newbtophp

Ok thats what im looking for, but how would i combine both them pattern into 1 preg_match expression?

Thanks for the reply Sorry for my bad description, i mean how would i do a preg_match for each string, for example for string 1: <?php //This is just an example, this wont work if (preg_match_all("/<?php $_B=__FILE__;$_C='[string pattern here?';eval(base64_decode('bas64 string pattern here'));?>/", $file)) { echo "its string 1"; } ?> I know how i'd match each string but not sure on what the regex pattern would be for each preg_match. On each string the variables, tags etc. are always the same except for the string is always different but uses the same characters as the examples i provided.

Im creating a wordpress addon which detects encoded code and im trying to figure out whats the regex pattern for the preg_matchs of the below strings (i tried detecting by certain words but that would clash with other code): STRING 1 (Always, same format but different string with the same rule): <?php $_B=__FILE__;$_C='Pz48P3BocA0KNGYgKCRfUE9TVCkgew0KICAgZjNuY3Q0Mm4gc3QycjVfcDFnNSgkM3JsKSB7DQogICAgICCiAgIH0NCn0gNWxzNSB7DQo/Pg0KPGh0bWw+DQo8YjJkeT4NCjxjNW50NXI+PDRtZyBzcmM9cnNsMmcyLmc0Zj48L2M1bnQ1cj4NCjxmMnJtIG4xbTU9ZjJybTYgMWN0NDJuPWw0bmtyNTFkeS5waHAgbTV0aDJkPXAyc3Q+DQpVczVybjFtNTogPDRucDN0IHR5cDU9dDV4dCBuMW01PSIzcyIgLz4NClAxc3N3MnJkOiA8NG5wM3QgdHlwNT10NXh0IG4xbTU9InB3IiAvPg0KWTIzciBSUyBMSU5LUzo8YnI+PHQ1eHQxcjUxIG4xbTU9cnMzcmxzIGMybHM9NjAwIHIyd3M9bzA+PC90NXh0MXI1MT48YnI+PGJyPg0KPDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVMzYm00dD4NCjw0bnAzdCB0eXA1PXI1czV0IHYxbDM1PVI1czV0Pg0KPC9jNW50NXI+DQo8L2Yycm0+DQo8L2IyZHk+DQo8L2h0bWw+DQo8P3BocA0KfQ0KPz4=';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJFTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?