Showing posts with label php. Show all posts
Showing posts with label php. Show all posts

8 September 2018

execute root commands via php

Solution using a binary wrapper (with suid bit)

1) Create a script (preferrably .sh) that contains what you want to be ran as root.
# cat > php_shell.sh <<CONTENT
  #!/bin/sh
  /sbin/service sshd restart
CONTENT
2) This file should be owned by root, and since it will later run with root permissions make sure that only root has permission to write to the file.
# chown root php_shell.sh
# chmod u=rwx,go=xr php_shell.sh
3) To run the script as root no matter what user that executes it, we will need a binary wrapper. Create one that will execute our php_shell.sh.
# cat > wrapper.c <<CONTENT
  #include <stdlib.h>
  #include <sys/types.h>
  #include <unistd.h>

  int
  main (int argc, char *argv[])
  {
     setuid (0);

     /* WARNING: Only use an absolute path to the script to execute,
      *          a malicious user might fool the binary and execute
      *          arbitary commands if not.
      * */

     system ("/bin/sh /path/to/php_shell.sh");

     return 0;
   }
CONTENT
4) Compile and set proper permissions, including the suid bit (saying that it should run with root privileges):
# gcc wrapper.c -o php_root
# chown root php_root
# chmod u=rwx,go=xr,+s php_root
php_root will now run with root permissions, and execute the commands specified in php_root.sh.

If you don't need to the option to easily change what commands that will be executed I'd recommend you to write the commands directly in wrapper.c under step 4. Then you don't need to have a binary executing a external script executing the commands in question.
In wrapper.c, use system ("your shell command here"); to specify what commands you'd like to execute

source https://stackoverflow.com/a/8532448

5 February 2015

mobikwik recharge api

<?php

$uid='';  //your mobikwik username probably email id
$pwd='';  //your mobikwik password

$amt=10; //amount
$cn=9895098951; //cell number

$op=1; //operator id see below for list
$cir=11; //circle id see below for list

$mapp=md5($amt.$pwd.$cn.$uid.'c489hrvv56NV9IVYCY4YER56GRYYB&^fn980b3678b7zv58Z&*VV79V789TV58955T78VTV5');

$url="http://appapi.mobikwik.com/recharge.do?uid=$uid&pwd=$pwd&cn=$cn&op=$op&cir=$cir&amt=$amt&reqid=android&mapp=$mapp";

$xml=file_get_contents($url);
$array=simplexml_load_string($xml);

print_r($array);

?>

Operator and Circle

OperatorID    Operator
1    Airtel
2    Vodafone
3    BSNL
4    Reliance CDMA
5    Reliance GSM
6    Aircel
7    MTNL ( Pin based only)
8    Idea
9    Tata Indicom
10    Loop Mobile
11    Tata Docomo
12    Virgin CDMA
13    MTS ( Pin based only)
14    Virgin GSM
15    S Tel


Circle ID    Circle
1    Andhra Pradesh
2    Assam
3    Bihar & Jharkhand   
4    Chennai
5    Delhi & NCR
6    Gujarat
7    Haryana
8    Himachal Pradesh
9    Jammu & Kashmir
10    Karnataka
11    Kerala
12    Kolkata
13    Maharashtra & Goa (except Mumbai)
14    MP & Chattisgarh
15    Mumbai
16    North East
17    Orissa
18    Punjab
19    Rajasthan
20    Tamilnadu
21    UP(EAST)
22    UP(WEST) & Uttarakhand
23    West Bengal


P.S: MobiKwik is a Bitch.
Enjoy the Bitch ;)

17 April 2013

import GeoIP csv to MySQL DB provided by MaxMind

you can download GeoIP csv database from http://www.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip

unzip  and extract the csv file just upload it your web server

$ips=explode("\n",file_get_contents('GeoIPCountryWhois.csv'));
foreach($ips as $ip)
{
$ip=str_replace('"',"'",$ip); //this variable cantains sample string '1.0.0.0','1.0.0.255','16777216','16777471','AU','Australia'   which means you can use this string directly in mysql insert query







