toll
注册会员
中级会员
UID 25571
精华
0
积分 155
帖子 152
金钱 155 喜悦币
威望 0
人脉 0
阅读权限 20
注册 2004-1-3
来自 东北--沈阳
状态 离线
|
[广告]: q
m
请高手分析一段代码.这是一个商业代码的加密程序
<?
function is_lite ()
{
return false;
}
function is_trial ()
{
return false;
}
function check_lite ($errmsg = 'Sorry, this function is available in aMember Pro version only')
{
if (is_lite ())
{
fatal_error ($errmsg, 1);
}
}
function check_trial ($errmsg = 'Sorry, this function is available in aMember Pro not-trial version only')
{
if (is_trial ())
{
fatal_error ($errmsg, 1);
}
}
function read_db_config (&$config)
{
global $plugin_config;
$this_config = $plugin_config['db']['mysql'];
global $config;
if ($config['use_mysql_connect'])
{
if (!(@mysql_connect ($this_config['host'], $this_config['user'], $this_config['pass'])))
{
exit ('Cannot connect to MySQL: ' . mysql_error ());
}
}
else
{
if (!(@mysql_pconnect ($this_config['host'], $this_config['user'], $this_config['pass'])))
{
exit ('Cannot connect to MySQL: ' . mysql_error ());
}
}
if (!(@mysql_select_db ($this_config['db'])))
{
exit ('Cannot select MySQL db');
}
$q = mysql_query ('SELECT name,type,value,blob_value
FROM ' . $this_config['prefix'] . 'config');
while (list ($n, $t, $v, $bv) = mysql_fetch_row ($q))
{
switch ($t)
{
case 0:
{
break;
}
case 1:
{
$v = unserialize ($bv);
break;
}
case 2:
{
$v = $bv;
$bv = '';
break;
}
case 3:
{
$v = amember_decrypt ($v);
break;
}
case 4:
{
$v = eval ($v);
break;
}
default:
{
exit ('Unknown type');
break;
}
}
$nn = preg_split ('/\./', $n);
if (1 < count ($nn))
{
$p = &$config;
foreach ($nn as $x)
{
$p = &$p[$x];
}
$p = $v;
continue;
}
else
{
$config[$n] = $v;
continue;
}
}
}
function add_fields_from_config ()
{
global $config;
foreach ((array)$config['member_fields'] as $f)
{
add_member_field ($f['name'], $f['title'], $f['type'], $f['description'], $f['validate_func'], (array)$f['additional_fields'] + array ('from_config' => 1));
}
foreach ((array)$config['product_fields'] as $f)
{
add_product_field ($f['name'], $f['title'], $f['type'], $f['description'], $f['validate_func'], (array)$f['additional_fields'] + array ('from_config' => 1));
}
foreach ((array)$config['payment_fields'] as $f)
{
add_payment_field ($f['name'], $f['title'], $f['type'], $f['description'], $f['validate_func'], (array)$f['additional_fields'] + array ('from_config' => 1));
}
}
function amember_crypt ($string)
{
if ($err = _amember_get_iconf ())
{
fatal_error ('License Error: ' . $err);
}
$key = 'Xjk23cbnmk28;ajandb4b300zxchB&!@^#$DOFCNCccc334ff,masd';
$cc = __internal_crypt ($string, $key);
return rawurlencode ($cc);
}
function amember_decrypt ($string)
{
$key = 'Xjk23cbnmk28;ajandb4b300zxchB&!@^#$DOFCNCccc334ff,masd';
return rawurldecode (rawurlencode (__internal_crypt (rawurldecode ($string), $key)));
}
function __internal_crypt ($data, $pwd)
{
$cb = '';
settype ($cb, 'array');
settype ($tt, 'string');
$kk = '';
settype ($kk, 'array');
$i = 0;
for ($pl = strlen ($pwd); $i < 256; ++$i)
{
