How To Protect your PHP Script by hiding the extensions


A few simple techniques can help to hide PHP, possibly slowing down an attacker who is attempting to discover weaknesses in your system. By setting expose_php to off in your php.ini file, you reduce the amount of information available to them. Another techniques is to configure web servers such as apache to parse different filetypes through PHP, either with an .htaccess directive, or in the apache configuration file itself. You can then use misleading file extensions:
Example (1): Hiding PHP as another language
#write below code in .htaccess
# Make PHP code look like other code types
AddType application/x-httpd-php .asp
From Above Technique you must have to use yourfilename.asp for run your
php File.
In above Example you can use any unknown type by replacing .asp with
another like wise .amp , .html , .htm or etc.
Example (2): By setting expose_php to off in your php.ini file
modify below Files :
httpd.conf
————-
# …
# Minimize ‘Server’ header information
ServerTokens Prod
# Disable server signature on server generated pages
ServerSignature Off
# …
# Set default file type to PHP
DefaultType application/x-httpd-php
# …
php.ini
————
; …
expose_php = Off
; …
Now the URLs will look like this:
http://websitename/forums/post?id=15
Check Above URL .php missing
Now hacker knows only that you are using Apache.

No comments:

How To Create a Zip File Using PHP


Creating .ZIP archives using PHP can be just as simple as creating them on your desktop. PHP’s ZIP class provides all the functionality you need! To make the process a bit faster for you, I’ve coded a simple create_zip function for you to use on your projects.
The PHP
/* creates a compressed zip file */

function create_zip($files = array(),$destination = '',$overwrite = false) {

//if the zip file already exists and overwrite is false, return false

if(file_exists($destination) && !$overwrite) { return false; }

//vars

$valid_files = array();

//if files were passed in...

if(is_array($files)) {

//cycle through each file

foreach($files as $file) {

//make sure the file exists

if(file_exists($file)) {

$valid_files[] = $file;

}

}

}

//if we have good files...

if(count($valid_files)) {

//create the archive

$zip = new ZipArchive();

if($zip->open($destination,$overwrite ? ZIPARCHIVE::OVERWRITE : ZIPARCHIVE::CREATE) !== true) {

return false;

}

//add the files

foreach($valid_files as $file) {

$zip->addFile($file,$file);

}

//debug

//echo 'The zip archive contains ',$zip->numFiles,' files with a status of ',$zip->status;

//close the zip -- done!

$zip->close();

//check to make sure the file exists

return file_exists($destination);

}

else

{

return false;

}

}

Sample Usage

$files_to_zip = array(

'preload-images/1.jpg',

'preload-images/2.jpg',

'preload-images/5.jpg',

'kwicks/ringo.gif',

'rod.jpg',

'reddit.gif'

);

//if true, good; if false, zip creation failed

$result = create_zip($files_to_zip,'my-archive.zip');  //Pass names here.
The function accepts an array of files, the name of the destination files, and whether or not you’d like the destination file to be overwritten if a file of the same name exists. The function returns true if the file was created, false if the process runs into any problems.

No comments:

Cookie Vs Sessions


A PHP session variable is used to store information about, or change settings for a user session. Session variables hold information about one single user, and are available to all pages in one application.
A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user’s computer. Each time the same computer requests a page with a browser, it will send the cookie too. With PHP, you can both create and retrieve cookie values.

Both cookies and sessions are available to you as a PHP developer, and both accomplish much the same task of storing data across pages on your site. However, there are differences between the two that will make each favorable in their own circumstance.
Cookies can be set to a long lifespan, which means that data stored in a cookie can be stored for months if not years. Cookies, having their data stored on the client, work smoothly when you have a cluster of web servers, whereas sessions are stored on the server, meaning in one of your web servers handles the first request, the other web servers in your cluster will not have the stored information.
Sessions are stored on the server, which means clients do not have access to the information you store about them – this is particularly important if you store shopping baskets or other information you do not want you visitors to be able to edit by hand by hacking their cookies. Session data, being stored on your server, does not need to be transmitted with each page; clients just need to send an ID and the data is loaded from the local file. Finally, sessions can be any size you want because they are held on your server, whereas many web browsers have a limit on how big cookies can be to stop rogue web sites chewing up gigabytes of data with meaningless cookie information.
So, as you can see, each have their own advantages, but at the end of the day it usually comes down one choice: do you want your data to work when you visitor comes back the next day? If so, then your only choice is cookies – if you have any particularly sensitive information, your best bet is to store it in a database, then use the cookie to store an ID number to reference the data. If you do not need semi-permanent data, then sessions are generally preferred, as they are a little easier to use, do not require their data to be sent in entirety with each page, and are also cleaned up as soon as your visitor closes their web browser.
- See more at: http://blog.hirephp.com/php/cookie-vs-sessions.html#sthash.3j3Egp26.dpuf
No comments:
Labels:
Subscribe to: Posts (Atom)