├── .github
    └── workflows
    │   └── run_tests.yml
├── .gitignore
├── README.md
├── bin
    └── cactus
├── composer.json
├── src
    ├── Cactus.php
    ├── CactusErrorHandler.php
    └── Exception
    │   ├── DepedencyException.php
    │   └── RunTimeException.php
└── test
    └── sampleProject
        ├── composer.json
        ├── phpunit.xml
        ├── tests
            └── CactusTest.php
        └── toBeCompiled
            ├── shouldBeCompiled.php
            └── shouldNotBeCompiled.txt


/.github/workflows/run_tests.yml:
--------------------------------------------------------------------------------
 1 | name: Run Tests
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ master ]
 6 |   pull_request:
 7 |     branches: [ master ]
 8 | 
 9 | jobs:
10 |   build:
11 | 
12 |     runs-on: ubuntu-22.04
13 |     
14 |     container:
15 |       image: php:8.1-cli
16 |       options: --user root
17 |         
18 |     steps:        
19 |       - uses: actions/checkout@v2
20 |       
21 |       - name: Fix Permissions
22 |         run: mkdir /tmp/cache && chmod -R 777 /tmp/cache
23 |       
24 |       - name: Install Dependencies
25 |         run: apt-get update && apt-get install -y git zip unzip
26 | 
27 |       - name: Install OPCache
28 |         run: docker-php-ext-install opcache && docker-php-ext-enable opcache
29 | 
30 |       - name: Enable OPCache
31 |         run: echo 'opcache.enable=1\n opcache.enable_cli=1  \n opcache.validate_timestamps=0\n opcache.file_cache = /tmp/cache\n' >> /usr/local/etc/php/conf.d/opcache.ini
32 |       
33 |       - name: Install composer
34 |         run: curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php && php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer
35 |       
36 |       - name: Validate composer.json and composer.lock
37 |         run: composer validate --strict
38 | 
39 |       - name: Cache Composer packages
40 |         id: composer-cache
41 |         uses: actions/cache@v2
42 |         with:
43 |           path: vendor
44 |           key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
45 |           restore-keys: |
46 |             ${{ runner.os }}-php-
47 | 
48 |       - name: Install dependencies
49 |         run: composer install --working-dir=${GITHUB_WORKSPACE}/test/sampleProject --prefer-dist --no-progress
50 | 
51 |       - name: Compile Files
52 |         run: ${GITHUB_WORKSPACE}/test/sampleProject/vendor/bin/cactus --noPrompt --dir toBeCompiled
53 | 
54 |       - name: Run tests
55 |         run: cd  ${GITHUB_WORKSPACE}/test/sampleProject && php vendor/phpunit/phpunit/phpunit --configuration phpunit.xml
56 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Created by .ignore support plugin (hsz.mobi)
2 | .idea
3 | composer.lock
4 | vendor
5 | test/vendor
6 | test/composer.lock
7 | test/.phpunit.result.cache
8 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # PHP Cactus 🌵
 2 | 
 3 | Protect your PHP code from being stolen. Deploy with no fear of not owning servers. This library compiles your PHP code to opcodes and removes code from all php files included in your project. All produced opcode files are saved on the server's filesystem and used by OPcache!
 4 | 
 5 | **Before**
 6 | 
 7 | index.php
 8 | 
 9 |     <?php
10 |     use Illuminate\Contracts\Http\Kernel;
11 |     use Illuminate\Http\Request;
12 |     define('LARAVEL_START', microtime(true));
13 | 
14 | **After**
15 | 
16 | index.php
17 | 
18 |     <?php
19 |     //compiled by Cactus
20 | 
21 | index.php.bin
22 | 
23 |     OPCACHEaa076b0e7a9c60b4d014e9d46754d5ffòËE"=h"`ÿ†8˛ˇˇˇÄ˛ˇˇˇÄˇˇˇˇw—∑e9YÅ©—!a°°¡!QÅÅ°°¡¡Jp=y
24 |     PAJ`=y
25 |     PAë†Å]†`uêÅJ`=◊P†_†PAë†ÅÈ†@+¸PIÙ"IÙ†/I⁄`†/‚`1pz
26 |     
27 |     P1tG†1<⁄p†	1‚p(3pÁ
28 |     84qG∞4<€ê∞†4/†P4tG†4<”†H5pG†5<⁄Ä†3‚pX7püêP7BüÄ`7BF7<Kˇˇˇˇ8>V∆èMi…˝8é/laravel/public/index.phpÈ1QyV∆èMi…˝8é/laravel/public/index.phpVpJÄ¯RÄdefineVYZ€∂
29 |     ¨≥î
30 |     LARAVEL_STARTVÆó‰H—wÉ	microtimeVÑÀTñuä¿file_existsVΩP∂äÔÓSø4/laravel/public/../storage/framework/maintenance.phpVo~†∑”5∂&/laravel/public/../vendor/autoload.phpV'†ﬁeE^Ô$/laravel/public/../bootstrap/app.phpV£ö|ÄmakeVﬂ.`ôå¥öê Illuminate\Contracts\Http\KernelVqÿêSÄhandle!V⁄ó≤:·†q”Illuminate\Http\RequestV:¥ˇi?⁄ﬂilluminate\http\requestV9÷ı≤±–ÄcaptureVO€ù|ÄsendVÓ ‘=—ŸwÉ	terminateVhÏ1\
31 | 
32 | ## Useful Notes
33 | 
34 | - **Your php files content will be replaced!!!!!!!** Be sure **you have
35 |   copies** on your development machine
36 | 
37 | - If you want to update a file after compilation. Replace the existing
38 |   (empty file) with the updated one, and run PHP cactus again
39 | 
40 | - The opcodes should be served by the same interpreter which has created them.
41 | - A good idea is to create docker images with your compiled app. Your could update your app by updating your docker image version
42 | 
43 | ## Install
44 | 
45 | Using Composer
46 | ```
47 | composer require notihnio/php-cactus:^1.0
48 | ```
49 | 
50 | Add to your php.ini configuration
51 | 
52 |     opcache.enable=1  
53 |     opcache.enable_cli=1  
54 |     opcache.validate_timestamps=0  
55 |     opcache.file_cache = "Enter here the path where the opcodes will be saved"
56 | 
57 | ## Run php Cactus
58 | 
59 |     YourProjectRootDir/vendor/bin/cactus
60 | 
61 | Run php Cactus without any prompt (Force mode for your deployment process)
62 | 
63 |     YourProjectRootDir/vendor/bin/cactus --noPrompt
64 | 
65 | 
66 | Run php Cactus for specific project subdirectory (dir parameter should be relative to project root directory)
67 | 
68 |     YourProjectRootDir/vendor/bin/cactus --dir app/Controllers
69 | 


