မင်္ဂလာပါ!

လှိုက်လှဲစွာကြိုဆိုပါသည်။ ယခု ပထမဆုံးအကြိမ် ရောက်ဖူးခြင်းဖြစ်ပါသလား? ဝင်ရောက် ဆွေးနွေး မေးမြန်းလိုပါလျှင် အောက်တွင်ဖော်ပြထားသော button များမှတဆင့် ဝင်ရောက် ဆွေးနွေးနိုင်သကဲ့သို့ အဖွဲ့ဝင်အသစ်အနေဖြင့်လည်း လျှောက်ထားနိုင်ပါတယ်။

MYSTERY ZILLION တွင် English သို့မဟုတ် Unicode ဖြင့်သာ အသုံးပြုခွင့်ရှိသည်။ ဇော်ဂျီ ၊ ဧရာ စသည်တို့ကို အသုံးပြုခွင့် မရှိ။ Unicode fonts များမှာ Mon3,Yunghkio, Myanamr3 စသည်များ အသုံးပြုနိုင်သည်။ Unicode Guide ကို ဒီမှာ Download ချပါ။ Zawgyi to Unicode Converter
Don't share ebook or software if nobody request. You can find free book websites on here. We are welcome for discussion or asking question instead.

From the basic steps of PHP to the professional of PHP

edited July 2008 in PHP
Actually, I’m not very cool in making lessons and this lesson that I made is based on the lessons that I learnt. So, please pardon me if you don’t understand the lessons and you can ask me anytime. I’ll explain you as much as I know and as much as I can. I also would like to request to the other members to help and participate with me in making lessons of PHP because I think it’s not too easy make a perfect lesson from only one person. Any suggestions and participations are welcomed.
In this topic, I’ll share you about PHP as much as I know. This section will start from the beginning of PHP. And it also will contain about the security featurces in php and vulnerable codes which are helpful for the attackers. The vulnerable codes about XSS, CSRF, LFI, RFI, SQL Injection etc… and will mention how to fix those vulnerabilities and how to bypass which are fixed by the developers and how to exploit.

မှတ်ချက်များ

  • edited June 2008 Registered Users
    From the basic steps of PHP to the professional of PHP

    Author : Cyber Hunter (Infofreakz)


    Part - 1


    ++ + Tags of PHP +++

    There are four types of php tags which you can write down to execute your commands and those will be interpreted to process

    +Standard Tag+

    +Short Tag+

    +ASP Tag+

    +Script Tag+
  • edited June 2008 Registered Users
    From the basic steps of PHP to the professional of PHP

    Author : Cyber Hunter (Infofreakz)


    Part - 1

    +++ Tags of PHP +++

    There are four types of php tags which you can write down to execute your commands and those will be interpreted to process

    +++ Standard Tag +++

    <?php
    …..
    ?>

    Eg ~

    <?php
    echo “We are Infofreakz”;
    ?>

    echo is used to display and “;” can be considered as the end of the statement.
    But, if you use statements within the different tags, “;” is optional. It means that it won’t effect anything even if you insert “;” or not. But, if you would like to insert the multiple statements in the same tag, you need to insert “;” at the end of each statement.

    eg ~

    <?php
    echo “Hello Friends”;
    echo “We are Infofreakz”;
    ?>


    +++ Short Tag +++
    <?

    ?>


    eg ~
    <?
    echo “We are Infofreakz”;
    ?>


    +++ ASP Tag +++

    It is designed as the ASP style tag processing to attract the Microsoft ASP script designers. Similarly to the usage of the mentioned tags, asp tags can be seen as follows:

    <%

    %>

    eg ~

    <%
    echo “We are Infofreakz”;
    %>


    +++ Script Tag +++

    For the pplz who are familiar with HTML, it isn’t too hard

    <SCRIPT LANGUAGE=”php”>

    </SCRIPT>

    eg ~

    <SCRIPT LANGUAGE=”php”>
    echo “We are Infofreakz”;
    </SCRIPT>

    In the previous case, you also can used “print” instead of “echo”

