Simple javascript to add a Close link to any page that will close the browser window the link resides in… good for popups and the like

[code]
click here
[/code]

After a recent incident of some piss poor script kiddie defacing one of of my websites I wote a quick and dirty little perl script to both monitor and repair things should it happen again. (thus giving me much more narrow window of server logs to check to find the exploit or whatever allowed it to happen in the first place).

Here’s how it works in a nutshell, the site’s content is completely dynamic, however the php script to generate it is static..

$file1 is the working page

$file2 is the name of the known good page

generate a checksum of the two files, the output will be a string of numbers followed by a character count and the filename checked.

compare the first 10 digits of the checksum of the returned string (adjust to suit your needs)

if they are different run ‘page’ (sends an email to my cell/pager) and ‘repair’ (renames the bad file appending the date/time then copies the known good file to replace the defaced one)

otherwise exit

Pretty simple, and I’m certain my code could be optimized to run a lot cleaner (if you want to submit a cleaner version by all means post it in the comments!) In the interim this works.

compare.pl
[code]
#!/usr/bin/perl
###Dave Cochran http://www.greyfuzz.com
$file1 = "index.php";
$file2 = "index.good";
$diff1=`cksum $file1`;
$diff2=`cksum $file2`;
$diff1value = substr($diff1, 0, 9);
$diff2value = substr($diff2, 0, 9);
if ($diff1value != $diff2value)
{
&page;
&repair;
exit;
}
#print "no difference in file checksums.";
#uncomment the line above for testing
exit;

sub page
{
# sendmail routine source from http://kangry.com/topics/viewcomment.php?index=427
use Time::localtime;
open (OUT,"|/usr/sbin/sendmail -t");
print OUT "From: you\@yourdomain.com\n";
#remember to escape the @
print(OUT "Date: ".ctime()."\n");
print(OUT "To: email\@youremailorpager.com\n");
#remember to escape the @
print(OUT "Subject: Index.php changed!\n");
print(OUT "\n");
print(OUT "index.php has been changed!\n");
close(OUT);
} # end sub page

sub repair
{
use Time::localtime;
use File::Copy;
rename($file1, $file1.ctime()) || die "Cannot rename file.txt: $!";
copy($file2, $file1) or die "File cannot be copied.";
} # end sub repair
[/code]

This will require two perl modules Time::localtime and File::Copy which are generally installed with the perl bundle by default, if not get them from CPAN or contact your host.

Simply run the script I called compare.pl via cron or whatever means you wish as often as you want to check the page. Personally every 5 mins works out pretty good for me.

Feel free to use the code above as you will, modify it to suit your needs, be it to protect your web pages, files, or whatever. If you find it useful, please send $$$, or just a thanks.

Simple code to use php to create a database for you.

[code]
< ?php

// set your infomation.
$dbhost='localhost';
$dbusername='username';
$dbuserpass='mypassword';
$dbname='test';

// connect to the mysql database server.
$link_id = mysql_connect ($dbhost, $dbusername, $dbuserpass);
echo "success in database connection.";

// create the database.
$dbname=$dbusername."_".$dbname;
if (!mysql_query("CREATE DATABASE $dbname")) die(mysql_error());
echo "success in database creation.";

?>
[/code]

File Manipulation

• Perl provides a large number of functions to perform various operations on files
• These are very similar to the corresponding UNIX system call or command
• See the UNIX man pages for details

File Test Operators

• Operates on a filename or filehandle argument (except for -t which only operates on a filehandle argument)
• Tests associated file to determine if something is true or not about the file
• If the argument is omitted, $_ is tested (except for -t which tests STDIN)
• Most of these operators return 1 for True and the empty string for False, or undef if the file does not exist (except for -s which returns the file size and -M, -A and -C which return the
  file age)
• Precedence is higher than logical and relational operators, but lower than arithmetic operators
• For superuser, -r, -R, -w and -W always return True and -x and -X return True if ANY execute bit is set

Example;

[code]
if (-e "/etc/passwd") # Does it exist?
{
print ("Let's start hacking!\n");
}
[/code]