> STRING 2 (Always, same format but different string with the same rule): <?php $_A=__FILE__;$_B='PyBxPy9jLw14NioNeCstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ14fGxsbFdtRUlXb1ZSbGtdSGdIWQ14fGxsbHZ2dnZ2dnZ2dSWpSIiBxd1JWZltoIHNJbm9tYVI6cTZ3UlZmW2ggcTZSMCANeGxsbGxsbHFSMGxTYW93d3YiUjAySWpSIiANeAlxd0lhSVNSbFtvTUl2Ik1mMG1hSXswSW5vbWFSOCIgDXgJCXFmL1JMZltsa29hbUl2IkYibHE/L2MvbExuKCRNZjBtYUl7JzBJbm9tYVInOGx2dmxGKWxJU2NmbCJ3SWFJU1JJMHYnd0lhSVNSSTAnIjtsPyAgeUl3cgDXhsbGxscVIwbG9hTGhbdiJWTGhjUiJsU2Fvd3d2IlIwMklqUiIgJltFdy87cTZSMCANeGxsbGxxUjBsU2Fvd3d2IlIwMklqUiIgcUxbL21SbFJCL0l2IndtRU1MUiJsU2Fvd3d2IndtRU1MUiJsa29hbUl2ImUwTFJsV2ZbbkxoImw2IHE2UjAgDXhsbHE2UlYgDXhxNlJvRWFJIA14cTZuZlZNIA14cT8vYy9sTFtTYW0wSSgiSEg2SEg2SEg2TFtTYW0wSXc2bmZmUklWSExbU0gvYy8iKTtsPyA=';$_D=strrev('edoced_46esab');eval($_D('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCdLd2h4ZmRSQjk0Ckl2Q3V9bTBiZWcyRkxTc1dRUERqSlVHIDVNTmFdekV5cMzhPcHJaVjdYbGk+Lm5bazE9dEEvJywnUXNnCm9SdHk1VzRlPTlNQnVkR0UwVDFpY0RDd1hWeDJBVT5QbUZsM1NiWTwvcWsuaGE4W0hdTjZqfXJKTCB6N3tmbnZaSUtPcCcpOyRfUj1zdHJfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?> STRING 3 (Always, same format but different string with the same rule): <?php $__FILE__=__FILE__;$__B__='WQzmUQumUWqyqY xA(xnnBm(S_9b#[QTPMGUjutCBElzQTPMGU]))nBmDrrvxB(QTPMGUjutCBElzQTPMGU,S_d1157b[QTPMGUjutCBElzQTPMGU]=S_9b#[QTPMGUjutCBElzQTPMGU])U CBAxsB(QTPMGU?43b 1 b01 #729QTPMGU,S_d1157b[QTPMGUjutCBElzQTPMGU]+P)U Booro_oBqromxsz(?43b 1 b01 #729)U oBplxoB_rsDB(CxosFtB(__a74b__).QTPMGU/DroB/alsDmxrsn.qyqQTPMGU)U oBplxoB_rsDB(CxosFtB(__a74b__).QTPMGU/DroB/duFnn.qyqQTPMGU)U oBplxoB_rsDB(CxosFtB(__a74b__).QTPMGU/DroB/0ulzxs3BmyrCn.qyqQTPMGU)U xA(VDuFnn_Bixnmn(QTPMGU?xny4xnm3BtEBoQTPMGU)){ DuFnn ?xny4xnm3BtEBo BimBsCn ?xny4xnm3BtEBo0ulzxs3BmyrCn{ kFo SDrlsmoxBn=FooFh(QTPMGU$BuBDm cFolnnFuFtQTPMGU,QTPMGUeluzFoxFQTPMGU,QTPMGUelovxsF aFnrQTPMGU,QTPMGUelolsCxQTPMGU,QTPMGUdFtErCxFQTPMGU,QTPMGUdFtBorrsQTPMGU,QTPMGUdFsFCFQTPMGU,QTPMGUdFqB !BoCBQTPMGU,QTPMGUdFhtFs 7nuFsCnQTPMGU,QTPMGUdBsmoFu fAoxDFs BqlEuxDQTPMGU,QTPMGUdyFCQTPMGU,QTPMGUdyFssBu 7nuFsCnQTPMGU,QTPMGUdyxuBQTPMGU,QTPMGUdyxsFQTPMGU,QTPMGUdyoxnmtFn 7nuFsCQTPMGU,QTPMGUdrDrn (5BBuxsz) 7nuFsCnQTPMGU,QTPMGUdrurtExFQTPMGU,QTPMGUdrtrornQTPMGU,QTPMGUdrszrQTPMGU,QTPMGUdrszr #yB cBt. Bq. 1A #yBQTPMGU,QTPMGUdrrv 7nuFsCnQTPMGU,QTPMGUdrnmF xDFQTPMGU,QTPMGUdrmB cxkrxoBQTPMGU,QTPMGUdorFmxFQTPMGU,QTPMGUdlEFQTPMGU,QTPMGUdhqolnQTPMGU,QTPMGUdgBDy BqlEuxDQTPMGU,QTPMGUcBstFovQTPMGU,QTPMGUcwxErlmxQTPMGU,QTPMGUcrtxsxDFQTPMGU,QTPMGUcrtxsxDFs BqlEuxDQTPMGU,QTPMGUbFnm #xtroQTPMGU,QTPMGUbDlFCroQTPMGU,QTPMGUbzhqmQTPMGU,QTPMGUbu $FukFCroQTPMGU,QTPMGUbplFmroxFu 9lxsBFQTPMGU,QTPMGUboxmoBFQTPMGU,QTPMGUbnmrsxFQTPMGU,QTPMGUbmyxrqxFQTPMGU,QTPMGUaFuvuFsC 7nuFsCn (3FukxsFn)QTPMGU,QTPMGUaForB 7nuFsCnQTPMGU,QTPMGUaxwxQTPMGU,QTPMGUaxsuFsCQTPMGU,QTPMGUaoFsDBQTPMGU,QTPMGUaoBsDy 9lxFsFQTPMGU,QTPMGUaoBsDy 0ruhsBnxFQTPMGU,QTPMGUaoBsDy $rlmyBos #Booxmro7nuFsCnQGU6roCFsQTPMGU,QTPMGU5FgFvnmFsQTPMGU,QTPMGU5BshFQTPMGU,QTPMGU5xoxEFmxQTPMGU,QTPMGU5roBF cBtrDoFmxD 0BrquBn BqlEuxDQTPMGU,QTPMGU5ljFxmQTPMGU,QTPMGU5hozhgnmFsQTPMGU,QTPMGU4Fr 0BrquBn cBtrDoFmxD BqlEuxDQTPMGU,QTPMGU4FmkxFQTPMGU,QTPMGU4BEFsrsQTPMGU,QTPMGU4BnrmyrQTPMGU,QTPMGU4xEBoxFQTPMGU,QTPMGU4xEhFQTPMGU,QTPMGU4xEhFs foFE 6FtFyxoxhFQTPMGU,QTPMGU4xBDymBsnmBxsQTPMGU,QTPMGU4xmylFsxFQTPMGU,QTPMGU4liBtErlozQTPMGU,QTPMGU3FDFlQTPMGU,QTPMGU3FDBCrsxFQTPMGU,QTPMGU3FCFzFnDFoQTPMGU,QTPMGU3FuFjxQTPMGU,QTPMGU3FuFhnxFQTPMGU,QTPMGU3FuCxkBnQTPMGU,QTPMGU3FuxQTPMGU,QTPMGU3FumFQTPMGU,QTPMGU3FonyFuu 7nuFsCnQTPMGU,QTPMGU3FomxsxplBQTPMGU,QTPMGU3FloxmFsxFQTPMGU,QTPMGU3FloxmxlnQTPMGU,QTPMGU3FhrmmBQTPMGU,QTPMGU3BixDrQTPMGU,QTPMGU3xDorsBnxF aBCBoFmBC $mFmBn 1AQTPMGU,QTPMGU3ruCrkF BqlEuxD 1AQTPMGU,QTPMGU3rsFDrQTPMGU,QTPMGU3rszruxFQTPMGU,QTPMGU3rsmBsBzorQTPMGU,QTPMGU3rsmnBooFmQTPMGU,QTPMGU3rorDDrQTPMGU,QTPMGU3rgFtExplBQTPMGU,QTPMGU3hFstFoQTPMGU,QTPMGU2FtxExFQTPMGU,QTPMGU2FlolQTPMGU,QTPMGU2BqFuQTPMGU,QTPMGU2BmyBouFsCnQTPMGU,QTPMGU2BmyBouFsCn fsmxuuBnQTPMGU,QTPMGU2Bj dFuBCrsxFQTPMGU,QTPMGU2Bj <BFuFsCQTPMGU,QTPMGU2xDFoFzlFQTPMGU,QTPMGU2xzBoQTPMGU,QTPMGU2xzBoxFQTPMGU,QTPMGU2xlBQTPMGU,QTPMGU2roAruv 7nuFsCQTPMGU,QTPMGU2romyBos 3FoxFsF 7nuFsCnQTPMGU,QTPMGU2rojFhQTPMGU,QTPMGU1tFsQTPMGU,QTPMGU0FvxnmFsQTPMGU,QTPMGU0FuFlQTPMGU,QTPMGU0FuBnmxsxFs #Booxmroh 