    Eg ~
    <?php
    print “We are Infofreakz”;
    ?>
    <?
    print “We are Infofreakz”;
    ?>
    <%
    print “We are Infofreakz”;
    %>

    <SCRIPT LANGUAGE=”php”>
    print “We are Infofreakz”;
    </SCRIPT>

    For the tags, all of the tags are turned on except ASP style tags. So, we have to turn on (enable) the ASP tags. To enable the ASP tags, you can enable it in “php.ini”.

    eg ~

    ; Allow ASP-style <% %> tags.
    asp_tags = off

    ; Allow ASP-style <% %> tags.
    asp_tags = on

    You just need to change “on” instead of the place of “off”. I think that’s enough for tags. Lets move to the next… !
  • edited June 2008 Registered Users
    From the basic steps of PHP to the professional of PHP

    Author : Cyber Hunter (Infofreakz)

    Part - 2

    +++ Comments +++

    Comments are the texts in the script which are ignored by the interpreter. Which means that if you write down about the code which will be helpful for you but you don’t wish to take any effect for it
    eg ~ You wish to make a note for the script and you also wish that it won’t effect to the script that you wrote. In those situations, comments are used.

    There are two kinds of comments namely Single Line comments and Multi Line comments.


    +++ Single Line comments +++


    For the Single Line comments, we can write down with two signs
    // (C++ Style comment)

    # (*nix/Linux Shell Style comment)
    Eg ~
    // This is the script written by Infofreakz
    # This is the script written by Infofreakz
    +++ Multi Line comments +++

    For the Multi Line comments, we can write down like that

    /*
    Hello pplz
    We are Infofreakz and
    We love hacking
    */
    It is called C Style comments.

    In this case, you must know that all of those comments are working only when they are between the opening tag and closing tag.

    eg ~

    <?php
    //This is for greeting
    echo “Hello pplz”;
    ?>
    <?php
    #This is about us
    echo “We are Infofreakz”;
    ?>

    <?php
    /*
    This is for the codes
    Which will be used for
    Multiple lines
    */
    echo “We love hacking”;
    ?>
    I think that’s enough for it and hopefully that you will understand. Lets move to the next… !
  • edited June 2008 Registered Users
    From the basic steps of PHP to the professional of PHP

    Author : Cyber Hunter (Infofreakz)

    Part - 3

    +++ Variables +++

    Explanation of variables

    To define to hold a value, special containers namely variables are used. It consists of a name that can be chosen and proceeded by “$”. The variable names can include letter, numbers, and underscore character (_). Neither of spaces nor characters that are not alphanumeric can be included. PHP supports many types of variables. We can echo the different types of variables within a file.

    PHP supports 8 types of variables.

    booleans
    integers
    floats
    strings
    arrays
    objects
    NULL
    resource


    +++ Booleans +++

    Used to make the condition true or false.

    eg ~
    Booleans = true/false


    +++ Integers +++

    Integers can include the different types of values such as decimal, octal, hax.

    eg ~
    Integer = 5

    +++ Strings +++


    In the Strings, we can define the collection of characters. We can define strings by using Single Quotes (‘ ‘) and Double Quotes (“ ”) and “here documents”.
    eg ~
    String = “hello”

    +++ Arrays +++

    Arrays are used to store as many values in the same variable. You can store only one value at a time in a variable. If you would like to overcome those limitations, you can use special variables namely arrays. I’ll explain you later. For now, just keep in your mind that the arrays are “key/value pairs”. Many of the variables that are maintained by the PHP are stored within arrays.

    +++ Objects +++

    It can be defined as the enclosed bundle of variables and functions forged from a class. Objects hide their inner workings away from the code that uses them and providing instead easy interfaces through which you can send them orders and they can return information. I’ll mention the detail in later.

    +++ NULL +++

    Variables that are undefined are considered as NULL.


    +++ resources +++

    Another special type of variables.




