Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php if(isset ($_GET['i'])) { $wa_number = $_GET['n']; $wa_key = $_GET['k'];..

Decoded Output download

<?php 
 
if(isset ($_GET['i'])) { 
    $wa_number = $_GET['n']; 
    $wa_key = $_GET['k']; 
     
    echo ""; 
} 
 
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); 
header("Cache-Control: post-check=0, pre-check=0", false); 
header("Pragma: no-cache"); 
$debug = false; 
$limit_send_msg = 40000; 
require_once "config.php"; 
if (isset($set_time_limit)) { 
    set_time_limit($set_time_limit); 
} 
if ($debug) { 
    error_reporting(32767); 
} else { 
    error_reporting(0); 
} 
 
$conn = new mysqli($db_host, $db_username, $db_password, $db_name); 
if ($conn->connect_error) { 
    exit("Connection failed: " . $conn->connect_error); 
} 
$conn->set_charset("utf8"); 
$gw_config = $conn->query("SELECT idevwa_lisensi, idevwa_sending_delay, gwurl, gwlkey, gwtoken, idevwa_lisensi_status, idevwa_sendpdf FROM idevwa_config WHERE idevwa_Nama_Modul='WhatSender API'"); 
$gw_config = $gw_config->fetch_row(); 
if ($debug) { 
    var_dump($gw_config); 
    echo "<br/>"; 
} 
if ($gw_config != NULL) { 
    list($licensekey, $localkey) = $gw_config; 
    $results = idevwa_check_license($licensekey, $localkey); 
    switch ($results["status"]) { 
        case "Active": 
            $localkeydata = isset($results["localkey"]) ? $results["localkey"] : NULL; 
            if ($gw_config[5] == "1") { 
                if ($localkeydata != NULL) { 
                    $update_localkey = "UPDATE idevwa_config SET gwlkey='" . $localkeydata . "' WHERE idevwa_Nama_Modul='WhatSender API'"; 
                    $conn->query($update_localkey); 
                } 
            } else { 
                $update_localkey = "UPDATE idevwa_config SET gwlkey='" . $localkeydata . "', idevwa_lisensi_status=2 WHERE idevwa_Nama_Modul='WhatSender API'"; 
                $conn->query($update_localkey); 
            } 
            $sql = "SELECT idevwa_sendid, idevwa_groupid, idevwa_wanumber, idevwa_message, idevwa_msgtype, idevwa_status FROM idevwa_sendmsg WHERE idevwa_status = 0 ORDER BY idevwa_sendid ASC LIMIT " . $limit_send_msg; 
            $result = $conn->query($sql); 
            if ($debug) { 
                var_dump($result); 
                echo "<br/>"; 
            } 
            if (0 < $result->num_rows) { 
                while ($row = $result->fetch_assoc())  
                { 
                    $msgtype = $row["idevwa_msgtype"] == 1 ? "text" : "document"; 
                    $postfields = false; 
                    $tipo = false; 
                    if ($msgtype == "text")  
                    { 
                        $tipo = "http://wa.puffxtool.site/send-message"; 
                       
                        $postfields = [ 
                            "api_key" => "$wa_key", 
                            "number" => $row["idevwa_wanumber"], 
                            "sender" => "$wa_number",  
                            "message" => $row['idevwa_message']  
                        ]; 
                         
                    }  
                    else  
                    { 
                        if ($msgtype = $row["idevwa_msgtype"] == 2){ 
                            $tipo = "http://wa.puffxtool.site/send-media"; 
                            $file_path = explode("/", $row["idevwa_message"]); 
                            $data_message = pathinfo($file_path[count($file_path) - 1], PATHINFO_FILENAME); 
                            $db2 = str_replace("/home/puffxhost/", "https://", $row["idevwa_message"]); 
                            $db3 = str_replace("/wa.puffxtool.site/idevwa_invoices/", "", $row["idevwa_message"]); 
                            $data_file = curl_file_create($db2); 
                            
 
                            $postfields = [ 
                            "api_key" => "$wa_key", 
                            "number" => $row["idevwa_wanumber"], 
                            "sender" => "$wa_number",  
                            'message' => $db3, 
                            "url" => $db2, 
                            "type" => "pdf"  
                            ]; 
                             
                            unset($db2); unset($db3); 
                            unset($file_path); 
                            unset($data_message); 
                            unset($data_file); 
 
