Commands tagged PHP (39)


  • 14
    find . -name \*.php -exec php -l "{}" \;
    Koobiac · 2011-08-02 12:12:32 3

  • 6
    php -i
    elzapp · 2009-08-11 14:17:13 2
  • Quick and easy way to find out which php.ini file is being used. Especially useful if you just need to find the location of the file for editing purposes. Show Sample Output


    5
    php -i | grep php.ini
    jemmille · 2009-12-23 15:52:20 1
  • If you need to xdebug a remote php application, which is behind a firewall, and you have an ssh daemon running on that machine. you can redirect port 9000 on that machine over to your local machine from which you run your xdebug client (I am using phpStorm) So, run this command on your local machine and start your local xdebug client, to start debugging. more info: http://code.google.com/p/spectator/wiki/Installing


    3
    ssh -R 9000:localhost:9000 [email protected]
    nadavkav · 2011-05-28 09:39:16 1
  • Run the function phpinfo() on the shell


    2
    php -r phpinfo();
    amaymon · 2009-08-11 07:00:51 1
  • Tired of front end developers using short open tags in your views? This will replace all instances of


    2
    find . -name '*.phtml' | xargs perl -pi -e 's/(?!(<\?(php|xml|=)))<\?/<\?php/g;'
    crashspeeder · 2014-05-07 14:33:19 0
  • Useful to crawl where the javascript is declared, and extract it a common file. You can redirect it to a file to review item by item. Show Sample Output


    2
    grep -r "<script" | grep -v src | awk -F: '{print $1}' | uniq
    sucotronic · 2014-07-23 06:24:31 3

  • 2
    ps axo pcpu,args | awk '/[p]hp.*pool/ { sums[$4] += $1 } END { for (pool in sums) { print sums[pool], pool } }' | sort -rn | column -t
    phunehehe · 2014-12-11 05:31:04 2

  • 1
    php -r "phpinfo\(\);"
    s0x · 2009-08-11 13:39:16 0
  • This is a simple bash function and a key binding that uses commandlinefu's simple and easy search API. It prompts for a search term, then it uses curl to search commandline fu, and highlights the search results with less.


    1
    function ds { echo -n "search : "; read ST; EST=`php -r "echo rawurlencode('$ST');"`; B64=`echo -n $ST| openssl enc -base64`; curl -s "http://www.commandlinefu.com/commands/matching/$EST/$B64/plaintext" | less -p "$ST"; } ; bind '"\C-k"':"\"ds\C-m\""
    cparker · 2011-02-20 23:46:16 0
  • Creates HTML code from PHP source Show Sample Output


    1
    php -s source.php > source.html
    ruslan · 2011-03-10 15:11:35 0
  • Requires installed command line PHP. Also, try at different dimensions of terminal window


    1
    php -r 'function a(){$i=10;while($i--)echo str_repeat(" ",rand(1,79))."*".PHP_EOL;}$i=99;while($i--){a();echo str_repeat(" ",34)."Happy New Year 2011".PHP_EOL;a();usleep(200000);}'
    galymzhan · 2011-04-21 05:08:56 0

  • 1
    php --ini
    alpha1130 · 2011-08-02 06:19:11 0

  • 1
    php -m
    rockon · 2012-05-27 12:08:52 0
  • Checks for syntax errors in PHP files modified in current working copy of a Git repository. Show Sample Output


    1
    git status -s | grep -o ' \S*php$' | while read f; do php -l $f; done
    ruslan · 2013-12-14 11:47:54 0
  • If the version already downloaded. it will not download again Show Sample Output


    1
    wget -N --content-disposition http://www.adminer.org/latest.php
    rickyok · 2014-09-12 07:52:45 0
  • Really only valuable in a PHP-only project directory. This is using standard linux versions of the tools. On most older BSD variants of sed, use -E instead of -r. Or use: sed 's/\+[[:space:]]\{1,\}//' instead. Show Sample Output


    0
    for i in `svn status | egrep '^(M|A)' | sed -r 's/\+\s+//' | awk '{ print $2 }'` ; do if [ ! -d $i ] ; then php -l $i ; fi ; done
    brephophagist · 2009-05-29 23:59:28 1

  • 0
    egrep -v "^[[:blank:]]*($|#|//|/\*| \*|\*/)" somefile
    sdadh01 · 2009-11-10 18:49:19 0
  • simply change extension for others programming languages


