<?php

// Address error handling.

ini_set('display_errors', 1);
error_reporting(E_ALL ^ E_NOTICE);

// Obtain POST data.

$ping_ip_addr = $_POST['ping_ip_addr']; // input
$ping_count   = $_POST['ping_count'];   // select

// Remove any slashes if Magic Quotes GPC is enabled.

if (get_magic_quotes_gpc())
    {
    $ping_ip_addr = stripslashes($ping_ip_addr);
    }

// Create arrays.

$ping_count_array = array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 25); // Ping count

?>

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<title>Ping</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name="author" content="firstbase" />
<style type="text/css">

body
    {
    margin: 0;
    padding: 10px;
    background-color: #ffffff;
    }

div.output
    {
    margin: 0;
    padding: 10px;
    background-color: #eeeeee;
    border-style: solid;
    border-width: 1px;
    border-color: #000000;
    }

</style>
</head>

<body>
<h1>Ping</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p><label for="ping_ip_addr">IP address:</label><br />
<input name="ping_ip_addr" id="ping_ip_addr" type="text" value="<?php echo $_POST['submit'] == 'Ping' ? htmlentities($ping_ip_addr, ENT_QUOTES) : $_SERVER['REMOTE_ADDR'];; ?>" size="40" maxlength="15" /></p>
<p><label for="ping_count">Ping count:</label><br />
<select name="ping_count" id="ping_count">
<?php

foreach ($ping_count_array as $ping_count_item)
    {
    echo '<option' . ($ping_count == $ping_count_item ? ' selected="selected"' : '') . '>' . $ping_count_item . '</option>' . "\n";
    }

?>
</select></p>
<p><input type="submit" name="submit" value="Ping" /></p>
</form>
<p>Ping may take a while, please be patient.</p>
<?php

if ($_POST['submit'] == 'Ping') // Form has been submitted.
    {
    echo '<div class="output">' . "\n";

    /**************************************************************************/

    // Check for spoofed form submission.

    $illegal = FALSE;

    if (strlen($ping_ip_addr) > 15)
        {
        $illegal = TRUE;
        }

    if (!in_array($ping_count, $ping_count_array))
        {
        $illegal = TRUE;
        }

    /**************************************************************************/

    if (!$illegal) // Form submission was not spoofed.
        {
        if (ereg('^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$', $ping_ip_addr)) // Acquired data contains no problems.
            {
            // Display result.

            echo '<pre>' . "\n" .
                 'ping -c ' . $ping_count . ' ' . $ping_ip_addr . "\n\n";

            system('ping -c ' . $ping_count . ' ' . $ping_ip_addr); // Ping IP address.

            echo '</pre>' . "\n" .
                 '<p>Ping complete.</p>' . "\n";
            }
        else // Acquired data contains problems!
            {
            echo '<p>Please enter a valid IP address.</p>' . "\n";
            }
        }
    else // Form submission was spoofed!
        {
        echo '<p>An illegal operation was encountered.</p>' . "\n";
        }

    echo '</div>' . "\n";
    }

?>
</body>

</html>
2
Contributors
1
Reply
3
Views
12 Years
Discussion Span
Last Post by JLChafardet
0

this is the most insecure way of performing a ping, if your webhost allowes you the system / exec functions, you are hosting your site on a highly possible hack target, with the biggest loophole of php.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.