Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php header("\x43\x6f\156\164\145\156\164\55\x74\x79\160\x65\72\x20\x74\x65\x78\164\x2f..
Decoded Output download
<?php
header("Content-type: text/xml"); require_once "components/vdv/database/model/ini_vdv_prepare_query.php"; require_once "components/vdv/database/model/ini.inc.php"; require_once "components/vdv/database/model/ini.db.open.php"; require_once "components/vdv/core/view/server.inc.php"; require_once "components/vdv/site/model/station_get.php"; $action = isset($_GET["action"]) ? $_GET["action"] : 0; $user = isset($_GET["user"]) ? $_GET["user"] : 0; $password = isset($_GET["password"]) ? $_GET["password"] : 0; $station_id = isset($_GET["site"]) ? $_GET["site"] : 0; $user_check = 0; $user_query = "SELECT sites_access, owner_id, max_records, log_active, alarm_access, latest_values_access, history_access, xml_access_id,name FROM XML_Service_Access WHERE user_name="{$user}" AND password=AES_ENCRYPT("{$password}",'vdv920fnKe2E') AND service_active=1;"; $user_param = array("query" => $user_query, "db" => $db, "db_type" => $db_type); $user_stmt = vdv_prepare_query($user_param); $user_stmt->execute(); $user_result = $user_stmt->fetchAll(PDO::FETCH_ASSOC); if (count($user_result) > 0) { $sline = $user_result[0]; $sites_access = $sline["sites_access"]; $owner_id = $sline["owner_id"]; $max_records = $sline["max_records"]; $log_active = $sline["log_active"]; $alarm_access = $sline["alarm_access"]; $latest_values_access = $sline["latest_values_access"]; $history_access = $sline["history_access"]; $xml_access_id = $sline["xml_access_id"]; $xml_name = $sline["name"]; if ($action == 3 || $action == 4 || $action == 5) { if ($sites_access == 1) { $user_check = 1; $all_variables = 1; } else { if ($sites_access == 2) { $owner_query = "SELECT t1.station_name FROM Station AS t1 WHERE t1.station_id={$station_id} AND t1.owner_id={$owner_id};"; $owner_param = array("query" => $owner_query, "db" => $db, "db_type" => $db_type); $owner_stmt = vdv_prepare_query($owner_param); $owner_stmt->execute(); $owner_result = $owner_stmt->fetchAll(PDO::FETCH_ASSOC); if (count($owner_result) > 0) { $user_check = 1; $site_query = "SELECT t1.all_variables FROM XML_Service_Access_Sites AS t1 WHERE t1.station_id={$station_id} AND t1.xml_access_id={$xml_access_id};"; $site_param = array("query" => $site_query, "db" => $db, "db_type" => $db_type); $site_stmt = vdv_prepare_query($site_param); $site_stmt->execute(); $site_result = $site_stmt->fetchAll(PDO::FETCH_ASSOC); if (count($site_result) > 0) { $sline = $site_result[0]; $all_variables = $sline[0]; } else { $all_variables = 1; } } } else { if ($sites_access == 3) { $site_query = "SELECT t1.all_variables FROM XML_Service_Access_Sites AS t1 WHERE t1.station_id={$station_id} AND t1.xml_access_id={$xml_access_id};"; $site_param = array("query" => $site_query, "db" => $db, "db_type" => $db_type); $site_stmt = vdv_prepare_query($site_param); $site_stmt->execute(); $site_result = $site_stmt->fetchAll(PDO::FETCH_ASSOC); if (count($site_result) > 0) { $sline = $site_result[0]; $all_variables = $sline["all_variables"]; $user_check = 1; } } } } } else { $user_check = 1; } } if ($user_check == 1) { if ($action == 2) { $where_str = ''; if ($sites_access == 2) { $where_str = " WHERE owner_id={$owner_id}"; } else { if ($sites_access == 3) { $where_str = ", XML_Service_Access_Sites AS t2 WHERE t1.station_id=t2.station_id AND t2.xml_access_id={$xml_access_id}"; } } $station_query = "SELECT t1.station_id, t1.station_name FROM Station AS t1{$where_str} ORDER BY t1.station_name;"; $station_param = array("query" => $station_query, "db" => $db, "db_type" => $db_type); $station_stmt = vdv_prepare_query($station_param); $station_stmt->execute(); $station_result = $station_stmt->fetchAll(PDO::FETCH_NUM); if (count($station_result) > 0) { echo "<?xml version="1.0" encoding="utf-8" ?>\xa<Data>\xa<sites>\xa"; $search_array = array("&", "<", ">", "'", """); $replace_array = array("&", "<", ">", "'", """); for ($i1 = 0; $i1 < count($station_result); ++$i1) { $sline = $station_result[$i1]; $station_id = $sline[0]; $station_name = str_replace($search_array, $replace_array, $sline[1]); echo "<site>\xa<site_id>{$station_id}</site_id>\xa<name>{$station_name}</name>
</site>
"; } echo "</sites>
</Data>"; if ($log_active == 1) { $ip_address = $_SERVER["REMOTE_ADDR"]; $host_address = gethostbyaddr($ip_address); $log_action = "INSERT INTO Log_Messages (log_time, log_id, station_id, log_info) VALUES (NOW(), 810, 0, 'XML Service Site list: {$xml_name}. IP:{$ip_address}, {$host_address}');"; $log_param = array("query" => $log_action, "db" => $db, "db_type" => $db_type); $log_stmt = vdv_prepare_query($log_param); $log_stmt->execute(); } } else { echo "<?xml version="1.0" encoding="utf-8" ?>
<Data>
<sites>
<Error id="101">No Sites found</Error>\xa</sites>\xa</Data>
"; } } else { if ($action == 3) { $where_str = " WHERE "; if ($all_variables == 0) { $where_str = ",XML_Service_Access_Sites_Vars AS t4 WHERE t4.variable_id=t1.variable_id AND t4.xml_access_id={$xml_access_id} AND"; } $station_query = "SELECT t1.variable_id, t2.english_name FROM Variable_Info AS t1, Variable_Name AS t2{$where_str} t1.variable_id=t2.variable_id AND (t1.dynamic_variable=0 OR t1.dynamic_variable IS NULL) AND t1.station_id="{$station_id}" ORDER BY t2.english_name;"; $station_param = array("query" => $station_query, "db" => $db, "db_type" => $db_type); $station_stmt = vdv_prepare_query($station_param); $station_stmt->execute(); $station_result = $station_stmt->fetchAll(PDO::FETCH_NUM); if (count($station_result) > 0) { echo "<?xml version="1.0" encoding="utf-8" ?>\xa<Data>
<site id="{$station_id}">\xa"; $search_array = array("&", "<", ">", "'", """); $replace_array = array("&", "<", ">", "'", """); for ($i1 = 0; $i1 < count($station_result); ++$i1) { $sline = $station_result[$i1]; $variable_id = $sline[0]; $english_name = str_replace($search_array, $replace_array, $sline[1]); echo "<variable>