--------------------------------------------------------------------------------
/bin/cactus:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env php
 2 | 
 3 | <?php
 4 | 
 5 | include $_composer_autoload_path;
 6 | 
 7 | //prompt
 8 | if (!in_array("--noPrompt", $argv, true)) {
 9 |     $shouldContinue = readline('Are you sure you want to proceed to compilation? (Y/N): ');
10 |     if (strtolower($shouldContinue) !== 'y') {
11 |         exit(0);
12 |     }
13 | }
14 | 
15 | //route path
16 | $requiredDir = null;
17 | $isRequiredDirDirSpecified = array_search("--dir", $argv, true);
18 | 
19 | if ($isRequiredDirDirSpecified) {
20 |     if (count($argv) < $isRequiredDirDirSpecified+2) {
21 |         echo "Path is not valid\n";
22 |         exit(1);
23 |     }
24 |     $requiredDir = $argv[$isRequiredDirDirSpecified+1];
25 | 
26 |     if (str_starts_with("/", $requiredDir)) {
27 |         echo "Path should be relative to the project route path (ex. app/controllers)\n";
28 |         exit(1);
29 |     }
30 | }
31 | 
32 | 
33 | try {
34 |     $cactus = new \Notihnio\Cactus\Cactus();
35 | } catch (\Notihnio\Cactus\Exception\DepedencyException $exception) {
36 |     echo "Dependency error: {$exception->getMessage()}\n";
37 |     exit(1);
38 | }
39 | 
40 | $compilationDir = $projectDir = dirname(__FILE__, 5);
41 | 
42 | if (!is_null($requiredDir)) {
43 |     $compilationDir = $projectDir.DIRECTORY_SEPARATOR.$requiredDir;
44 | }
45 | 
46 | if (!is_dir($compilationDir)) {
47 |     echo "Path is not valid\n";
48 |     exit(1);
49 | }
50 | 
51 | try {
52 |     $cactus->compile($compilationDir);
53 | } catch (\Notihnio\Cactus\Exception\RunTimeException $exception) {
54 |     echo "Runtime error: {$exception->getMessage()}\n";
55 |     exit(1);
56 | }
57 | 


