newbtophp

Cheers cags but that did not work :-\ So I ended up doing 2 str_replaces: $file = str_replace('?><', '<', $file); $file = str_replace('><?', '>', $file); Which is insecure, because if their actually is two php tags joint together with php code it will remove them.

Im trying to do a preg match for some php code which consists of the following rule: starts with full php tag: <?php then has any random php code: s*? then contains a base64 string within brackets and single quotes: ('base64 string') then ends with php tag: ?> then finally has a string after ?>: base64 string I tried myself: (but doesnt work) preg_match("~<\?php\s*?~('[^']*?)~?/>[^']*?~", $file); Heres some examples of the php code: <?php echo "this is"; function($eval) { return $eval; { 354364('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDM3MiksJ0VudGVyeW91d2toUkhZS05XT1VUQWFCYkNjRGRGZkdnSWlKakxsTW1QcFFxU3NWdlh4WnowMTIzNDU2Nzg5Ky89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?> kr9NHenNHenNHe1lFMamb3klFoxiC2APk19gOLlHOa9gkZXJkZwVkr9NTznNHr8XHt4JkZwShokiF2A2Yy9LcBYvcoAPF3OZfuwPcmklCBWPkr8XHenNHr8XHtXLT08XHr8XHeEXhUXmOB50cbk5d3a3D2iUUylRTlfNaaZdtFSeWPIwtEIwtEIwuklcJEIwtEIwe0IkZOZcBclFJFSeWPIwtEIwtEIwuazcbkVCB1lwe0IkZOzFo9VF29ZkZwpwo9ZwoaZFM9ZhtnsGbYxdy9lFmkvFJIpwtL7eWPYtI0hwtEIRZ8IdblzFBxgFbalFmLPwtkkTlYyAlWIUA5ATZnzfoy0DbY0DBSIhtn0DB1lRtnpFy9icoWSwuaZdtXIFMaMRtn1F2aZdMyscUEpeWPIwtEvRZnBCBx1cbHIhtFLfolscUFSkZOicoOZkZXmkuaZdtFSkZOZcBclFJFSkZOzFo9VF29ZkZEpwJLId3wIcbkZd3wPwo15F3ySb2aZFM9ZhtLIhTSYtI0hwtEIwuklfuaZdJn0FmalKX0htU8vcbipfeSYtJEIwu0YtJEIwu0ktWLYtm0YtI== Example 2: <?php print_r('donkey'); $mylo = "says hello"; ('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwDM3MiksJ0VudGVyeW91d2toUkhZS05XT1VUQWFCYkNjRGRGZkdnSWlKakxsTW1QcFFxU3NWdlh4WnowMTIzNDU2Nzg5Ky89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs='));?> GbYxdy9lFmkvFJIpwtL7eWPYtI0hwtEIRZ8IdblzFBxgFbalFmLPwtkkTlYyAlWIUA5ATZnzfoy0DbY0DBSIhtn0DB1lRtnpFy9icoWSwuaZdtXIFMaMRtn1F2aZdMyscUEpeWPIwtEvRZnBCBx1cbHIhtFLfolscUFSkZOicoOZkZXmkuaZdtFSkZOZcBclFJFSkZOzFo9VF29ZkZEpwJLId3wIcbkZd3wPwo15F3ySb2aZFM9ZhtLIhTSYtI0hwtEIwuklfuaZdJn0FmalKX0htU8vcbipfeSYtJEIwu0YtJEIwu0ktWLYtm0YtI== Another example: <?php $OOO=monkey;$O0000=moster;0000 =5552;eval((base64_decode('JE8wMDBPME8wMD1mb3Blbig kT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ 2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDA sNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0c ihmcmVhZCgkTzAwME8wTzAwLDM3MiksJ0FsRlBnMk9JdFY2Ukh CK1o3MzhvdWhzaldhejVrUUROWTQ5L1MxZE1uclV2SnlmaWVFY kwwd0ttcUN4VEdwWGM9JywnQUJDREVGR0hJSktMTU5PUFFSU1R VVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0N TY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs='));?> VgpZHPlZHPlZHPw1kdhMjmV1kOE4WKunVwpN3S1H3hpNVbe9Vb tP0Ykmh9km3b6F315dBNQOhqQFeYVOSJtPgK6oJBF93e5O2r51 p0aj40tFqptF395Op/zblDtIl4WKJnV0YUVbeY5s7w6F3rQ9Sr+e06VO1KtP0Ykmh9km 3b6F395Op/zbAftF3rQ9eYHFeYBogb68lDtF3eWjBLQKpbaPJBF93rtFJptP gK+e06N706kdh0QjVftIlbasQNkdhe5O2/a8YMRwEkDPgLj2EqHPAUVFGMRFAMVbeYVIlJWs1fjm31DI7r+e 06N706 As you can see the pattern is that it always contains php tags, and 2 strings, 1 string after the end php tag, and 1 string within single quotes & brackets within the php tags.

