Okay so I have a joomla site that uses a compponet that is used to create events or booking times. My problem is I can't find the form file that I am trying to access within my joomla administrator componets directory for the com of that plugin. Here is the URL of that form makeanappointment/create?dtstart=201404250930&cal_id=5
So my question is is there a script I can run in PHP to find out all those files being called in and their location?
David
Theres a PHP function called get_included_files() which returns a list of all files that were loaded via include, include_once, require and require_once.
It may be a bit primitive for what you are looking for (it doesn't have the caller line numbers etc), but it will at least show you all the files used during a particular execution. Just add a call to that function near the end of the main script.
Since it returns an array you'll probably need to dump the contents (i.e. print_r(get_included_files()).
See the get_included_files() manual page on php.net for more usage details.
When looking for a particular source file, I usually expand the extension installation file on my local machine and then use a search utility to find instances of text used on the web page.
Once I can find the correct source file on my local machine, it's usually fairly easy to find the file on the website.
Related
Before I describe the problem, here is a basic run-down of the overall process to give you a clearer picture. Additionally, I am a novice at PHP:
I have a WordPress website that uses CPanel as its web hosting software
The WordPress website has a form (made by UFB) that has the user upload an image
The image gets directed to the upload folder (/uploads) by using image_upload.php
The image is then downloaded onto a computer, and a program is run which generates numbers about the picture(the number generator program is in python)
After the numbers are generated, it calls on report.php and template.xlsm
Report.php gets those generated numbers and then puts them into their designated places on the xlsm file
The xlsm file is then converted into a pdf, which is then emailed to the user that submitted the picture.
I inherited all of this code from someone else who wanted me to help them on this project. Here is my problem:
I don't understand how the PHP files are being called. I have python code ready to run the number generator online, however, I can't do this without figuring how the PHP files are being called.
I understand what the PHP files do, I just don't understand how they are being called. I tried doing a -grep search for both image_upload.php and report.php, but I come up empty. There aren't any other PHP files that seem to do an include(xyz.php), which is supposed to be how PHP files are called. I don't understand what calls image_upload.php to get the pictures moved into the /uploads folder. I also don't understand what calls report.php to make it run. I tried looking in functions.php, where most of the other PHP files are called, but report.php and image_upload.php aren't.
Please help me! If any clarification is needed, just comment, and I will try to provide any help I can!
An easy way to get the the calling functions (including include and require calls) from any point in your PHP scripts is to get the stacktrace:
$e = new Exception();
var_dump($e->getTraceAsString());
You can also use an logger instead of the var_dump.
Unfortunately a simple grep for requires and includes won't suffice for a large project like WordPress due to the use of autoloading:
https://www.php.net/manual/en/language.oop5.autoload.php
While this resource isn't specific to your project, and things could be setup drastically different in your project, I think the details here may provide enough hints about autoloading to get you started in the right direction to understanding things in more depth:
https://wordpress.stackexchange.com/questions/212153/using-spl-autoloading-within-wordpress-plugin
I've made a config.php file which contains all definitions and variables that should be used in all over my website, and I should include it in every single page (paying attention at different relative paths)...
Is there a way to make this file automatically visible from all PHP files without manually including it every time?
Or is there an alternative way to make all constant definitions visible everywhere?
Thank you.
A way is to build your web PHP app with an unique enter point, instead of several points (different PHP files). This unique point will be the main index.php, wich will load config.php and also the PHP file according for the requested URL. So, in your operating PHP files you don't need to include config, because they're included by index.php instead. This is a strategy matter. Obviously, you need to think well before start to build. Or you can rely on an existing framework or something.
According to this advisory, .pht files can be used to execute PHP code:https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5074/
However, I am unable to find much information on this file format. I am also unable to get an Apache server running PHP to execute this file.
Does anyone have more information regarding this file format?
It's not used much. This is a quote from file-extensions.org
The PHT file stores HTML page that includes a PHP script, dynamically generates HTML, often by accessing database information.
PHT seems to be very little used format.
These days, you're more likely to see .phtml files. Where there is a mix of PHP and HTML in the file, it still needs to be parsed by the PHP processor to create the right output.
I am not aware of a web server that handles PHT files with the PHP handler by default. Given their nature it's much more likely that they would be templates, included from another PHP file.
In this use case, the included file can have any extension the developer desires and there could be no official association.
Is there any tool out there which could tell the useless files in the code base?
We have a big code base (PHP, HTML, CSS, JS files) and I want to be able to remove the not needed files. Any help would be appreciated.
I'm guessing deleting files and running your phpunit tests is a none starter.
If your files are not already in a version-control system - add them. Having the files in a version control system (such as svn or git) is crucial to allow you to recover from deleting any files that you thought were not being used but you later find out were.
Then, you can delete anything you think may not be being used, and if it doesn't affect the running of your application you can conclude that the files aren't used. If adverse effects show up - you can restore them from your repository with ease.
The above is most appropriate (probably) for frontend files (css, js, images). Any files you delete that are requested will show up in your webserver error log giving you a quick reference for files that nolonger exist that you need to restore.
