├── .gitignore ├── LICENSE ├── README.md ├── doc ├── QuickStart │ ├── documentation-en.txt │ └── documentation-fr.txt ├── advantages.htm ├── background2.gif ├── codingtips.htm ├── contact.htm ├── disadvantages.htm ├── download.htm ├── example.htm ├── faq.htm ├── gettingstarted.htm ├── guestbook.htm ├── header.html ├── index.html ├── links.htm ├── menubg2.gif ├── mnu-1.html ├── news.gif ├── screenshot.png ├── screenshotsmall.png ├── settings.htm ├── start.htm ├── style.css ├── stylemenu.css ├── tips.htm ├── todo.htm └── workings.htm ├── example └── someClass.php ├── inc ├── dirUtils.php └── requestUtils.php ├── pobs-ini-copyright.txt ├── pobs-ini.inc.php ├── pobs.php └── pobslogo.gif /.gitignore: -------------------------------------------------------------------------------- 1 | /pobs-ini-copyright-0.2.0.txt 2 | /_bkp 3 | /.htaccess 4 | /*.lnk 5 | /io 6 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | {description} 294 | Copyright (C) {year} {fullname} 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | {signature of Ty Coon}, 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | POBS 2 | ==== 3 | 4 | POBS is a PHP Obfuscator. This means it "compiles" your PHP files by making them unreadable to a human. 5 | 6 | How unreadable the output is? You can see for yourself in the `example`. 7 | 8 | **Note!** This is not meant to be bullet proof. The output code will not be re-usable for most people, but dedicated user will always be able to guess what you are doing in most single functions. In other words – re-using output code is hard, but not impossible. 9 | 10 | Disclaimer 11 | ------------------- 12 | Nobody was hurt during creation of this tool, but if you are accustomed to high quality, modern code, then you'd better not look under the hood ;-). AFAIK the tool started in 2001 - the time when PHP 4 was only starting to gain attention. If you don't remember those times - there were no real classes in PHP back then. Also nobody used unit tests (PHPUnit 2004, Xdebug 2002). So you get the picture. Active development by the original author ended in 2003. 13 | 14 | Having said all that, the tool works. The configuration is easy. I've added some comments, fixed some stuff that was not working for me and that's it. I'm using this tool for one, but relatively large project (100+ PHP files, about 10000 lines of code - not counting comments). 15 | 16 | There are commercial tools out there that might be better suited for your needs. Just be warned that you should test the tools before you buy them! Some commercial tools, especially binary ones (sold as PHP extensions), may be unstable and you will only double your problems. 17 | 18 | Installation 19 | ------------------- 20 | 21 | Installing POBS is as easy as I could think of. Just unzip the downloaded file and put it a directory that is located under your web server. POBS is a collection of files in just 1 directory. 22 | 23 | Before executing POBS you are advised to read the manual that is provided in the `doc` folder. Also check the settings in `pobs-ini.inc` and adjust them to suit your needs. When you run POBS for the first time you should at least adjust the `$SourceDir` and the `$TargetDir` variables. 24 | 25 | If you have a large amount of PHP source to be POBSed, check your `php.ini` and see whether it runs in "Safe mode" (also, POBS warns for it). If it does, POBS can not adjust the timeout setting as indicated in `pobs-ini.inc` and the processing might be terminated before POBS has finished the replacement of all your PHP code files. You might need to restart your web server after adjusting the `php.ini` file. 26 | 27 | After having checked everything and having adjusted the settings in `pobs-ini.inc` you point your browser to `pobs.php` and press ``. 28 | 29 | Naming conventions 30 | ------------------- 31 | In some occasions POBS might change too much. Mostly this will happen if you mix JavaScript with PHP and happen to have e.g. PHP post variable named the same as JavaScript variable. This will result in a non-working code. 32 | 33 | You can of course ignore this and only add exceptions when it is necessary. 34 | 35 | But to avoid this problem prematurely you should use prefixes in new projects for your PHP variables, functions and such. You can for example use below conventions. 36 | 37 | ### Variables ### 38 | * standard variables: "pv_" ("$pv_someValue", instead of "$someValue") 39 | * GET/POST: "rv_" ("rv_kid", instead of "kid") 40 | 41 | ### Functions and classes ### 42 | * functions and methods: "pf_" (`pf_someFunction`, instead of `someFunction`) 43 | * classes: "pc_" (`pc_SomeClass`, instead of `SomeClass`) 44 | 45 | Changes log 46 | --------------------- 47 | 48 | ### 0.99.1 ### 49 | 50 | * Additional configuration variables: 51 | ```php 52 | $MinimumReplaceableVarLen = 4; // all below this will not be replaced 53 | $ReplaceVarsInTabsAndCookies = false; 54 | $ReplaceVarsInNameField = false; 55 | ``` 56 | * REMOVE COMMENTS (currently one line only) 57 | * Remove empty and semi-empty lines after removing comments 58 | 59 | ### 0.99.2 ### 60 | 61 | Additional configuration variable: `$CopyrightTextFromIni`. 62 | 63 | ### 0.99.3 ### 64 | - removed case insensitive replace for most regexpes (PHP and JS are both mostly case sensitive) 65 | - auto saving log file (html output) 66 | - nux: do not show numbers in log (better for diffs) 67 | 68 | ### 0.99.4 ### 69 | 70 | txt log file 71 | 72 | ### 0.99.5 ### 73 | 74 | * Additional configuration: 75 | ```php 76 | // if true then just run dummy parsing (will not change any files nor create directories) 77 | $DoNotCopyOrCreateAnything = false; 78 | ``` 79 | * Remove elapsed time for individual files. 80 | * Fixed ReplaceJS form option. 81 | 82 | 83 | ### 0.99.6 ### 84 | 85 | - allow running with GET (with default options) 86 | - passing some extra options when running with GET 87 | - mild security: allow source and target paths to be relative *only* to current directory 88 | - allow changing copyright year in default text taken form copyright ini file. 89 | 90 | Example URL: 91 | 92 | pobs.php?getEnabled=lakslkals&inDir=in&outDir=out/test&NewCopyrightYear=2014 93 | 94 | New configuration: 95 | ```php 96 | $RunWithGetSecret = 'lakslkals'; // "secret" string to be passed with GET request 97 | 98 | // things not set explicitly otherwise 99 | $RunWithGetDefaults = array ( 100 | 'ReplaceClasses' => '1', 101 | 'ReplaceFunctions' => '1', 102 | 'ReplaceVariables' => '1', 103 | 'RemoveComments' => '1', 104 | 'KeptCommentCount' => '0', 105 | 'RemoveIndents' => '1', 106 | 'ReplaceNewer' => 'on', 107 | 'RecursiveScan' => 'on', 108 | 'CopyAllFiles' => 'on', 109 | 'CopyrightPHP' => '1', 110 | 'CopyrightJS' => '1', 111 | 'OK' => 'Start processing', 112 | ); 113 | 114 | // allow source and target paths to be relative only to current dir (or dir given below) 115 | $AllowOnlySubDirs = true; 116 | $SourceTargetDirsBase = "./io/"; // use "./" for base in pobs dir 117 | 118 | // copyright replacement config (works only if NewCopyrightYear is passed with GET or POST) 119 | $CopyrightYearPattern= "#(Copyright [0-9]+\-)([0-9]+)#"; 120 | $CopyrightYearReplacement= "\${1}%NewYear%"; // @note must containt "%NewYear%" for the replacement to work 121 | ``` 122 | 123 | ### 0.99.7 ### 124 | 125 | * `protected`, `abstract`... and other PHP 5 classes and methods obfuscation. 126 | * default timezone -------------------------------------------------------------------------------- /doc/QuickStart/documentation-en.txt: -------------------------------------------------------------------------------- 1 | ----------------------------------------------------------------- 2 | POBS - Version 0.99 August 10th, 2003 3 | ----------------------------------------------------------------- 4 | 5 | ALERT: From version 0.92 on POBS provides users with the option 6 | to automatically replace edited PHP sourcefiles only. If you 7 | change one of the settings in this file you probably need to 8 | replace all files again. When you startup POBS, you can indicate 9 | whether you want to replace everything or edited files only. 10 | 11 | You can adjust the value of the following variables in this file 12 | without the need to replace every file again. 13 | 14 | $TimeOut 15 | $FontSize 16 | $TableColumns 17 | 18 | When in doubt, instruct POBS to replace everything. 19 | 20 | ----------------------------------------------------------------- 21 | About pobs-ini.inc.php file 22 | 23 | This file controls many aspects of POBS' behavior. POBS will try 24 | to include it and looks for it in the same directory as pobs.php is 25 | located. Instead of a real ini file it's just a plain PHP script 26 | file. It is assumed you are familiar with PHP code syntax if you 27 | use POBS, so configuring this file won't give you too much trouble 28 | 29 | POBS will not run in case source and target directory are 30 | identical. Make sure the source directory is read enabled and the 31 | target directory is write enabled. Directories are case-SENSITIVE 32 | (Well, NOT on Win32, that is). 33 | 34 | You can use forward slashes ( / ) for both Unix and Win32. 35 | 36 | These directories are complete (absolute) directories and NOT 37 | relative to the root directory of your webserver! 38 | 39 | ----------------------------------------------------------------- 40 | Display Properties report 41 | 42 | While running, POBS reports about found variables, constants and 43 | other stuff. For your convenience and for debugging purposes you 44 | can save and/or print this HTML report. Below, you can indicate the 45 | number of columns of the reporttables and the fontsize. If you want 46 | to print the report, the standard number of columns, 5, might be 47 | too high in order to fit on the printed page (or your screen). 48 | 49 | 50 | ----------------------------------------------------------------- 51 | Extra obscuring 52 | 53 | To further obscure your sourcecode you can remove the comments and 54 | indents. If obscuring your code results in a non-working program 55 | you are advised to leave the indents intact and turn off 56 | "ConcatenateLines" for easier debugging. 57 | 58 | I strongly advise you to turn the variables below off. You should 59 | turn them on only after you made sure your application works fine 60 | with functions, constants and variables already replaced. 61 | 62 | The concatenation of lines can create problems when used with 63 | inline Javascript or inline HTML with the 
 tag used.
 64 | 
 65 | function JsCheckField() {
 66 | var1="x"
 67 | var2="y"
 68 | } 
 69 | 
 70 | In the example above, concatenation will lead to a malfunctioning
 71 | Javascript function.
 72 | 
 73 | function JsCheckField() {var1="x"var2="y"} 
 74 | 
 75 | To avoid this you can:
 76 | * Turn concatenation off
 77 | * echo Javascript like: echo "function JsCheckField() {\n";
 78 | * End javascript codelines with ";" (although I haven't tested it)
 79 | 
 80 | 
 81 | -----------------------------------------------------------------
 82 | Files to be scanned 
 83 | 
 84 | Do NOT use wildcards or dots here. Just plain alphanumeric 
 85 | characters
 86 | 
 87 | 
 88 | -----------------------------------------------------------------
 89 | Options
 90 | 
 91 | Parsing, replacing and writing your files can take quite a long 
 92 | time. In order to not get a timeout error crank it up pretty high,
 93 | depending on the speed of your processor and the total size of the
 94 | files to be processed. As an indication: for processing 250Kb of 
 95 | PHP code a timeout of 500 seconds should do fine on a 300 Mhz 
 96 | processor.
 97 | 
 98 | EXCLUDING USER DEFINED FILE
 99 | You probably want to exlude certain files, like useful classfile.
100 | For this option edit $StdExcFileArray var.
101 | 
102 | Do not remove the Dummy Entry since it may result in bad breath and
103 | other nasty things.
104 | 
105 | 
106 | -----------------------------------------------------------------
107 | Standard Variables Exclude Array
108 | 
109 | PHP provides a large number of predefined variables to any script
110 | which it runs. Many of these variables, however, cannot be fully 
111 | documented as they are dependent upon which server is running, the
112 | version and setup of the server, and other factors. Some of these 
113 | variables will not be available when PHP is run on the command-line.
114 | It is adviced not to delete entries from the list below as it may 
115 | result in a not working program. To keep things tidy it is adviced
116 | to only add new entries which are clearly predefined PHP variables.
117 | 
118 | For adding your own excluded variables it is recommended to edit 
119 | $UdExcVarArray
120 | 
121 | By the way, PHP has predefined constants too, like __LINE__ , 
122 | __FILE__ and E_WARNING. POBS will automatically skip all these 
123 | predefined constants and will only replace constants that are 
124 | declared by you with the "define" command.
125 | 
126 | EXCLUDING USER DEFINED VARIABLES
127 | You probably want to exlude certain variables. This is particularly
128 | helpful when you make use of these variables in your Query_String.
129 | I.e.: http://www.domain.com/phpprogram.php?uid=234&action=select. 
130 | In this particular example you need to add at least "uid" and 
131 | "action" to the array below in order to keep your program running 
132 | properly.
133 | Do NOT use the dollar sign to indicate the name of a variable here.
134 | The names of the variables, constants and functions are case 
135 | sensitive (which should go without saying since PHP is 
136 | case-sensitive too.)
137 | 
138 | Do not remove the Dummy Entry since it may result in bad breath and
139 | other nasty things.
140 | 
141 | **** WILDCARDS
142 | 
143 | Only in $UdExcVarArray you can use wildcards. You can NOT use a "?"
144 | but only a "*" which must be placed at the end or start of a
145 | variablename.
146 | 
147 | If you define your constants properly you probably do not need to
148 | add constantnames to $UdExcConstArray. My advise would be to name 
149 | them all like cERROR, cHTML or cDOMAIN. Start with a lowercase "c"
150 | to indicate a constant and make all following characters uppercase.
151 | This will set them apart from most textelements you use and HTML 
152 | tagnames or HTML propertynames.
153 | 
154 | -----------------------------------------------------------------
155 | 
156 | $UdExcFuncArray
157 | 
158 | If you use javascript functions in your PHP code POBS might replace 
159 | the name of the javascript function. It's better to prevent this 
160 | and add the name to $UdExcFuncArray
161 | 
162 | Example:
163 | 
164 | function JsCheckField() 
165 |  alert("I should add 'JsCheckField' to $UdExcFuncArray");
166 | }
167 | 
168 | 
169 | In future versions of POBS this adding of javascript names will 
170 | probably not be needed anymore. But for now it is.
171 | 
172 | 