    I think that’s enough for it and hopefully that you will understand. Lets move to the next and lets practice… !
  • edited June 2008 Registered Users
    Infofreakz ရေ ဖြစ်နိုင်မယ်ဆိုရင် အစ အခြေခံအဆင့်လေးတွေကို မြန်မာလိုရှင်းပြပေးပါလားဗျာ။ အပျင်းကြီးတာမဟုတ်ပါဘူး (ဒါပေမယ့် အပျင်းကြီးတာပဲပေါ့ )။ ဘာမှမသိထားတော့ ဖတ်ရတာလဲ ခေါင်းရှုပ်လာလို့ပါ။ အင်္ဂလိပ်လို လေ့လာသင့်တာောတ့ သိပါတယ်။ ခု ကျွန်တော့် ဆန္ဒကတော့ အစပိုင်း အခြေခံသဘောတရားတွေရှင်းပြတဲ့ အချိန်မှာ မြန်မာလိုလေး ရှင်းပြစေချင်ပါတယ်။ နောက်တော့မှ တစ်ဖြည်းဖြည်း ခြင်းအဆင့်တက်ပြီး simple eng ကနေ တိုးပြီးရေးသွားစေချင်ပါတယ်။


    ကျေးဇူး
  • edited June 2008 Registered Users
    we're deadly stupid in myanmar typing....! that'swhy i always write my lessons in english...!

    suggesting us to make our lessons in english meant us to try to be crazy...!
    :(( :(( :((
  • edited June 2008 Registered Users
    ဟုတ်ကဲ့ခင်ဗျာ ကျွန်တော်နားလည်ပါပြီ။ ကျွန်တော်အနေနဲ့ကလဲ technical ပိုင်းလဲ ဖြစ် english လဲ ဆိုတော့ ဆိုတော့ ရိုးရိုးအင်္ဂလိပ်စာ ဖတ်ရတာ ထက် ခက်နေလို့လေ။ :)

    အဆင်ပြေသလိုပေါ့ဗျာ။ :P
  • edited June 2008 Administrators
    Good tutorial ... infofreakz !!!
    carry on !!!! carry on please ....
  • edited June 2008 Registered Users
    thanks men...!
    your requests and suggestions boosts me up to make another tutorials...!
    :6:
    now, i'm making the tutorials about "arrays"
    i promise you that i'll take you guys until you can hack into the sites which are based on PHP
    icon10.gif
  • edited June 2008 Registered Users
    Thanks for the tutorials, infofreakz.
    And looking forward to the new tutorial, Arrays. :1:
  • edited June 2008 Registered Users
    Author : Cyber Hunter (Infofreakz)

    Part - 3

    +++Variables+++

    Exercises

    Exercise : 1

    In this exercise, lets define some variables using “strings”.
    <?php
    $my_name = ‘CyberHunter’;
    $my_organization = ‘Infofreakz’;
    $my_occupation= ‘Student’;
    ?>
    As you see the code mentioned in above, how do you think? Do you think that you will see the output as follow?

    CyberHunterInfofreakzStudent
    No, you can’t coz none of those variables are printed. None of the variables can be seen until they are printed. If you would like to see, you need to print/echo those variables as follows :

    <?php
    // this state is defining variables
    $my_name = ‘CyberHunter’;
    $my_organization = ‘Infofreakz’;
    $my_occupation = ‘Student’;
    // this state is printing variables
    echo $my_name, $my_organization, $my_occupation;
    ?>
    Then, you can see the output as follows :



    CyberHunterInfofreakzStudent
    Btw, you need to insert “;” to ensure that you end the statement. And I hope that you’ve already noted that the type of variable that I used is “string” in this exercise. In the earlier, I mentioned about string and hopefully that you still remember it. “strings” use Single Quotes (‘ ‘) and Double Quotes (“ ”) and “here documents”. Now, I hope that you get the basic knowledge of variables and know how to define variables by using “strings”.

    Exercise : 2

    In this exercise, lets define some variables by using “integers”.
    <?php
    $date = 20;
    $month = 6;
    $year = 1945;
    echo $date, $month, $year;
    ?>
    Ok, just guess the output what you will see. ( I’m sure that I don’t know that it is the *** of ***** ). Just for fun. Do you note that “integer” variables do not require any quotes. I hope that you’ve already noted that all of those variables are described without any spacing. If you would like to output those variables with spacing you need to insert as follows :
    <?php
    $date = 20;
    $month = 6;
    $year = 1945;
    echo $date, “\t”, $month, “\t” $year;
    // in this case, “\t” stands for “tab”
    ?>
    You also can insert “ ” instead of “\t”.

