Tech Support Guy banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
941 Posts
Discussion Starter · #1 ·
I don't really know what's wrong with this script, at least it's not giving any errors :p , but I have no idea why it's not outputting the correct code.

what the scripts suppose to do is, you enter php code, and it outputes a php file with the code you inputed, so if you typed <?php echo "hello world'; ?> it would output hello world

Link: www.knight47.com/php_script // password is test

PHP:
<?php

if ($_POST['Submit'] && $_POST['pass'] == "test")
{
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">

PHP File Creator

php code:

      <?php

echo \"Hello World!\";

?>

 

 

 

 

";
}
elseif ($_POST['Submit'] !== "riad")
{
echo "[CENTER]Sorry, wrong password. If you would like access to this script, send a request to [URL][email protected][/URL][/CENTER]";
}
if ($_POST['create'])
{
$code = "script.php";
$create = fopen($code, 'w') or die("The file could not be created, please try again later");
fwrite($create, $code);
fclose($create);
echo '';
}
?>
The error, it keeps outputting "script.php" instead of the code inputted into the script, any idea why?

And yes, probably the sloppiest code ever, but hey, i'm not that good yet :)

Thanks.
 

·
Registered
Joined
·
2,183 Posts
Because you are never getting the code from the user. :)

You are checking for $_POST['create'] but $_POST['create'] is for the submit button. The name for the text area where the person would input their code is "code" so you would need to get that and then write that to the file, because right now your writing script.php as it should be. Try this:
PHP:
if ($_POST['create'])
{
$filename = "script.php";
$code = $_POST['code'];
$create = fopen($filename, 'w') or die("The file could not be created, please try again later");
fwrite($create, $code);
fclose($create);
echo '';
}
 

·
Registered
Joined
·
2,183 Posts
Oh and one more thing I would strongly recommend that once you get this working, change the password or take it down immediately because it is a HUGE security risk - you are essentially letting anybody run any PHP file on your server, which is not safe at all. ;)

You should either filter what they can put in or serve the file directly to the user using a force download script. :)
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top