Solved

Php or asp availability lookup

Posted on 2004-07-30
8
331 Views
Last Modified: 2008-03-10

Does anyone have, and can develop, a form and script that allows a user (web visitor) to enter a url and find out  if the server that url is on is php or asp enabled, and what php/asp version is on it?

I just need something that will allow people to enter their url and learn if their server supports (and which versions) of php or asp.

Thanks,    Chris

0
Comment
Question by:St_Aug_Beach_Bum
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 27

Expert Comment

by:Diablo84
ID: 11683034
The problem is the only way to get information about php installation is using php and running a script, for example, the most basic test script:

<?php
echo "hello world";
?>

or to print php info

<?php
phpinfo();
?>

but you can run a script on their server remotely so unless there is another way of connecting to their server and extracting information about the installed software the only option i can think of is to get the user to download a small script and get them to run it on their server. The best example of which would be:

---------------------------------------------
<?php
echo "Your server has php support";
echo "<!--";
?>

Your server does not have php support

<?php
echo "-->";
?>
---------------------------------------------

If php is installed they will see "Your server has php support" (and not the html message because it will have been commented out). The downside is this method is a little inconvienient and doesnt give you much information but as i said unless there is an alternative way of extracting such information from their server that im unaware of there may be little choice.

Diablo
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11683039
>> but you can run a script on their server remotely

sorry, should have been can't run a script on their server remotely

with regards to ASP i would imagine the same rules apply and you could use the same method to test.
0
 
LVL 18

Expert Comment

by:CrYpTiC_MauleR
ID: 11683508
You can check the server banner, like php.net's server banner is...

Server: Apache/1.3.26 (Unix) mod_gzip/1.3.26.1a PHP/4.3.3-dev

Its a HTTP header the server sends out after a request, Do this...

<?php

$php = FALSE;
$asp = FALSE;

$header = '';
$url = 'http://www.php.net/';
$page = @ fopen($url, 'r');
$headers = @ stream_get_meta_data($page);
@ fclose($page);

foreach ($headers['wrapper_data'] as $header)
{
    if (strstr($header, 'Server:')) {
        if (stristr($header, 'php')) {
            $php = TRUE;
        }
        if (stristr($header, 'iis')) {
            $asp = TRUE;
        }
    } else if (strstr($header, 'X-Powered-By:')) {
        if (stristr($header, 'php')) {
            $php = TRUE;
        }
        if (stristr($header, 'iis')) {
            $asp = TRUE;
        }
    }
}

if ($php)
    echo $url . ' has PHP';

if ($asp)
    echo $url . ' has ASP';

?>
0
 
LVL 18

Expert Comment

by:CrYpTiC_MauleR
ID: 11683514
that will get a satart on detecting if a page has ASP or PHP, to get the version you will need to just get the substring from the 'Server' or 'X-Powered-By' headers. Do note not all servers will output a header but most do. This is the only way I can see in remotelt checking a servers capabilites. If you want you can just echo the entire server banner to the user so they can see additonal modules and languages used by the server. Good luck!


-Nick
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 18

Expert Comment

by:CrYpTiC_MauleR
ID: 11683521
Another thing is to access invlaid URL like www.somesite.com/pagethatdoesnotexist.html and retreive the stream_get_meta_data() as in my code above, then you can see if it was redirected and check the 404 page's extention if its PHP or ASP, that wont be as good as above where you can see the version to but it should be used alongside the above code in the event the server banner is not there.
0
 
LVL 2

Accepted Solution

by:
blackelvis earned 500 total points
ID: 11683704
if "curl" is installed on your server (it's initially installed on most linux machines), you can just fetch the target servers http answer header without anything else (no script etc. needed on the target server).

it works just like this:

exec ("curl --head --connect-timeout 30 --location www.domain.com", $curlReturn);
echo implode ("<br />", $curlReturn);

that's it!

--head tells curl only to get the header
--connect-timeout explains itself (otherwise it will try to connect forever if the target isn't available)
--location tells curl to follow redirects
www.domain.com is the target server

this fetches the header information you need in form of an array.
like this:

$curlReturn [0] => HTTP/1.1 200 OK
$curlReturn [1] => Date: Sat, 31 Jul 2004 12:00:31 GMT
$curlReturn [2] => Server: Apache
$curlReturn [3] => X-Powered-By: PHP/5.0.0RC2
$curlReturn [4] => Content-Type: text/html; charset=ISO-8859-1

now, if you want, you can parse the header with a regular expression to strip the information you want to display or test against or just output everything. it's just a shorter approach ;)

cheerio
0
 
LVL 2

Expert Comment

by:blackelvis
ID: 11683711
oh, if you pass user input to shell commands, don't forget to use escapeshellargs ($userInput)!
0
 

Author Comment

by:St_Aug_Beach_Bum
ID: 11684590

Thank you all for the feedback and ideas :)

I've been sitting here debating on whether to go with CrYpTiC_MauleR's or blackelvis's solution.  I will go with blackelvis here, but CrYpTiC_MauleR - I appreciate your help as well and will keep an eye out for you in the future.

Chris
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
mysqli 3 22
Could you point a way to form a view's combo based on Codeigniter's results? 4 20
Move wordpress site 3 24
Problem sending file attachments 8 24
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now