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "notihnio/php-cactus",
 3 |   "bin": [
 4 |     "bin/cactus"
 5 |   ],
 6 |   "description": "Compile and protect your php code from been stolen. No risk deployments to client's servers",
 7 |   "type": "library",
 8 |   "license": "MIT",
 9 |   "authors": [
10 |     {
11 |       "name": "Notis Mastrandrikos",
12 |       "email": "pmastrandrikos@gmail.com"
13 |     }
14 |   ],
15 |   "autoload": {
16 |     "psr-4": {
17 |       "Notihnio\\Cactus\\": "src/"
18 |     }
19 |   },
20 |   "require": {
21 |     "php": ">=8.0",
22 |     "ext-zend-opcache": "*",
23 |     "ext-fileinfo": "*"
24 |   },
25 |   "minimum-stability": "stable"
26 | }
27 | 


--------------------------------------------------------------------------------
/src/Cactus.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Notihnio\Cactus;
  4 | 
  5 | use Notihnio\Cactus\Exception\RuntimeException;
  6 | use Notihnio\Cactus\Exception\DepedencyException;
  7 | 
  8 | class Cactus
  9 | {
 10 |     /**
 11 |      * @throws \Notihnio\Cactus\Exception\DepedencyException
 12 |      */
 13 |     public function __construct()
 14 |     {
 15 |         $this->detectPhpConfiguration();
 16 |     }
 17 | 
 18 |     /**
 19 |      * @return string
 20 |      */
 21 |     private function detectOs(): string
 22 |     {
 23 |         return (PHP_OS_FAMILY === "Windows") ? "Windows" : "Unix";
 24 |     }
 25 | 
 26 |     /**
 27 |      * @throws \Notihnio\Cactus\Exception\DepedencyException
 28 |      */
 29 |     private function detectIfOpcacheIsEnabled() : void
 30 |     {
 31 |         if (!is_array(opcache_get_status())) {
 32 |             throw new DepedencyException("Opcache should be enabled");
 33 | 
 34 |         }
 35 |     }
 36 | 
 37 |     /**
 38 |      * @return string
 39 |      * @throws \Notihnio\Cactus\Exception\DepedencyException
 40 |      */
 41 |     private function getOpcacheFileCachePath(): string
 42 |     {
 43 |         if (!ini_get("opcache.file_cache")) {
 44 |             throw new DepedencyException("Opcache file cache should be enabled");
 45 |         }
 46 | 
 47 |         return ini_get("opcache.file_cache");
 48 |     }
 49 | 
 50 |     /**
 51 |      * @return void
 52 |      * @throws \Notihnio\Cactus\Exception\DepedencyException
 53 |      */
 54 |     private function detectIfFileCacheDirIsWritable(): void
 55 |     {
 56 |         if (!is_writable($this->getOpcacheFileCachePath())) {
 57 |             throw new DepedencyException("Opcache file folder should be writable");
 58 |         }
 59 |     }
 60 | 
 61 |     /**
 62 |      * @return void
 63 |      * @throws \Notihnio\Cactus\Exception\DepedencyException
 64 |      */
 65 |     private function detectOpcacheValidateTimestamps(): void
 66 |     {
 67 |         if (ini_get("opcache.validate_timestamps")) {
 68 |             throw new DepedencyException("opcache.validate_timestamps should not be enabled");
 69 |         }
 70 |     }
 71 | 
 72 |     /**
 73 |      * @return void
 74 |      * @throws \Notihnio\Cactus\Exception\DepedencyException
 75 |      */
 76 |     private function detectPhpConfiguration(): void
 77 |     {
 78 |         $this->detectIfOpcacheIsEnabled();
 79 |         $this->detectIfFileCacheDirIsWritable();
