Recently I was asked to take over the programming updating task of a php website. Interestingly, when I open the .php files by dreamweaver and Notepad++, I realized the codes are being encripted, just like md5.
Actually, how this be done, while not affecting their functions in Apache environment? And is there any way that we can resume the codes back to normal php and html presentations?
Thanks!
It's probably something along the lines of this:
eval(base64_decode('gobbledigoog...'));
In that case, just replace the eval by echo:
echo base64_decode('gobbledigoog...');
It's likely that this will result in more eval('gobbledigoog'), as the code may be encoded several times recursively. In that case, keep doing the above until you get real code.
Have fun.
Related
I know JavaScript or CSS for expample can be "compressed", "simplified" in order to be loaded faster. After simplifying they are difficult to be read by humans... and this is exactly what I need.
Is there anyway to make it automatically? Rename all variables to short random strings and make it all hypercompressed. I don't think it is a fool thing because I have seen this lot of times in javascript. The idea is to conserve the original source and upload the minified one.
There is no need for doing this. The Server reads the file, and the file never gets transferred to the user.
Therefore, compression is useless because there is no bandwidth saved.
CSS & JavaScript does however get transfered to the user, and therefore they can see it. A user can never see PHP unless you've done something wrong on your server. But then you need to worry about totally different things than compression.
If you want to compress it, this is basically useless, since you have it on the server and only the output gets transferred to the client.
If you want to make the code more difficult to read for other human beings, you're looking for something which is called an obfuscator.
There are a few php obfuscator engines out there, p.e.
http://www.codeeclipse.com/
http://www.truebug.com/
http://www.raizlabs.com/softwarephpobfuscator/
The situation is next:
I have php file, which parses a web-page. on that web-page is a phone number and it's digits are mixed with each other. The only way to put each digit on the correct place is to use some JS functions (on the client side). So, when I execute that php file in linux console, it gives me all that I need, except js function's result (no wonder - JavaScript is not a server-side language). So all I see from JS - only a code, that I have written.
The question: can I execute js files via php and how?
Results of a quick google search (terms = javascript engine php)
J4P5 -- not developed since 2005 [BAD](according to its News)
PECL package spidermonkey
a 2008 post by jeresig points to PHPJS but can't see when it was last updated.
I'm sure you'll find many more links on that google search.
Alternatively:
you say that the digits are scrambled and you need to "unscramble" them using js. Can you code that unscrambling logic into a PHP function and just use it? Will sure save you a lot of trouble, but if learning to use js in php is what you're after, then its a whole different story...
Zend tutorial: "Using javascript in PHP with PECL and spidermonkey"?
http://en.wikipedia.org/wiki/Comparison_of_Server-side_JavaScript_solutions
Alternatively, PHP has simple functions for executing other programs and retrieving their output (I used this along with GPG once to create a PHP file manager which could live-encrypt files as you were uploading them and live-decrypt as you were downloading them)
Using those functions along with http://code.google.com/p/v8/ you should be able to interpret any javascript.
Not unless you know someone who's implemented a Javascript engine in PHP.
In other words, probably not.
Without some sort of browser emulation or passing the unparsed js off to a server side implementation of javascript (maybe node.js?), you won't be able to execute it.
However, does the page use the same js function to unscramble the phone number every time? You should be able to read the incorrect digits and shuffle them with PHP.
If you're prepared to do a bit of work building your own JS runtime to work with it, Tim Whitlock has written a javascript tokenizer and parser in pure PHP
node.js is server-side... but full JS :) no PHP in it so I don't it answer your needs...
Anyway, here is an example : a chat in JS both client & server-side : http://chat.nodejs.org/
Plus, not every host allows you to use the v8 engine...
If you have Javascript data objects, and you need to convert them to/from PHP arrays, that's quite easy using PHP's json_encode() and json_decode() functions.
But actually running Javascript code? No. You can't. You might be able to find a JS interpreter written in PHP (a few other answers have pointed a links that may or may not help you here), or more likely execute the JS using a stand-alone JS interpreter on your server which you call out to from PHP. However if the JS code includes references to the browser's DOM (which is highly likely), that's a whole other set of issues which will almost certainly make it impossible.
Given the way you describe the question, I'd say the easiest solution for you would just be to re-implement the JS code as PHP code; it's unlikely that all the work arounds being suggested would be appropriate for what sounds like a fairly simple bit of utility code.
This is probably something really simple, however I am quite new to PHP, and havent done any HTML in years.
I need to get a PHP variable filled with an array of figures into Google Charts. My code for this so far is:
<img src="http://chart.apis.google.com/chart?
&chs=340x175
&chd=t:<?=$filedetail[1]?>
&cht=lc
&chtt=Test
">
However, Google reports an error, as it stops at the ?=$filedetail[1] for some reason. It doesnt seem that reading the variable is the problem, more that the API simply cant read past the start of the PHP tags.
Thanks,
Rob A.
EDIT: I have managed to make Google accept the URL, however now it is not showing anything on the chart, as its filling in the &chd=t: field with instead of the figures within that variable.
The URL reads like this:
http://chart.apis.google.com/chart?&chs=340x175&chd=t:%3C?=$filedetail[1]?%3E&cht=lc&chtt=Test
If oyu say Google is complaining about the ?=$filedetail, chances are you are doing this in a file that is not being parsed by PHP, for example a file that ends with .html or .htm.
You can see whether this is the case by looking into the page's source code in the browser. If you see the PHP command in the source as you wrote it above, the PHP code was never executed.
The easiest way to fix that, if that's the problem, would be to switch to a .php file extension.
In URLs, literal & should be written as &
Edit: And you can't do ?&chs -- it should be ?chs. The line breaks are probably going to break the URL too...
This is a string (see below, after the dashed line) in a database.inf file for a free program I downloaded that lists some websites.
The file is plain text as you can see , but there is a string after it that looks base64 encoded (due to the end chars of ==). But b64_decoding it gives giberish.
I wanted to decode it so I could add to the list of sites it had (the program lists a bunch of sites and data about them which I can read in the GUI) and to do that I need to decode this, add to it, and re-encode it.
I think the program uses .net since I think the .net library was required on install, but I know nothing of the original source language.
I am using php to figure out if there is a simple way to read this. I have tried using unpack, binhex, base_convert, etc as I suspect the file is binary at some level, but I am lost.
Nothing illegal, just wanting to know what it is and if I can add a few things to it to make it more useful for me.
here is the file - any ideas how to decode and recode this for playing with?
Site List
file size: 62139
db version: 13
generated: 2010-04-27 11:53:40
eJztPWmT27iVnze/gjVVk56pXXXz1BW3XW2PPXaNr/iIa69SUSIkMaZIhaQstys/fgHwEIiDBEjQk6Q2lUraeuAD8PDwbgAPtkl6eBoZsX8At1enDKRXRvGfL350gj/9uEmBn4MVAqFGP14Z+f0R3FoP//CA+Rb9ddXj26OfZYJ+EeicpEHrt/5V/2/XA75FDTjzlf7WvlL/NgWXnlW/BQc/jPjzxaAfMUzU7+Xr7m+pj7cVZ/C63pa8Iewa/e+299fbMM3yuv8+fa8wCs5Cy/W9EmwLztfU51Eb2SKZoUe9v458gmq9+l4hFDyiS/W9Ei0Z52tO5/W8+VQ3aGwipvcjIRGUMPmnfN8XE40qCFKABSaFpgQg2ggGARtwB9D55SbM77lfIkCxGIIvsxw2460jBrRxwbfwyJdVEFB2eSERTaTstP4r2OQsG+RhHoEfL7+XOGy6d9yObKaKwE/zJo4eCFYNDD0QhJsIXHD0RHAZRV8EzF6WRQCXkU/ECnDBIUSwB37A8oEsgg3kuF2S3rOCtASwCNq1H4ECCYVCuTT4mRlDUwH2QNDUgT1HcFGDfUewIobQjaBVGdIYkMqoV0I8h2gIgqZK7DmCi1bsOYKVcB25CFp1I38djAY6wXqeokg8Enk8qEWSXg0eT4GHGFFPPMk5BmkHn8rgaVoOA+ZVStCaTgPoo2U8eBzD6bNdHUHci38Ycwi14Xk2F0C7aCpZh3Vv1BAQQ1BFUDDdAATk9PsjuBiW/WjQGIUqglPamACBAJpBH9+9JIwFsbkE27GaXhoBXkZiHKoIzmCdhTnH9VBEsKrHoIoAfd0gZB8i8pexAnQpGMhBySndsIKmAnDsJc6GXocJX1RBQJfJViwkgaEfAmIMqgjI0fcbwTo55cINLYOg0BsXPL1GQGrnnkQMQA65hvRWxQgoDAHINlxbBQHS8JiHSUz6nswQiHZXvRCUVGzi4SNpV98NDCoIstPh4BPeR8scWkdA4FFEkOVJo38JBBSGz+AehSWzKwZDBekwe8s5EHj6IVhdMHQioN3AJM5BnHPWocQtsSFXTSTqCPAc1klAhWLUEAyaAmpGzKIfghx87UuDQqYMQFBFNGoMiggu1JcmImP5VpGD8BKW4AcV2udQtV2FZCqAiwCOIQeHYwSBxotfbq/uChTGL362Xyd+GhhRsgtjOzutD2EOO7g+7o9XD//wbw+yI9iEfrRCmB5KffbgpvENxLGN/F328O/P/axo//e7U54U3/z9wU0Bhc0wDNk+D2+4aC/wS+MMpA+DZHM6QIa83oH8aQTQn9nj+9eQVj9BYtd5qZ//2/zfa0ymGhX6usaFsicduOrMC4sLf13j2oZxmO0f3tQzwCKYnEbZAlEYt0HzsvkfkA1g+xTswiyH/gKmVBbu4tOxaNiAXDAXQrpjanW08jI149b4oQzU/fCn/4H/6cRQKRkKB6knJDHhbUahqTaYJApob9IYahNUEgVUDjSKWl/88Kd6ZUoCXygeJDEoludwX466sZQ1nPokSpLPcKtb9UZ7f9psoEeGgi33xtsELm7QRFJ/ATGVDnXRcfmPolsSQjQkMTx8C2IDTb3Z510QoC65X5C8KMVjDSeTomsjlSizPGU+Uhc6ztYmEdWpVbmh6cS2paQXiahIHMlgiVqwRNJYSmpbAkRVGkkGVZHd4eNBCR4ZHDgrxUeB81IyOIr8FB9JkaJCO51mdCTpUSx2s/fjHXhom+Z8YjoT2zKsxdKyl5YHBT