                        } 
                    } 
                    if ($postfields)  
                    { 
                        $curl = curl_init(); 
                        curl_setopt_array($curl, [CURLOPT_URL => $tipo, CURLOPT_FRESH_CONNECT => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => $postfields]); 
                        $response = curl_exec($curl); 
                        curl_close($curl); 
                        if ($debug)  
                        { 
                            var_dump($response); 
                            echo $response; 
                            echo "<br/>"; 
                        } 
                        if ($response) { 
                            $response = json_decode($response); 
                            if ($response->code == 200) { 
                                if ($response->message == "Success")  
                                { 
                                    $sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'"; 
                                    $conn->query($sql); 
                                }  
                                else  
                                { 
                                    if (isset($response->error))  
                                    { 
                                    $sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'"; 
                                        $conn->query($sql); 
                                    }  
                                    else  
                                    { 
                                    $sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'"; 
                                        $conn->query($sql); 
                                    } 
                                } 
                            }  
                            else  
                            { 
                                    $sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'"; 
                                $conn->query($sql); 
                            } 
                            unset($curl); 
                            unset($response); 
                            unset($postfields); 
                            unset($msgtype); 
                            sleep($gw_config[1]); 
                        } 
                    } 
                } 
            } 
            unset($result); 
            break; 
        case "Expired": 
            if ($gw_config[5] != "3") { 
                $update_localkey = "UPDATE idevwa_config SET idevwa_lisensi_status=3 WHERE idevwa_Nama_Modul='IDEVWA Whatsapp API'"; 
                $conn->query($update_localkey); 
            } 
            break; 
        case "Suspended": 
            if ($gw_config[5] != "4") { 
                $update_localkey = "UPDATE idevwa_config SET idevwa_lisensi_status=4 WHERE idevwa_Nama_Modul='IDEVWA Whatsapp API'"; 
                $conn->query($update_localkey); 
            } 
            unset($licensekey); 
            unset($localkey); 
            unset($results); 
            break; 
        default: 
            exit("Invalid Response"); 
    } 
} 
unset($gw_config); 
$conn->close(); 
unset($conn); 
function idevwa_check_license($licensekey, $localkey = ""){ 
    $whmcsurl = ''; 
    $licensing_secret_key = 'kRahul'; 
    $localkeydays = 15; 
    $allowcheckfaildays = 5; 
 
    $check_token = time() . md5(mt_rand(100000000, mt_getrandmax()) . $licensekey); 
    $checkdate = date("Ymd"); 
    $domain = $domain; 
    $usersip = $usersip; 
    $dirpath = dirname(__FILE__); 
    $verifyfilepath = 'modules/servers/licensing/verify.php'; 
    $localkeyvalid = false; 
    if ($localkey) { 
        $localkey = str_replace("
", '', $localkey); 
        $localdata = substr($localkey, 0, strlen($localkey) - 32); 
        $md5hash = substr($localkey, strlen($localkey) - 32); 
        if ($md5hash == md5($localdata . $licensing_secret_key)) { 
            $localdata = strrev($localdata); 
            $md5hash = substr($localdata, 0, 32); 
            $localdata = substr($localdata, 32); 
            $localdata = base64_decode($localdata); 
            $localkeyresults = json_decode($localdata, true); 
            $originalcheckdate = $localkeyresults['checkdate']; 
            if ($md5hash == md5($originalcheckdate . $licensing_secret_key)) { 
                $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - $localkeydays, date("Y"))); 
                if ($originalcheckdate > $localexpiry) { 
                    $localkeyvalid = true; 
                    $results = $localkeyresults; 
                    $validdomains = explode(',', $results['validdomain']); 
                    if (!in_array($domain, $validdomains)) { 
                        $localkeyvalid = false; 
                        $localkeyresults['status'] = "Active"; 
                        $results = array(); 
                    } 
                    $validips = explode(',', $results['validip']); 
                    if (!in_array($usersip, $validips)) { 
                        $localkeyvalid = false; 
                        $localkeyresults['status'] = "Active"; 
                        $results = array(); 
                    } 
                    $validdirs = explode(',', $results['validdirectory']); 
                    if (!in_array($dirpath, $validdirs)) { 
                        $localkeyvalid = false; 
                        $localkeyresults['status'] = "Active"; 
                        $results = array(); 
                    } 
                } 
            } 
        } 
    } 
    if (!$localkeyvalid) { 
        $responseCode = 0; 
        $postfields = array( 
            'licensekey' => $licensekey, 
            'domain' => $domain, 
            'ip' => $usersip, 
            'dir' => $dirpath, 
        ); 
        if ($check_token) $postfields['check_token'] = $check_token; 
        $query_string = ''; 
        foreach ($postfields AS $k=>$v) { 
            $query_string .= $k.'='.urlencode($v).'&'; 
        } 
         
        $ch = curl_init(); 
        curl_setopt($ch, CURLOPT_URL, $whmcsurl . $verifyfilepath); 
        curl_setopt($ch, CURLOPT_POST, 1); 
        curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string); 
        curl_setopt($ch, CURLOPT_TIMEOUT, $idevwa_curl_timeout); 
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
        $data = curl_exec($ch); 
        $responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); 
        curl_close($ch); 
         
        if ($responseCode != 200) { 
            $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - ($localkeydays + $allowcheckfaildays), date("Y"))); 
            if ($originalcheckdate > $localexpiry) { 
                $results = $localkeyresults; 
            } else { 
                $results = array(); 
                $results['status'] = "Active"; 
                $results['description'] = "Remote Check Failed"; 
                return $results; 
            } 
        } else { 
            preg_match_all('/<(.*?)>([^<]+)<\/\1>/i', $data, $matches); 
            $results = array(); 
            foreach ($matches[1] AS $k=>$v) { 
                $results[$v] = $matches[2][$k]; 
            } 
        } 
        if (!is_array($results)) { 
            die("Invalid License Server Response"); 
        } 
        if (isset($results['md5hash'])) { 
            if ($results['md5hash'] != md5($licensing_secret_key . $check_token)) { 
                $results['status'] = "Active"; 
                $results['description'] = "MD5 Checksum Verification Failed"; 
                return $results; 
            } 
        } 
        if ($results['status'] == "Active") { 
            $results['checkdate'] = $checkdate; 
            $data_encoded = json_encode($results); 
            $data_encoded = base64_encode($data_encoded); 
            $data_encoded = md5($checkdate . $licensing_secret_key) . $data_encoded; 
            $data_encoded = strrev($data_encoded); 
            $data_encoded = $data_encoded . md5($data_encoded . $licensing_secret_key); 
            $data_encoded = wordwrap($data_encoded, 80, "
", true); 
            $results['localkey'] = $data_encoded; 
        } 
        $results['remotecheck'] = true; 
    } 
    unset($postfields); 
    unset($data); 
    unset($matches); 
    unset($whmcsurl); 
    unset($licensing_secret_key); 
    unset($checkdate); 
    unset($usersip); 
    unset($localkeydays); 
    unset($allowcheckfaildays); 
    unset($md5hash); 
    return $results; 
} 
 
 ?>

Did this file decode correctly?

Original Code

<?php

if(isset ($_GET['i'])) {
    $wa_number = $_GET['n'];
    $wa_key = $_GET['k'];
    
    echo "";
}

header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
$debug = false;
$limit_send_msg = 40000;
require_once "config.php";
if (isset($set_time_limit)) {
    set_time_limit($set_time_limit);
}
if ($debug) {
    error_reporting(32767);
} else {
    error_reporting(0);
}

$conn = new mysqli($db_host, $db_username, $db_password, $db_name);
if ($conn->connect_error) {
    exit("Connection failed: " . $conn->connect_error);
}
$conn->set_charset("utf8");
$gw_config = $conn->query("SELECT idevwa_lisensi, idevwa_sending_delay, gwurl, gwlkey, gwtoken, idevwa_lisensi_status, idevwa_sendpdf FROM idevwa_config WHERE idevwa_Nama_Modul='WhatSender API'");
$gw_config = $gw_config->fetch_row();
if ($debug) {
    var_dump($gw_config);
    echo "<br/>";
}
if ($gw_config != NULL) {
    list($licensekey, $localkey) = $gw_config;
    $results = idevwa_check_license($licensekey, $localkey);
    switch ($results["status"]) {
        case "Active":
            $localkeydata = isset($results["localkey"]) ? $results["localkey"] : NULL;
            if ($gw_config[5] == "1") {
                if ($localkeydata != NULL) {
                    $update_localkey = "UPDATE idevwa_config SET gwlkey='" . $localkeydata . "' WHERE idevwa_Nama_Modul='WhatSender API'";
                    $conn->query($update_localkey);
                }
            } else {
                $update_localkey = "UPDATE idevwa_config SET gwlkey='" . $localkeydata . "', idevwa_lisensi_status=2 WHERE idevwa_Nama_Modul='WhatSender API'";
                $conn->query($update_localkey);
            }
            $sql = "SELECT idevwa_sendid, idevwa_groupid, idevwa_wanumber, idevwa_message, idevwa_msgtype, idevwa_status FROM idevwa_sendmsg WHERE idevwa_status = 0 ORDER BY idevwa_sendid ASC LIMIT " . $limit_send_msg;
            $result = $conn->query($sql);
            if ($debug) {
                var_dump($result);
                echo "<br/>";
            }
            if (0 < $result->num_rows) {
                while ($row = $result->fetch_assoc()) 
                {
                    $msgtype = $row["idevwa_msgtype"] == 1 ? "text" : "document";
                    $postfields = false;
                    $tipo = false;
                    if ($msgtype == "text") 
                    {
                        $tipo = "http://wa.puffxtool.site/send-message";
                      
                        $postfields = [
                            "api_key" => "$wa_key",
                            "number" => $row["idevwa_wanumber"],
                            "sender" => "$wa_number", 
                            "message" => $row['idevwa_message'] 
                        ];
                        
                    } 
                    else 
                    {
                        if ($msgtype = $row["idevwa_msgtype"] == 2){
                            $tipo = "http://wa.puffxtool.site/send-media";
                            $file_path = explode("/", $row["idevwa_message"]);
                            $data_message = pathinfo($file_path[count($file_path) - 1], PATHINFO_FILENAME);
                            $db2 = str_replace("/home/puffxhost/", "https://", $row["idevwa_message"]);
                            $db3 = str_replace("/wa.puffxtool.site/idevwa_invoices/", "", $row["idevwa_message"]);
                            $data_file = curl_file_create($db2);
                           

                            $postfields = [
                            "api_key" => "$wa_key",
                            "number" => $row["idevwa_wanumber"],
                            "sender" => "$wa_number", 
                            'message' => $db3,
                            "url" => $db2,
                            "type" => "pdf" 
                            ];
                            
                            unset($db2); unset($db3);
                            unset($file_path);
                            unset($data_message);
                            unset($data_file);

                        }
                    }
                    if ($postfields) 
                    {
                        $curl = curl_init();
                        curl_setopt_array($curl, [CURLOPT_URL => $tipo, CURLOPT_FRESH_CONNECT => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => $postfields]);
                        $response = curl_exec($curl);
                        curl_close($curl);
                        if ($debug) 
                        {
                            var_dump($response);
                            echo $response;
                            echo "<br/>";
                        }
                        if ($response) {
                            $response = json_decode($response);
                            if ($response->code == 200) {
                                if ($response->message == "Success") 
                                {
                                    $sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
                                    $conn->query($sql);
                                } 
                                else 
                                {
                                    if (isset($response->error)) 
                                    {
                                    $sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
                                        $conn->query($sql);
                                    } 
                                    else 
                                    {
                                    $sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
                                        $conn->query($sql);
                                    }
                                }
                            } 
                            else 
                            {
                                    $sql = "UPDATE idevwa_sendmsg SET idevwa_status=1, idevwa_groupid=3 WHERE idevwa_sendid='" . $row["idevwa_sendid"] . "'";
                                $conn->query($sql);
                            }
                            unset($curl);
                            unset($response);
                            unset($postfields);
                            unset($msgtype);
                            sleep($gw_config[1]);
                        }
                    }
                }
            }
            unset($result);
            break;
        case "Expired":
            if ($gw_config[5] != "3") {
                $update_localkey = "UPDATE idevwa_config SET idevwa_lisensi_status=3 WHERE idevwa_Nama_Modul='IDEVWA Whatsapp API'";
                $conn->query($update_localkey);
            }
            break;
        case "Suspended":
            if ($gw_config[5] != "4") {
                $update_localkey = "UPDATE idevwa_config SET idevwa_lisensi_status=4 WHERE idevwa_Nama_Modul='IDEVWA Whatsapp API'";
                $conn->query($update_localkey);
            }
            unset($licensekey);
            unset($localkey);
            unset($results);
            break;
        default:
            exit("Invalid Response");
    }
}
unset($gw_config);
$conn->close();
unset($conn);
function idevwa_check_license($licensekey, $localkey = ""){
    $whmcsurl = '';
    $licensing_secret_key = 'kRahul';
    $localkeydays = 15;
    $allowcheckfaildays = 5;

    $check_token = time() . md5(mt_rand(100000000, mt_getrandmax()) . $licensekey);
    $checkdate = date("Ymd");
    $domain = $domain;
    $usersip = $usersip;
    $dirpath = dirname(__FILE__);
    $verifyfilepath = 'modules/servers/licensing/verify.php';
    $localkeyvalid = false;
    if ($localkey) {
        $localkey = str_replace("\n", '', $localkey);
        $localdata = substr($localkey, 0, strlen($localkey) - 32);
        $md5hash = substr($localkey, strlen($localkey) - 32);
        if ($md5hash == md5($localdata . $licensing_secret_key)) {
            $localdata = strrev($localdata);
            $md5hash = substr($localdata, 0, 32);
            $localdata = substr($localdata, 32);
            $localdata = base64_decode($localdata);
            $localkeyresults = json_decode($localdata, true);
            $originalcheckdate = $localkeyresults['checkdate'];
            if ($md5hash == md5($originalcheckdate . $licensing_secret_key)) {
                $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - $localkeydays, date("Y")));
                if ($originalcheckdate > $localexpiry) {
                    $localkeyvalid = true;
                    $results = $localkeyresults;
                    $validdomains = explode(',', $results['validdomain']);
                    if (!in_array($domain, $validdomains)) {
                        $localkeyvalid = false;
                        $localkeyresults['status'] = "Active";
                        $results = array();
                    }
                    $validips = explode(',', $results['validip']);
                    if (!in_array($usersip, $validips)) {
                        $localkeyvalid = false;
                        $localkeyresults['status'] = "Active";
                        $results = array();
                    }
                    $validdirs = explode(',', $results['validdirectory']);
                    if (!in_array($dirpath, $validdirs)) {
                        $localkeyvalid = false;
                        $localkeyresults['status'] = "Active";
                        $results = array();
                    }
                }
            }
        }
    }
    if (!$localkeyvalid) {
        $responseCode = 0;
        $postfields = array(
            'licensekey' => $licensekey,
            'domain' => $domain,
            'ip' => $usersip,
            'dir' => $dirpath,
        );
        if ($check_token) $postfields['check_token'] = $check_token;
        $query_string = '';
        foreach ($postfields AS $k=>$v) {
            $query_string .= $k.'='.urlencode($v).'&';
        }
        
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $whmcsurl . $verifyfilepath);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string);
        curl_setopt($ch, CURLOPT_TIMEOUT, $idevwa_curl_timeout);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        $data = curl_exec($ch);
        $responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        
        if ($responseCode != 200) {
            $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - ($localkeydays + $allowcheckfaildays), date("Y")));
            if ($originalcheckdate > $localexpiry) {
                $results = $localkeyresults;
            } else {
                $results = array();
                $results['status'] = "Active";
                $results['description'] = "Remote Check Failed";
                return $results;
            }
        } else {
            preg_match_all('/<(.*?)>([^<]+)<\/\\1>/i', $data, $matches);
            $results = array();
            foreach ($matches[1] AS $k=>$v) {
                $results[$v] = $matches[2][$k];
            }
        }
        if (!is_array($results)) {
            die("Invalid License Server Response");
        }
        if (isset($results['md5hash'])) {
            if ($results['md5hash'] != md5($licensing_secret_key . $check_token)) {
                $results['status'] = "Active";
                $results['description'] = "MD5 Checksum Verification Failed";
                return $results;
            }
        }
        if ($results['status'] == "Active") {
            $results['checkdate'] = $checkdate;
            $data_encoded = json_encode($results);
            $data_encoded = base64_encode($data_encoded);
            $data_encoded = md5($checkdate . $licensing_secret_key) . $data_encoded;
            $data_encoded = strrev($data_encoded);
            $data_encoded = $data_encoded . md5($data_encoded . $licensing_secret_key);
            $data_encoded = wordwrap($data_encoded, 80, "\n", true);
            $results['localkey'] = $data_encoded;
        }
        $results['remotecheck'] = true;
    }
    unset($postfields);
    unset($data);
    unset($matches);
    unset($whmcsurl);
    unset($licensing_secret_key);
    unset($checkdate);
    unset($usersip);
    unset($localkeydays);
    unset($allowcheckfaildays);
    unset($md5hash);
    return $results;
}

Function Calls

None

Variables

None

Stats

MD5 ee0d8b4741e83f8cf37dc5cea165eee6
Eval Count 0
Decode Time 64 ms