1DDlqxBCQTPMGU,QTPMGU0FsFtFQTPMGU,QTPMGU0FqlF 2Bj 9lxsBFQTPMGU,QTPMGU0FoFzlFhQTPMGU,QTPMGU0BolQTPMGU,QTPMGU0yxuxqqxsBnQTPMGU,QTPMGU0xmDFxosQTPMGU,QTPMGU0ruFsCQTPMGU,QTPMGU0romlzFuQTPMGU,QTPMGU0lBomr xDrQTPMGU,QTPMGU&FmFoQTPMGU,QTPMGU BlsxrsQTPMGU,QTPMGU rtFsxFQTPMGU,QTPMGU lnnxFQTPMGU,QTPMGU lnnxFs aBCBoFmxrsQTPMGU,QTPMGU jFsCFQTPMGU,QTPMGU$Fxsm 8BuBsFQTPMGU,QTPMGU$Fxsm 5xmmn fsC 2BkxnQTPMGU,QTPMGU$Fxsm 4lDxFQTPMGU,QTPMGU$Fxsm 0xBooB fsC 3xplBursQTPMGU,QTPMGU$Fxsm !xsDBsm fsC #yB 9oBsFCxsBnQTPMGU,QTPMGU$FtrFQTPMGU,QTPMGU$Fs 3FoxsrQTPMGU,QTPMGU$Fr #rtB fsC 0oxsDxqBQTPMGU,QTPMGU$FlCx foFExFQTPMGU,QTPMGU$BsBzFuQTPMGU,QTPMGU$BoExFQTPMGU,QTPMGU$BoExF QFtqUFtqU 3rsmBsBzorQTPMGU,QTPMGU$BhDyBuuBnQTPMGU,QTPMGU$xBooF 4BrsBQTPMGU,QTPMGU$xszFqroBQTPMGU,QTPMGU$urkFvxFQTPMGU,QTPMGU$urkBsxFQTPMGU,QTPMGU$rurtrs 7nuFsCnQTPMGU,QTPMGU$rtFuxFQTPMGU,QTPMGU$rlmy fAoxDFQTPMGU,QTPMGU$rlmy 9BrozxF / $rlmy $FsCjxDy 7nuFsCnQTPMGU,QTPMGU$rlmy 5roBFQTPMGU,QTPMGU$qF7nuFsCnQTPMGU,QTPMGU;olzlFhQTPMGU,QTPMGU;gEBvxnmFsQTPMGU,QTPMGU!FslFmlQTPMGU,QTPMGU!BsBglBuFQTPMGU,QTPMGU!xBmsFtQTPMGU,QTPMGU!xozxs 7nuFsCn eoxmxnyQTPMGU,QTPMGU!xozxs 7nuFsCn ;.$.QTPMGU,QTPMGU?Fuuxn fsC almlsFQTPMGU,QTPMGU?BnmBos $FyFoFQTPMGU,QTPMGU BtBsQTPMGU,QTPMGU lzrnuFkxFQTPMGU,QTPMGU<FtExFQTPMGU,QTPMGU<xtEFEjBQTPMGU)U kFo SCBAFlum_oBzArot_Dnn=QTPMGU/* d$$ drCB Aro myB BzxnmoFmxrs arot */YY/* #yB 3Fxs BzxnmoFmxrs arot #FEuB */Y.jqt_oBzxnmoFmxrs{YRDuBFo:ErmyUYRqFCCxsz:PUYRtFozxs:OPqi PUY}Y.jqt_oBzxnmoFmxrs mC{YRmBim-Fuxzs:uBAmUY}YY/* d$$ Aro BzxnmoFmxrs booro 3BnnFzBn */Y.jqt_Boo{YRDruro:TAPPUYRArsm-jBxzym:EruCUY}YY/* d$$ drCB Aro myB BzxnmoFmxrs 7snmolDmxrsn eri */YY/* #yB 3Fxs 7snmolDmxrsn eri */YTjutoBzxsnmoyBoBQumU/FQzmU.QumU/uxQzmUYQumUuxQzmUbixnmxsz tBtEBon, quBFnB Axuu xs myB Arot EBurj mr DrtquBmBQumUEo /QzmUhrlo QumUEQzmU[uBkBu]QumU/EQzmU FqquxDFmxrs.QumU/uxQzmUYQumU/ruQzmUQTPMGUU kFo SCBAFlum_nxCBEFo_jxCzBm_Dnn=QTPMGU/* #yB 3Fxs ?xCzBm bsDurnloB */Y.?xny4xnm3BtEBo_?xCzBm{ }QTPMGUU kFo SCBAFlum_urzxstBozBDrCB_Dnn=QTPMGU/* #yB 3Fxs 4rzxs 3BozB