I am not sure if this file was written by our preceding programmers or if it was a canned file made by APACHE for APACHE 1. However, it is breaking code in APACHE 2.
It seems to be some kind of a function to decode encrypted files.
Is CLS_DB.PHP some kind of a standard APACHE 1 file?
CLS_DB.PHP - is this a standard "canned" PHP file?
Moderator: General Moderators
-
cecilchampenois
- Forum Commoner
- Posts: 47
- Joined: Thu Nov 06, 2014 10:29 am
- Location: Gilbert, Arizona
- Contact:
Re: CLS_DB.PHP - is this a standard "canned" PHP file?
It's obfuscated php code. Apache has nothing to do with it.
-
cecilchampenois
- Forum Commoner
- Posts: 47
- Joined: Thu Nov 06, 2014 10:29 am
- Location: Gilbert, Arizona
- Contact:
Re: CLS_DB.PHP - is this a standard "canned" PHP file?
Unfortunately for us, the programmer who wrote this is long gone. No trail has been left.
Cecil Champenois
Re: CLS_DB.PHP - is this a standard "canned" PHP file?
phpGrid?
Their EULA does not prohibit de-obfuscating or reverse-engineering their code so I don't feel bad giving you this StackOverflow link. (Which may or may not be the same code you're looking at.)
Their EULA does not prohibit de-obfuscating or reverse-engineering their code so I don't feel bad giving you this StackOverflow link. (Which may or may not be the same code you're looking at.)
-
cecilchampenois
- Forum Commoner
- Posts: 47
- Joined: Thu Nov 06, 2014 10:29 am
- Location: Gilbert, Arizona
- Contact:
Re: CLS_DB.PHP - is this a standard "canned" PHP file?
I was on that very same website earlier and although I see what you see, I am not sure what I should do now. Thank you for the link and for responding.
Why do people use these programs this way? I do not know what to do. We have installed Apache 2 and moved our php code all over to a test web server (Ubuntu 14.04.1) and now the code is breaking. Our live server is Ubuntu 10.x.x, and it uses Apache 1. If I have to rebuild the server, due to a hardware crash, I am currently at a loss as to how to handle thee two programs that are contained within file names: CLS.DB.PHP and PHPGRID.PHP. Both stop their parent programs in their tracks. We actually have tow things happening. Apache 2 does not like mysql_pconnect, which is the second error shown below. Yet, we use mysql_pconnect earlier on and there is no issue. Apache isn't always consistent, or so it would seem. The first error message shown below is the one that kills the program.
I saw this online and it works to translate what is in eval() with highlight_string(). You just use highlight_string() in place of eval() and it shows you the natural php code:
http://mtekk.us/archives/enemy-of-the-s ... ated-code/
Although I've translated what is in eval(), what the heck do I do with it? I do not want this obfuscated code. can anyone tell me why we should retain it?
I've heard from an old timer that when you change versions of Linux, Apache, etc. that things break, and that once you set up a server, you should turn off all updates, so that things do not break.
Is it okay if I show this code here? If not I'll come back and remove it.
Why do people use these programs this way? I do not know what to do. We have installed Apache 2 and moved our php code all over to a test web server (Ubuntu 14.04.1) and now the code is breaking. Our live server is Ubuntu 10.x.x, and it uses Apache 1. If I have to rebuild the server, due to a hardware crash, I am currently at a loss as to how to handle thee two programs that are contained within file names: CLS.DB.PHP and PHPGRID.PHP. Both stop their parent programs in their tracks. We actually have tow things happening. Apache 2 does not like mysql_pconnect, which is the second error shown below. Yet, we use mysql_pconnect earlier on and there is no issue. Apache isn't always consistent, or so it would seem. The first error message shown below is the one that kills the program.
I saw this online and it works to translate what is in eval() with highlight_string(). You just use highlight_string() in place of eval() and it shows you the natural php code:
http://mtekk.us/archives/enemy-of-the-s ... ated-code/
Although I've translated what is in eval(), what the heck do I do with it? I do not want this obfuscated code. can anyone tell me why we should retain it?
I've heard from an old timer that when you change versions of Linux, Apache, etc. that things break, and that once you set up a server, you should turn off all updates, so that things do not break.
Strict Standards: Only variables should be assigned by reference in /var/www/html/phpGrid/server/classes/cls_db.php(1) : eval()'d code on line 1
My question is this: Whose code is this, referring to the following?Deprecated: mysql_pconnect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /var/www/html/phpGrid/server/adodb5/drivers/adodb-mysql.inc.php on line 383
Is it okay if I show this code here? If not I'll come back and remove it.
