0

A friend of mine asked to make some changes to his website. When looking at the code I found every php file had this single line of code. So I had to Decode the string and replace the file with the result. From there I was able to make the proper adjustments to the site.

<?php eval("?>".base64_decode("PD9waHANCglpbmNsdWRlX29uY2UoJ2Z1bmN0aW9ucy5waHAnKTsNCj8+DQo8IURPQ1RZUEUgaHRtbCBQdWJsaWMgIi0vL1czQy8vRFREIFhIVE1MIDEuMCBUcmFuc2l0a......=")); ?>

My question is why would someone do such a thing? Doesn't this add an extra process to every page?

K3NN3TH
  • 1,458
  • 2
  • 19
  • 31
  • probably for the same reason someone would use the number 3 instead of the letter e. – I wrestled a bear once. May 05 '16 at 17:58
  • 1
    Some sort of weird html obfuscating thingy to prevent from seeing the html content on the server... It does add extra processing as everything has to go through the PHP engine and base64 decoded. – Webomatik May 05 '16 at 18:00
  • @Pamblam I disagree with that analogy, it takes the same amount of work to type th3 and the. – K3NN3TH May 05 '16 at 18:01
  • my point is, he thinks it's cool. it's not, but to each his own. – I wrestled a bear once. May 05 '16 at 18:02
  • @Webomatik, yes, I agree, just wanted to make sure it had something to do with trying at hide the code. The difference with javascript obfuscating is you can justify doing it to save on file size, but for server side PHP it is more to hide the code than save on resources. Just need to confirm that, know what I mean. – K3NN3TH May 05 '16 at 18:03
  • You should ask the author why he did that... – Webomatik May 05 '16 at 18:05
  • @Webomatik, ikr, but the author has mysteriously disappeared and unreachable. Karma?! – K3NN3TH May 05 '16 at 18:07

1 Answers1

1

He just thought that this may protect the code from being stolen, but that 's wrong off course.

Eymen Elkum
  • 3,013
  • 1
  • 20
  • 34
  • Ya, if someone pays you to build a site they have the rights to the code. Anything you do to try and hide the code is unethical IMO. – K3NN3TH May 05 '16 at 18:06
  • that 's another topic, but anyway the source-code is something not related to what customer has right to access IMO. – Eymen Elkum May 05 '16 at 18:09