This article brings you relevant knowledge about PHP, which mainly introduces the relevant content about phar. The full name of phar is PHP Archive. The phar extension provides a way to integrate the entire PHP application. Let’s take a look at the method of putting it into a phar file to facilitate moving and installation. I hope it will be helpful to everyone.
Recommended study: "PHP Video Tutorial"
1 What is a phar file
Jar (Java Archive) file, an application, including all executable and accessible files, are packaged into a JAR file, making the deployment process very simple.
Similar to JAR. The full name of phar is PHP Archive. The phar extension provides a way to put the entire PHP application into a .phar file to facilitate movement and installation. The biggest feature of phar files is a convenient way to combine several files into one file. .phar files provide a way to distribute a complete PHP program in a single file and run it from that file.
Unlike JAR, Phar can be processed by PHP itself, so there is no need to use additional tools to create or use it. It can be created or extracted using a PHP script.
.
2 Creation of phar
1 Modify the php.ini configuration file
The default status of the PHAR file is read-only , using Phar files does not require any configuration. Deployment is very easy. Because we now need to create our own Phar file, we need to allow writing to the Phar file. This needs to be modified php.ini
In my php.ini file, phar.readonly = On.
[Phar]
; http://php.net/phar.readonly
;phar.readonly = On
Copy after login
First, modify the phar.readonly option in php.ini, remove the preceding semicolon, and change the value to off. Due to security reasons, this option defaults to on. If it is disabled in php.ini (The value is 0 or off), then it can be turned on or off in the user script. If it is turned on in php.ini, the user script cannot be turned off, so it is set to off here to show the example.
Now, we can package the PHP application into a Phar file.
2 Create our own PHP file project
Here I copied directly from other people’s blog projects and did not demonstrate because my original intention of organizing this blog was To understand the phar:// vulnerability, use ctf. Therefore, the file names will not be modified according to the original author's. Reference articles will be added at the end.
First of all, I need to create the directory structure of the application according to a rule. The root directory is project, and the directory under project is as follows:
file
-yunek.js
-yunke.css
lib
-lib_a.php
template
-msg.html
index.php
Lib.php
Copy after login
There are two file folders JS and CSS files with empty content, only the demonstration phar can contain multiple file formats
lib_a.php content is as follows:
<?php
/**
* Created by yunke.
* User: yunke
* Date: 2017/2/10
* Time: 9:23
*/
function show(){
echo "l am show()";
}Copy after login
msg.html content is as follows:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>phar</title>
</head>
<body>
<?=$str; ?>
</body>
</html>
Copy after login
The content of index.php is as follows:
<?php
/**
* Created by yunke.
* User: yunke
* Date: 2017/2/10
* Time: 9:17
*/
require "lib/lib_a.php";
show();
$str = isset($_GET["str"]) ? $_GET["str"] : "hello world";
include "template/msg.html";
Copy after login
Lib.php content is as follows:
<?php
/**
* Created by yunke.
* User: yunke
* Date: 2017/2/10
* Time: 9:20
*/
function yunke()
{
echo "l am yunke()";
}Copy after login
3 Create phar file
The project file is ready, now it is in the same directory as the project folder Create a yunkeBuild.php to generate a phar format file with the following content:
<?php
/**
* Created by yunke.
* User: yunke
* Date: 2017/2/10
* Time: 9:36
*/
//产生一个yunke.phar文件
$phar = new Phar('yunke.phar', 0, 'yunke.phar');
// 添加project里面的所有文件到yunke.phar归档文件
$phar->buildFromDirectory(dirname(__FILE__) . '/project');
//设置执行时的入口文件,第一个用于命令行,第二个用于浏览器访问,这里都设置为index.php
$phar->setDefaultStub('index.php', 'index.php');Copy after login
Then access the yunkeBuild.php file in the browser and a yunke.phar file will be generated. At this time, the server root directory structure is as follows :
project
yunkeBuild.php
yunke.phar
This is the simplest process to generate a phar archive file.