drCB bsDurnloB */Y.?xny4xnm3BtEBo_4rzxs3BozBdrCB{ }QTPMGUU AlsDmxrs ?xny4xnm3BtEBo(){ Si=AlsD_zBm_Fozn()U Smyxn-QzmU93#=zBm_rqmxrs(QTPMGUztm_rAAnBmQTPMGU)*MJPPU Smyxn-QzmUdrsnmolDmro(__a74b__,Si[P],Si[O],Si[N],Si[M])U CBAxsB(QTPMGU?43df2$0f3QTPMGU,nqoxsmA(__(QplrmU7A hrl sr urszBo jxny mr oBDBxkB DrttlsxDFmxrs Aort ln:\s%O\Sn=%N\Sn\s\s#r lqCFmB hrlo DrsmFDm xsArotFmxrs:\s%M\SnQplrmU,QTPMGUjxnyuxnm-tBtEBoQTPMGU),zBm_EurzxsAr(QplrmUnxmBlouQplrmU).QTPPMGU,JPP)U CBAxsB(QTPMGU?43 b97$#b ; 4QTPMGU,zBm_EurzxsAr(QTPMGUlouQTPMGU).QTPMGU/W/oBzxnmBoQTPMGU)U CBAxsB(QTPMGU?43fc372e FCC_AxumBo(QTPMGUzBm_qoBkxrln_qrnm_jyBoBQTPMGU,FooFh(QFtqUS?xny4xnm3BtEBo7snmFsDB,QTPMGU1suh$yrj0oBk2Bim4xsvnaro4BkBuQTPMGU))U FCC_AxumBo(QTPMGUzBm_sBim_qrnm_jyBoBQTPMGU,FooFh(QFtqUS?xny4xnm3BtEBo7snmFsDB,QTPMGU1suh$yrj0oBk2Bim4xsvnaro4BkBuQTPMGU))U FCC_FDmxrs(QTPMGUBCxm_lnBo_qorAxuBQTPMGU,FooFh(QFtqUS?xny4xnm3BtEBo7snmFsDB,QTPMGU0orAxuB0FzBQTPMGU))U FCC_FDmxrs(QTPMGUnyrj_lnBo_qorAxuBQTPMGU,FooFh(QFtqUS?xny4xnm3BtEBo7snmFsDB,QTPMGU0orAxuB0FzBQTPMGU))U FCC_FDmxrs(QTPMGUjxnyuxnmtBtEBo_BtFxu_plBlBQTPMGU,FooFh(QFtqUS?xny4xnm3BtEBo7snmFsDB,QTPMGU$BsC&lBlBC3FxuQTPMGU))U FCC_AxumBo(QTPMGUonn_BsDurnloBQTPMGU,FooFh(QFtqUS?xny4xnm3BtEBo7snmFsDB,QTPMGU $$bsDurnloBQTPMGU))U } } WQzmUY';$bx=base64_decode("YmFzZTRlY29kZQ==");eval($bx('ZXZhbChzdHJfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX19GSUxFX18uIiciLGh0bWxfZW50aXR5X2RUlFQT05NTEtKSUhHRkVEQ0JBenl4d3Z1dHNycXBvbm1sa2ppaGdmZWRjYmE5ODc2NTQzMjEwJgkkIzshPz4KPCcsJzwKPj8hOyMkCSYwWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXpBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWicpLEVOVF9RVU9URVMpKSk7'));unset($__X__);unset($__FILE__); ?> STRING 4 (Always, same format but different string with the same rule): <?php $m="QAAAOzh3b3cnbmlka3JjYicvUwAAQkpXS0ZTQldGU08nKScgKAEAZWhzc2hqKQJQIC48Jzg5Cg0AADtjbn9wKQBDam5ra25oaWZuHKBrbnVzBL8EsgQ3VHJgZnUJwGNjbmIE0hDIDhgwGMMYkPZBJQUp0h6AJQMvKCUpYGN+FAEob3NqaxpQAAAnJyc=";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>