3R4A8PbioF/JBWxjdhHICvaKc+Ovo7cIsVBKt8uc10KFs+Xo62rTb+R6g3jZdkM0IkSCpm1GBV8qQ1TC8Tm43GxNfK9YRZZUz+u54VnKrx5pQ3W5NzbqhwipwNjc4o88s/rRrhc5AC4z45GRs/NooGRgzORmUVkEgsrjTmLWsFHGImNPOBPS0FKqJNK3l++FcebRaHxyPIh9kgNTK+QXOxRGRsAGohDlBCwv+XNwb+E9os1eIbe7iv1wBUjNFqEHB+t5vYwqwDj82RdLOJucCSbrq05kvPVJB0aGdf413EdzCoBkLpdhdFydl4/uHVS0LQ8aUbjbGPF1FERAc7EBLuA7Gzy6FDnXpN2JCPHjW2PyN9ur/hOBH4o+Kn1EdbBH8FZc4BHNYgvX0Nzv/+Cv85RHoMkhp15EZsj3du6ktUlyd0UERSWjIUGMpIyCe4w5Pzdf0Zcl6uwzgGKeJQUmKgf0t0IuVHcUSPijlOKuAhpuUlJT3MuMTjoTdaH1ten+2t046vckOsJsF5me/FvRQSWQa+BO0xB19JWcRYT1gLw7KgObw05wp6ohhndiMyhRtwCRuYrxooLH00w8dLdGmgFfu224ptCPpq8NU63ARJp5ynvxkizT8MkebvdQSKnoXsACrDbRuKzDMVGfmRjR2S27+ua+8e61ttgqTC9CSJoZl8GI7wGTK2Xw9XBC/9VjSyeuCpBhXwOEx2qX/cs4b7RVRKSjBvYi8M21ma9tK25SXYVRs2c2nPl46CPCzDgR9SP4CG2iY5CEPzlya9pSL+86afOMQHSLTYydIh9uZwOzx56PxAD+oLgF4PEeSETXcgMKCHIOPiW1WU/qbdEuc04ojkWnxr8Mt1uOVaQvhknq93EL9RwTDYYJfwHzQY1MMVhS4L+G64YkBNH8uhURGmlr10vKXlKpiD5+OkLWhAgnWEDJr4+shB2EyDGDzLRQpsPGI/OEA5eEyyfAIdd4nMITnLR/4Gbe2WIGH970omvit/MJ4lqfFhH2bGe+jfEB+ywlNiE6HxDwsvHjZwowRhDt0cc5iXrsPBLhyYwVJByTlW3IzmdOk6CpuxULjGT2s/MPb5IfqZsyOZNv+61ohena9f4Uhzg2UhT92ZLW1LnhtevH/6y+vrJN2xTFCDdIjkgp6TykjhMwSRrwlj44/G+yJ3clfnTYYkq/TUkGC9KS3W6VkX/nsp6itgPOGVGAiqRZoI+WUjjAR/gpnKuIuNu80mOcU5j7bD5H5lXw6zO1uqRiQjr63WJoFjoG4gTkMNc7oPYRBEYAXdlRxuMArZ9wveQn/z6Mc07SXI3Vq9IV9OMLwQ4JgmX8J401UJ0IkG2i/MOqiVNRz3SUwPQ6KQwf/KlFN8h6i0DneFI117mkn6wvUbNVRKSnaG0qa2Sji8zfnR5flUYptE2Fdf+hqrLv0VZYAV9O7Umit5rVj9a2gVpZ8OrYxYZVC/5/i0wMAITL6KwvgzOgvUP+OUrvApT95oWK0qwPb4/kXw01WIwtXICUueQtfMuvp5UOp0oPLlcmdPiVNwp6geTkHgFIhsHYh0yGR/aKIRSo0NLiUYppb9lZSKUgrmm0vbWbrTVvkbhKkB0d9enc/na0j5z0kcQoZNY5DX8XckH/jgBzel7EBc9PCVn34GeRjvDD8OjAxEEfo7ieH/AeMc5nvDN7KDH0VGkhr75ACM9SmDsAxa1RgBRLRLkl0EHk6ga1b+CX/0I/DVx78Vf1Fh6n2eH5c3N/wh3hQG/Ko04K+Rl94azx6EzVYTpNXlHT3laHFiqVVicUQIyy7uxLQxu7hLh/WJIYswnOIf/G9o5RgeIQFN7rgrIcxau+xSW3PPnBGrrexHE4tIjuimqPMpolXXm+1hQJkUa9KPVy3VyPmozq0jVbRPwfb2Bzib2pCA3z7CLFjWdK7uk1NaQTO51JFokFQ/sjtRFgdr9IiQ1LYQxvD7pqSInI1Ffq9S80WWaykIA2VnXlMllQZfXOOxCP1VCxIGjqQu7yGci0Vfh99Y8dwAUQK6rJV9HH5jZPSUldGeNTOtVhlNSGaRaGgMh3Jo2tPOvbCoq2fUUhzEIoq4ZYodMTZhKEqlCLzExbWAiYsopBENEl8ljuFByQpRq0U+kkWTAT+FLaqAMbT3GhuHBTc3z3sMv0SJqf3jcWwcZ+bNZ90mLdszFd1W0aPKyBR3DK8uqvdJB26FlBJ3D6rdu2tVqTLFf+Eu9vNTyqfIqNxcWSXNQipKC+REDRVPERQ1VlK87E3nU132Oj24MjX6KABZfnvJPP7DJkqFxrrSxIYVeMkd4WodnFSKtxVDnf6lZ6jrYBZzrFL1aFaADoKE6xOK36zIm9V0H9ZqdKTjiAcPr86SturiiGFJxuoEXHk5T3e6UX3REOrVMfLZ6pN2Kfv/FW/aPBRvYs9wScV8abGH5HjqqQyKTzZJmvoRo59YcK2gdFzTgfVZGac3nuA+GCXnsErOtheeaxNaToeiBpUtVoRJGVJw4PppUZmtxhvciUyEbu5NvXkHLSxMCw+Ro5MWMUhqC5QgQfNn/TN/DZK76sSyRFjSsuYzT+OsCb2Zhpu9yFCrYKOtvPEO9iBDAddzGk6/RgJ8gYLGF1GgBo5Ggr+gHmTEgOWac1RHqJUGh/tS5q1PYcQz2XkN9NPi1b1RycXHRT9SFHHMhauTK2r/FP4CNijJsUuioEETcRP9VPml6uJX2IVRY6p+ldk39tS1zREo5KbgmIZxzqUNCRxRabjGu6IfhhAmJ2o4s217JBG69UOhr1vBxhOhz2APDAVsDis4c9ObjkOBLAY5SlqKqEDCR+SI10UvUrLDMq2FTkMCzTZOcnD0g+vySG1FhMvPIxgSBW6ZKU89+B9X85RPx9M6gq4+nNw2acy6AdE/8Y/G2wI/USLbLQ8905nqXvUqDRAleS4OehHg8WTB46ITGW6YzSxzoZkS2xSAKqA7CcAxYWs5+E30U+QZ7OeiMlE/MkRxp/OF9i2Shrt9dT8RQw8aqJ8S71APFSmkbG3L9izdiuLo536cQ1syO0VFRUulGr748JcGTTra6ifRW9whMkFRj/DPzHiBi29wgRXHS+eEomeOO7VnI6lXHG0SKtcaOp5qvUNdyFgZlu0ubO2CxY8i6BsgsxLE4JQijcJSg99mBJpE0VOioxdYvUlQZr5wF7oZBHyrHRJGAVMw/YR4+l+17m3xSni6Z+o4C61uCcrAX2++3dSapRrOxTkRNhlPHSu5apY7s2Y6iUKIiA2I2GgnBRuPDE9gDzI+GnRVLVMnBa7a+xN3ZZmoK9vDZ6ndpSMXXa62G9bpcXIWCmyywXgyGyv+18mZIT2nxtW25wvt7lCtn04b1vChgeOx33vUhYwKt73ZwtYdYSvn+dlPD8IoYw0cjQi/oR6kAkbuwprqjpOgaxn/dgIZMlKuT58pY68BG8O4KzuQmf5s6lnaI+1lOGxSRlJZH4CFj+AGFJ1UcVYZYixmnjOSResHX+AgTqlQLjQajCcb7qpuZMwW6BU5nnYNbU2SYx4ewm/FxZCku9MkTEvDEQhkTd4QvUlEnzuPTggLOFom1nr9Pldnu4YJdba5NNkLolv48VAdIamP2lP82GgwHj/WR1nkMkLWCOGKKvcHcpSXF6YGL+ARs4NFJ1J7E7rf2oMWdRKQVyxAA8cjw19C2UoBbzGf6SZCqZW2JxCBgKECAx2tYuIZ7kKKDObMm+q244LT4RCCbHcKA5Cz0QcWrJ8QH/bwu6If41fUkQwxFtO5N9ettML4S5iFaygW16xRSwP1E+JF1cOrx3cyNHBm5szVLSfzvZ9nh/s43OxZK4YGjsEMsAfj1b3xGvUhRQUbunj6qVBVCp2TNGLlAwc+zsaovv+EupGSElNvrt3TgdMtJeImSWNONojXYByCEIVmsWw9heNYuhkEneGr8htMiJIG6qcEvo2/23jl88fMHKligCkr4cBGsyd+ffPyF5mAtePazlglEwdo2SXHJAo5J3l5LUa0uOt+pIooZtPFQmuMskqKnsG6FAwsSTjwETKm754+NT6BdSU4pOgxm831kwO/5wGCyy1arIXBNhjDysC9iOsLeEkec6rf9IS+FhRcqJA6Cr9A37Ccdp3A4ASUuj8YI8JU9Wq8xN1KyF2e2IF62TV10/Ds7w9ihmKg+qnz6e75q4kSK808z/S66r77yl8/Pol92gt0zEgH6kMmLWTPp+58rMx6GGcoTSJMTxDwEQvXXhS9tGwUHl2mtjt3RmKQjTj0sxk57POEE/HhZSqcETRxHd3yo4M49FUC+RSQfEaOCnRBlHJli97CstpnPZ2YHn4TxFracolLZF9wdASdqhE3G06JZr2WyjaYtO8AdWocQbqF3QuVBQc+fP5vC6RiY4PHDPbcnC/aC+DVpr+FIyZWuTF1DkzDssO2Brn2UpUSpgudM93LTs6NTgJQMD3srjBjG/rl3rRdB6rN+LN/hhPa+2WRLkpskIvNBw+f928l3qp4l5fp4B6AWkxnHcEa9RWvHG6opUAsdMdrqJLCk7CAfsWYZQoTPHPecYpDffKHe7E5TMF0TfzVvUy9GO/Qn23PdS7+8Logc7F00Du0UqT+GzR0w/yeECIsyQVtdJH+zwX6hqiV8kJcqGQcnSqG2Fq1ESEMAjVbfIdCPZYm3GIpx5yJhfGFSWboIkSLvYiWR5Mo8FEEND0USXD6HhgWrJ8aL3+5I/ooeKVinH6uvOWZC7GeJgllzXg3RnLzkX6aRGHsC7cSr8EIWcmyF6XjJ9bUk6LHdOnA/y7kNtN60xkQErQZYUM9ftLvoKJltVXPk5RBkkaOU8opx+DrSShhauB4wuU16kLGk7Es1xbXYJI0gBvGk9M9+LwNMt3F2p7fRJfmwVIEm/nCjcIlxXwxd3UavGQAIzkcw6guNuLGOJpNRqyNvnQk5/qYltgSarCIs/TkBMgO1dhUS4/Ef3JgmUTUSBeb/IrwX8xD2IPxCnYhQ5Pp3LQX7fHi/iZKNQGhhUI2GNFAqb6VqmOeOmJyXHjEW3rO0mZfJuKGz4tLoi8SgrZPeA108canArdSbMRFx5BGchiz2M/Fl2ZcoKOxw3vchSEZM+Pdm7bwxDZ9g0MgbeSkyD5Zr+87DRFhK1288hx10C/hb9mLxdTSHVYqJzspbkAE8Y53246okeaQw+Q9gf93ia0GAByFhggNHOFGDdiDkvvrebOZ3E5xob6Vk6U130+S7UVeMrUx4mYj3jRivNkq2WmOYzVvYGwhkLc0lZIwAeaGA+/EBLeFrs1SvryFK4deg7MwMv099osfJPgCvWr9W1y8tpYjaKKyu74RvelUcl85ztLp3lenz9fr1IcuzBpOoUEbBqKLTR4jrOjGhZ1avmpmubO5tSCPSHPuxmSGfUOvSvN2TJbZqucnoQqXOL9YC5jsGAYg3VCnF/lgQT4A3U143bnLMKInyScleWPPLdsy20vc1XdZvgenzxIJ0JZ2Q0iBqjU//tYv++k4ZmuMrR9BCmue5x83IIJJFxeaZjdtiaBPFR6pU3nzmWe77RuGGRxxhqjaOYUYl9s5tolOEXEekW/XWAnvjCML5l98zL+nhHfZhNes6Zd765W9NJcYEfssWXXK6nd5wrP9XZL2y4TJWcXgXCVuO98pa8fU/oiZyrWuJZks4VMWRq8nKQQof4dXAs9aHgjUgaX7kS2ll60slNCRiLxW70t9jpMz5KIdyKAxSR2Cb2nTlA6Py4a/VQ3f44ZydQPedDZvF5wt42hKzqGPTpVojIFP+BVIylro/pfko3umfchPrzks71Nvn0lcle9NzJlhLZauJVtqhp4P3KWodoI9JULBmvzwEgJ/LYBy94pMZ2YHD3D6pF955L3P0EoGp3ubVLgBfv01TU4x97JNGt4kB6qdM57iFv1MKNtcLOwOc1wwEuFl9TzKWCaijDNbmtLmODSjwm+UFcaC+MbE86KBlH01c8xGgYWSPcEO6FIR1PqM+IfE8IPA8GOj2tX3yck4nLIc9Uq8JqD+QCpu9l2fppcgxiP8rvhtYZJImSIcbMVra1mBb5PfHtNkGyKztvOV8WdhFBnQhTG2IYiCzFgD9EpGnhhVS8M34NgMRKP/QE8lwj8MqAv4T4+rGDz0avS0KzTdY6/nGnuogLZymNTeL8ZCwptDZ03eZ4c0PO8TvsN+gTXFxEe4uJ/27M1lPB9zbi08zjMrtXiwZeQDOZSbR2Fwe2f9k7yCKN7m7JwclX3Nfm7L7uMwRsIyNQKQQ2rUm3kPYmMThZvPxnv0SAu6p+6ev3+5zGfhwjZXJnO82QP/CB3ufZKh+you0WoMKH9NwZcQnOGCfAk3IMNPwAdIeJGcOhRRk62foI/wMbbnxZeqtoDpTht3vHAWf+iI6+W/3EFHvYZVx/snuDgDA7MsTGJJSwOvI8pIdIcvAHqa8pJfICufWVCT1k8x/BIA9nN/7cfs9cs8kYKumeqwudjui5+ouI4KSTx76XbfC4NyLMckiVA86QtcwKbfxoU2CfOphBjobsi3sK2Ur2YvPIvz+KycEcYdVfnQ0z/wm1WcZefPROVVKD6G+lWoYcEbuTd55PW9ZVjmEp1R6t6qB7gF/CrBgxK5IcWaogbUc9m4Ve0r3RXtpG4GXszdRUccVjSGm80unKwhNxbfXB/ZUIKYPlAloepACa86gUvHPj9a/yqIWJ+Pk64gPYFCppoRDn/Bf2Sx4XTXWNEQsHtwc4T6QylW2cAhGaWsDIF3lemPCq7yfQgNCUgIeYsBBcWK67bkEgto2ML8Pw1ssi2CKpUAefa0+W6SYA3obrtixmI29dylK0cHaz6fC+lAA5t0QFAxHXinR1zT7q1XeOMpUwVFOLCPasm/5vrSBRBZ/4wBMzXqVVJuyFO0ERlk9WYs0PR/fjD/WgVhBwQ8v+aDIq9oDDix1x1T70Cj5b1AiKd8t7DjOcOBb/DBflqyIj3zNfwN0DMswt8APUMbENkmidXwyXBO63PpJVRyrvskBtSTjlIfbv2vVz0+Qwqxz3eohNyP7zlrLPW5jlcbEZulNBLZwR/Y9IqiXWstzfnSlCuKq+RmmEV+LKy2JsACS67weIyf1n5gIKn7c+fVCxij1LGvKXTQzPZLsvtUeE0Ofp6GX5mS6gZk6HSDySuMS+qiuOl0Pm2/B6zH8eow9uMNmFTpxknksxekixo1LaBnRSujSowad3FgvPTPxrsydymXFlvYjt0W1ey0i0Sj/ad0u1snVHrfjx5J20JCVC1uuHIqWUcmWefjxZIPLEtiwy8h63gHuXgGufsRZDG6D/6uwBhu07p4pUzBfwrjIDlf1x+uk+D+OoxjkCLUSqNmu7GVumlO6V/q8WVfT9ZqLYdG6QFmdNBsaUkeVi1PXYYb4YHMAqRHvUNkMlX+C2vutFSx91Ts8b3Qw6dgVAI/vlc6VOzC0VtOd5yD6vQGWt3tfq6CfyoWVTKlXoWxSYtNpeqbwt5Ex+3V7M3yeWvBre8EmFtkofJytTdz3Mapq9LeuItQ5g7JLNLgaK9wJMZF1+nwIlbKirVd7SgsibN0F7LnUMEXkN4HvnjX8BpQGSmqhdx9g1OnsS4C0vN6V01BFbLSlKNHtkmSY/U0SpMSTVCTBu8R7M+yD55YrjdrXvAhmH6zy5tqAyhTwF3ai6Ut9zgDCj5P3JCdPwmgiuPevPlt4r74IBcgXkwtTtmT0o4kh0JHDwfuRa7Jtg3TLP/RKP6BaChjhHAxyZofG5+R7fAnsEvSe5kYRF/7nAk+qZnkjKWjZjpvWkKcCvIPcru3tLtLefAVQGeQsamr+tcmn/8Z/Sz18LU7h//t3t91P9+jOgHSxYHaWu4Ki3wPinOxRSEdTSAW3KQUOl1TnHs18I2+UifoZ47tSKSO2L6pkmmV/JGLLn2xJF/USsEhBOnlEBJtwPAaNOnytmiheHDc9UyZvCave/pATrvx2UKluaxF4Uw9oTFBwZq0gUCVU2kLy5pyMmyEHpEPKlHjujkkwQn9jeo90Uhu0bnU1d1mk5zQK16/71Ed1HzVP/vWOdfiKO6qPoErGXxSouEfkyMqycVTHxKTyvBzo6qGs0pEAl08qz8XpS8RhblBR8BDxFY9Ax8NdLbmCAiSSTN8SlnpPohjmgjvpKpgXJfzLQTKnbA2p5wjgn28zWo8OGKQnOOBdi2bkqIO3LTustO6Mj5XvVJrKG6ozb2doVsNJC9IIa929ONA9BikuBmVBFG9yXEOdZQpcYhWPIBKga+qEq5BbLD1/Q1vCfu7ORgjV/4o+TsYzaDUQoFhUEwMo1hHp5T1Y+jziyrcOlc80ZztEyg9henYGsqPjj1HYKnaV3QxokQQgukXiaQoxAXX1352fARlw61m0SRf2kI4qPRZ3MvCK62XN1tacqGSKs+2D3f7CL9YQHsE3Bb8k6bG86qNzOKhBzssicXjDgDfkDBpOgRDAtFf83LrGkbPzYtQ7IEfQJYaXKG0Gn5MFSJZ36NgbwdjyiDCQrVL5sqNCbOkEJOkwEaICnnNrJaSxEZ4tJZA1c3RAkKyHPRgxYZoU0ooV+asypv2VqLKHgUBM8e3RIoiDv8H/FOXyg==
In all likelihood they created this string in such a way that you couldn't change it.