Here I will make some other additions to facilitate better understanding:
1) The phar file is generated by accessing yunkeBuild.php, which is quite for execution. Therefore, you can execute the following code in the terminal to generate
aabouzekry@platinum:~/myapp$ php yunkeBuild.php
Copy after login
and then the yunke.phar file is generated.
2)new phar() generates phar object. Let’s interpret the parameters.
<?php
$phar = new Phar("/yunke.phar",
FilesystemIterator::CURRENT_AS_FILEINFO |
FilesystemIterator::KEY_AS_FILENAME, "yunke.phar");Copy after login
Explanation:
The creation of a new Phar object usually requires three parameters.
The first parameter is the path to the Phar file. Not only can you create Phar files through it, but you can also operate on existing Phar files.
The second parameter is to set how the Phar object handles files. Phar The object inherits the PHP RecursiveDirectoryIterator object, and this parameter is passed directly to the parent class. The value provided here is the default value of RecursiveDirectoryIterator, which can meet the current requirements.
The third parameter is the alias of the Phar file. This alias must be used when referencing this Phar file internally.
Usually just pass in the file name. That is the third parameter.
3) Add files to phar. There are several ways to add files:
调用类方法Phar::addFile($filepath,$localpath=?)添加文件,参数是文件绝对路径和(可选)存储到phar的相对路径
<?php
$phar = new Phar('yunke.phar');
$phar->addFile('test.php');
include('phar://yunke.phar/test.php') // in test.php
?>Copy after login
这里出现的phar://就是访问phar文件的一种方法,所以不需要太在意。
调用类方法Phar::addFromString($localpath,$contents)以字符串形式添加文件
<?php
$phar = new Phar('yunke.phar');
$phar->addFromString('test.php','<?php echo \'in test.php\'?>');
include('phar://yunke.phar/test.php'); // in test.php
?>Copy after login
调用类方法Phar::addEmptyDir($dirname)添加空目录,使用方法Phar::getContent()获取文件结构
<?php
$phar = new Phar('yunke.phar');
$phar->addEmptyDir('test'); // yunke.phar/test/
?>Copy after login
调用类方法Phar::buildFromDirectory($dir,$pattern = "")添加整个目录
<?php
$phar = new Phar('yunke.phar');
$phar->buildFromDirectory('test'); // test.php in test/
include('phar://yunke.phar/test/test.php'); // in test/test.php
?>Copy after login
4) 存根文件Stub,理解这个很重要。
归档文件中有一个存根文件stub,其实就是一段php执行代码,在制作归档时可以设置,直接执行归档文件时,其实就是执行它,所以它是启动文件;在脚本中包含归档文件时就像包含普通php文件一样包含它并运行,但直接以phar://的方式包含归档中某一个文件时不会执行存根代码, 往往在存根文件里面require包含要运行的其他文件,对存根文件的限制仅为以__HALT_COMPILER(); 结束,默认的存根设计是为在没有phar扩展时能够运行,它提取phar文件内容到一个临时目录再执行,不过从php5.3开始该扩展默认内置启用了。
stub是phar文件的文件头,格式为...<?php ...;__HALT_COMPILER();?>,…可以是任意字符,包括留空,且php闭合符与最后一个分号之间不能有多于一个的空格符。另外php闭合符也可省略。最短省略闭合符的stub是__HALT_COMPILER();?></p>
<p>运行Phar文件时,stub文件被当做一个meta文件来初始化Phar, 并告诉Phar文件在被调用时该做什么。</p>
<p>在我们的例子中,使用的是 <code>createDefaultStub() 方法。
其他的方式如下:
方法一:调用类方法Phar::setStub($string)为实例创建自定义stub
<?php
$phar = new Phar('yunke.phar');
$phar->setStub('<?php echo \'in stub!\';__HALT_COMPILER();?>');
include('phar://yunke.phar'); // in stub!
