I really like the cforms plugin for wordpress. It's very powerful, yet easy to use.
But today I ran into a dead-end.
Basically I need a form to let users submit their first- and last name, then upload two files, which I need to rename to "A_Firstname.Lastname.ext" and "B_Firstname.Lastname.ext".
By default cforms just leaves the file name as it was by the uploader.
If anyone is familiar with the cforms plugin then any guidelines would be much appreciated!
Thanks in advance.
You can change the filename by creating a my_cforms_logic function in my-functions.php (my_cforms_logic is called from line 270 of lib_validate.php if you want to understand why it works).
There is an example in the sample my-functions.php but even simpler example of adding test_ to the beginning of the given filename would look like this:
function my_cforms_logic($cformsdata,$oldvalue,$setting) {
if ( $setting == "filename" ){
return 'test_' . $oldvalue;
}
return $oldvalue;
}
So if you can figure how to access the values of the first and last name (I suspect something along the lines of $cformsdata['data']['Firstname'] will work) then you should be in business.
Phil
Related
I have a configuration.php files where i store values like this
public $offline = '0'; Lets say i want a button on my page that write the config and change the 0 to 1 so the website goes offline
How can i accomplish this? I play around with php time to time and my knowledge of it is basic. Is this possible some how? I tried fwrite function or something like this but this overwrite the entire file and not a single value.
Never mind solved my self using file_put_content writing a simple function
My WordPress site infected with some malware files , found lot of files like below,
I tried to decode that using some online decoders, but no luck. I want to know what hacker do using this file.
I guess he control some more files on my sites but scanner only detect this code, by decode this hope to find other file paths
Paths of file found are given below
wp-includes/rest-api/requests.ini
wp-includes/Requests/IPconfig.ini
below have little part of file
Here have full file in pastebin https://pastebin.com/EfUNTaRr
if(empty($_GET['ineedthispage'])){
ini_set('display_errors',"Off");
ignore_user_abort(1);
$I7rKRVNNat3intmYmv="10.1";
$IssgsfYr3WZGty="";
$IL8lxLZy5SGibS7od="";
$IGvpZBegv061k="";
if(!empty($_COOKIE['PHPSSIDDD2'])){
$IGvpZBegv061k=$_COOKIE['PHPSSIDDD2'];
}
$IvVtGi5vH1edafW="RE3PUldBWUlTV4";
if(!IIlFCqjaR5JVZ33VAo('curl_init')){
$IssgsfYr3WZGty.="1\t";
$IL8lxLZy5SGibS7od.="1\t";
}
if(!IIlFCqjaR5JVZ33VAo('fopen')){
can someone decode that file on paste bin. Thank You
I used phpcs-fixer for some pretty view of this script. You can see it here. I don't spend much time for decoding, so I can be wrong in my reasoning =)
Function IIlFCqjaR5JVZ33VAo is like improved function_exists which check if function exists and is callable and not disabled (get from ini)
function __function_exists($functionName)
{
$functionName=strtolower(trim($functionName));
if ($functionName=='') {
return false;
}
$disabledFunctions=explode(",", #ini_get("disable_functions"));
if (empty($disabledFunctions)) {
$disabledFunctions=array();
} else {
$disabledFunctions=array_map('trim', array_map('strtolower', $disabledFunctions));
}
return (function_exists($functionName) && is_callable($functionName) && !in_array($functionName, $disabledFunctions));
}
Script collect many things in files. File names encoded by this rules:
// this is like file hash
$ItZg0lwPNAV8rSZCcknwRw6=md5(__FILE__);
// ... some other stuff and define directory like {path_to_file}/cache{file_hash}
$Id3jh7jnThGJnxV0=dirname(__FILE__).DIRECTORY_SEPARATOR."cache".$ItZg0lwPNAV8rSZCcknwRw6;
// and then file stored in defined dir
$Id3jh7jnThGJnxV1=$Id3jh7jnThGJnxV0.DIRECTORY_SEPARATOR."ke".substr($ItZg0lwPNAV8rSZCcknwRw6, 0, 8)."ys";
// and so on for [keys, useragents, botips, referers, ...] with interesting logic which I don'tfully understand
And then some data sends to http://main.infowp.info/getdata.php. But I'm not sure. Why this domain? You can see it here
And it determines which CMS used: WP, Drupal or Joomla by check if specific function and class exists: wp_insert_post, node_save, JFactory.
My PHP knowledge is very basic. I've built a child theme and the functions.php is all from bits and pieces found on the web. All works great at the moment, and I've reused it on another website. But in several places I had to manually input blog name, email address, etc. What I want is to make it reusable without any further interventions over it. I've covered all problems, but one: changing the default wordpress#example.com email.
// Changing default wordpress email settings
add_filter('wp_mail_from', 'new_mail_from');
function new_mail_from($old) {
return 'notifications#example.com';
}
This works, although to make it reusable without intervention I need to somehow retrieve the site's URL without http:// and www. I've made a test page and used:
$my_site = str_replace('www.','', $_SERVER['SERVER_NAME']);
echo 'notifications#'.$my_site;
It worked on the test.php file, but not in Wordpress' functions.php. The mail is sent and received, but the sender is 'notifications#' with nothing after #. I've used it as
return 'notifications#'.#my_site;
I've tried another approach:
$custom_email = 'notifications#'.str_replace('www.','', $_SERVER['SERVER_NAME']);
function new_mail_from($old) {
return $custom_email;
}
This one doesn't show any sender at all, it's from "unknown sender".
