Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php /** * WHMCS Licensing Addon - Integration Code Sample * https://www.whmcs.com/a..

Decoded Output download

<?php 
/** 
 * WHMCS Licensing Addon - Integration Code Sample 
 * https://www.whmcs.com/addons/licensing-addon/ 
 * 
 * The following code is a fully working code sample demonstrating how to 
 * perform license checks using the WHMCS Licensing Addon. It is PHP 4 and 
 * 5 compatible.  Requires the WHMCS Licensing Addon to be used. 
 * 
 * @package    WHMCS 
 * @author     WHMCS Limited <[email protected]> 
 * @copyright  Copyright (c) WHMCS Limited 2005-2018 
 * @license    https://www.whmcs.com/license/ WHMCS Eula 
 * @version    $Id$ 
 * @link       https://www.whmcs.com/ 
 */ 
 
 
/** 
 * If you are using this file as a template for your own module, once 
 * you've modified the code for your use, remove the exit above. 
 */ 
 
// Replace "cloudlinuxvps-" with your own unique prefix to avoid conflicts with 
// other instances of the licensing addon included within the same scope 
function keypasswdcloudlinuxvps_check_license($licensekey, $localkey='') { 
 
    // ----------------------------------- 
    //  -- Configuration Values -- 
    // ----------------------------------- 
 
    // Enter the url to your WHMCS installation here 
    $whmcsurl = 'https://cloudlinuxvps.com/shop/'; 
    // Must match what is specified in the MD5 Hash Verification field 
    // of the licensing product that will be used with this check. 
    $licensing_secret_key = 'keypasswdcloudlinuxvps'; 
    // The number of days to wait between performing remote license checks 
    $localkeydays = 15; 
    // The number of days to allow failover for after local key expiry 
    $allowcheckfaildays = 5; 
 
    // ----------------------------------- 
    //  -- Do not edit below this line -- 
    // ----------------------------------- 
 
