I will go straight to the point,
i was thinking of using dropbox as a file sharing system for some files that i am distributing through my website. So after some research and some hours of reading the documentation, i am now able to upload, generate links and share my files from my PHP built website. So far so good.
Now lets go to the problem.
The files that i am uploading/distributing are the same for every member with an exclusion of one file (license.txt) which needs to be different on every member.
So to solve this problem i came up with one idea, i will open the ZIP file through PHP and the core side of my server, add/replace the license.txt file, ZIP it again and upload it. Yeah that works like a charm but guess what? Its a 80mb file and takes more than 4 minutes to complete the whole process which is something i want to avoid.
So to make it much faster i came up with another idea. My idea was to distribute the files directly from the dropbox un-zipped by duplicating the root folder (of the APP). So the whole process was really simple, firstly an API call to duplicate the root folder (the one that was containing the files), then another one to upload only the edited license.txt file on the new duplicated folder and one last API call to generate the share link. It worked really well and much faster on my tests, but when i finalized my code and tried it live, it turned out to be a disaster since i got an error "too many files".
So my questions is, if there's any way to touch somehow remotely zipped files on dropbox. I saw that the browser can OPEN without problem any ZIP file and show all the contained folders.
Am i missing any possible solution? Any advice would be more than appreciated.
Related
Before I describe the problem, here is a basic run-down of the overall process to give you a clearer picture. Additionally, I am a novice at PHP:
I have a WordPress website that uses CPanel as its web hosting software
The WordPress website has a form (made by UFB) that has the user upload an image
The image gets directed to the upload folder (/uploads) by using image_upload.php
The image is then downloaded onto a computer, and a program is run which generates numbers about the picture(the number generator program is in python)
After the numbers are generated, it calls on report.php and template.xlsm
Report.php gets those generated numbers and then puts them into their designated places on the xlsm file
The xlsm file is then converted into a pdf, which is then emailed to the user that submitted the picture.
I inherited all of this code from someone else who wanted me to help them on this project. Here is my problem:
I don't understand how the PHP files are being called. I have python code ready to run the number generator online, however, I can't do this without figuring how the PHP files are being called.
I understand what the PHP files do, I just don't understand how they are being called. I tried doing a -grep search for both image_upload.php and report.php, but I come up empty. There aren't any other PHP files that seem to do an include(xyz.php), which is supposed to be how PHP files are called. I don't understand what calls image_upload.php to get the pictures moved into the /uploads folder. I also don't understand what calls report.php to make it run. I tried looking in functions.php, where most of the other PHP files are called, but report.php and image_upload.php aren't.
Please help me! If any clarification is needed, just comment, and I will try to provide any help I can!
An easy way to get the the calling functions (including include and require calls) from any point in your PHP scripts is to get the stacktrace:
$e = new Exception();
var_dump($e->getTraceAsString());
You can also use an logger instead of the var_dump.
Unfortunately a simple grep for requires and includes won't suffice for a large project like WordPress due to the use of autoloading:
https://www.php.net/manual/en/language.oop5.autoload.php
While this resource isn't specific to your project, and things could be setup drastically different in your project, I think the details here may provide enough hints about autoloading to get you started in the right direction to understanding things in more depth:
https://wordpress.stackexchange.com/questions/212153/using-spl-autoloading-within-wordpress-plugin
I got a website in Wordpress and recently we discovered that it was infected by several malware scripts that insert scripts using the common base64 and eval functions like this:
We were able to solve most of the infected files but there are still some scripts being injected into the index.html, like these:
All these scripts marked in red make a requests to sites that immediately trigger my computer antivirus.
So question here is, how can I track which file loads these lines? How can I know which file prints them? I can't just search for the string since the code is encrypted like on the first image...
The truth is, it's probably going to be more than one file, and/or it's going to be something hidden deep in a plugin/upload folder.
This is going to be a bit time-consuming, but these are generally the steps I follow when fixing a hacked site to narrow things down and make sure I got all the crap out:
1) Before you do anything else, make sure you have a backup of both the files and db. That way, if you accidentally delete something, it's easy to restore.
2) Delete any unused themes or plugins, and make sure all existing plugins are up-to-date.
3) Update WordPress to the current version. Seriously. Keeping up-to-date is important. If you're more than two major releases behind, you'll want to update incrementally. (https://codex.wordpress.org/Upgrading_WordPress_-_Extended_Instructions)
4) After you've updated, connect via FTP and look for files older than when you updated. Look for extra files that shouldn't be there--this can be tricky, because hacked files are usually named things like wp-shortcode-s.php. I usually have a copy of WP core files open in a window beside my FTP client as a reference.
