English
English
When developing a PHP project, configuration files typically store important data such as database connection information and API keys. If these configuration files are tampered with by unauthorized individuals, it could lead to security risks, data leaks, or program malfunctions. Therefore, it is crucial to detect any modifications to these files in a timely manner.
This article will explain how to use the PHP built-in function md5_file() to check the integrity of configuration files and detect any unauthorized changes.
md5_file() is a PHP function that calculates the MD5 hash value of a specified file. MD5 is a widely used hashing function, and its output is a 32-character hexadecimal string.
By using the MD5 value of a file, we can compare the previously saved MD5 with the current file's MD5 to determine whether the file has been modified.
Initialization Phase: In a secure and unmodified state of the configuration file, calculate and save its MD5 hash value, such as writing it to a dedicated file or database.
Detection Phase: Each time the program runs, recalculate the MD5 hash value of the configuration file and compare it with the previously saved value.
Result Judgment:
If the MD5 values match, it means the configuration file has not been modified.
If the MD5 values do not match, it indicates that the configuration file may have been tampered with, and immediate action should be taken, such as triggering an alert or processing accordingly.
Assuming the configuration file is located at config.php, here is a code snippet to detect modifications:
<?php
// Configuration file path
$configFile = __DIR__ . '/config.php';
<p>// Save the known safe MD5 value of the configuration file (can be read from a database or file in practice)<br>
$knownMd5 = 'e99a18c428cb38d5f260853678922e03'; // Example value, please replace with the actual value</p>
<p>// Calculate the current MD5 of the configuration file<br>
$currentMd5 = md5_file($configFile);</p>
<p>if ($currentMd5 === false) {<br>
echo "Unable to read the configuration file!";<br>
exit;<br>
}</p>
<p>// Compare the MD5 values<br>
if ($currentMd5 === $knownMd5) {<br>
echo "The configuration file has not been modified, MD5 verification passed.";<br>
} else {<br>
echo "Warning! The configuration file has been modified, MD5 verification failed!";<br>
// You can log the event, send an email, or use other alerting mechanisms here<br>
}<br>
?><br>
You can run md5_file() once during project deployment to obtain the initial MD5 value and save it.
In this example, the $knownMd5 value is hard-coded. In a real project, it is recommended to store it in a secure location (such as a database or secure file).
If the configuration file path changes, make sure to update the path in the code accordingly.
You can write a temporary script to run and get the MD5 value of the configuration file:
<?php
echo md5_file(__DIR__ . '/config.php');
?>
Save the output string as a reference for future comparisons.
Scheduled Checks: Use scheduled tasks (such as Linux's crontab) to run detection scripts at regular intervals, ensuring that tampering is detected in time.
Combine with Logs: After detecting file modifications, log relevant information (such as time, IP address, etc.) to assist with troubleshooting.
Multiple File Detection: If your project has multiple important configuration files, you can use an array to store their MD5 values and loop through them to check for modifications.
PHP Official Documentation: md5_file()