    0
    for FILE in $(svn status | grep ? | grep .php); do svn add $FILE; done
    unixmonkey2005 · 2011-12-27 17:49:33 0
  • People are *going* to post the wrong ways to do this. It's one of the most common form-validation tasks, and also one of the most commonly messed up. Using a third party tool or library like exim means that you are future-proofing yourself against changes to the email standard, and protecting yourself against the fact that actually checking whether an email address is valid is *not possible*. Still, perhaps your boss is insisting you really do need to check them internally. OK. Read the RFCs. The bet before the @ is specified by RFC2821 and RFC2822. The domain name part is specified by RFC1035, RFC1101, RFC1123 and RFC2181. Generally, when people say "email address", they mean that part of the address that the RFC terms the "addr-spec": the "[email protected]" address, with no display names, comments, quotes, etc. Also "[email protected]" and "root" should be invalid, as should arbitrary addressing schemes specified by a protocol indicator, like "[email protected]:foo^bar^baz". So... With the smallest poetic license for readability (allowing underscores in domain names so we can use "\w" instead of "[a-z0-9]"), the RFCs give us: ^(?:"(?:[^"\\]|\\.)+"|[-^!#\$%&'*+\/=?`{|}~.\w]+)@(?=.{3,255}$)(?:[\w][\w-]{0,62}\.){1,128}[\w][\w-]{0,62}$ Not perfect, but the best I can come up with, and most compliant I've found. I'd be interested to see other people's ideas, though. It's still not going to verify you an address fersure, properly, 100% guaranteed legit, though. What else can you do? Well, you could also: * verify that the address is either a correct dotted-decimal IP, or contains letters. * remove reserved domains (.localhost, .example, .test, .invalid), reserved IP ranges, and so forth from the address. * check for banned domains (whitehouse.gov, example.com...) * check for known TLDs including alt tlds. * see if the domain has an MX record set up: if so, connect to that host, else connect to the domain. * see if the given address is accepted by the server as a recipient or sender (this fails for yahoo.*, which blocks after a few attempts, assuming you are a spammer, and for other domains like rediffmail.com, home.com). But these are moving well out of the realm of generic regex checks and into the realm of application-specific stuff that should be done in code instead - especially the latter two. Hopefully, this is all you needed to point out to your boss "hey, email validation this is a dark pit with no bottom, we really just want to do a basic check, then send them an email with a link in it: it's the industry standard solution." Of course, if you want to go nuts, here's an idea that you could do. Wouldn't like to do it myself, though: I'd rather just trust them until their mail bounces too many times. But if you want it, this (untested) code checks to see if the mail domain works. It's based on a script by John Coggeshall and Jesse Houwing that also asked the server if the specific email address existed, but I disliked that idea for several reasons. I suspect: it will get you blocked as a spambot address harvester pretty quick; a lot of servers would lie to you; it would take too much time; this way you can cache domains marked as "OK"; and I suspect it would add little to the reliability test. // Based on work by: John Coggeshall and Jesse Houwing. // http://www.zend.com/zend/spotlight/ev12apr.php mailRegex = '^(?:"(?:[^"\\\\]|\\\\.)+"|[-^!#\$%&\'*+\/=?`{|}~.\w]+)'; mailRegex .= '@(?=.{3,255}$)(?:[\w][\w-]{0,62}\.){1,128}[\w][\w-]{0,62}$'; function ValidateMail($address) {   global $mailRegex; // Yes, globals are evil. Put it inline if you want.   if (!preg_match($mailRegex)) {     return false;   }   list ( $localPart, $Domain ) = split ("@",$Email);   // connect to the first available MX record, or to domain if no MX record.   $ConnectAddress = new Array();   if (getmxrr($Domain, $MXHost)) {     $ConnectAddress = $MXHost;   } else {     $ConnectAddress[0] = $Domain;   }   // check all MX records in case main server is down - may take time!   for ($i=0; $i < count($ConnectAddress); $i++ ) {     $Connect = fsockopen ( $ConnectAddress[$i], 25 );     if ($Connect){       break;     }   }   if ($Connect) {     socket_set_blocking($Connect,0);     // Only works if socket_blocking is off.     if (ereg("^220", $Out = fgets($Connect, 1024))) {       fclose($Connect); // Unneeded, but let's help the gc.       return true;     }     fclose($Connect); // Help the gc.   }   return false; } Show Sample Output


    0
    perl -e "print 'yes' if `exim -bt $s_email_here | grep -c malformed`;"
    DewiMorgan · 2012-02-28 04:42:41 0

  • 0
    php -e -c /path/to/php.ini -r 'echo "OK\n";';
    Gurre · 2012-08-08 15:05:10 0
  • Shows files and processes of the command php


    0
    watch -d=c -n3 'lsof -itcp -iudp -c php'
    AskApache · 2013-03-14 01:24:50 0
  • Searched strings: passthru, shell_exec, system, phpinfo, base64_decode, chmod, mkdir, fopen, fclose, readfile Since some of the strings may occur in normal text or legitimately you will need to adjust the command or the entire regex to suit your needs.


