making php file with fopen()

**cgi** · Dec 25th, 2003, 08:08 AM

how could i save a php code into a php file with fopen()

for examble i want to save this code into php file

PHP Code:


<?php

$a=fopen("one.php","w");

fwrite($a,"any thing");

fclose($a);

?>

**morrowasted** · Dec 25th, 2003, 02:18 PM

PHP Code:


<? 

$input_code = "whatever";

$file="file.php"; 

$write=fopen($file,'w');

fputs($write,$input_code); 

fclose($write);

?>

im not php expert, mind you, but i think that works

**CornedBee** · Dec 28th, 2003, 10:53 AM

Yep, it works, and you can even include() the file afterwards.

Though eval is probably more efficient in that case.

**morrowasted** · Dec 28th, 2003, 03:38 PM

i made a PHP script that works without any help!!!!

**cgi** · Dec 30th, 2003, 07:00 AM

thank's all for your reply's

but

look at this code

PHP Code:




 <?  

$input_code = "

 <?  

$input_code = "whatever"; 

$file="file.php";  

$write=fopen($file,'w'); 

fputs($write,$input_code);  

fclose($write); 

?> 

"; 



$file="file.php";  

$write=fopen($file,'w'); 

fputs($write,$input_code);  

fclose($write); 

?>

i inserted just a few lines in the $input_code

but what's happened if i inserted a big script in it ??

it will be alot of error's , parse and etc , so is there any way to do it with out error's , some way make the parser get over the inputed code ??

**techgnome** · Dec 30th, 2003, 09:30 AM

Why are you doing it like that?
If you already have the code, why not jsut put it in a PHP file to begin with?

TG

**CornedBee** · Dec 30th, 2003, 02:22 PM

The problem is the matching of quotes. As the syntax highlighter points out, the quotes within your string end your string. You must escape them.

**kows** · Dec 31st, 2003, 12:58 AM

For PHP to manually escape characters for you, try addslashes().

To use it with what you are doing, you're going to have to grab the actual code from somewhere, like a POST or GET form.

EG:

PHP Code:


$input_code = addslashes($_POST['code']);

Where the user has inputted the code into a text box named "code".

**CornedBee** · Dec 31st, 2003, 05:33 AM

Which is about the worst security leak you could ever open.

**phpman** · Jan 6th, 2004, 01:43 PM

how is addslashes a security leak?

if you write to a file how is it a security leak? unless of course they stripslahes and inlcude it somewhere

**CornedBee** · Jan 6th, 2004, 02:48 PM

The security leak is taking code from the user and executing it as PHP.

**phpman** · Jan 6th, 2004, 03:07 PM

yes, I agree, I just read your post a different way.

why would you take code from a user and execute it?

that is almost like saying, here, delete my database.

**CornedBee** · Jan 6th, 2004, 03:35 PM

Well, combine the results of this thread and you have it.

1)

Code:

$input_code = addslashes($_POST['code']);

2)

Code:

$file="file.php";
$write=fopen($file,'wt');
fputs($write,$input_code);
fclose($write);

3) (as according to my first post)

Code:

include($file);

Happy cracking

**The Hobo** · Jan 6th, 2004, 04:42 PM

Sounds like fun. I'll try it.

**cgi** · Jan 12th, 2004, 06:38 PM

thank's all

i found a new code which made the parser getover the code

PHP Code:


$link= <<<EOF



$fp = fopen ("file.txt", "w+");

<br/>fwrite ($fp, "Test");

fclose ($fp);



EOF;

i think it's great

The security leak is taking code from the user and executing it as PHP.

thank's for the advice , it's very important

the user's maybe put a dangours code like phpshell code of other

but i will need the way soon

Thread: making php file with fopen()

Thread Tools

Display

making php file with fopen()

Posting Permissions