ansaurus

Question

Going about finding a rogue  in PHP

Answer 1

+1 A:

I looked into the git repo you posted and it is not contained within. You could try a diff from the copy on github to your current copy as the change is in the changes you made.

If you are using an IDE do a global file search for the string of characters. These kinda of "bugs" can be troublesome.

MitMaro 2009-12-04 06:06:39

I'm using Notepad++... I don't think it has such a feature as it's pretty much just an extended Notepad as the name implies.

a2h 2009-12-04 06:08:22

Notepad++ has no trouble searching for

pavium 2009-12-04 06:21:22

I've tried searching manually for  in a couple of files before giving up.As for the git repo, it's up to date.

a2h 2009-12-04 06:23:31

Notepad++ has the option of searching all open tabs (an option at the bottom of a normal CTRL+F search), so you can open a whole bunch of tabs and do one search through all of them.

Zurahn 2009-12-04 06:25:18

Well. Nothing on my side. This is going to be nasty...

a2h 2009-12-04 06:28:53

You should try searching , so the search wouldn't pick it up.

Zurahn 2009-12-04 06:31:13

Time to switch. I'd recommend NetBeans with PHP module - works great.

Ondra Žižka 2009-12-04 06:42:16

Nice catch Zurahn.

MitMaro 2009-12-04 09:01:47

Answer 2

A:

Seems like a situation where grep would be handy, if you can use it either through cygwin or directly in Linux. A quick example of just finding files with that HTML comment

grep -R "<\!---->" ./*

That should narrow the search.

Zurahn 2009-12-04 06:16:07

Unfortunately I use Windows. As for Cygwin, well, the last time I tried to install it I stared at the download size and gave up. That was one or two years ago.

a2h 2009-12-04 06:18:45

Aw well, thought something like that might be the case, but figured I'd throw it out there anyway.

Zurahn 2009-12-04 06:21:11

Possibly not the simplest way, but you can get an account at http://silenceisdefeat.com/ (free Unix), upload your file using SFTP with something like Filezilla, then connect to it with Putty and run the command given above :D

Brendan Long 2009-12-04 06:30:52

get cygwin. It's about 10 youtube vids in size.

Shawn Leslie 2009-12-04 20:03:19

Answer 3

+2 A:

I found the culprit.

Somehow, my isexistinguser() function and how it uses a cheap method to hide a MySQL error is only causing issues in my branch ribbonpageedit and not master, even though the function and where it is called from hasn't changed between the two branches.

Looks like I should ~~go and strangle it now~~ actually ask how I should deal with the MySQL error.

For those interested, the function in question:

function isexistinguser($uname,$pwd)
{
    global $location;

    $uname = mysql_real_escape_string($uname);

    $result = mysql_query("SELECT * FROM users WHERE user_username = '$uname'");

    /* description of $hit:
     *  -1 more than one match of the username for some reason
     *   0 no match for both username/password
     *   1 match for both username/password
     *   2 match for username, no match for password
     *   3 match for password, no match for username
    */

    $hit = 0;
    $rowcounted = false;
    $salt = '';

    echo '<!--'; // cheap fix for mysql error - FIND A BETTER WAY!

    while($row = mysql_fetch_array($result))
    {  
     $salt = $row['user_password_salt'];

     if (!$rowcounted && $hit != -1)
     {
      if ($uname == $row['user_username'])
      {
       $hit = 2;
      }
      if (user_pass_generate($row['user_password_salt'],$pwd) == $row['user_password'])
      {
       if ($hit == 2)
        $hit = 1;
       else
        $hit = 3;
      }
     }
     else
     {
      $hit = -1;
     }

     // this is for debugging the mysql user handling system
     //echo $hit.'<br /><br />'.user_pass_generate($row['user_password_salt'],$pwd).'<br /><br />';
    }

    echo '-->'; // cheap fix for mysql error - FIND A BETTER WAY!

    return array($hit,$salt);
}

a2h 2009-12-04 07:06:12

That's really funny. I also like how isexistinguser looks like extinguisher and...you probably already know what $hit looks like. :)

Kevin 2009-12-04 07:10:06

`$hit` looks like what..?

a2h 2009-12-04 07:27:23

The physically appearance of $hit can vary depending on the $hit factory itself, or the parameters passed to the $hit factory prior to the job execution to create the $hit. Most commonly, it usually has a constant Color member of Color.SaddleBrown and has a bad code smell.

snicker 2009-12-04 20:02:34

Answer 4

A:

About your error handling. The first way of dealing with it is to define and use your own handlers instead of php default ones with set_error_handler.

As a simple fix, modify this line : $result = mysql_query("SELECT * FROM users WHERE user_username = '$uname'"); with something like that :

$result = mysql_query("SELECT * FROM users WHERE user_username = '$uname'");
if(!$result || !is_resource($result){
  return array(0, '');
}

To end this, I recommend you check PDO to use databases.

Arkh 2009-12-04 09:30:32

Actually, I found the error's derived from something completely different, and I'm now trying to figure out what's causing *that* issue - http://stackoverflow.com/questions/1845587/how-come-my-php-sessions-arent-carrying-across

a2h 2009-12-04 11:14:59

Answer 5

A:

I would have looked for the 'evil' string:

grep -R '\-\->' /your/folder

pcp 2009-12-04 19:51:31

ansaurus

tags:

views:

answers:

Going about finding a rogue  in PHP

related questions