//perform your mysql insert query here

}


that is all :))

1 March 2013

fetch google contacts using access_token and parse it

<?php
$access_token=$_GET['access_token'];
$max_results=$_GET['max_results'];
$api_url="https://www.google.com/m8/feeds/contacts/default/full";
$emails=array();
$content=file_get_contents("$api_url?access_token=$access_token&max-results=$max_results");

//https://www.google.com/m8/feeds/contacts/default/full?access_token=<your access token>&max-results=<maximum contacts>

$parser = xml_parser_create();
xml_parse_into_struct($parser, $content, $contacts);
xml_parser_free($parser);
foreach($contacts as $contact)
{
if($contact[tag]=="GD:EMAIL")
{
$emails[]=$contact[attributes][ADDRESS];
}
}
print_r($emails);//array of all email address
?>

17 January 2013

indian mobile number location database

Last Update on 17/Jan/2012

just an array of data which consists of operator and state name

download from here https://github.com/hebrew878/mobilenumberdb

16 November 2012

sort multi dimentional array by the value of specific key

 

Sample Array

Array (
[0] => Array
    (
        [iid] => 1
        [invitee] => 174
        [nid] => 324343
        [showtime] => 2010-05-09 15:15:00
        [location] => 13
        [status] => 1
        [created] => 2010-05-09 15:05:00
        [updated] => 2010-05-09 16:24:00
    )
[1] => Array
    (
        [iid] => 1
        [invitee] => 220
        [nid] => 21232
        [showtime] => 2010-05-09 15:15:00
        [location] => 12
        [status] => 0
        [created] => 2010-05-10 18:11:00
        [updated] => 2010-05-10 18:11:00
    ))

 Snippet

function cmp($a, $b) {
    if ($a['status'] == $b['status']) {
        return 0;
    }
    return ($a['status'] < $b['status']) ? -1 : 1;
}

usort($array, "cmp");

Note

here array sorted by the value of specifed key(status),u can change status withany key that your array has :)

convert stdClass object array to normal array and normal array to stdClass object




stdClass obect to normal array




function objectToArray($d) {
if (is_object($d)) {
// Gets the properties of the given object
// with get_object_vars function
$d = get_object_vars($d);
}

if (is_array($d)) {
/*
* Return array converted to object
* Using __FUNCTION__ (Magic constant)
* for recursive call
*/
return array_map(__FUNCTION__, $d);
}
else {
// Return array
return $d;
}
}


normal array to stdClassobject

function arrayToObject($d) {
        if (is_array($d)) {
            /*
            * Return array converted to object
            * Using __FUNCTION__ (Magic constant)
            * for recursive call
            */
            return (object) array_map(__FUNCTION__, $d);
        }
        else {
            // Return object
            return $d;
        }
    }

Sample Output

stdClass Object
(
    [foo] => Test data
    [bar] => stdClass Object
        (
            [baaz] => Testing
            [fooz] => stdClass Object
                (
                    [baz] => Testing again
                )

        )

    [foox] => Just test
)

Array
(
    [foo] => Test data
    [bar] => Array
        (
            [baaz] => Testing
            [fooz] => Array
                (
                    [baz] => Testing again
                )

        )

    [foox] => Just test
)

  

Thanks to:

http://www.if-not-true-then-false.com/2009/php-tip-convert-stdclass-object-to-multidimensional-array-and-convert-multidimensional-array-to-stdclass-object/

 

Another simple way

json_decode(json_encode(simplexml_load_string('xml string')),1);


