[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Where is my PHP site getting it's data?

Posted on 2013-10-23
5
Medium Priority
?
295 Views
Last Modified: 2013-10-24
I have been charged with supporting a custom programmed e-commerce web site. I need help figuring out two items. Not exactly sure where to start....

 1) Figure out what database and how the PHP site is connecting to.

 2) Figure out what table needs to be changed to make a change on the site.

I'm used to seeing a file like config.php that defines the database, db user, and password, but this config.php does not have any of that. There appears to be a lot of XML going on too.
0
Comment
Question by:jasgot
5 Comments
 
LVL 15

Expert Comment

by:Ess Kay
ID: 39594055
typically it would be in the header


check if the site a headerimported

ie: include(header.php)


somewhere in there there would be a link to the settings/config file.
Or, if it uses xml, the xml might have the config details

you can also perform a serch for the keywords : "server" thought the directories
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39594266
What is the URL of the site?  We may be able to guess if we can see the "signature" in the generated HTML.

Other than that, you would start with index.php and read the code, looking for include() and require() functions.
0
 

Expert Comment

by:rvcw
ID: 39595105
It's hard to say without seeing any code. Typically there would be a file which defines the database access details. Try searching for where some queries are and see if you can backtrack your way to eventually fine the database connection details.

It may also help to have some debugging in place so you can see what's going on as it's happening. For example you can have an IDE like NetBeans and enable x-debug. Either set a break point somewhere at the beginning, or if you find any queries set breakpoints there or have it pause at the first line. This way, you can view the code being executed line by line and when it starts doing anything db related it should show you where that file is and where everything is coming from.
0
 
LVL 11

Accepted Solution

by:
Murfur earned 2000 total points
ID: 39596927
I'm assuming that you have access to the source code.

What you see in terms of files and folders and even IN the files can all provide clues to help you understand your target.

Look for any text files in the docroot, e.g. license.txt or humans.txt as these will almost certainly contain info for the benefit of the developer.

Have a look at the folder structure in the docroot of the site - folders and their names may suggest what framework being used.

Look for developer comments in the pages.


Next, remember that every PHP page that needs to do anything with the database will have to load the db connection details so we just need to look for the db reference in a PHP page.

Start with index.php (you have to start somewhere) but failing that any php file will do.

Includes will typically be near the top, find the included file and go back from there.
Again, look for developer comments.

search for 'mysql' as a string and specifically look for any functions - e.g. mysql_connect
search for environment variables like DBHOST or DBNAME

and so on...

Can you give us the URL? Logic suggests that an commerce site is public...
0
 

Author Closing Comment

by:jasgot
ID: 39597075
The data was hard coded in a .pl script on another server.  Thanks.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windocks is an independent port of Docker's open source to Windows.   This article introduces the use of SQL Server in containers, with integrated support of SQL Server database cloning.
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Via a live example, show how to shrink a transaction log file down to a reasonable size.
Suggested Courses
Course of the Month18 days, 17 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question