*Slaps self" Im sooo stupid!!!!!!!!!! Solved. Thanks Cags, Crayon Violent and PFMaBiSmAd!

I tried which is why i moved the code which contained: session_start() to the header. But then another error apeared "Warning copy..." edit: im not sure why because the original file works great.

<?php //Here we use file_get_contents to get the page without executing it yet $content = file_get_contents('http://www.website.com/page.php'); //Then we grab the first html tag $temp = explode('<strong>',$content); //Next we grab the end html tag $temp2 = explode('</strong>',$temp[1]); //Then we grab the points which is contained within the above tags $points = $temp2[0]; //Then we combine all the variables unset($content,$temp,$temp2); // Now we are done and display it print_r($points); ?>

All help is greatly apreciated lol

so file_get_contents was the right option ^^ PS : i had to remove those lines : $text = str_replace('<', '<', $text); $text = str_replace('>', '>', $text); they're not necessary since file_get_contents do the job.. Then you wernt trying to edit the php source?, you wanted to edit the html?

<?php $content = file_get_contents('http://www.website.com/page.php'); $temp = explode('<strong>',$content); $temp2 = explode('</strong>',$temp[1]); //Get the points $points = $temp2[0]; unset($content,$temp,$temp2); print_r($points); ?>

If i didnt escape it, when i go back to the editor the file will not be the same as the original. PS: This is a personal opinion. </br> is just a habiit, he can remove if he'd like too. However im new to php so looking forward to suggestions etc. Just thought I should try and contribute.

This is a better way: <?php if($_POST['Submit']){ $open = fopen("guestbook.php","w+"); $text = $_POST['update']; fwrite($open, urldecode($text)); fclose($open); echo "Updated"; }else{ $file = file("guestbook.php"); echo "<form action=\"".$PHP_SELF."\" method=\"post\">"; echo "<textarea Name=\"update\" id=\"phpCode\"cols=\"50\" rows=\"10\">"; foreach($file as $text) { echo $text; } echo "</textarea>"; echo "</br><input name=\"Submit\" type=\"submit\" value=\"Update\" onClick=\"document.getElementById('phpCode').value = escape(document.getElementById('phpCode').value)\"/>\n </form>"; } ?>

