Jump to content

Archived

This topic is now archived and is closed to further replies.

feverbird

Checking if file contains a string.

Recommended Posts

Hi Community! :-) (Sorry for my average english)

I recently started coding in php, till now, i allready have advanced skills in programming with C# and thus, had no problems writing my own script.

 

Still, my script does not really work, i'm trying to check if a file contains a md5(string), but the script never finds the string.

This is the script: (please don't mind any security issues, this is just a test. But if you have any tips and tricks to improve the security, i'd be glad to receive them)

<?php
$webname = $_POST["webname"];
$webcode = $_POST["webcode"];
$webpass = $_POST["webpass"];
if (file_exists("web/". $webname . ".html")) {
$file = file_get_contents("web/". $webname . ".html", "r");

if (strpos(md5($webpass),$file) !== false) {
$usergen = fopen("web/" . $webname . ".html", "w")  or die("Unable to open file!");
fwrite($usergen, $webcode);
fwrite($usergen, "<!--- ". md5($webpass) . "--->");
fclose($usergen);
echo "Generated! You can view your site under /web/" . $webname . ".html";
}
else
{
echo "The file already exists but you entered the wrong Password.<br> Pressing the \"return\" Button will bring you back without loosing the code you entered.";
}
}
else
{
$usergen = fopen("web/" . $webname . ".html", "w")  or die("Unable to open file!");
fwrite($usergen, $webcode);
fwrite($usergen, "<br><!--- ". md5($webpass) . " --->");
fclose($usergen);
echo "Generated! You can view your site under /web/" . $webname . ".html";
}
echo "<FORM><INPUT Type=\"button\" VALUE=\"Back\" onClick=\"history.go(-1);return true;\"></FORM>";
?>

What it does it pretty simple, you enter some html-code that'll be stored in the "webcode" variable, a password, let's say "apple" in "webpass" and the filename is stored in "webname".
On first creation, a html-file is created with the
<!--- md5(apple) --->

at it's end, the HTML Tags are needed to hide the string from any visitors.

If someone wants to edit the File created before, he also enters "apple".
Then the string will be looked up as md5(apple) in the file.
If the strings match, it's true and the changes should be saved.
Whatever i do, though, i'm allways ending up here if i try to edit an existing file:

"The file already exists but you entered the wrong Password.<br> Pressing the \"return\" Button will bring you back without loosing the code you entered.";
As i said, i'm a newbie, i'd appreciate any tips and help.

Thank you in advance!

Share this post


Link to post
Share on other sites

The arguments for strpos on line 10 are the wrong way round.

 

strpos requires the haystack as the first argument (in your case $file) and the needle as the second argument (in your case md5($webpass))

if (strpos($file, md5($webpass)) !== false)

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.