PHP

$whoami

  • LAVI
  • Slides are made by CHA​
  • 輔大資工二乙
  • 長期霸榜的卷姊
  • 110 屆會長
  • Hel10 H@ck1r 第一名

Agenda

  • Intro
  • Syntax 0x1
    • Data Types, Loops, Functions...
  • Syntax 0x2
    • Superglobals
  • Protocol

Warning

中華民國刑法

Intro

PHP 之歌

PHP

  • PHP: Hypertext Preprocessor
  • elePHPhant
  • 腳本語言

圖片來源

圖片來源

  • 弱型別語言
  • 動態語言

PHP (cont'd)

PHP (cont'd)

  • 後端開發

Syntax 0x1

PHP Sandbox, test PHP online, PHP tester

https://sandbox.onlinephpfunctions.com/

<?php

// 單行註解

/*
   多行註解
*/

echo "Hello World\n";
ECHO "heLLo World\n";
eChO "Hello wORlD\n";

?>

<filename>.php

Data Types

  • Numbers
    • Integer
    • Float
<?php

$a = 123;
$_a = -123;
$b = 0123;
$_b = -0123;
$c = 0x123;
$_c = -0x123;
$f = 123.45;
$_f = -123.45;

?>

Data Types (cont'd)

  • Boolean
  • String
<?php

$t = true;
$f = false;

$str = "NISRA!!!";
echo "I love $str!\n";
echo 'I love $str!\n';
echo "123" . '4' . ".5\n";
echo "123" + 4 + 0.56;

?>

Conditions

  • if
  • elseif
  • else
<?php

$t = date("H");

if("6" <= $t && $t < "12"){
  echo "Good morning!";
}
elseif("12" <= $t && $t < "18"){
  echo "Good afternoon!";
}
else{
  echo "Good night!";
}

?>

Loops

  • while
  • do...while
  • for
  • foreach
  • break
  • continue
<?php

$i = 1;
while($i <= 5){
    echo $i++;
}

$j = 1;
do{
    echo $j++;
}while($j <= 5);

for($k = 1; $k <= 5; $k++){
    if($k == 5){
        break;
    }
    elseif($k == 3){
        continue;
    }
    echo $k;
}

$num = array(1, 2, 3, 4, 5);

foreach($num as $n){
  echo "$n";
}

?>

LAB 0x1

  • 用迴圈印出每邊 5 個 * 的空心菱形
<?php

for($i = 0; $i < 9; $i++){
    for($j = 0; $j < 9; $j++){
        if($i + $j == 4 || $i - $j == 4 || $i + $j == 12 || $j - $i == 4){
            echo "*";
        }
        else{
            echo " ";
        }
    }
    echo "\n";
}

?>

Data Types (cont'd)

  • Arrays
    • Indexed
    • Associative
    • Multidimensional
<?php

$f = array("A", "B");
echo $f[0] . " is " . $f[1] . "'s friend\n";
$f[2] = "C";
echo $f[1] . " is " . $f[2] . "'s friend\n";

$age = array("LAVI" => "19");
echo "LAVI is " . $age['LAVI'] . " years old.\n";

$data = array(array("LAVI", 160, 449),
    	      array("TsaiTing", 165, 217),
);

?>

Functions

<?php

function NISRA($arg){
    if($arg === "name"){
        echo "Network and Information Security Research Association\n";
    }
    elseif($arg === "year"){
        return "since 2007\n";
    }
}

nisra("name");
echo nisra(123);

function sum(int $x = 1, int $y = 2) {
  return $x + $y;
}

echo sum(2, 3);
echo sum(4);
echo sum();

function add(&$value) {
  $value++;
}

$num = 1;
add($num);
echo $num;

?>

LAB 0x2

  • 用自訂函式印五層巴斯卡三角形
<?php

function Pascal_Traingle($layer){

    $pt = array(0);

    for($i = 1; $i <= $layer; $i++){
        $pt[$i] = 1;
    }

    for($i = 1; $i <= $layer; $i++){
        for($j = 0; $j < $layer - $i; $j++){
            echo " ";
        }
        for($j = $i; $j > 0; $j--){
            echo $pt[$j] . " ";
            $pt[$j] += $pt[$j - 1];
        }
        echo "\n";
    }
}

Pascal_Traingle(5);

?>

Syntax 0x2

Comparison

  • Comparison Operators
    • ==, !=, <, >, ...
  • Loose vs. Strict
    • == vs. ===
    • != vs. !==
<?php

var_dump(0 == "nisra");
var_dump(1 == "01");
var_dump("1" == "01");

?>

圖片來源

Superglobals

  • $GLOBALS
    • $GLOBALS[index].
    • The index holds the name of the variable.
<?php
$x = 75;
$y = 25;
 
function addition() {
  $GLOBALS['z'] = $GLOBALS['x'] + $GLOBALS['y'];
}
 
addition();
echo $z;
?>

Superglobals

  • $_SERVER
    • Server and environment info
<?php

echo $_SERVER['PHP_SELF'];
echo $_SERVER['SERVER_NAME'];
echo $_SERVER['SCRIPT_NAME'];

?>

Superglobals (cont'd)

  • $_GET
    • http://example.com/?user=nisra
  • $_POST
<?php

$name = $_GET['user'];
echo 'Hello, ' . $name;

?>

LAB 0x3

  • 用迴圈印出每邊 $_GET 個 * 的空心菱形
<?php

$n = $_GET['side'];
$h = $n * 2 - 1;
$d = $n - 1;

for($i = 0; $i < $h; $i++){
    for($j = 0; $j < $h; $j++){
    	if($i + $j == $d || $i - $j == $d || $i + $j == $d * 3 || $j - $i == $d){
    		echo "*";
    	}
    	else{
    		echo " ";
    	}
    }
    echo "\n";
}

?>

Protocols & Wrappers

PHP Supported

  • file:// - Accessing local filesystem
  • http:// - Accessing HTTP(s) URLs
  • ftp:// - Accessing FTP(s) URLs
  • php:// - Accessing various I/O streams
  • zlib:// - Compression Streams
  • phar:// - PHP Archive
  • ......

file://

  • file://<path>
    • 存取檔案
    • 絕對路徑
<?php

$p = $_GET['path'];
echo file_get_contents($p);

?>

LAB 0x4

  • 用 $_GET 讀取 /etc/passwd
    • ​獲取所有使用者的帳號資料
<?php

// http://localhost/?path=file:///etc/passwd
$p = $_GET['path'];
echo file_get_contents($p);

?>

php://

  • php://<filter>/<parameters>
    • read=<apply to read chain>
    • resource=<stream to be filtered>
<?php

// ?file=php://filter/read=convert.base64-encode/resource=index.php
echo 'Hello World!';

?>

學習資源

Made with Slides.com