PHP code in string - php

I was amazed I didn't found answer on Google for this answer.
So basically I have a PHP code which have to be stored in a variable as a string. Unfortunately PHP recognize the opening and ending tag not as a string but a PHP code... I want it as a string :)
$settings_string =
'
<?php
//Locker ID
$userToSearch = '.$_POST["usertosearch"].';
//User Folder
$userFolder = '.$folder.';
//User Link
$userLink = '.$_POST["userlink"].';
// Username and pass
$affiliateuser = '.$_POST["affiliateuser"].';
$affiliatepassword = '.$_POST["affiliatepassword"].';
?>
';


you can use like this.
if u tell your purpose. so i can give you better than this.
$settings_string ='
<?php
//Locker ID
$userToSearch = \'.$_POST["usertosearch"].\';
//User Folder
$userFolder = \'.$folder.\';
//User Link
$userLink = \'.$_POST["userlink"].\';
// Username and pass
$affiliateuser = \'.$_POST["affiliateuser"].\';
$affiliatepassword = \'.$_POST["affiliatepassword"].\';
?>
';
Now you have to use like this
$file = fopen('file_name.php', 'w');
fwrite($file, $settings_string);


If you want the value of the $_POST injected in there you still need to quote it properly in the output.
$settings_string =
'
<?php
//Locker ID
$userToSearch = "'.$_POST["usertosearch"].'"; //add them quotes!!!!
//User Folder
$userFolder = "'.$folder.'";
//User Link
$userLink = "'.$_POST["userlink"].'";
// Username and pass
$affiliateuser = "'.$_POST["affiliateuser"].'";
$affiliatepassword = "'.$_POST["affiliatepassword"].'";
?>
';
I'll assume $_POST["usertosearch"] = 'user' currently in your output would be this.
$userToSearch = user;
When instead you want
$userToSearch = "user";
Above you will see the added double quote, to properly quote the strings in the output file. That file still has to have valid syntax.
As a note, if any of the post values contain " your gonna have issues, unless you do addslashes() for them.
For example
$userLink = "'.$_POST["userlink"].'";
Assume this is $_POST["userlink"] = 'link' OR
$userLink = "link";
See the issue with that. When you'll want this
$userLink = "link";


Your looking for eval
<?php
$settings_string ='
//Locker ID
$userToSearch = '.$_POST["usertosearch"].';
//User Folder
$userFolder = '.$folder.';
//User Link
$userLink = '.$_POST["userlink"].';
// Username and pass
$affiliateuser = '.$_POST["affiliateuser"].';
$affiliatepassword = '.$_POST["affiliatepassword"].';
';
eval($settings_string);

Related

whitelist user using file_put_contents forms

<?php
$filename = 'whitelist.txt';
if (isset($_POST['uname'])) {
$uname = $_POST['uname'];
file_put_contents($filename, '{"'.$uname.'"}');
if (empty($uname)) {
header("Location: generator.php?error=No Empty Username");
exit();
}
}else{
header("Location: generator.php");
exit();
}
The expected output should be:
{"User1", "User2"}
But it is:
{"User1"}
I just wanna make a whitelist user by using a form so he can get whitelisted, I hope someone can help! Thank you!

To make a user blacklist you'll need to use some database and authentication otherwise you'll end up with problems in a case where like user1 and user2 have the same data
But for your question.
One way is to replace the last character every time here is how...
replace the file_put_con... line with this
$existing = file_get_contents($filename);
if(strpos($existing,"}")){ //check if at least one username exists
$newcontent = str_replace('}',',"'.$uname.'"}',$existing); //replace old data with new
file_put_contents($filename,$newcontent);
} else { // incase there is no username at all
$newcontent = '{"'.$uname.'"}';
file_put_contents($filename,$newcontent);
}
You'll obviously corrupt the data if you enter } in the uname
So prevent that by using entities or prevent the } character from being accepted

PHP action inside PHP already running

Good Day
I am not sure if this is possible but any advice would be greatly be appreciated.
I have a code in PHP as below and would like to add additional PHP code Not sure how to explain it but maybe if I show code it would make some sence.
<?php
//Clickatell login
$user = "##";
$password = "##";
$api_id = "##";
$baseurl ="http://api.clickatell.com";
$text = urlencode("Recovery Assist Panic Activated (BETA TEST VERSION");
$to = "'0827910119'";
?>
The above is the current code I have with some additional extra's not required here. I want to add the following to this code as part of Sitelok page manager
<?php
//Clickatell login
$user = "##";
$password = "##";
$api_id = "##";
$baseurl ="http://api.clickatell.com";
$text = urlencode("Recovery Assist Panic Activated (BETA TEST VERSION");
<?php if (sl_ismemberof("RecAssist")){ ?>
$to = "'0827911119'";
<?php } ?>
<?php if (sl_ismemberof("Gold")){ ?>
$to = "'0827952558'";
<?php } ?>
?>
The "is a member of" is part of the sitelok code to exclude on HTML where a person does not have access to. I am not sure if I can run another inside the one running already. I know this can be done with IF and ELS most prob but the coding for the amount of groups will just be too much so hoped that somehow I can use the Sitelok section

