I decompined this script of ioncube. The encripted script runs totally fine. But when I run the decrypt script the page gives me 500 Http error. The decrypt script is this:
<?php
/
$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;
?>
<?php
/
?><?php
@author: A S M Abdur Rab [shibly], shibly@divine-it.net
@abstract: Class for authentication.
@abstract: Helpful methods to make the session/cookies handling, login, logout,
timedout, admin/user authentication, redirection and other authentication
related process safe.
PHP versions 4 and 5
@name: Authentication Class.
@category: Class.
@uses:
@version:
@package: divin_framework
@subpackage: divin_framework.libs
/
class AuthComponent extends Component
{
set allowable IP addresses here/
var $allowedIpAddresses = array('127.0.0.1','192.210.144.165',
'::1');
var $productId = '1001';
var $model = '';
var $condition = '';
var $secretSalt = 'dddonteeeventtthinkaaaboutiiit';
var $msgLogout = 'Logout Successfully.';
var $msgLoggedIn = 'Already logged in.';
var $msgNotLoggedIn = 'You are not logged in.';
var $msgInvalidUser = 'Username and/or Password invalid.';
var $msgTooManyAttempts = 'You have exceeded maximum login attempt limit.';
var $loginPage = 'Login';
var $afterLogoutPage = 'Login';
var $logoutPage = 'Logout';
var $homePage = 'index';
var $site = 'DivineIT';
var $fields = array('login', 'password');
var $timeOffset = 180;
var $loginRequired = false;
var $loginController = null;
var $_authSession = null;
var $_authModel = null;
var $_sessionName = null;
var $sessionId = null;
function __construct()
{
global $AUTH;
if(isset($AUTH))
{
$this->loginRequired = true;
foreach($AUTH as $key => $value)
$this->{$key} = $value;
}
if(!empty($this->model))
{
$this->_sessionName = $this->site . '.' . $this->model;
$this->_authSession = &App::loadModel('AuthSession');
$this->_authModel = &App::loadModel($this->model);
}
}
function startup(&$controller)
{
$permitted = false;
foreach($this->allowedIpAddresses as $ipAddress)
{
if($_SERVER['SERVER_ADDR']===$ipAddress)
{
$permitted = true;
break;
}
}
if(!$permitted)
{
header('Location: forbidden.php');
return;
}
if(defined('PREFIX'))
$prefix = PREFIX;
else
$prefix = '';
if($this->_authModel === null || $this->_authSession === null)
{
if($this->loginRequired === true)
{
$controller->redirect($this->loginController, $this->loginPage);
}
return;
}
$count = count($this->fields);
if($prefix.$this->loginPage == Router::$action && isset($controller->data[$this->model]) && (count($controller->data[$this->model]) == $count))
{
max login attempts#start/
$tryInfo = null;
$tryInfo = $this->Session->get('login_attempts');
if(!is_null($tryInfo))
{
$firstImpression = $tryInfo['first_impression'];
$loginAttempts = $tryInfo['login_attempts'];
$lastImpression = strtotime($tryInfo['last_impression']);
$currentTime = strtotime(currentTime());
if(($currentTime - $lastImpression)>$this->loginLockDuration60)
{
$loginAttempts = 1;
}
if(($loginAttempts>$this->maxLoginAttempts)&&($currentTime - $lastImpression)<$this->loginLockDuration60)
{
$controller->setFlash($this->msgTooManyAttempts);
$controller->redirect($this->loginController, $this->loginPage);
return;
}
else
{
$loginAttempts++;
$tryInfo['login_attempts'] = $loginAttempts;
$tryInfo['last_impression']= currentTime();
$this->Session->set('login_attempts', $tryInfo);
}
}
else
{
$tryInfo['login_attempts'] = 1;
$tryInfo['first_impression'] = currentTime();
$tryInfo['last_impression'] = currentTime();
$this->Session->set('login_attempts', $tryInfo);
}
max login attempts#start/
$this->loggedIn = $this->__login($controller->data[$this->model], $this->condition);
if($this->loggedIn)
{
$requestedPage = $this->Session->get('requested_url');
if(!is_null($requestedPage)&&(count($requestedPage)>0))
{
$requestedController = Inflector::underscore($requestedPage['controller']);
$requestedAction = Inflector::underscore($requestedPage['action']);
$requestedParams = $requestedPage['params'];
$requestedMoreAttrs = $requestedPage['more'];
$requestedScript = $requestedPage['script'];
$this->Session->remove('requested_url');
//$controller->redirect($requestedController, $requestedAction,$requestedParams, $requestedMoreAttrs);
$link = $requestedScript . '?action=' . $requestedController . '-' .
