I am trying to decode this code.
I know it can be done by changing eval to echo. But in this case its not working. Is i am making any mistake. This is my encoded_file.php code:
i have tried to change eval to echo but its not working file.
I also tried this decoder:
<?php
// Open and read the content of the encoded file into a variable
$file = file_get_contents('encoded_file.php');
// Strip php tags
$file = str_replace('<?php', "", $file);
$file = str_replace('<?', "", $file);
// Make sure to get rid of short tags....
$file = str_replace('?>', "", $file);
// Strip new lines
$file = str_replace("\n", "", $file);
// Add semi colon to get around a parsing issue.
$file = $file.';';
// Change the Eval function
$file = str_replace('eval', 'echo ', $file);
// Function to eval the new string
function deval()
{
global $file;
ob_start();
eval($file);
$contents = ob_get_contents();
ob_end_clean();
return($contents);
}
// Run the code thru once
$file = deval();
// Counter
$cnt = 1;
// Loop it till it's decoded
while(preg_match('/^\?><\?php eval/', $file))
{
$file = str_replace('?><?php eval', 'echo', $file);
$file = str_replace('?><?', "", $file);
$file = deval();
$cnt;
}
//clean up some tags
$file = str_replace('?><?php', "", $file);
$file = str_replace('?><?', "", $file);
echo $cnt,' iterations<br/><br/>';
echo $file;
?>
but it also not working well. Any solution how to decode it or what's wrong in my decoder code.
Here are the steps which are needed to decode this (note - I've renamed variables/functions for clarity):
1. We see that this script reads content of itself, so we can assume - we cannot change this file
so lets create new file with this content and change this file:
$encoded=file('another_file.txt');
2. Then we can change first eval to echo and all other evals should be commented:
here is first line:
echo base64_decode("aWYoIWZ1bmN0aW9uX2V4aXN0cygiWWl1bklVWTc2YkJodWhOWUlPOCIpKXtmdW5jdGlvbiBZaXVuSVVZNzZiQmh1aE5ZSU84KCRnLCRiPTApeyRhPWltcGxvZGUoIlxuIiwkZyk7JGQ9YXJyYXkoNjU1LDIzNiw0MCk7aWYoJGI9PTApICRmPXN1YnN0cigkYSwkZFswXSwkZFsxXSk7ZWxzZWlmKCRiPT0xKSAkZj1zdWJzdHIoJGEsJGRbMF0rJGRbMV0sJGRbMl0pO2Vsc2UgJGY9dHJpbShzdWJzdHIoJGEsJGRbMF0rJGRbMV0rJGRbMl0pKTtyZXR1cm4oJGYpO319");
this will give us:
if(!function_exists("getSubString"))
{
function getSubString($g,$b=0)
{
$a=implode("\n",$g);
$d=array(655,236,40);
if($b==0) $f=substr($a,$d[0],$d[1]);
elseif($b==1) $f=substr($a,$d[0]+$d[1],$d[2]);
else $f=trim(substr($a,$d[0]+$d[1]+$d[2]));
return $f;
}
}
3. Now we can remove first echo/eval and go to 2nd one:
here is 2nd line:
echo base64_decode(getSubString($encoded));
give us:
if(!function_exists("decodeCode"))
{
function decodeCode($a,$h)
{
if($h==sha1($a))
{
return(gzinflate(base64_decode($a)));
}
else
{
echo("Error: File Modified");
}
}
}
4. we can remove it and go to last eval:
here is it:
echo decodeCode(getSubString($encoded,2),getSubString($encoded,1));
and we see final code:
/**
* #site #####
* #copyright 2010
*/
include 'config.php';
$id=$_GET['id'];
if(isset($id))
{
header("Content-type: image/jpeg");
$url='http://#####/siteuploads/thumb/'.$id;
$path=pathinfo($url);
header('Content-Disposition: attachment; filename="'.$path['basename'].'"');
$img=imagecreatefromjpeg($url);
$red=imagecolorallocate($img,255,155,255);
imagestring($img,2,1,2,$site,$red);
echo imagejpeg($img);
}
Related
I'm fetching html code using the code below, it works without any problem, the only issue is the indented code isn't retained
for example the fetched code looks like:
<div>
data
</div
instead of
<div>
data
</div>
php:
<?php
function getFile($file)
{
if (file_exists($file)) {
$file = file_get_contents($file);
return $file;
} else {
return false;
}
}
I understand it isn't an "issue" but if it's possible to retain the correct indent code I'd like to, thank you.
Your current code does retain the indentation, if you want more indentation then this is just an example using your code. You could use spaces as shown or a tab.
Call it with $indent as the number of spaces that you want to add:
function getFile($file, $indent=false)
{
if (file_exists($file)) {
if($indent) {
$i = (str_repeat(' ', $indent);
$file = $i . implode($i, file($file));
} else {
$file = file_get_contents($file);
}
return $file;
} else {
return false;
}
}
An alternative would be to create an indent() function and then in the above just call it:
$file = indent(file_get_contents($file), 4);
It might be a content type encoding issue. file_get_contents will read the file contents using the default charset as configured in php.ini at setting default_charset, which is UTF-8 by default.
We can use mb_detect_encoding to ensure that it is the same as the default character set, if not we have the option to convert it to the detected encoding with mb_convert_encoding.
<?php
function getFile($file) {
if (file_exists($file)) {
$file = file_get_contents($file);
$detect_enc = mb_detect_encoding($file);
if ($detect_enc != ini_get('default_charset'))
$file = mb_convert_encoding($file, $detect_enc);
return $file;
} else {
return false;
}
}
nJoy!
Just a random guess: you probably have output of few spaces somewhere in your code before you output file content to the client.
To avoid that you need to clean output. You can do that inside this getFile() function:
function getFile($file)
{
if (file_exists($file)) {
$file = file_get_contents($file);
ob_clean(); // <-- clean the output if any happened before
return $file;
} else {
return false;
}
}
Or outside where you call it I guess something like:
...
ob_clean();
echo getFile($file);
I am new to PHP and I am currently working on File Handling. I have a text file of which I am attempting to open for reading/appending using a skeleton script. The file is outputting and showing it is successfully opening, but only when I add a include function into the code. I have my code below, can someone look at it and tell me if I am doing it right because it feels right to me at the minute and it does output but i'm not 100% positive.
$location = '/Applications/MAMP/htdocs/PHPLabs/branches.txt';
include($location);
if (file_exists($location) && $file = fopen($location, 'r')){
$file_content = fread($file, filesize($location));
fclose($file);
} else {
echo 'File not found';
}
change your code to read and output file to below:
$location = '/Applications/MAMP/htdocs/PHPLabs/branches.txt';
//include($location); remove include
if (file_exists($location) && $file = fopen($location, 'r')){
$file_content = fread($file, filesize($location));
echo $file_content; //<----echo here to display content
fclose($file);
} else {
echo 'File not found';
}
Another option is to use file_get_contents().
It will also read the text file but it will read the text files full contents to a string.
$location = '/Applications/MAMP/htdocs/PHPLabs/branches.txt';
if (file_exists($location)){
$file_content = file_get_contents($file);
Echo $file_content;
$file_content .= " And some more"; //append string to end of string
Echo $file_content; // echo with appended string.
File_put_contetnts($file, $file_content); // save the original text plus the appended.
} else {
echo 'File not found';
}
I've been working o this for the last few weeks and can't find an alternate route. What I need to do is return the contents of a text file after the file has been read. I have two different logs that use text files to log errors. The first log returns the correct variable that I ask for but for some reason, even though I use the exact same methods to call the variable, it doesn't return anything. If I echo the variable then the correct string is displayed but the variable returns nothing. Here is the function:
function GetNoticeLog($strDate){
$logdate = preg_replace("/[^0-9]/", "_", $strDate );
$strFileName = realpath('debuglogs/enotice_logs').'/ENOTICELOG_' . $logdate . '.txt';
if(is_readable($strFileName)){
$file = fopen($strFileName,"r");
$contents = fread($file, filesize($strFileName));
$fclose($file);
return nl2br($contents);
}
else if(!is_readable($strFileName)){
echo $strFileName." is unreadable";
}
}
Why does this function return the necessary string when executed in one function but has to be echoed to see content in the other is my question.
Try changing
$fclose($file);
to this
fclose($file);
I was able to get the code to work on my server. The only change I made here is the path to the file which is in the same directory as the PHP script.
<?php
function GetNoticeLog($strDate){
$logdate = preg_replace("/[^0-9]/", "_", $strDate );
//$strFileName = realpath('debuglogs/enotice_logs').'/ENOTICELOG_' . $logdate . '.txt';
$strFileName = "blah.txt";
if(is_readable($strFileName)){
$file = fopen($strFileName,"r");
$contents = fread($file, filesize($strFileName));
fclose($file);
return nl2br($contents);
}
else if(!is_readable($strFileName)){
echo $strFileName." is unreadable";
}
}
$stuff = GetNoticeLog("whatever");
echo $stuff;
?>
I 've used the following code to create PHP file dynamically
$value = 5;
$file = $compname.'.php';
$file_pointer = fopen( $file, 'w' );
$string = '<?php $var = '. $value .' ?>';
fwrite( $file_pointer, $string );
fclose($file_pointer);
include($file);
echo $var;
Is it possible to insert template in that php file and the file name conatins spaces is it possible to remove those space and add "-"
As #ianhales mentioned, you can use str_replace() for replacing white-spaces in the name. If I understand your question correctly, you want to use a template file to generate the contents of the PHP file. To do that, I would do the following.
Create template.txt file
<?php
$var = #THEVAR#;
?>
Then you use the template:
<?php
...
$value = 5;
$template = file_get_contents('template.txt');
$template = str_replace("#THEVAR#", $value, $template);
$newFile = fopen($compname.'.php', 'w');
fwrite($newFile, $template);
fclose($newFile);
...
str_replace( ) will do your ' ' to '-' replacement. The rest of your question I don't understand.
Do you mean you want to have a pre made PHP file and change some stuff there?
You can use placeholders, for instance.
example
PHP FILE
<?php
$var = '[%%VAR1%%]';
?>
file editor:
//Change filename
str_replace(' ', '-', $compname);
//File "template editor"
$value = 5;
$file = file_get_contents($compname.'.php');
str_replace('[%%VAR1%%]',$value, $file);
file_put_contents($compname.'.php', $file);
You did not mention if you want your template file to be PHP parsed first. This method could do (or not):
function getTemplateContent($includeFile, $parsePhp = TRUE) {
$cont = '';
if ($parsePhp) {
try {
ob_start();
require($includeFile);
$cont = ob_get_contents();
ob_end_clean();
} catch (Exception $ex) {
$cont = '';
}
} else {
$cont = file_get_contents($includeFile); #
}
return $cont;
}
To include the template contents in the written file could be done like e.g.
$string = '<?php $var = '. $value . ';' . getTemplateContent($templateFile, TRUE/FALSE) . ' ?>'
I have an PHP app with houndreds of files. The problem is that one or several files apparently have a BOM in them, so including them causes error when creating the session... Is there a way how to reconfigure PHP or the server or how can I get rid of the BOM? Or at least identify the source? I would prefer a PHP solution if available
The real solution of course is to fix your editor settings (and the other team members as well) to not store files with UTF byte order mark. Read on here: https://stackoverflow.com/a/2558793/43959
You could use this function to "transparently" remove the BOM before including another PHP file.
Note: I really recommend you to fix your editor(s) / files instead of doing nasty things with eval() which i demonstrate here.
This is just a proof of concept:
bom_test.php:
<?php
function bom_safe_include($file) {
$fd = fopen($file, "r");
// read 3 bytes to detect BOM. file read pointer is now behind BOM
$possible_bom = fread($fd, 3);
// if the file has no BOM, reset pointer to beginning file (0)
if ($possible_bom !== "\xEF\xBB\xBF") {
fseek($fd, 0);
}
$content = stream_get_contents($fd);
fclose($fd);
// execute (partial) script (without BOM) using eval
eval ("?>$content");
// export global vars
$GLOBALS += get_defined_vars();
}
// include a file
bom_safe_include("test_include.php");
// test function and variable from include
test_function($test);
test_include.php, with BOM at beginning
test
<?php
$test = "Hello World!";
function test_function ($text) {
echo $text, PHP_EOL;
}
OUTPUT:
kaii#test$ php bom_test.php
test
Hello World!
I have been able to identify the files that carried BOM inside them with this script, maybe it helps someone else with the same problem in the future. Works without eval().
function fopen_utf8 ($filename) {
$file = #fopen($filename, "r");
$bom = fread($file, 3);
if ($bom != b"\xEF\xBB\xBF")
{
return false;
}
else
{
return true;
}
}
function file_array($path, $exclude = ".|..|libraries", $recursive = true) {
$path = rtrim($path, "/") . "/";
$folder_handle = opendir($path);
$exclude_array = explode("|", $exclude);
$result = array();
while(false !== ($filename = readdir($folder_handle))) {
if(!in_array(strtolower($filename), $exclude_array)) {
if(is_dir($path . $filename . "/")) {
// Need to include full "path" or it's an infinite loop
if($recursive) $result[] = file_array($path . $filename . "/", $exclude, true);
} else {
if ( fopen_utf8($path . $filename) )
{
//$result[] = $filename;
echo ($path . $filename . "<br>");
}
}
}
}
return $result;
}
$files = file_array(".");
vim $(find . -name \*.php)
once inside vim:
:argdo :set nobomb | :w