pietbez Posted September 9, 2008 Share Posted September 9, 2008 im sure im just being paranoid i have a scripter doing work for me. i was looking at some of the files with odd links in them. and also refference to tables that dont apear in my db there is also a rapidshare link in there??? can any but give me a rough idea what this script does? <?php include_once("./http.inc.php"); include_once("./global_func.php"); define("MAX_LINKS_ADDED", 50); define("MAX_LINKS_TOTAL", 50); //$uzivatel = prihlasUzivatele(); ////// TESTTTTTTTTTTTTtt $uzivatel["id"]=3760; $uzivatel["kredit"]=400 * 1048576; mysql_connect("localhost", "root", ""); mysql_select_db("rapidspool"); ////// ------------ $links=explode("\n", $_REQUEST["links"]); $cnt = count($links); if(!$_REQUEST["links"]) return; $vefronte = mysql_result(mysql_query("SELECT count(*) FROM stahovani WHERE uzivatel = " . $uzivatel["id"]),0); if($vefronte > MAX_LINKS_TOTAL) return "Odkazy nebyly pøidány, protože ve fronì máte momentálnì $vefronte souborù. Limit je " . MAX_LINKS_TOTAL; if($cnt > MAX_LINKS_ADDED) $cnt = MAX_LINKS_ADDED; $link_status=range(0,$cnt-1); $link_suc = 0; $velikost = 0; // Jen ty, co mame na serveru for($i=0; $i<$cnt; $i++){ $soubor_info[$i] = souborInfoOdNas($links[$i]); if($soubor_info[$i]["status"]>0){ $velikost += $soubor_info[$i]["velikost"]; if($velikost<$uzivatel["kredit"]){ $link_status[$i]=2; $link_suc++; } else $link_status[$i]=0; } } // Ostatni stahniInfoOSouborech($links, $soubor_info, $cnt); for($i=0; $i<$cnt; $i++){ if($soubor_info[$i]["status"]==0){ // Soubor na nasem serveru nemame $velikost += $soubor_info[$i]["velikost"]; if($velikost<$uzivatel["kredit"]){ $link_status[$i]=1; $link_suc++; } else $link_status[$i]=0; } elseif($soubor_info[$i]["status"]==-1){ // Soubor neexistuje $link_status[$i]=-1; } } // Prochazeni, zapisovani do db, oznamovani chyba for($i=0; $i<$cnt; $i++){ switch($link_status[$i]){ case -1: echo "-1\n"; break; case 0: echo "0\n"; break; case 1: echo "1\n"; pridejStahovani(false, $uzivatel["id"], $links[$i], $soubor_info[$i]["cesta"], $soubor_info[$i]["velikost"]); break; case 2: pridejStahovani(true, $uzivatel["id"], $links[$i], $soubor_info[$i]["cesta"], $soubor_info[$i]["velikost"], $soubor_info[$i]["cas_nahrani"], $soubor_info[$i]["status"]); echo "1\n"; } } echo "\nPo stažení tìchto souborù Vám zbyde: " . toGB($uzivatel["kredit"]-$velikost) . " GB"; function pridejStahovani($existuje, $uzid, $link, $cesta, $velikost, $cas_nahrani=0, $status=0){ $link = mysql_real_escape_string($link); if(mysql_result(mysql_query("SELECT count(*) FROM `stahovani` WHERE uzivatel = $uzid AND soubor = '" . $link . "'"),0)>0) return; if($existuje===false){ mysql_query("INSERT INTO `stahovani` (uzivatel, soubor, cesta, velikost, stazeno, status, cas_nahrani, cas_stazeni, rychlost) VALUES ($uzid, '$link', '$cesta', $velikost, 0, 0, 0, 0, 0)"); } else { mysql_query("INSERT INTO `stahovani` (uzivatel, soubor, cesta, velikost, stazeno, status, cas_nahrani, cas_stazeni, rychlost) VALUES ($uzid, '$link', '$cesta', $velikost, 0, $status, $cas_nahrani, 0, 0)"); } } function souborInfoOdNas($link) { $link = mysql_real_escape_string($link); $res = mysql_query("SELECT id, status, cesta, velikost, cas_nahrani FROM `stahovani` WHERE soubor = '$link' AND status > 0 LIMIT 0,1"); $out = array(); $path = vytvorCestu($link); $out["cesta"] = $path; if(mysql_num_rows($res)==0){ if(@file_exists($path)){ $size = filesize($path); $out["velikost"]=$size; $out["cas_nahrani"]=time(); $out["status"]=1; return $out; } } else { $out["status"]=1; $rec = mysql_fetch_row($res); $out["status"]=$rec[1]; $out["cesta"]=$rec[2]; $out["velikost"]=$rec[3]; $out["cas_nahrani"]=$rec[4]; return $out; } } function stahniInfoOSouborech($odkazy, &$soubor_info, $cnt){ for($i=0; $i<$cnt; $i++){ if($soubor_info[$i]["status"]<1){ // Pokud soubor na serveru nemame $q .= $odkazy[$i] . "\r\n"; } } $results=explode("\n", HTTP_GET("rapidshare.com", "/cgi-bin/checkfiles.cgi?toolmode=1&urls=" . urlencode($q))); $cr = 0; for($i=0; $i<$cnt; $i++){ if($soubor_info[$i]["status"]<1){ // Pokud soubor na serveru nemame $cur_info = explode(",", $results[$cr]); if($cur_info[1]==-1){ // Pokud neexistuje sobuor na strane rapidshare... $soubor_info[$i]["status"]=-1; } else { $soubor_info[$i]["status"]=0; $soubor_info[$i]["cesta"]=vytvorCestu($odkazy[$i]); $soubor_info[$i]["velikost"]=$cur_info[4]; } $cr++; } } } ?> Link to comment https://forums.phpfreaks.com/topic/123478-php-paranoia/ Share on other sites More sharing options...
tmbrown Posted September 9, 2008 Share Posted September 9, 2008 Looks like some kind of file validation, however it is calling a serverside file from rapidshare, not an actual file link. As far as the database goes I do not see anything in there that is pointing to another DB server other than localhost. What exactly is the script "supposed" to be doing? Link to comment https://forums.phpfreaks.com/topic/123478-php-paranoia/#findComment-637743 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.