As soon as I entered a site, my browser (chrome) downloaded this script. It's not obfuscated and not too long, and I think it's harmless, but I don't know PHP so i'm not sure. The file was called csync.php.
Chrome made it seem like this was the only file downloaded. Is it possible this is not true?
Could someone shed some light on what this is doing?
<?php
require_once("config/config.php");
require_function("util/StaticFunctions.php");
require_function("service/ServiceFactory.php");
require_function("bo/BoFactory.php");
require_function("data/DataFactory.php");
require_function("util/UtilFactory.php");
require_function("data/AkamaiLoggingService.php");
include 'config/setup/config-setup-skenzo.php';
include 'config/skenzo_request_variables.php';
header('P3P:CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"');
header('Content-type: text/html');
header('Cache-Control: no-cache, no-store, must-revalidate');
header('Pragma: no-cache');
header('Expires: -1');
$visitorInfo = BoFactory::getVisitorInfo();
$vsid = $visitorInfo->getVisitorId();
$dataNames = VisitorInfo::$VSID_DATA_NAMES;
$mName = BoFactory::getInboundHttpRequest()->getSanitizedValueOfParam('type');
$mValue = BoFactory::getInboundHttpRequest()->getSanitizedValueOfParam('ovsid');
$vsCk = VISITOR_ID;
$vsDaCk = VISITOR_DATA;
$sepVal = VisitorInfo::$VALUE_SEP;
$sepTime = VisitorInfo::$TIME_SEP;
$vsDaTime = VisitorInfo::$VSID_DATA_TIME;
echo '<html> <head></head> <body> <script type="text/javascript" >';
$vsyncConf = array (
"vsCk" => $vsCk,
"vsDaCk" => $vsDaCk,
"sepVal" => $sepVal,
"sepTime" => $sepTime,
"vsDaTime" => $vsDaTime
);
echo "var vsyncConfig = " . json_encode($vsyncConf) . ";\n";
include(SKENZO_MEDIA_DIR. '/js/util/C2/modules/mnvdata.js');
echo '</script>';
echo "</body></html>";
if(AKAMAI_LOG_POSTBACK == $_SERVER['SERVER_NAME'])
{
define('AKAMAI_BULK_LOGGING', TRUE);
define('TEST_ENGINE_FROM_SERVING', '1');
try
{
$akLogService = new AkamaiLoggingService();
$akLogService->handleAkamaiBulkData();
echo '<!--var logged = 1;-->';
}
catch(Exception $e)
{
error("RTBLOG AKAMAI ERROR: " , $e , LOG_ALERT);
echo '<!--var logged = 0;-->';
}
}
else
{
if(AKAMAI_LOG_ORIGIN == $_SERVER['SERVER_NAME'])
{
echo '<!--var logged = 1;-->';
}
else
{
define('AKAMAI_BULK_LOGGING', TRUE);
define('TEST_ENGINE_FROM_SERVING', '1');
try
{
$akLogService = new AkamaiLoggingService();
$akLogService->handleGetRequests();
echo '<!--var logged = 1;-->';
}
catch(Exception $e)
{
error("RTBLOG AKAMAI ERROR: " , $e , LOG_ALERT);
echo '<!--var logged = 0;-->';
}
}
}
?>
The server you're visiting is poorly configured. As a result, instead of executing the PHP, the server sent it to your browser. Browsers don't execute PHP so you're safe.
If you care about the site you were visiting, the nice thing to do would be to contact support and refer it to this post.
A similarly named csync.php file has been reported in a couple of places online over the last couple of days. This, along with its reference to AKAMAI (a huge content delivery network), suggests that the mis-configured server isn't the 1st party site you were actually on, but a 3rd-party server that the site, along with many others, relies on.
File's apparent source: http://qsearch.media.net/csync.php
Similar reports (Google): https://encrypted.google.com/search?q=csync.php+download
I also saw this file drop into my downloads. The source is qsearch.media.net. If you visit media.net, you'll see it is part of the internet advertisement ecosystem. It's likely that there is a bug in one of their scripts. Sites using media.net's service then incidentally cause your computer to download this php file.