?>Copy after login
也可以
$phar->setStub($phar->createDefaultStub("index.php"));Copy after login
生成的缺省stub文件包含如下的代码:
<?php
Phar::mapPhar();
include "phar://yunke.phar/index.php";
__HALT_COMPILER();
Copy after login
createDefaultStub() 方法缺省创建的stub文件的内容很简单。 Phar::mapPhar() 用来分析Phar文件的元数据,并初始化它。stub文件的结尾处需要调用 __HALT_COMPILER() 方法,这个方法后不能留空格。__HALT_COMPILER() 会立即终止PHP的运行,防止include的文件在此方法后仍然执行。这是Phar必须的,没有它Phar将不能正常运行。
除此之外,我们还可以创建自己的stub文件来执行自定义的初始化过程,像这样加载自定义文件
<?php
$phar->setStub(file_get_contents("stub.php"));Copy after login
方法二:使用默认stub,调用类方法Phar::setDefaultStub()为实例设置默认stub,使用方法Phar::getStub()获取实例的stub
<?php
$phar = new Phar('yunke.phar');
$phar->setDefaultStub();
print_r($phar->getStub()); // 2, 'c' => 'text/plain', 'cc' => 'text/plain', ...
?>Copy after login
如果缺省创建stub,PHP会使用默认stub
<?php
$phar = new Phar('yunke.phar');
$phar['demo.txt'] = 'demo';
print_r($phar->getStub()); // 2, 'c' => 'text/plain', 'cc' => 'text/plain', ...
?>
Copy after login
4 phar文件的运行
我们在服务器根目录建立一个index.php文件来演示如何使用上面创建的phar文件,内容如下:
<?php
/**
* Created by yunke.
* User: yunke
* Date: 2017/2/8
* Time: 9:33
*/
require "yunke.phar";
require "phar://yunke.phar/Lib.php";
yunke();
Copy after login
如果index.php文件中只有第一行,那么和不使用归档文件时,添加如下代码完全相同:
require "project/index.php";
Copy after login
如果没有第二行,那么第三行的yunke()将提示未定义,所以可见require一个phar文件时并不是导入了里面所有的文件,而只是导入了入口执行文件而已,但在实际项目中往往在这个入口文件里导入其他需要使用的文件,在本例中入口执行文件为project/index.php。
补充:
可以为归档设置别名,别名保存在归档文件中永久保存,它可以用一个简短的名字引用归档,而不管归档文件在文件系统中存储在那里,设置别名:
$phar = new Phar('lib/yunke.phar', 0);
$phar->setAlias ( "yun.phar");
Copy after login
设置别名后可以如下使用:
<?php
require "lib/yunke.phar";
require "phar://yun.phar/Lib.php"; //使用别名访问归档文件
require "phar://lib/yunke.phar/Lib.php"; //当然仍然可以使用这样的方式去引用
Copy after login
如果在制作phar文件时没有指定别名,也可以在存根文件里面使用Phar::mapPhar('yunke.phar');指定。
5 phar文件的提取还原
我们有时候会好奇phar里面包含的文件源码,这个时候就需要将phar文件还原,如果只是看一看的话可以使用一些ide工具,比如phpstorm 10就能直接打开它,如果需要修改那么就需要提取操作了,为了演示,我们下载一个composer.phar放在服务器目录,在根目录建立一个get.php文件,内容如下
<?php
/**
* Created by yunke.
* User: yunke
* Date: 2017/2/9
* Time: 19:02
*/
$phar = new Phar('composer.phar');
$phar->extractTo('composer'); //提取一份原项目文件
$phar->convertToData(Phar::ZIP); //另外再提取一份,和上行二选一即可Copy after login
用浏览器访问这个文件,即可提取出来,以上列子展示了两种提取方式:
The second line will create a composer directory and put the extracted content into it;
The third line will generate a composer.zip file, which can be extracted and restored by decompressing it.
As for the server verification bypass caused by the phar:// pseudo-protocol:
Recommended learning: "PHP Video Tutorial"
The above is the detailed content of PHP detailed analysis of phar. For more information, please follow other related articles on the PHP Chinese website!
![PHP Composer Tutorial [Build your own PHP development framework]](https://img.php.cn/upload/course/000/000/041/61e7b13f39314635.jpg)
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