--------------------------------------------------------------------------------
/doc/QuickStart/documentation-fr.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Eccenux/POBS/1ab9c2f104756cee31210e7634bf29cf4713e4a7/doc/QuickStart/documentation-fr.txt


--------------------------------------------------------------------------------
/doc/advantages.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Advantages
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
28 | 
29 | 

13 | 
Advantages

14 | In general
Encoders like Zend Encoder and Microcode and cachers like APC have the advantage of making it more difficult for others to use your code and get away with your intellectual property. Another objective is to prevent others from peeking into your code and find security holes.


15 | 


16 | POBS has the same objectives but establishes it by other means. It's not an ideal solution but it has the following advantages and disadvantages over other methods.


17 | 

18 | No need for libraries or decoders
POBS works without libraries, modules or decoders. That makes POBS ideal for deploying your application at an ISP or customer. Especially with ISPs it's difficult to persuade them to install the decoder you need (I.e. Zend Encoder). With POBS you can deploy with peace of mind.


19 | 

20 | Hard to reverse-engineer
POBS removes information from your sourcecode. In a way this is safer than using Zend Encoder or MicroCode since they can be reverse-engineered by adjusting the PHP engine. Not with POBS. With POBS you can almost eagerly hand over the sourcecode to a third party without losing sleep. Zend Encoder and Microcode can not guarantee the safety of your sourcecode ( POBS is not guaranteed either but I hope you understand the difference).


21 | 

22 | Cross-platform, cross PHP version
Since PHP Obfuscator is written in PHP 4.x and PHP is cross-platform, PHP Obfuscator is cross-platform too. What is more, you can Obfuscate your sourcecode on a Win32 machine and run it without any modification on a Linux machine.


23 | 

24 | Compatible with other tools
The good thing about PHP Obfuscator is that it doesn't prevent you from using APC Cache or ZEND Cacher in addition. If you really want things secure you might add Zend Encoder.


25 | 

26 | Open Source
PHP Obfuscator is Open Source GPL style. Since you might want to use PHP Obfuscator to protect your sourcecode you have knowledge of PHP and can adjust PHP Obfuscator to your own liking. Of course, you are encouraged to share your enhancements with the rest of the world.


27 | 

30 | 

31 | 

32 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/background2.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Eccenux/POBS/1ab9c2f104756cee31210e7634bf29cf4713e4a7/doc/background2.gif


--------------------------------------------------------------------------------
/doc/codingtips.htm:
--------------------------------------------------------------------------------
  1 | 
  2 | 
  3 | 
  4 | Codingtips
  5 | 
  6 | 
  7 | 
  8 | 
  9 | 
 10 | 
 11 | 
 12 | 
124 | 
125 | 

 13 | 
Codingtips

 14 | Before being POBSed, you probably need to adjust your sourcecode here and there. Especially in case you have chosen to also replace variables. In a scripting language like PHP, variables may create most of the problems. Below are some problems and solutions.


 15 | 

 16 | Don't name constants after HTML tags
POBS finds it hard to really find the constantnames. Contrary to variables, constants in PHP do not start with a indicator like a dollar-sign ($). If you have defined constants with  names like "HTML" or "HEAD", POBS will replace both these constants and these HTML tags with a new name, thinking they are constants. In order to avoid this, simply start every (or at least every dubious constantname) with a "c". I personally find it good practise to use uppercase for each constantname except for the first letter. So something like cUSERNAME and cHEAD. This will generally prevent problems.


 17 | 

 18 | Check for parse_str
"parse_str" is usefull PHP function which scans a string (i.e. a query_string) and generates variables. So a string with "Var1=3&Var2=X&Var3=123" processed by parse_str would result in the declaration of 3 variables and the according values would be assigned to them.


 19 | 


 20 | This is particularly useful when passing many parameters to a certain function.


 21 | 


 22 | I.e. function ProcessStuff($ParamsStr) {


 23 |   parse_str($ParamsStr);


 24 |   If ($Var1==4) echo "Yes";


 25 |   If ($Var2=="X") DoThis() ;


 26 |   If ($Var3==999) echo "Very much";


 27 | }


 28 | 


 29 | ProcessStuff("Var1=3&Var2=Y&Var3=456);


 30 | 


 31 | The example above would go wrong if been processed by POBS. POBS deals with the problems posed by functions like parse_str. POBS not only replaces $Var1 with a new name but also all occurences of &Var1. In the example above, Var2 and Var3 would do fine but Var1 would go wrong. POBS will replace $Var1 but will not replace Var1 in the parameterstring since it is not preceded by an ampersand (&). To avoid this problem simply add a preceding ampersand to the first variable in the parameterstring.


 32 | 


 33 | ProcessStuff("Var1=3&Var2=Y&Var3=456); is wrong


 34 | 


 35 | ProcessStuff("&Var1=3&Var2=Y&Var3=456); is right


 36 | 

 37 | Check for double slashes
Removing comments from your source code obviously helps in preventing others using it. You can optionally instruct POBS to remove comments.


 38 | 


 39 | In order for POBS to find comments it searches for double slashes in you code preceded by a space or tab character (like " //"). It does not (yet?) check whether these slashes are somewhere in between quotes (in case they would not be comments). Before using POBS to remove comments you are advised to scan your code for double slashes.


 40 | 

 41 | Dealing with $$Var1
Consider the following code snippet:


 42 | 


 43 | $Var1="Var2";


 44 | $$Var1="Amsterdam";


 45 | echo $Var2; // "Amsterdam"


 46 | 


 47 | $Var2 will have the value "Amsterdam"


 48 | 


 49 | POBS makes the following code of it:


 50 | 


 51 | $V31bff649="Var2";


 52 | $$31bff649="Amsterdam";


 53 | echo $V8c4e34d5;  // empty


 54 | 


 55 | As you see POBS has replaced all occurences of $Var2 but not Var2. Therefore this little program will not work as intended. To get it working you need to add Var2 to the $UdExcVarArray in pobs-ini.inc.


 56 | 


 57 | 

 58 | Dealing with $GLOBALS and $HTTP_POST_VARS
$GLOBALS is a predefined array in which all the global variables are present. In many programs variables are added to this array.


 59 | 


 60 | POBS replaces both $Var as $GLOBALS["var"] or $GLOBALS[var] occurences in your code so this will generally not cause problems. But you might have a strange unusual situation with i.e. $GLOBALS[strtolower($VarX)] where POBS will not work properly. You would have to add $VarX to the exclude user-defined variables array in pobs-ini.inc.


 61 | 


 62 | POBS does NOT deal with $HTTP_POST_VARS, $HTTP_GET_VARS and $HTTP_COOKIE_VARS. You might add them yourself if you want by copying the ereg_replace code for $GLOBALS and replace GLOBALS with i.e. HTTP_POST_VARS.


 63 | 


 64 | 

 65 | Cookies
Cookies might cause problems since they are used in a normal fashion but defined and set in an unusual way.


 66 | 


 67 | setcookie ("TestCookie", "Test Value");


 68 | echo $TestCookie;


 69 | 


 70 | After POBS has done it's work the cookie "TestCookie" will still have be set but displaying the contents of the cookie will result in an empty string.


 71 | 


 72 | In the future POBS might just deal properly with this problem by also replacing setcookie("CookieName", "CookieValue") with setcookie("Veda45e23", "CookieValue"). But now it doesn't and here is what I suggest you to do.


 73 | 


 74 | Exclude all cookievariables by adding them to $UdExcVarArray in pobs-ini.inc. This is easiest done (and most secure) if you name every cookie according to a naming convention. Personally I start all cookienames with "whc_" so that I only have to add "whc_*" to the array. It's also good coding if you ask me. Scan your sourcefiles for the PHP function "setcookie" and give the first parameter a new name.


 75 | 

 76 | Forms and fields
If a user submits a form that is given to a PHP script, PHP automatically creates variables with names corresponding with the names of the input fields of the form.


 77 | 


 78 | POBS deals with this by also replacing every field in every form


 79 | 


 80 | So, consider the following HTML code:


 81 | 


 82 | <FORM METHOD=POST ACTION=do-it.php>


 83 | <INPUT TYPE=TEXT NAME=address>


 84 | <FORM>


 85 | 


 86 | The PHP script do-it.php has references to $address. POBS will replace it. And  POBS also replaces NAME=address with that same value.


 87 | 


 88 | A problem arises when a program outputs forms automatically. POBS can no longer find code like :


 89 | 


 90 | echo "<INPUT TYPE=TEXT NAME=address>";


 91 | 


 92 | but will instead find something like:


 93 | 


 94 | echo "<INPUT TYPE=TEXT NAME=".CreateFieldName("address").">";


 95 | 


 96 | and will not replace the latter fieldname.


 97 | 


 98 | The remedy would be (that's what I did) to let all created fieldnames by CreateFieldName() start with the same letters. Something like "field_". This would result in something like "field_address" and "field_phone" etc).You would than just have to add the entry "field_*" (don't forget the wildcard!) to the $UdExcVarArray in pobs-ini.inc and the problems are over.


 99 | 

100 | Javascript functions
Formerly I stated that when you were using inline Javascript you need to make adjustments. I was wrong. The only possible problem with inline Javascript I know of, is that you can't let POBS concatenate lines if you haven't ended each Javascript codeline with a semicolon ";". I guess this doesn't need extra explanation.


101 | 


102 | POBS does not (and can not easily) discriminate between JavaScript functions and PHP functions. It you declared a Javascript function named "X", POBS will replace this Javascript function and all references to it. As far as I know this will not create problems so there is no need to worry.


103 | 


104 | If you don't want your Javascript functions to be replaced, i.e. in case you want to debug it more easily, you can add them to $UdExcFuncArray in pobs-ini.inc or you can replace the inline Javascript with Javascript echoed by PHP. An example is shown below:


105 | 


106 | echo "function JsCheckField() {n";


107 | echo "<Javascript code lines>n";


108 | echo "}n";


109 | 


110 | This way POBS doesn' t consider "JsCheckField()" to be a function that needs replacement.


111 | 

112 | Inline HTML and <pre>
Programmers can use inline HTML in their PHP files. When POBS is instructed to concatenate codelines it normally is not a problem and doesn't compromise the HTML since carriage returns are not presented by return characters in HTML but by <br>. But, when <pre> is used before a piece of HTML code the browser interprets each return character as a <br>. Another problem with inline HTML is laid out in the paragraph below.


113 | 


114 | <pre>


115 | This text will be displayed exactly as is seen here.


