fputs($write,$input_code); fclose($write); ?>

i inserted just a few lines in the $input_code

but what's happened if i inserted a big script in it ??

it will be alot of error's , parse and etc , so is there any way to do it with out error's , some way make the parser get over the inputed code ?? :confused:
Dec 30th, 2003, 09:30 AM
techgnome

Why are you doing it like that?
If you already have the code, why not jsut put it in a PHP file to begin with?

TG
Dec 30th, 2003, 02:22 PM
CornedBee

The problem is the matching of quotes. As the syntax highlighter points out, the quotes within your string end your string. You must escape them.
Dec 31st, 2003, 12:58 AM
kows

For PHP to manually escape characters for you, try addslashes().

To use it with what you are doing, you're going to have to grab the actual code from somewhere, like a POST or GET form.

EG:

PHP Code:

$input_code = addslashes($_POST['code']);

Where the user has inputted the code into a text box named "code".
Dec 31st, 2003, 05:33 AM
CornedBee

Which is about the worst security leak you could ever open.
Jan 6th, 2004, 01:43 PM
phpman

how is addslashes a security leak?

if you write to a file how is it a security leak? unless of course they stripslahes and inlcude it somewhere
Jan 6th, 2004, 02:48 PM
CornedBee

The security leak is taking code from the user and executing it as PHP.
Jan 6th, 2004, 03:07 PM
phpman

yes, I agree, I just read your post a different way.

why would you take code from a user and execute it?

that is almost like saying, here, delete my database. :p
Jan 6th, 2004, 03:35 PM
CornedBee

Well, combine the results of this thread and you have it.

1)

Code:

$input_code = addslashes($_POST['code']);

2)

Code:

$file="file.php"; $write=fopen($file,'wt'); fputs($write,$input_code); fclose($write);

3) (as according to my first post)

Code:

include($file);

Happy cracking :)
Jan 6th, 2004, 04:42 PM
The Hobo

Sounds like fun. I'll try it. :thumb:
Jan 12th, 2004, 06:38 PM
cgi

thank's all

i found a new code which made the parser getover the code

PHP Code:

$link= <<<EOF $fp = fopen ("file.txt", "w+"); <br/>fwrite ($fp, "Test"); fclose ($fp); EOF;

i think it's great

Quote:

The security leak is taking code from the user and executing it as PHP.

thank's for the advice , it's very important

the user's maybe put a dangours code like phpshell code of other

but i will need the way soon

:)