    $check_token = time() . md5(mt_rand(1000000000, 9999999999) . $licensekey); 
    $checkdate = date("Ymd"); 
    $domain = $_SERVER['SERVER_NAME']; 
    $usersip = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : $_SERVER['LOCAL_ADDR']; 
    $dirpath = dirname(__FILE__); 
    $verifyfilepath = 'modules/servers/licensing/verify.php'; 
    $localkeyvalid = false; 
    if ($localkey) { 
        $localkey = str_replace("
", '', $localkey); # Remove the line breaks 
        $localdata = substr($localkey, 0, strlen($localkey) - 32); # Extract License Data 
        $md5hash = substr($localkey, strlen($localkey) - 32); # Extract MD5 Hash 
        if ($md5hash == md5($localdata . $licensing_secret_key)) { 
            $localdata = strrev($localdata); # Reverse the string 
            $md5hash = substr($localdata, 0, 32); # Extract MD5 Hash 
            $localdata = substr($localdata, 32); # Extract License Data 
            $localdata = base64_decode($localdata); 
            $localkeyresults = json_decode($localdata, true); 
            $originalcheckdate = $localkeyresults['checkdate']; 
            if ($md5hash == md5($originalcheckdate . $licensing_secret_key)) { 
                $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - $localkeydays, date("Y"))); 
                if ($originalcheckdate > $localexpiry) { 
                    $localkeyvalid = true; 
                    $results = $localkeyresults; 
                    $validdomains = explode(',', $results['validdomain']); 
                    if (!in_array($_SERVER['SERVER_NAME'], $validdomains)) { 
                        $localkeyvalid = false; 
                        $localkeyresults['status'] = "Invalid"; 
                        $results = array(); 
                    } 
                    $validips = explode(',', $results['validip']); 
                    if (!in_array($usersip, $validips)) { 
                        $localkeyvalid = false; 
                        $localkeyresults['status'] = "Invalid"; 
                        $results = array(); 
                    } 
                    $validdirs = explode(',', $results['validdirectory']); 
                    if (!in_array($dirpath, $validdirs)) { 
                        $localkeyvalid = false; 
                        $localkeyresults['status'] = "Invalid"; 
                        $results = array(); 
                    } 
                } 
            } 
        } 
    } 
    if (!$localkeyvalid) { 
        $responseCode = 0; 
        $postfields = array( 
            'licensekey' => $licensekey, 
            'domain' => $domain, 
            'ip' => $usersip, 
            'dir' => $dirpath, 
        ); 
        if ($check_token) $postfields['check_token'] = $check_token; 
        $query_string = ''; 
        foreach ($postfields AS $k=>$v) { 
            $query_string .= $k.'='.urlencode($v).'&'; 
        } 
        if (function_exists('curl_exec')) { 
            $ch = curl_init(); 
            curl_setopt($ch, CURLOPT_URL, $whmcsurl . $verifyfilepath); 
            curl_setopt($ch, CURLOPT_POST, 1); 
            curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string); 
            curl_setopt($ch, CURLOPT_TIMEOUT, 30); 
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
            $data = curl_exec($ch); 
            $responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); 
            curl_close($ch); 
        } else { 
            $responseCodePattern = '/^HTTP\/\d+\.\d+\s+(\d+)/'; 
            $fp = @fsockopen($whmcsurl, 80, $errno, $errstr, 5); 
            if ($fp) { 
                $newlinefeed = "
"; 
                $header = "POST ".$whmcsurl . $verifyfilepath . " HTTP/1.0" . $newlinefeed; 
                $header .= "Host: ".$whmcsurl . $newlinefeed; 
                $header .= "Content-type: application/x-www-form-urlencoded" . $newlinefeed; 
                $header .= "Content-length: ".@strlen($query_string) . $newlinefeed; 
                $header .= "Connection: close" . $newlinefeed . $newlinefeed; 
                $header .= $query_string; 
                $data = $line = ''; 
                @stream_set_timeout($fp, 20); 
                @fputs($fp, $header); 
                $status = @socket_get_status($fp); 
                while (!@feof($fp)&&$status) { 
                    $line = @fgets($fp, 1024); 
                    $patternMatches = array(); 
                    if (!$responseCode 
                        && preg_match($responseCodePattern, trim($line), $patternMatches) 
                    ) { 
                        $responseCode = (empty($patternMatches[1])) ? 0 : $patternMatches[1]; 
                    } 
                    $data .= $line; 
                    $status = @socket_get_status($fp); 
                } 
                @fclose ($fp); 
            } 
        } 
        if ($responseCode != 200) { 
            $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - ($localkeydays + $allowcheckfaildays), date("Y"))); 
            if ($originalcheckdate > $localexpiry) { 
                $results = $localkeyresults; 
            } else { 
                $results = array(); 
                $results['status'] = "Invalid"; 
                $results['description'] = "Remote Check Failed"; 
                return $results; 
            } 
        } else { 
            preg_match_all('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches); 
            $results = array(); 
            foreach ($matches[1] AS $k=>$v) { 
                $results[$v] = $matches[2][$k]; 
            } 
        } 
        if (!is_array($results)) { 
            die("Invalid License Server Response"); 
        } 
        if ($results['md5hash']) { 
            if ($results['md5hash'] != md5($licensing_secret_key . $check_token)) { 
                $results['status'] = "Invalid"; 
                $results['description'] = "MD5 Checksum Verification Failed"; 
                return $results; 
            } 
        } 
        if ($results['status'] == "Active") { 
            $results['checkdate'] = $checkdate; 
            $data_encoded = json_encode($results); 
            $data_encoded = base64_encode($data_encoded); 
            $data_encoded = md5($checkdate . $licensing_secret_key) . $data_encoded; 
            $data_encoded = strrev($data_encoded); 
            $data_encoded = $data_encoded . md5($data_encoded . $licensing_secret_key); 
            $data_encoded = wordwrap($data_encoded, 80, "
", true); 
            $results['localkey'] = $data_encoded; 
        } 
        $results['remotecheck'] = true; 
    } 
    unset($postfields,$data,$matches,$whmcsurl,$licensing_secret_key,$checkdate,$usersip,$localkeydays,$allowcheckfaildays,$md5hash); 
    return $results; 
} 
 
// Get the license key and local key from storage 
// These are typically stored either in flat files or an SQL database 
 