 80 |         $this->detectOpcacheValidateTimestamps();
 81 |     }
 82 | 
 83 |     /**
 84 |      * @param      $rootDirectory
 85 |      * @param bool $isRootDir
 86 |      *
 87 |      * @return void
 88 |      * @throws \Notihnio\Cactus\Exception\RuntimeException
 89 |      */
 90 |     public function compile($rootDirectory, bool $isRootDir = true): void
 91 |     {
 92 |         $dirContents = scandir($rootDirectory);
 93 | 
 94 |         $phpMimeTypes = [
 95 |             "text/php",
 96 |             "text/x-php",
 97 |             "application/php",
 98 |             "application/x-php",
 99 |             "application/x-httpd-php",
100 |             "application/x-httpd-php-source"
101 |         ];
102 | 
103 |         foreach ($dirContents as $dirChild) {
104 |             if ($dirChild === "." || $dirChild === "..") {
105 |                 continue;
106 |             }
107 | 
108 |             $filePath = $rootDirectory . DIRECTORY_SEPARATOR . $dirChild;
109 | 
110 |             if (str_ends_with($dirChild, ".php") &&
111 |                 is_file($filePath) && in_array(mime_content_type($filePath), $phpMimeTypes, true)
112 |             ) {
113 | 
114 |                 //if file has been compiled from cactus
115 |                 if($dirChild !== "Cactus.php" && str_contains(file_get_contents($filePath), "compiled by Cactus")) {
116 | 
117 |                     //do not compile it again
118 |                     echo "Skipping file ${filePath}, has already been compiled\n";
119 |                     continue;
120 |                 }
121 | 
122 |                 //if file exists in cache
123 |                 if (opcache_is_script_cached($filePath)) {
124 | 
125 |                     //invalidate cache and let cactus compile the file again
126 |                     opcache_invalidate($filePath, true);
127 |                 }
128 | 
129 |                 echo "Compiling ${filePath}\n";
130 |                 if (!is_writable($filePath)) {
131 |                     throw new RuntimeException("No permissions to write file {$filePath}");
132 |                 }
133 | 
134 |                 try {
135 |                     CactusErrorHandler::start(E_WARNING);
136 | 
137 |                     if (opcache_compile_file($filePath)) {
138 |                         file_put_contents($filePath, "<?php".PHP_EOL."//compiled by Cactus");
139 |                     }
140 |                     CactusErrorHandler::stop(true);
141 | 
142 |                 } catch (\Error|\Exception|\Throwable|\ErrorException $exception) {
143 |                     echo "Cannot compile file ${filePath}, either is incompatible or has been previously compiled.\n";
144 |                 }
145 | 
146 | 
147 |             }
148 | 
149 |             if (is_dir($filePath)) {
150 |                 if (!is_readable($filePath)) {
151 |                     throw new RuntimeException("No permissions to read dir {$filePath}");
152 |                 }
153 |                 $this->compile($rootDirectory . DIRECTORY_SEPARATOR . $dirChild, false);
154 |             }
155 |         }
156 | 
157 |         if ($isRootDir) {
158 |             echo "Compilation has been successfully completed!\n";
159 |             exit(0);
160 |         }
161 |     }
162 | }
163 | 