File Test Operator List

• -r File is readable by effective uid
• -w File is writable by effective uid
• -x File is executable by effective uid
• -o File is owned by effective uid
• -R File is readable by real uid
• -W File is writable by real uid
• -X File is executable by real uid
• -O File is owned by real uid
• -e File exists
• -z File exists and has zero size
• -s File exists and has nonzero size (returns size in bytes)
• -f File is a plain file
• -d File is a directory
• -l File is a symbolic link
• -p File is a named pipe (FIFO)
• -S File is a socket
• -b File is a block special file
• -c File is a character special file
• -u File has its setuid bit set
• -g File has its setgid bit set
• -k File has its sticky bit set
• -t Filehandle is a tty
• -T File is a text file
• -B File is a binary file
• -M Modification age in days
• -A Access age in days
• -C Inode-modification age in days

Stat Function

Returns a 13-element array of info on a file

stat (FILEHANDLE)

• stat FILEHANDLE
• stat (FILENAME)

Useful for file info which the file test operators do not provide (such as number of links) or for finding the true mode when superuser

– Typical use:

($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $mtime, $ctime, $blksize, $blocks) = stat ($filename);

$file = “toy1.c”;
($uid, $gid) = stat ($file) [4,5];

Lstat Function

• Same as the stat() function, but gives info on a symbolic link itself
• lstat (FILEHANDLE)

• lstat FILEHANDLE
• lstat (FILENAME)

ul>

The _ Filehandle

• Whenever a file test operator, stat function or lstat function is used, Perl invokes the proper system call (stat(2) on UNIX) to get the required info
• Doing a file test, stat or lstat on the special _ filehandle, causes Perl to use the existing memory cache (stat buffer) of file info from the previous file test, stat or lstat

-Example

[code]
if (-r $file && -w _)
{
print ("$file is both readable and writable\n");
}
[/code]

The above does only one invocation of stat(2) which is more efficient than the following which causes two invocations of stat(2):

[code]
if (-r $file && -w $file)
{
print ("$file is both readable and writable\n");
}
[/code]

File Name Expansion (Globbing)

• If the string inside angle brackets is NOT a filehandle, it is interpreted as a C-Shell Filename Expansion (Globbing) pattern (versus the input operator)
• All C-Shell globbing metacharacters are valid: *, ?, [], -, {}, ~
• In an array context, the glob returns a list of all filenames that match (or an empty list if none match). In a scalar context, the next filename that matches is returned (or undef if there are no more matches). This is all similar to how the input operator with a filehandle works.
• One level of scalar variable interpolation is done
• But since < $x> indicates an indirect filehandle, use < ${x}> for globbing

-Example

[code]
< *.c> # All files that end in c
# Files ch1, ch2 and ch3

$x = "*.c";
< ${x}> # All files that end in c
[/code]

Unlink Function

• Removes one or more files (actually deletes links)
• unlink (LIST)
• unlink LIST
• Returns the number of files successfully deleted
• On failure $! is set to the value of errno
• Uses unlink(2)

Typical use:

[code]
$count = unlink ("toy1.c", "toy2.c", "toy3.c");

$count = unlink (< *.c>);
[/code]

-Example

[code]
#!/usr/bin/perl
# Simple rm program

foreach $file (@ARGV)
{
unlink ($file) || print ("Could not unlink $file: $!\n");
}
[/code]

Rename Function

• Renames a file
• rename (OLDNAME, NEWNAME)
• Returns 1 for success, 0 for failure
• On failure $! is set to the value of errno
• Similar to mv(1), but does NOT rename across filesystems and does not work if OLDNAME is a regular file and NEWNAME is an existing directory

– Typical use:
[code]
$status = rename ("toy1.c", "toy2.c");
$status = rename ("toy1.c", "toys/toy1.c");
[/code]

Link Function

• Creates a new hard link for a file
• link (OLDNAME, NEWNAME)
• Returns 1 for success, 0 for failure
• On failure $! is set to the value of errno
• Uses link(2)

– Typical use:

[code]
$status = link ("toy1.c", "toy2.c");
[/code]

Symlink Function

• Creates a new symbolic (soft) link for a file
• symlink (OLDNAME, NEWNAME)
• Returns 1 for success, 0 for failure
• On failure $! is set to the value of errno
• Uses symlink(2)