116 | Every return in this text is interpreted as a carriage return by your browser.


117 | </pre>


118 | 


119 | And this is what POBS can make of it:


120 | <pre>


121 | This text will be displayed exactly as is seen here.Every return in this text is interpreted as a carriage return by your browser.


122 | </pre>


123 | 

126 | 

127 | 

128 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/contact.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Contact
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
27 | 
28 | 

13 | 
Contact

14 | If you have questions, suggestions, alterations or comments about POBS please let me know.


15 | 


16 | You can send an email to pobs@domein1.com


17 | 


18 | 

19 | License
Copyright (C) 2001 Pinkeltje


20 | 


21 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published bythe Free Software Foundation; either version 2 of the License, or (at your option) any later version.


22 | 


23 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.


24 | 


25 | POBS is distributed together with a GNU General Public License of the Free Software Foundation


26 | 

29 | 

30 | 

31 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/disadvantages.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Disadvantages
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
38 | 
39 | 

13 | 
Disadvantages

14 | Your probably have to adjust some codelines to get it working
The downside of POBS is that it won't guarantee that your code will work properly without adjustments. This has to do with the way scripting languages like PHP deal with variables. As you probably know you can dynamically define (maybe "use" is a better word) variables in PHP. This poses a problem for POBS or any other Obfuscator. But you can deal with it by scanning your code for things like $$VarName and parse_str and edit your code or add variables to the array of excluded variables ($UdExcVarArray).


15 | 


16 | I must say though that many of the coding adjustments that I suggest are actually good (and normal) coding practices. Like starting every constant with a lower "c" and putting the rest in uppercase. Or naming all variables of a certain kind according to a naming convention.


17 | 


18 | See Codingtips and Debugtips on how to prevent problems and get your code working (I got my 300 Kb code working without my own advice so there is no need to get discouraged).


19 | 

20 | No password protection
POBS will not protect against the proliferation of passwords used in your sourcecode. I.e. if your PHP program connects to a MySQL database you probably use the PHP function "mysql_connect". One of the parameters is a password. POBS doesn't obfuscate the function (since it is not user -defined) nor the password. You might make a deliberate complex function that generates a password but a hacker could just call that function and see what it returns.


21 | 


22 | For me, protecting against database passwords or stuff is not really important because POBS is essentially targeted at applications that need to be deployed. I.e. on a customers computer. In that situation a customer might have full access to the computer and deals with his own data in the database anyway.


23 | 


24 | Zend Encoder and Microcode Encoder do protect passwords since they encrypt those too (they probably encrypt the whole PHP file like "WinZip + password" would do).


25 | 

26 | Beware of inline Javascript in your PHP code
Formerly I stated that when you were using inline Javascript you need to make adjustments. I was wrong. The only possible problem with inline Javascript I know of, is that you can't let POBS concatenate lines if you haven't ended each Javascript codeline with a semicolon ";". I guess this doesn't need extra explanation.


27 | 


28 | POBS does not (and can not easily) discriminate between JavaScript functions and PHP functions. It you declared a Javascript function named "X", POBS will replace this Javascript function and all references to it. As far as I know this will not create problems so there is no need to worry.


29 | 


30 | If you don't want your Javascript functions to be replaced, i.e. in case you want to debug it more easily, you can add them to $UdExcFuncArray in pobs-ini.inc or you can replace the inline Javascript with Javascript echoed by PHP. An example is shown below:


31 | 


32 | echo "function JsCheckField() {n";


33 | echo "<Javascript code lines>n";


34 | echo "}n";


35 | 


36 | This way POBS doesn' t consider "JsCheckField()" to be a function that needs replacement.


37 | 

40 | 

41 | 

42 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/download.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Download
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
33 | 
34 | 

13 | 
Download

14 | The files are a mere 17Kb in size. If you would ask MicroSoft, this requires distribution via CD Rom. And an install-program of course.


15 | 

16 | Version 0.91 - November 7th 2001
    
17 | 
18 | 
  • Increased performance. More than 2 times faster

    
19 | 
  • Option to replace edited files only

    
20 | 
  • Objects compatible

    
21 | 
  • Bugfix with $UdExcFuncArray

    
22 | 
 pobs091.zip 

23 |  pobs091.tar.gz Unlike the previous version of POBS (0.9), version 0.91 does not come with documentation in the form of this website.


24 | 


25 | 

26 | Version 0.9 - october 20th 2001
 pobs09.zip Winzip


27 | 

28 |  pobs09.tar.gz Unix tar en gzip


29 | 


30 | 

31 | Feedback
If you downloaded it and use it, please send me an email at pobs@domein1.com


32 | 

35 | 

36 | 

37 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/example.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Example
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
86 | 
87 | 

13 | 
Example

14 | In the example below you see the result of the 15 Kb POBS program that's been processed by POBS itself. Both variables, functions and constants have been replaced. Also, comments and indents have been removed and lines have been concatenated.


15 | 


16 | For sucessfully POBSing POBS you only need to add the variable "PA" to $UdExcVarArray. PA is used in the query_string of POBS.


17 | 


18 | The words you can still recognize are:


19 | 
    
20 | 
21 | 
  • Standard PHP functions

    
22 | 
  • Excluded Variables like $params

    
23 | 
  • HTML code

    
24 | 
  • Fixed text

    
25 | 
  • Filenames

26 | 
27 | I would certainly not like to reverse-engineer this.


28 | 


29 | <?


30 | include("pobs-ini.inc");


31 | echo "<HTML><HEAD><TITLE>POBS - A PHP Obfuscator</TITLE><STYLE TYPE='text/css'>";echo "td { font-family: Verdana, sans serif;font-size:".$V24b02965."pt;  vertical-align: top; }";echo "</STYLE></HEAD><BODY>";


32 | define("C00529ab2", "<TD VALIGN=TOP>");define("C4d89b09c", "<TD BGCOLOR=#6699CC VALIGN=TOP>");define("C5481f31d", "<TD BGCOLOR=#E6E6E6 VALIGN=TOP>");define("C9c3b8e37", "<TR>");define("Cd742068d", "</TR>");define("Cdabce349", "</TD>");define("C6faee0d5", "</TABLE>");


33 | if ($PA) F85580fcb();


34 | $V9429cf94=time();


35 | $Vf797b56c=0;$V048f0047=0;


36 | $Vbc961c59=array();$Vb787292f=array();$V4cb73b6b=array();$Vae809e1a=array();


37 | $V4a949e17=array();$Va7254761=array();$Vd74f666d=array();


38 | if ($PA) F23da1c4c();else Fb72cca71();


39 | function F23da1c4c() {global $V0e475c03, $V9b131e1e;if (!(is_readable($V0e475c03))) {echo "Error. Source Directory ".$V0e475c03." is not readable. Program will terminate<br>";exit;}if (!(is_writeable($V9b131e1e))) {echo "Error. Target Directory ".$V9b131e1e." is not writeable. Program will terminate<br>";exit;}F69b1473d();Fcecc24ab();F8eceda2a();F001878fb();}


40 | function Fb72cca71() {global $V5c642867, $V1e5309c7, $V9b131e1e, $V0e475c03, $Veb1e1b83, $V7620b171, $V43225a8d;global $V29eb2c69, $V0981e6bd, $V00960abb, $Va7a918c1, $V4dd4189a, $Vcb30d890;global $V3164646b;echo "<TABLE CELLPADDING=0 WIDTH=100% CELLSPACING=0 BORDER=0>";echo C9c3b8e37.C4d89b09c."<A HREF='http://pobs.mywalhalla.net' TARGET=_new><IMG SRC=pobslogo.gif HSPACE=20 WIDTH=150 HEIGHT=61 BORDER=0></A>".Cdabce349;echo C4d89b09c."<br><b>A PHP Obfuscator<br>Version 0.91".Cdabce349.Cd742068d.C6faee0d5;


41 | F85580fcb();


42 | echo "<TABLE CELLPADDING=3 WIDTH=100% CELLSPACING=0 BORDER=1>";echo C9c3b8e37.C4d89b09c." <CENTER><DIV style="font-size:13pt;"><b>Settings</DIV></CENTER>".Cdabce349.Cd742068d."<br>";echo C9c3b8e37.C00529ab2." <CENTER>For the most up-to-date documentation, visit <A HREF='http://pobs.mywalhalla.net' TARGET=STD>http://pobs.mywalhalla.net</A></CENTER>".Cdabce349.Cd742068d.C6faee0d5."<br>";


43 | echo "<TABLE CELLPADDING=3 WIDTH=100% CELLSPACING=0 BORDER=0>";echo C9c3b8e37."<TD VALIGN=TOP ROWSPAN=2>";


44 | echo "<TABLE CELLPADDING=3 WIDTH=100% CELLSPACING=0 BORDER=1>";echo C9c3b8e37.C5481f31d." TimeOut (sec)".Cdabce349.Cd742068d;echo C9c3b8e37.C00529ab2.$V5c642867.Cdabce349.Cd742068d;


45 | echo C9c3b8e37.C5481f31d." Source Directory".Cdabce349.Cd742068d;echo C9c3b8e37.C00529ab2.$V0e475c03.Cdabce349.Cd742068d;echo C9c3b8e37.C5481f31d." Target Directory".Cdabce349.Cd742068d;echo C9c3b8e37.C00529ab2.$V9b131e1e.Cdabce349.Cd742068d;


46 | echo C9c3b8e37.C5481f31d." Allowed File Extensions".Cdabce349.Cd742068d;echo C9c3b8e37.C00529ab2;foreach($V1e5309c7 as $V89735695 => $V68920240 ) echo $V68920240."<br>";echo Cdabce349.Cd742068d;


47 | echo C9c3b8e37.C5481f31d." Replacements".Cdabce349.Cd742068d;echo C9c3b8e37.C00529ab2." Functions: ".F9856a771($V29eb2c69)."<br>";echo " Constants: ".F9856a771($V0981e6bd)."<br>";echo " Variables: ".F9856a771($V00960abb)."<br>";echo Cdabce349.Cd742068d;


48 | echo C9c3b8e37.C5481f31d." Removals".Cdabce349.Cd742068d;echo C9c3b8e37.C00529ab2;echo " Comments: ".F9856a771($Va7a918c1)."<br>";echo " Indents: ".F9856a771($V4dd4189a)."<br>";echo " Returns: ".F9856a771($Vcb30d890)."<br>";echo Cdabce349.Cd742068d;


49 | echo C9c3b8e37.C5481f31d;echo "<FORM METHOD=POST ACTION="".$GLOBALS[PHP_SELF]."?PA=P">";echo "<INPUT TYPE=CHECKBOX NAME=Vfd4668cc CHECKED>Replace edited files only<br>";echo "<INPUT TYPE=SUBMIT NAME=Ok VALUE='Start scanning and replacing'>";echo "</FORM>";echo Cdabce349.Cd742068d;


50 | echo C6faee0d5;


51 | echo Cdabce349;echo C00529ab2;


52 | echo "<TABLE CELLPADDING=3 WIDTH=100% CELLSPACING=0 BORDER=1>";echo C5481f31d." Exclude Functions".Cdabce349.Cd742068d;echo C9c3b8e37.C00529ab2;foreach($Veb1e1b83 as $V89735695 => $V68920240 ) { echo $V89735695.": ".$V68920240."<br>"; }echo Cdabce349.Cd742068d;


53 | echo C5481f31d." Exclude Constants".Cdabce349.Cd742068d;echo C9c3b8e37.C00529ab2;foreach($V43225a8d as $V89735695 => $V68920240 ) { echo $V89735695.": ".$V68920240."<br>"; }echo Cdabce349.Cd742068d;


54 | echo C5481f31d." Selected files to be replaced".Cdabce349.Cd742068d;echo C9c3b8e37.C00529ab2;if (sizeof($V3164646b)) {foreach($V3164646b as $V89735695 => $V68920240 ) { echo $V89735695.": ".$V68920240."<br>"; }} else echo "All scanned files";echo Cdabce349.Cd742068d;


55 | echo C6faee0d5;


56 | echo Cdabce349;echo C00529ab2;


57 | echo "<TABLE CELLPADDING=3 WIDTH=100% CELLSPACING=0 BORDER=1>";echo C5481f31d." Exclude Variables".Cdabce349.Cd742068d;echo C9c3b8e37.C00529ab2;foreach($V7620b171 as $V89735695 => $V68920240 ) { echo $V89735695.": ".$V68920240."<br>"; }echo Cdabce349.Cd742068d;echo C6faee0d5;