$kk[$i] = ord (substr ($pwd, $i % $pl, 1));
$cb[$i] = $i;
}
$i = 0;
for ($j = 0; $i < 256; ++$i)
{
$j = ($j + $cb[$i] + $kk[$i]) % 256;
$tt = $cb[$i];
$cb[$i] = $cb[$j];
$cb[$j] = $tt;
}
$tttt = $k = $news = $newss = '';
$a = 0;
$j = 0;
for ($i = 0; $i < strlen ($data); ++$i)
{
$a += 1;
$a %= 256;
$j += $cb[$a];
$j %= 256;
$tttt = $cb[$a];
$cb[$a] = $cb[$j];
$cb[$j] = $tttt;
$k = $cb[($cb[$a] + $cb[$j]) % 256];
$newss .= chr (ord (substr ($data, $i, 1)) ^ $k);
}
return $newss;
}
function get_min_domain ($domain)
{
$domain = preg_replace ('/(\:\d+)$/', '', $domain);
if ($domain == 'localhost')
{
return $domain;
}
$tlds = preg_split ('/\s+/', '.com .net .org .co.uk .org.uk .ltd.uk .plc.uk .edu .mil .br.com .cn.com
.eu.com .hu.com .no.com .qc.com .sa.com .se.com .se.net .us.com .uy.com
.za.com .ac .co.ac .gv.ac .or.ac .ac.ac .af .am .as .at .ac.at .co.at
.gv.at .or.at .asn.au .com.au .edu.au .org.au .net.au .be .ac.be .biz .br
.adm.br .adv.br .am.br .arq.br .art.br .bio.br .cng.br .cnt.br .com.br
.ecn.br .eng.br .esp.br .etc.br .eti.br .fm.br .fot.br .fst.br .g12.br
.gov.br .ind.br .inf.br .jor.br .lel.br .med.br .mil.br .net.br .nom.br
.ntr.br .odo.br .org.br .ppg.br .pro.br .psc.br .psi.br .rec.br .slg.br
.tmp.br .tur.br .tv.br .vet.br .zlg.br .ca .ab.ca .bc.ca .mb.ca .nb.ca
.nf.ca .ns.ca .nt.ca .on.ca .pe.ca .qc.ca .sk.ca .yk.ca .cc .ac.cn .com.cn
.edu.cn .gov.cn .net.cn .org.cn .bj.cn .sh.cn .tj.cn .cq.cn .he.cn .nm.cn
.ln.cn .jl.cn .hl.cn .js.cn .zj.cn .ah.cn .hb.cn .hn.cn .gd.cn .gx.cn
.hi.cn .sc.cn .gz.cn .yn.cn .xz.cn .sn.cn .gs.cn .qh.cn .nx.cn .xj.cn
.tw.cn .hk.cn .mo.cn .cx .cz .de .dk .fo .com.ec .org.ec .net.ec .mil.ec
.fin.ec .med.ec .gov.ec .fr .tm.fr .com.fr .asso.fr .presse.fr .gf .gs
.co.il .org.il .net.il .ac.il .k12.il .gov.il .muni.il .ac.in .co.in
.ernet.in .gov.in .net.in .res.in .info .is .it .ac.jp .co.jp .go.jp
.or.jp .ne.jp .ac.kr .co.kr .go.kr .ne.kr .nm.kr .or.kr .re.kr .li .lt .lu
.asso.mc .tm.mc .com.mm .org.mm .net.mm .edu.mm .gov.mm .ms .mx .com.mx
.org.mx .net.mx .edu.mx .gov.mx .name .nl .no .nu .pl .com.pl .net.pl
.org.pl .pt .com.ro .org.ro .store.ro .tm.ro .firm.ro .[url]www.ro[/url] .arts.ro
.rec.ro .info.ro .nom.ro .nt.ro .ru .com.ru .net.ru .org.ru .se .si
.com.sg .org.sg .net.sg .gov.sg .sk .st .tc .tf .ac.th .co.th .go.th
.mi.th .net.th .or.th .tj .tm .to .bbs.tr .com.tr .edu.tr .gov.tr .k12.tr
.mil.tr .net.tr .org.tr .com.tw .org.tw .net.tw .ac.uk .uk.co .uk.com
.uk.net .gb.com .gb.net .vg .ac.za .alt.za .co.za .edu.za .gov.za .mil.za
.net.za .ngo.za .nom.za .org.za .school.za .tm.za .web.za .sh .kz .ch
.info .ua .biz .ws .nz .com.nz .co.nz .org.nz .com.pk');
$min = '';
foreach ($tlds as $d)
{
$dd = preg_quote ($d);
if (preg_match ('/([^\.]+?' . $dd . ')$/', $domain, $regs))
{
if (strlen ($min) < strlen ($regs[1]))
{
$min = $regs[1];
continue;
}
continue;
}
}
if (!(strlen ($min)))
{
if (preg_match ('/(\w+\.\w+)$/', $domain, $regs))
{
$min = $regs[1];
}
else
{
exit ('Cannot create license: unknown TLD for domain: ' . $domain);
}
}
$dc = $min;
return strtolower ($dc);
}
function decode_ha ($myin)
{
$myout = '';
for ($i = 0; $i < strlen ($myin) / 2; ++$i)
{
$myout .= chr (base_convert (substr ($myin, $i * 2, 2), 16, 10));
}
return $myout;
}
function decode_hb ($license, &$dmm, &$smm, &$exp)
{
$dmm = $smm = $exp = '';
if (!(strlen ($license)))
{
return 'License empty - please visit aMember Pro Control Panel -> Setup/Configuration -> License';
}
if (!(preg_match ('|=====.+?=====\s+(\w+)\s+(\w+)\s+(\w+)\s+(\w+)\s+=====|', $license, $line)))
{
return 'License invalid - please contact CGI-Central Support';
}
print_r($config);
array_shift ($line);
$exp = substr ($line[1], 35, -1);
$exp = decode_ha ($exp);
$dmm = substr ($line[2], 1, -35);
$dmm = decode_ha ($dmm);
$smm = substr ($line[3], 33, -1);
$smm = decode_ha ($smm);
$fs = (is_lite () ? 'OIuj3oPih29tbf' : 'UmCv0)9237**7231');
$ls = (is_lite () ? '!^aslj34cxq2|xO#sx' : '.,nm!#($*^jAdCMy*(&78z76234nkcsP':?z');
$md5 = strtoupper (md5 ($fs . $dmm . $exp . '.,nm!#($*^jAdCMy*(&7813nc52asasa|||z'));
$sd5 = strtoupper (md5 ('Umxv0)5786*I7x31' . $smm . $exp . $ls));
$md5o = substr ($line[1], 1, 32);
$sd5o = substr ($line[2], strlen ($line[2]) - 33, 32);
if ($sd5o != $sd5)
{
return 'License error - secure domain check incorrect';
}
if ($md5o != $md5)
{
return 'License error - domain check incorrect';
}
if ($sd5o != $sd5)
{
if ($md5o != $md5)
{
return 'License error - domain check failed';
}
}
if (!($exp))
{
return 'License expiration date incorrect';
}
}
function _amember_get_iconf ()
{
global $config;
$domain = $_SERVER['HTTP_HOST'];
if (!($domain))
{
$domain = parse_url ($config['root_url']);
$domain = $domain['host'];
if (!($domain))
{
$domain = $_SERVER['SERVER_NAME'];
}
}
if ($domain == '')
{
exit ('Cannot get domain name');
}
$domain = get_min_domain ($domain);
$sdomain = '';
$sdomain = $_SERVER['HTTP_HOST'];
if (!($sdomain))
{
$sdomain = parse_url ($config['root_surl']);
$sdomain = $sdomain['host'];
if (!($sdomain))
{
$sdomain = $_SERVER['SERVER_NAME'];
}
}
if ($sdomain == '')
{
exit ('Cannot get secure domain name');
}
$sdomain = get_min_domain ($sdomain);
$date = date ('Y-m-d');
global $_amember_license;
$_amember_license = array ();
foreach (preg_split ('|===== ENF OF LICENSE =====[\r\n\s]*|m', $config['license'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE) as $v)
{
$v .= '===== ENF OF LICENSE =====';
if ($error = decode_hb ($v, &$dmm, &$smm, &$exp))
{
return $error;
}
if ($exp < date ('Y-m-d'))
{
mail_admin ('
Your aMember Pro license expired. Please login into CGI-Central
Members section and get new license file in order to continue
aMember Pro usage.
', 'URGENT: License Expired (aMember Pro)');
return 'License expired';
}
if (date ('Y-m-d') == $exp)
{
mail_admin ('
Your aMember Pro license is about to expire. Expiration date: ' . $exp . '
Please login into CGI-Central Members section and get new license
file.
', 'URGENT: License Expiration (aMember Pro)');
}
$_amember_license['expire'] = $exp;
$_amember_license['domain'][] = $dmm;
$_amember_license['secure_domain'][] = $smm;
}
$up = parse_url ($config['root_url']);
if ($up['host'] == '')
{
exit ('Root URL is empty');
}
$root_domain = get_min_domain ($up['host']);
$up = parse_url ($config['root_surl']);
if ($up['host'] == '')
{
exit ('Secure Root URL is empty');
}
$sroot_domain = get_min_domain ($up['host']);
$matched_domain = 0;
$matched_sdomain = 0;
$matched_root_url = 0;
$matched_sroot_url = 0;
foreach (array_merge ($_amember_license['domain'], $_amember_license['secure_domain']) as $d)
{
if ($domain == $d)
{
++$matched_domain;
}
if ($sdomain == $d)
{
++$matched_sdomain;
}
$d = preg_quote ($d);
if (preg_match ('/(^|\.)' . $d . '$/', $root_domain))
{
++$matched_root_url;
}
if (preg_match ('/(^|\.)' . $d . '$/', $sroot_domain))
{
++$matched_sroot_url;
continue;
}
}
$list_domains = join (',', array_unique (array_merge ($_amember_license['domain'], $_amember_license['secure_domain'])));
$url = ($_SERVER['SERVER_PORT'] == 443 ? 'https://' : 'http://');
$url .= $domain . $_SERVER['REQUEST_URI'];
$ref = $_SERVER['HTTP_REFERER'];
return '';
}
function _amember_error_handler ($errno, $errstr, $errfile, $errline)
{
switch ($errno)
{
case E_ERROR:
{
}
case E_PARSE:
{
}
case E_CORE_ERROR:
{
}
case E_COMPILE_ERROR:
{
fatal_error ('FATAL [' . $errno . '] ' . $errstr . '
in line ' . $errline . ' of file ' . $errfile);
exit (1);
}
case E_USER_ERROR:
{
fatal_error ('ERROR [' . $errno . '] ' . $errstr . '
in line ' . $errline . ' of file ' . $errfile);
return null;
}
case E_WARNING:
{
echo 'ERROR [' . $errno . '] ' . $errstr . '
in line ' . $errline . ' of file ' . $errfile;
}
}
}
if (!(defined ('INCLUDED_AMEMBER_CONFIG')))
{
exit ('Direct access to this location is not allowed');
}
require_once $config['root_dir'] . '/smarty/Smarty.class.php';
require_once $config['root_dir'] . '/common.inc.php';
global $config;
$config['plugins_dir']['payment'] = $config['root_dir'] . '/plugins/payment';
$config['plugins_dir']['protect'] = $config['root_dir'] . '/plugins/protect';
$config['plugins_dir']['db'] = $config['root_dir'] . '/plugins/db';
$config['data_dir'] = $config['root_dir'] . '/data';
$plugin_config = $config;
read_db_config (&$config);
$plugin_config = $config;
$plugins = $config['plugins'];
$plugins['db'][0] = 'mysql';
$msg = _amember_get_iconf ();
if ($config['ignore_smtp'])
{
ini_set ('SMTP', '');
}
require_once $config['root_dir'] . '/db.inc.php';
require_once $config['root_dir'] . '/paysys.inc.php';
require_once $config['root_dir'] . '/member.inc.php';
require_once $config['root_dir'] . '/product.inc.php';
require_once $config['root_dir'] . '/payment.inc.php';
require_once $config['root_dir'] . '/plugins.inc.php';
require_once $config['root_dir'] . '/plugins/protect/php_include/bruteforce.inc.php';
add_fields_from_config ();
if (file_exists ($config['root_dir'] . '/site.inc.php'))
{
require_once $config['root_dir'] . '/site.inc.php';
}
if ($config['send_signup_mail'])
{
setup_plugin_hook ('finish_waiting_payment', 'check_for_signup_mail');
}
if ($config['send_payment_admin'])
{
setup_plugin_hook ('finish_waiting_payment', 'mail_payment_admin');
}
setup_plugin_hook ('daily', 'mail_expire_members');
setup_plugin_hook ('daily', 'mail_recurring_members');
setup_plugin_hook ('daily', 'check_expire_members');
setup_plugin_hook ('daily', 'clear_access_log');
if (!($config['use_cron']))
{
check_cron ();
}
?> [ 本帖最后由 cator 于 2006-12-16 06:04 PM 编辑 ]
|
|