    0
    find ./public_html/ -name \*.php -exec grep -HRnDskip "\(passthru\|shell_exec\|system\|phpinfo\|base64_decode\|chmod\|mkdir\|fopen\|fclose\|readfile\) *(" {} \;
    lpanebr · 2013-04-03 12:42:19 0
  • I have found that base64 encoded webshells and the like contain lots of data but hardly any newlines due to the formatting of their payloads. Checking the "width" will not catch everything, but then again, this is a fuzzy problem that relies on broad generalizations and heuristics that are never going to be perfect. What I have done is set an arbitrary threshold (200 for example) and compare the values that are produced by this script, only displaying those above the threshold. One webshell I tested this on scored 5000+ so I know it works for at least one piece of malware.


    0
    for ii in $(find /path/to/docroot -type f -name \*.php); do echo $ii; wc -lc $ii | awk '{ nr=$2/($1 + 1); printf("%d\n",nr); }'; done
    faceinthecrowd · 2013-04-05 19:06:17 0
  • Using PHP shell to URL decode a string. Show Sample Output


    0
    echo "q+werty%3D%2F%3B" | php -r "echo urldecode(file_get_contents('php://stdin'));"
    kartikssj · 2013-07-17 11:37:36 0
  •  1 2 > 

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Find if the command has an alias

Convert seconds to [DD:][HH:]MM:SS
Converts any number of seconds into days, hours, minutes and seconds. sec2dhms() { declare -i SS="$1" D=$(( SS / 86400 )) H=$(( SS % 86400 / 3600 )) M=$(( SS % 3600 / 60 )) S=$(( SS % 60 )) [ "$D" -gt 0 ] && echo -n "${D}:" [ "$H" -gt 0 ] && printf "%02g:" "$H" printf "%02g:%02g\n" "$M" "$S" }

Get AWS temporary credentials ready to export based on a MFA virtual appliance
You might want to secure your AWS operations requiring to use a MFA token. But then to use API or tools, you need to pass credentials generated with a MFA token. This commands asks you for the MFA code and retrieves these credentials using AWS Cli. To print the exports, you can use: `awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'` You must adapt the command line to include: * $MFA_IDis ARN of the virtual MFA or serial number of the physical one * TTL for the credentials

Show a curses based menu selector
Not so much handy by itself, but very nice in shell scripts. This makes you a handy ncurses based checklist. Much like terminal installers, just use the arrow keys and hit 'Space' to adjust the selections. Returns all selected tags as strings, with no newline at the end. So, your output will be something like: "one" "two" "three" "four" "etc" For those who prefer bash expansion over gratuitious typing: $ whiptail --checklist "Simple checkbox menu" 12 35 3 $(echo {one,two,three,four}" '' 0"} ) Things to note: The height must includes the outer border and padding: add 7 to however many items you want to show up at the same time. If the status is 1, it will be selected by default. anything else, will be deselected.

Wait for file to stop changing
Here's a way to wait for a file (a download, a logfile, etc) to stop changing, then do something. As written it will just return to the prompt, but you could add a "; echo DONE" or whatever at the end. This just compares the full output of "ls" every 10 seconds, and keeps going as long as that output has changed since the last interval. If the file is being appended to, the size will change, and if it's being modified without growing, the timestamp from the "--full-time" option will have changed. The output of just "ls -l" isn't sufficient since by default it doesn't show seconds, just minutes. Waiting for a file to stop changing is not a very elegant or reliable way to measure that some process is finished - if you know the process ID there are much better ways. This method will also give a false positive if the changes to the target file are delayed longer than the sleep interval for any reason (network timeouts, etc). But sometimes the process that is writing the file doesn't exit, rather it continues on doing something else, so this approach can be useful if you understand its limitations.

Convert Youtube videos to MP3
youtube-dl has this functionality built in. If you're running an older version of youtube-dl, you can update it using `youtube-dl -U` (although if you have an older version, it probably doesn't download youtube videos anyway.) youtube-dl --help will show you other options that may come in useful.

Search for a string inside all files in the current directory
options: -n line nbrs, -i ignore case, -s no "doesn't exist", -I ignore binary args: * for all files of current dir (not hidden), .[!.]* for all hidden files I don't include by default the -R (recursive) option, which is not always useful. You add it by hand when needed.

Graphically show percent of mount space used
Automatically drops mount points that have non-numeric sizes (e.g. /proc). Tested in bash on Linux and AIX.

write text or append to a file
If you just want to write or append some text to a file without having to run a text editor, run this command. After running the command, start typing away. To exit, type . on a line by itself. Replacing the >> with a single > will let you overwrite your file.

Display a cool clock on your terminal
This command displays a clock on your terminal which updates the time every second. Press Ctrl-C to exit. A couple of variants: A little bit bigger text: $ watch -t -n1 "date +%T|figlet -f big" You can try other figlet fonts, too. Big sideways characters: $ watch -n 1 -t '/usr/games/banner -w 30 $(date +%M:%S)' This requires a particular version of banner and a 40-line terminal or you can adjust the width ("30" here).


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: