I'm trying to find a malware that's causing a redirect on a website. Most probably it's using header("location: ...") so i'm wondering is there a way to determine which script file is calling the header()
Any help is appreciated
If you are talking about the "header()" function, you can use the debug_backtrace function. http://ca2.php.net/debug_backtrace. It will allow you to get the stacktrace and you could just analyse this and store it into a file or the database. Just put debug_backtrace in the header() function and log your data.
If you are talking about where on the site you are getting included from, you could simply store in a file or a database table the $_SERVER['REQUEST_URI'] which will help you find out from which URL you are getting included.
Finaly, you can also use $_SERVER['HTTP_REFERER'], if it was passed by the navigator, it will allow you to know from which page you came from when the request was made which can really help determine how you came to include this header incorrectly.
Good luck
Related
in ASP.NET if we use Server.Transfer(WebForm1.aspx)
This actually sent the request to the new page and in browser the new page has been loaded but the URL remains same. is there any way to do the same in PHP?
Just asking if it is possible or not. And if it is possible then how?
require('/WebForm1.aspx");
I think PHP doesn't have a 'transfer' function, but you could get the exact same behaviour using include() or require()
Is there any possible way to make direct browser access to
http://www.example.com/test.php
Not available when viewing url directly but still allowing
JQuery $.get('http://www.example.com/test.php') function
To read the file? I know this might not be possible because I believe going in my browser and typing http://www.example.com/test.php is basically the same thing on client side as using the $.get() function.. But I didn't know if there was any work arounds for this.
Kinda, have php check for the x-requested-with header. If it is not present, redirect somewhere else.
It doesn't stop someone from sending their own request with said header though.
You are right, using a browser or $.get are basically the same. The only difference is that an AJAX call sets the X-Requested-With header to XMLHttpRequest. This can be added with browser extensions, though, so it is not fool-proof.
Is there a way to redirect using PHP without using header("Location: http://www.google.com")? I put that at the top, right after a PHP script (which has no output), but it doesn't work. I use the PHP to check something in the database, and it will redirect depending on the contents.
"Right after a PHP script"? Well, it's going to have to be in a PHP script to work.
If that's not it, please consider showing your previous code. Remember, don't post a question asking how to implement your solution, but rather the question itself...
Your code should always work as long as the header is called before any echo or print statements that send output to the browser. Another possibility is your webserver sending out additional output or headers that are causing the redirect to not work.
One way to test would be to telnet to your webserver and send GET /myscript.php. Then view the result and see if it is what you expect.
Per the PHP documentation:
Remember that header() must be called before any actual output is
sent, either by normal HTML tags, blank lines in a file, or from PHP.
It is a very common error to read code with include(), or require(),
functions, or another file access function, and have spaces or empty
lines that are output before header() is called. The same problem
exists when using a single PHP/HTML file.
Without seeing the actual code that the redirect resides in it will be difficult to assist. Perhaps if you could provide more details then someone may be able to suggest another technology to help but the header method is the only one that I've came across.
I've been using PDF class produced by R&OS successfully in a number of recent developments. I'd like to use it in a page that performs a database query before generating a PDF (it's basically a summary of the session, so I'm using session_id() as part of the query)
All is fine if I run this in Firefox - not fine in IE. I think the loading of session_start() is doing something with headers that's upsetting IE as it appears unable to load the page (comment off session_start and the page loads fine).
I'm getting a little concerned as, on further investigation, it appears that R&OS is not supported ... bad newbie learning experience and I really don't want to have to try adopt another class system this late in the day.
Have you any thoughts as to what I could try next?
Thankx
G
session_start() does indeed send some headers when it is used. However, you can control this particular functionality using the session_cache_limiter() function.
From browsing through the manual comments, it sounds like IE has some particular idiosyncrasies when dealing with binary content. One of the suggested solutions is to set a must-validate header before calling session_start() when you are trying to force a file download on the same page:
session_cache_limiter("must-revalidate");
session_start();
Maybe that will work for you. There are other headers that might work as well... give the comments section on that manual page a read, it looks like there's a variety of tricks you might be able to use.
I want code in a php5 page be executed after all of the page (or maybe even after the first part of the page) is displayed.
I would prefer no javascript and no frames / iframes and no redirects. Just one page written in php, only emitting html.
I remember some special function in php5 to register a callback function that will be executed after the content is sent to the browser, but could not find, did I dream this?
What are the most common ways to do this? I am on Linux / Apache.
It is not necessary to write a complete example, if you just name the ways or describe the trick and I lookup the details for myself
Edit: Now I am asking another question about the execution of the shutdown function here:
How to make sure the user cannot interrupt execution of php code called by "register_shutdown_function"?
Are you looking for register_shutdown_function()?