phpioncube

PHP HTTP 500 Error


I decompined this script of ioncube. The encripted script runs totally fine. But when I run the decrypt script the page gives me 500 Http error. The decrypt script is this:

<?php






/

$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;
?>

<?php






/

?><?php

  @author: A S M Abdur Rab [shibly], shibly@divine-it.net
  @abstract: Class for authentication.
  @abstract: Helpful methods to make the session/cookies handling, login, logout,
              timedout, admin/user authentication, redirection and other authentication
              related process safe.

  PHP versions 4 and 5

  @name: Authentication Class.
  @category: Class.
  @uses:

  @version:
  @package: divin_framework
  @subpackage:  divin_framework.libs
 /

class AuthComponent extends Component
{
 set allowable IP addresses here/
   var $allowedIpAddresses = array('127.0.0.1','192.210.144.165',
                                   '::1');
   var $productId          = '1001';
    var $model              = '';
    var $condition          = '';
   var $secretSalt         = 'dddonteeeventtthinkaaaboutiiit';
    var $msgLogout          = 'Logout Successfully.';
    var $msgLoggedIn        = 'Already logged in.';
    var $msgNotLoggedIn     = 'You are not logged in.';
    var $msgInvalidUser     = 'Username and/or Password invalid.';
   var $msgTooManyAttempts = 'You have exceeded maximum login attempt limit.';  
    var $loginPage          = 'Login';
    var $afterLogoutPage    = 'Login';
    var $logoutPage         = 'Logout';
    var $homePage           = 'index';
    var $site               = 'DivineIT';
   var $fields             = array('login', 'password');
    var $timeOffset         = 180;
    var $loginRequired      = false;
   var $loginController    = null;
    var $_authSession       = null;
    var $_authModel         = null;
    var $_sessionName       = null;
   var $sessionId          = null;

    function __construct()
    {
        global $AUTH;
        if(isset($AUTH))
        {
            $this->loginRequired = true;
            foreach($AUTH as $key => $value)
                $this->{$key} = $value;
        }

        if(!empty($this->model))
        {
            $this->_sessionName = $this->site . '.' . $this->model;
            $this->_authSession = &App::loadModel('AuthSession');
            $this->_authModel   = &App::loadModel($this->model);
      }
    }

    function startup(&$controller)
   {
      $permitted = false;
      foreach($this->allowedIpAddresses as $ipAddress)
      {
         if($_SERVER['SERVER_ADDR']===$ipAddress)
         {
            $permitted = true;
            break;
         }
      }

     if(!$permitted)
      {
         header('Location: forbidden.php');
     return;
      }

       if(defined('PREFIX'))
         $prefix = PREFIX;
       else
           $prefix = '';

        if($this->_authModel === null || $this->_authSession === null)
        { 
            if($this->loginRequired === true)
         {
                $controller->redirect($this->loginController, $this->loginPage);
         }
         return;
       }

        $count = count($this->fields);
        if($prefix.$this->loginPage == Router::$action && isset($controller->data[$this->model]) && (count($controller->data[$this->model]) == $count))
        { 
          max login attempts#start/
         $tryInfo = null;
         $tryInfo = $this->Session->get('login_attempts');

         if(!is_null($tryInfo))
         {
            $firstImpression = $tryInfo['first_impression'];
            $loginAttempts   = $tryInfo['login_attempts'];
            $lastImpression  = strtotime($tryInfo['last_impression']);
            $currentTime     = strtotime(currentTime());

            if(($currentTime - $lastImpression)>$this->loginLockDuration60)
            {
               $loginAttempts = 1;
            }

            if(($loginAttempts>$this->maxLoginAttempts)&&($currentTime - $lastImpression)<$this->loginLockDuration60)
            {
               $controller->setFlash($this->msgTooManyAttempts);
               $controller->redirect($this->loginController, $this->loginPage);
               return;
            }
            else
            {
               $loginAttempts++;
               $tryInfo['login_attempts'] = $loginAttempts;
               $tryInfo['last_impression']= currentTime();
               $this->Session->set('login_attempts', $tryInfo);
            }
         }
         else
         {       
            $tryInfo['login_attempts']   = 1;
            $tryInfo['first_impression'] = currentTime();
            $tryInfo['last_impression']  = currentTime();
            $this->Session->set('login_attempts', $tryInfo);
         }
         max login attempts#start/
            $this->loggedIn = $this->__login($controller->data[$this->model], $this->condition);

