Is it possible to view the PHP code of a live website ?
+5
A:
No, as it is interpreted on the server-side and the results are sent to the user. If you want to view the source code of a site you control in-browser, consider the FirePHP extension for Firebug, or just access your site files with your preferred method.
Jonathan Prior
2009-08-23 21:28:46
+1
A:
Do you have access to the files on the live server? If so yes, otherwise no, it is only possible to see the result of the script execution.
David McEwing
2009-08-23 21:28:53
A:
Not if PHP is configured properly.
PHP is served already interpreted to the visitor.
Seeing the PHP code on a live website would be considered hacking which is probably outside the ethical scope of stackoverflow.
lpfavreau
2009-08-23 21:30:18
There's an ethical scope of SO?
nilamo
2009-08-23 21:34:19
I'd hope so :)
Lucas Jones
2009-08-23 21:47:41
+2
A:
No, unless the server admin screwed up. And sometimes happens... that's why facebook made a patch for this
Gabriel Sosa
2009-08-23 21:34:53
+3
A:
Usually, no, as others have said, unless of course this is something you want to be the case. Then you can set it up so that using .phps (or any other extension really, but this is the norm) will display the source code of the page (with syntax coloring I believe). Something like:
AddHandler application/x-httpd-php-source .phps
in your apache configuration should do the trick.
Note, you will need to save your .php files with a .phps for their source to be displayed.
catfarm
2009-08-23 21:43:14
+1
A:
Yes: ssh to it, go to the directory hold the source file, say 'index.php', and "cat" it:
ssh myserver.com
cd ~/www
cat index.php | less
There you go!
NOTE: this is a joke.
Bruno Reis
2009-08-23 21:45:37
Just a tip before you get flooded with downvotes (;) - mark this community wiki so you don't lose any rep.
Lucas Jones
2009-08-23 21:48:20
A:
There are a few sites that allow you to view their PHP source. Try googling for inurl:viewsource.php (my site should turn up in there somewhere :)).
Also you can view php.net's source: http://www.php.net/source.php?url=/index.php
yjerem
2009-08-23 21:54:23
A:
Well, this has been fairly well answered, but on the strength in numbers fallacy, let me add:
Generally, no.
John Lockwood
2009-08-23 21:55:36
A:
Everyone is wrong! Yes, it is possible! But if you do see the code in your web browser then this would be a serious security breach or some major trouble in the web server. I've seen it happen once, where some dumb administrator had removed the PHP extension for IIS thus the browser provided all sources as text files instead of executing them.
Then again, there is an alternative method, which is through FTP. Most websites give access to their file system through FTP, so administrators don't need physical access to the system. You will need to know username and password, plus the FTP address to get access, but once you have this information, you have access to the whole site. Useful for administrators, yet also a very good reason to be very careful with passwords.
Workshop Alex
2009-08-23 22:30:54
I think your first paragraph was already covered by *"unless the admin screwed up"*, which was mentioned at least twice.
deceze
2009-08-24 00:42:57
True, but those answers replied with "no", while that is incorrect. There are all kinds of causes -including administrators screwing things up- that could cause PHP sources to be shown. It *might* also be possible if the server application (IIS or Apache) itself has a bug or hack that would bypass the standard behavior. (Thus a bug.) Fortunately, these kinds of bugs are rare but hackers might be able to modify the behavior of the server software to mess things up. And no server is 100% hacker-proof!
Workshop Alex
2009-08-24 07:43:23