I moved the session_start() to the top and I got: Warning: copy(<?php ...... in /home/forums/public_html/index.php on line 120 lock.php file upload failed! This is the part where the error apears: $_SESSION['session_key']=md5(microtime() * 1000000); $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key']; if (!file_exists($SessionKeyRoot)) { mkdir($SessionKeyRoot, 0777); } $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat'); //LINE 120 :-\ if (!$lock_copy) { echo "lock.php file upload failed!"; exit; } This is the whole file (which gives the errors): <?php define('CRACK_ROOT',dirname(__FILE__ ? __FILE__ : getenv('SCRIPT_FILENAME'))); define('LOCKED_ROOT','/home/forums/files/'); define('CRACK_FILE','/home/forums/public_html/lock/crack.php'); error_reporting (E_ERROR | E_WARNING | E_PARSE); //I moved this chunk to the top to avoid the session and headers error session_start(); set_magic_quotes_runtime(0); if (function_exists('get_magic_quotes_gpc')) { $magic_quotes_gpc = get_magic_quotes_gpc(); } else { $magic_quotes_gpc = ini_get('magic_quotes_gpc'); } $register_globals = @ini_get('register_globals'); if(PHP_VERSION < '4.1.0') { $_GET = &$HTTP_GET_VARS; $_POST = &$HTTP_POST_VARS; $_COOKIE = &$HTTP_COOKIE_VARS; $_SERVER = &$HTTP_SERVER_VARS; $_ENV = &$HTTP_ENV_VARS; $_FILES = &$HTTP_POST_FILES; } if(!$register_globals || !$magic_quotes_gpc) { @extract($_POST, EXTR_OVERWRITE); @extract($_GET, EXTR_OVERWRITE); if(!$register_globals && is_array($_FILES) && count($_FILES)) { foreach($_FILES as $key => $val) { $$key = $val['tmp_name']; ${$key.'_name'} = $val['name']; ${$key.'_size'} = $val['size']; ${$key.'_type'} = $val['type']; } } } if (!$magic_quotes_gpc) { foreach($_POST as $key => $val) { $_POST[$key]=saddslashes($val); } foreach($_GET as $key => $val) { $_GET[$key]=saddslashes($val); } } function saddslashes($string) { if (is_array($string) && count($string)) { foreach ($string as $key => $val) { $string[$key] = saddslashes($val, $force); } } else { $string = addslashes($string); } return $string; } ?> <title>Welcome</title> <form action="<?=$_SERVER["PHP_SELF"]?>" method="post" enctype="multipart/form-data" > <input name="file" type="file" value="Upload"/> <input type="submit" name="submit" value="Submit" /> </form> <?php if (isset($_FILES['file'])) { $file = file_get_contents($_FILES['file']['tmp_name']); $submit = $_POST['submit']; if($file == "") echo "No file selected"; else { if($submit == "Submit") { //basic validation to check if its the right file i want if (preg_match('/lock/', $file)) { /* empty the session */ $_SESSION['key']=''; $_SESSION['next']=false; $_SESSION['zlib']=false; $_SESSION['session_key']=''; if ($file_size >=1024*1024) {// 1mb echo "files more than 1mb!"; exit; } else if (strtolower($file_name)!="lock.php") { echo "<center>The uploaded file is not lock.php!"; exit; } else { $_SESSION['session_key']=md5(microtime() * 1000000); $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key']; if (!file_exists($SessionKeyRoot)) { mkdir($SessionKeyRoot, 0777); } $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat'); if (!$lock_copy) { echo "lock.php file upload failed!"; exit; } unlink($file); $_SESSION['next'] = true; /* access key */ ob_start(); $lock_file=CRACK_FILE; include_once $SessionKeyRoot.'/lock.dat'; $lock_lock_de=base64_decode($lock_lock); if (@ gzinflate($lock_lock_de)) { $lock_lock_de=gzinflate($lock_lock_de); while (1) { $lock_lock_de=str_replace("eval","\$lock_lock_de=",$lock_lock_de); eval($lock_lock_de); if (strtolower(substr($lock_lock_de,0,4))!="eval") break; } } @preg_match_all("/lock_unlock=\"(.*?)\"/i",$lock_lock_de,$PassOut); $_SESSION['key']=$PassOut[1][0]; ob_end_clean(); if ($lock_usezlib == "^") $_SESSION['zlib']=true; } echo "<center><div>lock.php uploaded successfully!</div><a href=\"lock/next.php\">click here to proceed</a>"; } } } } ?> My original file works perfectly (no errors) which is: <?php define('CRACK_ROOT',dirname(__FILE__ ? __FILE__ : getenv('SCRIPT_FILENAME'))); define('LOCKED_ROOT','/home/forums/files/'); define('CRACK_FILE','/home/forums/public_html/lock/crack.php'); error_reporting (E_ERROR | E_WARNING | E_PARSE); session_start(); set_magic_quotes_runtime(0); if (function_exists('get_magic_quotes_gpc')) { $magic_quotes_gpc = get_magic_quotes_gpc(); } else { $magic_quotes_gpc = ini_get('magic_quotes_gpc'); } $register_globals = @ini_get('register_globals'); if(PHP_VERSION < '4.1.0') { $_GET = &$HTTP_GET_VARS; $_POST = &$HTTP_POST_VARS; $_COOKIE = &$HTTP_COOKIE_VARS; $_SERVER = &$HTTP_SERVER_VARS; $_ENV = &$HTTP_ENV_VARS; $_FILES = &$HTTP_POST_FILES; } if(!$register_globals || !$magic_quotes_gpc) { @extract($_POST, EXTR_OVERWRITE); @extract($_GET, EXTR_OVERWRITE); if(!$register_globals && is_array($_FILES) && count($_FILES)) { foreach($_FILES as $key => $val) { $$key = $val['tmp_name']; ${$key.'_name'} = $val['name']; ${$key.'_size'} = $val['size']; ${$key.'_type'} = $val['type']; } } } if (!$magic_quotes_gpc) { foreach($_POST as $key => $val) { $_POST[$key]=saddslashes($val); } foreach($_GET as $key => $val) { $_GET[$key]=saddslashes($val); } } function saddslashes($string) { if (is_array($string) && count($string)) { foreach ($string as $key => $val) { $string[$key] = saddslashes($val, $force); } } else { $string = addslashes($string); } return $string; } if ($submit=='Submit') { /* empty the session */ $_SESSION['key']=''; $_SESSION['next']=false; $_SESSION['zlib']=false; $_SESSION['session_key']=''; if ($file_size >=1024*1024) {// 1mb echo "files more than 1mb!"; exit; } else if (strtolower($file_name)!="lock.php") { echo "<center>The uploaded file is not lock.php!"; exit; } else { $_SESSION['session_key']=md5(microtime() * 1000000); $SessionKeyRoot=LOCKED_ROOT.$_SESSION['session_key']; if (!file_exists($SessionKeyRoot)) { mkdir($SessionKeyRoot, 0777); } $lock_copy=copy($file,$SessionKeyRoot.'/lock.dat'); if (!$lock_copy) { echo "lock.php file upload failed!"; exit; } unlink($file); $_SESSION['next'] = true; /* access key */ ob_start(); $lock_file=CRACK_FILE; include_once $SessionKeyRoot.'/lock.dat'; $lock_lock_de=base64_decode($lock_lock); if (@ gzinflate($lock_lock_de)) { $lock_lock_de=gzinflate($lock_lock_de); while (1) { $lock_lock_de=str_replace("eval","\$lock_lock_de=",$lock_lock_de); eval($lock_lock_de); if (strtolower(substr($lock_lock_de,0,4))!="eval") break; } } @preg_match_all("/lock_unlock=\"(.*?)\"/i",$lock_lock_de,$PassOut); $_SESSION['key']=$PassOut[1][0]; ob_end_clean(); if ($lock_usezlib == "^") $_SESSION['zlib']=true; } echo "<center><div>lock.php uploaded successfully!</div><a href=\"".dirname($_server["php_self"])."next.php\">click here to proceed to the next step</a>"; exit; } ?> <script language="javascript" type="text/javascript"> function checkform(form) ( var lock_file = form.file.value; if (lock_file =="") ( alert ( "Please upload the lock.php file!"); return false; } else { var lock_file_arr=lock_file.replace(/\\/gi,"/"); lock_file_arr=lock_file_arr.split("/"); var lock_file_name=lock_file_arr[lock_file_arr.length-1].tolowercase(); if (lock_file_name!="lock.php"){ alert ("Your uploaded file is not lock.php!"); return false; } } } </script> <form method="post" enctype="multipart/form-data" action="<?=$_SERVER["PHP_SELF"]?>" onSubmit="return CheckForm(this);"> Please upload lock.php<BR> <input type="file" name="file" /> <input type="submit" name="submit" value="Submit"/> </form> Anyone can help please? :-\ :-\