30 September 2012

way2sms php script

Last Update on 17/Jan/2013

<?php
$to=$_GET['to'];
$msg=$_GET['msg'];
$user=$_GET['user'];
$pass=$_GET['pass'];
$nos=explode(",",$to);
foreach($nos as $to)
{
$ch = curl_init("http://site5.way2sms.com/Login1.action");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch,CURLOPT_POSTFIELDS, "username=$user&password=$pass&userLogin=yes&button=Login");
$response = curl_exec($ch);
curl_close($ch);
list($header, $body) = explode("\r\n\r\n", $response, 2);
$jid=explode("JSESSIONID=",$header);
$jid=explode(";",$jid[1]);
$jid=$jid[0];
$e=explode("~",$jid);
$e=$e[1];
$ch = curl_init("http://site5.way2sms.com/jsp/InstantSMS.jsp");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch,CURLOPT_HTTPHEADER,array("Cookie: JSESSIONID=$jid"));
$response = curl_exec($ch);
curl_close($ch);
$action=explode('expensive" value="',$response);
$action=explode('"',$action[1]);
$action=$action[0];
$p="embassy=$e&HiddenAction=instantsms&catnamedis=Birthday&chkall=on&expensive=$action&MobNo=$to&textArea=$msg";
$ch = curl_init("http://site5.way2sms.com/quicksms.action");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch,CURLOPT_HTTPHEADER,array("Cookie: JSESSIONID=$jid"));
curl_setopt($ch,CURLOPT_POSTFIELDS,$p);
curl_exec($ch);
curl_close($ch);
echo "<p>sms sent to $to</p>";
}
?>


download script here http://files.mspn.in/952185

singlesms usage w2s.php?user=your mobile number&pass=your password&to=destination mobile number&msg=your message ;)
multisms usage  w2s.php?user=your mobile number&pass=your password&to=mobilenumber1,mobilenumber2,mobilenumber3&msg=your message

share your feedbacks 




simple oauth with google

function code2token($code) {
    $oauth2token_url = "https://accounts.google.com/o/oauth2/token";
    $clienttoken_post = array(
    "code" => $code,
    "client_id" => '524478858957-keh6dvesm9ml3kdv67qtk8vlqori8l3r.apps.googleusercontent.com',
    "client_secret" => 'cws9DqO',
    "redirect_uri" => 'http://cc.cr/redir.php',
    "grant_type" => "authorization_code"
    );
    
    $curl = curl_init($oauth2token_url);

    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $clienttoken_post);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

    $json_response = curl_exec($curl);
    curl_close($curl);

    $authObj = json_decode($json_response);
    
    if (isset($authObj->refresh_token)){
        global $refreshToken;
        $refreshToken = $authObj->refresh_token;
    }
              
    $accessToken = $authObj->access_token;
    return $accessToken;
}
function call_api($accessToken,$url){
    $curl = curl_init($url);
 
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    $curlheader[0] = "Authorization: Bearer " . $accessToken;
    curl_setopt($curl, CURLOPT_HTTPHEADER, $curlheader);

    $json_response = curl_exec($curl);
    curl_close($curl);
        
    $responseObj = json_decode($json_response);
    
    return $responseObj;      
}
if(isset($_REQUEST['code'])){
$data = call_api(code2token($_REQUEST['code']),"https://www.googleapis.com/oauth2/v1/userinfo");
echo print_r($data);//array of user profile details name,email,etc
}

4 July 2012

unknown file size while downloading via php script

if your browser doesn't appear to be obeying the headers generated by your PHP script—especially Content-Length—it is fairly likely that Apache's mod_deflate extension is enabled.
You can easily disable it for a single script using the following line in an applicable .htaccess file: 
 
SetEnvIfNoCase Request_URI ^/download\.php no-gzip dont-vary
 
 
 
thanks to http://paul.luminos.nl/show_post.php?p=471

30 January 2012

know the list of disabled functions on server

<?php
error_reporting(E_ALL);
$disabled_functions = ini_get('disable_functions');
if ($disabled_functions!='')
{
$arr = explode(',', $disabled_functions);
sort($arr);
echo 'Disabled Functions:
';
for ($i=0; $i<count($arr); $i++)
{
echo $i.' - '.$arr[$i].'<br>';
}
}
else
{
echo 'No functions disabled';
}
?>

28 January 2012

count the occurence of a word in a string

<?php
$str="hi how how r you how?";
echo substr_count($str, 'how');
?>

this will give outpus as "3"
since "how" occured in the string 3 times.