Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Down PHP file via browser ??

0 views
Skip to first unread message

sb5...@yahoo.com

unread,
Nov 24, 2008, 9:08:52 PM11/24/08
to
Is it possible to download/copy a PHP file through a browser ?

(Sorry if it is a stupid question; I don't know and curious, wishing
to hear from experts.)

Thanks.

Iván Sánchez Ortega

unread,
Nov 24, 2008, 9:29:39 PM11/24/08
to
sb5...@yahoo.com wrote:

> Is it possible to download/copy a PHP file through a browser ?

No.

(Unless the web server is badly configured, or the webmaster wants people to
be able to download raw .php files, which is not the case most of the time)

--
----------------------------------
Iván Sánchez Ortega -ivan-algarroba-sanchezortega-punto-es-

No me simpatizaasssss!

trookat

unread,
Nov 24, 2008, 9:37:02 PM11/24/08
to

No such thing as a stupid question.

DISCLAIMER **
I am assuming that you are not evil and just trying to take a peek at
someones code without it being normally available, so I'm not going to
cover ways to get the source by exploiting buggy code. If you have a
question regarding your own code and to stop this from happening, then
please post it so we can gave a look


There are two ways to look at your question from a legit point of view
so i have answered it.

1.)
Simply pointing your browser at the url only gives you the executed
result of the script

unless the file is
1) not executed by php and the server just displays it as plain text
2) the script has security flaws that could be exploited to show code
3) available for regular download in a zip/tar or is available on the
persons site embedded in a <pre></pre> or similar way

then the answer is no


2.) if you have a php script and you want people to be able to look at
the live source just open the php file and print it to the browser

<?php

//my neat php, here everyone have my code!! yay!

print '<pre>'.file_get_contents('index.php').'</pre>';

// do more stuff here
?>


if I have misunderstood your question please provide more details.


regards
trookat

sb5...@yahoo.com

unread,
Nov 24, 2008, 9:56:38 PM11/24/08
to
Some of my PHP files have passwords in there. I am a bit concerned
whether there are know ways to see them.

Thanks.

Jerry Stuckle

unread,
Nov 24, 2008, 10:50:45 PM11/24/08
to

If your webserver is configured correctly, no.

But the safest way is to keep all such information in a file above the
web root, where it can't be directly accessed from the web. Then
include it as necessary.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstu...@attglobal.net
==================

sb5...@yahoo.com

unread,
Nov 25, 2008, 12:22:34 AM11/25/08
to
New idea to me.

But when I "include" it in PHP file, doesn't the file content appear
in the PHP file as well ?

Thanks.

FutureShock

unread,
Nov 25, 2008, 12:54:17 AM11/25/08
to
Not necessarily. Unless you output it manually or not have your error
settings correct for a production server, the included code will be
processed at the server lever BEFORE it is sent out to the bowser.

Most of the actual PHP code is never actually seen by the browser.

For example:

<?php
echo "FooBar";
?>

All your browser sees is:

FooBar

No <?php, echo, quotes, or ?>.

Scotty

0 new messages