fread or whatever php code from php page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tsg
Forum Contributor
Posts: 142
Joined: Sun Jan 12, 2003 9:22 pm
Location: SE, Alabama
Contact:

fread or whatever php code from php page

Post by tsg »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I am trying to write a script to open php files on my website, read the code, remove code that a f*****g hacker put on there and then save it.

example, I have a page (well, a LOT of pages) that was created from my content management system, say "page.html". 

In that page.html, I have something like :

Code: Select all

<? page_id=1;
include "/path/to/main.php"';
?>
Well, my server was hacked and attached and all pages that were created by my system had coded added to the pages ... noW the pages are:

Code: Select all

<? page_id=1;
include "/path/to/main.php"';
ALL KINDS OF CODE TO SOME RUSSIAN WEBSITE HAD BEEN ADDED HERE
?>
I have been trying file_get_contents and fread ... but it seems to return the outputed HTML, not the PHP code.

IS there a way to read just the PHP code and I can str_replace and the write it back?

Thanks -Tim


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
brendandonhue
Forum Commoner
Posts: 71
Joined: Mon Sep 25, 2006 3:21 pm

Post by brendandonhue »

You need to use a filesystem path to the files (/home/username/www/blah.php rather than yoursite.com/blah.php)
And hopefully you've fixed the problem that compromised your site in the first place, or it will probably just get defaced again.
User avatar
boo_lolly
Forum Contributor
Posts: 154
Joined: Tue Nov 14, 2006 5:04 pm

Post by boo_lolly »

brendandonhue wrote:You need to use a filesystem path to the files (/home/username/www/blah.php rather than yoursite.com/blah.php)...
that's exactly what he did.

tsg, you have a unique problem. i didn't say uncommon. the first thing that comes to mind is if you are using a *nix system, or have a windows version of the shell (like putty) you should try the 'grep' command. if you are not using a shell i would recommend starting right NOW. if you are unfamiliar with the cli shell you should go here to get an introduction. search for all the files (using the command grep) that contain the HTML output that is displayed as your pages' content.

once it has returned a list of all the files that contain your search query, open them up with the vim editor if you have a microsoft or mac operating system. if you are using a *nix system it should have been installed with your distro under the name vi editor (no 'm'). if you are not familiar with editing with the vi/vim editor now is a good time to start. both editors respond to the same commands, afaik. using the vi editor you can repeat the same series of commands (which should only turn out to be 3, maybe 4 total) on every file that contained the content of your search query.

i'm sure there's a way to do it in php. but wouldn't you feel more content with your site if you deleted the over-script for good? i'm pretty sure, also, that most everybody here will agree that it is a good idea to learn the above material, if you haven't already. if you haven't, this would be the perfect issue to solve using the shell and vi/vim as a beginner. hope this helps. good luck!
tsg
Forum Contributor
Posts: 142
Joined: Sun Jan 12, 2003 9:22 pm
Location: SE, Alabama
Contact:

Post by tsg »

I got it working. I was using the path, but wasn't displaying what I wanted to see ... but was in the source code.

I have fixed the security issue, but they have left so much behind don't know if I will find it all.

Thanks
Post Reply