$licensekey = "whmcs-c5adf50c9a"; 
$localkey = '9tjIxIzNwgDMwIjI6gjOztjIlRXYkt2Ylh2YioTO6M3OicmbpNnblNWasx1cyVmdyV2ccNXZsVHZv1GX 
zNWbodHXlNmc192czNWbodHXzN2bkRHacBFUNFEWcNHduVWb1N2bExFd0FWTcNnclNXVcpzQioDM4ozc 
7ISey9GdjVmcpRGZpxWY2JiO0EjOztjIx4CMuAjL3ITMioTO6M3OiAXaklGbhZnI6cjOztjI0N3boxWY 
j9Gbuc3d3xCdz9GasF2YvxmI6MjM6M3Oi4Wah12bkRWasFmdioTMxozc7ISeshGdu9WTiozN6M3OiUGb 
jl3Yn5WasxWaiJiOyEjOztjI3ATL4ATL4ADMyIiOwEjOztjIlRXYkVWdkRHel5mI6ETM6M3OicDMtcDM 
tgDMwIjI6ATM6M3OiUGdhR2ZlJnI6cjOztjIlNXYlxEI5xGa052bNByUD1ESXJiO5EjOztjIl1WYuR3Y 
1R2byBnI6ETM6M3OicjI6EjOztjIklGdjVHZvJHcioTO6M3Oi02bj5ycj1Ga3BEd0FWbioDNxozc7ICb 
pFWblJiO1ozc7IyUD1ESXBCd0FWTioDMxozc7ISZtFmbkVmclR3cpdWZyJiO0EjOztjIlZXa0NWQiojN 
6M3OiMXd0FGdzJiO2ozc7pjMxoTY8baca0885830a33725148e94e693f3f073294c0558d38e31f844 
c5adf50c9a'; 
 
// Validate the license key information 
$results = keypasswdcloudlinuxvps_check_license($licensekey, $localkey); 
 
// Raw output of results for debugging purpose 
echo '<textarea cols="100" rows="20">' . print_r($results, true) . '</textarea>'; 
 
// Interpret response 
switch ($results['status']) { 
    case "Active": 
        // get new local key and save it somewhere 
        $localkeydata = $results['localkey']; 
        break; 
    case "Invalid": 
        die("License key is Invalid"); 
        break; 
    case "Expired": 
        die("License key is Expired"); 
        break; 
    case "Suspended": 
        die("License key is Suspended"); 
        break; 
    default: 
        die("Invalid Response"); 
        break; 
} 
 ?>

Did this file decode correctly?

Original Code

<?php
/**
 * WHMCS Licensing Addon - Integration Code Sample
 * https://www.whmcs.com/addons/licensing-addon/
 *
 * The following code is a fully working code sample demonstrating how to
 * perform license checks using the WHMCS Licensing Addon. It is PHP 4 and
 * 5 compatible.  Requires the WHMCS Licensing Addon to be used.
 *
 * @package    WHMCS
 * @author     WHMCS Limited <[email protected]>
 * @copyright  Copyright (c) WHMCS Limited 2005-2018
 * @license    https://www.whmcs.com/license/ WHMCS Eula
 * @version    $Id$
 * @link       https://www.whmcs.com/
 */


/**
 * If you are using this file as a template for your own module, once
 * you've modified the code for your use, remove the exit above.
 */

// Replace "cloudlinuxvps-" with your own unique prefix to avoid conflicts with
// other instances of the licensing addon included within the same scope
function keypasswdcloudlinuxvps_check_license($licensekey, $localkey='') {

    // -----------------------------------
    //  -- Configuration Values --
    // -----------------------------------

    // Enter the url to your WHMCS installation here
    $whmcsurl = 'https://cloudlinuxvps.com/shop/';
    // Must match what is specified in the MD5 Hash Verification field
    // of the licensing product that will be used with this check.
    $licensing_secret_key = 'keypasswdcloudlinuxvps';
    // The number of days to wait between performing remote license checks
    $localkeydays = 15;
    // The number of days to allow failover for after local key expiry
    $allowcheckfaildays = 5;

    // -----------------------------------
    //  -- Do not edit below this line --
    // -----------------------------------