--------------------------------------------------------------------------------
/src/CactusErrorHandler.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Notihnio\Cactus;
  4 | 
  5 | use \ErrorException;
  6 | 
  7 | /**
  8 |  * ErrorHandler that can be used to catch internal PHP errors
  9 |  * and convert to an ErrorException instance.
 10 |  */
 11 | class CactusErrorHandler
 12 | {
 13 |     /**
 14 |      * Active stack
 15 |      *
 16 |      * @var array
 17 |      */
 18 |     protected static array $stack = [];
 19 | 
 20 |     /**
 21 |      * Check if this error handler is active
 22 |      *
 23 |      * @return bool
 24 |      */
 25 |     public static function started(): bool
 26 |     {
 27 |         return (bool) static::getNestedLevel();
 28 |     }
 29 | 
 30 |     /**
 31 |      * Get the current nested level
 32 |      *
 33 |      * @return int
 34 |      */
 35 |     public static function getNestedLevel(): int
 36 |     {
 37 |         return count(static::$stack);
 38 |     }
 39 | 
 40 |     /**
 41 |      * Starting the error handler
 42 |      *
 43 |      * @param int $errorLevel
 44 |      */
 45 |     public static function start(int $errorLevel = \E_WARNING): void
 46 |     {
 47 |         ini_set('display_errors', 0);
 48 |         if (!static::$stack) {
 49 |             set_error_handler([static::class, 'addError'], $errorLevel);
 50 |         }
 51 | 
 52 |         static::$stack[] = null;
 53 |     }
 54 | 
 55 |     /**
 56 |      * Stopping the error handler
 57 |      *
 58 |      * @param bool $throw Throw the ErrorException if any
 59 |      *
 60 |      * @return null|ErrorException
 61 |      */
 62 |     public static function stop(bool $throw = false) : null|ErrorException
 63 |     {
 64 |         $errorException = null;
 65 | 
 66 |         if (static::$stack) {
 67 |             $errorException = array_pop(static::$stack);
 68 | 
 69 |             if (!static::$stack) {
 70 |                 restore_error_handler();
 71 |             }
 72 | 
 73 |             if ($errorException && $throw) {
 74 |                 throw $errorException;
 75 |             }
 76 |         }
 77 |         ini_set('display_errors', 1);
 78 |         return $errorException;
 79 |     }
 80 | 
 81 |     /**
 82 |      * Stop all active handler
 83 |      *
 84 |      * @return void
 85 |      */
 86 |     public static function clean(): void
 87 |     {
 88 |         if (static::$stack) {
 89 |             restore_error_handler();
 90 |         }
 91 | 
 92 |         static::$stack = array();
 93 |     }
 94 | 
 95 |     /**
 96 |      * Add an error to the stack
 97 |      *
 98 |      * @param int    $errno
 99 |      * @param string $errstr
100 |      * @param string $errfile
101 |      * @param int    $errline
102 |      *
103 |      * @return void
104 |      */
105 |     public static function addError(int $errno, string $errstr = '', string $errfile = '', int $errline = 0): void
106 |     {
107 |         $stack = & static::$stack[count(static::$stack) - 1];
108 |         $stack = new ErrorException($errstr, 0, $errno, $errfile, $errline, $stack);
109 |     }
110 | }
111 | 


--------------------------------------------------------------------------------
/src/Exception/DepedencyException.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | namespace Notihnio\Cactus\Exception;
4 | 
5 | class DepedencyException extends \Exception { }
6 | 
7 | 
8 | 