This isn't that they haven't thought about whether or not they want the data to be changed, they have specifically sought to obfuscate it to make it harder to change, which suggests they don't want you to do it.
Given that you are using some else's code, you should carefully check what license covers your use of the code and whether it permits you to make the modification. Once you've done that, you should approach the originator of the code to ask them how to make the change, if you feel you are entitled to.
My guess is that you have a script that contains this string. Check if you have eval() function calling this string to be base64_decode (ed). Change the eval to print. Then, execute it, redirecting the output to a file for later reading.
kevin#server:~# php suspicious_script.php > out.php
You should be able to see what's going on.
I am going to start working on a website that has already been built by someone else.
The main script was bought and then adjusted by the lead programmer. The lead has left and I am the only programmer.
Never met the lead and there are no papers, documentation or comments in the code to help me out, also there are many functions with single letter names. There are also parts of the code that are all compressed in one line (like where there should be 200 lines there is one).
There are a few hundred files.
My questions are:
Does anyone have any advice on how to understand this system?
Has anyone had any similar experiences?
Does anyone have a quick way of decompressing the lines?
Please help me out here. This is my first big break and I really want this to work out well.
Thanks
EDIT:
On regards to the question:
- Does anyone have a quick way of decompressing the lines?
I just used notepad++ (extended replace) and netbeans (the format option) to change a file from 1696 lines to 5584!!
This is going to be a loooonnngggg project
For reformatting the source, try this online pretty-printer: http://www.prettyprinter.de/
For understanding the HTML and CSS, use Firebug.
For understanding the PHP code, step through it in a debugger. (I can't personally recommend a PHP debugger, but I've heard good things about Komodo.)
Start by checking the whole thing into source control, if you haven't already, and then as you work out what the various functions and variables do, rename them to something sensible and check in your changes.
If you can cobble together some rough regression tests (eg. with Selenium) before you start then you can be reasonably sure you aren't breaking anything as you go.
Ouch! I feel your pain!
A few things to get started:
If you're not using source control, don't do anything else until you get that set up. As you hack away at the files, you need to be able to revert to previous, presumably-working versions. Which source-control system you use isn't as important as using one. Subversion is easy and widely used.
Get an editor with a good PHP syntax highlighter and code folder. Which one is largely down to platform and personal taste; I like JEdit and Notepad++. These will help you navigate the code within a page. JEdit's folder is the best around. Notepad++ has a cool feature that when you highlight a word it highlights the other occurrences in the same file, so you can easily see e.g. where a tag begins, or where a variable is used.
Unwind those long lines by search-and-replace ';' with ';\n' -- at least you'll get every statement on a line of its own. The pretty-printer mentioned above will do the same plus indent. But I find that going in and indenting the code manually is a nice way to start to get familiar with it.
Analyze the website's major use cases and trace each one. If you're a front-end guy, this might be easier if you start from the front-end and work your way back to the DB; if you're a back-end guy, start with the DB and see what talks to it, and then how that's used to render pages -- either way works. Use FireBug in Firefox to inspect e.g. forms to see what names the fields take and what page they post to. Look at the PHP page to see what happens next. Use some echo() statements to print out the values of variables at various places. Finally, crack open the DB and get familiar with its schema.
Lather, rinse, repeat.
Good luck!
Could you get a copy of the original script version which was bought? It might be that that is documented. You could then use a comparison tool like Beyond Compare in order to extract any modifications that have been made.
If the functions names are only one letter it could be that the code is encoded with some kind of tool (I think Zend had a tool like that - Zend Encoder?) so that people cannot copy it. You should try to find an unencoded version, if there is one because that would save a lot of time.