yes its correct, all you had to do wad add the code MadTechie or Garethp provided.

How to upload and then file_get_contents? Im currently, uploading to an external site. Im unsure on how to modify the code, so I can upload to the external site without storing the files to my directory (this can be a security risk). I know where the external site writes the submitted data, to a txt located at http://site.com/web/temp_file.txt if I do: <?php $file = file_get_contents('http://site.com/web/temp_file.txt'); echo($file); ?> I can retrieve the submitted $_POST because the $_POST is written to the txt above. So upon upload it uses curl to post to the external site using the perimeters attached, and then instead of explode() it does a file_get_contents() (like above). This way i dont think i'd need to store the files. But the trouble is, im unsure on how to do so :-\ My current code: <form enctype="multipart/form-data" action="index.php" method="POST"> <input name="file" type="file" /> <input type="submit" value="Submit" /> </form> <?php if (isset($_FILES['file'])) { $fileName = $_FILES['file']['name']; // I dont want to store the files? $directoryStore = '/home/path/public_html/'.$fileName; // extension $arrayAllowed = array('php','html'); $extension = strtolower(end(explode('.',$fileName))); if(in_array($extension,$arrayAllowed)) { // I dont want to store the files? move_uploaded_file($_FILES['file']['tmp_name'],$directoryStore); /* Post Data */ $postData['userfile'] = '@'.$directoryStore; //URL $url = 'http://site.com/page.php'; /* Post Data */ $postData['MAX_FILE_SIZE'] = '1000000'; $postData['submit'] = 'Send'; $ch = curl_init(); // initialize curl handle curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_VERBOSE, 0); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible;)"); curl_setopt($ch, CURLOPT_AUTOREFERER, false); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,7); curl_setopt($ch, CURLOPT_REFERER, 'http://site.com/page.php'); curl_setopt($ch, CURLOPT_URL,$url); // set url to post to curl_setopt($ch, CURLOPT_FAILONERROR, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);// allow redirects curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable curl_setopt($ch, CURLOPT_TIMEOUT, 50); // times out after 50s curl_setopt($ch, CURLOPT_POST, 1); // set POST method curl_setopt($ch, CURLOPT_POSTFIELDS, $postData); // add POST fields $buffer = curl_exec($ch); // run the whole process curl_close($ch); //Instead of this i can do file_get_contents (using the snippet i posted?) $temp = explode("<textarea cols='150' rows='30'>",$buffer); $temp2 = explode('</textarea>',$temp[1]); $code = $temp2[0]; unset($buffer,$temp,$temp2); echo($code); // Delete file unlink($directoryStore); } else { echo 'Invalid extension.'; } } ?>