Why not just use an if statement?
e.g.
<?php
//Clickatell login
$user = "##";
$password = "##";
$api_id = "##";
$baseurl = "http://api.clickatell.com";
$text = urlencode("Recovery Assist Panic Activated (BETA TEST VERSION");
if (sl_ismemberof("RecAssist")){
$to = "'0827911119'";
} elseif (sl_ismemberof("Gold")) {
$to = "'0827952558'";
}
?>

The best an most maintainable way to achieve this would be to define all of your groups or w/e in an associative array and loop through it because it will be the most maintainable.
<?php
//Clickatell login
$user = "##";
$password = "##";
$api_id = "##";
$baseurl = "http://api.clickatell.com";
$text = urlencode("Recovery Assist Panic Activated (BETA TEST VERSION");
$groups = array(
"RecAssist" => "0827911119",
"Gold" => "0827952558",
);
$to = "";
foreach($groups as $k=>$v)
{
if(sl_ismemberof($k)) // $k is the RecAssist or Gold or w/e
{
$to = "'$v'"; // $v is those digits
// if $groups were to have 100 items or even 1,000 then there is no need to run sl_ismemberof() on the remaining items once we found what we are looking for. It would be a waste of time.
break; // break out of our loop
}
}
echo $to;
?>

Writing .php file using php code

Hi there I'm trying to write a .php file using this code, server replying this error : syntax error, unexpected '0' (T_LNUMBER) in
I wanna know how can I write integer in php file as you can see
$status1 = \''0'\';
This code having problem, anybody please tell me what to do.
<?php
if(isset($_POST['user1'])){
$data = urldecode('%3C').'?php
$user1 = \''.$_POST['user1'].'\';
$pass1 = \''.$_POST['pass1'].'\';
$status1 = \''0'\';
$user2 = \''.$_POST['user2'].'\';
$pass2 = \''.$_POST['pass2'].'\';
$status2 = \''0'\';
$user3 = \''.$_POST['user3'].'\';
$pass3 = \''.$_POST['pass3'].'\';
$status3 = \''0'\';
$user4 = \''.$_POST['user4'].'\';
$pass4 = \''.$_POST['pass4'].'\';
$status4 = \''0'\';
$user5 = \''.$_POST['user5'].'\';
$pass5 = \''.$_POST['pass5'].'\';
$status5 = \''0'\';
$user6 = \''.$_POST['user6'].'\';
$pass6 = \''.$_POST['pass6'].'\';
$status6 = \''0'\';
$user7 = \''.$_POST['user7'].'\';
$pass7 = \''.$_POST['pass7'].'\';
$status7 = \''0'\';
$user8 = \''.$_POST['user8'].'\';
$pass8 = \''.$_POST['pass8'].'\';
$status8 = \''0'\';
$user9 = \''.$_POST['user9'].'\';
$pass9 = \''.$_POST['pass9'].'\';
$status9 = \''0'\';
$user10 = \''.$_POST['user10'].'\';
$pass10 = \''.$_POST['pass10'].'\';
$status10 = \''0'\';
?'.urldecode('%3E');
$fx=fopen('datauser.php','w');
fwrite($fx,$data);
fclose($fx);
if($fx === false) {
header("Location: ./tokensettings.php?save=err");
}
else {
header("Location: ./tokensettings.php?save=success");
}
}
?>
Thank you so much.
Here is how my form looks like.

If you still want to do it your way you need to use the \ correctly for each ' to be included in the string even those in [ ] - not saying the final string produced would actually work but it is based on your code and my best guess at your desired result
<?php
$string1=' \'\'.$_POST[\'user1\']\'\';';
$string1=$string1.'\'\'0\'\';';
echo $string1;
?>

The whole urlencoding stuff is not needed at all, your quoting and escaping is messy and incorrect. and why not simply use file_put_contents? Use HEREDOC to avoid messy escaping.
file_put_contents('datauser.php', <<<CONTENT
<?php
\$user = '{$_POST['user']}';
\$pass = '{$_POST['pass']}';
\$status = '0';
CONTENT
);
but if you really want to use files as data storage, I would encourage you to save it in a data format like xml or json instead of writing php.
// save data to file ($_POST used as example...)
file_put_contents('user.json', json_encode($_POST));
// read data
$data = json_decode(file_get_contents('user.json'));