            if($this->loggedIn)
            {
            $requestedPage = $this->Session->get('requested_url');
            if(!is_null($requestedPage)&&(count($requestedPage)>0))
            {
               $requestedController = Inflector::underscore($requestedPage['controller']);
               $requestedAction     = Inflector::underscore($requestedPage['action']);
               $requestedParams     = $requestedPage['params'];
               $requestedMoreAttrs  = $requestedPage['more'];
               $requestedScript     = $requestedPage['script'];
               $this->Session->remove('requested_url');
               //$controller->redirect($requestedController, $requestedAction,$requestedParams, $requestedMoreAttrs);
               $link = $requestedScript . '?action=' . $requestedController . '-' .
                       $requestedAction . (!empty($requestedParams) ? ('-'.implode('-', $requestedParams)) : '');
               if(!empty($requestedMoreAttrs))
               {
                  foreach($requestedMoreAttrs as $key=>$value)
                  {
                     $link .= '&'.$key.'='.$value;
                  }
               }
               header('location: ' . $link);
            }
            else
            {
               $controller->redirect($this->loginController, $this->homePage);
            }
            return;
            }
            else
            {
                $controller->setFlash($this->msgInvalidUser);
                $controller->redirect($this->loginController, $this->loginPage);
            }

        }
        else
        { 
            if(Router::$action != $prefix.$this->loginPage)
            {
                if(Router::$action === $prefix.$this->logoutPage)
                {
                    $this->__logout();
                    $controller->setFlash($this->msgLogout);
                    $controller->redirect($this->loginController, $this->afterLogoutPage);
                }
                else if($this->__checkValidSession() === false)
                {
               $requestedPage = $this->Session->get('requested_url');

               $requestedPage['controller'] = Router::$controller;
               $requestedPage['action']     = Router::$originalAction;
               $requestedPage['params']     = Router::$params;
               $requestedPage['more']       = Router::$more;
               $requestedPage['script']     = Router::$script;
               $this->Session->set('requested_url', $requestedPage);
                    $controller->setFlash($this->msgNotLoggedIn);
                    $controller->redirect($this->loginController, $this->loginPage);
                }
                else
                {
               $this->loggedIn = true;
                }
            }
        }
    }

    function __login($values, $condition)
    {
      if(method_exists($this->model, 'authenticate'))
      {
         $userData = $this->_authModel->authenticate($values, $condition);
      }
      else
      {
         foreach($this->fields as $field)
         {
            if($field === 'password')
            {
                if($this->encryptPassword)
                {
                   $value = &Database::escape($this->password($values[$field]));
                }
                else
                {
                   $value = &Database::escape($values[$field]);
                }
            }
            else
            {
               $value = &Database::escape($values[$field]);
            }

            $condition .= (empty($condition)?'':' AND ') . '`' . $this->model . '`.' .'`'.$field.'` COLLATE latin1_bin  = \''.$value."'";
         }
         $userData = $this->_authModel->find($condition);
      }
        if($userData != null)
        {
            / TODO: if disable /
//            $this->Session->regenerate();
            $userSessionId   = $this->Session->sessionId();
            $this->Session->set( $this->_sessionName, $userSessionId );
         $userSessionId   = sha1($this->_sessionName . $userSessionId . $this->secretSalt);
            $userSessionData = array('AuthSession' =>
                                  array('session_id' => $userSessionId,
                                        'login_time' => currentTime(),
                                        'last_impression' => currentTime(),
                                        'ip' => $_SERVER['REMOTE_ADDR'],
                                        'user_id'=> $userData[$this->model][$this->_authModel->primaryKey],
                                        'model'=> $this->model,
                                        'user_data'=>serialize($userData)
                                       )
                                   );         
            if($this->_authSession->save($userSessionData, false) === true)
            {
                $this->userData  = &$userData;
            $this->sessionId = $userSessionId;
            $this->Session->remove('login_attempts');
                return true;
            }
        }
        return false;
    }

    function __logout()
    {

        Remove from session table.
       /
      $sessionId = sha1($this->_sessionName . $this->Session->get($this->_sessionName) . $this->secretSalt);
      $condition = '`session_id` = \'' . $sessionId . '\' AND `model` = \''.$this->model.'\'';
      //$condition.= ' AND `ip`=\'' . $_SERVER['REMOTE_ADDR'] .'\'';
    $this->_authSession->delete($condition);