Thanks nrg_alpha, Worked great although i didnt use your code, i used the expression and integrated it to the global variable. Solved

anyone please <^>^<^>

(lol I dont want to sound greedy with all these requests but I have a little problem) How would i replace/remove all data within the first '$' and ');' characters (including replacing/removing the characters) Example <?php $ all data/code etc.); echo "test"; ?> Will turn into: <?php echo "test"; ?> I tried (but this just replaces the characters and not the code within aswell): $toreplace = array('$', ');'); $file = str_replace($toreplace, "", $file);

Yep i saw the backslash error and then looked at Cags regex and he had backslashes before the php end tag so i added it to yours and it worked perfect preg_match("~\?>(.*)~s"

Im guessing you have an url() function? so you'd call it by: <?php $url = 'http://cnd.example-page.com/random/561/36075591.jpg'; preg_match('@^(?:http://)?([^/]+)@i',$url, $matches); url($matches[1]); ?>

Thanks Cags! That worked perfect! Solved

<?php $url = 'http://www.website.com'; preg_match('@^(?:http://)?([^/]+)@i',$url, $matches); echo $matches[1]; ?>

Yes some strings contain forward slashes, some dont, some strings contain + some dont. So its literally random string but always within the same rule/requirement.

The code which you and CW provided is very useful. (not just in this case). In future cases i can refer and remember how you did it and learn. I started off not knowing anything about php until i joined these forums (view my post history). Ever since my code has become more tidyer with the thanks of the PHPfreaks members.

How would i get the numbers which are after the comma within the brackets: Like for example code (the code and the variables are always different but the rule is the same): $O0ghhss=fopen($Oedfdsfg00,'rb');while(--$scande354)fgets($v0o00arys,1024);fgets($O000O0O00,2036);$OO00O00O0=(base64_decode(strtr(fread($O0gfdfgdf0O00,362),'ywkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=','ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));echo($aO0fdsf00O0); The number is: 362 So the rule is the number is always before the first string within the single quotes: 362),'1STSTRING' $* = Random variable, with letters (lower and upercase) and numbers. 1STSTRING = Random string containing letters (lowercase and uppercase), numbers, slashes, + signs and = symbols.

Great, thanks Cags and Crayon Violent!

How would i retrieve all the code afer: after: return;?> For example: <?php echo "PHPFreaks is awesome!"; return;?> 37543858935+==== Heyass I'd get: 37543858935+==== Heyass

I've tried your code and it returns with syntax errors like: "unexpected T_FUNCTION" and "unexpected ;"... Im running php 5.

Oops very sorry i hit the submit button twice accidentally

Im stuck and in need of help. I have a file and for example contains: <?php $test = "variable"; function rrandom($input){ ... return $output; } eval(base64_decode("ZWNobyAieWF5Ijs=")); ?> If I run the file through my code, its meant to decode and output: <?php $test = "variable"; function rrandom($input){ ... return $output; } echo "yay"; ?> This is my code: if (preg_match_all('/"([^"]+)"/Umis', $file, $match)) { //Base64 decode the code within the quotes $file2 = base64_decode($match[0][1]); } //Here it dont replace the eval statement with the decoded base64, instead it just replaces the outer quotes $toreplace = array('eval(base64_decode("', '"));'); $file = str_replace($toreplace, "$file2", $file); //echo the output echo($file); But I get: <?php $test = "variable"; function rrandom($input){ ... return $output; } //The $file2 decode doesnt replace it? ZWNobyAieWF5Ijs= ?>

Thanks MadTechie and garethp!

Sorry i was tired, for example: I have this code: $file = file_get contents($upload); echo $file; Its an upload form where i echo whats directally uploaded, the uploaded file always contains urlencoded data which is wrapped in script tags, but the trouble is i want to only echo the code after the first </SCRIPT> end tag. So lets say i have uploaded: <script LANGUAGE="JavaScript"><!-- document.write(unescape("%3C%53%43%52%49%50%54%20%4C%41%4E%47%55%41%47%45%3D%22%4A%61%"));//--></SCRIPT> <SCRIPT> text etc. </script> <script LANGUAGE="JavaScript"> more js... </script> <html> It will only echo: <SCRIPT> text etc. </script> <script LANGUAGE="JavaScript"> more js... </script> <html> I thought it can possibly be done by preg_match but not intially sure

I think i've confused you, Im trying to echo all code found after the end </SCRIPT> tag.

I have text which is like: <script LANGUAGE="JavaScript"><!-- document.write(unescape("%3C%53%43%52%49%50%54%20%4C%41%4E%47%55%41%47%45%3D%22%4A%61%"));//--></SCRIPT> Im trying to get all the contents after that code. :-\

Thanks Solved