– Typical use:
[code]
$status = symlink ("toy1.c", "toy2.c");
[/code]

Readlink Function

• Reads the contents of a symbolic link file
• readlink (FILENAME)
• readlink FILENAME
• Returns link contents on success, undef on failure
• On failure $! is set to the value of errno
• Uses readlink(2)
• Uses $_ if FILENAME is omitted

– Typical use:
[code]
$link = readlink ("toy2.c");
[/code]

Chmod Function

• Changes the mode (permissions) of a list of files
• chmod (LIST)
• chmod LIST
• Returns the number of files successfully changed
• On failure $! is set to the value of errno
• Uses chmod(2)
• The first element of the list must be the numerical mode

– Typical use:
[code]
$count = chmod (0755, "toy1.c");
[/code]

Chown Function

• Changes the owner and group of a list of files
• chown (LIST)
• chown LIST
• Returns the number of files successfully changed
• On failure $! is set to the value of errno
• Uses chown(2)
• The first two elements of the list must be the numerical uid and gid

– Typical use:
[code]
$count = chown ($uid, $gid, );
[/code]

Utime Function

• Changes the access (atime) and modification (mtime) times of a list of files
• utime (LIST)
• utime LIST
• Returns the number of files successfully changed
• On failure $! is set to the value of errno
• Similar to touch(1)
• The first two elements of the list must be the numerical access and modification times
• The inode modification time (ctime) is set to the current time

– Typical use:
[code]
$count = utime ($atime, $mtime, "toy1.c");
[/code]

Borrowed and reformatted from http://umbc7.umbc.edu/~tarr/perl/perl4/ch12-filemanip.html so I wouldn’t loose it.

To Begin: Create a File

Our first step is to create a file so we have something to read. Suppose we want to store a few pro wrestler’s names and some other data about them, like their crowd reaction and favorite moves. For this, we could put each wrestler on a line, and separate the wrestler’s information using a separator character (delimeter). One that is often used for separation is the pipe symbol ( | ). We will use it here to separate our data. Here is what we want to store:

Wrestler Name, Crowd Reaction, Favorite Move
The Rock,Cheer,Rock Bottom
Triple H,Boo,Pedigree
Stone Cold,Cheer,Stone Cold Stunner

Now, we can take this data and put it in a file in a similar way. We won’t use the headings, just the wrestlers and their information:

The Rock|Cheer|Rock Bottom
Triple H|Boo|Pedigree
Stone Cold|Cheer|Stone Cold Stunner

Each wrestler has a new line for his information, and the information on each line is separated with the pipe symbol. Remember to be sure the new line is started after the last entry (hit “enter” right after the last character but don’t put anything on the new line). This is so Perl sees a “\n” character at the end of each line. When we chop the lines after reading them in, this will keep the last character from being chopped instead. Just be sure there is no new data (even a space) on the new line though, or it will read it as a new line of information.

Once it is ready, we can save it as some type of text file. We can use lots of extensions, such as .txt, .dat, or other things. However, if someone stumbles onto the file in their browser, they can easily read the contents. One thing that helps a little is to give it the same extension as your executable cgi scripts. This way, the server tries to execute the file if it is called from a browser, and should return a permission error or an internal server error. If your server executes files with the .cgi extension (ask your host, some use .pl or others instead), then save the file with that extension, like:

wrestledata.cgi

Once it is saved, be sure the file has the permissions set so it is readable (755 should be OK here, if you plan to write to it you may want to use 777). Once that is done, we need to make a script which will use it. For ease of writing and of having the right location for the file, we will assume the data file and script will be in the same directory. If you choose to use separate directories, be sure to make those changes.