For your php files, that's quite a bit more tricky, How did you arrive at a position where you have php files which you aren't using? Anyway you could for example:
Use xdebug
Enable profiling
Use append mode (one profile)
Use all the functions of your application
and you would then have a profile which includes all files you loaded. Scanning the generated profile for each php file in your codebase will give you some indication of which files you didn't use.
If you are only looking for unused files, don't be tempted to use code coverage analysis - it is very intensive and not the level of detail you're asking for.
A slightly less risky way would be to log whenever a file is loaded. e.g. put this at line one of each file:
<?php file_put_contents('/some/location/fileaccess.log', __FILE__, FILE_APPEND); ?>
and simply leave your application to be used for a while (days, weeks). Thereafter just scan that log, for any file that is named - remove the above line of code. For any that are not - delete (preferably after looking for the filename in your whole sourcecode and confirming it's nowhere).
OR: you could use a shutdown function which dumps the response of get_included_files() to a log file. This would allow you to achieve the same without editing all php files in your source tree.
Caveat: Be careful deleting your php files. Whereas a missing css/js/image will probably mean your application still works, a missing php file of course will have rather more impact :).
If it is in Git why not delete the local file and then do a git rm <file name> to remove it from that branch.
Agree with everything said by #AD7six.
What you might like to try with PHP is to log the use of the files in someway (logging to flat file or database).
This technique does not have to be in place for long you can do it with an include and require_once at the top of each file.
That technique also works for javascript functions you can just print to the console each function, and then unit test your site. You can probably clean out a lot of redundant code that way.
The rest is not so easy, but version tracking is the way to go.
I have a series of web sites all hosted on the same server with different domains. I want to host some common PHP scrips and then be able to call these from the other domains.
Im am a bit fresh with my php so pls excuse code attempts - I have tried iterations of the following which may try and help you understand what I am aiming for!
from within php tags ...
include('http://www.mydomain/common_include.php?show_section=$section');
$show_section = $_GET['show_section'];
include('http://www.mydomain/common_include.php');//Then $show_section would be available to the included file/cod
Finally I have tried pulling in the include which contains a function then trying to run that include from the parent script.
I would much prefer to keep this PHP
orientated rather than getting
involved with the server (file
systems etc (but I can change
permissions etc)
I can but would prefer not to just upload the same library to each of the domains separately
I understand PHP is run on the server hence maybe problematic to include scripts across onto another server.
Thanks in advance.
#
EDIT
OK OK - I get that its bad practice so will not do it....THANKS VERY MUCH FOR THE QUICK ANSWERS.
However is there any other recommendations of how to esentially show this basic php app on all of the sites with out haveing to add the files to the root of each site? Just to prevent massive script duplication...(thinking out loud call the scripts in from a db or anyother soloutions)
Again thanks for your assistance
That would be a huge security risk if you could just include remote PHP files to your own projects. The PHP gets parsed before the server sends it to you so cross-domain includes would only contain the output the script generates. The only way to include PHP files so that they can be executed is via local filesystem.
If you look at PHP.net's documentation about include, you can find this:
If "URL fopen wrappers" are enabled in PHP (which they are in the default configuration), you can specify the file to be included using a URL (via HTTP or other supported wrapper - see List of Supported Protocols/Wrappers for a list of protocols) instead of a local pathname. If the target server interprets the target file as PHP code, variables may be passed to the included file using a URL request string as used with HTTP GET. This is not strictly speaking the same thing as including the file and having it inherit the parent file's variable scope; the script is actually being run on the remote server and the result is then being included into the local script.
Which pretty much explains the whole thing.
The root of the original question seemed to be the poster's concern about using a PHP script or plugin on multiple sites and then having an onerous task each time it needs to be updated. While trying to include PHP files across sites is a bad idea, it is a better plan to structure your script to be as self contained as possible. Keep the entire plugin contained in one directory.... and ensure your function calls to utilize it are as well formed as possible - clean, well named functions, uniform naming conventions and a well thought out plan for what parameters each function needs. Avoid using global variables.
Ideally you should then have quite an easy time each time you need to update the plugin/script in all locations. You can even set up an automated process that will upload the new directory containing the plugin to each site replacing the old one. And the function calls within your code should rarely if ever change.
If your script is big enough you might implement an automatic update process like the more recent versions of Wordpress use. Click a button and it updates itself. In the past, updating a dozen sites running Wordpress (as an example) was a massive pain.
That is very bad practice.
Actually you're including not PHP but just HTML code.
Include files, not urls. It is possible for the same server.
Just use absolute path to these files.
Apart from the fact that it's a bad practice you should first check if include allows URLs if you really want to do that.
If however all the sites that need to use the script, you could put the script somewhere in a directory accessible by the user that executes php and add that dir to the php.ini include_path property (can also be done at runtime)
(Or you could create a php extension and load it as extension)
If you have root rights on that server, you could just use absolute path from filesystem root, but most hostings won't let you do this.