58 | echo Cdabce349;echo Cd742068d.C6faee0d5;


59 | }


60 | function F9856a771($V68920240) {if ($V68920240==FALSE) return "<FONT COLOR=Red>No</FONT>";else return "<FONT COLOR=green>Yes</FONT>";}


61 | function F69b1473d() {


62 | global $V7620b171, $Vd74f666d;foreach( $V7620b171 as $V89735695 => $V68920240 ) {$V5e0bdcbd=strrpos($V68920240, "*");if ($V5e0bdcbd!==FALSE) {echo "WildCardValue:".$V68920240."<br>";array_push($Vd74f666d, str_replace("*", "", $V68920240));$V7620b171[$V89735695]="Niets".$V89735695;}}}


63 | function Fcecc24ab() {global $Vbc961c59, $Vb787292f, $V4cb73b6b, $Vae809e1a, $V4a949e17, $Va7254761;global $V0e475c03, $V1e5309c7, $V00960abb;global $V7620b171, $Vd74f666d, $Veb1e1b83, $V43225a8d;$V73600783=dir($V0e475c03);while($Ve1341437=$V73600783->read()) {if (is_file($V0e475c03."/".$Ve1341437)) {


64 | $V56e6ddd1=substr($Ve1341437,(strrpos($Ve1341437, ".")+1));if (in_array($V56e6ddd1, $V1e5309c7) and sizeof($Va7254761) < 400) {


65 | echo "Scanning Filename:".$Ve1341437."<br>";array_push ($Va7254761, $Ve1341437);$V4a949e17=file($V0e475c03."/".$Ve1341437);flush();for ($Vae146d64=0; $Vae146d64<sizeof($V4a949e17); $Vae146d64++) {$V4803e6b9=trim(strtolower($V4a949e17[$Vae146d64]));if (substr($V4803e6b9, 0, 9)=="function ") {$V3d47dd83=strpos($V4803e6b9, "(");$V7181d094=substr(trim($V4a949e17[$Vae146d64]), 0, $V3d47dd83);$V7181d094=trim(str_replace("function ", "", $V7181d094));if (!($Vb787292f[$V7181d094]) and !(in_array($V7181d094,$Veb1e1b83))) $Vb787292f[$V7181d094]="F".substr(md5($V7181d094), 0,8);$Vc74d460b++;} elseif (substr($V4803e6b9, 0, 6)=="define") {$Vcc5bcbcf=strpos($V4803e6b9, "(");$V2a54f74e=strpos($V4803e6b9, ",");$V509d3cbc=substr(trim($V4a949e17[$Vae146d64]), ($Vcc5bcbcf+1), ($V2a54f74e-$Vcc5bcbcf-1));$V509d3cbc=str_replace('"',"",$V509d3cbc);$V1638d396=strpos($V509d3cbc, "$");if ($V1638d396===FALSE) {if (!($V4cb73b6b[$V509d3cbc]) and !(in_array($V509d3cbc,$V43225a8d))) {$V4cb73b6b[$V509d3cbc]="C".substr(md5($V509d3cbc), 0,8);}}}if ($V00960abb) F89e1b8ff($V4a949e17[$Vae146d64]);}}}}$V73600783->close();


66 | asort ($Vb787292f);asort ($V4cb73b6b);sort ($Va7254761);}


67 | function F8eceda2a() {global $Vb787292f, $Vae809e1a, $V4cb73b6b, $Va7254761, $V7620b171, $Vd74f666d, $Vc74d460b;


68 | Ff5e16527($Vb787292f, "Found functions that will be replaced", $V67435345="FFF0D0");Ff5e16527($V4cb73b6b, "Found constants that will be replaced", $V67435345="8DCFF4");$V0f3f9054=$Vae809e1a;ksort ($V0f3f9054);Ff5e16527($V0f3f9054, "Found variables that will be replaced", $V67435345="89CA9D");Ff5e16527($V7620b171, "User Defined Exclude Variables", $V67435345="BFBFBF");Ff5e16527($Va7254761, "Scanned Files", $V67435345="EA6B48");


69 | echo "<br><br>Number of userdefined elements to be replaced<br>";echo "Functions:".sizeof($Vb787292f)."<br>";echo "Variables:".sizeof($Vae809e1a)."<br>";echo "Constants:".sizeof($V4cb73b6b)."<br>";echo "<br>Scanned Files:".sizeof($Va7254761)."<br>";}


70 | function F001878fb() {global $V3164646b, $Va7254761, $V9429cf94, $Vf797b56c, $V048f0047;global $Vfd4668cc, $V0e475c03, $V9b131e1e;echo "**** START REPLACING AND WRITE THE TARGET FILES ***** <br>";foreach( $Va7254761 as $V89735695 => $V1e621df3) {if ($Vfd4668cc) {$Vac986feb=$V0e475c03."/".$V1e621df3;$V693ed254=$V9b131e1e."/".$V1e621df3;if (file_exists($V693ed254)) {$Vb9b17830=stat($V693ed254);$V3286ee11=$Vb9b17830[9];$Vb9b17830=stat($Vac986feb);$V4c83e27b=$Vb9b17830[9];if ($V4c83e27b>$V3286ee11) $V0e3f6b26=TRUE;else $V0e3f6b26=FALSE;} else $V0e3f6b26=TRUE;} else $V0e3f6b26=TRUE;if ($V0e3f6b26) {$Vae9e0e69=time();echo "<FONT COLOR=red>Replaced ".$V1e621df3." Nr:".($V89735695+1)." of ".sizeof($Va7254761);F834dd2b5($V1e621df3);echo " - Elapsed Time: ".(time()-$Vae9e0e69)." sec.</FONT><br>";} else echo "<FONT COLOR=green>".$V1e621df3.": sourcefile older than targetfile. Not replaced</FONT><br>";flush();}


71 | echo "Start Time: ".$V9429cf94."<br>";echo "Finish Time: ".time()."<br>";echo "Elapsed Time: ".(time()-$V9429cf94)." sec<br>";


72 | echo "Total FileSize of parsed Files: ".$Vf797b56c ." Bytes <br>";echo "Total FileSize of written Files: ".$V048f0047 ." Bytes <br>";}


73 | function F89e1b8ff($V4803e6b9) {global $Vae809e1a, $V840b8ea0, $V7620b171, $Vd74f666d;while (ereg('$([0-9a-zA-Z_]*)', $V4803e6b9, $V66373a9c)) {$V526ea0eb=$V66373a9c[1];if (!$Vae809e1a[$V526ea0eb] and !(in_array($V526ea0eb,$V840b8ea0)) and !(in_array($V526ea0eb,$V7620b171))) {


74 | foreach( $Vd74f666d as $V89735695 => $V68920240 ) {if (substr($V526ea0eb, 0, strlen($V68920240))==$V68920240) {echo "Variable with name ".$V526ea0eb." added to list of variables to be excluded.<br>";array_push($V7620b171, $V526ea0eb);}}if (!(in_array($V526ea0eb,$V7620b171))) {$Vae809e1a[$V526ea0eb]="V".substr(md5($V526ea0eb), 0,8);}}$V5e0bdcbd=strpos($V4803e6b9, '$');$Vba2a9c6c=($V5e0bdcbd+strlen($V66373a9c[1]));$V4803e6b9=substr($V4803e6b9, (strpos($V4803e6b9,'$')+1));}}


75 | function F834dd2b5($V1e621df3) {global $Vae809e1a,$Vb787292f, $V4cb73b6b, $V0e475c03, $V9b131e1e, $V00960abb;global $V0981e6bd, $V29eb2c69, $V4dd4189a, $Va7a918c1, $Vcb30d890;$Vac986feb=$V0e475c03."/".$V1e621df3;$V693ed254=$V9b131e1e."/".$V1e621df3;$V2adf924e=fopen($Vac986feb, "r");$V98bf7d8c=fread($V2adf924e, filesize($Vac986feb));$GLOBALS["Vf797b56c"]+=filesize($Vac986feb);echo " - Size:".filesize($Vac986feb);fclose ($V2adf924e);


76 | if ($V29eb2c69) {foreach( $Vb787292f as $V89735695 => $V68920240 ) {$V98bf7d8c=ereg_replace("([^a-zA-Z0-9_])(".$V89735695.")[ 	]*(()","1".$V68920240."3", $V98bf7d8c);}}


77 | if ($V00960abb) {foreach( $Vae809e1a as $V89735695 => $V68920240 ) {if (strpos($V98bf7d8c, $V89735695)!==FALSE) {$V98bf7d8c=ereg_replace('([ 	"']NAME=["']*)'.$V89735695.'([ 	"'>])','1'.$V68920240.'2', $V98bf7d8c);$V98bf7d8c=ereg_replace('$('.$V89735695.')([^0-9a-zA-Z_])','$'.$V68920240.'2', $V98bf7d8c);$V98bf7d8c=ereg_replace('&('.$V89735695.')([^0-9a-zA-Z_])','&'.$V68920240.'2', $V98bf7d8c);$V98bf7d8c=ereg_replace('->('.$V89735695.')([^0-9a-zA-Z_])','->'.$V68920240.'2', $V98bf7d8c);$V98bf7d8c=ereg_replace('($GLOBALS)([ 	]*)([)([ "'	]*)'.$V89735695.'([ "'	]{1,3})(])', '134'.$V68920240.'56',$V98bf7d8c);}}}


78 | if ($V0981e6bd) {foreach( $V4cb73b6b as $V89735695 => $V68920240 ) {$V98bf7d8c=ereg_replace("([^a-zA-Z0-9_$])(".$V89735695.")([^a-zA-Z0-9_])","1".$V68920240."3", $V98bf7d8c);}}if ($V4dd4189a) {$V98bf7d8c=ereg_replace("[	 ]*", "", $V98bf7d8c);}if ($Va7a918c1) {$V98bf7d8c=ereg_replace("[	 ]{1,2}//[^]*", "", $V98bf7d8c);$V98bf7d8c=ereg_replace("[	 ]*//[^]*", "", $V98bf7d8c);}if ($Vcb30d890) {$V98bf7d8c=ereg_replace("([{};:])[ 	]*", "1", $V98bf7d8c);}$V98bf7d8c=ereg_replace("{2,20}", "", $V98bf7d8c);


79 | $Vce55aa86=fopen($V693ed254, "w");$V809d8809=fwrite($Vce55aa86, $V98bf7d8c);fclose ($Vce55aa86);clearstatcache();$GLOBALS["V048f0047"]+=filesize($V693ed254);}


80 | function Ff5e16527($Vd92ddbd1, $V5872d9a7="", $V67435345="FFF0D0") {global $Vf4c91239;echo "<br><br>".$V5872d9a7.":<br>";echo "<TABLE BORDER=1 BGCOLOR=#".$V67435345.">".C9c3b8e37;$V8464e43c=0;foreach( $Vd92ddbd1 as $V89735695 => $V68920240 ) {$V8464e43c++;echo C00529ab2.$V89735695."<br>".$V68920240.Cdabce349;if (($V8464e43c%$Vf4c91239)==0) echo Cd742068d.C9c3b8e37;}echo Cd742068d.C6faee0d5;flush();}


81 | function F85580fcb() {global $V5c642867;$Vbe9942a7=strtolower(get_cfg_var("safe_mode"));if (!$Vbe9942a7) set_time_limit($V5c642867);else echo "<b><FONT COLOR=orange>Warning: SafeMode is on. Can not set timeout.</b></FONT><br>";}


82 | ?>


83 | </BODY>


84 | </HTML>


85 | 


88 | 

89 | 

90 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/faq.htm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Eccenux/POBS/1ab9c2f104756cee31210e7634bf29cf4713e4a7/doc/faq.htm


--------------------------------------------------------------------------------
/doc/gettingstarted.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Getting started
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
48 | 
49 | 

13 | 
Getting started

14 | Installing POBS is as easy as I could think of. Just unzip the file pobs.zip and put it a directory that's accessible by your webserver. POBS is a collection of files in just 1 directory. The documentation is spread over 2 directories.


15 | 


16 | Before executing POBS you are advised to read the manual that is provided through this website. Also check the settings in pobs-ini.inc and adjust them to suit your needs. When you run POBS for the first time, you should at least adjust the $SourceDir and the $TargetDir variables.