    $check_token = time() . md5(mt_rand(1000000000, 9999999999) . $licensekey);
    $checkdate = date("Ymd");
    $domain = $_SERVER['SERVER_NAME'];
    $usersip = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : $_SERVER['LOCAL_ADDR'];
    $dirpath = dirname(__FILE__);
    $verifyfilepath = 'modules/servers/licensing/verify.php';
    $localkeyvalid = false;
    if ($localkey) {
        $localkey = str_replace("\n", '', $localkey); # Remove the line breaks
        $localdata = substr($localkey, 0, strlen($localkey) - 32); # Extract License Data
        $md5hash = substr($localkey, strlen($localkey) - 32); # Extract MD5 Hash
        if ($md5hash == md5($localdata . $licensing_secret_key)) {
            $localdata = strrev($localdata); # Reverse the string
            $md5hash = substr($localdata, 0, 32); # Extract MD5 Hash
            $localdata = substr($localdata, 32); # Extract License Data
            $localdata = base64_decode($localdata);
            $localkeyresults = json_decode($localdata, true);
            $originalcheckdate = $localkeyresults['checkdate'];
            if ($md5hash == md5($originalcheckdate . $licensing_secret_key)) {
                $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - $localkeydays, date("Y")));
                if ($originalcheckdate > $localexpiry) {
                    $localkeyvalid = true;
                    $results = $localkeyresults;
                    $validdomains = explode(',', $results['validdomain']);
                    if (!in_array($_SERVER['SERVER_NAME'], $validdomains)) {
                        $localkeyvalid = false;
                        $localkeyresults['status'] = "Invalid";
                        $results = array();
                    }
                    $validips = explode(',', $results['validip']);
                    if (!in_array($usersip, $validips)) {
                        $localkeyvalid = false;
                        $localkeyresults['status'] = "Invalid";
                        $results = array();
                    }
                    $validdirs = explode(',', $results['validdirectory']);
                    if (!in_array($dirpath, $validdirs)) {
                        $localkeyvalid = false;
                        $localkeyresults['status'] = "Invalid";
                        $results = array();
                    }
                }
            }
        }
    }
    if (!$localkeyvalid) {
        $responseCode = 0;
        $postfields = array(
            'licensekey' => $licensekey,
            'domain' => $domain,
            'ip' => $usersip,
            'dir' => $dirpath,
        );
        if ($check_token) $postfields['check_token'] = $check_token;
        $query_string = '';
        foreach ($postfields AS $k=>$v) {
            $query_string .= $k.'='.urlencode($v).'&';
        }
        if (function_exists('curl_exec')) {
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $whmcsurl . $verifyfilepath);
            curl_setopt($ch, CURLOPT_POST, 1);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string);
            curl_setopt($ch, CURLOPT_TIMEOUT, 30);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
            $data = curl_exec($ch);
            $responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
            curl_close($ch);
        } else {
            $responseCodePattern = '/^HTTP\/\d+\.\d+\s+(\d+)/';
            $fp = @fsockopen($whmcsurl, 80, $errno, $errstr, 5);
            if ($fp) {
                $newlinefeed = "\r\n";
                $header = "POST ".$whmcsurl . $verifyfilepath . " HTTP/1.0" . $newlinefeed;
                $header .= "Host: ".$whmcsurl . $newlinefeed;
                $header .= "Content-type: application/x-www-form-urlencoded" . $newlinefeed;
                $header .= "Content-length: ".@strlen($query_string) . $newlinefeed;
                $header .= "Connection: close" . $newlinefeed . $newlinefeed;
                $header .= $query_string;
                $data = $line = '';
                @stream_set_timeout($fp, 20);
                @fputs($fp, $header);
                $status = @socket_get_status($fp);
                while (!@feof($fp)&&$status) {
                    $line = @fgets($fp, 1024);
                    $patternMatches = array();
                    if (!$responseCode
                        && preg_match($responseCodePattern, trim($line), $patternMatches)
                    ) {
                        $responseCode = (empty($patternMatches[1])) ? 0 : $patternMatches[1];
                    }
                    $data .= $line;
                    $status = @socket_get_status($fp);
                }
                @fclose ($fp);
            }
        }
        if ($responseCode != 200) {
            $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - ($localkeydays + $allowcheckfaildays), date("Y")));
            if ($originalcheckdate > $localexpiry) {
                $results = $localkeyresults;
            } else {
                $results = array();
                $results['status'] = "Invalid";
                $results['description'] = "Remote Check Failed";
                return $results;
            }
        } else {
            preg_match_all('/<(.*?)>([^<]+)<\/\\1>/i', $data, $matches);
            $results = array();
            foreach ($matches[1] AS $k=>$v) {
                $results[$v] = $matches[2][$k];
            }
        }
        if (!is_array($results)) {
            die("Invalid License Server Response");
        }
        if ($results['md5hash']) {
            if ($results['md5hash'] != md5($licensing_secret_key . $check_token)) {
                $results['status'] = "Invalid";
                $results['description'] = "MD5 Checksum Verification Failed";
                return $results;
            }
        }
        if ($results['status'] == "Active") {
            $results['checkdate'] = $checkdate;
            $data_encoded = json_encode($results);
            $data_encoded = base64_encode($data_encoded);
            $data_encoded = md5($checkdate . $licensing_secret_key) . $data_encoded;
            $data_encoded = strrev($data_encoded);
            $data_encoded = $data_encoded . md5($data_encoded . $licensing_secret_key);
            $data_encoded = wordwrap($data_encoded, 80, "\n", true);
            $results['localkey'] = $data_encoded;
        }
        $results['remotecheck'] = true;
    }
    unset($postfields,$data,$matches,$whmcsurl,$licensing_secret_key,$checkdate,$usersip,$localkeydays,$allowcheckfaildays,$md5hash);
    return $results;
}

