file auditing
+ Reply to Thread
Results 1 to 9 of 9

Thread: Quick PHP Code Tester Program

  1. #1
    Join Date
    Aug 2007
    Posts
    122

    Quick PHP Code Tester Program

    I'd like to have some PHP coders test this simple utility. Their feedback would help me improve on it.

    It is a interactive web page you can use to test blocks of PHP code and functions. I use this program all the time to speed up the development and testing of blocks of PHP code and custom functions.



    I just re-engineered it for PHP v5.x, however, if within the program you change

    $_POST

    to

    $HTTP_POST_VARS

    Then it should also work for PHP v4.x

    There is a handy function within PHP called Eval() and this entire program is built around that function.

    With this program you can easily experiment with PHP and test many of its functions directly from the key***rd via your web browser as well as many of your own custom functions.



    Here is the complete program code:

    Code:
    <?PHP
    
    /*
         General Purpose Basic PHP Script Tester  v5.0
    
         PHP v5.2.4
    
         REVISED: 2007 SEP *4 - FRI
    */
    
    Print <<< _HTML
    
    <!DOCTYPE HTML PUBLIC "-//W*C//DTD HTML 4.0* Transitional//EN">
    
    <HTML>
    
    <HEAD>
    
    <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="TEXT/HTML; CHARSET=ISO-885*-*">
    
    <META NAME="robots"    CONTENT="noindex,nofollow">
    <META NAME="googlebot" CONTENT="noindex,nofollow">
    
    <!-- Optional CSS sheet
    
    <LINK REL=STYLESHEET HREF="path_to_your.css" TYPE="TEXT/CSS">
    
    -->
    
    <TITLE>PHPX - PHP Code Tester v5.0</TITLE>
    
    </HEAD>
    
    
    <BODY>
    
    _HTML;
    
    // --------------------------
    // Name of this program file.
    
       $_ThisFileName_ = "phpx.php";
    
    // Attach optional custom functions.
    // include_once ("path_to_your_custom_function_module.php");
    
    
    // ------------------------------------------
    // Read and execute PHP code entered by user.
    
    $_PHPCode_ = "";
    
    If (@$_POST['PHP_Code'] && $_POST['Execute_Button'])
    
       {
        $_PHPCode_ = @$_POST['PHP_Code']; // StripSlashes(@$_POST['PHP_Code']);
    
          Eval($_PHPCode_);
       }
    
    print "\n";
    
    
    // ------------------------------
    // Display the modified web page.
    
    print <<< _HTML
    
    <FORM NAME="PHPXForm" METHOD="post" ACTION="$_ThisFileName_">
    <BR>
    <TABLE CLASS="TxBlack" BGCOLOR="yellow" ALIGN="center" CELLPADDING="4" BORDER="8">
    
    <TR>
    <TD VALIGN="middle">
    
    <DIV ALIGN="center">
    
    <B>PHPX - PHP Program Code Tester - PHP v5.x</B>
    
    <BR>
    
    <TEXTAREA WRAP="OFF"  NAME="PHP_Code"  COLS="80"  ROWS="20">
    
    _HTML;
    
    print chop($_PHPCode_);
    
    print <<< _HTML
    
    </TEXTAREA>
    </DIV>
    
    <DIV ALIGN="center">
    <INPUT NAME="Execute_Button" TYPE="submit" VALUE="Execute Code">
    </DIV>
    
    </TD>
    </TR>
    
    </TABLE>
    
    </FORM>
    
    <DIV ALIGN="center">
    <B>Enter PHP Code to Test Minus the &nbsp; &lt;?PHP &nbsp; and &nbsp; ?&gt; &nbsp; Tags</B>
    </DIV>
    
    </BODY>
    </HTML>
    
    _HTML;
    
    ?>

    For example, run the program and then copy/paste the following PHP code into the input text area and test it by clicking the [Execute Code] button.

    Code:
       $F = *8.6; // Fahrenheit degrees
    
       print "$F F = " . F_To_C ($F) . " C";
    
    
       function F_To_C ($F_Arg)
      {
       return ($F_Arg - *2) * 5/* ;
      }
    Try it.

    Any code entered into the text area within the page is interpreted as PHP code to be executed.

    It can also store and remember variables.


    It's not a perfect tool yet, but extremely useful nevertheless for quick code and function testing.

    You can also attach your own CSS sheet and external custom PHP functions module to it.



    IMPORTANT NOTE
    When saving this program as a file, it MUST be named "phpx.php" to work correctly. If you change the file name, then the ACTION file name in the form has to be changed to match or the program will not work.

    If anyone here tries out this program, let me know what you think about it, if you find any bugs or have any s***estions for improvement.


    DANGER DANGER DANGER
    This is a potentially very dangerous program! A hacker could possibly damage your site with it, depending on the security settings of your host, so I strongly recommend that if you use it on your web site, rather than locally, that you password protect access to it.

    .
    Last edited by JayT; 09-15-2007 at 01:45 PM.
    Oh to be free, so blissfully free, of the ravages of intelligence, there is no greater joy! - The Cweationist's Cweed

    All that is necessary for evil to triumph is a good PR firm.
    Very funny, Scotty. Now beam down my clothes!

  2. #2
    Join Date
    Sep 2006
    Posts
    1,649
    This is actually very helpful, saves me time from having to FTP files back and forth every time I wanna test stuff. Thank you very much for this!
    "Workers of the world unite; you have nothing to lose but your chains." -Karl Marx

  3. #3
    Join Date
    Aug 2007
    Posts
    122
    Quote Originally Posted by Moonbat View Post
    This is actually very helpful, saves me time from having to FTP files back and forth every time I wanna test stuff. Thank you very much for this!
    Thanks for the feedback. Glad I finally made something useful!