5) Check the first few lines of code on php and js files in your plugins folder for malicious code. Again, you might want to have a freshly downloaded copy of the plugin to compare files to.
6) Check the uploads folder and subfolders for malicious files.
I also keep checking my hacked site here to see how I'm doing:
http://isithacked.com/
And when you're finished, you might want to read up on how to harden WP to make it more difficult to hack.
Depending on the source of the malware, it's hard to give you a precise hint. There are a few more in-depth walk-through about the topic you can find on Google, here are some good examples which could help:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
https://blog.sucuri.net/2011/02/cleaning-up-an-infected-web-site-part-i-wordpress-and-the-pharma-hack.html
Also if you are on a shared host, potentially the issue could be coming from an other compromised user. Hopefully you have a clean version of the site so that potentially moving to an other host (and upgrading) is an option.
Im planning to add file manager (very basic once) because I never used FTP functions, and it looks easier (FTP connection loses when scripts is done). I would simply use POST request (or what should I?) instead of FTP functions. Is it good idea? Anyone knows restrictions?
As far as I can see only FTP functions are to post and receive files.
What you need to do is add dynamic form where you can select multiple files and upload them to specific directory of your chose.
You will need to get all available directories and files in them, probably with some kind of recursive function. More optimal way is to get directories/files of current folder and when you click on folder it will get files/folder for it.
Can it be done - sure. Is it a good idea - no. People will have access for uploading malicious files, we are not talking about images here, php scripts, shell scripts, executable viruses and so on...
If you are doing this only for yourself, for file posting and receiving I suggest you to use FTP clients for that.
I wouldn't recommend it, but it's probably best to use a 3rd party tool, rather than to write your own.
PHP File Manager
PHPfileNavigator2
FileManager
...
Keep in mind that both PHP and your webserver can put certain restrictions on the size of files that you can transfer, it is of course possible to change these in the configuration files.
Ok this might seems a bad idea or an obvious one. But let's imagine a CMS like PHPBB. And let's imagine you'd build one. I'd create just 1 file called PHPBB.install.php and running it it will create all folders and files needed with PHP. I mean, the user run it just once and every file and folder of the app is created via the PHP file.
Why to do this?
Well mostly because it's cleaner and you are pretty much sure it creates everything as you wish (obliviously checking everything about the server first). Also, having all the files backed-up inside a file you would be able to restore it very easily by deleting everything and reinstalling it running again PHPBB.install.php. Backing-up files like this will allow you to also prevent errors: How? When an error occurred in a file, this file is restored as it was and automatically re-run.
It would be too heavy!
The installation would happen only once and you'd be sure the user will not forget to place the files correctly. The error-preventing will worth the cause and it would also happen only once.
Now the questions:
Does this technique exists? If so, What's its name?
Why would you discourage it?
As others have said, an installer.
It requires the web server to have permission to write to the filesystem, and ends up having the files owned by the user the web server runs as. Even when one has the ability to change filesystem permissions, it's usually a longer process than just extracting an archive and having the initial setup verify permissions.
Does this technique exists? If so, What's its name?
I'd advise to read about __halt_compiler(). It allows you to mix PHP code with non-php data which is not parsed, so you may have PHP code ("installer") and binary data (e.g., compressed contents of all the files) in single PHP file.
1 - Yes, there is a single install file in PHPBB. You run through an online wizard defining your settings and then it installs automatically.
http://www.phpbb.com/support/documents.php?mode=install&version=3&sid=908f5766fc04868ccb985c1b1e6dee4b#quickinstall
2 - The only reason to discourage it would be if you want the user to understand exactly how the system works. Automatically installing it means the user has no need to understand the nitty gritty of it all - of course, many see this as a good thing.
I have recently become an intern on a startup online classroom system. So now, I'm scrambling to learn the system, and get to know the code for the program, which is written in PHP. This program spans around 3000 PHP files and associated images, html pages, CSS files and so forth, across over a hundred folders.
I was wondering if there was some program or utility that could parse the files and directories and create a map of sorts, showing which PHP files include which other files, so that I could see quickly which files and scripts are no longer in use or obsolete, and which files depend on other files, and so forth. In other words, I can see the file and directory structure. I would now like to see the dependency structure, in terms of includes. Without having to open each file individually and track down the includes statements.
Any help would be appreciated!
It's not exactly what you want, but the "inclued" PECL extension is almost certainly going to help you. It works on a per-request basis, and maps out the file inclusion chain. It can even make pretty graphs!
Because it works on a request basis, unfortunately it can't map out your entire codebase for you.