Let’s take a look at the installation interface of discuz, a well-known domestic forum:
If you install it here, why does it modify the config.inc.php file?
Let’s use a few simple techniques to uncover its so-called mystery!
File planning:
1.index.php -- Display modification interface
2.edit.php -- Modify function code
3.config .php -- the actual modification part
index.php displays the modification interface. Display the configuration items in config.php. Displayed in the form:
<?php include 'config.php'; ?> <form action="edit.php" method="post"> <input type="text" name="DB_HOST" value="<?php echo DB_HOST;?>" /><br /> <input type="text" name="DB_USER" value="<?php echo DB_USER;?>" /><br /> <input type="text" name="DB_PWD" value="<?php echo DB_PWD;?>" /><br /> <input type="text" name="DB_NAME" value="<?php echo DB_NAME;?>" /><br /> <input type="submit" value="修改" /> </form>
2.edit.php Read the config.php file and treat this file as a string. I then use regular expression matching to modify the content.
<?php $string=file_get_contents('config.php'); //DB_HOST localhost foreach($_POST as $key=>$val){ //定义正则来查找内容,这里面的key为form表单里面的name $yx="/define\('$key','.*?'\);/"; //将内容匹配成对应的key和修改的值 $re="define('$key','$val');"; //替换内容 $string=preg_replace($yx,$re,$string); } //写入成功 file_put_contents('config.php',$string); echo '修改成功'; ?>
config.php The part that actually stores the configuration file stores the real config.php file content:
<?php define('DB_HOST','localhost'); define('DB_USER','root'); define('DB_PWD','root'); define('DB_NAME','neirong'); ?>
Have you discovered that this is not as difficult as you thought. Combined with the knowledge of regular expression expressions and files, you can do it!