    I use it a lot too and it certainly does save me time developing.

    However, I already found what may be a minor bug.

    The StripSlashes() function interferes with escape codes that need the '\' backslash. The NewLine code '\n' was converted into 'n' without the '\' which caused problems with certain printed output.


    Be careful - that program is potentially dangerous to expose to the public. On my site, I renamed it "index.php" and put it into a password protected folder so I could use it for my private code testing.

    It can reveal otherwise hidden details about your PHP site to evil hackers that they could theoretically use to compromise or harm your site. It could also reveal security flaws in your web host.
    Last edited by JayT; 09-15-2007 at 12:20 AM.
    Oh to be free, so blissfully free, of the ravages of intelligence, there is no greater joy! - The Cweationist's Cweed

    All that is necessary for evil to triumph is a good PR firm.
    Very funny, Scotty. Now beam down my clothes!

  4. #4
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by JayT View Post
    The StripSlashes() function interferes with escape codes that need the '\' backslash. The NewLine code '\n' was converted into 'n' without the '\' which caused problems with certain printed output.
    I haven't really got enough time to look at the context, but I always leave user input unaltered, then use mysql_real_escape_string() when querying a database and run all data originating from the user through htmlspecialchars() before output.

    Probably irrelevant, but that's my advice anyway.


    Be careful - that program is potentially dangerous to expose to the public. On my site, I renamed it "index.php" and put it into a password protected folder so I could use it for my private code testing.

    It can reveal otherwise hidden details about your PHP site to evil hackers that they could theoretically use to compromise or harm your site. It could also reveal security flaws in your web host.
    Remote file inclusion, system commands; there's a lot of potential for abuse if you leave something like that accessible to the public. It can essentially act as a PHP shell (though Apache probably wouldn't be running under root).

  5. #5
    Join Date
    Sep 2006
    Posts
    1,649
    I always end up putting it on my site for just a few minutes to test code, then delete the page. I use a free host for my 'site' (basically my PHP playground) and they block .htaccess because of ".htaccess abuse".
    "Workers of the world unite; you have nothing to lose but your chains." -Karl Marx

  6. #6
    Join Date
    Aug 2007
    Posts
    122
    Quote Originally Posted by mike*5* View Post
    ...

    Remote file inclusion, system commands; there's a lot of potential for abuse if you leave something like that accessible to the public. It can essentially act as a PHP shell (though Apache probably wouldn't be running under root).

    Exactly. That's why I advised not allowing public access to it.

    But as a development tool, I find it extremely useful and a time saver, which is why I wished to share it.

    I hope others find it useful too.

    Oh to be free, so blissfully free, of the ravages of intelligence, there is no greater joy! - The Cweationist's Cweed

    All that is necessary for evil to triumph is a good PR firm.
    Very funny, Scotty. Now beam down my clothes!

  7. #7
    Join Date
    Sep 2005
    Posts
    2,050
    Yeah; I was just giving examples of the kind of attacks people could expect if they didn't follow your advice.

    Useful code nonetheless.

  8. #8
    Join Date
    Sep 2006
    Posts
    1,649
    Every time I try to use echo to echo something, for example:
    Code:
    echo "test";
    It automatically adds slashes before and after the quotation marks, and I get these errors:
    Warning: Unexpected character in input: '\' (ASCII=*2) state=* in /home/ubar/leet/hax.com/phpx.php(58) : eval()'d code on line *

    Parse error: parse error, unexpected $ in /home/ubar/leet/hax.com/phpx.php(58) : eval()'d code on line 2
    Any fixes I could get for this problem?
    "Workers of the world unite; you have nothing to lose but your chains." -Karl Marx

  9. #9
    Join Date
    Aug 2007
    Posts
    122

    Odd

    Quote Originally Posted by Moonbat View Post
    Every time I try to use echo to echo something, for example:
    Code:
    echo "test";
    It automatically adds slashes before and after the quotation marks, and I get these errors:

    Any fixes I could get for this problem?


    in the line
    Code:
    $_PHPCode_ = @$_POST['PHP_Code'];  //StripSlashes(@$_POST['PHP_Code']);
    There are 2 versions of the $_POST on that line.

    Inder PHP4, I used StripSlashes

    When I switched to PH5, it wouldn't work correctly, so I modified the line and removed the StripSlashes and left the part I changed as a comment.

    I think it also has to do with the INI settings.


    It's also a small, simple program, no elaborate error checks, only intended to test small blocks of code and functions.


    Oh to be free, so blissfully free, of the ravages of intelligence, there is no greater joy! - The Cweationist's Cweed

    All that is necessary for evil to triumph is a good PR firm.
    Very funny, Scotty. Now beam down my clothes!

+ Reply to Thread

Similar Threads

  1. What program can i use to write a javascript code in?
    By Ronavar32 in forum Programming
    Replies: 4
    Last Post: 01-08-2010, 10:28 PM
  2. A Simple Proxy Anonymity Tester Program
    By JayT in forum Proxies and Firewalls
    Replies: 6
    Last Post: 10-05-2007, 11:23 AM
  3. New here and have a quick question
    By MsJess12 in forum Internet Privacy
    Replies: 0
    Last Post: 05-07-2007, 07:56 PM
  4. Just a quick question.
    By Inpact in forum Internet Privacy
    Replies: 0
    Last Post: 04-10-2006, 08:50 PM
  5. PsShutdown Quick Question...
    By Whitecrow in forum Internet Privacy
    Replies: 2
    Last Post: 05-05-2005, 06:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts