Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php if(isset ($_GET['i'])) { $wa_number = $_GET['n']; $wa_key = $_GET['k'];..
Decoded Output download
<?php
if(isset ($_GET['i'])) {
$wa_number = $_GET['n'];
$wa_key = $_GET['k'];
echo "";
}
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
$debug = false;
$limit_send_msg = 40000;
require_once "config.php";
if (isset($set_time_limit)) {
set_time_limit($set_time_limit);
}
if ($debug) {
error_reporting(32767);
} else {
error_reporting(0);
}
$conn = new mysqli($db_host, $db_username, $db_password, $db_name);
if ($conn->connect_error) {
exit("Connection failed: " . $conn->connect_error);
}
$conn->set_charset("utf8");
$gw_config = $conn->query("SELECT idevwa_lisensi, idevwa_sending_delay, gwurl, gwlkey, gwtoken, idevwa_lisensi_status, idevwa_sendpdf FROM idevwa_config WHERE idevwa_Nama_Modul='WhatSender API'");
$gw_config = $gw_config->fetch_row();
if ($debug) {
var_dump($gw_config);
echo "<br/>";
}
if ($gw_config != NULL) {
list($licensekey, $localkey) = $gw_config;
$results = idevwa_check_license($licensekey, $localkey);
switch ($results["status"]) {
case "Active":
$localkeydata = isset($results["localkey"]) ? $results["localkey"] : NULL;
if ($gw_config[5] == "1") {
if ($localkeydata != NULL) {
$update_localkey = "UPDATE idevwa_config SET gwlkey='" . $localkeydata . "' WHERE idevwa_Nama_Modul='WhatSender API'";
$conn->query($update_localkey);
}
} else {
$update_localkey = "UPDATE idevwa_config SET gwlkey='" . $localkeydata . "', idevwa_lisensi_status=2 WHERE idevwa_Nama_Modul='WhatSender API'";
$conn->query($update_localkey);
}
$sql = "SELECT idevwa_sendid, idevwa_groupid, idevwa_wanumber, idevwa_message, idevwa_msgtype, idevwa_status FROM idevwa_sendmsg WHERE idevwa_status = 0 ORDER BY idevwa_sendid ASC LIMIT " . $limit_send_msg;
$result = $conn->query($sql);
if ($debug) {
var_dump($result);
echo "<br/>";
}
if (0 < $result->num_rows) {
while ($row = $result->fetch_assoc())
{
$msgtype = $row["idevwa_msgtype"] == 1 ? "text" : "document";
$postfields = false;
$tipo = false;
if ($msgtype == "text")
{
$tipo = "http://wa.puffxtool.site/send-message";
$postfields = [
"api_key" => "$wa_key",
"number" => $row["idevwa_wanumber"],
"sender" => "$wa_number",
"message" => $row['idevwa_message']
];
}
else
{
if ($msgtype = $row["idevwa_msgtype"] == 2){
$tipo = "http://wa.puffxtool.site/send-media";
$file_path = explode("/", $row["idevwa_message"]);
$data_message = pathinfo($file_path[count($file_path) - 1], PATHINFO_FILENAME);
$db2 = str_replace("/home/puffxhost/", "https://", $row["idevwa_message"]);
$db3 = str_replace("/wa.puffxtool.site/idevwa_invoices/", "", $row["idevwa_message"]);
$data_file = curl_file_create($db2);
$postfields = [
"api_key" => "$wa_key",
"number" => $row["idevwa_wanumber"],
"sender" => "$wa_number",
'message' => $db3,
"url" => $db2,
"type" => "pdf"
];
unset($db2); unset($db3);
unset($file_path);
unset($data_message);
unset($data_file);
}
}
if ($postfields)
{
$curl = curl_init();
curl_setopt_array($curl, [CURLOPT_URL => $tipo, CURLOPT_FRESH_CONNECT => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => $postfields]);
$response = curl_exec($curl);
curl_close($curl);
if ($debug)
{
var_dump($response);
echo $response;
echo "<br/>";
}
if ($response) {
$response = json_decode($response);
if ($response->code == 200) {
if ($response->message == "Success")
{
$sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
$conn->query($sql);
}
else
{
if (isset($response->error))
{
$sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
$conn->query($sql);
}
else
{
$sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
$conn->query($sql);
}
}
}
else
{
$sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
$conn->query($sql);
}
unset($curl);
unset($response);
unset($postfields);
unset($msgtype);
sleep($gw_config[1]);
}
}
}
}
unset($result);
break;
case "Expired":
if ($gw_config[5] != "3") {
$update_localkey = "UPDATE idevwa_config SET idevwa_lisensi_status=3 WHERE idevwa_Nama_Modul='IDEVWA Whatsapp API'";
$conn->query($update_localkey);
}
break;
case "Suspended":
if ($gw_config[5] != "4") {
$update_localkey = "UPDATE idevwa_config SET idevwa_lisensi_status=4 WHERE idevwa_Nama_Modul='IDEVWA Whatsapp API'";
$conn->query($update_localkey);
}
unset($licensekey);
unset($localkey);
unset($results);
break;
default:
exit("Invalid Response");
}
}
unset($gw_config);
$conn->close();
unset($conn);
function idevwa_check_license($licensekey, $localkey = ""){
$whmcsurl = '';
$licensing_secret_key = 'kRahul';
$localkeydays = 15;
$allowcheckfaildays = 5;
$check_token = time() . md5(mt_rand(100000000, mt_getrandmax()) . $licensekey);
$checkdate = date("Ymd");
$domain = $domain;
$usersip = $usersip;
$dirpath = dirname(__FILE__);
$verifyfilepath = 'modules/servers/licensing/verify.php';
$localkeyvalid = false;
if ($localkey) {
$localkey = str_replace("
", '', $localkey);
$localdata = substr($localkey, 0, strlen($localkey) - 32);
$md5hash = substr($localkey, strlen($localkey) - 32);
if ($md5hash == md5($localdata . $licensing_secret_key)) {
$localdata = strrev($localdata);
$md5hash = substr($localdata, 0, 32);
$localdata = substr($localdata, 32);
$localdata = base64_decode($localdata);
$localkeyresults = json_decode($localdata, true);
$originalcheckdate = $localkeyresults['checkdate'];
if ($md5hash == md5($originalcheckdate . $licensing_secret_key)) {
$localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - $localkeydays, date("Y")));
if ($originalcheckdate > $localexpiry) {
$localkeyvalid = true;
$results = $localkeyresults;
$validdomains = explode(',', $results['validdomain']);
if (!in_array($domain, $validdomains)) {
$localkeyvalid = false;
$localkeyresults['status'] = "Active";
$results = array();
}
$validips = explode(',', $results['validip']);
if (!in_array($usersip, $validips)) {
$localkeyvalid = false;
$localkeyresults['status'] = "Active";
$results = array();
}
$validdirs = explode(',', $results['validdirectory']);
if (!in_array($dirpath, $validdirs)) {
$localkeyvalid = false;
$localkeyresults['status'] = "Active";
$results = array();
}
}
}
}
}
if (!$localkeyvalid) {
$responseCode = 0;
$postfields = array(
'licensekey' => $licensekey,
'domain' => $domain,
'ip' => $usersip,
'dir' => $dirpath,
);
if ($check_token) $postfields['check_token'] = $check_token;
$query_string = '';
foreach ($postfields AS $k=>$v) {
$query_string .= $k.'='.urlencode($v).'&';
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $whmcsurl . $verifyfilepath);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string);
curl_setopt($ch, CURLOPT_TIMEOUT, $idevwa_curl_timeout);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec($ch);
$responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($responseCode != 200) {
$localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - ($localkeydays + $allowcheckfaildays), date("Y")));
if ($originalcheckdate > $localexpiry) {
$results = $localkeyresults;
} else {
$results = array();
$results['status'] = "Active";
$results['description'] = "Remote Check Failed";
return $results;
}
} else {
preg_match_all('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches);
$results = array();
foreach ($matches[1] AS $k=>$v) {
$results[$v] = $matches[2][$k];
}
}
if (!is_array($results)) {
die("Invalid License Server Response");
}
if (isset($results['md5hash'])) {
if ($results['md5hash'] != md5($licensing_secret_key . $check_token)) {
$results['status'] = "Active";
$results['description'] = "MD5 Checksum Verification Failed";
return $results;
}
}
if ($results['status'] == "Active") {
$results['checkdate'] = $checkdate;
$data_encoded = json_encode($results);
$data_encoded = base64_encode($data_encoded);
$data_encoded = md5($checkdate . $licensing_secret_key) . $data_encoded;
$data_encoded = strrev($data_encoded);
$data_encoded = $data_encoded . md5($data_encoded . $licensing_secret_key);
$data_encoded = wordwrap($data_encoded, 80, "
", true);
$results['localkey'] = $data_encoded;
}
$results['remotecheck'] = true;
}
unset($postfields);
unset($data);
unset($matches);
unset($whmcsurl);
unset($licensing_secret_key);
unset($checkdate);
unset($usersip);
unset($localkeydays);
unset($allowcheckfaildays);
unset($md5hash);
return $results;
}
?>Did this file decode correctly?
Original Code
<?php
if(isset ($_GET['i'])) {
$wa_number = $_GET['n'];
$wa_key = $_GET['k'];
echo "";
}
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
$debug = false;
$limit_send_msg = 40000;
require_once "config.php";
if (isset($set_time_limit)) {
set_time_limit($set_time_limit);
}
if ($debug) {
error_reporting(32767);
} else {
error_reporting(0);
}
$conn = new mysqli($db_host, $db_username, $db_password, $db_name);
if ($conn->connect_error) {
exit("Connection failed: " . $conn->connect_error);
}
$conn->set_charset("utf8");
$gw_config = $conn->query("SELECT idevwa_lisensi, idevwa_sending_delay, gwurl, gwlkey, gwtoken, idevwa_lisensi_status, idevwa_sendpdf FROM idevwa_config WHERE idevwa_Nama_Modul='WhatSender API'");
$gw_config = $gw_config->fetch_row();
if ($debug) {
var_dump($gw_config);
echo "<br/>";
}
if ($gw_config != NULL) {
list($licensekey, $localkey) = $gw_config;
$results = idevwa_check_license($licensekey, $localkey);
switch ($results["status"]) {
case "Active":
$localkeydata = isset($results["localkey"]) ? $results["localkey"] : NULL;
if ($gw_config[5] == "1") {
if ($localkeydata != NULL) {
$update_localkey = "UPDATE idevwa_config SET gwlkey='" . $localkeydata . "' WHERE idevwa_Nama_Modul='WhatSender API'";
$conn->query($update_localkey);
}
} else {
$update_localkey = "UPDATE idevwa_config SET gwlkey='" . $localkeydata . "', idevwa_lisensi_status=2 WHERE idevwa_Nama_Modul='WhatSender API'";
$conn->query($update_localkey);
}
$sql = "SELECT idevwa_sendid, idevwa_groupid, idevwa_wanumber, idevwa_message, idevwa_msgtype, idevwa_status FROM idevwa_sendmsg WHERE idevwa_status = 0 ORDER BY idevwa_sendid ASC LIMIT " . $limit_send_msg;
$result = $conn->query($sql);
if ($debug) {
var_dump($result);
echo "<br/>";
}
if (0 < $result->num_rows) {
while ($row = $result->fetch_assoc())
{
$msgtype = $row["idevwa_msgtype"] == 1 ? "text" : "document";
$postfields = false;
$tipo = false;
if ($msgtype == "text")
{
$tipo = "http://wa.puffxtool.site/send-message";
$postfields = [
"api_key" => "$wa_key",
"number" => $row["idevwa_wanumber"],
"sender" => "$wa_number",
"message" => $row['idevwa_message']
];
}
else
{
if ($msgtype = $row["idevwa_msgtype"] == 2){
$tipo = "http://wa.puffxtool.site/send-media";
$file_path = explode("/", $row["idevwa_message"]);
$data_message = pathinfo($file_path[count($file_path) - 1], PATHINFO_FILENAME);
$db2 = str_replace("/home/puffxhost/", "https://", $row["idevwa_message"]);
$db3 = str_replace("/wa.puffxtool.site/idevwa_invoices/", "", $row["idevwa_message"]);
$data_file = curl_file_create($db2);
$postfields = [
"api_key" => "$wa_key",
"number" => $row["idevwa_wanumber"],
"sender" => "$wa_number",
'message' => $db3,
"url" => $db2,
"type" => "pdf"
];
unset($db2); unset($db3);
unset($file_path);
unset($data_message);
unset($data_file);
}
}
if ($postfields)
{
$curl = curl_init();
curl_setopt_array($curl, [CURLOPT_URL => $tipo, CURLOPT_FRESH_CONNECT => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => $postfields]);
$response = curl_exec($curl);
curl_close($curl);
if ($debug)
{
var_dump($response);
echo $response;
echo "<br/>";
}
if ($response) {
$response = json_decode($response);
if ($response->code == 200) {
if ($response->message == "Success")
{
$sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
$conn->query($sql);
}
else
{
if (isset($response->error))
{
$sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
$conn->query($sql);
}
else
{
$sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
$conn->query($sql);
}
}
}
else
{
$sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
$conn->query($sql);
}
unset($curl);
unset($response);
unset($postfields);
unset($msgtype);
sleep($gw_config[1]);
}
}
}
}
unset($result);
break;
case "Expired":
if ($gw_config[5] != "3") {
$update_localkey = "UPDATE idevwa_config SET idevwa_lisensi_status=3 WHERE idevwa_Nama_Modul='IDEVWA Whatsapp API'";
$conn->query($update_localkey);
}
break;
case "Suspended":
if ($gw_config[5] != "4") {
$update_localkey = "UPDATE idevwa_config SET idevwa_lisensi_status=4 WHERE idevwa_Nama_Modul='IDEVWA Whatsapp API'";
$conn->query($update_localkey);
}
unset($licensekey);
unset($localkey);
unset($results);
break;
default:
exit("Invalid Response");
}
}
unset($gw_config);
$conn->close();
unset($conn);
function idevwa_check_license($licensekey, $localkey = ""){
$whmcsurl = '';
$licensing_secret_key = 'kRahul';
$localkeydays = 15;
$allowcheckfaildays = 5;
$check_token = time() . md5(mt_rand(100000000, mt_getrandmax()) . $licensekey);
$checkdate = date("Ymd");
$domain = $domain;
$usersip = $usersip;
$dirpath = dirname(__FILE__);
$verifyfilepath = 'modules/servers/licensing/verify.php';
$localkeyvalid = false;
if ($localkey) {
$localkey = str_replace("\n", '', $localkey);
$localdata = substr($localkey, 0, strlen($localkey) - 32);
$md5hash = substr($localkey, strlen($localkey) - 32);
if ($md5hash == md5($localdata . $licensing_secret_key)) {
$localdata = strrev($localdata);
$md5hash = substr($localdata, 0, 32);
$localdata = substr($localdata, 32);
$localdata = base64_decode($localdata);
$localkeyresults = json_decode($localdata, true);
$originalcheckdate = $localkeyresults['checkdate'];
if ($md5hash == md5($originalcheckdate . $licensing_secret_key)) {
$localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - $localkeydays, date("Y")));
if ($originalcheckdate > $localexpiry) {
$localkeyvalid = true;
$results = $localkeyresults;
$validdomains = explode(',', $results['validdomain']);
if (!in_array($domain, $validdomains)) {
$localkeyvalid = false;
$localkeyresults['status'] = "Active";
$results = array();
}
$validips = explode(',', $results['validip']);
if (!in_array($usersip, $validips)) {
$localkeyvalid = false;
$localkeyresults['status'] = "Active";
$results = array();
}
$validdirs = explode(',', $results['validdirectory']);
if (!in_array($dirpath, $validdirs)) {
$localkeyvalid = false;
$localkeyresults['status'] = "Active";
$results = array();
}
}
}
}
}
if (!$localkeyvalid) {
$responseCode = 0;
$postfields = array(
'licensekey' => $licensekey,
'domain' => $domain,
'ip' => $usersip,
'dir' => $dirpath,
);
if ($check_token) $postfields['check_token'] = $check_token;
$query_string = '';
foreach ($postfields AS $k=>$v) {
$query_string .= $k.'='.urlencode($v).'&';
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $whmcsurl . $verifyfilepath);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string);
curl_setopt($ch, CURLOPT_TIMEOUT, $idevwa_curl_timeout);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data = curl_exec($ch);
$responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($responseCode != 200) {
$localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - ($localkeydays + $allowcheckfaildays), date("Y")));
if ($originalcheckdate > $localexpiry) {
$results = $localkeyresults;
} else {
$results = array();
$results['status'] = "Active";
$results['description'] = "Remote Check Failed";
return $results;
}
} else {
preg_match_all('/<(.*?)>([^<]+)<\/\\1>/i', $data, $matches);
$results = array();
foreach ($matches[1] AS $k=>$v) {
$results[$v] = $matches[2][$k];
}
}
if (!is_array($results)) {
die("Invalid License Server Response");
}
if (isset($results['md5hash'])) {
if ($results['md5hash'] != md5($licensing_secret_key . $check_token)) {
$results['status'] = "Active";
$results['description'] = "MD5 Checksum Verification Failed";
return $results;
}
}
if ($results['status'] == "Active") {
$results['checkdate'] = $checkdate;
$data_encoded = json_encode($results);
$data_encoded = base64_encode($data_encoded);
$data_encoded = md5($checkdate . $licensing_secret_key) . $data_encoded;
$data_encoded = strrev($data_encoded);
$data_encoded = $data_encoded . md5($data_encoded . $licensing_secret_key);
$data_encoded = wordwrap($data_encoded, 80, "\n", true);
$results['localkey'] = $data_encoded;
}
$results['remotecheck'] = true;
}
unset($postfields);
unset($data);
unset($matches);
unset($whmcsurl);
unset($licensing_secret_key);
unset($checkdate);
unset($usersip);
unset($localkeydays);
unset($allowcheckfaildays);
unset($md5hash);
return $results;
}
Function Calls
| None |
Stats
| MD5 | ee0d8b4741e83f8cf37dc5cea165eee6 |
| Eval Count | 0 |
| Decode Time | 64 ms |