Recommend this page to a friend! |
All requests | > | protect the phpinfo() command | > | Request new recommendation | > | Featured requests | > | No recommendations |
by Elton Gomez - 1 month ago (2024-05-10)
+1 | If during the demonstration of an application deployed on the Internet I need to query the value of a phpinfo() parameter, phpinfo() is required to run if and only if a challenge or password is correctly answered. I am looking for a piece of PHP code that will help me resolve this query, and if possible include challenge or password maintenance functions. |
1. by Cedric Maenetja - 1 month ago (2024-05-15) Reply
Here's a sample code, Define the list of known configuration-related functions Check if function is_configuration_function before calling the actual function Prompt & Validate password (in the example below I using the command line to prompt for the password) Proceed if password is correct
<?php
function is_configuration_function($function_name) {
// Define the list of known configuration-related functions
$config_functions = [
'phpinfo',
'phpversion',
'ini_get',
'ini_set',
'get_cfg_var',
'get_loaded_extensions',
'get_defined_constants',
'extension_loaded',
// Add more configuration-related functions as needed
];
// Check if the function is in the list and exists
return in_array($function_name, $config_functions) && function_exists($function_name);
}
$stored_password = '12345'; // the stored password, better encypt the passwords
$input_password = '';
$function_name = 'phpversion';
// check if function is_configuration_function before calling the actual function
if (is_configuration_function($function_name)) {
// function is_configuration_function
// prompt a user for a password
$input_password = readline('Enter a configuration password: ');
// while password is incorrect keep promting for the password
// you can also add logic here to exit or stop execution after certain tries
while ($input_password != $stored_password){
$input_password = readline('Enter a configuration password: ');
}
// password correct proceed and call the function
eval("echo $function_name();");
} else {
// $function_name is not a configuration function";
// no need for password prompt call the function
eval("echo $function_name();");
}
?>
0 | by Faris AL-Otabi 50 - 3 days ago (2024-06-13) Comment This package can show PHPInfo function output on a protected page. It provides a Web page script that presents a form to ask the user for a username and password. The same script can check if the username and password match the credentials stored in a password file in the JSON format. If the username and password are valid, the script shows the output of the PHP phpinfo function. |
0 | by Eric Jumba 75 - 15 days ago (2024-05-31) Comment PhpInfoGuard is a PHP package designed to enhance security by globally protecting the phpinfo() command. This package ensures that the phpinfo() function can only be executed under controlled conditions, preventing unauthorized access to sensitive PHP configuration details. Ideal for developers and system administrators looking to secure their PHP environments, PhpInfoGuard provides a simple yet powerful solution to a common security concern. |
Recommend package | |
|