How to presence of some string data in PHP code

Question

I have the code below which list files from directory and all sub directory and its working fine.

Now what I want to achieve is to only display PHP files that contains the following string functions eval, system, shell_exec.

I guess I have to create an array like

$check=array("unescape", "system(","shell_exec(");

Below is the code that just list all the PHP files

function c_check($path){

    if(file_exists($path) && is_dir($path)){
        $files = glob($path ."/*");
        if(count($files) > 0){
            // Loop through retuned array
            foreach($files as $file){
                if(is_file("$file")){

                    // Display only filename
                    echo basename($file) . "<br>";
                } else if(is_dir("$file")){
                    c_check("$file");
                }
            }
        } else{
            echo " directory file not found";
        }
    } else {
        echo " directory does not exist.";
    }
}

// Call the function
c_check("../content_folder");

score 0 · Accepted Answer · answered Jul 20 '19 at 07:19

You could do something similar to the code below, loading each file and then checking if it contains any of those strings.

Keep in mind this won't be very fast, i'd consider using something like grep and parsing it's output.

function c_check($path)
{
    $checks = ["unescape", "system(", "shell_exec("];

    if (file_exists($path) && is_dir($path)) {
        $files = glob($path . "/*");
        if (count($files) > 0) {
            // Loop through returned array
            foreach ($files as $file) {
                if (is_file("$file")) {
                    $fileContents = file_get_contents($file);

                    foreach ($checks as $illegalString) {
                        if (strpos($fileContents, $illegalString) !== false) {
                            echo basename($file) . "<br>";
                        }
                    }
                } else {
                    if (is_dir("$file")) {
                        c_check("$file");
                    }
                }
            }
        } else {
            echo " directory file not found";
        }
    } else {
        echo " directory does not exist.";
    }
}

My example is looping over the `$checks` array, and passing each of the strings it contains to `strpos` — atymic, Jul 20 '19 at 07:22
thanks. Your solution really works just fine and great. please do you have alternative on how to search it faster with grep method. waiting to hear from you. thanks — chinazaike, Jul 20 '19 at 09:22
For example, something like this will output only the filenames the strings you want to find: `grep -r -l "unescape|system(|shell_exec("` — atymic, Jul 20 '19 at 09:33

score 0 · Answer 2 · answered Jul 20 '19 at 07:19

0

You have to read the content of the file first and do a search. Try replacing your if block in foreach loop with this.

if(is_file("$file")){
    $contents = file_get_contents($file);
    if(strpos($contents, "eval")!==false || strpos($contents, "system")!==false || strpos($contents, "shell_exec")!==false){
        //this is the file you're looking for.
    }
}

It read the content for the file and make a search for the words.

answered Jul 20 '19 at 07:19

A J

3,970
14
38
53

Thanks your solution also works great just that its slow – chinazaike Jul 20 '19 at 09:24
Well, you have to read the content to find that string. That's why it is slow. – A J Jul 20 '19 at 09:26
@chinazaike see [this related question](https://stackoverflow.com/q/3686177/4932070). – A J Jul 20 '19 at 09:30

How to presence of some string data in PHP code

2 Answers2