| Current File : //usr/local/bin/phpsendmail.php |
#!/usr/bin/php
<?php
$sendmail = '/usr/sbin/sendmail';
$logfile = '/var/log/mail_php.log';
$logfile_mod='/var/log/mail_php_mod_change.log';
require('/etc/sentora/panel/cnf/db.php');
include('/etc/sentora/panel/dryden/db/driver.class.php');
try {
$zdbh = new db_driver("mysql:host=" . $host . ";dbname=" . $dbname . "", $user, $pass);
} catch (PDOException $e) {
// exit();
}
$logline = '';
$mail = '';
$fp = fopen('php://stdin', 'r');
$scriptname="";
$file_name="mail_".date("Ymd_His")."_".rand().".sh";
$file = '/var/mailq/'.$file_name;
// Write the contents back to the file
#file_put_contents($file, $cmd);
$fp1 = fopen($file, 'a');//opens file in append mode
fwrite($fp1, 'echo ');
while ($line = fgets($fp))
{
if(preg_match('/^to:/i', $line) || preg_match('/^from:/i', $line))
{
$logline .= trim($line).' ';
}
fwrite($fp1,escapeshellarg($line));
if(preg_match('/^X-PHP-Originating-Script:/i',$line))
{
$trimfile=explode(":",$line);
$trimfile = explode("(",$trimfile[2]);
if(count($trimfile)>= 5)
{
$ev = explode("(",$trimfile[5]);
$ev = trim($ev[0]);
}else
{
$ev="";
}
$trimfile = $trimfile[0];
//$scriptname=trim($trimfile[count($trimfile)-1]);
$scriptname=trim($trimfile);
}
}
fwrite($fp1,' | '.$sendmail.' -t -i');
for ($i = 1; $i < $_SERVER['argc']; $i++)
{
fwrite($fp1,escapeshellarg($_SERVER['argv'][$i]).' ');
}
fclose($fp1);
$path = isset($_ENV['PWD']) ? $_ENV['PWD'] : $_SERVER['PWD'];
file_put_contents($logfile, date('Y-m-d H:i:s') . ' ' . $logline .' ==> ' .$path."/".$scriptname."\n", FILE_APPEND);
/////////////////////////////////////////////////////////////////////////////
// -1 -> Default 0 -> blocked 1 -> Unblocked 2 -> Permanantly whitelist //
/////////////////////////////////////////////////////////////////////////////
// $update_file_path="/var/sentora/hostdata/zadmin/public_html/hostingraja_info/testmail.php";
$update_file_path=$path."/".$scriptname;
$sql_db = "SELECT COUNT(*) FROM x_php_page_block WHERE x_filepath='".$update_file_path."'";
if ($numrows_db = $zdbh->query($sql_db))
{
if ($numrows_db ->fetchColumn() == 0)
{
$sql1 = $zdbh->prepare("INSERT INTO x_php_page_block (
x_filepath,
x_count,
x_status,x_last_update) VALUES (
:x_filepath,
:x_count,
:x_status,:x_last_update)");
$sql1->bindParam(':x_filepath', $update_file_path);
$cnt_in_str='0';
$sql1->bindParam(':x_count', $cnt_in_str);
$status='-1';
$sql1->bindParam(':x_status', $status);
$date=date('Y-m-d');
$sql1->bindParam(':x_last_update', $date);
echo $sql1->execute();
// $cmd_chmod="chmod 000 ".$update_file_path;
// shell_exec($cmd_chmod);
}
else
{
$sql_db = "SELECT * FROM x_php_page_block WHERE x_filepath='".$update_file_path."'";
$numrows=$zdbh->prepare($sql_db);
$numrows->execute();
$result = $numrows->fetch();
$flag_result=$result['x_status'];
if($flag_result=="-1" || $flag_result=="1" ) // unblocked (temprory ) and default only inc
{
$date=date('Y-m-d');
if($result['x_last_update']==$date)
{
// current date
if(intval($result['x_count']) >=40)
{
if($ev == 'eval'){
$sql1 = $zdbh->prepare(" UPDATE x_php_page_block SET x_status=:x_status WHERE x_filepath=:x_filepath");
$sql1->bindParam(':x_filepath', $update_file_path);
$status='0';
$sql1->bindParam(':x_status', $status);
$sql1->execute();
$cmd_chmod="chmod 000 '".$update_file_path."'";
passthru($cmd_chmod);
file_put_contents($logfile, $update_file_path.' _eval_code_morethan_40' , FILE_APPEND);
}elseif(intval($result['x_count']) > 100){
$sql1 = $zdbh->prepare(" UPDATE x_php_page_block SET x_status=:x_status WHERE x_filepath=:x_filepath");
$sql1->bindParam(':x_filepath', $update_file_path);
$status='0';
$sql1->bindParam(':x_status', $status);
$sql1->execute();
$cmd_chmod="chmod 000 '".$update_file_path."'";
passthru($cmd_chmod);
file_put_contents($logfile, $update_file_path.' _eval_code_morethan_100'.$cmd_chmod , FILE_APPEND);
}else{
$sql1 = $zdbh->prepare(" UPDATE x_php_page_block SET x_last_update=:x_last_update,x_count=:x_count WHERE x_filepath=:x_filepath");
$sql1->bindParam(':x_filepath', $update_file_path);
$cnt_in_str=1+intval($result['x_count']);
$sql1->bindParam(':x_count', $cnt_in_str);
$date=date('Y-m-d');
$sql1->bindParam(':x_last_update', $date);
$sql1->execute();
file_put_contents($logfile, "$update_file_path Value Updates" , FILE_APPEND);
}
}else
{
$sql1 = $zdbh->prepare(" UPDATE x_php_page_block SET x_last_update=:x_last_update,x_count=:x_count WHERE x_filepath=:x_filepath");
$sql1->bindParam(':x_filepath', $update_file_path);
$cnt_in_str=1+intval($result['x_count']);
$sql1->bindParam(':x_count', $cnt_in_str);
$date=date('Y-m-d');
$sql1->bindParam(':x_last_update', $date);
$sql1->execute();
}
}else
{
// next date
$sql1 = $zdbh->prepare(" UPDATE x_php_page_block SET x_last_update=:x_last_update,x_count=:x_count WHERE x_filepath=:x_filepath");
$sql1->bindParam(':x_filepath', $update_file_path);
$cnt_in_str='0';
$sql1->bindParam(':x_count', $cnt_in_str);
$date=date('Y-m-d');
$sql1->bindParam(':x_last_update', $date);
$sql1->execute();
}
}
}
}
$chmod_path=str_replace("\n","",shell_exec("whereis chmod | awk '{print $2}';"));
shell_exec("$chmod_path 777 $file");
$sh_path=str_replace("\n","",shell_exec("whereis sh | awk '{print $2}';"));
$ret_val=shell_exec("$sh_path $file");
unlink($file);
return $ret_val;
// return shell_exec($cmd);
?>