Opening the File

Within our script, we will want to read the data into our script. In order to do so, we must first open the file. We do this with a command like this:

[code]
open(HANDLE, "FileName/Location");
[/code]

The HANDLE above is something you will use to reference the file when you read from it and when you close it. The FileName/Location is the actual location of the file. Since we will have them in the same directory, we can just use the filename. If you have it in another directory, use the server path to the file. Here is how we can open our file:

[code]
open(DAT, "wrestledata.cgi");
[/code]

Of course, you may want to assign the filename to a variable, so you could change it later more easily if you need to:

[code]
$data_file="wrestledata.cgi";
open(DAT, $data_file);
[/code]

One last bit on the opening of the file. You may want to have an option to show an error if the file cannot be opened. So, we can add the “die” option to print the error to standard output. What we will do is use the open command, give the “or” option (two pipe symbols) and use the “die” routine as the option:

[code]
$data_file="wrestledata.cgi";
open(DAT, $data_file) || die("Could not open file!");
[/code]

Reading the File

Now we are able to read from the open file. The easiest way to do this is to just assign the contents of the file to an array:

[code]
$data_file="wrestledata.cgi";
open(DAT, $data_file) || die("Could not open file!");
@raw_data=;
[/code]

This will take everything from the file and toss it into the @raw_data array. Notice the use of the DAT handle for reading, with the < and > around it. We can then use the array to grab the information later, so that we can go ahead and close the file.

Close the File!

We have to be sure to remember to close the file when we are done with it, so we close it with the close command:

[code]
close(DAT);
[/code]

Again, the DAT handle is used to reference the file and close it. So now we have:

[code]
$data_file="wrestledata.cgi";
open(DAT, $data_file) || die("Could not open file!");
@raw_data=;
close(DAT);
[/code]

This is enough to read in the data, but if we want to make use of it we will want to pull it out of the array and do something with it.

Now we will get the data out of the array with a loop and the split method.

Making Use of the Data

To make use of the data, we need a purpose. So, let’s say we want to print out a simple sentence for each wrestler in the list. We want to say the name, how the crowd might react, and the favorite move. Something like:

When (wrestler name) is in the ring, the crowd might (reaction) when the (move) is used.

To do this for each wrestler, we can use a loop to cycle through the content of the @raw_data array, grab the variables we want, and use them. This is commonly done with a foreach loop:

[code]
foreach $LINE_VAR (@ARRAY)
{
commands...
}
[/code]

So, the $LINE_VAR is a variable to represent each line in the array. The @ARRAY will be the name of the array to loop through. For our example, we could use:

[code]
foreach $wrestler (@raw_data)
{
commands...
}
[/code]

Now we need to do something inside the loop to split each line into variables we can use. Before we invoke the split though, we will want to chop the \n character off the end of each line:

[code]
foreach $wrestler (@raw_data)
{
chop($wrestler);
}
[/code]

Now we are ready to use the split method to create the variables we need each time through the loop. Since we used the pipe symbol as the separator, that is the character we will use to split the data. Notice that the pipe symbol needs to be escaped with a \ character since it is a special character in Perl:

[code]
foreach $wrestler (@raw_data)
{
chop($wrestler);
($w_name,$crowd_re,$fav_move)=split(/\|/,$wrestler);
}
[/code]

Now we can print the sentence using the variables we created, and it will print the sentence for every wrestler.

[code]
foreach $wrestler (@raw_data)
{
chop($wrestler);
($w_name,$crowd_re,$fav_move)=split(/\|/,$wrestler);
print "When $w_name is in the ring, the crowd might $crowd_re when the $fav_move is used.\n";
}
[/code]

That little bit will get us:

When The Rock is in the ring, the crowd might Cheer when the Rock Bottom is used.
When Triple H is in the ring, the crowd might Boo when the Pedigree is used.
When Stone Cold is in the ring, the crowd might Cheer when the Stone Cold Stunner is used.

And there you have it. Of course, you probably want HTML output instead of output for the console. Also, you might want to see the entire script in one piece. So, here is a full script which should give you the same type of output, except it will be an HTML page:

[code]
#!/usr/bin/perl

$data_file="wrestledata.cgi";

open(DAT, $data_file) || die("Could not open file!");
@raw_data=;
close(DAT);

print "Content-type: text/html\n\n";
print "";

foreach $wrestler (@raw_data)
{
chop($wrestler);
($w_name,$crowd_re,$fav_move)=split(/\|/,$wrestler);
print "When $w_name is in the ring, the crowd might $crowd_re when the $fav_move is used.";
print "
\n";
}

print "";
[/code]