PHP
$whoami
- LAVI
- Slides are made by CHA
- 輔大資工二乙
- 長期霸榜的卷姊
- 110 屆會長
- Hel10 H@ck1r 第一名
Agenda
- Intro
- Syntax 0x1
- Data Types, Loops, Functions...
- Syntax 0x2
- Superglobals
- Protocol
Warning
Intro
PHP
- PHP: Hypertext Preprocessor
- elePHPhant
- 腳本語言
- 弱型別語言
- 動態語言
PHP (cont'd)
PHP (cont'd)
- 後端開發
Syntax 0x1
PHP Sandbox, test PHP online, PHP tester
https://sandbox.onlinephpfunctions.com/
<?php
// 單行註解
/*
多行註解
*/
echo "Hello World\n";
ECHO "heLLo World\n";
eChO "Hello wORlD\n";
?><filename>.php
Data Types
- Numbers
- Integer
- Float
<?php
$a = 123;
$_a = -123;
$b = 0123;
$_b = -0123;
$c = 0x123;
$_c = -0x123;
$f = 123.45;
$_f = -123.45;
?>Data Types (cont'd)
- Boolean
- String
<?php
$t = true;
$f = false;
$str = "NISRA!!!";
echo "I love $str!\n";
echo 'I love $str!\n';
echo "123" . '4' . ".5\n";
echo "123" + 4 + 0.56;
?>Conditions
- if
- elseif
- else
<?php
$t = date("H");
if("6" <= $t && $t < "12"){
echo "Good morning!";
}
elseif("12" <= $t && $t < "18"){
echo "Good afternoon!";
}
else{
echo "Good night!";
}
?>Loops
- while
- do...while
- for
- foreach
- break
- continue
<?php
$i = 1;
while($i <= 5){
echo $i++;
}
$j = 1;
do{
echo $j++;
}while($j <= 5);
for($k = 1; $k <= 5; $k++){
if($k == 5){
break;
}
elseif($k == 3){
continue;
}
echo $k;
}
$num = array(1, 2, 3, 4, 5);
foreach($num as $n){
echo "$n";
}
?>
LAB 0x1
- 用迴圈印出每邊 5 個 * 的空心菱形
<?php
for($i = 0; $i < 9; $i++){
for($j = 0; $j < 9; $j++){
if($i + $j == 4 || $i - $j == 4 || $i + $j == 12 || $j - $i == 4){
echo "*";
}
else{
echo " ";
}
}
echo "\n";
}
?>Data Types (cont'd)
- Arrays
- Indexed
- Associative
- Multidimensional
<?php
$f = array("A", "B");
echo $f[0] . " is " . $f[1] . "'s friend\n";
$f[2] = "C";
echo $f[1] . " is " . $f[2] . "'s friend\n";
$age = array("LAVI" => "19");
echo "LAVI is " . $age['LAVI'] . " years old.\n";
$data = array(array("LAVI", 160, 449),
array("TsaiTing", 165, 217),
);
?>Functions
<?php
function NISRA($arg){
if($arg === "name"){
echo "Network and Information Security Research Association\n";
}
elseif($arg === "year"){
return "since 2007\n";
}
}
nisra("name");
echo nisra(123);
function sum(int $x = 1, int $y = 2) {
return $x + $y;
}
echo sum(2, 3);
echo sum(4);
echo sum();
function add(&$value) {
$value++;
}
$num = 1;
add($num);
echo $num;
?>LAB 0x2
- 用自訂函式印五層巴斯卡三角形
<?php
function Pascal_Traingle($layer){
$pt = array(0);
for($i = 1; $i <= $layer; $i++){
$pt[$i] = 1;
}
for($i = 1; $i <= $layer; $i++){
for($j = 0; $j < $layer - $i; $j++){
echo " ";
}
for($j = $i; $j > 0; $j--){
echo $pt[$j] . " ";
$pt[$j] += $pt[$j - 1];
}
echo "\n";
}
}
Pascal_Traingle(5);
?>
Syntax 0x2
Comparison
- Comparison Operators
- ==, !=, <, >, ...
- Loose vs. Strict
- == vs. ===
- != vs. !==
<?php
var_dump(0 == "nisra");
var_dump(1 == "01");
var_dump("1" == "01");
?>
Superglobals
- $GLOBALS
- $GLOBALS[index].
- The index holds the name of the variable.
<?php
$x = 75;
$y = 25;
function addition() {
$GLOBALS['z'] = $GLOBALS['x'] + $GLOBALS['y'];
}
addition();
echo $z;
?>Superglobals
- $_SERVER
- Server and environment info
<?php
echo $_SERVER['PHP_SELF'];
echo $_SERVER['SERVER_NAME'];
echo $_SERVER['SCRIPT_NAME'];
?>Superglobals (cont'd)
- $_GET
- http://example.com/?user=nisra
- $_POST
<?php
$name = $_GET['user'];
echo 'Hello, ' . $name;
?>LAB 0x3
- 用迴圈印出每邊 $_GET 個 * 的空心菱形
<?php
$n = $_GET['side'];
$h = $n * 2 - 1;
$d = $n - 1;
for($i = 0; $i < $h; $i++){
for($j = 0; $j < $h; $j++){
if($i + $j == $d || $i - $j == $d || $i + $j == $d * 3 || $j - $i == $d){
echo "*";
}
else{
echo " ";
}
}
echo "\n";
}
?>Protocols & Wrappers
PHP Supported
- file:// - Accessing local filesystem
- http:// - Accessing HTTP(s) URLs
- ftp:// - Accessing FTP(s) URLs
- php:// - Accessing various I/O streams
- zlib:// - Compression Streams
- phar:// - PHP Archive
- ......
file://
-
file://<path>
- 存取檔案
- 絕對路徑
<?php
$p = $_GET['path'];
echo file_get_contents($p);
?>LAB 0x4
- 用 $_GET 讀取 /etc/passwd
- 獲取所有使用者的帳號資料
<?php
// http://localhost/?path=file:///etc/passwd
$p = $_GET['path'];
echo file_get_contents($p);
?>php://
-
php://<filter>/<parameters>
- read=<apply to read chain>
- resource=<stream to be filtered>
<?php
// ?file=php://filter/read=convert.base64-encode/resource=index.php
echo 'Hello World!';
?>學習資源
PHP
By CHA
PHP
PHP for NISRA 110-2 class