// Get the license key and local key from storage
// These are typically stored either in flat files or an SQL database

$licensekey = "whmcs-c5adf50c9a";
$localkey = '9tjIxIzNwgDMwIjI6gjOztjIlRXYkt2Ylh2YioTO6M3OicmbpNnblNWasx1cyVmdyV2ccNXZsVHZv1GX
zNWbodHXlNmc192czNWbodHXzN2bkRHacBFUNFEWcNHduVWb1N2bExFd0FWTcNnclNXVcpzQioDM4ozc
7ISey9GdjVmcpRGZpxWY2JiO0EjOztjIx4CMuAjL3ITMioTO6M3OiAXaklGbhZnI6cjOztjI0N3boxWY
j9Gbuc3d3xCdz9GasF2YvxmI6MjM6M3Oi4Wah12bkRWasFmdioTMxozc7ISeshGdu9WTiozN6M3OiUGb
jl3Yn5WasxWaiJiOyEjOztjI3ATL4ATL4ADMyIiOwEjOztjIlRXYkVWdkRHel5mI6ETM6M3OicDMtcDM
tgDMwIjI6ATM6M3OiUGdhR2ZlJnI6cjOztjIlNXYlxEI5xGa052bNByUD1ESXJiO5EjOztjIl1WYuR3Y
1R2byBnI6ETM6M3OicjI6EjOztjIklGdjVHZvJHcioTO6M3Oi02bj5ycj1Ga3BEd0FWbioDNxozc7ICb
pFWblJiO1ozc7IyUD1ESXBCd0FWTioDMxozc7ISZtFmbkVmclR3cpdWZyJiO0EjOztjIlZXa0NWQiojN
6M3OiMXd0FGdzJiO2ozc7pjMxoTY8baca0885830a33725148e94e693f3f073294c0558d38e31f844
c5adf50c9a';

// Validate the license key information
$results = keypasswdcloudlinuxvps_check_license($licensekey, $localkey);

// Raw output of results for debugging purpose
echo '<textarea cols="100" rows="20">' . print_r($results, true) . '</textarea>';

// Interpret response
switch ($results['status']) {
    case "Active":
        // get new local key and save it somewhere
        $localkeydata = $results['localkey'];
        break;
    case "Invalid":
        die("License key is Invalid");
        break;
    case "Expired":
        die("License key is Expired");
        break;
    case "Suspended":
        die("License key is Suspended");
        break;
    default:
        die("Invalid Response");
        break;
}

Function Calls

time 1
mt_rand 1
keypasswdcloudlinuxvps_check_license 1

Variables

$localkey 9tjIxIzNwgDMwIjI6gjOztjIlRXYkt2Ylh2YioTO6M3OicmbpNnblNWasx1c..
$whmcsurl https://cloudlinuxvps.com/shop/
$licensekey whmcs-c5adf50c9a
$localkeydays 15
$allowcheckfaildays 5
$licensing_secret_key keypasswdcloudlinuxvps

Stats

MD5 27f6df0ff753fdd882f715e310705365
Eval Count 0
Decode Time 109 ms