17 | 


18 | If you have a large amount of PHP source to be POBSed, check your php.ini and see whether it runs in "Safe mode". If it does, POBS can not adjust the timeout setting as indicated in pobs-ini.inc and the processing might be terminated before POBS has finished the replacement of all your PHP codefiles. You might need to restart your webserver after adjusting the php.ini file.


19 | 


20 | After having checked everything and having adjusted the settings in pobs-ini.inc you point your browser to pobs.php and press <Enter>. You will see something like the screen below.


21 | 


22 | 

23 | Start modestly
If you run POBS for the first time you are adviced to turn $ReplaceVariables off by setting it "FALSE"; That way you have a bigger chance your program still works after being POBSed and if not you can more easily debug it.


24 | 


25 | $ReplaceFunctions=TRUE;


26 | $ReplaceConstants=TRUE;


27 | $ReplaceVariables=FALSE;


28 | 


29 | I strongly advise you to turn the variables below off. You should turn them on only after you made sure your application works fine with functions, constants and variables already replaced.


30 | 


31 | $RemoveIndents=FALSE;


32 | $RemoveComments=FALSE;


33 | $ConcatenateLines=FALSE;


34 | 

35 | 

36 | 


37 | Click on "Start scanning and replacing" and POBS will start working.


38 | 


39 | While processing POBS will give you information about:


40 | 
    
41 | 
42 | 
  • scanned files

    
43 | 
  • found variables, constants and functions

    
44 | 
  • the time needed to process them

    
45 | 
  • excluded variables

    
46 | 
  • variables found that are consistent with the wildcard variables. I.e. params_xyz is excluded because params_* is listed as an exclude variable.

    
47 | 


50 | 

51 | 

52 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/guestbook.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Guestbook
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
59 | 
60 | 

13 | 
Guestbook

14 | Let me know what you think of POBS and / or this site and add to this guestbook.


15 | 

16 | 

17 | 
18 | 
19 | 
20 | 
21 | 
22 | 
24 | 
26 | 
27 | 
28 | 
30 | 
32 | 
33 | 
34 | 
36 | 
38 | 
39 | 
40 | 
42 | 
44 | 
45 | 
46 | 
48 | 
50 | 
51 | 
52 | 
55 | 
56 | 
Guestbook form

23 | Name
25 | 

29 | Email
31 | 

35 | Homepage
37 | 

41 | Location
43 | 

47 | Text
49 | 


53 |     
54 | 

57 | 

58 | 

61 | 

62 | 

63 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/header.html:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | POBS - PHP Obfuscator Header
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 


--------------------------------------------------------------------------------
/doc/index.html:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | POBS - PHP Obfuscator
 6 | 
 7 | 
 8 | 
 9 | 
10 |   
11 |   
12 |    
13 |    
14 |   
15 | 
16 | 
17 | 


--------------------------------------------------------------------------------
/doc/links.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Links
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
33 | 
34 | 

13 | 
Links

14 | POBS is not proclaimed to be an ideal solution for securing your intellectual property. Below are some links to other options.


15 | 

16 | Zend
 Zend  provides many tools for PHP programmers. It also maintains the PHP sourcecode. It's tools are closed-source and have a pricetag. Most of them, that is.


17 | 


18 | 

19 | Microcode
 Microcode PHP encoder This German company has released a free and open competitor to Zend Encoder in august 2001. Check it out. I wonder whether is works together with APC. Maybe they can team up.


20 | 


21 | 

22 | APC
 APC Alternative PHP Cache. Useful stuff to speed up (large) PHP applications.


23 | 


24 | 

25 | BWCache
 Afterburner BWCache works with Win32.


26 | 


27 | 

28 | GNU
POBS is licensed under GPL


29 |  GNU - Free Software Foundation The GNU Project was launched in 1984 to develop a complete Unix-like operating system which is free software: the GNU system. (GNU is a recursive acronym for ``GNU's Not Unix''; it is pronounced "guh-NEW".) Variants of the GNU operating system, which use the kernel Linux, are now widely used; though these systems are often referred to as ``Linux'', they are more accurately called GNU/Linux systems.


30 | 


31 | 


32 | 

35 | 

36 | 

37 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/menubg2.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Eccenux/POBS/1ab9c2f104756cee31210e7634bf29cf4713e4a7/doc/menubg2.gif


--------------------------------------------------------------------------------
/doc/mnu-1.html:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Menu
 5 | 
 6 | 
14 | 
15 | 
16 | 
17 | 
18 | 
19 | 
21 | 
22 | 
23 | 
26 | 
27 | 
28 | 
31 | 
32 | 
33 | 
36 | 
37 | 
38 | 
41 | 
42 | 
43 | 
46 | 
47 | 
48 | 
51 | 
52 | 
53 | 
56 | 
57 | 
58 | 
61 | 
62 | 
65 | 
66 | 
67 | 
70 | 
71 | 
72 | 
75 | 
76 | 
77 | 
80 | 
81 | 
82 | 
85 | 
86 | 

20 | 

24 | 
25 | Home

29 | 
30 | How it works

34 | 
35 | Example

39 | 
40 | Advantages

44 | 
45 | Disadvantages

49 | 
50 | FAQ

54 | 
55 | Codingtips

59 | 
60 | Debug Tips

63 | 
64 | Settings

68 | 
69 | Getting started

73 | 
74 | Todo

78 | 
79 | Links

83 | 
84 | Contact

87 | 
88 | 
89 | 


--------------------------------------------------------------------------------
/doc/news.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Eccenux/POBS/1ab9c2f104756cee31210e7634bf29cf4713e4a7/doc/news.gif


--------------------------------------------------------------------------------
/doc/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Eccenux/POBS/1ab9c2f104756cee31210e7634bf29cf4713e4a7/doc/screenshot.png


--------------------------------------------------------------------------------
/doc/screenshotsmall.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Eccenux/POBS/1ab9c2f104756cee31210e7634bf29cf4713e4a7/doc/screenshotsmall.png


--------------------------------------------------------------------------------
/doc/settings.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Settings
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
68 | 
69 | 

13 | 
Settings
The file pobs-ini.inc controls many aspects of POBS behavior. POBS will try to include it and looks for it in the current working directory.


14 | Instead of a real "ini-file" it's just a plain PHP scriptfile. It is assumed you are familiar with PHP code syntax if you use PHP Obscure so configuring this file won't give you too much trouble.


15 | 


16 | 

17 | Replace selectively
When you first use POBS you are advised to NOT replace variables immediately. Just replace functions and constants first and see whether your program still runs properly. If it does, you might want to replace variables as well.


18 | 


19 | $ReplaceFunctions=TRUE;


20 | $ReplaceConstants=TRUE;


21 | $ReplaceVariables=FALSE;


22 | 

23 | Exclude variables, constants or functions
You probably want to exclude certain variables. This is particularly helpful when you make use of these variables in your Query_String I.e.: http://www.domain.com/phpprogram.php?uid=234&action=select.


24 | In this particular example you might need ( I do strongly recommend it) to add at least "uid" and "action" to $UdExcVarArray in order to keep your program running properly. It also prevents your URLs from appearing extraterrestrial)  Do NOT use the dollar sign to indicate the name of a variable in this array. The names of the variables, constants and functions are case sensitive (which should go without saying since PHP is case-sensitive too.)


25 | 


26 | My advice would be to use a naming convention for all QUERY_STRING parameters. Personally I use variablenames like "PA" and "POR" in the QUERY_STRING so that they can easily be dealt with and can easily be excluded from being replaced by POBS (by adding them to $UdExcVarArray).


27 | 


28 | $UdExcVarArray=array("Dummy Entry","var1","var2","var3","params_*","whc_*");


29 | $UdExcConstArray=array('Dummy Entry',"FRAMESET");


30 | $UdExcFuncArray=array('Dummy Entry', "CheckValue");


31 | 


32 | Do not remove the Dummy Entry since it may result in bad breath and other nasty things.


33 | 

34 | Predefined PHP Variables
It is essential that POBS does not replace Predefined PHP Variables. These variables are included in the $StdExcVarArray. Since newer versions of PHP can have new predefined variables you might add these yourself.


35 | 


36 | It is adviced not to delete entries from $StdExcVarArray as it may result in a none-working program. To keep things tidy it is advised to only add new entries which are clearly predefined PHP variables.


37 | 


38 | For adding your own excluded variables it is recommended to edit $UdExcVarArray


39 | 

40 | Source and target directories
Before running POBS for the first time your need to change both directories to your liking. POBS will not create the directories for you in case they don't exist.


41 | The program will not run in case source and target directory are identical. Make sure the source directory is read enabled and the target directory is write enabled. Directories are case-SENSITIVE (Well, not on Win32, that is)


42 | 


43 | $SourceDir="/application/php";


44 | $TargetDir="/application/phpcrypt";


45 | 

46 | Remove comments and indents and returns
To further obscure your sourcecode you can remove the comments and indents. This should only be done in the end, when you have replaced variables, functions and constants and are certain your obfuscated code works.


47 | 


48 | $RemoveComments=FALSE;


49 | $RemoveIndents=FALSE;


50 | $ConcatenateLines=FALSE;


51 | 


52 | The concatenation of lines can create problems when used with inline Javascript or inline HTML with the <pre> tag used.


53 | 


54 | function JsCheckField() {


55 | var1="x"


56 | var2="y"


57 | }


58 | 


59 | In the example above, concatenation will lead to a malfunctioning Javascript function.


60 | 


61 | function JsCheckField() {var1="x"var2="y"}


62 | 


63 | To avoid this you can:
    

    
64 | 
  1. Turn concatenation off

    
65 | 
  2. End every javascript codeline with ';"

    
66 | 
  3. echo Javascript like: echo "function JsCheckField() {n";

    
67 | 


70 | 

71 | 

72 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/start.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Home
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
44 | 
45 | 

13 | 
14 | 
Home

15 | 

16 | This documentation is dated: November 8th 2001
17 | 

18 | 

19 | 
20 | News! Version 0.91 released!
    
21 | 
22 | 
  • Support for objects

    
23 | 
  • Much faster

    
24 | 
  • Replacement of edited files only

    
25 | 
  • Bugfix with $UdExcFuncArray


26 | Hand over the code and still sleep well
POBS stands for PHP Obfuscator/Obscurer. It is a free and open PHP program that makes PHP sourcecode almost impossible to read and edit for normal humans. It is a simple way to protect your PHP sourcecode from people who would like to adjust it or who would like to know its workings. Now you can deploy your application and feel pretty safe about it.


27 | 

28 | How it works
POBS works by replacing User-defined functionnames, variables and constants with a MD5 key of 8 characters. It really removes information that humans would like to have but computers don't care about. It's not ideal but quite a good option in my idea.


29 | 

30 | Advantages
    
31 | 
32 | 
  • No libraries or decoders needed for deployment

    
33 | 
  • Irreversible encoding

    
34 | 
  • Hard to reverse-engineer (for humans and/or machines)

    
35 | 
  • Cross-platform, cross PHP version

    
36 | 
  • Open Source, so it can be adjusted to your own needs

    
37 | 
  • Works seamlessly with PHP cachers like APC and ZEND Cache

    
38 | 
  • Works with Zend Encoder (although you probably don't need it anymore)

39 | 
40 | 

41 | Share your experiences and thoughts
In order to make POBS more userfriendly, secure and feature rich, you are invited to share your experiences with us. You can use the guestbook or email.


