WordPress.org

Ready to get started?Download WordPress

Forums

Phpinfo plugin for anyone who is interested (8 posts)

  1. SeanM
    Member
    Posted 8 years ago #

    First off I am very new to wprdpress and I am not a php coder. I wanted a way to view my phpinfo from the admin area so I threw this together. Simple, but not very elegant, but it works. I am sure there are better ways to do it, and I invite any feedback you may have.

    Why did I do a plugin as obosed to just having a phpinfo.php file out there, well because there are some security issues with doing so.

    Anyway here it is.

    <?php
    /*
    Plugin Name: PHPInfo
    Plugin URI:
    Description: Displays PHPInfo via the admin area.
    Version: v1.0
    Author: SCuM
    Author URI:
    */

    /*
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    */

    function phpinfoFromAdmin() {
    add_options_page('PHPInfo', 'PHPInfo', 9, basename(__FILE__), 'showPHPInfo');
    }

    add_action('admin_menu', 'phpinfoFromAdmin');

    function showPHPInfo()
    {
    // Get PHPINFO and parse info out
    ob_start();
    phpinfo();
    $phpinfo .= ob_get_contents();
    $phpinfo = preg_replace("#^.*<body>#is", "", $phpinfo);
    $phpinfo = preg_replace("#</body>.*$#is", "", $phpinfo);
    ob_end_clean();

    // Define PHPINFO Style
    $phpinfo_style = "
    <style type=\"text/css\">
    .wrap pre {margin: 0px; font-family: monospace;}
    .wrap table {border-collapse: collapse;}
    .wrap .center {text-align: center;}
    .wrap .center table { margin-left: auto; margin-right: auto; text-align: left;}
    .wrap .center th { text-align: center !important; }
    .wrap td, .wrap th { border: 1px solid #000000; vertical-align: baseline;}
    .wrap .p {text-align: left;}
    .wrap .e {background-color: #ccccff; font-weight: bold; color: #000000;}
    .wrap .h {background-color: #9999cc; font-weight: bold; color: #000000;}
    .wrap .v {background-color: #cccccc; color: #000000;}
    .wrap i {color: #666666; background-color: #cccccc;}
    .wrap img {float: right; border: 0px;}
    .wrap hr {width: 600px; background-color: #cccccc; border: 0px; height: 1px; color: #000000;}
    </style>";

    // Echo it to the screen
    echo $phpinfo_style . "<div class=\"wrap\">" . $phpinfo . "</div>";
    }
    ?>

  2. SeanM
    Member
    Posted 8 years ago #

    Oh sorry, for those who don't know how to install it...which would have been me before tonight. Just save the code to a file called phpinfo.php and put it in your plugins directory. Then go into the admin area and activate it. Then under Options you should see PHPInfo.

  3. churchtown
    Member
    Posted 8 years ago #

    SeanM----
    How sure are you that the information revealed by PHPinfo is available *ONLY* to admin?
    ----best wishes, Robert

  4. SeanM
    Member
    Posted 8 years ago #

    Not very. LOL. Like I said, I am very very new to wordpress. And this plugin is a hack job. I know enough PHP to be dangerous to myself and those around me. Which is one of the reasons I posted it here. I am fairly sure that it is only viewable in the admina area though. Sorry, I wish I could give you big comforting words, but I am still trying to figure out what I am doing.

  5. SeanM
    Member
    Posted 8 years ago #

    I should rephrase that. I did not post it because I am dangerous but I posted it because I might be and I was hoping someone could tell me if I was and if so how to clean it up or if someone wanted to spruce it up.

  6. SeanM
    Member
    Posted 8 years ago #

    OK I found userlevels...
    If you change this line:


    add_options_page('PHPInfo', 'PHPInfo', 9, basename(__FILE__), 'showPHPInfo');

    to this, then I think only the admin can as it says only admin has userleve 10


    add_options_page('PHPInfo', 'PHPInfo', 10, basename(__FILE__), 'showPHPInfo');

  7. churchtown
    Member
    Posted 8 years ago #

    SeanM----
    Now we're both being slightly misunderstood;~) I 'should' be the only user on any of my sites. I want to know if the existence of your information-divulging file is, in ANY fashion, likely to become available remotely. I already have bots at the door (right now) attempting to batter down the defenses with the current injection email exploit vulnerability of WP and/or its plugins [using the http_post process].
    ----best wishes, Robert

  8. SeanM
    Member
    Posted 8 years ago #

    To the best of my knowledge no. Althought I am not an expert and this was my first attempt to write something that I needed. If you use it then great, let me know how you like it, if you don't feel comfortable using it then don't. I have been using it every since I posted it with out any problems.

    And sorry for the long delay, I have not had much time lately to play with wordpress, I am still using the default theme if that tells you anything. And I would still like any input on how I could improve this, as given my lack of time as of late, I am still new to all of this.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags