Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php /** * VLAEX CLIENT LICENSING SYSTEM * * @package VALEX CLIENT * @author ..

Decoded Output download

<?php 
/** 
 * VLAEX CLIENT LICENSING SYSTEM 
 * 
 * @package    VALEX CLIENT 
 * @author     Hydra Cloud LLC <[email protected]> 
 * @copyright  Copyright (c) Hydra Cloud LLC 
 * @license    https://www.valexcloud.com/valexclient/eula.txt Valex Client Eula 
 */ 
 require __DIR__ . "/vendor/autoload.php"; use Symfony\Component\Dotenv\Dotenv; goto ihkA7; JjD3R: $dotenv->load(__DIR__ . "/.env"); goto E7gzF; JVKv0: file_put_contents($file2, json_encode($results)); goto JUKWf; yluww: $file = "vendor/valex/licensing/local_key.txt"; goto Ljaew; E7gzF: $licensekey = $_ENV["LICENSE_KEY"] ?? ''; goto yluww; uiJcl: file_put_contents($file, $product); goto JVKv0; ihkA7: $dotenv = new Dotenv(); goto qBdKk; oLRrR: $dotenv = new Dotenv(); goto JjD3R; qBdKk: $dotenv->load(__DIR__ . "/.env"); goto JcP2Y; JcP2Y: function valexclient_check_license($licensekey, $localkey = '') { $whmcsurl = "https://www.valexcloud.com/dashboard/"; $licensing_secret_key = "c2I8HLcy6xOhR51RtaUi9UJl4ZXyZrsc"; $localkeydays = 15; $allowcheckfaildays = 5; $check_token = time() . md5(mt_rand(100000000, mt_getrandmax()) . $licensekey); $checkdate = date("Ymd"); $domain = $_ENV["APP_HOST"] ?? ''; $domain = preg_replace("#^[^:/.]*[:/]+#i", '', $domain); $ip_url = "https://ipinfo.io/ip"; $ip_curl = curl_init(); curl_setopt($ip_curl, CURLOPT_URL, $ip_url); curl_setopt($ip_curl, CURLOPT_HEADER, 0); curl_setopt($ip_curl, CURLOPT_RETURNTRANSFER, true); $server_ip = curl_exec($ip_curl); curl_close($ip_curl); $usersip = isset($server_ip) ? $server_ip : $_SERVER["LOCAL_ADDR"]; $dirpath = dirname(__FILE__); $verifyfilepath = "modules/servers/licensing/verify.php"; $localkeyvalid = false; if ($localkey) { $localkey = str_replace("\xa", '', $localkey); $localdata = substr($localkey, 0, strlen($localkey) - 32); $md5hash = substr($localkey, strlen($localkey) - 32); if ($md5hash == md5($localdata . $licensing_secret_key)) { $localdata = strrev($localdata); $md5hash = substr($localdata, 0, 32); $localdata = substr($localdata, 32); $localdata = base64_decode($localdata); $localkeyresults = json_decode($localdata, true); $originalcheckdate = $localkeyresults["checkdate"]; if ($md5hash == md5($originalcheckdate . $licensing_secret_key)) { $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - $localkeydays, date("Y"))); if ($originalcheckdate > $localexpiry) { $localkeyvalid = true; $results = $localkeyresults; $validdomains = explode(",", $results["validdomain"]); if (!in_array($domain, $validdomains)) { $localkeyvalid = false; $localkeyresults["status"] = "Invalid"; $results = array(); } $validips = explode(",", $results["validip"]); if (!in_array($usersip, $validips)) { $localkeyvalid = false; $localkeyresults["status"] = "Invalid"; $results = array(); } $validdirs = explode(",", $results["validdirectory"]); if (!in_array($dirpath, $validdirs)) { $localkeyvalid = false; $localkeyresults["status"] = "Invalid"; $results = array(); } } } } } if (!$localkeyvalid) { $responseCode = 0; $postfields = array("licensekey" => $licensekey, "domain" => $domain, "ip" => $usersip, "dir" => $dirpath); if ($check_token) { $postfields["check_token"] = $check_token; } $query_string = ''; foreach ($postfields as $k => $v) { $query_string .= $k . "=" . urlencode($v) . "&"; } if (function_exists("curl_exec")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $whmcsurl . $verifyfilepath); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $data = curl_exec($ch); $responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); } else { $responseCodePattern = "/^HTTP\/\d+\.\d+\s+(\d+)/"; $fp = @fsockopen($whmcsurl, 80, $errno, $errstr, 5); if ($fp) { $newlinefeed = "
\xa"; $header = "POST " . $whmcsurl . $verifyfilepath . " HTTP/1.0" . $newlinefeed; $header .= "Host: " . $whmcsurl . $newlinefeed; $header .= "Content-type: application/x-www-form-urlencoded" . $newlinefeed; $header .= "Content-length: " . @strlen($query_string) . $newlinefeed; $header .= "Connection: close" . $newlinefeed . $newlinefeed; $header .= $query_string; $data = $line = ''; @stream_set_timeout($fp, 20); @fputs($fp, $header); $status = @socket_get_status($fp); while (!@feof($fp) && $status) { $line = @fgets($fp, 1024); $patternMatches = array(); if (!$responseCode && preg_match($responseCodePattern, trim($line), $patternMatches)) { $responseCode = empty($patternMatches[1]) ? 0 : $patternMatches[1]; } $data .= $line; $status = @socket_get_status($fp); } @fclose($fp); } } if ($responseCode != 200) { $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - ($localkeydays + $allowcheckfaildays), date("Y"))); if ($originalcheckdate > $localexpiry) { $results = $localkeyresults; } else { $results = array(); $results["status"] = "Invalid"; $results["description"] = "Remote Check Failed"; return $results; } } else { preg_match_all("/<(.*?)>([^<]+)<\/\1>/i", $data, $matches); $results = array(); foreach ($matches[1] as $k => $v) { $results[$v] = $matches[2][$k]; } } if (!is_array($results)) { die("Invalid License Server Response"); } if ($results["md5hash"]) { if ($results["md5hash"] != md5($licensing_secret_key . $check_token)) { $results["status"] = "Invalid"; $results["description"] = "MD5 Checksum Verification Failed"; return $results; } } if ($results["status"] == "Active") { $results["checkdate"] = $checkdate; $data_encoded = json_encode($results); $data_encoded = base64_encode($data_encoded); $data_encoded = md5($checkdate . $licensing_secret_key) . $data_encoded; $data_encoded = strrev($data_encoded); $data_encoded = $data_encoded . md5($data_encoded . $licensing_secret_key); $data_encoded = wordwrap($data_encoded, 80, "\xa", true); $results["localkey"] = $data_encoded; } $results["remotecheck"] = true; } unset($postfields, $data, $matches, $whmcsurl, $licensing_secret_key, $checkdate, $usersip, $localkeydays, $allowcheckfaildays, $md5hash); return $results; } goto oLRrR; DlvpH: $file2 = "vendor/valex/licensing/data.txt"; goto uiJcl; Xh5bE: $results = valexclient_check_license($licensekey, $localkey); goto cJ52l; Ljaew: $localkey = json_decode(file_get_contents($file), TRUE); goto Xh5bE; cJ52l: $product = explode("|", $results["productname"]); goto epWAt; epWAt: $file = "vendor/valex/licensing/plan.txt"; goto DlvpH; JUKWf: switch ($results["status"]) { case "Active": $localkeydata = $results["localkey"]; $license_status = "Active"; $file = "vendor/valex/licensing/status.txt"; file_put_contents($file, $license_status); break; case "Invalid": $license_status = "Invalid"; $file = "vendor/valex/licensing/status.txt"; file_put_contents($file, $license_status); die("License key is Invalid"); break; case "Expired": $license_status = "Expired"; $file = "vendor/valex/licensing/status.txt"; file_put_contents($file, $license_status); die("License key is Expired"); break; case "Suspended": $license_status = "Suspended"; $file = "vendor/valex/licensing/status.txt"; file_put_contents($file, $license_status); die("License key is Suspended"); break; default: $license_status = "Invalid Response"; $file = "vendor/valex/licensing/status.txt"; file_put_contents($file, $license_status); die("Invalid Response"); break; } ?>