I've tried to work with site_url() instead of $_SERVER, but I haven't managed to make it work either. I didn't tried using home_url() because maybe in some cases home_url() will use a custom page (like a landing page).
Is there a way to solve this problem I have?
Thank you.
Ok, with a bit of help from a friend, I've found something that works:
function new_mail_from($old) {
$custom_email = 'notifications#'.str_replace('www.','', $_SERVER['SERVER_NAME']);
return $custom_email;
}
So basically all I need is to put $custom_email inside the function.
#MadBreaks Now... I know your advice was to avoid str_replace, but I didn't manage to understand parse_url and how to use it. Why isn't str_replace a good choice?
#Victory $_SERVER['SERVER_NAME'] and $_SERVER['HTTP_HOST'] did for me the same thing. Could you please tell me what's the difference? Or pros and cons in using each of them in this situation? Thank you.
I wrote a simple script in plain PHP that uses $_FILES['uploadedfile']['tmp_name'] to fetch a freshly uploaded file and process its contents directly without permanently storing it. The idea is to allow the user to upload a file containing several rows of data that will be automatically parsed and added to a database by the PHP script. There is no need to store the file itself or a reference to it in the database as only the file contents are important. I know of Import CSV to MySQL, but I am trying to keep things clean and easy for the user (and for the time being I am developing with phpDesktop + sqlite so that my application will be portable).
I am now trying to recreate this process within Agile Toolkit but I cannot seem to figure out how. I know that the filestore model must access ['tmp_name'] before it moves/renames the file but I cannot figure out how to poach just this functionality. I tried looking in /lib/Form/Field/Upload.php to see if any of the methods there might be of use, but I am quite new to PHP so these docs are baffling to me. getFilePath() looked promising, but it seems that $_FILES remains empty when I do something like:
$form = $page->add('Form');
$upl = $form->addField('Upload', 'file');
$form->addSubmit();
if ($form->isSubmitted()){
$form->js()->univ()->alert($upl->isUploaded())->execute(); //sends js alert('false')
}
I realize that AJAX cannot be used to post files and I have a feeling this is part of the problem but I am not really sure where to go from here. Any help would sincerely be appreciated.
Thanks.
Agile Toolkit uploads file as soon as it is selected - moves it immediately into filestore and creates database record, so not really what you need.
Anything you write in a plain PHP can also work with Agile Toolkit. You can disable JavaScript in the form by doing this:
$this->add('Form',array('js_widget'=>false));
Such a form would send you a normal POST request.
Ok, I managed to achieve what I wanted by creating a custom extension of Form_Field_Upload and redefining the loadPOST() method within it.
function loadPOST(){
Form_Field::loadPOST();
if($_GET[$this->name.'_upload_action']){
// This is JavaScript upload. We do not want to trigger form submission event
$_POST=array();
}
if($_GET[$this->name.'_upload_action'] || $this->isUploaded()){
if($this->model){
try{
$model=$this->model;
/*Function is identical to parent above this line*/
//process file here and do $model->set('custom_field',$value);
//I am using $this->getFilePath() to analyze the uploaded file
/*Function is identical to parent below this line*/
$model->save();
}catch(Exception $e){
$this->api->logger->logCaughtException($e);
$this->uploadFailed($e->getMessage()); //more user friendly
}
$this->uploadComplete($model->get());
}
}
if($_POST[$this->name.'_token']){
$a=explode(',',$_POST[$this->name.'_token']);$b=array();
foreach($a as $val)if($val)$b[]=$val;
$this->set(join(',',filter_var_array($b,FILTER_VALIDATE_INT)));
}
else $this->set($this->default_value);
}
I sure this is not the most elegant solution but it worked for my purpose anyway.
We're sending a zip file download as a response like this:
$this->response->file( "/export/stuff.zip", array('downlaod'=>true, 'name'=>"stuff.zip") );
return $this->response;
This works fine, BUT the file is always named export.zip. Our name option does not seem to have any effect. We've also tried without the .zip extension. This is confusing because the name options is shown here, in the docs.
What are we doing wrong?
Update:
We figured out that the seemingly arbitrary name "export" is being copied from the name of the controller action. We changed the method name to "admin_exportt" and then we get exportt.zip every time. This isn't documented anywhere that I've seen.
We found where the name is handled in the source code (/lib/Cake/Nework/CakeResponse.php:1254) and it appears that it should either use the original file name, or whatever is specified in the name options:
if (is_null($options['name'])) {
$name = $file->name;
} else {
$name = $options['name'];
}
Ugh! We figured out what was wrong...
Notice the word downlaod in the first line of my code above? That's the culprit. Apparently that bad option was causing the entire array to get ignored. I'm not sure if this will help anyone in the future, but I guess I'll leave it up as a reminder that CakePHP options work that way (at lease in this context).
PS: Whenever you're stuck, go take a walk and come back!