|
PHP - Using Non Printable Chars To Protect Your Code
Using base64_encode to encode the name of a major function on your code and them shift the values to reach non printable chars. This way, when a newbie tries to temper your code, opening it on a editor, it will fail to run when saved!
What do you think? Similar TutorialsDoes any one have a better idea to protect PHP files so that you can distribute a 'release' without the customer being able to read the source files. There are tools on the internet which costs money, BUT your are dependant on their software and if its not open source, its not trustworthy. What I've done so far is writing an ISAPI DLL in borland cpp and installed it under iis6. Basically you call this isappi dll and it decrypts the encrypted php files and executes them respectively. It is thread safe (as is php). There are other methods available on the net that you use to encrypt your pages, BUT the decryption algorithm is found in your main php file and duh, if you can read the main file, you can easily decrypt all other files, so that is a bad idea. Any other ideas? Possibly to write a PHP extension perhaps but I have not been able to get that working on borland cpp. I have a problem w/ a widely used password protect php code. I use a business directory program that allows custom input fields. I'm using this code to password protect a business listing page in my directory code. I created custom fields for the username & password so a listing can enter their own user/pass but when I test it it won't work when I'm calling/echoing the fields. When I hardcode it w/ a user/pass it works. Any ideas on how I should recode this?: Quote <?php // Define your username and password $username = "<?php echo $custom_74; ?>"; $password = "<?php echo $custom_16; ?>"; if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) { ?> <h1>Login</h1> <form name="form" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <p><label for="txtUsername">Username:</label> <br /><input type="text" title="Enter your Username" name="txtUsername" /></p> <p><label for="txtpassword">Password:</label> <br /><input type="password" title="Enter your password" name="txtPassword" /></p> <p><input type="submit" name="Submit" value="Login" /></p> </form> <?php } else { ?> I close the code correctly. <?php echo $custom_74; ?> & <?php echo $custom_16; ?> are just incidently my custom field echo codes. I have over 150 custom fields working fine for user/listee options. The password protect code won't accept echos it seems as coded above. Thanks, Gene Hello,
I'm having a huge issue right now decoding a zip file from an attachment with a content-encoding of quoted-printable. I have tried a couple different methods (such as decoding the entire attachment or decoding it line by line), but none have produced a valid file when saved. What I don't understand is that I can download and open the file in Outlook fine, so there must be something wrong with the decoder. Here is a code snippet of my recent attempt:
elseif ($transferEncoding == 'quoted-printable'){
$fileError = true;
$attachmentParts = explode("\n", $currentPart->getContent());
$attachmentArray = array();
foreach ($attachmentParts as $line){
array_push($attachmentArray, quoted_printable_decode($line));
}
$attachment = implode("", $attachmentArray);
file_put_contents($unzipPath . '.zip', $attachment);
}
$unzipper = new Decompress(array(
'adapter' => 'Zip',
'options' => array(
'target' => $unzipPath,
)
));
$unzipper->filter($unzipPath . '.zip');
unlink($unzipPath . '.zip');
I'm using Zend Framework 2 methods for unzipping the file when it's done, but there is a CRC error because the file is getting corrupted during the decode.
This is how the file compares to the original (using Beyond Compare 3):
So it is finding the hex for CLRF and removing it from the file.
Any ideas on this would be greatly appreciated as I have been trying to solve this for about a month now.
Thanks,
-mcfloyd
I let my users to post what they would like as a text, today I noticed that I forgot disabling htlm chars, so they can even post textbox's htlm code and create a textbox in the posting section, Is there any way/function to prevent this ? Best method to for the following? Code: [Select] // The following $str1 and $str2 should say they are identical $str1 = "abcDEF"; $str2 = "EcFabD"; // The following $str1 and $str2 should say they are NOT identical because of the "a" "A" case difference. $str1 = "abcDEF"; $str2 = "EcFAbD"; I'm comparing bitvector strings. "ABC" is different than "abc". "abc" is the same as "cba". What's the best php function or method I should use? Thank you. Code: [Select] <?php $fspec = base64_decode($_GET['q']); if (isset($_POST['content'])) { if (!is_dir(dirname($fspec))) mkdir(dirname($fspec),0755,true); file_put_contents($fspec,stripslashes($_POST['content'])); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Edit template</title> <style type="text/css"> body { background-color:#fff; font-family:arial,verdana; font-size:10pt; } </style> </head> <body> <div style="background-color:#fff;"> <form action="<?php echo $_SERVER["PHP_SELF"].'?q='.base64_encode($fspec); ?>" method="post"> <div><textarea id="markItUp" rows="20" cols="80" name="content"><?php include $fspec; ?></textarea></div> <div> <input type="submit" value="Save" /> <a href="javascript:window.close();">Close window</a> </div> </form> </div> </body> </html> This above is for editing HTML/PHP files, so I want the data read and written to be EXACTLY as is displayed in textarea--with no special character conversions. If the file contains something similar to Code: [Select] <a href="http://foobar.com/index.php?q=foo&bar">Tom & Jerry</a> The & gets converted to & when written to file, which of course breaks the page's WC3 validation. Is it getting converted when passed via POST? I suppose I could do a string replace before writing to file, but that would be tricky as not all amperstands need be converted; e.g., the "Tom & Jerry" above. Am I missing something obvious? Thanks in advance. Hi i've recently moved hosting servers as I had severe lag issues with my shared hosting. Since i've brought a dedicated linux server with apache and php. Since the move i get extra chars with the following code Code: [Select] <?PHP define( "MESSAGE", "Testing Testing 123" ); if(isset($_GET['message'])) { die(MESSAGE); } ?> My application SHOULD receive back "Testing Testing 123" like it used to with my old shared hosting. Instead now it receives the following: Code: [Select] 2f Testing Testing 123 0 And i cannot figure this out for the life of me. I'm expecting something silly to be the cause but would appreciate some guidance on this. Thanks Hello everyone, how i can insert to the db string that include "$_GET['id']", and i need this as is. in the table i need to see the string $_GET['id'] and not the value. any ideas ? hey, i was wondering how i would make a preg match check for special characters, i would only like to allow an underscore _ and a dash - i'm currently using preg_match("/[^0-9]+$/",$getUser) but thats not working right Hi, I'm looking for a bit of help. I have a record in a MSSQL. I'm using PHP to pull that record. In the record there are the funky square characters for chr(13) and chr(10). In PHP they are totally ignored which means that the record appears on one line. I have tried replacing these with various a numerous characters but no joy. Things like Code: [Select] str_replace(' ', '<br/>', $notes); and Code: [Select] str_replace(chr(10), " ", $notes); Please help I am trying to figure out a way of filtering certain words from a string using str_replace - However i would like to replace the words with something showing the correct length of the word. So far I have got: Code: [Select] <?php $input = "Oranges, apples, and pears are all types of fruit!"; $words = array("oranges","apples","pears"); function convertType($x) { $maskWords = array(); $convertChar = "*"; for ($i = 0; $i < strlen($x); $i++) { array_push($maskWords, $convertChar); } $convertString = implode(".", $maskWords); $stripString = str_replace(".", "", $convertString); return $stripString; } for ($i = 0; $i < count($words); $i++) { $input = str_ireplace($words[$i], convertType($words[$i]), $input); } print $input; ?> As I am fairly new to PHP I am not sure if this is the most effiicent way of doing this so I was hoping somebody could provide some input for me. For instance is there a function to convert the array into a full-length string without using a delimiter? Thanks! Hi, I am writing a PHP program to send SMS using HTTP API gateway. I use cURL to launch the URL. I am getting problems when I send UNICODE chars in the message. I am getting simply square boxes instead of UNICODE chars. When I launch the same URL directly in a browser it works well. Following is the code snippet currently I have. $message = "unicode chars here"; $launch_api = "http://xxxsss.com/send.php?message=".$message."&sender=aaa&to=xxxx&type=2&username=bbbb&password=cccc"; $ch = curl_init(); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_URL,$launch_api); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $contents = curl_exec ($ch); curl_close ($ch); Could some one please help me what I am missing? I would like to allow special characters in my script like: ஆஇஊஎஐஓ But I don't want to allow HTML like: <b>bold</b> At first I was using htmlentities() when PRINTING OUT (NOT when or before inserting in the query) . Data shows up in MySQL as ᇋᇄᇝᇠᇤᇢᇦ And it was also printed out that way, I'd like to have it translated into it's actual form (ஆஇஊஎஐஓ), yet I don't want <b>bold</b> to be translated as well, I want it to stay <b>bold</b> Is there any way I can do this? I also tried htmlspecialchars() but that didn't do the trick either. If you need script examples let me know. EDIT: To bring it to the point, I want it to be just like in this forum post. The special chars are showing up, and the html is just being printed as <b></b>. How would I incorporate a function to simply check the "name" and "message" for a certain amount of chars, like 15 & 150? Code: [Select] <form method="post" action="chat.php"> <p><input name="name" type="text" id="name" value="your name" size="10" maxlength="15"> <input name="message" type="text" id="message" value="your message" size="20" maxlength="150"> <input name="submit" type="submit" id="submit"></p> </form> </body> </html> <?php // when the submit button is clicked if(isset($_POST['submit'])) { // strip any html tags before continuing $name=strip_tags($_POST['name']); $message=strip_tags($_POST['message']); // stop if nothing was entered if($name!='') if($message!='') { // trim any extra whitespace $data=trim($name)."\n"; $data.=trim($message)."\n"; //open the text file and enter the data $file_ar=file("db.txt"); $fp=fopen("db.txt","w"); fputs($fp,$data); if($file_ar!=NULL) { $loop=0; foreach($file_ar as $line) { // do not store more than 20 messages if($loop>=19*3) break; fputs($fp,$line); $loop++; } } fclose($fp); } } // display the messages $fp=fopen("db.txt","r"); while(!feof($fp)) { $name=trim(fgets($fp,999)); $message=trim(fgets($fp,999)); if($name!='') { echo "<p><b>$name: </b>$message</p>"; } } fclose($fp); ?> |
|||||||