Did this file decode correctly?

Original Code

<?php
/**
 * VLAEX CLIENT LICENSING SYSTEM
 *
 * @package    VALEX CLIENT
 * @author     Hydra Cloud LLC <[email protected]>
 * @copyright  Copyright (c) Hydra Cloud LLC
 * @license    https://www.valexcloud.com/valexclient/eula.txt Valex Client Eula
 */
 require __DIR__ . "\x2f\166\x65\x6e\x64\x6f\x72\x2f\x61\x75\x74\157\154\157\141\x64\56\x70\150\160"; use Symfony\Component\Dotenv\Dotenv; goto ihkA7; JjD3R: $dotenv->load(__DIR__ . "\x2f\x2e\145\x6e\166"); goto E7gzF; JVKv0: file_put_contents($file2, json_encode($results)); goto JUKWf; yluww: $file = "\x76\145\156\144\157\162\x2f\166\x61\154\x65\x78\57\154\x69\143\145\156\163\151\x6e\x67\57\x6c\x6f\143\141\154\x5f\x6b\145\x79\56\164\170\164"; goto Ljaew; E7gzF: $licensekey = $_ENV["\x4c\111\x43\x45\x4e\x53\x45\137\x4b\x45\131"] ?? ''; goto yluww; uiJcl: file_put_contents($file, $product); goto JVKv0; ihkA7: $dotenv = new Dotenv(); goto qBdKk; oLRrR: $dotenv = new Dotenv(); goto JjD3R; qBdKk: $dotenv->load(__DIR__ . "\57\56\x65\156\166"); goto JcP2Y; JcP2Y: function valexclient_check_license($licensekey, $localkey = '') { $whmcsurl = "\150\x74\x74\x70\x73\x3a\57\57\x77\x77\x77\x2e\166\141\154\145\x78\x63\x6c\157\x75\x64\x2e\x63\x6f\x6d\57\x64\141\163\x68\142\157\x61\x72\x64\x2f"; $licensing_secret_key = "\143\x32\111\70\x48\114\143\x79\66\x78\x4f\x68\x52\65\61\x52\x74\141\125\x69\x39\x55\112\154\x34\132\130\x79\132\162\x73\143"; $localkeydays = 15; $allowcheckfaildays = 5; $check_token = time() . md5(mt_rand(100000000, mt_getrandmax()) . $licensekey); $checkdate = date("\131\x6d\x64"); $domain = $_ENV["\x41\120\120\137\x48\117\x53\124"] ?? ''; $domain = preg_replace("\43\x5e\133\136\x3a\57\56\135\52\x5b\x3a\57\135\53\43\151", '', $domain); $ip_url = "\x68\x74\x74\160\163\x3a\x2f\57\x69\x70\151\156\146\157\x2e\x69\157\x2f\x69\160"; $ip_curl = curl_init(); curl_setopt($ip_curl, CURLOPT_URL, $ip_url); curl_setopt($ip_curl, CURLOPT_HEADER, 0); curl_setopt($ip_curl, CURLOPT_RETURNTRANSFER, true); $server_ip = curl_exec($ip_curl); curl_close($ip_curl); $usersip = isset($server_ip) ? $server_ip : $_SERVER["\114\117\103\x41\114\x5f\x41\x44\104\x52"]; $dirpath = dirname(__FILE__); $verifyfilepath = "\155\x6f\x64\x75\x6c\145\163\x2f\x73\145\x72\x76\145\162\x73\x2f\154\x69\143\x65\x6e\163\151\x6e\x67\57\x76\x65\x72\151\146\171\x2e\x70\x68\160"; $localkeyvalid = false; if ($localkey) { $localkey = str_replace("\xa", '', $localkey); $localdata = substr($localkey, 0, strlen($localkey) - 32); $md5hash = substr($localkey, strlen($localkey) - 32); if ($md5hash == md5($localdata . $licensing_secret_key)) { $localdata = strrev($localdata); $md5hash = substr($localdata, 0, 32); $localdata = substr($localdata, 32); $localdata = base64_decode($localdata); $localkeyresults = json_decode($localdata, true); $originalcheckdate = $localkeyresults["\x63\x68\x65\143\153\x64\x61\164\145"]; if ($md5hash == md5($originalcheckdate . $licensing_secret_key)) { $localexpiry = date("\x59\x6d\x64", mktime(0, 0, 0, date("\x6d"), date("\x64") - $localkeydays, date("\131"))); if ($originalcheckdate > $localexpiry) { $localkeyvalid = true; $results = $localkeyresults; $validdomains = explode("\x2c", $results["\166\141\154\151\144\144\x6f\155\x61\x69\x6e"]); if (!in_array($domain, $validdomains)) { $localkeyvalid = false; $localkeyresults["\163\164\x61\x74\x75\163"] = "\111\156\x76\141\x6c\151\144"; $results = array(); } $validips = explode("\54", $results["\166\x61\x6c\151\x64\151\160"]); if (!in_array($usersip, $validips)) { $localkeyvalid = false; $localkeyresults["\163\x74\x61\x74\165\x73"] = "\x49\x6e\x76\141\x6c\151\x64"; $results = array(); } $validdirs = explode("\54", $results["\166\x61\x6c\151\x64\144\151\162\x65\143\x74\157\162\x79"]); if (!in_array($dirpath, $validdirs)) { $localkeyvalid = false; $localkeyresults["\163\164\x61\164\x75\x73"] = "\111\x6e\x76\x61\154\151\x64"; $results = array(); } } } } } if (!$localkeyvalid) { $responseCode = 0; $postfields = array("\x6c\151\143\x65\156\163\x65\x6b\x65\171" => $licensekey, "\x64\157\155\141\x69\156" => $domain, "\x69\160" => $usersip, "\x64\151\162" => $dirpath); if ($check_token) { $postfields["\143\150\145\x63\153\x5f\x74\157\x6b\x65\x6e"] = $check_token; } $query_string = ''; foreach ($postfields as $k => $v) { $query_string .= $k . "\x3d" . urlencode($v) . "\46"; } if (function_exists("\x63\x75\162\154\137\145\170\145\x63")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $whmcsurl . $verifyfilepath); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $data = curl_exec($ch); $responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); } else { $responseCodePattern = "\x2f\136\110\124\124\x50\134\x2f\x5c\144\53\134\x2e\134\144\x2b\134\x73\x2b\50\134\144\x2b\51\x2f"; $fp = @fsockopen($whmcsurl, 80, $errno, $errstr, 5); if ($fp) { $newlinefeed = "\15\xa"; $header = "\x50\x4f\x53\124\x20" . $whmcsurl . $verifyfilepath . "\40\x48\124\x54\x50\x2f\x31\56\x30" . $newlinefeed; $header .= "\x48\x6f\163\x74\x3a\x20" . $whmcsurl . $newlinefeed; $header .= "\x43\157\156\164\x65\x6e\x74\x2d\x74\x79\x70\145\x3a\40\x61\160\160\154\151\x63\x61\x74\151\157\156\x2f\x78\55\x77\x77\x77\55\x66\x6f\162\x6d\x2d\x75\162\x6c\x65\x6e\x63\157\x64\x65\x64" . $newlinefeed; $header .= "\x43\x6f\156\x74\x65\156\164\55\x6c\145\x6e\147\x74\x68\72\40" . @strlen($query_string) . $newlinefeed; $header .= "\103\x6f\x6e\156\145\x63\164\x69\157\x6e\x3a\x20\x63\x6c\x6f\163\145" . $newlinefeed . $newlinefeed; $header .= $query_string; $data = $line = ''; @stream_set_timeout($fp, 20); @fputs($fp, $header); $status = @socket_get_status($fp); while (!@feof($fp) && $status) { $line = @fgets($fp, 1024); $patternMatches = array(); if (!$responseCode && preg_match($responseCodePattern, trim($line), $patternMatches)) { $responseCode = empty($patternMatches[1]) ? 0 : $patternMatches[1]; } $data .= $line; $status = @socket_get_status($fp); } @fclose($fp); } } if ($responseCode != 200) { $localexpiry = date("\131\x6d\144", mktime(0, 0, 0, date("\x6d"), date("\x64") - ($localkeydays + $allowcheckfaildays), date("\x59"))); if ($originalcheckdate > $localexpiry) { $results = $localkeyresults; } else { $results = array(); $results["\163\164\141\164\x75\163"] = "\111\x6e\x76\141\154\x69\x64"; $results["\144\145\163\143\162\x69\160\164\151\x6f\156"] = "\122\145\155\157\x74\145\40\x43\x68\x65\143\x6b\40\x46\141\x69\x6c\145\144"; return $results; } } else { preg_match_all("\57\x3c\50\x2e\52\77\51\76\x28\133\x5e\x3c\x5d\53\51\x3c\134\57\134\61\76\57\x69", $data, $matches); $results = array(); foreach ($matches[1] as $k => $v) { $results[$v] = $matches[2][$k]; } } if (!is_array($results)) { die("\x49\x6e\166\x61\x6c\151\144\40\114\x69\143\145\x6e\x73\x65\40\123\x65\x72\x76\x65\162\40\x52\145\x73\160\157\x6e\163\145"); } if ($results["\155\x64\x35\150\x61\163\150"]) { if ($results["\155\144\65\x68\141\x73\150"] != md5($licensing_secret_key . $check_token)) { $results["\163\x74\141\164\x75\x73"] = "\x49\156\166\x61\x6c\151\x64"; $results["\144\145\x73\143\162\151\160\164\x69\157\156"] = "\115\x44\x35\40\x43\x68\x65\143\153\163\165\x6d\x20\x56\145\162\x69\146\x69\x63\x61\x74\151\157\x6e\40\x46\x61\151\154\x65\x64"; return $results; } } if ($results["\163\164\x61\164\x75\x73"] == "\x41\143\x74\x69\166\145") { $results["\143\150\145\x63\153\144\x61\164\145"] = $checkdate; $data_encoded = json_encode($results); $data_encoded = base64_encode($data_encoded); $data_encoded = md5($checkdate . $licensing_secret_key) . $data_encoded; $data_encoded = strrev($data_encoded); $data_encoded = $data_encoded . md5($data_encoded . $licensing_secret_key); $data_encoded = wordwrap($data_encoded, 80, "\xa", true); $results["\154\x6f\x63\x61\154\x6b\145\171"] = $data_encoded; } $results["\x72\145\x6d\157\x74\x65\x63\150\x65\x63\x6b"] = true; } unset($postfields, $data, $matches, $whmcsurl, $licensing_secret_key, $checkdate, $usersip, $localkeydays, $allowcheckfaildays, $md5hash); return $results; } goto oLRrR; DlvpH: $file2 = "\x76\145\156\x64\157\162\57\166\x61\x6c\x65\x78\57\x6c\151\143\145\x6e\x73\151\x6e\147\x2f\144\x61\x74\x61\56\164\x78\x74"; goto uiJcl; Xh5bE: $results = valexclient_check_license($licensekey, $localkey); goto cJ52l; Ljaew: $localkey = json_decode(file_get_contents($file), TRUE); goto Xh5bE; cJ52l: $product = explode("\x7c", $results["\160\x72\x6f\144\165\143\164\156\141\155\145"]); goto epWAt; epWAt: $file = "\166\145\x6e\144\x6f\162\x2f\x76\141\154\x65\x78\57\154\x69\x63\x65\156\x73\151\x6e\x67\x2f\160\x6c\141\156\56\x74\170\164"; goto DlvpH; JUKWf: switch ($results["\x73\x74\x61\x74\x75\x73"]) { case "\101\143\164\151\x76\x65": $localkeydata = $results["\154\x6f\x63\141\x6c\153\145\x79"]; $license_status = "\101\143\164\x69\166\x65"; $file = "\x76\145\x6e\x64\157\x72\x2f\166\x61\154\145\170\x2f\x6c\151\x63\x65\156\163\151\x6e\147\x2f\x73\x74\x61\x74\x75\163\x2e\x74\x78\164"; file_put_contents($file, $license_status); break; case "\111\x6e\166\141\154\x69\x64": $license_status = "\x49\x6e\x76\x61\154\151\144"; $file = "\166\145\x6e\144\x6f\162\57\166\x61\x6c\x65\x78\57\x6c\151\x63\x65\156\x73\151\x6e\x67\x2f\163\x74\x61\164\x75\163\56\164\x78\164"; file_put_contents($file, $license_status); die("\114\x69\143\145\x6e\x73\145\x20\153\x65\x79\x20\x69\x73\40\111\x6e\x76\x61\154\151\x64"); break; case "\105\x78\160\151\162\x65\x64": $license_status = "\x45\x78\160\151\162\145\144"; $file = "\166\x65\x6e\x64\x6f\x72\x2f\166\141\154\145\170\x2f\154\151\143\x65\x6e\x73\151\x6e\147\57\x73\164\x61\x74\165\163\56\x74\x78\x74"; file_put_contents($file, $license_status); die("\x4c\x69\x63\x65\x6e\x73\x65\x20\x6b\x65\x79\x20\151\x73\x20\x45\x78\160\x69\x72\145\x64"); break; case "\123\x75\163\x70\x65\x6e\144\x65\144": $license_status = "\x53\165\163\160\145\x6e\144\x65\144"; $file = "\166\x65\156\144\x6f\162\57\x76\141\x6c\145\170\x2f\x6c\151\x63\145\156\163\x69\156\x67\57\163\x74\x61\164\x75\x73\56\x74\170\164"; file_put_contents($file, $license_status); die("\x4c\151\143\x65\156\x73\x65\40\x6b\145\x79\40\x69\163\40\x53\x75\163\160\145\x6e\144\x65\144"); break; default: $license_status = "\111\156\166\141\154\x69\144\40\122\145\x73\160\x6f\156\x73\145"; $file = "\166\145\x6e\144\157\162\57\166\141\x6c\x65\170\57\x6c\x69\x63\145\x6e\x73\151\x6e\147\x2f\163\164\141\164\165\x73\56\164\x78\x74"; file_put_contents($file, $license_status); die("\111\x6e\x76\141\154\151\144\x20\122\x65\x73\160\x6f\x6e\x73\145"); break; }

Function Calls

None

Variables

None

Stats

MD5 0b4b50d6daf99fad69febe1a7193feba
Eval Count 0
Decode Time 55 ms