42 | 

43 | 

46 | 

47 | 

48 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/style.css:
--------------------------------------------------------------------------------
 1 | body { font-family: georgia, Verdana, sans serif;font-size:10pt;  }
 2 | 
 3 | td { font-family: georgia, Verdana, sans serif;font-size:10pt;  vertical-align: top; }
 4 | 
 5 | ol { font-family: georgia, Verdana, sans serif;font-size:10pt;  }
 6 | 
 7 | ul { font-family: georgia, Verdana, sans serif;font-size:10pt;  }
 8 | 
 9 | form { font-family: georgia, Verdana, sans serif;font-size:10pt;  }
10 | 
11 | h1 { font-family: georgia, Verdana, sans serif; font-size: 16pt; font-weight: bold; }
12 | 
13 | A:visited { font-family: georgia, Verdana, sans serif;font-size:10pt;  color: #00779E; text-decoration: none; }
14 | 
15 | A:link { font-family: georgia, Verdana, sans serif;font-size:10pt;  color: #1E2A63; text-decoration: none; }
16 | 
17 | A:hover { font-family: georgia, Verdana, sans serif;font-size:10pt;  color: #0069B3; text-decoration: none; }
18 | 
19 | .normaal { font-family: georgia, Verdana, sans serif;font-size:10pt;  }
20 | 
21 | .bodypage { font-family: georgia, Verdana, sans serif;font-size:10pt;  background : FFFFFF; }
22 | 
23 | 


--------------------------------------------------------------------------------
/doc/stylemenu.css:
--------------------------------------------------------------------------------
 1 | body { font-family: georgia, Verdana, sans serif; font-size: 10pt; }
 2 | 
 3 | td { font-family: georgia, Verdana, sans serif; font-size: 10pt; vertical-align: top; }
 4 | 
 5 | A:visited { font-family: georgia, Verdana, sans serif; font-size: 10pt; color: #00779E; text-decoration: none; }
 6 | 
 7 | A:link { font-family: georgia, Verdana, sans serif; font-size: 10pt; color: #1E2A63; text-decoration: none; }
 8 | 
 9 | A:hover { font-family: georgia, Verdana, sans serif; font-size: 10pt; color: #00779E; text-decoration: none; }
10 | 
11 | .menuheader{ text-align: center; font-weight: bold; font-size: 12pt; margin-top : 1px; color: #000000; }
12 | 
13 | 


--------------------------------------------------------------------------------
/doc/tips.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Debug Tips
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
34 | 
35 | 

13 | 
Debug Tips
The downside of POBS is that it won't guarantee that your code will work properly. Another is that you might have to adjust your code to get it working. I must say though that many of the coding adjustments that I suggest are actually good (and normal) coding practices.


14 | 


15 | The good thing is that I can tell you where you have to adjust your code.


16 | 


17 | In my case I had almost 300 Kb of PHP code before I started designing POBS. It took me a while to adjust my code to get it working properly after being processed by POBS. If your program doesn't work properly after been POBSed, here is some debugging advice.


18 | 


19 | 

20 | Debugging
After using POBS you might want to check whether your program still works properly. If it doesn't you need to debug.


21 | 


22 | In the PHP - includefile named "pobs-ini.inc" you can indicate if you like POBS to concatenate lines and to remove indents. If you set them to FALSE you will be able to more easily read the obfuscated code and see where things have gone wrong.


23 | 


24 | $RemoveComments=TRUE;


25 | $RemoveIndents=FALSE;


26 | $ConcatenateLines=FALSE;


27 | 


28 | In order to debug you want to know if the problem lies with the replacement of variables, functions or constants. Normally, variables give the most problems since a scripting language like PHP allows you to declare them very dynamically (think for instance of $$Var or the PHP function "parse_str"). So you want to continue more modestly and turn the replacement of variables, constants and functions on and off. That way it's easier to conclude where your code causes problems.


29 | 


30 | $ReplaceFunctions=TRUE;


31 | $ReplaceConstants=FALSE;


32 | $ReplaceVariables=FALSE;


33 | 

36 | 

37 | 

38 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/todo.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | Todo
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
25 | 
26 | 

13 | 
Todo

14 | POBS is a work in progress and it will progress faster with userinput from people like you. My goal is to offer a tool which would be easy to use for the average user and would be foolproof for the average kind of PHP code (would require few codeline adjustments).


15 | 


16 | Here is my wishlist for versions after 0.91:


17 | 
    
18 | 
19 | 
  •  Give hints and tips about dubious codelines after scanning PHP code. I.e. alert when setcookie function is called in script.

    
20 | 
  •  Enhance POBS so that it deals with "problem codinglines" in a more secure way.  I.e. if a parameter is passed to a function with "var1=3&var2=4" POBS could notice that the first parameter (var1) has no preceding ampersand but should be replaced just like "var2". Also the first parameter of the setcookie function can be replaced so that cookies do not have to be treated as excluded variables anymore.

    
21 | 
  •  Write a proper reportfile (Although you can already print and save the HTML output generated by POBS.

22 | 
23 | If you have wishes yourself concerning POBS, please let me know.


24 | 

27 | 

28 | 

29 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/doc/workings.htm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | How it works
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
34 | 
35 | 

13 | 
How it works

14 | Replace names
POBS replaces user-defined (NOT predefined) functions, constants and variables with a MD5 key of 8 characters. (It doesn't use MD5 keys of 32 bytes, which is standard, since that would increase the size of your sourcecode). 8 bytes seems enough to give each functions or variable its unique name. MD5 is not reversible.


15 | 


16 | The first letter of the new functionname is a "F", of a variable a "V" and of a constant a "C"


17 | 


18 | The function with name MakeImageHtml is replaced by Fee2c1bdc


19 | The variable $ImgText is replaced by $V1d9d94a6


20 | The constant USERDIR is replaced by C389a367e


21 | 

22 | Futher obscuring
In addition, POBS can be instructed to concatenate lines and remove comments and indents. These are not irreversible since a person can write a program to add indents and returns. But it really makes a mess of your code and therefore furtherly discourages many wouldbe hackers from trying to reverse-engineer your code.


23 | 

24 | Exclude stuff
POBS allows you to indicate which user-defined variables, constants and functions need to be excluded from replacing. In the settings file "pobs-ini.inc" you can add these names to the arrays $UdExVarArray, $UdExcConstArray and $UdExcFuncArray. Do NOT use dollarsigns here.


25 | 


26 | In $UdExVarArray you are allowed to use wildcards in the form of an asterix (*) at the end of each variablename. I.e. params_* will exclude params_type, params_address and params_name. So if you name your variables to a certain convention you can easily and securely exclude them by group. This way you don't have to be afraid you forgot to add it to the array in case you added a new variable to your code.


27 | 

28 | Process
POBS consists of 2 major processes.


29 | 


30 | 1. POBS first scans all the files with the file-extensions allowed in the sourcedirectory. While scanning, it makes a list of userdefined variables, functions and constants it has located in your sourcecode


31 | 


32 | 2. POBS now knows which ones it should replace and starts writing new files in the target directory.