<variable_id>{$variable_id}</variable_id>\xa<name>{$english_name}</name>\xa</variable>\xa"; } echo "</site>\xa</Data>"; if ($log_active == 1) { $ip_address = $_SERVER["REMOTE_ADDR"]; $host_address = gethostbyaddr($ip_address); $log_action = "INSERT INTO Log_Messages (log_time, log_id, station_id, log_info) VALUES (NOW(), 811, {$station_id}, 'XML Service Variable list: {$xml_name}. IP:{$ip_address}, {$host_address}');"; $log_param = array("query" => $log_action, "db" => $db, "db_type" => $db_type); $log_stmt = vdv_prepare_query($log_param); $log_stmt->execute(); } } else { echo "<?xml version="1.0" encoding="utf-8" ?>\xa<Data>\xa<site>\xa<Error id="201">No Variables found</Error>
</site>\xa</Data>\xa"; } } else { if ($action == 4 && $latest_values_access == 1 || $action == 5 && $history_access == 1) { include "inc_get_virtual_variable_equation.php"; $alarm = isset($_GET["alarm"]) ? $_GET["alarm"] : 0; $unit = isset($_GET["unit"]) ? $_GET["unit"] : 0; $variable_id = isset($_GET["variable_id"]) ? $_GET["variable_id"] : 0; $where_str = " WHERE"; if ($all_variables == 0) { $where_str = ",XML_Service_Access_Sites_Vars AS t5 WHERE t5.variable_id=t1.variable_id AND t5.xml_access_id={$xml_access_id} AND"; } $station_query = "SELECT t1.variable_id, t1.db_col_name, t1.calculated_variable, t3.alarm_on, t2.unit_name, t4.english_name FROM Variable_Info AS t1 LEFT JOIN Alarm_Variable AS t3 ON t1.variable_id=t3.variable_id, Unit AS t2, Variable_Name AS t4{$where_str} t1.unit_id=t2.unit_id AND t1.variable_id=t4.variable_id AND t1.station_id={$station_id}"; if ($variable_id != 0) { $station_query .= " AND t1.variable_id IN ({$variable_id})"; } $station_query .= ";"; $station_param = array("query" => $station_query, "db" => $db, "db_type" => $db_type); $station_stmt = vdv_prepare_query($station_param); $station_stmt->execute(); $station_result = $station_stmt->fetchAll(PDO::FETCH_ASSOC); if (count($station_result) > 0) { $table_query = "SELECT table_name FROM File_Path WHERE station_id={$station_id};"; $table_param = array("query" => $table_query, "db" => $db, "db_type" => $db_type); $table_stmt = vdv_prepare_query($table_param); $table_stmt->execute(); $table_result = $table_stmt->fetchAll(PDO::FETCH_ASSOC); $table_name = $table_result[0]["table_name"]; $col_string = "time_stamp,"; $variable_array = array(); for ($i1 = 0; $i1 < count($station_result); ++$i1) { $sline = $station_result[$i1]; $variable_id = $sline["variable_id"]; $db_col_name = $sline["db_col_name"]; $calculated_variable = $sline["calculated_variable"]; $alarm_on = $sline["alarm_on"]; $unit_name = $sline["unit_name"]; $variable_name = $sline["variable_name"]; if ($calculated_variable == 1) { $col_string .= "'virtual',"; } else { $col_string .= "{$db_col_name},"; } $variable_array[$i1] = array($variable_id, $variable_name, $alarm_on, $unit_name); } $col_string = substr($col_string, 0, strlen($col_string) - 1); $where_str = "ORDER BY time_stamp DESC LIMIT 1;"; if ($action == 5) { $time_start = isset($_GET["time_start"]) ? $_GET["time_start"] : 0; $time_stop = isset($_GET["time_stop"]) ? $_GET["time_stop"] : 0; $where_str = "WHERE time_stamp>"{$time_start}" AND time_stamp<="{$time_stop}" ORDER BY time_stamp LIMIT {$max_records};"; } $values_query = "SELECT {$col_string} FROM {$table_name} {$where_str}"; $values_param = array("query" => $values_query, "db" => $db, "db_type" => $db_type); $values_stmt = vdv_prepare_query($values_param); $values_stmt->execute(); $values_result = $values_stmt->fetchAll(PDO::FETCH_NUM); if (count($values_result) > 0) { echo "<?xml version="1.0" encoding="utf-8" ?>\xa<Data>\xa<site id="{$station_id}">\xa"; for ($i2 = 0; $i2 < count($values_result); ++$i2) { $values_row = $values_result[$i2]; $row_time_stamp = $values_row[0]; echo "<record timestamp="{$row_time_stamp}">\xa"; for ($i1 = 1; $i1 < count($values_row); ++$i1) { $var_value = $values_row[$i1]; if ($var_value == "virtual") { $virtual_arr = get_virtual_variable_formula($variable_array[$i1 - 1][0], $db, $db_type); $virtual_query = "SELECT {$virtual_arr[0]} FROM {$virtual_arr[1]}"; if ($virtual_arr[2] != '') { $virtual_query .= "WHERE {$virtual_arr[2]}"; } $virtual_query .= " ORDER BY " . $virtual_arr[3][0] . ".time_stamp DESC LIMIT 1;"; $virtual_param = array("query" => $virtual_query, "db" => $db, "db_type" => $db_type); $virtual_stmt = vdv_prepare_query($virtual_param); $virtual_stmt->execute(); $virtual_result = $virtual_stmt->fetchAll(PDO::FETCH_BOTH); $vline = $virtual_result[0]; $var_value = $vline[0]; } echo "<variable>
<variable_id>" . $variable_array[$i1 - 1][0] . "</variable_id>\xa"; echo "<name>" . $variable_array[$i1 - 1][3] . "</name>\xa"; echo "<value>{$var_value}</value>\xa"; if ($alarm == 1) { echo "<alarm>" . $variable_array[$i1 - 1][2] . "</alarm>
"; } if ($unit == 1) { echo "<unit>" . $variable_array[$i1 - 1][3] . "</unit>\xa"; } echo "</variable>\xa"; } echo "</record>\xa"; } echo "</site>
</Data>"; if ($log_active == 1) { $log_id_str = "812"; $log_str = "XML Service Latest Data"; if ($action == 5) { $log_id_str = "813"; $log_str = "XML Service Data Period"; } $ip_address = $_SERVER["REMOTE_ADDR"]; $host_address = gethostbyaddr($ip_address); $log_action = "INSERT INTO Log_Messages (log_time, log_id, station_id, log_info) VALUES (NOW(), {$log_id_str}, {$station_id}, '{$log_str}: {$xml_name}. IP:{$ip_address}, {$host_address}');"; $log_param = array("query" => $log_action, "db" => $db, "db_type" => $db_type); $log_stmt = vdv_prepare_query($log_param); $log_stmt->execute(); } } else { echo "<?xml version="1.0" encoding="utf-8" ?>
<Data>\xa<site>
<Error id="303">No data found</Error>
</site>
</Data>
"; } } else { echo "<?xml version="1.0" encoding="utf-8" ?>
<Data>\xa<site>\xa<Error id="301">No Variables found</Error>
</site>\xa</Data>\xa"; } } } } } else { echo "<?xml version="1.0" encoding="utf-8" ?>
<Data>
<Error id="11">Illegal Access</Error>
</Data>\xa"; } ?>Did this file decode correctly?