        Remove all invalid/expired sessions.
       /
      $sessionDuration    = $this->timeOffset  60;
      $inactivityInterval = $this->inactivityInterval  60;
      $condition          = '(UNIX_TIMESTAMP(\'' . currentTime() . '\') - UNIX_TIMESTAMP(last_impression)) > ' . $inactivityInterval;
      $this->_authSession->delete($condition);
      $condition          = '';
      $this->Session->destroySession();
    }

    function __checkValidSession()
    {
      $sessionId  = sha1($this->_sessionName . $this->Session->get($this->_sessionName) . $this->secretSalt);
        // check if session available
      $sessionDuration    = $this->timeOffset  60;
      $inactivityInterval = $this->inactivityInterval  60;
      $condition          = '(UNIX_TIMESTAMP(\'' . currentTime() . '\') - UNIX_TIMESTAMP(last_impression)) > ' . $inactivityInterval;
      $this->_authSession->delete($condition);
      $condition  = '';      
      $condition  = "session_id = '" . $sessionId . "' AND `model`= '{$this->model}'";
      //$condition .= ' AND ip=\'' . $_SERVER['REMOTE_ADDR'] . '\'';
       $checkValidSession = $this->_authSession->find($condition);

       if(count($checkValidSession) === 1)
       {
            // check if session expired
          $timeOut = strtotime($checkValidSession['AuthSession']['login_time']) + $sessionDuration;
           $currentTime = strtotime(currentTime());
           if($timeOut > $currentTime)
           {
            // find logged in user
            if(method_exists($this->_authModel, 'checkSession'))
            {
               $userData = &$this->_authModel->checkSession(unserialize($checkValidSession['AuthSession']['user_data']));
            }
            else
            {
               $conditions = $this->model . '.' . $this->_authModel->primaryKey.'=' . $checkValidSession['AuthSession']['user_id'];
               $userData = & $this->_authModel->find($conditions);
            }
            if($userData != null)
            {
                / TODO: if disable /
               $sessionId = sha1($this->_sessionName . $this->Session->get($this->_sessionName) . $this->secretSalt);
               $condition = '`session_id` = \'' . $sessionId . '\' AND `model` = \''.$this->model.'\'';
               //$condition.= ' AND `ip`=\'' . $_SERVER['REMOTE_ADDR']. '\'';
               $data = array();
               $data['AuthSession']['last_impression'] = currentTime();
               $this->_authSession->update($data, '', $condition);
               $this->userData = & $userData;
               return true;
            }
          }
       }
       $this->_authSession->delete($condition);
      $this->Session->destroySession();
       return false;
    }

    function password($password)
    {
        return sha1($password);
    }

    function user($field)
    {
        if(isset($this->userData[$this->model][$field]))
           return $this->userData[$this->model][$field];
        return null;
    }
}
?>
?>

What's wrong in this script that is giving me 500 error?


Solution

  • There are Multiple Errors in the code. Here is the List!

    Syntax Error : MultiLine Comments

    Line 8 : Unexpected "/"     # it Should be /* or */
    Line 20: Unexpected "/"     # It should be /* or */
    Lines 24-39 : You forgot to start the MultiLine Comment!
    Line 43 : Again you forgot to Start single Line Comment!
    Line 122 : Again you forgot to start and end Single Line comment!
    Line 159 : Don't know if you forgot to start comment or bad code!
    Line 261 : Again forgot to start and end the comment!
    Line 290 and 297 : Forgot to start and end the comment!
    Line 291 and 298 : Syntax error! Looks like you wanted to start comment!
    Line 339 : Syntax Error In MultiLine Comment! I am tired of writing again! :v
    

    These are just Comment Errors!

    There are multiple Variable Definition errors too! There are other Multiple errors! Check the full code once!