33 | 

36 | 

37 | 

38 | 
Walhalla Publicaties (c) 2001



--------------------------------------------------------------------------------
/example/someClass.php:
--------------------------------------------------------------------------------
  1 | 
  6 | Vc6cafee7))
 24 | { throw new Exception('pv_aliasNames2colNames is empty');
 25 | } $this->V71f7be02= array_flip($this->Vc6cafee7);
 26 | }
 27 | private function F4ce4015e($Vdf6eeb13)
 28 | { if (isset($this->Vc6cafee7[$Vdf6eeb13]))
 29 | { return $this->Vc6cafee7[$Vdf6eeb13];
 30 | } return $Vdf6eeb13;
 31 | } 
 32 | private function Fe940998f($V7e287edc)
 33 | { if (isset($this->V71f7be02[$V7e287edc]))
 34 | { return $this->V71f7be02[$V7e287edc];
 35 | } return $V7e287edc;
 36 | } 
 37 | private function F42858f10($Vdf6eeb13)
 38 | { $V8193fdf0 = '';
 39 | $V7e287edc = $this->F4ce4015e($Vdf6eeb13);
 40 | $Vbccbf69d = array();
 41 | if (preg_match('#(.+?)\.(.+)#', $V7e287edc, $Vbccbf69d))
 42 | { $V8193fdf0 = $Vbccbf69d[1];
 43 | $V7e287edc = $Vbccbf69d[2];
 44 | } return array(
 45 | 'tbl' => $V8193fdf0,
 46 | 'col' => $V7e287edc
 47 | );
 48 | } 
 49 | private function Fd0475041($V3ba4cf23, $Vd75b70be=array())
 50 | { $V2bf298f9 = array();
 51 | if (!empty($V3ba4cf23))
 52 | { foreach ($V3ba4cf23 as $Vf71a2b7d => &$V94309e6b)
 53 | {
 54 | if (!empty($Vd75b70be) && in_array($Vf71a2b7d, $Vd75b70be))
 55 | { continue;
 56 | }
 57 | $V94309e6b = $this->Fdd854504($Vf71a2b7d, $V94309e6b);
 58 | $Vaeb948e0 = $this->F42858f10($Vf71a2b7d);
 59 | $V8193fdf0 = $Vaeb948e0['tbl'];
 60 | $Vae1d8f33 = $Vaeb948e0['col'];
 61 | unset($Vaeb948e0);
 62 | if (!isset($V2bf298f9[$V8193fdf0]))
 63 | { $V2bf298f9[$V8193fdf0] = array();
 64 | } $V2bf298f9[$V8193fdf0][$Vae1d8f33] = $V94309e6b;
 65 | } } return $V2bf298f9;
 66 | }
 67 | protected function F71555a34($V3ba4cf23, $Vd75b70be=array(), $V5d5ce40a=true)
 68 | { $V2bf298f9 = array();
 69 | if (!empty($V3ba4cf23))
 70 | { foreach ($V3ba4cf23 as $Vf71a2b7d => &$V94309e6b)
 71 | {
 72 | if (!empty($Vd75b70be) && in_array($Vf71a2b7d, $Vd75b70be))
 73 | { continue;
 74 | }
 75 | $V61f65f3c = '=';
 76 | if (is_array($V94309e6b))
 77 | {
 78 | if (!isset($V94309e6b[0]) || !isset($V94309e6b[1]) || !preg_match('#^([<>=!RLIKE ]+|IN|NOT IN|IS|IS NOT)$#', $V94309e6b[0]))
 79 | { continue;
 80 | } $V61f65f3c = $V94309e6b[0];
 81 | $V94309e6b = $V94309e6b[1];
 82 | }
 83 | if ($V61f65f3c == 'IN' || $V61f65f3c == 'NOT IN')
 84 | { $V94309e6b = $this->F6407631e($Vf71a2b7d, $V94309e6b);
 85 | } else
 86 | { $V94309e6b = $this->Fdd854504($Vf71a2b7d, $V94309e6b);
 87 | } $V7e287edc = $this->F4ce4015e($Vf71a2b7d);
 88 | if ($V5d5ce40a)
 89 | { if ($V61f65f3c == 'IN' || $V61f65f3c == 'NOT IN')
 90 | { $V2bf298f9[] = $V7e287edc.' '.$V61f65f3c.' ('.$V94309e6b.')';
 91 | } elseif ($V61f65f3c == 'IS' || $V61f65f3c == 'IS NOT')
 92 | { $V2bf298f9[] = $V7e287edc.' '.$V61f65f3c.' NULL';
 93 | } elseif (is_string($V94309e6b))
 94 | { $V2bf298f9[] = $V7e287edc.' '.$V61f65f3c.' \''.$V94309e6b.'\'';
 95 | } else
 96 | { $V2bf298f9[] = $V7e287edc.' '.$V61f65f3c.' '.$V94309e6b.'';
 97 | } } else
 98 | { $V2bf298f9[] = $V7e287edc.' LIKE \''.$V94309e6b.'\'';
 99 | } } } return $V2bf298f9;
100 | } 
101 | protected function F0be0c9c1($Vdb64e12f, $Vd75b70be=array(), $V5d5ce40a=true)
102 | { $Vaaebcfff = $this->F71555a34($Vdb64e12f, $Vd75b70be, $V5d5ce40a);
103 | if (!empty($Vaaebcfff))
104 | { $V4ecc28f5='WHERE (' . implode(') AND (', $Vaaebcfff) .')';
105 | } else
106 | { $V4ecc28f5='';
107 | } return $V4ecc28f5;
108 | } 
109 | protected function F8798a4a9($V4ba49586, $Vd75b70be=array())
110 | { $Vcdbd1ded = $this->F71555a34($V4ba49586, $Vd75b70be);
111 | if (!empty($Vcdbd1ded))
112 | { $V5f3968da='SET ' . implode(', ', $Vcdbd1ded);
113 | } else
114 | { $V5f3968da='';
115 | } return $V5f3968da;
116 | } 
117 | protected function Ff56b3f7f($V4ba49586, $Vd75b70be=array())
118 | { $Vb235b783 = $this->Fd0475041($V4ba49586, $Vd75b70be);
119 | $V25fe9a70 = array();
120 | if (!empty($Vb235b783))
121 | { foreach ($Vb235b783 as $V8193fdf0=>$Vbc1e6e5e)
122 | { $V25fe9a70[$V8193fdf0] = array(
123 | 'keys'=>array(),
124 | 'vals'=>array(),
125 | );
126 | foreach ($Vbc1e6e5e as $Vf71a2b7d=>$V94309e6b)
127 | { $V25fe9a70[$V8193fdf0]['keys'][] = $Vf71a2b7d;
128 | $V25fe9a70[$V8193fdf0]['vals'][] = $V94309e6b;
129 | } $V25fe9a70[$V8193fdf0]['vals'] = "VALUES ('". implode("', '", $V25fe9a70[$V8193fdf0]['vals']) ."')";
130 | $V25fe9a70[$V8193fdf0]['keys'] = '('.$this->Vbf1d4eff
131 | . implode($this->V062f067e.', '.$this->Vbf1d4eff, $V25fe9a70[$V8193fdf0]['keys'])
132 | . $this->V062f067e.')';
133 | } } return $V25fe9a70;
134 | } 
135 | protected function F8a2ce552($V995dc27a, $Vd75b70be=array())
136 | { $V52d6f3b1 = array();
137 | foreach ($V995dc27a as $Vdf6eeb13)
138 | {
139 | if (!empty($Vd75b70be) && in_array($Vdf6eeb13, $Vd75b70be))
140 | { continue;
141 | }
142 | if (isset($this->Vc6cafee7[$Vdf6eeb13]))
143 | { $V7e287edc = $this->Vc6cafee7[$Vdf6eeb13];
144 | $V52d6f3b1[] = "$V7e287edc as '$Vdf6eeb13'";
145 | } } if (empty($V52d6f3b1))
146 | { $V52d6f3b1 = '';
147 | } else
148 | { $V52d6f3b1 = implode(', ', $V52d6f3b1);
149 | } return $V52d6f3b1;
150 | }
151 | protected function Fdd854504($Vdf6eeb13, $V94309e6b)
152 | { if (!is_integer($V94309e6b))
153 | { if (!empty($this->V4bdda913) && array_search($Vdf6eeb13, $this->V4bdda913)!==false)
154 | { $V94309e6b = intval($V94309e6b);
155 | } else
156 | { $V94309e6b = mysql_real_escape_string($V94309e6b);
157 | } } return $V94309e6b;
158 | } 
159 | private function F6407631e($Vdf6eeb13, $V94309e6b)
160 | { if (!is_array($V94309e6b))
161 | { $V94309e6b = explode(',', $V94309e6b);
162 | } $V7979ddd7 = array();
163 | foreach ($V94309e6b as $v)
164 | { $v = $this->Fdd854504($Vdf6eeb13, $v);
165 | if (is_string($v))
166 | { $v = '\''.$v.'\'';
167 | } $V7979ddd7[] = $v;
168 | } return implode(',', $V7979ddd7);
169 | } 
170 | protected function F01892f00(&$V31e2122f, $V9289ac9b)
171 | { $V31e2122f = strtr($V31e2122f, array($this->V77d3e4dc=> $V9289ac9b));
172 | } 
173 | private function F018065a9($V652f0465)
174 | { $this->sql = $V652f0465;
175 | $this->msg = mysql_error();
176 | trigger_error("\nSQL error: {$this->msg}\nSQL:{$this->sql}\n", E_USER_ERROR);
177 | }
178 | protected function F8ac2c982(&$Vedc28599, $V652f0465, $Vd1df70ec = false)
179 | { $V62934996 = mysql_query($V652f0465);
180 | if ($V62934996==false)
181 | { $this->F018065a9($V652f0465);
182 | return false;
183 | } if (empty($this->V4bdda913) || $Vd1df70ec)
184 | { while ($row = mysql_fetch_array($V62934996, MYSQL_ASSOC))
185 | { $Vedc28599[] = $row;
186 | } } else
187 | { while ($row = mysql_fetch_array($V62934996, MYSQL_ASSOC))
188 | { foreach ($row as $Vdf6eeb13=>&$val)
189 | { if (array_search($Vdf6eeb13, $this->V4bdda913)!==false)
190 | { $row[$Vdf6eeb13] = intval($row[$Vdf6eeb13]);
191 | } } $Vedc28599[] = $row;
192 | } } mysql_free_result ($V62934996);
193 | return true;
194 | } 
195 | protected function Fac5546b9($V652f0465)
196 | { $V62934996 = mysql_query($V652f0465);
197 | if ($V62934996==false)
198 | { $this->F018065a9($V652f0465);
199 | return false;
200 | } return mysql_affected_rows();
201 | } 
202 | protected function F849f9f5d()
203 | { return mysql_insert_id();
204 | }
205 | protected function F1bf8b4f1(&$V4ba49586)
206 | { } 
207 | protected function F21375b94(&$V4ba49586)
208 | { } 
209 | public function F606b94b2(&$Vedc28599, $V14bd4c8f, $Vdb64e12f=array())
210 | { $Vedc28599 = array();
211 | if (empty($this->V834aacdd) || !isset($this->V834aacdd[$V14bd4c8f]))
212 | { $this->msg = 'Unknown template';
213 | return 0;
214 | } $V652f0465 = $this->V834aacdd[$V14bd4c8f];
215 | $V567b024c = '#\{(?:pv_constraints|pv_ograniczenia)(\|([\s\S]+?))?\}#';
216 | $V7e707a32 = array();
217 | if (preg_match($V567b024c, $V652f0465, $V7e707a32))
218 | { $V4ecc28f5 = $this->F0be0c9c1($Vdb64e12f);
219 | $Vcab7b8f3 = '';
220 | if (!empty($V4ecc28f5))
221 | { $Vcab7b8f3 = preg_replace('#^WHERE\s+(.+)$#', '($1)', $V4ecc28f5);
222 | }
223 | else if (count($V7e707a32)>2)
224 | { $Vcab7b8f3 = $V7e707a32[2];
225 | }
226 | $V652f0465 = preg_replace($V567b024c, $Vcab7b8f3, $V652f0465);
227 | } 
228 | $this->F8ac2c982($Vedc28599, $V652f0465);
229 | if (!empty($Vedc28599))
230 | { return 1;
231 | } else
232 | { return 0;
233 | } } 
234 | public function Fa7fb9317($V4ba49586)
235 | { if (empty($this->V36c712da))
236 | { throw new Exception("Tabel name is empty");
237 | }   
238 | $this->F1bf8b4f1($V4ba49586);
239 | $V25fe9a70 = $this->Ff56b3f7f($V4ba49586, $this->Ve9d65212);
240 | $sql = "INSERT INTO {$this->V36c712da} {$V25fe9a70['']['keys']} {$V25fe9a70['']['vals']}";
241 | $Vd1b7dd14 = $this->Fac5546b9($sql);
242 | if ($Vd1b7dd14==0)
243 | { $this->msg = 'DB error while inserting record!';
244 | return 0;
245 | } return 1;
246 | } 
247 | public function Fc5660b2b($Vdb64e12f=array(), $V5d5ce40a=true)
248 | { if (empty($this->V36c712da))
249 | { throw new Exception("Table name is empty");
250 | }   
251 | $V4ecc28f5 = $this->F0be0c9c1($Vdb64e12f, array(), $V5d5ce40a);
252 | $sql = "DELETE
253 | FROM {$this->V36c712da} $V4ecc28f5"
254 | ;
255 | $Vd1b7dd14 = $this->Fac5546b9($sql);
256 | if ($Vd1b7dd14===false)
257 | { $this->msg = 'DB error while deleting record(s)!';
258 | return 0;
259 | } return 1;
260 | } 
261 | public function F6e07282d($V4ba49586, $Vdb64e12f=array(), $Vd75b70be=array(), $V5d5ce40a=true)
262 | { if (empty($this->V36c712da))
263 | { throw new Exception("Table name is empty");
264 | }   
265 | $this->F21375b94($V4ba49586);
266 | $V4ecc28f5 = $this->F0be0c9c1($Vdb64e12f, array(), $V5d5ce40a);
267 | $V5f3968da = $this->F8798a4a9($V4ba49586, $Vd75b70be);
268 | $sql = "UPDATE {$this->V36c712da} $V5f3968da
269 | $V4ecc28f5"
270 | ;
271 | $Vd1b7dd14 = $this->Fac5546b9($sql);
272 | if ($Vd1b7dd14===false)
273 | { $this->msg = 'DB error while updating record(s)!';
274 | return 0;
275 | } return 1;
276 | } 
277 | public function F633c953d(&$Vedc28599, $V995dc27a=array(), $Vdb64e12f=array(), $V5d5ce40a=true)
278 | { if (empty($this->V36c712da))
279 | { throw new Exception("Table name is empty");
280 | } $Vedc28599 = array();
281 | $V4ecc28f5 = $this->F0be0c9c1($Vdb64e12f, array(), $V5d5ce40a);
282 | $V3b215a83 = empty($this->V2b847bec) ? "" : $this->V2b847bec;
283 | if (empty($V995dc27a))
284 | { $V995dc27a = array_keys($this->Vc6cafee7);
285 | } $Vf668e29f = $this->F8a2ce552($V995dc27a);
286 | $sql = "SELECT $Vf668e29f
287 | FROM {$this->V36c712da} $V4ecc28f5
288 | $V3b215a83"
289 | ;
290 | $this->F8ac2c982($Vedc28599, $sql);
291 | return !empty($Vedc28599) ? 1 : 0;
292 | }
293 | } ?>


--------------------------------------------------------------------------------
/inc/dirUtils.php:
--------------------------------------------------------------------------------
  1 |  '__', '/'	 => '__', '..' => '_', ':'	 => '_'));
 29 | 		}
 30 | 		else
 31 | 		{
 32 | 			$f = strtr($f, array('\\' => '/', '..' => '_', ':'	 => '_'));
 33 | 			$f = trim($f, '/');
 34 | 		}
 35 | 		return $f;
 36 | 	}
 37 | 
 38 | 	/**
 39 | 	 * Zwraca zawartość folderu jako tablicę względnych ścieżek.
 40 | 	 *
 41 | 	 * Działa jak scandir, ale pomija foldery techniczne i zwraca najpierw pliki.
 42 | 	 *
 43 | 	 * @param string $dir Pełna ścieżka folderu.
 44 | 	 * @return array
 45 | 	 */
 46 | 	public static
 47 | 			function pf_filteredScanDir($dir)
 48 | 	{
 49 | 		$pv_content = scandir($dir);
 50 | 		$pv_contentFiltered = array();
 51 | 		// files first
 52 | 		foreach ($pv_content as $pv_entry)
 53 | 		{
 54 | 			if ($pv_entry === '.' || $pv_entry === '..')
 55 | 			{
 56 | 				continue;
 57 | 			}
 58 | 			if (!is_dir($dir . self::DIRECTORY_SEPARATOR . $pv_entry))
 59 | 			{
 60 | 				$pv_contentFiltered[] = $pv_entry;
 61 | 			}
 62 | 		}
 63 | 		// dirs
 64 | 		foreach ($pv_content as $pv_entry)
 65 | 		{
 66 | 			if ($pv_entry === '.' || $pv_entry === '..')
 67 | 			{
 68 | 				continue;
 69 | 			}
 70 | 			if (is_dir($dir . self::DIRECTORY_SEPARATOR . $pv_entry))
 71 | 			{
 72 | 				$pv_contentFiltered[] = $pv_entry;
 73 | 			}
 74 | 		}
 75 | 		return $pv_contentFiltered;
 76 | 	}
 77 | 
 78 | 	/**
 79 | 	 * Łączy dwie ścieżki dodając między nimi seprator folderu w razie potrzeby.
 80 | 	 *
 81 | 	 * @note Jeśli $pathAppended zawiera literę dysku, to $path nie zostanie uwzględnione.
 82 | 	 *
 83 | 	 * @param string $path Ścieżka względna lub pełna.
 84 | 	 * @param string $pathAppended Ścieżka względna.
 85 | 	 * @return string
 86 | 	 */
 87 | 	public static
 88 | 			function pf_joinPaths($path, $pathAppended)
 89 | 	{
 90 | 		if (preg_match('#^[a-z]:#i', $pathAppended))
 91 | 		{
 92 | 			return $pathAppended;
 93 | 		}
 94 | 		$post = ltrim($pathAppended, self::DIRECTORY_SEPARATOR);
 95 | 		if (!empty($path)) // spr. path, żeby '\\' działało prawidłowo (czyli '\\' + 'blah' = '\\blah', ale '' + 'blah' = 'blah')
 96 | 		{
 97 | 			$pre = rtrim($path, self::DIRECTORY_SEPARATOR);
 98 | 			return $pre . self::DIRECTORY_SEPARATOR . $post;
 99 | 		}
100 | 		else
101 | 		{
102 | 			return $post;
103 | 		}
104 | 	}
105 | 
106 | 	/**
107 | 	 * Łączy dwie ścieżki dodając między nimi seprator folderu w razie potrzeby.
108 | 	 *
109 | 	 * @param string $path Ścieżka względna lub pełna.
110 | 	 * @param string $pathAppended Ścieżka względna.
111 | 	 * @return string
112 | 	 */
113 | 
114 | 	/**
115 | 	 * Usunięcie bazowej ścieżki z podanej ścieżki.
116 | 	 *
117 | 	 * @param string $pv_basePath Bazowa ścieżka (powinna być pełna).
118 | 	 * @param string $pv_path Ścieżka do oczyszczenia (powinna być pełna).
119 | 	 * @return string Względna ścieżka.
120 | 	 */
121 | 	public static
122 | 			function pf_removeBase($pv_basePath, $pv_path)
123 | 	{
124 | 		// ujednolicenie ukośników
125 | 		$pv_basePath = strtr($pv_basePath, '/', self::DIRECTORY_SEPARATOR);
126 | 		$pv_path = strtr($pv_path, '/', self::DIRECTORY_SEPARATOR);
127 | 		// usunięcie zakończeń
128 | 		$pv_basePath = rtrim($pv_basePath, self::DIRECTORY_SEPARATOR);
129 | 		$pv_path = rtrim($pv_path, self::DIRECTORY_SEPARATOR);
130 | 		// usunięcie bazy
131 | 		$pv_path = str_replace($pv_basePath, '', $pv_path);
132 | 		$pv_path = ltrim($pv_path, self::DIRECTORY_SEPARATOR);
133 | 		return $pv_path;
134 | 	}
135 | 
136 | }
137 | 
138 | ?>
139 | 