Original Code
<?php
header("\x43\x6f\156\164\145\156\164\55\x74\x79\160\x65\72\x20\x74\x65\x78\164\x2f\170\x6d\x6c"); require_once "\x63\157\155\160\x6f\x6e\145\156\x74\163\57\x76\144\166\57\144\x61\x74\141\142\x61\163\145\x2f\155\157\x64\x65\154\57\x69\x6e\x69\x5f\x76\x64\166\x5f\160\162\145\160\141\162\145\137\161\x75\x65\x72\171\x2e\160\150\160"; require_once "\143\x6f\x6d\160\157\156\x65\x6e\x74\x73\x2f\x76\x64\166\57\x64\x61\x74\141\142\141\163\x65\x2f\155\157\144\145\x6c\x2f\151\x6e\151\56\151\x6e\x63\56\x70\150\x70"; require_once "\x63\157\155\160\x6f\x6e\x65\x6e\x74\x73\57\166\x64\166\x2f\x64\x61\x74\141\142\x61\163\x65\x2f\155\x6f\144\145\x6c\x2f\x69\x6e\151\x2e\144\142\x2e\x6f\160\145\x6e\x2e\x70\x68\x70"; require_once "\143\x6f\155\160\x6f\156\145\156\x74\163\x2f\166\x64\166\57\143\x6f\162\x65\x2f\x76\x69\x65\x77\57\x73\145\x72\x76\145\162\56\x69\156\x63\56\x70\150\160"; require_once "\143\157\155\160\157\x6e\145\156\x74\163\57\x76\144\166\57\x73\x69\164\145\x2f\x6d\x6f\x64\145\154\57\163\x74\141\x74\x69\x6f\x6e\137\147\145\164\56\160\150\x70"; $action = isset($_GET["\x61\143\164\151\x6f\156"]) ? $_GET["\x61\143\164\x69\157\x6e"] : 0; $user = isset($_GET["\165\163\145\x72"]) ? $_GET["\165\x73\145\x72"] : 0; $password = isset($_GET["\160\x61\x73\x73\x77\157\x72\144"]) ? $_GET["\x70\141\163\163\167\x6f\x72\144"] : 0; $station_id = isset($_GET["\163\151\x74\x65"]) ? $_GET["\163\x69\164\x65"] : 0; $user_check = 0; $user_query = "\x53\105\114\105\103\124\x20\163\151\164\145\x73\137\x61\143\143\x65\163\x73\54\x20\x6f\167\156\x65\162\x5f\x69\x64\x2c\40\x6d\x61\170\x5f\x72\x65\143\x6f\162\x64\x73\x2c\40\x6c\x6f\x67\x5f\x61\143\164\x69\166\145\x2c\x20\141\x6c\141\162\155\137\x61\x63\x63\145\x73\163\x2c\x20\x6c\x61\x74\145\163\x74\137\x76\x61\154\x75\145\x73\137\x61\x63\143\145\163\x73\x2c\40\150\151\x73\x74\x6f\162\171\137\141\143\x63\145\x73\x73\x2c\x20\x78\x6d\x6c\x5f\141\143\143\145\163\x73\x5f\x69\x64\x2c\x6e\141\155\x65\40\x46\122\x4f\x4d\x20\130\x4d\x4c\x5f\x53\x65\x72\166\x69\143\145\137\101\x63\143\145\x73\163\40\x57\110\105\x52\x45\x20\165\x73\x65\162\137\156\x61\x6d\145\75\x22{$user}\42\x20\101\116\x44\40\160\x61\163\163\167\157\x72\x64\x3d\x41\x45\x53\137\x45\116\x43\x52\131\120\x54\50\42{$password}\42\x2c\x27\166\144\166\71\62\60\146\156\x4b\x65\x32\x45\x27\51\40\x41\116\x44\x20\x73\x65\x72\166\x69\x63\x65\137\141\143\x74\x69\166\x65\75\61\x3b"; $user_param = array("\x71\x75\145\162\171" => $user_query, "\x64\x62" => $db, "\x64\142\x5f\164\x79\x70\145" => $db_type); $user_stmt = vdv_prepare_query($user_param); $user_stmt->execute(); $user_result = $user_stmt->fetchAll(PDO::FETCH_ASSOC); if (count($user_result) > 0) { $sline = $user_result[0]; $sites_access = $sline["\163\x69\164\145\x73\137\x61\143\143\145\163\x73"]; $owner_id = $sline["\x6f\167\156\145\x72\x5f\x69\x64"]; $max_records = $sline["\155\x61\170\x5f\x72\145\x63\x6f\x72\144\163"]; $log_active = $sline["\x6c\x6f\147\137\141\x63\x74\151\166\x65"]; $alarm_access = $sline["\x61\154\x61\162\x6d\137\x61\143\x63\145\163\x73"]; $latest_values_access = $sline["\154\x61\x74\145\163\x74\137\166\141\154\x75\145\x73\x5f\141\143\143\145\x73\x73"]; $history_access = $sline["\x68\x69\163\164\x6f\162\171\x5f\x61\x63\143\145\x73\163"]; $xml_access_id = $sline["\170\x6d\154\137\x61\143\x63\145\x73\x73\137\x69\144"]; $xml_name = $sline["\156\141\x6d\145"]; if ($action == 3 || $action == 4 || $action == 5) { if ($sites_access == 1) { $user_check = 1; $all_variables = 1; } else { if ($sites_access == 2) { $owner_query = "\x53\105\114\x45\x43\124\40\164\61\56\x73\164\141\164\x69\157\156\137\x6e\x61\155\x65\40\x46\122\x4f\115\x20\x53\x74\x61\x74\151\x6f\x6e\x20\101\x53\x20\x74\61\x20\x57\x48\x45\122\x45\x20\x74\61\56\163\x74\141\164\151\157\x6e\x5f\x69\x64\x3d{$station_id}\40\x41\x4e\104\40\x74\61\x2e\x6f\167\x6e\145\162\137\x69\x64\x3d{$owner_id}\73"; $owner_param = array("\161\165\145\162\x79" => $owner_query, "\x64\142" => $db, "\x64\x62\137\x74\x79\x70\145" => $db_type); $owner_stmt = vdv_prepare_query($owner_param); $owner_stmt->execute(); $owner_result = $owner_stmt->fetchAll(PDO::FETCH_ASSOC); if (count($owner_result) > 0) { $user_check = 1; $site_query = "\x53\105\x4c\x45\x43\124\40\164\61\56\141\154\x6c\x5f\166\141\162\151\141\142\x6c\145\x73\x20\x46\x52\x4f\x4d\x20\130\x4d\114\x5f\x53\145\162\x76\x69\143\145\137\101\x63\x63\x65\x73\x73\137\x53\x69\x74\145\x73\40\101\123\x20\164\61\x20\x57\x48\x45\122\105\40\x74\x31\x2e\x73\164\141\x74\151\x6f\x6e\x5f\x69\x64\x3d{$station_id}\40\x41\116\104\x20\164\x31\x2e\x78\155\154\137\x61\143\x63\x65\163\x73\137\151\144\75{$xml_access_id}\x3b"; $site_param = array("\x71\165\145\x72\x79" => $site_query, "\x64\142" => $db, "\x64\142\x5f\x74\x79\160\x65" => $db_type); $site_stmt = vdv_prepare_query($site_param); $site_stmt->execute(); $site_result = $site_stmt->fetchAll(PDO::FETCH_ASSOC); if (count($site_result) > 0) { $sline = $site_result[0]; $all_variables = $sline[0]; } else { $all_variables = 1; } } } else { if ($sites_access == 3) { $site_query = "\123\105\114\105\103\124\x20\x74\x31\56\x61\154\154\x5f\166\141\x72\151\141\x62\154\x65\x73\40\x46\122\x4f\115\x20\130\x4d\114\137\123\x65\x72\x76\x69\x63\x65\x5f\101\143\143\x65\x73\x73\137\x53\x69\164\x65\163\40\101\x53\40\x74\61\40\x57\110\105\122\x45\x20\x74\x31\x2e\x73\164\141\x74\x69\x6f\156\137\x69\x64\75{$station_id}\x20\x41\x4e\x44\x20\x74\x31\56\x78\155\x6c\137\x61\143\x63\x65\163\163\137\151\144\x3d{$xml_access_id}\x3b"; $site_param = array("\161\x75\x65\162\171" => $site_query, "\x64\x62" => $db, "\x64\142\x5f\x74\171\x70\x65" => $db_type); $site_stmt = vdv_prepare_query($site_param); $site_stmt->execute(); $site_result = $site_stmt->fetchAll(PDO::FETCH_ASSOC); if (count($site_result) > 0) { $sline = $site_result[0]; $all_variables = $sline["\x61\154\x6c\137\x76\x61\x72\151\141\142\154\145\x73"]; $user_check = 1; } } } } } else { $user_check = 1; } } if ($user_check == 1) { if ($action == 2) { $where_str = ''; if ($sites_access == 2) { $where_str = "\40\x57\110\x45\x52\x45\x20\x6f\x77\156\145\162\x5f\151\x64\x3d{$owner_id}"; } else { if ($sites_access == 3) { $where_str = "\x2c\40\130\x4d\114\137\x53\145\x72\x76\x69\143\145\137\101\x63\x63\x65\x73\163\137\123\151\x74\145\163\x20\101\123\40\164\x32\40\127\110\105\122\x45\x20\x74\61\56\163\164\x61\x74\x69\x6f\x6e\x5f\151\144\x3d\164\x32\x2e\163\x74\141\164\151\x6f\x6e\137\151\144\x20\101\x4e\x44\x20\164\x32\x2e\x78\x6d\154\137\141\x63\143\145\163\x73\137\151\x64\x3d{$xml_access_id}"; } } $station_query = "\x53\105\114\105\x43\x54\40\x74\61\56\163\x74\141\x74\151\157\156\x5f\x69\x64\x2c\40\x74\x31\x2e\x73\x74\x61\164\x69\157\156\137\x6e\x61\x6d\x65\40\106\122\117\115\40\123\164\141\x74\151\157\156\40\101\123\40\x74\61{$where_str}\40\117\122\x44\x45\x52\40\102\x59\40\x74\61\x2e\163\164\x61\164\151\x6f\x6e\137\156\141\x6d\145\x3b"; $station_param = array("\161\165\145\162\171" => $station_query, "\144\x62" => $db, "\x64\x62\x5f\164\x79\x70\x65" => $db_type); $station_stmt = vdv_prepare_query($station_param); $station_stmt->execute(); $station_result = $station_stmt->fetchAll(PDO::FETCH_NUM); if (count($station_result) > 0) { echo "\74\77\170\155\154\40\x76\145\x72\163\151\157\x6e\x3d\x22\61\56\60\x22\40\x65\x6e\143\x6f\x64\x69\156\147\75\42\x75\x74\146\x2d\x38\x22\40\77\x3e\xa\74\104\x61\x74\x61\x3e\xa\x3c\x73\x69\164\x65\163\76\xa"; $search_array = array("\x26", "\74", "\x3e", "\47", "\42"); $replace_array = array("\46\141\x6d\x70\73", "\x26\154\164\x3b", "\46\x67\164\x3b", "\x26\141\160\157\163\x3b", "\x26\x71\165\x6f\x74\73"); for ($i1 = 0; $i1 < count($station_result); ++$i1) { $sline = $station_result[$i1]; $station_id = $sline[0]; $station_name = str_replace($search_array, $replace_array, $sline[1]); echo "\74\x73\x69\164\145\x3e\xa\x3c\x73\x69\x74\x65\x5f\151\144\x3e{$station_id}\x3c\x2f\x73\x69\x74\145\x5f\x69\x64\76\xa\74\x6e\x61\155\x65\x3e{$station_name}\74\x2f\156\x61\x6d\145\x3e\12\x3c\57\163\151\x74\145\x3e\12"; } echo "\x3c\x2f\163\151\x74\145\163\x3e\12\x3c\57\104\x61\164\141\x3e"; if ($log_active == 1) { $ip_address = $_SERVER["\x52\105\115\x4f\124\x45\x5f\101\104\104\122"]; $host_address = gethostbyaddr($ip_address); $log_action = "\x49\116\123\x45\x52\124\x20\x49\x4e\x54\117\x20\114\157\x67\x5f\x4d\145\163\163\141\x67\145\163\x20\x28\154\157\x67\x5f\164\x69\155\145\54\40\154\157\x67\137\151\x64\54\x20\163\x74\x61\164\151\x6f\156\x5f\x69\x64\54\40\154\x6f\147\137\x69\156\146\157\51\x20\x56\x41\114\125\105\x53\x20\50\116\x4f\127\50\x29\x2c\x20\x38\61\60\x2c\x20\60\x2c\40\x27\x58\x4d\x4c\40\123\x65\x72\x76\151\143\145\40\x53\151\164\x65\x20\154\151\163\164\x3a\x20{$xml_name}\56\40\x49\120\72{$ip_address}\x2c\x20{$host_address}\x27\51\73"; $log_param = array("\x71\165\x65\x72\x79" => $log_action, "\144\x62" => $db, "\x64\142\137\164\x79\160\145" => $db_type); $log_stmt = vdv_prepare_query($log_param); $log_stmt->execute(); } } else { echo "\x3c\77\x78\x6d\x6c\40\x76\x65\162\163\151\157\156\75\x22\61\56\60\42\40\145\156\x63\157\144\x69\x6e\x67\75\x22\x75\164\x66\55\x38\x22\x20\77\x3e\12\x3c\x44\141\x74\x61\76\12\x3c\163\151\x74\x65\163\76\12\74\105\162\162\157\x72\40\151\144\75\42\x31\60\61\42\x3e\116\x6f\40\x53\x69\x74\x65\x73\x20\x66\157\165\156\x64\74\x2f\x45\x72\x72\x6f\x72\x3e\xa\74\57\x73\x69\x74\x65\x73\x3e\xa\74\57\x44\x61\164\x61\x3e\12"; } } else { if ($action == 3) { $where_str = "\40\x57\x48\105\122\x45\x20"; if ($all_variables == 0) { $where_str = "\54\x58\x4d\x4c\137\x53\145\162\x76\151\143\x65\137\101\x63\x63\x65\x73\163\137\x53\x69\164\x65\x73\x5f\x56\141\162\163\40\x41\x53\x20\164\x34\40\x57\110\x45\122\105\x20\x74\x34\x2e\166\x61\162\x69\141\x62\x6c\x65\x5f\151\144\75\x74\x31\56\166\x61\x72\x69\141\142\154\145\x5f\151\x64\40\101\x4e\x44\40\164\64\x2e\x78\x6d\x6c\x5f\141\x63\x63\145\x73\x73\x5f\x69\144\x3d{$xml_access_id}\40\x41\116\104"; } $station_query = "\123\x45\x4c\105\x43\x54\40\x74\x31\x2e\x76\141\162\151\141\x62\154\145\137\x69\x64\x2c\40\164\62\x2e\x65\156\147\x6c\x69\x73\x68\x5f\156\141\155\x65\x20\x46\122\x4f\115\40\x56\x61\162\x69\141\x62\x6c\145\x5f\x49\156\146\x6f\40\x41\x53\40\164\61\x2c\40\x56\x61\162\x69\141\142\154\x65\x5f\116\141\155\x65\40\101\x53\40\164\62{$where_str}\40\x74\61\56\x76\141\162\151\x61\x62\154\145\x5f\151\x64\75\x74\62\x2e\166\141\x72\x69\141\x62\x6c\145\137\x69\x64\40\x41\x4e\x44\40\x28\x74\x31\56\x64\x79\156\x61\155\151\x63\x5f\x76\x61\162\x69\141\x62\x6c\145\x3d\x30\x20\117\x52\x20\164\61\x2e\x64\171\156\x61\x6d\151\143\137\x76\141\162\151\x61\x62\x6c\145\40\x49\x53\x20\x4e\125\x4c\x4c\51\40\x41\x4e\104\40\x74\x31\56\x73\164\141\164\151\x6f\x6e\x5f\151\144\75\x22{$station_id}\42\40\117\x52\104\x45\122\x20\102\x59\40\x74\62\x2e\x65\x6e\x67\154\x69\163\150\137\156\x61\155\145\73"; $station_param = array("\161\165\x65\x72\x79" => $station_query, "\144\142" => $db, "\144\142\x5f\x74\x79\x70\145" => $db_type); $station_stmt = vdv_prepare_query($station_param); $station_stmt->execute(); $station_result = $station_stmt->fetchAll(PDO::FETCH_NUM); if (count($station_result) > 0) { echo "\74\77\170\x6d\154\x20\166\145\x72\163\x69\157\156\x3d\x22\x31\x2e\x30\x22\x20\145\156\143\157\144\x69\x6e\x67\x3d\x22\x75\164\x66\55\70\x22\40\x3f\76\xa\74\104\141\x74\141\x3e\12\74\163\151\164\145\40\x69\144\x3d\42{$station_id}\42\76\xa"; $search_array = array("\x26", "\74", "\x3e", "\x27", "\42"); $replace_array = array("\46\x61\155\x70\73", "\46\x6c\164\73", "\46\x67\164\73", "\46\x61\160\x6f\x73\73", "\x26\x71\165\x6f\x74\73"); for ($i1 = 0; $i1 < count($station_result); ++$i1) { $sline = $station_result[$i1]; $variable_id = $sline[0]; $english_name = str_replace($search_array, $replace_array, $sline[1]); echo "\x3c\166\141\162\151\141\142\x6c\x65\76\12\74\x76\141\x72\x69\141\x62\154\145\137\x69\x64\x3e{$variable_id}\74\57\166\x61\x72\x69\141\142\154\x65\x5f\151\x64\x3e\xa\x3c\x6e\x61\x6d\145\76{$english_name}\74\57\156\x61\x6d\x65\76\xa\74\x2f\166\x61\x72\x69\141\x62\154\145\x3e\xa"; } echo "\74\57\x73\x69\164\x65\x3e\xa\x3c\x2f\104\141\x74\x61\76"; if ($log_active == 1) { $ip_address = $_SERVER["\122\105\115\x4f\124\105\x5f\x41\104\104\122"]; $host_address = gethostbyaddr($ip_address); $log_action = "\x49\x4e\123\x45\x52\x54\40\x49\116\124\x4f\40\x4c\157\x67\x5f\x4d\145\x73\x73\141\x67\145\x73\40\x28\154\x6f\147\x5f\164\x69\155\145\54\x20\154\x6f\x67\137\151\x64\54\x20\x73\164\x61\164\151\x6f\156\137\151\144\54\x20\154\x6f\147\x5f\x69\156\x66\157\x29\40\x56\x41\x4c\125\105\x53\40\x28\x4e\x4f\127\x28\x29\x2c\x20\x38\x31\x31\x2c\40{$station_id}\54\40\x27\x58\x4d\114\x20\123\x65\x72\x76\x69\143\145\x20\126\x61\x72\151\x61\x62\x6c\145\40\x6c\151\163\x74\72\40{$xml_name}\x2e\40\111\120\72{$ip_address}\x2c\x20{$host_address}\x27\x29\x3b"; $log_param = array("\x71\165\x65\x72\x79" => $log_action, "\x64\x62" => $db, "\144\142\x5f\x74\171\x70\145" => $db_type); $log_stmt = vdv_prepare_query($log_param); $log_stmt->execute(); } } else { echo "\x3c\x3f\170\155\154\40\166\x65\162\163\151\157\156\x3d\x22\61\x2e\x30\x22\40\145\x6e\143\157\x64\x69\x6e\147\x3d\42\165\164\146\55\70\x22\x20\x3f\76\xa\74\x44\x61\x74\141\76\xa\x3c\x73\151\x74\145\x3e\xa\74\x45\x72\162\x6f\162\x20\151\x64\75\x22\62\60\x31\x22\x3e\116\x6f\x20\x56\141\162\x69\141\142\154\145\x73\40\146\157\165\x6e\x64\x3c\x2f\x45\x72\162\x6f\x72\x3e\12\x3c\57\163\151\x74\145\x3e\xa\74\57\104\x61\x74\141\76\xa"; } } else { if ($action == 4 && $latest_values_access == 1 || $action == 5 && $history_access == 1) { include "\x69\x6e\143\137\147\145\x74\x5f\166\x69\162\x74\x75\x61\x6c\137\166\x61\x72\x69\141\142\154\145\137\x65\x71\x75\141\x74\x69\x6f\x6e\56\x70\x68\x70"; $alarm = isset($_GET["\x61\154\x61\x72\155"]) ? $_GET["\x61\x6c\x61\x72\155"] : 0; $unit = isset($_GET["\x75\x6e\x69\164"]) ? $_GET["\165\156\x69\164"] : 0; $variable_id = isset($_GET["\x76\x61\x72\x69\141\x62\154\x65\137\151\x64"]) ? $_GET["\x76\x61\x72\151\141\142\154\x65\137\151\144"] : 0; $where_str = "\40\127\110\105\122\105"; if ($all_variables == 0) { $where_str = "\54\130\115\114\137\123\145\162\166\x69\x63\x65\137\101\x63\143\145\163\x73\x5f\123\x69\x74\145\163\137\126\141\x72\x73\x20\101\123\40\x74\x35\40\127\x48\105\x52\x45\40\x74\x35\x2e\x76\141\x72\x69\x61\142\x6c\x65\137\x69\x64\75\x74\61\x2e\166\141\162\x69\141\142\x6c\145\137\x69\144\x20\x41\x4e\104\x20\x74\x35\56\x78\155\154\137\x61\x63\143\145\x73\x73\137\x69\x64\x3d{$xml_access_id}\40\x41\116\x44"; } $station_query = "\123\105\x4c\x45\103\x54\40\x74\61\56\166\141\162\x69\141\142\154\145\137\x69\144\x2c\x20\x74\x31\56\144\142\137\x63\157\x6c\x5f\x6e\x61\155\145\54\40\x74\x31\x2e\x63\141\154\x63\x75\x6c\141\x74\x65\144\137\x76\141\x72\x69\141\142\154\x65\x2c\x20\x74\63\x2e\141\x6c\x61\162\x6d\x5f\x6f\x6e\x2c\40\164\62\56\x75\156\151\164\137\156\141\155\145\54\x20\164\64\56\x65\156\147\x6c\x69\x73\x68\x5f\156\x61\155\x65\40\106\x52\x4f\115\40\126\x61\x72\151\141\x62\154\x65\x5f\111\x6e\x66\157\40\x41\x53\40\164\x31\40\114\105\106\124\40\x4a\117\111\116\40\x41\x6c\x61\x72\155\137\126\141\x72\x69\x61\x62\x6c\x65\40\101\x53\40\164\x33\x20\117\x4e\x20\164\x31\x2e\166\141\162\151\x61\142\x6c\x65\137\x69\x64\x3d\164\x33\x2e\166\141\x72\151\141\x62\154\x65\137\151\144\x2c\40\125\156\151\164\40\101\x53\x20\164\x32\54\40\126\x61\162\x69\141\x62\154\x65\137\116\141\x6d\145\x20\x41\123\x20\x74\64{$where_str}\40\x74\61\x2e\165\156\x69\164\x5f\151\x64\x3d\x74\x32\x2e\x75\x6e\151\164\137\151\144\x20\x41\116\x44\40\164\x31\x2e\166\x61\162\x69\x61\x62\x6c\x65\x5f\x69\144\75\x74\x34\x2e\x76\x61\x72\151\141\142\154\145\x5f\151\x64\x20\101\116\104\x20\164\x31\x2e\x73\164\141\x74\x69\157\156\137\151\x64\75{$station_id}"; if ($variable_id != 0) { $station_query .