Errors: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent If i remove it from the if statements it works fine :-\ My code: <?php if (isset($_FILES['file'])) { $file = file_get_contents($_FILES['file']['tmp_name']); $submit = $_POST['submit']; if($file == "") echo "No file selected"; else { if($submit == "Decode") { if (preg_match('/lock/', $file)) { error_reporting (E_ERROR | E_WARNING | E_PARSE); session_start(); set_magic_quotes_runtime(0); if (function_exists('get_magic_quotes_gpc')) { $magic_quotes_gpc = get_magic_quotes_gpc(); } else { $magic_quotes_gpc = ini_get('magic_quotes_gpc'); } $register_globals = @ini_get('register_globals'); if(PHP_VERSION < '4.1.0') { $_GET = &$HTTP_GET_VARS; $_POST = &$HTTP_POST_VARS; $_COOKIE = &$HTTP_COOKIE_VARS; $_SERVER = &$HTTP_SERVER_VARS; $_ENV = &$HTTP_ENV_VARS; $_FILES = &$HTTP_POST_FILES; } if(!$register_globals || !$magic_quotes_gpc) { @extract($_POST, EXTR_OVERWRITE); @extract($_GET, EXTR_OVERWRITE); if(!$register_globals && is_array($_FILES) && count($_FILES)) { foreach($_FILES as $key => $val) { $$key = $val['tmp_name']; ${$key.'_name'} = $val['name']; ${$key.'_size'} = $val['size']; ${$key.'_type'} = $val['type']; } } } if (!$magic_quotes_gpc) { foreach($_POST as $key => $val) { $_POST[$key]=saddslashes($val); } foreach($_GET as $key => $val) { $_GET[$key]=saddslashes($val); } } function saddslashes($string) { if (is_array($string) && count($string)) { foreach ($string as $key => $val) { $string[$key] = saddslashes($val, $force); } } else { $string = addslashes($string); } return $string; } } } } } ?>