--------------------------------------------------------------------------------
/inc/requestUtils.php:
--------------------------------------------------------------------------------
 1 | 
64 | 


--------------------------------------------------------------------------------
/pobs-ini-copyright.txt:
--------------------------------------------------------------------------------
1 | /* ------------------------------------------------------------------------ *\
2 | 	Copyright 2007-2009 Your Company ltd. All rights reserved
3 | \* ------------------------------------------------------------------------ */


--------------------------------------------------------------------------------
/pobs-ini.inc.php:
--------------------------------------------------------------------------------
  1 |  '1',
 26 | 		'ReplaceFunctions' => '1',
 27 | 		'ReplaceVariables' => '1',
 28 | 		'RemoveComments' => '1',
 29 | 		'KeptCommentCount' => '0',
 30 | 		'RemoveIndents' => '1',
 31 | 		'ReplaceNewer' => 'on',
 32 | 		'RecursiveScan' => 'on',
 33 | 		'CopyAllFiles' => 'on',
 34 | 		'CopyrightPHP' => '1',
 35 | 		'CopyrightJS' => '1',
 36 | 		'OK' => 'Start processing',
 37 | 	);
 38 | 
 39 | 	// allow source and target paths to be relative only to current dir (or dir given below)
 40 | 	$AllowOnlySubDirs = true;
 41 | 	$SourceTargetDirsBase = "./io/";	// use "./" for base in pobs dir
 42 | 
 43 | 	$MinimumReplaceableVarLen = 4;	// all below this will not be replaced
 44 | 	$ReplaceVarsInTabsAndCookies = false;
 45 | 	$ReplaceVarsInNameField = false;
 46 | 	$CopyrightTextFromIni = 'pobs-ini-copyright.txt';
 47 | 	// get
 48 | 	if (!empty($CopyrightTextFromIni) && file_exists($CopyrightTextFromIni))
 49 | 	{
 50 | 		$CopyrightTextFromIni = file_get_contents($CopyrightTextFromIni);
 51 | 	}
 52 | 	else
 53 | 	{
 54 | 		$CopyrightTextFromIni = '';
 55 | 	}
 56 | 	//
 57 | 
 58 | 	// Nux: copyright replacement config (works only if NewCopyrightYear is passed with GET or POST)
 59 | 	$CopyrightYearPattern= "#(Copyright [0-9]+\-)([0-9]+)#";
 60 | 	$CopyrightYearReplacement= "\${1}%NewYear%";	// @note must containt "%NewYear%" for the replacement to work
 61 | 	// Nux: copyright replacement config : END
 62 | 
 63 |     $FontSize = 8;
 64 |     $TableColumns = 5;
 65 |     $TimeOut = 8000;
 66 |     $MaxFiles = 4000;       // Maximum of processed files
 67 |     $_POBSMaxRepeats = 100; // Maximum cycle repeats - protects against unlimited cycles in case
 68 |                             // of condition error
 69 | 
 70 |     // only files with defined extensions will be processed
 71 |     // if you want to process also files without any suffix, add "." to the array
 72 |     // example: $FileExtArray = array("php","php3","php4","php5","inc",".");
 73 |     $FileExtArray = array("php", "ee");
 74 |     
 75 |     // if JavaScript replacement is checked, then files with extensions 
 76 |     // specified below will be processed as well, and they will be considered 
 77 |     // to contain pure JavaScript code (no PHP tags)
 78 |     // this is useful if you have your JavaScript functions stored in an external files
 79 |     $JSFileExtArray = array("js");
 80 | 
 81 |     $StdExcFileArray = array('Dummy Entry',
 82 | 	);
 83 | 
 84 | 
 85 |     $LineExclude = '';  // do not obfuscate lines that contain specified patters
 86 |     // be careful using this pattern, dont specify any string that can be accidentally 
 87 |     // a part of some of your code. It is matched as a string, not as regular expression.
 88 |     // Also consider all the dependencies of non-obfuscated lines.
 89 |     // Example of use:
 90 |     // $LineExclude = '__POBS_EXCLUDE__';
 91 |     // then put comment containing __POBS_EXCLUDE__ to every line you dont want to obfuscate 
 92 |     // like: $val = myfunction($a, $b); // __POBS_EXCLUDE__ (this line wil be not obfuscated) 
 93 |     
 94 |     
 95 |     // javascript variables that should not be replaced
 96 |     $StdExcJSVarArray = array('Dummy Entry',
 97 | 		"value",
 98 | 		"selectedIndex",
 99 | 		"text",
100 | 		"name",
101 | 		"color",
102 | 		"style",
103 | 		"length",
104 | 		"selection",
105 | 		"new",
106 | 		"var",
107 | 		"editObject",
108 | 		"head",
109 | 		"base",
110 | 		"keywords",
111 | 		"description",
112 | 		"src",
113 | 		"cont",
114 | 		"html",
115 | 		"forms",
116 | 		"head",
117 | 		"row",
118 | 		"i",
119 | 		"j",
120 | 		"k",
121 | 		"title",
122 | 		"content",
123 | 		"type",
124 | 		"res_p",
125 | 		"res_u",
126 |     );
127 |     
128 |     // javascript functions that should not be replaced
129 |     $StdExcJSFuncArray = array('Dummy Entry'
130 |     );
131 |     
132 |     // standard variables that should not be replaced
133 |     $StdExcVarArray = array('Dummy Entry',
134 | 		"GLOBALS",
135 | 		"GATEWAY_INTERFACE",
136 | 		"SERVER_NAME",
137 | 		"SERVER_SOFTWARE",
138 | 		"SERVER_PROTOCOL",
139 | 		"REQUEST_METHOD",
140 | 		"QUERY_STRING",
141 | 		"DOCUMENT_ROOT",
142 | 		"HTTP_ACCEPT",
143 | 		"HTTP_ACCEPT_CHARSET",
144 | 		"HTTP_ACCEPT_ENCODING",
145 | 		"HTTP_ENCODING",
146 | 		"HTTP_ENV_VARS",
147 | 		"_ENV",
148 | 		"HTTP_ACCEPT_LANGUAGE",
149 | 		"HTTP_CONNECTION",
150 | 		"HTTP_HOST",
151 | 		"HOST",
152 | 		"HTTP_REFERER",
153 | 		"HTTP_SERVER_VARS",
154 | 		"_SERVER",
155 | 		"HTTP_USER_AGENT",
156 | 		"REMOTE_ADDR",
157 | 		"REMOTE_PORT",
158 | 		"SCRIPT_FILENAME",
159 | 		"SERVER_ADMIN",
160 | 		"SERVER_PORT",
161 | 		"SERVER_SIGNATURE",
162 | 		"PATH_TRANSLATED",
163 | 		"SCRIPT_NAME",
164 | 		"REQUEST_URI",
165 | 		"argv",
166 | 		"argc",
167 | 		"PHPSESSID",
168 | 		"SID",
169 | 		"PHP_SELF",
170 | 		"HTTP_COOKIE_VARS",
171 | 		"_COOKIE",
172 | 		"HTTP_GET_VARS",
173 | 		"_GET",
174 | 		"HTTP_POST_VARS",
175 | 		"_POST",
176 | 		"HTTP_SESSION_VARS",
177 | 		"_SESSION",
178 | 		"HTTP_POST_FILES",
179 | 		"_FILES",
180 | 		"_REQUEST",
181 | 		"userfile",
182 | 		"userfile_name",
183 | 		"userfile_size",
184 | 		"userfile_type",
185 | 		"this",
186 | 		"__FILE__",
187 | 		"__LINE__",
188 | 		'debug_msgtext'
189 |     );
190 | 
191 |     // variables, for which their key will be not replaced
192 |     // for exaplle for HTTP_SERVER_VARS['REMOTE_ADDR'], the REMOTE_ADDR string will be not replaced
193 |     $StdExcKeyArray = array('Dummy Entry',
194 | 		"_SERVER",
195 | 		"HTTP_SERVER_VARS",
196 | 		"_ENV",
197 | 		"HTTP_ENV_VARS"
198 |     );
199 |     
200 |     // all functions, that return objects (require special handling)
201 |     $StdObjRetFunctionsArray = array('Dummy Entry',
202 | 		"mysql_fetch_object",
203 | 		"pg_fetch_object"
204 |     );
205 | 
206 |     // types of comments that have to be replaced
207 |     // available types are: '/**/','//' and '#'
208 |     $StdReplaceComments = array('Dummy Entry',
209 | 		"/**/",
210 | 		"//",
211 | 		//"HTML".
212 |     );
213 | 
214 |     // variables in this array will be not replaced
215 |     $UdExcVarArray = array('Dummy Entry'
216 | 		// cache variables
217 | 		/*
218 | 		,'cv_0'
219 | 		,'cv_1'
220 | 		,'cv_2'
221 | 		,'cv_3'
222 | 		,'cv_4'
223 | 		,'cv_5'
224 | 		,'cv_6'
225 | 		,'cv_7'
226 | 		,'cv_8'
227 | 		,'cv_9'
228 | 		*/
229 | 	);
230 | 
231 |     // constants in this array will be not replaced
232 |     $UdExcConstArray = array('Dummy Entry');
233 | 
234 |     // functions in this array will be not replaced
235 |     $UdExcFuncArray = array('Dummy Entry',
236 | 		'__construct',
237 | 		'debug',
238 | 		'myErrorHandler_std',
239 | 		'myErrorHandler_sql',
240 | 		'myErrorHandler',
241 | 		'array_sort_cmp_by_id',
242 | 		'close',
243 | 	);
244 |     
245 |     // files that will be excluded from obfuscation
246 |     // you can use start convertion, like '*cat_*.php'
247 |     // the files will be copied to the target directory
248 |     $UdExcFileArray = array('Dummy Entry',
249 | 		'_konf.php',
250 | 	);
251 | 
252 |     // directories that will be excluded from obfuscation
253 |     // you can use star convention, like '/*mydirname*'
254 |     // it is recommended to use '/' in the beginning of directory name if you want to filter directory beginning with specified string
255 |     // WARNING: specified directories with all its content will be NOT processed and NOT copied to the target directory
256 |     // if you are using them in your PHP code, you have to copy them by hand
257 |     $UdExcDirArray = array('Dummy Entry',
258 | 		'/.svn'
259 | 	);
260 | ?>


--------------------------------------------------------------------------------
/pobs.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Eccenux/POBS/1ab9c2f104756cee31210e7634bf29cf4713e4a7/pobs.php


--------------------------------------------------------------------------------
/pobslogo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Eccenux/POBS/1ab9c2f104756cee31210e7634bf29cf4713e4a7/pobslogo.gif


--------------------------------------------------------------------------------