= "\40\101\116\x44\x20\164\61\56\x76\141\x72\x69\141\142\154\x65\x5f\x69\x64\40\111\116\40\50{$variable_id}\x29"; } $station_query .= "\x3b"; $station_param = array("\x71\165\145\162\171" => $station_query, "\x64\x62" => $db, "\144\x62\137\164\171\160\x65" => $db_type); $station_stmt = vdv_prepare_query($station_param); $station_stmt->execute(); $station_result = $station_stmt->fetchAll(PDO::FETCH_ASSOC); if (count($station_result) > 0) { $table_query = "\123\105\114\105\x43\124\x20\164\x61\x62\x6c\145\137\x6e\141\155\145\40\106\x52\x4f\115\40\106\x69\x6c\x65\137\120\x61\x74\150\x20\x57\110\105\122\105\40\163\164\x61\164\151\157\x6e\x5f\x69\144\75{$station_id}\x3b"; $table_param = array("\x71\x75\x65\x72\x79" => $table_query, "\x64\142" => $db, "\144\x62\x5f\x74\171\x70\145" => $db_type); $table_stmt = vdv_prepare_query($table_param); $table_stmt->execute(); $table_result = $table_stmt->fetchAll(PDO::FETCH_ASSOC); $table_name = $table_result[0]["\x74\141\x62\x6c\145\x5f\156\x61\155\x65"]; $col_string = "\x74\x69\155\145\137\163\x74\141\x6d\x70\x2c"; $variable_array = array(); for ($i1 = 0; $i1 < count($station_result); ++$i1) { $sline = $station_result[$i1]; $variable_id = $sline["\166\x61\x72\x69\x61\x62\x6c\x65\137\151\x64"]; $db_col_name = $sline["\x64\x62\x5f\x63\x6f\154\x5f\156\x61\x6d\145"]; $calculated_variable = $sline["\143\141\x6c\143\165\154\141\x74\145\144\x5f\x76\141\x72\x69\x61\x62\x6c\x65"]; $alarm_on = $sline["\x61\154\x61\x72\x6d\137\x6f\x6e"]; $unit_name = $sline["\x75\156\x69\164\x5f\x6e\x61\x6d\145"]; $variable_name = $sline["\166\x61\x72\x69\141\x62\154\145\x5f\x6e\141\x6d\x65"]; if ($calculated_variable == 1) { $col_string .= "\x27\166\x69\162\x74\165\141\x6c\x27\54"; } else { $col_string .= "{$db_col_name}\x2c"; } $variable_array[$i1] = array($variable_id, $variable_name, $alarm_on, $unit_name); } $col_string = substr($col_string, 0, strlen($col_string) - 1); $where_str = "\117\x52\x44\x45\122\40\x42\131\40\164\x69\155\x65\137\163\x74\141\155\160\x20\104\105\x53\103\40\x4c\x49\x4d\x49\x54\x20\61\x3b"; if ($action == 5) { $time_start = isset($_GET["\164\x69\155\145\x5f\x73\164\x61\162\164"]) ? $_GET["\x74\151\x6d\x65\x5f\x73\164\x61\x72\x74"] : 0; $time_stop = isset($_GET["\x74\x69\155\145\137\x73\164\x6f\160"]) ? $_GET["\x74\x69\x6d\x65\x5f\163\x74\157\160"] : 0; $where_str = "\127\110\105\x52\105\x20\x74\151\155\x65\137\x73\x74\x61\155\x70\x3e\42{$time_start}\x22\40\101\116\104\x20\164\151\155\x65\137\x73\164\x61\155\x70\x3c\x3d\42{$time_stop}\x22\x20\117\122\104\x45\122\40\102\x59\x20\x74\x69\155\x65\x5f\x73\164\141\155\160\x20\x4c\x49\115\x49\x54\40{$max_records}\73"; } $values_query = "\123\x45\114\x45\103\x54\x20{$col_string}\x20\x46\122\x4f\x4d\40{$table_name}\x20{$where_str}"; $values_param = array("\161\x75\145\162\171" => $values_query, "\x64\142" => $db, "\x64\x62\x5f\164\171\160\x65" => $db_type); $values_stmt = vdv_prepare_query($values_param); $values_stmt->execute(); $values_result = $values_stmt->fetchAll(PDO::FETCH_NUM); if (count($values_result) > 0) { echo "\74\77\170\x6d\154\x20\x76\x65\x72\163\151\x6f\156\x3d\x22\61\x2e\x30\42\40\145\x6e\x63\x6f\144\x69\156\x67\75\42\165\x74\x66\x2d\x38\x22\x20\77\x3e\xa\x3c\x44\141\x74\141\x3e\xa\x3c\163\151\164\x65\40\x69\x64\75\x22{$station_id}\42\76\xa"; for ($i2 = 0; $i2 < count($values_result); ++$i2) { $values_row = $values_result[$i2]; $row_time_stamp = $values_row[0]; echo "\x3c\162\x65\143\157\162\144\x20\164\151\155\145\x73\164\x61\155\x70\75\42{$row_time_stamp}\42\x3e\xa"; for ($i1 = 1; $i1 < count($values_row); ++$i1) { $var_value = $values_row[$i1]; if ($var_value == "\x76\151\x72\x74\x75\141\154") { $virtual_arr = get_virtual_variable_formula($variable_array[$i1 - 1][0], $db, $db_type); $virtual_query = "\x53\105\114\105\x43\124\40{$virtual_arr[0]}\40\106\122\117\x4d\x20{$virtual_arr[1]}"; if ($virtual_arr[2] != '') { $virtual_query .