1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[ANOTHER] PHP Question...

Discussion in 'Black Hat SEO' started by royserpa, Nov 29, 2013.

  1. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,649
    Likes Received:
    3,494
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Royserpa
    Home Page:
    Hello guys!

    Again I have another PHP question and the question is not regarding any kind of functionality, but I am trying to understand and fix, why this code doesn't work as expected.

    What I am trying to do is create a .txt file with some text and read the text, all done with php.

    Now to the code,

    PHP:
    <?php
    $myFile 
    "host.txt";$fh fopen($myFile'w') or die("can't open file");$host "oje";fwrite($fh$host);fclose($fh);
    ?>
    Basically, with that code, I create or overwrite a file called host.txt with the text "oje". Of course that If I save this as *.php, upload it to my server and go to domain.com/*.php it works and it creates the host.txt file with "oje" as content.

    But the problem I am having is that this same code doesn't work in my Wordpress Plugin!

    Basically, what I am doing in the plugin to call this function, is:

    1) Call the script from a function
    2) Call the function from my functions.php file
    3) Call the file that calls the function from the Wordpress Dashboard

    And with that, the code doesn't work. It doesn't create any file, it doesn't do anything at all.

    My file structure is like this:

    (let's say that root is the folder of my plugin)

    +root/
    +-functions.php
    +-write.php
    +-code.txt

    Where:

    >root: is the folder of the plugin in wordpress
    >functions.php: is the file that contains the function where write.php is included
    >write.php: is the file where the function containing the above php code is
    >code.txt: this file is created or overwritten with the above php code

    But the strangest thing of this is that if I go to root/write.php, the .txt file is created!
    But it doesn't work when I call it from my plugin.

    Does anyone have any idea why this isn't working and why this code behavve like this?

    As I really don't have any clue why this isn't working.

    Also, it doesn't throw out any errors when trying to write the file using the plugin.

    Any insight, comment or idea would be awesome!

    PS: This is how I am feeling right now with these problems: :D:D

    [​IMG]
     
  2. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,063
    Likes Received:
    2,872
    Gender:
    Male
    How are you calling the code from your function.php? Post the code.

    BTW, if you are using a plugin, then why don't you place the function within your plugin file? I guess you are over-complicating it :)

    Instead, write the function inside your plugin.php, and call it on request e.g. like:
    Or may be I am missing something?
     
  3. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,649
    Likes Received:
    3,494
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Royserpa
    Home Page:
    ^Actually i am trying to make things organised so that the code is clear. I really dont think that might help.

    I call function by first incluiding the functions.php file and then the function()
     
  4. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    Add this to any template file.

    Code:
    $file = '<?php
    echo "my sexy file is now written";
    ?>';
    
    file_put_contents('/path/to-save/the-file/saved.php',$file);
    This will write a real, functional .php file anywhere your wordpress installation has the permissions to write to.
     
  5. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,063
    Likes Received:
    2,872
    Gender:
    Male
    Including functions.php? function.php gets included in the wordpress by default.

    Trying echoing out something when the function gets called ( and place die() after the echo). I am pretty sure the function isn't getting called atall. Also try checking the error log.
    Speaking about orginising stuffs, putting half code inside functions.php, and putting the other half inside a plugin makes it tougher to manage the code. Your plugin will have dependency on the theme. Once you change the theme, you get function undefined error.


    What I do for my projects is make classes and include them when needed. That way we can lazyload (google it) certain codes so your project will be lighter than ever..


    Anyway, different people -- different opinion :p
     
  6. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    PS, everyone, take note. That is how your entire wordpress installation, domain name and any other websites you have on any other domains in the same directory structure can be hacked.

    Anyone you give administrator permissions to your blog login can simply go to the templates section, paste in arbitrary PHP code to be written to a file through the execution of a template, and then proceed to execute that .php file.

    Moral of the story, don't give anyone an administrative login to your wordpress blog. If you need to let someone else log in, make a lesser-permissioned account that doesn't have access to template editing.
     
    • Thanks Thanks x 1
  7. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,063
    Likes Received:
    2,872
    Gender:
    Male
    shhhhh don't leak it man :D

     
  8. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    The functions.php file executes functions. For this code to execute within the functions.php file, you'd have to have it embedded within a function that actually gets executed (or not have it nested in a function, in which case it will get called each and every time the functions.php file is called, which would be massively excessive -- probably dozens of times just on one page load).

    I know it works, when wordpress has write permissions. If it doesn't work for you ...

    #1) it might be failing, and have a specific reason for failing, but its not telling you because the server isn't formatted to notify of errors
    #2) it might fail because you didn't type in the right path
    #3) it might fail because your wordpress blog doesn't have write permissions

    In any case, this does work when wordpress has write permissions.
     
    • Thanks Thanks x 1
  9. madoctopus

    madoctopus Supreme Member

    Joined:
    Apr 4, 2010
    Messages:
    1,249
    Likes Received:
    3,498
    Occupation:
    Full time IM
    yeah, and i am quite sure if you ever need to hack a wordpress sites you never run out of methods to do it :) and if you can't manage to hack WP itself you're likely to hack one of those insecure plugins. or maybe the host has not so great user isolation. or you could do social engineering. etc etc. after i had a site hacked once i don't even care anymore. i just eliminate the footprints and stuff so hackers don't find me and if they still do or really want to hack the site they will no matter what (assuming they're smarter than me which probably they are when it comes to security). i just re-upload a backup and all is fine and dandy. only got 1 site hacked once by some satanist hacker (left me a webpage with some satanist symbols and shit lol). so 1 site hacked in over 10 years online... not a biggie.
     
  10. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,649
    Likes Received:
    3,494
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Royserpa
    Home Page:
    Thanks bro, but Im looking towards ccreating .txt files, the same thing except txt :)
    I think I found the problem, probably the problem is that WP doesn't have permissions to write on that directory, and probably that's why when I go to root/write.php the code.txt file is created!

    I will search around on what I can do about this.

    I am talking about my wp plugin. In my plugin, I created a functions.php file, not the functions.php wp file.
    And yes, I know how to call functions bro :)
    And no, the plugin doesn't have any dependency on the theme as the functions.php file is from the plugin, no the theme ;)

    :O I didn't know about classes (LOL), I will look into them.

    I dont give anyone admin permissions :p

    The functions.php file I am talking about is not the one from the theme, but a custom functions.php file I created for the plugin :)
    Anyway thanks for the advice, guys! :)
     
  11. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,063
    Likes Received:
    2,872
    Gender:
    Male
    That's cool ^^P

    I was just making sure hehe