我正在为我正在工作的网站制作安装脚本,我在制作生成config.php文件的脚本时遇到了问题。以下是我为配置文件生成字符串的方式:
<?php
if (file_exists("config.php")) {
header("Location: index.php");
} else {
if (isset($_POST['smtp_password'])) {
if (!($configFile = fopen("config.php", "c"))) {
print("ERROR: Cannot write in this directory!");
exit();
}
$config = <<<EOT
<?php
$_AMCFG['login_dir'] = '{$_POST['login_dir']}'; /* LINE 12 */
$_AMCFG['server_key'] = '{$_POST['server_key']}';
$_AMCFG['host'] = '{$_POST['host']}';
$_AMCFG['database'] = '{$_POST['database']}';
$_AMCFG['user'] = '{$_POST['user']}';
$_AMCFG['password'] = '{$_POST['password']}';
$_AMCFG['smtp_name'] = '{$_POST['smtp_name']}';
$_AMCFG['smtp_mail'] = '{$_POST['smtp_mail']}';
$_AMCFG['smtp_host'] = '{$_POST['smtp_host']}';
$_AMCFG['smtp_port'] = {$_POST['smtp_port']};
$_AMCFG['smtp_user'] = '{$_POST['smtp_user']}';
$_AMCFG['smtp_password'] = '{$_POST['smtp_password']}';
?>
EOT;
fwrite($configFile, $config);
$db = mysqli_connect($_POST['host'], $_POST['user'], $_POST['password']);
mysqli_select_db($db, $_POST['database']);
$sqlFile = file_get_contents("install.sql");
mysqli_multi_query($sqlFile);
mysqli_query($db, "INSERT INTO admins (steamid, name, mail, disabled, superadmin) VALUES ('"".escape($_POST['admin_steamid'])."'", '"".escape($_POST['admin_name'])."'", '"".escape($_POST['admin_email'])."'", 0, 1)");
}
}
?>
这是我得到的错误:(第12行)
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING)
我做错了什么?
这是我对这个问题的贡献,这是否是预期的结果,请参阅下面的结果。
<?php
$config = "<?php'n'n";
$config .= '$_AMCFG[''login_dir'']' . " = " . '$_POST[''login_dir'']' . ";'n";
$config .= '$_AMCFG[''server_key'']' . " = " . '$_POST[''server_key'']' . ";'n'n";
$config .= '$_AMCFG[''host'']' . " = " . '$_POST[''host'']' . ";'n";
$config .= '$_AMCFG[''database'']' . " = " . '$_POST[''database'']' . ";'n";
$config .= '$_AMCFG[''user'']' . " = " . '$_POST[''user'']' . ";'n";
$config .= '$_AMCFG[''password'']' . " = " . '$_POST[''password'']' . ";'n'n";
$config .= '$_AMCFG[''smtp_name'']' . " = " . '$_POST[''smtp_name'']' . ";'n";
$config .= '$_AMCFG[''smtp_mail'']' . " = " . '$_POST[''smtp_mail'']' . ";'n";
$config .= '$_AMCFG[''smtp_host'']' . " = " . '$_POST[''smtp_host'']' . ";'n";
$config .= '$_AMCFG[''smtp_port'']' . " = " . '$_POST[''smtp_port'']' . ";'n";
$config .= '$_AMCFG[''smtp_user'']' . " = " . '$_POST[''smtp_user'']' . ";'n";
$config .= '$_AMCFG[''smtp_password'']' . " = " . '$_POST[''smtp_password'']' . ";'n'n";
$config .= "?>";
echo $config;
HTML源代码中的哪一个回显:
<?php
$_AMCFG['login_dir'] = $_POST['login_dir'];
$_AMCFG['server_key'] = $_POST['server_key'];
$_AMCFG['host'] = $_POST['host'];
$_AMCFG['database'] = $_POST['database'];
$_AMCFG['user'] = $_POST['user'];
$_AMCFG['password'] = $_POST['password'];
$_AMCFG['smtp_name'] = $_POST['smtp_name'];
$_AMCFG['smtp_mail'] = $_POST['smtp_mail'];
$_AMCFG['smtp_host'] = $_POST['smtp_host'];
$_AMCFG['smtp_port'] = $_POST['smtp_port'];
$_AMCFG['smtp_user'] = $_POST['smtp_user'];
$_AMCFG['smtp_password'] = $_POST['smtp_password'];
?>
$config .= " $_AMCFG['smtp_port'] = ".$_POST['smtp_port'].";'n";
应为:
$config .= " $_AMCFG['smtp_port'] = '".$_POST['smtp_port'].";'n";
我想,当被"评估"时,这个代码会失败。
我认为您的问题在于在每行的前半部分使用双引号。当$_AMCFG[*]应该只是一个文字字符串时,您正试图对其进行插值。
试着在这个部分周围使用单引号,如下所示:
$config .= ' $_AMCFG['login_dir'] = '''.$_POST['login_dir']."';'n";
或者,我可以为此建议heredoc语法吗?这看起来像:
$config = <<<EOT
<?php
$_AMCFG['login_dir'] = '{$_POST['login_dir']}';
$_AMCFG['server_key'] = '{$_POST['server_key']}';
...
$_AMCFG['smtp_password'] = '{$_POST['smtp_password']}';
?>
EOT;
干净多了。事实上,您可以将该配置开发为一个单独的PHP文件,然后将其剪切/粘贴到位。
您的代码中有两个<?php实例。你只需要第一个。
第二个用于输出文件,需要转义。
$config = <<<EOT
'x3C?php
带有两个实例的旧版本混淆了php解析器。