From the author: Hello friends! In this article we will talk about the language PHP programming. We will find out what it is used for, what you can do with it, and what place it occupies in the stages of website development. Also in this article we will look at many ways to make money by being able to program in PHP.
What is PHP and what is it for?
PHP is a scripting language that is very actively used in the development of web applications. PHP is one of the leading languages used in the development of dynamic websites.
PHP is a server-side programming language. All scripts written in this language are executed on the server with the site. For learning PHP, development and debugging of sites and scripts, of course, you can not buy a real server on the Internet. For these purposes, server emulators are used, which are simply installed as programs on a working computer. And on the server on the Internet (hosting) they place ready-made sites and pages with PHP script ami. By the way, almost all modern hostings support PHP language.
The popularity of this language in the field of building websites is determined by the presence of a large set of built-in tools for developing web applications. The main ones are:
automatic extraction of POST and GET parameters, and environment variables web servers into predefined arrays;
interaction with many various systems database management (MySQL, MySQLi, SQLite, PostgreSQL, Oracle (OCI8), Oracle, Microsoft SQL Server, Sybase, ODBC, mSQL, IBM DB2, Cloudscape and Apache Derby, Informix, Ovrimos SQL, Lotus Notes, DB++, DBM, dBase, DBX, FrontBase, FilePro, Ingres II, SESAM, Firebird / InterBase, Paradox File Access, MaxDB , PDO interface);
automated sending of HTTP headers;
work with cookies and sessions;
work with local and deleted files, sockets;
processing files uploaded to the server;
working with XForms.
Let's look at an example where a PHP script is running on a page. Take, for example, the subscription form where you enter your name and email on many sites. Per appearance forms - the colors of input fields and buttons, changing the color of the button on hover and clicking on it, and so on - responds to HTML and CSS. With HTML5, you can check the correctness of the data entered in the form - for example, whether the email or phone fields are filled in correctly.
And after you clicked the “Subscribe” button, a PHP script is called that receives the data you entered into the form. The script writes them to the database, generates and sends you a link to confirm the subscription to the mail specified in the form, checks the subscription confirmation and sends you subsequent letters. All these operations are performed on the server, and this is done using the PHP programming language.
Using PHP in website development
To create a website, you need to go through several stages in sequence:
Planning. At this stage, we plan the future site: for whom and why we are making it, who will visit the site, how to fill it, what should be on the site, and so on.
Design. During the design phase, we create graphics editor appearance of the site pages.
Layout. At the layout stage, we, using HTML and CSS, make up the HTML pages of the future site from the layouts obtained at the design stage.
Programming. At the programming stage, we automate the processes of working with the site. We program the administrative part of the site (admin panel) so that you can add, delete, edit existing pages, even for a person who is completely unfamiliar with site building. We program so that the search and all subscription forms (if any) on the site work. We make it so that the newly added page is displayed on the site, and a link to the created page automatically appears in the menu. If the site uses voting or a poll, then this is also all programmed in PHP, at the programming stage.
If we consider the stage of programming a larger site, for example, an online store, then it is still wider and more interesting here. In this case, we add not only pages, but also products - the main content of the online store. Moreover, in the admin panel, you need to provide for a breakdown of the added products into various categories. It should also be possible to edit the product, change its description, price, picture, etc.
In addition, an online store requires programming an analytics system - so that you can see in the admin panel how many orders were placed and paid for, for what amount, and which goods were paid from which categories, etc. Moreover, it should be possible to display similar summaries for various periods. When programming an online store, sales reporting for accounting and tax purposes is often also implemented.
This is why the PHP programming language phase is the most important, the longest, and the most expensive and highly paid in website development. And having dealt with the programming of an online store, you will be able to create scripts for a site of almost any complexity.
Popularity of PHP
The popularity of PHP is evidenced by the fact that it is used by 83.1% among all sites where it was possible to determine the server-side programming language.
All the most popular CMS that occupy the first places in the popularity ratings (both paid and free: WordPress, Joomla, Drupal, Modx, Bitrix, Magento, etc.) are written in the PHP programming language.
Also, the popularity of the PHP programming language is evidenced by the many created PHP frameworks, such as Laravel, Yii, CakePHP, Slim, Zend Framework 2, PHPixie, CodeIgniter, Symfony 2 and others. Exists great amount forums and large communities - in general for PHP, for each framework and for each CMS separately.
I will also add that the world's largest sites, such as Facebook, Wikipedia, are also written in PHP.
How, having knowledge of PHP, you can earn?
Given the popularity of PHP, there is a constant high demand for PHP programmers. Having knowledge of PHP and being able to program in this language, you will discover new opportunities for earning. Let's look at the main ones with which you can really earn money today:
Earnings on the development of scripts. All sites are constantly evolving, and they periodically require the writing of new scripts, or the development of additional functionality, modules, etc. Site owners turn to PHP developers for such developments. And in this case, you can earn in two ways:
track orders for finding a freelance developer;
generate ideas for bulk scripts. Having the idea of a script that will definitely be in demand among, for example, online store owners, you can independently develop such a script and sell it to online store owners;
Completion of ready-made scripts "to order". Everything is simple here - you take on the revision or correction of a script. But in this case, there is a nuance - initially the script may not be made very well, and it may take more time to refine it than to write the script from scratch. Therefore, if you use a similar way of earning, look initially very carefully at what you will be finalizing and completing.
