This article illustrates several methods for creating configurable PHP Exploitation programs. This article also discusses the configuration points of fantasy in the application, and seeks a balance between the configuration of Overfire and overfire sealing by using the program. If you want other people or companies to use this article to illustrate how to create configurable PHP Exploitation programs. This article also discusses the configuration points of fantasy in the application, and seeks a balance between the configuration of Overfire and overfire sealing by using the program.
If you want to allow others or companies to apply your PHP Exploitation program, make sure the program is configurable. At least, you need to answer the question that the user sets the database logon and password in a safe way, so that the materials in the account are not openly disclosed.
This article shows several tips for storing configuration settings and compiling these settings. In addition, what elements need to be configured and how to avoid the problem of excessive configuration or insufficient configuration is provided to the leaders.
Apply the INI file for configuration
PHP has built-in support for configuration files. This is implemented through the initialization file (ini) mechanism like the php. INI file, which defines constants such as database connection timeout or session storage. If you want to, you can customize the configuration in this php. ini file. To clarify, I add the following lines of code to the php. ini file.
Myapptempdir = foo
Then, I wrote a small PHP script to read this configuration item, as shown in listing 1.
Listing 1. ini1.php
<? Php
Function get_template_directory ()
{
$ V = get_cmd_var ('myapptempdir ');
Return ($ v = null )? 'Tempdir': $ v;
}
Echo (get_template_directory (). '\ n ');
?> |
When you run this code in the command line, the following results are obtained:
Great. But why can't I use the scale INI function to obtain the value of the myapptempdir configuration item? I 've learned that in most cases, custom configuration items cannot be obtained using these methods. However, the application of the get_cfg_var function can be visited.
To make this method simpler, the visit to the variable is encapsulated in the second function. the Function application configures the key name and a default value as the parameter, as shown below.
Listing 2. ini2.php
Function get_ini_value ($ n, $ dv)
{
$ C = get_cfg_var ($ n );
Return ($ c = null )? $ Dv: $ c;
}
Function get_template_directory ()
{
Return get_ini_value ('myapptempdir', 'tempdir ');
} |
This is a good generalization of how to visit the INI file. Therefore, if you want to apply a different mechanism or store this INI file to another position, you don't have to worry about changing a large number of functions.
I do not recommend using the INI file as the configuration of the exploitation program. There are two reasons for this. First, though this is easier to read INI files, it is almost impossible to write INI files securely. Therefore, this is only suitable for read-only configuration items. Second, the php. ini file is shared among all the exploitation programs on the server, so I don't think the configuration items specific to the exploitation program should be written in this file.
What do I know about INI files? The most important thing is how to reset the include path to Add configuration items, as shown below.
Listing 3. ini3.php
<? Php
Echo (ini_get ('include _ path'). '\ n ');
Ini_set ('include _ path ',
Ini_get ('include _ path'). ':./mylib ');
Echo (ini_get ('include _ path'). '\ n ');
?> |
In this example, I add my local mylib directory to the include path, so I can add the require PHP file from this directory without adding the path to the require statement.
Configuration in PHP
A replacement measure for storing configuration entries in the INI file is usually to apply a simple PHP script to keep data. The following is an example.
Listing 4. config. php
<? Php
# Specify the location of the temporary directory
#
$ TEMPLATE_DIRECTORY = 'tempdir ';
?> |
The code for applying this constant is as follows.
Listing 5. php. php
<? Php
Require_once 'config. php ';
Function get_template_directory ()
{
Global $ TEMPLATE_DIRECTORY;
Return $ TEMPLATE_DIRECTORY;
}
Echo (get_template_directory (). '\ n ');
?> |
The code first contains the configuration file (config. php), and then you can directly apply these constants.
The application of this technique has many advantages. First, if some people only browse the config. php file, the page is blank. Therefore, you can put config. php in the same file and use it as the root of the Web application. Second, it can be compiled in any editor, and in some compilers, it even has the syntax coloring and syntax check functions.
The problem with this technique is that it is a read-only technique like an INI file. Extracting data from this file is easy, but it is difficult to adjust the data in this PHP file. in some cases, it is even impossible.
The following interchange method shows how to write a configuration system that is essentially readable and writable.
[1] [2] [3] [4] Next page 
