protect the phpinfo() command: add a password to run the phpinfo() function

Recommend this page to a friend!

All requests

protect the phpinfo() command

Request new recommendation

Featured requests

No recommendations

protect the phpinfo() command #protect a page result

Edit

by Elton Gomez - 1 month ago (2024-05-10)

add a password to run the phpinfo() function

If during the demonstration of an application deployed on the Internet I need to query the value of a phpinfo() parameter, phpinfo() is required to run if and only if a challenge or password is correctly answered. I am looking for a piece of PHP code that will help me resolve this query, and if possible include challenge or password maintenance functions.

1 Clarification request

1. by Cedric Maenetja - 1 month ago (2024-05-15) Reply

Here's a sample code, Define the list of known configuration-related functions Check if function is_configuration_function before calling the actual function Prompt & Validate password (in the example below I using the command line to prompt for the password) Proceed if password is correct

<?php

function is_configuration_function($function_name) {
    // Define the list of known configuration-related functions
    $config_functions = [
        'phpinfo',
        'phpversion',
        'ini_get',
        'ini_set',
        'get_cfg_var',
        'get_loaded_extensions',
        'get_defined_constants',
        'extension_loaded',
        // Add more configuration-related functions as needed
    ];

    // Check if the function is in the list and exists
    return in_array($function_name, $config_functions) && function_exists($function_name);
}

$stored_password = '12345'; // the stored password, better encypt the passwords
$input_password = '';
$function_name = 'phpversion';

// check if function is_configuration_function before calling the actual function
if (is_configuration_function($function_name)) {
    // function is_configuration_function
    // prompt a user for a password
    $input_password = readline('Enter a configuration password: ');
    // while password is incorrect keep promting for the password
    // you can also add logic here to exit or stop execution after certain tries
    while ($input_password != $stored_password){
        $input_password = readline('Enter a configuration password: ');
    }

    // password correct proceed and call the function
    eval("echo $function_name();");

} else {
    // $function_name is not a configuration function";
    // no need for password prompt call the function 
    eval("echo $function_name();");
}

Ask clarification

2 Recommendations

Protected PHPInfo: Show PHPInfo function output on a protected page

by Faris AL-Otabi package author 50 - 3 days ago (2024-06-13) Comment

This package can show PHPInfo function output on a protected page.

It provides a Web page script that presents a form to ask the user for a username and password.

The same script can check if the username and password match the credentials stored in a password file in the JSON format.

If the username and password are valid, the script shows the output of the PHP phpinfo function.

PHPInfo Guard: Protected replacement for the phpinfo() function

by Eric Jumba package author 75 - 15 days ago (2024-05-31) Comment

PhpInfoGuard is a PHP package designed to enhance security by globally protecting the phpinfo() command. This package ensures that the phpinfo() function can only be executed under controlled conditions, preventing unauthorized access to sensitive PHP configuration details. Ideal for developers and system administrators looking to secure their PHP environments, PhpInfoGuard provides a simple yet powerful solution to a common security concern.

Recommend package

About us

Advertise on this site

For more information send a message to info at phpclasses dot org.