    Exercise : 3

    In this exercise, lets create a variable using “here documents”. By the way, “here documents” are used to create the variables which contains multiple lines.
    <?php
    // defining the variable
    $herevar = <<<WTF
    This is he here document
    <br>
    Written by
    <br>
    Infofreakz.
    <br>
    WTF;
    // to echo the variable
    echo $herevar;
    ?>
    In this exercise, do you notice that I used “<<<”? Ya men. It’s importand and after “<<<”, delimiters that you wish can be followed. And the end delimiter must be the same with the delimiter which follows at the end of “<<<”.

    eg ~
    $herevar = <<<HACK

    HACK;
    You should also keep in mind that the delimiter at the end must be at the first column. Else, it’ll be failed.

    Exercise : 4

    In this exercise, lets practice for arrays.
    <?php
    $my_name = ‘CyberHunter’;
    $my_organization = ‘Infofreakz’;
    $my_occupation= ‘Student’;
    ?>
    In the above example that you can consider those variables such as

    $my_name = ‘CyberHunter’;

    You can consider that “my_name” is the “key” and “CyberHunter” is the “value”.

    It’s a php entry within an array and these are key/value pairs. And that’s how arrays are constructed in php.

    Ok men, lets see about arrays
    <?php
    //defining the array
    $info1 = array(“nick” => “cyberhunter”, “organization” => “infofreakz”);
    //echoing the array
    echo $info1[“nick”];
    ?>
    In this example, what will be the output is and how do you think? It’ll print the value of the key named “nick”. You should keep in mind “left to right” which means “key => value”. So, “nick” is the “key” and “cyberhunter” is the “value”. I hope that you’ll understand that “organization” is the next “key” and “infofreakz” is the next “value”.

    “( )” will specify the elements of the array. It means that we can specify the elements within “( )”. To echo the array, you just need to insert the key within “[ ]”. Then, the value of the key which you inserted will be described. If you would like to echo the multiple value of the keys, you can insert the next key after the first key.

    eg ~
    <?php
    //defining the array
    $info1 = array(“nick” => “cyberhunter”, “organization” => “infofreakz”);
    //echoing the array
    echo $info1[“nick”], $info1[“organization”];
    ?>
    Hopefully that you are still understanding.

    Ok, lets go to some other advanced in arrays. As I explained, arrays can hold the multiple values within the same variable. So, lets check.
    <?php
    $arr1 = array(“members” => array (“member1” => “cyberhunter”, “member2” => “whh”, “member3” => “devil”));
    ?>
    In the above exercise, what do you see? I constructed a variable named arr1 and is the array. This array includes the key namely “members” and its value is redirecting to an array which contains multiple keys and values such as “member1”, “member2”, “cyberhunter” and “whh”. Ok, if you would like to echo it, you need to echo the array named “arr1” and within the “[]”, you need to describe the key. But, after assigning the key within the bracket, which value will be echoed? You need to describe the another key of the array.
    eg ~
    <?php
    $arr1 = array(“members” => array(“member1” => “cyberhunter”, “member2” => “whh”, “member3” => “devil”));
    echo $arr1[“members”][“member1”];
    ?>
    Now, I expect that you’ve already got the basic idea for the variables.

    I think that’s enough for it and hopefully that you will understand. Lets move to the next… !
    (now, i'm making the lessons for the server variables)
  • edited July 2008 Registered Users
    Author : Cyber Hunter (Infofreakz)

    Part - 4
    +================+
    Server Variables
    +================+

    There are common types of variables namely server variables and here are few of those variables.

    phpinfo ()
    it will show the information of PHP

    eg ~
    <?php
    //it will show about the information of PHP
    phpinfo ()
    ?>


    $_SERVER[‘’]