This is absolutely not server error of any websites, it is because my browser also download this script from multiple sites,one of them are from speedtest.net, i don't know what's hack is going on.
Related
how could I clear the cache for the image instantly with my uploader? I'm currently trying this but isn't working. any suggestion? thank you !
ps : settings.php is the current page, and I'm using only one header location
the image is currently uploader some time, but not always, some time it doesn't work without a ctrl + maj + r
uploader code :
<?php
// UPLOAD FICHIER
if (isset($_POST['valider']))
{
if (isset($_FILES['avatar']) AND !empty($_FILES['avatar']['name']))
{
$tailleMax = 1000000;
$extensionsValide = array('jpg', 'png');
if ($_FILES['avatar']['size'] < $tailleMax)
{
$extensionsUpload = strtolower(substr(strrchr($_FILES['avatar']['name'], '.'), 1));
if (in_array($extensionsUpload, $extensionsValide))
{
$chemin = "../images/avatar/" . $_SESSION['id'] . "." . $extensionsUpload;
$resultat = move_uploaded_file($_FILES['avatar']['tmp_name'], $chemin);
$touxiang = $_SESSION['id'] . "." . $extensionsUpload;
$session = $_SESSION['id'];
if ($resultat)
{
$updateAvatar=$dbh->prepare("UPDATE members SET avatar = :avatar WHERE id = :id");
$updateAvatar->bindValue('avatar', $touxiang);
$updateAvatar->bindValue('id', $session);
$updateAvatar->execute();
header('Expires: Sun, 01 Jan 2014 00:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
header('Location: settings');
}
else
{
echo "<p class='review_wrong'>error.</p>";
}
}
else
{
echo "<p class='review_wrong'>wrong format. jpeg png.</p>";
}
}
else
{
echo "<p class='review_wrong'>File too large.</p>";
}
} // ISSET
}
?>
<div id="avatar_send_div">
<input id="upload_header" type="file" name="avatar">
<label for="upload_header" class="btn">Upload</label>
<input id="submit_header" type="submit" name="valider" value="Validate">
</div>
show image :
<?php
if (isset($_SESSION['id']) AND !empty($_SESSION['id']))
{
$id = $_SESSION['id'];
$req = $dbh->prepare('SELECT * FROM members WHERE id = :id');
$req->bindValue('id', $id);
$req->execute();
$userinfo = $req->fetch();
}
?>
<div id="settings_div_img">
<img id="settings_img" src="../images/avatar/<?php echo $userinfo['avatar'];?>">
</div>
db :
As others have stated in the comments, you can't really clear the cache with PHP, certainly not the cached assets (images, CSS files, etc). Assets are almost all the time served directly by the webserver.
The HTTP headers that you are setting with PHP will only affect the document being returned by your PHP script, which in your case is an HTML page. Also, sending headers does not guarantee that the cached document will be cleared (it's the job of the user's browser to do that).
So you are generating an HTML page with URLs pointing to images served by the webserver. To control the cache of these images, you mostly want to configure the webserver itself (Apache, NGINX, etc)
That again won't necessarily work if the user already has a previously cached image.
A common technique to go around that and avoid having to generate new image filenames is to append a version id to the image URL and change it as new versions of the image are uploaded.
So instead of having example.net/john.png you would generate example.net/john.png?v=1 and then when you upload a new image, you generate a new URL example.net/john.png?v=2. You can basically append anything to the query string, the goal is to generate a new URL that the browser hasn't seen before.
You will find more techniques here: Refresh image with a new one at the same url
I hope that helps.
I am a bit new to PHP.