Anyone can help? :-\

<?php $flood = $_SERVER['HTTP_REFERER']; //Replace blah with the website url (without extension) if (preg_match("/blah/i", "$flood")) { die('Your banned, you flooder!'); } ?>

If my whole file contains: ?><div style="clear: both"></div> </div> <div id="footer"> <div class="col1"></div> <?php wp_footer(); ?> </body></html><? Why would someone even add short tags when they are not used or needed, i understand the downside to this but in this situation i'd prefer to this.

Breakdown: ?><div style="clear: both"></div> </div> <div id="footer"> <div class="col1"></div> <?php wp_footer(); ?> </body></html><? </html><? << is uneeded because its not ended anywhere uneeded because not started anywhere >> ?><div style="clear: both"></div> maybe something along the lines of (wont work though): $file = preg_replace("?/>~([^']*?)~<\?", "~([^']*?)~", $file);

Thanks both of you, both are great!

<?php $file = "hello, I have a pet goat, i know its random, but who cares?"; if(preg_match('/goat/', $file)) { echo "it contains goat fool!"; } if(preg_match('/hello/', $file)) { echo "it contains hello!"; } if(preg_match('/random/', $file)) { echo "it contains random!"; } ?> It would echo all of them, how would i only allow it to echo the first match (like in this case 'hello')

I have alot of if statements to the variable $file. How can i only echo 1 if, instead of more (if more then one if statement matches $file)? :-\

Example: //$file is the variable to remove the uneeded tags $file = '?><br class="clear" /> </div> <div id="footer-wrap"> <div id="footer"> <div class="span-3 append-1 small"> <?php if ( !function_exists(\'dynamic_sidebar\') || !dynamic_sidebar(\'Bottom-Left\') ) : ?> <?php endif; ?> </div><?'; //remove the uneded php tags $file = preg_replace('remove unclosed/uneded tags', ' ', $file); highlight_string($file); Im trying to figure out how to remove uneeded tags (short and full), which are unclosed or opened for no reason as shown in the above example. Edit heres some more typical examples: <?php header("Location: install.php"); ?> '; ?> ?><?php function iif($cond = false, $if_true, $if_false){ if (!(is_bool($cond) && $if_true && $if_false)) return false; if ($cond) return $if_true; else return $if_false; } ?> Thanks

Thanks that solved it! I don't know why string 3 didnt work before, it works ok now. The problem was that string 4 bracket had to be escaped, so everything works. :D

My edit: « Last Edit: Today at 01:59:47 PM by newbtophp » Your reply: « Reply #13 on: Today at 02:04:17 PM » Looks like the forum displays the edits slightly late lol

Sweet that worked! Im learning along too! I tried to do the others: string 3: '/<\?php \$__FILE__=__FILE__;\$__B__=\'([^\']*?)\';\$bx=base64_decode\(\"([^\']*?)\"\);eval\(\$bx\(\'([^\']*?)\'\)\);unset\(\$__X__\);unset\(\$__FILE__\); \?>/' string 4: '/<\?php \$m\=\"([^\']*?)\";eval\(base64_decode\(\"([^\']*?)\")\);return;\?>/' But both ended up not working? :-\

@ MadTechie Thanks worked great for string 1:D I tried modifying that to work with string 2: '/<\?php \$_A=__FILE__;\$_B=\'([^\']*?)\';\$_D=strrev(\'edoced_46esab\');eval\(\$_D\(\'([^\']*?)\'\)\);\?>/' But it does not work, what am i doing wrong? Thanks Edit: Thanks Cags

"~<\?php \$_B=__FILE__;\$_C='(*?)';eval\(base64_decode\('([^']*?)~" preg_match("~<\?php \$_F=__FILE__;\$_X='(*?)';eval\(base64_decode\('([^']*?)~", $file); outputs error: Warning: preg_match() [function.preg-match]: Compilation failed: nothing to repeat at offset 26 in...