Development of plugins for CMS. In this method, everything is the same as when making money on scripts. Often, for sites created on ready-made CMS, it is required to write some kind of plugin, add-on or extension. And here you can also earn in two ways:
track orders for the development of plugins, add-ons and freelance extensions;
develop and sell a massive plugin that will definitely be in demand on most sites;
Own and joint projects. If you have an idea for a project on the Internet (startup), for example, an idea useful service or an application that would solve a certain problem, then you can start implementing it. At the initial stage, it can be just as a hobby, in addition to the main job. Then, when it will be seen that the hobby grows into a big project, it will be possible to devote more time to it.
Creation of dynamic sites and engines for them. You can also make good money by developing websites to order, working as a freelancer or in a web studio.
Create websites for yourself. You can create a site for yourself, fill it with useful content - and when the site has a sufficient number of visitors, start earning by placing paid ads on it or promoting someone else's products on affiliate programs.
I think many of you have been visited by the idea that all the above methods of earning can be combined. And it is right! You can create a website for yourself and earn passively by selling ads from it, plus create a script or plugin and sell it on specialized sites, earning on autopilot from each sale, and at the same time you can still work in a web studio. Why not? Yes, you certainly may!
How Much PHP Developer Can Earn?
With the earnings of PHP programmers, everything is individual. Here a lot depends on where to work, how to work, what level of knowledge, what experience, qualifications, what related additional knowledge the developer has, and so on. Therefore, in principle, there can be no exact figure here. But we can see what salary is offered when searching for PHP programmers in a web studio, and how much they are willing to pay for a project on freelance exchanges.
The image below shows the proposed salary for PHP programmers in a web studio. Moreover, these are salaries for PHP programmers without work experience:
If you have work experience, then you can earn much more. Below are salaries offered to PHP programmers with experience.
And on freelancing today you can also earn decently:
Conclusion
PHP is the most popular programming language among web developers. The vast majority of all sites on the Internet are written in PHP. Having knowledge and being able to develop in this programming language, you can earn good money, and there are many options for earning money - from working in a web studio to developing your own project, a startup.
Well: "Earnings on own service by e-mail newsletters" . Draining a closed pool for 33 thousand rubles. Warehouse reviews vary. Based on the reviews, the course is not suitable for everyone, but only for those who have already encountered similar courses or mailing lists. Material sent anonymous user with comment: « I'm leaking this course because I was banned at the warehouse just like that. At the rate I will say one thing that is suitable for small mailings. Beginners will not understand anything, but they can look for familiarization. The reviews are different, I refrained from commenting. If you want to learn how to send out mass letters, go to Shelest, he will help you. I studied with him, and I bought this course only for general development. I hope someone will be useful.» Material can be removed at the request of the copyright holder! Evaluate
Course Description:
A unique author's course of video lessons Quick start technology in email newsletters - How to send email letters in large volumes to "potential" customers. With the advent of the trend to develop business through the Internet and the constant increase in the number of active Internet users, various training courses began to appear, both for beginners and advanced users. This course is intended for everyone who is interested in how to effectively get traffic and sales without spending huge amounts on it. The most effective and convenient tool for online sales is the promotion of services and goods using Email(e-mail marketing).
To organize professional e-mail marketing, and not just mass mailing, you need to develop a systematic approach, collect a subscriber base, automate this process to increase stable profits, generate statistics and other tasks that are difficult to complete without professional help. In this course, as a quick start technology in email newsletters, it is proposed to send letters via VDS servers. Why pay big money for mailing services if you can set it up yourself? And get the opportunity to send anyone, anything in large volumes of letters to your customers. This course will help you set up a VDS server to automatically send emails and create professional e-mail marketing, while any user can complete the setup by simply repeating step by step instructions from the author's video course. Cool tools of excellence! The beauty of SET is that it is written in Python and does not require any third-party Python modules that would have to be installed additionally. The work is carried out through an interactive menu, where you only need to select the desired items for the application to work. At each step, the menu is accompanied good description of the proposed sub-items, so even a child can handle it (it gets a little scary here) But in some situations it is simply necessary to tune the toolkit itself, and for this you will have to turn to the settings file.
What you will learn from the course:
- Setting up vds for email newsletters
- How to bypass spam filters. Reasons why emails end up in spam
- How to quickly and easily uniqueize emails
- How to collect 100% working and live e-mail addresses, and not just addresses, but e-mail
- addresses of your target audience
- How to work with SMTP and how to raise an SMTP server
- Get all the software you need
- How to make money by sending letters, what affiliate programs to work with
- Template generation with its subsequent upload to the VDS server(s)
- Extract email, scan inurl (readme.txt)
- Creating databases - cleaning, splitting, deleting email duplicates
Run the downloaded file by double clicking (you need to have virtual machine ).