I am trying to filter a ICS file for events containing a certain string. The following script seems to do that job just fine:
<?php
header('Content-type: text/calendar; charset=utf-8');
header('Content-Disposition: attachment; filename=fodda2009.ics');
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
function icsFilter($paramUrl,$filterstring) {
$icsFile = file_get_contents($paramUrl);
$icsData = explode("BEGIN:", $icsFile);
foreach($icsData as $value) {
if (strpos($value, "VEVENT") === FALSE) {
echo "BEGIN:";
echo $value;
}
else {
if (strpos($value, $filterstring) !== FALSE) {
echo "BEGIN:";
echo $value;
}
}
}
}
?>
<?php echo icsFilter('http://cal.laget.se/ALMTUNAISHOCKEYSKOLA.ics','dda 2009'); ?>
VEVENT
DESCRIPTION:Dummy info
DTEND;TZID=W. Europe Standard Time:20001010T121500
DTSTAMP:20001005T192952Z
DTSTART;TZID=W. Europe Standard Time:20001010T110000
SUMMARY:Dummy event
UID:200abc01010T110000-8918999#stackoverflow.com
END:VEVENT
END:VCALENDAR
I am hosting the script at http://mydomain.dyndns.com/mycalendar.php. When I enter that URL into Google Calendar (other calendars -> add by URL) I receive a message "[your URL] is not a valid URL".
Is this caused by the script ending in .php?
Do I need to convince my server (Apache) to call the php script at a http://mydomain.dyndns.com/mycalendar.ics URL? How? Is there something else I am doing wrong?
OK, this is a little embarrassing...
The code above works just fine, the source of my error was that I left out the "http://" from the URL. Thus Google Calendar complained that it wasn't a good URL. cough Adding "http://" to my URL worked wonders :)
I'll leave the script here, maybe someone else wants to have a simple PHP script to filter an existing iCal file and serve it to Google Calendar.
I'm building a person to person chat, and want person A's page to refresh, loading new messages from Person B when Person B sends them. How would I send a message/data to Person A when Person B sends a message via PHP? I know I can check on Person A's page via Ajax, but constantly running a MySQL query would drastically bring down the server's speed. Any ideas?
EDIT: Using Server Sent Events, here's my script code:
if(typeof(EventSource) !== "undefined") {
var source = new EventSource("update.php?user=<? echo $recip ?>");
source.onmessage = function(event) {
document.write(event.data);
if (event.data=="yes"){
window.location.href="/chat?with=<? echo $recip ?>";
}
};
} else {
document.getElementById('info-text').innerHTML="Hmm... looks like your browser doesn't support auto updating. Please refresh the page to check for new messages." //'
}
And here's my PHP code:
header('Content-Type: text/event-stream');
header('Cache-Control: no-cache');
$user=$_GET['user'];
$sql=mysql_query("SELECT * FROM chatmsg WHERE sender='$myusername' AND receiver='$recip' OR sender='$recip' AND receiver='$myusername'");
$newrows=mysql_num_rows($sql);
if ($newrows!=$_SESSION['chat'.$user]) {
echo "data: yes";
flush();
}
else {
echo "data: no";
flush();
The problem is, nothing is happening when there's a new row in MySQL.
I found the solution, everyone. I still used the Server Sent Events, but made some changes and found the error. Here's the final working code:
PHP:
header('Content-Type: text/event-stream');
header('Cache-Control: no-cache');
header("Access-Control-Allow-Origin: *");
$user=$_GET['user'];
$sql=mysql_query("SELECT * FROM chatmsg WHERE sender='$myusername' AND receiver='$user' OR sender='$user' AND receiver='$myusername'");
$newrows=mysql_num_rows($sql);
if ($newrows!==$_SESSION['chat'.$user]) {
$msg="yes";
}
else {
$msg="no";
}
echo "data: {$msg}\n\n";
flush();
sleep(10);
(sleep is to save server resources).
