Easter eggs in PHP

Perhaps everyone knows that today, April 4, 2010, both Catholics and Orthodox celebrate Easter. Taking this opportunity, I decided to write an article about Easter eggs, not only those that paint, but those whose origin is related to the subject of Habr. It's about the PHP Easter eggs .

Briefly: It turns out that if you add a special line to a GET request processed by the PHP interpreter, you can force the server to return a “secret” picture, or information about PHP developers. Examples:
http://vkontakte.ru/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
http://ru.wikipedia.org/?==PHPE9568F35-D428-11d2-A769-00AA001ACF42
http://www.liveinternet.com/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

What is yolk salt?

Just want to emphasize that the Easter eggs PHP, which will be discussed, are absolutely harmless. Their existence can in no way adversely affect the work of the site. As I already said, there are several special lines (let's call them signatures ), adding them to the request SUDDENLY changes the server's response. Syntactically, the signature should be the value of a nameless and only GET variable (for example, mypage.php?=××× ).
')
Here are the very signatures and the results of their insertion:

1. PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - list of PHP developers (PHP Credits).
   
   
2. PHPE9568F3 4 -D428-11d2-A769-00AA001ACF42 - PHP logo.
    
   
   
3. PHPE9568F3 5 -D428-11d2-A769-00AA001ACF42 - Zend logo.
    
   
   
4. PHPE9568F3 6 -D428-11d2-A769-00AA001ACF42 is a funny picture that differs in different versions of PHP:
   • Thies C. Arntzen, one of the developers of the language (version 4.0.1 - 4.2.2).
      
     
     
   • A brown dachshund named Nadia of one of the team members named Stig Bakken (version 4.3.2 - 4.3.10).
      
     
     
   • Black Scottish Terrier named Scotch developer Zeev Suraski (version 4.3.11 - 4.4.4, 5.0.5 - 5.1.2).
      
     
     
   • Rabbit (version 4.3.1, 5.0.0, 5.0.3).
      
     
     
   • Distorted PHP logo (version 5.1.4 - 5.2.?).
      
     
     
   • PHP mascot "elePHPant" (some versions 5.2.?).
      
     

More information about the compliance of PHP versions and these images can be found in one English-language article on this topic on the site 0php.com . It’s a pity that it wasn’t possible to absolutely establish a dependency, because on the official PHP site the CVS-log file where the images are stored does not work . I apologize if I made a mistake somewhere.

Whoever wants, can additionally kill a few minutes of life by looking at the list of sites lit up in Google with the first signature in the URL .

How it works?

The code responsible for all these "miracles" is quite easy to find in the source code of the interpreter.

The signatures themselves are described in the file ext/standard/info.h in lines 53-56 :

#define PHP_LOGO_GUID "PHPE9568F34-D428-11d2-A769-00AA001ACF42"
#define PHP_EGG_LOGO_GUID "PHPE9568F36-D428-11d2-A769-00AA001ACF42"
#define ZEND_LOGO_GUID "PHPE9568F35-D428-11d2-A769-00AA001ACF42"
#define PHP_CREDITS_GUID "PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000"

The php_handle_special_queries() function together with the php_info_logos() and php_print_credits() functions are responsible for returning unusual responses to unusual requests. In turn, php_handle_special_queries() is called inside the php_execute_script() function .

All three images (Zend logo, PHP logo, funny picture) are in GIF format and are stored as byte arrays in main/logos.h .

Is it possible to disable it somehow?

If you are administering a website written in PHP, you most likely have already tried to do this trick with your project. If the Easter egg "works", then you probably have already decided to get rid of it. Make it extremely easy.

Just open the php.ini file on your server, find the expose_php parameter and change its value to “off”:

expose_php = off

After the web server restarts, the pictures and the page with information about the developers will no longer appear - unusual requests will be processed as usual. The server will also stop adding the line “ X-Powered-By: PHP/×.×.× ... ” to the HTTP response headers, the mention of PHP will be removed from the line “ Server: ... ” (if it is there now).

Having got rid of this “terrible hack”, you will be able to just hide the fact that your site uses PHP. Of course, this applies only to projects with CNC (and even then not everyone). If the links on your site look like " my_cosy_guestbook.php?do=delete_all ", this, naturally, will not save you. Before searching and changing the php.ini , do not forget to answer the question: “Do I need it?”.

Use in the household

Despite the seeming uselessness, the described Easter egg has practical application. If you display system information on your site using the phpinfo() function, you will see the PHP and Zend logos, as well as the “PHP Credits” link. By what URI the images will be requested, and where the link to the list of developers will lead, it is now quite easy to guess. Resources are available, even if the site is tested on a local machine that does not have Internet access. This only works when the expose_php option is on (otherwise the images and the link are not displayed). Here is a working example: www.it.tsu.ge/info.php (the site is not mine, I just posted and announced the link). Another example: hosting.iptcom.net/phpinfo.php (it turns out that the picture with the Zend logo was completely different in PHP 4.4.4). Example of a site with the expose_php option disabled on the server: help.secureserver.net/linux-phpinfo.html .

Egg Bonus

Studying the PHP source, I accidentally stumbled upon the source of another funny secret, mentioned several times on the Internet. It turns out that on April 1, the logo generated by the php_logo_guid() function is replaced with a funny picture (as for the case with the signature PHPE9568F3 6 -D428-11d2-A769-00AA001ACF42). It turns out that on this day, the logo will also change on the page obtained using phpinfo() .

In source code version 5.2.13, lines ext/standard/info.c 1237-1238 of the ext/standard/info.c file are responsible for this “egg”. It is a pity that you can see it in action only in almost a year. Although, impatient comrades at any time can change the system date. ;)

Egg bonus number 2

By the end of writing, it turned out that there is another signature that works in PHP 5. For this Easter egg, the Suhosin extension is needed (it is used to enhance PHP security). The signature is as follows: SUHO8567F54-D428-14d2-A769-00DA302A5F18 . The result of adding it to the request is a picture with three hieroglyphs, which are translated from Korean approximately as a protector or guardian angel.
 


This example does not work on php.net , but it is beautifully demonstrated on the site php.ru and on the “beloved” by all of us on VKontakte (once again, since Suhosin is not installed on all servers).

Conclusion

Well, when people who develop serious things, have a sense of humor and allow themselves to be innocently joke. In addition, Easter eggs are a good viral advertisement for your product (in fact, I now advertise PHP for free). The main thing for developers here is not to overdo it.

PS: I understand that for some habrovchan the described fact will seem bearded and uninteresting, but I am sure that someone hears about Easter eggs in PHP for the first time. Personally, I learned about all this quite recently, although my first php file was created about 5 years ago.

If today there are those who wish to write about Easter eggs in other environments or programming languages, you can arrange a whole Easter-day on Habré . The main thing is for the UFO to hit on the head for offtopic and not put the main phrase “Stop writing about eggs!”. :)

---

_{Links to sources and resources:
ru.wikipedia.org/wiki/PHP , blogoscoped.com/archive/2006-01-08-n31.html , www.0php.com/php_easter_egg.php , www.drupal.ru/node/19682 , php.net , commons.wikimedia.org/wiki/File:Vajicka1.jpg ; Pictures are on imageshack .}