Cant get Steam API to show avatar upon Login

I have used this tutorial to implement the steam login for a website I am creating: https://github.com/SmItH197/SteamAuthentication/blob/f47fc78056081d6a83d277ae447c5386dc0909fc/README.md . Problem is, when I log in, it does not display any info, only a logout button. Here is the code I am dealing with.
if(isset($_SESSION['steamid'])){
include("settings.php");
if (empty($_SESSION['steam_uptodate']) or $_SESSION['steam_uptodate'] == false or empty($_SESSION['steam_personaname'])) {
//We mute alerts from the following line because we do not want to give away our API key in case file_get_contents() throws a warning.
# $url = file_get_contents("http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=".$steamauth['apikey']."&steamids=".$_SESSION['steamid']);
if($url === FALSE) { die('Error: failed to fetch content form Steam. It may be down. Please, try again later.'); }
$content = json_decode($url, true);
$_SESSION['steam_steamid'] = $content['response']['players'][0]['steamid'];
$_SESSION['steam_communityvisibilitystate'] = $content['response']['players'][0]['communityvisibilitystate'];
$_SESSION['steam_profilestate'] = $content['response']['players'][0]['profilestate'];
$_SESSION['steam_personaname'] = $content['response']['players'][0]['personaname'];
$_SESSION['steam_lastlogoff'] = $content['response']['players'][0]['lastlogoff'];
$_SESSION['steam_profileurl'] = $content['response']['players'][0]['profileurl'];
$_SESSION['steam_avatar'] = $content['response']['players'][0]['avatar'];
$_SESSION['steam_avatarmedium'] = $content['response']['players'][0]['avatarmedium'];
$_SESSION['steam_avatarfull'] = $content['response']['players'][0]['avatarfull'];
$_SESSION['steam_personastate'] = $content['response']['players'][0]['personastate'];
if (isset($content['response']['players'][0]['realname'])) {
$_SESSION['steam_realname'] = $content['response']['players'][0]['realname'];
} else {
$_SESSION['steam_realname'] = "Real name not given";
}
$_SESSION['steam_primaryclanid'] = $content['response']['players'][0]['primaryclanid'];
$_SESSION['steam_timecreated'] = $content['response']['players'][0]['timecreated'];
$_SESSION['steam_uptodate'] = true;
}
$steamprofile['steamid'] = $_SESSION['steam_steamid'];
$steamprofile['communityvisibilitystate'] = $_SESSION['steam_communityvisibilitystate'];
$steamprofile['profilestate'] = $_SESSION['steam_profilestate'];
$steamprofile['personaname'] = $_SESSION['steam_personaname'];
$steamprofile['lastlogoff'] = $_SESSION['steam_lastlogoff'];
$steamprofile['profileurl'] = $_SESSION['steam_profileurl'];
$steamprofile['avatar'] = $_SESSION['steam_avatar'];
$steamprofile['avatarmedium'] = $_SESSION['steam_avatarmedium'];
$steamprofile['avatarfull'] = $_SESSION['steam_avatarfull'];
$steamprofile['personastate'] = $_SESSION['steam_personastate'];
$steamprofile['realname'] = $_SESSION['steam_realname'];
$steamprofile['primaryclanid'] = $_SESSION['steam_primaryclanid'];
$steamprofile['timecreated'] = $_SESSION['steam_timecreated'];
}
What I want to happen is when someone logs in, where the sign in button was, I want to show the steam name as well as the avatar of whoever signed in.

Did you read the documentation? To show avatar, do the following:
$steamprofile['avatar'] // 32x32 version of avatar
$steamprofile['avatarmedium'] // 64x64 version of avatar
$steamprofile['avatarfull'] // 184x184 version of avatar
To display the Steam username, do the following:
$steamprofile['personaname']
It's all written in the README.md file at the bottom.
EDIT: If you want to show the image, do something like this:
echo '<img src="' . $steamprofile['avatar'] . '" />';
That will put the image URL from $steamprofile['avatar'] into an <img> element.

how to stop duplicate values from being written to text file using php

i have a script that keeps reloading every 2 seconds, i made a code to create a txt file for each user IP and write the user name $name inside it. my problem is that everytime my script reloads it will write the $name of the specific IP again with every reload.
the code is
$ip_file = "ips/".$ip.".txt";
$logip = fopen($ip_file,"a", 1);
$name = $name."\n";
fwrite($logip, $name);
fclose($logip);
return;
i need some way to verify if the name is already in the $ip_file and if it's there then not to write it again.
the idea behind this is to check if the same IP is used by more than one $name and then create a function to check all the $ip_file files for more than 1 $name and if so ban the violating $ip
thanks in advance

$ip_file = "ips/".$ip.".txt";
$names = file_get_contents($ip_file); //read names into string
if(false === strpos($names,$name)) { //write name if it's not there already
file_put_contents($ip_file,"$name\n",FILE_APPEND);
}

Is this what you need?
<?php
$ip_file = "ips/".$ip.".txt";
$name = $name."\n";
if (file_exists($ip_file)) {
$valueInFile = file_get_contents($ip_file, true);
if ($valueInFile == $name) {
//Do something
}
} else {
$logip = fopen($ip_file,"a", 1);
fwrite($logip, $name);
fclose($logip);
}
return;
?>
From:
http://php.net/manual/en/function.file-exists.php

Categories