JS:
var source = new EventSource('update.php?user=<? echo $recip ?>');
source.onmessage = function(e) {
if (e.data=="yes") {
window.location.href="viewchat.php?viewer=<? echo $viewer ?>&recip=<? echo $recip ?>";
}
}
Here is the POSTFILE code in App inventor:
https://www.dropbox.com/s/9gndlxibrg8f85b/uploadimage.jpg?dl=0
Here is the PHP script:
<?php
$ACCESSKEY="uhuh";
header('Cache-Control: no-cache, no-store, max-age=0, must-revalidate');
if($_GET['p']==$ACCESSKEY){
// this is the workaround for file_get_contents(...)
require_once ($_SERVER['DOCUMENT_ROOT'].'/php/PHP_Compat/Compat/Function/file_get_contents.php');
$data = php_compat_file_get_contents('php://input');
$filename = $_SERVER['DOCUMENT_ROOT']."/images/".$_GET['filename'];
if (file_put_contents($filename,$data)) {
if (filesize($filename) !=0) {
echo "File transfer completed";
} else {
//header("HTTP/1.0 400 Bad Request");
echo "Error: File is empty.";
}
} else {
//header("HTTP/1.0 400 Bad Request");
echo "Error: File transfer failed.";
}
} else {
//header("HTTP/1.0 400 Bad Request");
echo "Error: Access denied"; //reports if accesskey is wrong
}
?>
I am using PHP_Compat located here:
http://pear.php.net/package/PHP_Compat/
When I tried using desktop emulator, it returns error "411: content length required". But when i try using apk on the phone, after selecting image from phone and pressing UPLOAD the filename (of the right image) gets created on the server in right folder too, but the size is always zero and the script returns "error transfer failed".
Even rang GoDaddy and thought it might be due to some server or php setting but they could not help much. I thought maybe changing the PHP variable upload_tmp_dir might help but cant do it.
I really need this work for my app so Hope someone can help.
I'm trying to write a small PHP script that uses a session to store a folder structure of images. Every time the side gets called it reads the next image out of session list and display it as content type of the side. When I call my script I sometimes get not the next image out of list but the next but one. When I write an output file to register every page request, I see that there were more than just one request. But if I look to my fire bug time line I don't see more than one request and there is no javascript running. If I show the image as part of an normal HTML page everything works gread. So what is going on here.
Would be nice if somebody can help me with this...
<?php
include("readDir.class.php");
define("IMAGE_SOURCE_PATH","img");
session_start();
//Inititalize new session context
try
{
if(!isset($_SESSION['id']))
initSessionConext();
}
catch (Exception $e)
{
exit();
}
$fotos = $_SESSION['fotos'];
//Handle wrapp around
try
{
if($_SESSION['id'] >= count($fotos))
initSessionConext();
}
catch (Exception $e)
{
exit();
}
$foto = $fotos[$_SESSION['id']];
if(strcasecmp($_SERVER['REQUEST_METHOD'],"get") == 0)
$_SESSION['id'] += 1;
//Error in session context return nothing
if(empty($foto))
exit(); //
switch(readDir::extension($foto))
{
case "png":
header('Content-Type: image/png');
break;
case "jpg": //Fall through to jpeg case
case "jpeg":
header('Content-Type: image/jpeg');
break;
}
$fp = fopen("test.txt","a");
fwrite($fp,$foto."\r\n");
fclose($fp);
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
readfile(IMAGE_SOURCE_PATH."/".$foto);
//echo $foto."<br>";
//echo '<img src="'.IMAGE_SOURCE_PATH."/".$foto.'" />';
//--------------- F U N C T I O N S -------------------------------
function initSessionConext()
{
$_SESSION['id'] = 0;
$_SESSION['fotos'] = getNewData(IMAGE_SOURCE_PATH);
}
function getNewData($path)
{
$extensions = array("jpg","png","jpeg"); //get data out of file system
$fotos = array();
$source = new readDir($path);
if(!$source->check())
throw new Exception('Could not find source for given path');
$fotos = $source -> readFilesWithextension($extensions);
if(!sort($fotos,SORT_STRING))
throw new Exception('Could not sort foto list in natural order');
return $fotos;
}
?>
So if I understand correctly, you're returning each image, one per time the image is loaded?
It seems likely to me that the browser is requesting the image twice: Once as a HEAD request, and the second time to get the content. This is commonly used to find out things like the Content-Length header before blindly downloading.
I would suggest making sure that strcasecmp($_SERVER['REQUEST_METHOD'],"get") == 0 before modifying the session.
Didn't solve the request problem at least. Use now time difference to differ between requests. Not nice but works out of the box...