= "\127\110\x45\x52\105\40{$virtual_arr[2]}"; } $virtual_query .= "\40\117\x52\104\105\122\40\102\131\40" . $virtual_arr[3][0] . "\56\x74\151\155\x65\137\163\164\x61\x6d\x70\40\x44\x45\123\x43\x20\114\111\x4d\111\x54\40\x31\x3b"; $virtual_param = array("\x71\x75\x65\x72\171" => $virtual_query, "\x64\x62" => $db, "\144\x62\x5f\x74\171\160\x65" => $db_type); $virtual_stmt = vdv_prepare_query($virtual_param); $virtual_stmt->execute(); $virtual_result = $virtual_stmt->fetchAll(PDO::FETCH_BOTH); $vline = $virtual_result[0]; $var_value = $vline[0]; } echo "\x3c\166\x61\162\151\141\142\154\x65\76\12\x3c\166\141\x72\x69\141\x62\x6c\145\137\151\144\x3e" . $variable_array[$i1 - 1][0] . "\74\x2f\166\x61\162\x69\x61\142\x6c\x65\x5f\151\144\76\xa"; echo "\74\x6e\x61\x6d\145\76" . $variable_array[$i1 - 1][3] . "\74\57\156\141\x6d\x65\x3e\xa"; echo "\x3c\x76\141\154\x75\x65\76{$var_value}\x3c\x2f\166\x61\x6c\165\145\76\xa"; if ($alarm == 1) { echo "\74\141\x6c\141\x72\155\x3e" . $variable_array[$i1 - 1][2] . "\x3c\57\x61\154\141\162\155\76\12"; } if ($unit == 1) { echo "\74\x75\156\151\164\x3e" . $variable_array[$i1 - 1][3] . "\74\57\165\156\151\164\x3e\xa"; } echo "\74\x2f\166\x61\x72\x69\x61\142\x6c\145\76\xa"; } echo "\74\57\162\x65\x63\157\x72\x64\76\xa"; } echo "\x3c\57\x73\151\x74\145\x3e\12\x3c\57\104\141\x74\141\76"; if ($log_active == 1) { $log_id_str = "\x38\61\62"; $log_str = "\x58\x4d\x4c\x20\123\145\162\166\151\x63\x65\40\114\141\164\x65\x73\x74\40\x44\141\164\x61"; if ($action == 5) { $log_id_str = "\x38\61\63"; $log_str = "\x58\x4d\x4c\x20\123\x65\162\x76\x69\x63\145\x20\x44\x61\164\x61\x20\120\x65\x72\x69\x6f\x64"; } $ip_address = $_SERVER["\x52\x45\115\117\x54\x45\x5f\x41\104\104\x52"]; $host_address = gethostbyaddr($ip_address); $log_action = "\x49\116\x53\105\x52\124\x20\111\x4e\x54\x4f\40\114\x6f\x67\x5f\115\145\x73\x73\x61\147\x65\x73\x20\50\x6c\157\147\137\x74\x69\155\145\54\40\154\x6f\x67\x5f\x69\x64\54\x20\x73\164\x61\x74\151\x6f\156\x5f\151\x64\x2c\x20\154\157\x67\137\151\x6e\x66\157\x29\x20\126\x41\x4c\x55\105\x53\40\50\116\x4f\127\50\x29\54\x20{$log_id_str}\x2c\x20{$station_id}\54\x20\x27{$log_str}\72\x20{$xml_name}\56\40\111\120\72{$ip_address}\x2c\x20{$host_address}\x27\x29\73"; $log_param = array("\161\165\x65\x72\171" => $log_action, "\144\142" => $db, "\144\x62\137\x74\x79\x70\x65" => $db_type); $log_stmt = vdv_prepare_query($log_param); $log_stmt->execute(); } } else { echo "\x3c\x3f\x78\155\x6c\x20\x76\x65\x72\163\151\157\x6e\x3d\x22\61\x2e\x30\42\x20\145\x6e\143\x6f\x64\x69\x6e\147\75\42\165\x74\146\x2d\70\42\x20\77\x3e\12\74\104\x61\x74\x61\76\xa\74\x73\x69\x74\x65\76\12\74\105\162\x72\x6f\x72\40\151\x64\x3d\42\63\60\x33\42\x3e\116\x6f\40\x64\141\x74\141\x20\x66\157\165\x6e\x64\x3c\57\105\162\x72\157\x72\x3e\12\x3c\57\163\x69\x74\145\76\12\74\57\x44\141\164\x61\x3e\12"; } } else { echo "\x3c\77\170\x6d\154\40\166\x65\x72\x73\151\157\156\x3d\42\61\x2e\60\42\40\145\x6e\x63\x6f\144\151\x6e\x67\x3d\x22\165\x74\x66\55\x38\x22\40\x3f\x3e\12\x3c\x44\x61\164\141\76\xa\74\x73\x69\x74\145\76\xa\74\x45\162\162\157\162\40\x69\144\x3d\x22\63\x30\61\x22\x3e\x4e\x6f\40\126\x61\x72\151\x61\x62\154\x65\163\40\x66\157\x75\156\x64\74\57\105\162\162\157\162\76\12\x3c\x2f\163\x69\x74\x65\x3e\xa\74\57\104\141\x74\x61\76\xa"; } } } } } else { echo "\74\77\170\x6d\x6c\x20\166\145\x72\x73\x69\x6f\156\x3d\x22\61\x2e\x30\x22\x20\145\156\143\x6f\144\151\x6e\147\75\x22\x75\164\x66\x2d\x38\42\40\x3f\x3e\12\74\104\x61\x74\x61\76\12\x3c\x45\162\x72\157\x72\40\x69\x64\x3d\42\61\61\x22\x3e\x49\x6c\154\x65\x67\141\154\x20\101\143\143\145\163\x73\x3c\57\105\x72\x72\157\162\76\12\x3c\57\104\141\x74\x61\76\xa"; }Function Calls
| None |
Stats
| MD5 | e2da4331c23d889d54521474cad7bc75 |
| Eval Count | 0 |
| Decode Time | 114 ms |