How do we build our website?
To build a beautiful site you need different tools, some basic HTML knowledge, some coding skills, and a lot of time and patience. So take a look at the image below, you can see that there are two layers of template files that are used to create my pages. The one we will talk about is header.html, which is not really important in terms of building the structure but it will help when someone wants to go to more details about the page. On the other hand, if you want to know more about the themes and HTML templates you can check your favorite developer, I am using Bluehost for my hosting. They have great support and they also have tutorials to learn how to use them.
A big difference between plugins and extensions is that once you have built your theme with the extension it is easier to import to another file and change the source code in each file that the plugin is installed. However for those that don't know what a plugin is, then it is just some extra functionality to add without affecting your original website. Then again if you don't know more than this you can always search for specific articles or find out information about them. However, if you really want to learn something then I would suggest you start with WordPress Plugin like the one that is provided by Yoast SEO. It makes your whole website faster and much simpler to manage. Just click here and get their free trial to try it.
Then the second layer is called the footer and it adds content to each page it's better to add only a few lines of text to improve the navigation. Of course, there are other options like Google Adwords and Facebook ads that work better but it is also possible to include this type of advertisement on posts (that's totally up to you).
Another important thing you should consider is to be organized and create categories. When people visit a website they will reach pages where they can learn more about the website and contents like FAQs and how to solve any problems it may have or a link or a podcast that offers expert information about the topic. Try to categorize the page and have them organize them according to user interests so that we can offer something for every category and that will improve the loading time of users. You can make this even harder by adding custom images and videos from third-party providers. But if you want to add it yourself you can try WPForms or Formstack to embed it into your main website and add a form to that form with your data. It will allow you to access the front end and back end. It will save you lots of time, especially when working on multiple websites and managing them.
The next thing to do is that you
should look into the backend, everything that your website does is based on
PHP, MySQL, and Laravel. We will discuss all these in detail later in this
guide, but first, you need to understand its functions. So let’s say that you
are building a personal website and you don’t like the way it looks today,
you can make changes and implement new technologies to achieve the same
results, that’s why WordPress is such a popular platform in web development.
You can install plugins or modules to modify certain sections of the code, and you
can also use frameworks to add the logic to your website. At last, you also need
to set up security and performance and that's exactly what I have done. You can
have some quick tutorials just to check it out.
Backend
In order to have a properly functioning WordPress website, you need to configure its backend. Let's say you have 50 pages with 20 posts and then you have to manage to run every single post in the MySQL database. If you haven’t already installed it there are several ways to do it. First, you could install PHP, open the terminal and enter the following command:
PHP -f http://localhost/wp-admin.php PHP wp-config
But that also requires lots the manual time. Therefore, I’ll recommend you to use Wappensmithor it is very easy to use.
Now you can add the line of code, paste as many characters as you would like, and hit semicolon, you need to execute the command on the empty line, but just keep pressing Shift, Enter or delete after the first attempt. After that, the error will appear on your screen. This is just to give you a hint and you do not have to worry about it.
So let’s take a deeper look at the code. For simplicity, I've been using the standard SQLite implementation with PostgreSQL. Now let's see how to connect with it:
Here I'm trying to make two tables. One table is public users, and the other is private. The first column contains a password and the second one is what we want or need on a particular page. As you can see the SELECT statement has multiple arguments, you just need to paste them down as long as you need:
SELECT * FROM pubic_users; SELECT * FROM private_users;
And that's it! Now every row in both tables is connected with each other. By connecting to databases we can get all the information that we need, for example, we can easily add comments that we send on our blog posts and that we have in a comment box. Well, the real fun begins now!
Query Injection
There are various methods of query injection that can be done in the programming world. I’ll explain one method that is implemented in the front end of PHP, which is known as Queries for injection. And this is one of the best ways that you can perform this attack. It uses the function() method, which invokes an external function when a parameter is passed to it. Here is the code snippet that is given as an example:
this->function(arg1, arg2);
The problem is, that this way of doing it is not allowed in PHP for some reason. Fortunately, there is already another option, which is known as query injection, in addition to that, you can get it as part of Nmap, one of the packages that you install to protect your website.
I won't go further into deep specifics, you can check it out and discover how to exploit it by reading their documentation and implementing it yourself. I'll discuss it later in the tutorial. Once again I'm talking about the easiest possible way to do this attack, simply pass another script to inject the request. I’ll explain it in detail as I write it down. If you want to read more about Nmap and how to implement this then you should check it out.
First, we will load the preload and then we will add three parameters that will be stored in the input fields. The parameters are called input parameters. And finally, the method that will be called. When using the approach we are going to be intercepting all requests to the controller and will do this through an array with the parameters passed. We are going to intercept this array in the constructor of the class that will then filter every parameter that will be injected. Remember that we are hiding the endpoint of the actual HTTP call, it’s hidden behind this method. The method will listen to the request parameters that we have put in the input parameters, check every field, and update the appropriate instance based on the values.
Now that we have intercepted all parameters we are going to send it to our view that will return the correct response. This method returns the correct response, right now we have intercepted every request and sent it in the method with the parameters that we provide and will update the appropriate state of our models. Remember this is going to be quite a complex algorithm, but once we understand it we can make the code more readable with better understanding.
Now to simplify this we are going to add another parameter in the constructor of the controller and this time it will be the actual content of the page. And again, we will intercept it and send to the method an actual string from the file with the parameters and the actual part of the page. So by now, we are not getting anything like HTML here, it’s just a dummy string but nothing will happen. Remember that now all that we have done is intercept the request and will send them to the constructor of the object with the parameters and the content that we have put in it. Then we can check the form and check if the input field has a value and if that value is valid we will check if it is true and if it is not then just ignore it.
Now that process is over.
The final result of this approach is to intercept all incoming requests and send these via a generic route. But we are still unable to get the code like this because there are a lot of possibilities to use a different approach that will get the same result.
So we have another way to do it,
then we will just tell that route that we have configured to receive the
request payload, and then we will intercept the route with the content that we have
put in it and we will push it into the method that was returned by the
constructor of the entity that implements that route.
No comments:
Post a Comment