--------------------------------------------------------------------------------
/src/Exception/RunTimeException.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | namespace Notihnio\Cactus\Exception;
4 | 
5 | class RunTimeException extends \Exception { }
6 | 
7 | 
8 | 


--------------------------------------------------------------------------------
/test/sampleProject/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "cactus/test",
 3 |   "type": "project",
 4 |   "description": "Cactus testing.",
 5 |   "keywords": ["Cactus", "testing"],
 6 |   "license": "MIT",
 7 |   "require": {
 8 |     "php": "^8.0.2",
 9 |     "notihnio/php-cactus": "master"
10 |   },
11 |   "require-dev": {
12 |     "phpunit/phpunit": "^9.0"
13 |   },
14 |   "autoload": {
15 | 
16 |   },
17 |   "autoload-dev": {
18 |     "psr-4": {
19 |       "Tests\\": "tests/"
20 |     }
21 |   },
22 |   "minimum-stability": "dev",
23 |   "prefer-stable": true
24 | }
25 | 


--------------------------------------------------------------------------------
/test/sampleProject/phpunit.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 3 |          xsi:noNamespaceSchemaLocation="./vendor/phpunit/phpunit/phpunit.xsd"
 4 |          bootstrap="./vendor/autoload.php"
 5 |          colors="true"
 6 |          convertErrorsToExceptions="true"
 7 |          convertNoticesToExceptions="true"
 8 |          convertWarningsToExceptions="true"
 9 |          processIsolation="false"
10 |          stopOnFailure="false"
11 |          verbose="true">
12 |     <testsuites>
13 |         <testsuite name="Tests">
14 |             <directory suffix="Test.php">./tests</directory>
15 |         </testsuite>
16 |     </testsuites>
17 |     <php>
18 |         <ini name="memory_limit" value="2048M" />
19 |         <ini name="max_execution_time" value="0" />
20 |     </php>
21 | </phpunit>
22 | 


--------------------------------------------------------------------------------
/test/sampleProject/tests/CactusTest.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Tests;
 4 | 
 5 | use \PHPUnit\Framework\TestCase;
 6 | 
 7 | final class CactusTest extends TestCase
 8 | {
 9 |     public function testCheckCompiledFiles(): void
10 |     {
11 |         $phpFileContents = file_get_contents(__DIR__.DIRECTORY_SEPARATOR."..".DIRECTORY_SEPARATOR."toBeCompiled".DIRECTORY_SEPARATOR."shouldBeCompiled.php");
12 |         $txtFileContents = file_get_contents(__DIR__.DIRECTORY_SEPARATOR."..".DIRECTORY_SEPARATOR."toBeCompiled".DIRECTORY_SEPARATOR."shouldNotBeCompiled.txt");
13 | 
14 |         $this->assertTrue(str_contains($phpFileContents, "Cactus"));
15 |         $this->assertTrue(str_contains($txtFileContents, "txt file"));
16 |     }
17 | }
18 | 


--------------------------------------------------------------------------------
/test/sampleProject/toBeCompiled/shouldBeCompiled.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | /* Initialize some variables using C style comments
 4 |    $a - contains a-coefficient
 5 |    $b - contains b-coefficient
 6 |    $x - value we are evaluating
 7 |    $y - result from evaluating equation
 8 | */
 9 | $a = 1;
10 | $b = 2;
11 | $x = 1;
12 | $y = $a * $x + $b;
13 | if ($y < 5)                // C++ style comment, check if y<5
14 | {
15 |     # Shell style comment, display something when y<5
16 |     echo "Guess what?  y is less than 5!";
17 | }
18 | 
19 | 


--------------------------------------------------------------------------------
/test/sampleProject/toBeCompiled/shouldNotBeCompiled.txt:
--------------------------------------------------------------------------------
1 | txt file
2 | 


--------------------------------------------------------------------------------