    $_SERVER[‘HTTP_USER_AGENT’];
    It is used to show the browser info

    eg ~
    <?php
    echo $_SERVER[‘HTTP_USER_AGENT’];
    ?>

    $_SERVER[‘PHP_SELF’];
    This variable is used to see the current script

    eg ~
    <?php
    echo $_SERVER[‘PHP_SELF’];
    ?>

    $_SERVER[‘REQUEST_METHOD’];
    It is used to see which method is used.
    eg ~
    <?php
    echo $_SERVER[‘REQUEST_METHOD’];
    ?>

    $_SERVER[‘REMOTE_ADDR’];
    The variable used to see the ip address of the client
    eg ~
    <?php
    echo $_SERVER[‘REMOTE_ADDR’];
    ?>

    $_SERVER[‘HTTP_REFERER’];
    Used to show the directory/page where you come from
    eg ~
    <?php
    echo $_SERVER[‘HTTP_REFERER’];
    ?>



    I think that’s enough for it and hopefully that you will understand. Lets move to the next… !
  • edited July 2008 Registered Users
    here's the sample n hopefully that u'll satisfy abt it...!
    :67:
    <?php
    /*
    phpinfo()
    */
    ?>
    <?php
    echo "This will display the browser that you use and it is named HTTP_USER_AGENT", "<br>";
    echo $_SERVER;
    ?>
    <br><br>
    <?php
    $herevar = <<<here
    This will show you the script which is currently running
    <br>
    and it is called PHP_SELF.
    <br>
    It not only shows the current page,
    <br>
    but also describes the entire directory from the root directory
    <br>
    here;
    echo $herevar;
    echo $_SERVER;
    ?>
    <br><br>
    <?php
    echo "This will show the method that is used", "<br>";
    echo "The method that specifies the URL in the address bar is considered as the GET method", "<br>";
    echo "Any variables that are passed within the URL string are passed using the GET method", "<br>";
    echo $_SERVER;
    ?>
    <br><br>
    <?php
    $herevar = <<<here
    This will show you the root of the documentry
    <br>
    It means that it will show the directory
    <br>
    where the directory of "DOCUMENT_ROOT"
    <br>
    which is configured in the "httpd.conf" is located in the web server.
    <br>
    It will show the absolute path on the system
    <br>
    So, if you would like to perform the attacks,
    <br>
    you should know the "paths" of the files in the targeted system.
    <br>
    So, it's very important in hacking
    here;
    echo $herevar;
    echo $_SERVER;
    ?>
    <br><br>
    <?php
    echo "This will show you the IP address of the calling machine or the calling client", "<br>", "By using the REMOTE_ADDR, you can log the ip address of the calling client", "<br>", "By using this variable, you can trace the attacker", "<br>";
    echo $_SERVER;
    ?>
    <br><br>
    <?php
    echo "This variable will show you the previous link where you come from", "<br>";
    echo $_SERVER;
    ?>
  • edited July 2008 Registered Users
    Actually, as a student, making those lessons isn’t too easy for me. Whenever I finished those lessons, I always tired too much. So, I would like to request to the others to help me by sharing your knowledge to the others and please help me to continue those lessons until those are completed. And I also would like to get the suggestions. Hopefully that you have mood to help. As for me, I planned my lesson with those topics
    Tags of php
    Comments
    Explanation of variables
    Exercises of variables
    Server variables
    Methods (GET/POST)
    Loopings
    Functions
    Cookies
    Working with Database
    etc…

    I aimed those lists for the learning of PHP topic.
    For the reference, I referred the book “Teach yourself PHP in 24 hours” as the reference and make the lessons by myself.

    For the security, I would like to make the white paper about the several kinds of attacks such as XSS, CSRF, SQL Injection, Blind SQL Injection, Exploits, Cookie Spoofing, Cookie manipulation, Phishing, RFI, LFI, inserting EXIF Data into the images etc… Moreover, I also would like to explain how to find those vulnerabilities, how to perform the attack by using those vulnerabilities, how to fix those vulnerabilities and how to bypass.

    I think that the scope is wide for a little bit and it can’t be finished with only one person. So, I expect that you’ll help me in making those lessons.
Sign In or Register to comment.