Code: Select all
<?php if(!function_exists("TC9A16C47DA8EEE87")){function TC9A16C47DA8EEE87($T059EC46CFE335260){$T059EC46CFE335260=base64_decode($T059EC46CFE335260);
$TC9A16C47DA8EEE87=0;
$TA7FB8B0A1C0E2E9E=0;
$T17D35BB9DF7A47E4=0;
$T65CE9F6823D588A7=(ord($T059EC46CFE335260[1])<<8)+ord($T059EC46CFE335260[2]);
$TBF14159DC7D007D3=3;
$T77605D5F26DD5248=0;
$T4A747C3263CA7A55=16;
$T7C7E72B89B83E235="";
$T0D47BDF6FD9DDE2E=strlen($T059EC46CFE335260);
$T43D5686285035C13=__FILE__;
$T43D5686285035C13=file_get_contents($T43D5686285035C13);
$T6BBC58A3B5B11DC4=0;
preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"),$T43D5686285035C13,$T6BBC58A3B5B11DC4);
for(;
$TBF14159DC7D007D3<$T0D47BDF6FD9DDE2E;
){if(count($T6BBC58A3B5B11DC4)) exit;
if($T4A747C3263CA7A55==0){$T65CE9F6823D588A7=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<8);
$T65CE9F6823D588A7+=ord($T059EC46CFE335260[$TBF14159DC7D007D3++]);
$T4A747C3263CA7A55=16;
}if($T65CE9F6823D588A7&0x8000){$TC9A16C47DA8EEE87=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<4);
$TC9A16C47DA8EEE87+=(ord($T059EC46CFE335260[$TBF14159DC7D007D3])>>4);
if($TC9A16C47DA8EEE87){$TA7FB8B0A1C0E2E9E=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])&0x0F)+3;
for($T17D35BB9DF7A47E4=0;
$T17D35BB9DF7A47E4<$TA7FB8B0A1C0E2E9E;
$T17D35BB9DF7A47E4++)$T7C7E72B89B83E235[$T77605D5F26DD5248+$T17D35BB9DF7A47E4]=$T7C7E72B89B83E235[$T77605D5F26DD5248-$TC9A16C47DA8EEE87+$T17D35BB9DF7A47E4];
$T77605D5F26DD5248+=$TA7FB8B0A1C0E2E9E;
}else{$TA7FB8B0A1C0E2E9E=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<8);
$TA7FB8B0A1C0E2E9E+=ord($T059EC46CFE335260[$TBF14159DC7D007D3++])+16;
for($T17D35BB9DF7A47E4=0;
$T17D35BB9DF7A47E4<$TA7FB8B0A1C0E2E9E;
$T7C7E72B89B83E235[$T77605D5F26DD5248+$T17D35BB9DF7A47E4++]=$T059EC46CFE335260[$TBF14159DC7D007D3]);
$TBF14159DC7D007D3++;
$T77605D5F26DD5248+=$TA7FB8B0A1C0E2E9E;
}}else $T7C7E72B89B83E235[$T77605D5F26DD5248++]=$T059EC46CFE335260[$TBF14159DC7D007D3++];
$T65CE9F6823D588A7<<=1;
$T4A747C3263CA7A55--;
if($TBF14159DC7D007D3==$T0D47BDF6FD9DDE2E){$T43D5686285035C13=implode("",$T7C7E72B89B83E235);
$T43D5686285035C13="?".">".$T43D5686285035C13;
return $T43D5686285035C13;