3. Anonymity when checking the site for SQL injections
Setting up Tor and Privoxy in Kali Linux
[Section under development]
Setting up Tor and Privoxy on Windows
[Section under development]
jSQL Injection proxy settings
[Section under development]
4. Checking the site for SQL injection with jSQL Injection
Working with the program is extremely simple. Just enter the site address and press ENTER.
The following screenshot shows that the site is vulnerable to three types of SQL injections at once (information about them is indicated in the lower right corner). By clicking on the names of the injections, you can switch the method used:
Also, we have already displayed the existing databases.
You can see the contents of each table:
Usually, the most interesting part of the tables is the administrator credentials.
If you are lucky and you found the administrator's data, then it's too early to rejoice. You also need to find the admin panel, where to enter these data.
5. Search for admins with jSQL Injection
To do this, go to the next tab. Here we are met by a list of possible addresses. You can select one or more pages to check:
The convenience is that you do not need to use other programs.
Unfortunately, there are not very many careless programmers who store passwords in clear text. Quite often in the password string we see something like
8743b52063cd84097a65d1633f5c74f5
This is a hash. You can decrypt it with brute force. AND… jSQL Injection has a built-in bruteforcer.
6. Brute-forcing hashes with jSQL Injection
Undoubted convenience is that you do not need to look for other programs. There is support for many of the most popular hashes.
This is not the best option. In order to become a guru in deciphering hashes, the book "" in Russian is recommended.
But, of course, when there is no other program at hand or there is no time to study, jSQL Injection with a built-in brute-force function will come in handy.
There are settings: you can set which characters are included in the password, the password length range.
7. File operations after SQL injection detection
In addition to operations with databases - reading and modifying them, if SQL injections are detected, the following file operations can be performed:
- reading files on the server
- uploading new files to the server
- uploading shells to the server
And all this is implemented in jSQL Injection!
There are limitations - the SQL server must have file privileges. Reasonable system administrators they are disabled and access to file system cannot be obtained.
The presence of file privileges is easy enough to check. Go to one of the tabs (reading files, creating a shell, uploading a new file) and try to perform one of the indicated operations.
Another very important note - we need to know the exact absolute path to the file with which we will work - otherwise nothing will work.
Look at the following screenshot:
Any attempt to operate on a file is answered by: No FILE privilege(no file privileges). And nothing can be done here.
If instead you have another error:
Problem writing into [directory_name]
This means that you incorrectly specified the absolute path where you want to write the file.
In order to assume an absolute path, one must at least know operating system on which the server is running. To do this, switch to the Network tab.
Such an entry (string Win64) gives us reason to assume that we are dealing with Windows OS:
Keep-Alive: timeout=5, max=99 Server: Apache/2.4.17 (Win64) PHP/7.0.0RC6 Connection: Keep-Alive Method: HTTP/1.1 200 OK Content-Length: 353 Date: Fri, 11 Dec 2015 11:48:31 GMT X-Powered-By: PHP/7.0.0RC6 Content-Type: text/html; charset=UTF-8
Here we have some Unix (*BSD, Linux):
Transfer-Encoding: chunked Date: Fri, 11 Dec 2015 11:57:02 GMT Method: HTTP/1.1 200 OK Keep-Alive: timeout=3, max=100 Connection: keep-alive Content-Type: text/html X- Powered-By: PHP/5.3.29 Server: Apache/2.2.31 (Unix)
And here we have CentOS:
Method: HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=9p60gtunrv7g41iurr814h9rd0; path=/ Connection: keep-alive X-Cache-Lookup: MISS from t1.hoster.ru:6666 Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.4.37 X-Cache: MISS from t1.hoster.ru Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Date: Fri, 11 Dec 2015 12:08:54 GMT Transfer-Encoding: chunked Content-Type: text/html; charset=WINDOWS-1251
On Windows, a typical site folder is C:\Server\data\htdocs\. But, in fact, if someone "thought" of making a server on Windows, then, very likely, this person has not heard anything about privileges. Therefore, you should start trying directly from the C: / Windows / directory:
As you can see, everything went perfectly the first time.
But the jSQL Injection shells themselves raise my doubts. If you have file privileges, then you may well upload something with a web interface.
8. Bulk checking sites for SQL injections
And even jSQL Injection has this feature. Everything is extremely simple - upload a list of sites (can be imported from a file), select those that you want to check and click the appropriate button to start the operation.
Output by jSQL Injection
jSQL Injection is a good, powerful tool for finding and then using SQL injections found on sites. Its undoubted advantages: ease of use, built-in related functions. jSQL Injection can be a beginner's best friend when analyzing websites.
Of the shortcomings, I would note the impossibility of editing databases (at least I did not find this functionality). Like all instruments with GUI, the disadvantages of this program can be attributed to the impossibility of using in scripts. Nevertheless, some automation is possible in this program too - thanks to the built-in mass site check function.
jSQL Injection is much more convenient to use than sqlmap . But sqlmap supports more kinds of SQL injection, has file firewall options, and some other features.
Bottom line: jSQL Injection - best friend novice hacker.
Help for this program in the Encyclopedia Kali Linux you will find on this page: http://kali.tools/?p=706