}}}}eval(TC9A16C47DA8EEE87("QAAAPD9waHAgIGlmKCFzZXNzaQAgb25faWQoKSl7IAD1c3RhcnQAACgpO30gICBjbGFzcyBDX0QAAGF0YWJhc2V7ICAJcHVibGkAAGMgJF82MzAyRjBCN0I2NjEAAEQwNzI4MkVBMjk3MDQ2QUMEADZEMEU7AtkyMUQ5Qzc1OTlFAAA2REYzMUJGNjQwQjIyQUQ2AoRBQTY1NjkC2XAHUHdvcmQBSWRhhkIII05hbWUBiQFgbGUBXWxpbmsCWWQICmJUeXADemNoYXJzZXQCUCANBWR4KGIA4Q9QADABRXJlc3VsAmEJDMdmdW4gAGN0E4AgX19jb25zdHJ1Y3QoAA4kaG9zdCwgJHVzZXIAcAwhAHBkZABiCaEAkl90CCAgPSAibXlzcWwixAABQAg0PSIiF9AgICR0aGlzIC0+f38gFY8VjARgBvIK8QNnFh80FhoDYQnhA2oKgRahAdH/zwDBAdoXOQIRDOMCOxWSAdMOIgHmLT4OBAHRALQB0cAAFdALRzVBRTg1RkRCRDcwNTlEBAAyMUNCRSTQNTZFOUZEREYxOPnAKGAXkSigAHEYPyBfBC8ELSswIHN3aXRjJoJoKAeSLT4g4xdSYy1AICJhY2MwsCJgADoJxQIxID0mIEFET05ld0NvbjhAbmUfIgQcDPEkZHNuDiAiRHJpdmUAAnI9e01pY3Jvc29mdCBBBVIggAABkyAoKi5tZGIpfTtEYnE9ImBcLgilLVguIjtVaWQBx18dHx0bAxBQd/cqAxgcARzBAYAiCbIlEQyxLT4MNCgK4SkBwWIUBnJlYTIhIBATb2RiY19tcymREF9EnwEQX2lzBYE1QQTiBXEQWVNRTCBTZXIRED//fTsAgw14Q29DawvwRuUDZyi5AhAODxoyDgI1oA+T/WcUH0c8AqYTpQzSEbxwPYBnQHAh7SAmIe8HgyX0w/8WcR51Yi0+UBhGAmM+bz5sCeYMjwyPBUMMhQO2gAATeSkgb3IgZGllKCJFcnJvcgAMOiBDb3VsZCBub3QgTHAuISB0AsFvIHRoZSADZSIRAmKhZW1wdHkv5YwIPNQpKSA1sQ44RXhlY3V0BhBTRVQA2iBOQU1FUyAnAfQDRCcFMz0AIBZ8ZD6FYjIWLTgPCCUWKTgEZDgESUJNIATAIC0hAfsgRFJJVkVSN0A2dCUPWfElAFvRbmWQAhfgIBn/GfwDYHBvcnQ9NTAAEDtwcm90AAtvY29sPVRDUElQO3U8nzdvv2+1l98EsCBwPK9ycAFhczbhPG8UTWl6IRRtKo8Ub2fU8/sGYyqffn9+eiAuClYWhBVhKEYr/yv/K/spM7EiDAxWb2NpOA2yWkFyZXRG8CQDY2Q10DXFZg93YWxzZQevh0+HQwKmcIcUB6IvESQGMGISBvD//wAwBr8UVSKPIowGRhCPEI8NIwjlA7Y5FRWCCMQ1JAsieeEgNREAAAkgFKxeUGl0FLUNwAH2AMBkZWZhjwBrfzp24B1GYhawJk7PCrNkgAIIUwmUGQEkTyRPJEr/5g62Em8SbwezEm8n6E7fTt9O37FzTt9ldE7fTt8g98BO3yyRGcEAQQkAUBWBAEC0NaSnRDQ2N0VBAABBM0ZCNkE5RjY4NDNENEIyAAAzQUMyODA1MzNFKCRfRDIzAAA2NTg0QzlDOEVCREE0OTRGAAYzNEVBRkEzMDBGRDA0KvIYSFMIIGV0RmWPYE1vZGUoHABEQl9GRQD/VENIX0JPVEgbIi5QreEeAAN4DYUHHwce0DhlH2UVZWCjIHF1ZXJ5wqALzwvLIGluN/QgXxBPEEwpY+NK5nlgKtAL8QCjFuEgO5B1cjwAbiANxAEwF4QXTzA0MTM0NDI4OEEAADU2QTFGNTdDQTNCQ0FDRTQDiEE2QkFDOBdPF04rcHNpekchX0YzAAA5OEU0MzRGQjE5Qjk2OUQ4AB9EOEJDMjNGRkY4NRywGfMKkwsxLFOIfjLRU2VspfBMaW1pxHAefx58Bz8HPwc1IP35fy9/JBofJd8l2RoSMBMfExsaHyYFD4MY4CAgGh/wADGTMY8hQDFwNjZBMEUyNjAxQjVGAAA3RkQ5REVFOUJBNDZEMTAzZ78xGk8aTyAkGk8aTxpPUCVfD48inznfOdobbxtvwAIbZRJhJF80NDMwOUEwNjI1QVBCAAA2MzE1MDBEMDI0NEQ0RTc3MANBMiRBFWMtPkdldEFycmF50vBcUP++Mg8E7wTtB0EZpgfPB8wC4DVhIBsx2VAAMPMETRcyAAA5REMxRTFFRUNBMjE5RUE2AAk0OUI1OTI4MTQ4RDINgCgmOiTDFjGDSglNT0RFDeABOU5VTQdAIHmkJVEtCDA+RU9GA8IgCSRycwMABQQtPmZpDgBlbGRzAwEBsfwSLT5Nb3ZlTmV4X8R0EjUJKHYCoigxAEEMsAAzDR45OTXp8DBEAAA4QzU2N0Q1QzdGQUYxOTNBC784NUQ5GPA4DR9XFg0fX1hBCiENLxwRDS8NL9mADS8NLiAaURpPdW7s0vPAMEY4MEExNgAANzE0Qjg4NDgxQkU3NkQ3MQFgNEYwMjkwMw0/Tw0/ATdBU1NPQ/ZgDU8abxvzGm90Gm8abwl9DR8NFjM4OERFAAAzQjREQ0QyMjBCQkQ1ODcyAB1FNzE4NERBNkMwNkLvQu4lMiQnyb/xG+9fKPQnJCfBXOd0D3sfexRZ/3QPdA9CREELbv7AcZQk7yTvMg90QBeuF58JMfcxzjU2Q0Q1QYAAIzAxNEUwQzJBMTQ1OEFDNDIB/0VDOTk0RDZabwwvF48XjzNmF5/AQBefF5///hef8Kxxj3GPcYkXkxePF48XjxePA2AXnxefVmfkIEYAADE4MEMwQzgxOEE0Q0M5MkMAnjUxOUZEOTlFSWAzKBKkFeJCBlE0UgB4ZWNvcmRDb3VuUWceUF1lHm1udW1o+187UwVvbpcFLT5GV+EFVwvvC+YE0l/3cQUVggByYGluZGV4CvIkXzhDNUJCOTHAAGSQZFA1RkRFRjhEMzI2RkE5MQQxQUNGM0E3kG5ldyA60AdST2JqlID84V4TA98D3wtIsoEEQigkCBNMgRMEaXNzZZmRyOAI7wjrLT4MsSkgP68AAs8Cz21lIDogPgAiIgagEkEfsAAxF11fMzkxRTdGMEIBADhERjI2RDUQ8DlEMDNFQkE1A99FQTJCNDcTvwRwD+8P7yATvxO/F48XhCWE/Age8BO/CBATvxyfHJgtPnR5cGUTvzI1RvwAH14CwxO1768AAAcgFZ5CMEJFMzlDMTM3AEA0ODA2OTU1MjbW0Dk0QUQxQw/5RDAxQhWfDYAVnxWfFZ819APfA98pT2xkKUnoPwhBEsEvsCSf5U1ldGFUFABt4CePJ40D0TZwoAc1z0YCrW1heF9sZW5ndGji0gegohbYgARRK4AgF+4WbkRCNpLxOTgzNjQzNYCgSgA5Q0Q0QzA1SeBCWNBDKCR0YSEGYmzUEjBERUJjcEFFRTUx8HADADAABEQ0NUQ4MDk0M0Q1MURBU2FydsByD8AAYK7mJADQATAkeDcREUNvbHVtbn/AcwYEDCQYLxgvG/8b9F5QQLQHEFtzdHJ0bwWfdXBwZXIXcDALvwu7XSkL4xd/F3wMkQX//4EF/wX8GNIaIQBBN9QO3w7dA2J9ZWxzZXsDgJ/AA3RmYQEAAaFgsQFwADEAtx4eQzVFNkMxAAA1MTFEQUFFQjQ1RTJBRTYyADwyNjJBMzFGNjdGNHhfBxDUdbA5MGgARprQHhAyTNAwQ0ZGMzQyMzM4MgbCNkIzM0YQ0R1jbmfPCjEkaT0wAIFmYMFvGGAAwSRpPCRfBX8FezskaSsrCDKjjB0wJAlnID093zUBVwwIaSkpENASdCRp54AHkTATATQtMQExEsCqJBLONzg2NDg3NwAgOTgxNUIwNTI3MtDARDQ5RkaP/i+AODJFqfA9MzoAaGMZcRx/HH0ScFzPXM9cz0NggUZ0QkSWRmV0Y2hwf2V0dXJuIC/EzvAsLywsLT5DmHDfXS9BAyldhXExFKA/Pg=="));
?>Cecil Champenois
-
cecilchampenois
- Forum Commoner
- Posts: 47
- Joined: Thu Nov 06, 2014 10:29 am
- Location: Gilbert, Arizona
- Contact:
Re: CLS_DB.PHP - is this a standard "canned" PHP file?
I am thinking that these encoded programs must originate in Hong Kong from http://www.phpGrid.com/ which is where I've tracked it to by all evidence. I sent them an email asking them if they have a couple of the program names, CLS_DB.PHP and CLS_DATAGRID.PHP. If they are the owners, then this product is theirs and so they'd most likely have an update to the older phpGrid version we have. Hmmm, maybe we are making progress? I surely hope so.
It is confirmed. These programs must have been purchased by my company and used by the previous programmer who has been gone for two years or more.
And, we are actually using Apache 2 Server. There may be more to this than only phpGrid. We may have a configuration problem.
It is confirmed. These programs must have been purchased by my company and used by the previous programmer who has been gone for two years or more.
And, we are actually using Apache 2 Server. There may be more to this than only phpGrid. We may have a configuration problem.
Cecil Champenois