$requestedAction . (!empty($requestedParams) ? ('-'.implode('-', $requestedParams)) : '');
if(!empty($requestedMoreAttrs))
{
foreach($requestedMoreAttrs as $key=>$value)
{
$link .= '&'.$key.'='.$value;
}
}
header('location: ' . $link);
}
else
{
$controller->redirect($this->loginController, $this->homePage);
}
return;
}
else
{
$controller->setFlash($this->msgInvalidUser);
$controller->redirect($this->loginController, $this->loginPage);
}
}
else
{
if(Router::$action != $prefix.$this->loginPage)
{
if(Router::$action === $prefix.$this->logoutPage)
{
$this->__logout();
$controller->setFlash($this->msgLogout);
$controller->redirect($this->loginController, $this->afterLogoutPage);
}
else if($this->__checkValidSession() === false)
{
$requestedPage = $this->Session->get('requested_url');
$requestedPage['controller'] = Router::$controller;
$requestedPage['action'] = Router::$originalAction;
$requestedPage['params'] = Router::$params;
$requestedPage['more'] = Router::$more;
$requestedPage['script'] = Router::$script;
$this->Session->set('requested_url', $requestedPage);
$controller->setFlash($this->msgNotLoggedIn);
$controller->redirect($this->loginController, $this->loginPage);
}
else
{
$this->loggedIn = true;
}
}
}
}
function __login($values, $condition)
{
if(method_exists($this->model, 'authenticate'))
{
$userData = $this->_authModel->authenticate($values, $condition);
}
else
{
foreach($this->fields as $field)
{
if($field === 'password')
{
if($this->encryptPassword)
{
$value = &Database::escape($this->password($values[$field]));
}
else
{
$value = &Database::escape($values[$field]);
}
}
else
{
$value = &Database::escape($values[$field]);
}
$condition .= (empty($condition)?'':' AND ') . '`' . $this->model . '`.' .'`'.$field.'` COLLATE latin1_bin = \''.$value."'";
}
$userData = $this->_authModel->find($condition);
}
if($userData != null)
{
/ TODO: if disable /
// $this->Session->regenerate();
$userSessionId = $this->Session->sessionId();
$this->Session->set( $this->_sessionName, $userSessionId );
$userSessionId = sha1($this->_sessionName . $userSessionId . $this->secretSalt);
$userSessionData = array('AuthSession' =>
array('session_id' => $userSessionId,
'login_time' => currentTime(),
'last_impression' => currentTime(),
'ip' => $_SERVER['REMOTE_ADDR'],
'user_id'=> $userData[$this->model][$this->_authModel->primaryKey],
'model'=> $this->model,
'user_data'=>serialize($userData)
)
);
if($this->_authSession->save($userSessionData, false) === true)
{
$this->userData = &$userData;
$this->sessionId = $userSessionId;
$this->Session->remove('login_attempts');
return true;
}
}
return false;
}
function __logout()
{
Remove from session table.
/
$sessionId = sha1($this->_sessionName . $this->Session->get($this->_sessionName) . $this->secretSalt);
$condition = '`session_id` = \'' . $sessionId . '\' AND `model` = \''.$this->model.'\'';
//$condition.= ' AND `ip`=\'' . $_SERVER['REMOTE_ADDR'] .'\'';
$this->_authSession->delete($condition);
Remove all invalid/expired sessions.
/
$sessionDuration = $this->timeOffset 60;
$inactivityInterval = $this->inactivityInterval 60;
$condition = '(UNIX_TIMESTAMP(\'' . currentTime() . '\') - UNIX_TIMESTAMP(last_impression)) > ' . $inactivityInterval;
$this->_authSession->delete($condition);
$condition = '';
$this->Session->destroySession();
}
function __checkValidSession()
{
$sessionId = sha1($this->_sessionName . $this->Session->get($this->_sessionName) . $this->secretSalt);
// check if session available
$sessionDuration = $this->timeOffset 60;
$inactivityInterval = $this->inactivityInterval 60;
$condition = '(UNIX_TIMESTAMP(\'' . currentTime() . '\') - UNIX_TIMESTAMP(last_impression)) > ' . $inactivityInterval;
$this->_authSession->delete($condition);
$condition = '';
$condition = "session_id = '" . $sessionId . "' AND `model`= '{$this->model}'";
//$condition .= ' AND ip=\'' . $_SERVER['REMOTE_ADDR'] . '\'';
$checkValidSession = $this->_authSession->find($condition);
if(count($checkValidSession) === 1)
{
// check if session expired
$timeOut = strtotime($checkValidSession['AuthSession']['login_time']) + $sessionDuration;
$currentTime = strtotime(currentTime());
if($timeOut > $currentTime)
{
// find logged in user
if(method_exists($this->_authModel, 'checkSession'))
{
$userData = &$this->_authModel->checkSession(unserialize($checkValidSession['AuthSession']['user_data']));
}
else
{
$conditions = $this->model . '.' . $this->_authModel->primaryKey.'=' . $checkValidSession['AuthSession']['user_id'];
$userData = & $this->_authModel->find($conditions);
}
if($userData != null)
{
/ TODO: if disable /
$sessionId = sha1($this->_sessionName . $this->Session->get($this->_sessionName) . $this->secretSalt);
$condition = '`session_id` = \'' . $sessionId . '\' AND `model` = \''.$this->model.'\'';
//$condition.= ' AND `ip`=\'' . $_SERVER['REMOTE_ADDR']. '\'';
$data = array();
$data['AuthSession']['last_impression'] = currentTime();
$this->_authSession->update($data, '', $condition);
$this->userData = & $userData;
return true;
}
}
}
$this->_authSession->delete($condition);
$this->Session->destroySession();
return false;
}
function password($password)
{
return sha1($password);
}
function user($field)
{
if(isset($this->userData[$this->model][$field]))
return $this->userData[$this->model][$field];
return null;
}
}
?>
?>
What's wrong in this script that is giving me 500 error?
There are Multiple Errors in the code. Here is the List!
Syntax Error : MultiLine Comments
Line 8 : Unexpected "/" # it Should be /* or */
Line 20: Unexpected "/" # It should be /* or */
Lines 24-39 : You forgot to start the MultiLine Comment!
Line 43 : Again you forgot to Start single Line Comment!
Line 122 : Again you forgot to start and end Single Line comment!
Line 159 : Don't know if you forgot to start comment or bad code!
Line 261 : Again forgot to start and end the comment!
Line 290 and 297 : Forgot to start and end the comment!
Line 291 and 298 : Syntax error! Looks like you wanted to start comment!
Line 339 : Syntax Error In MultiLine Comment! I am tired of writing again! :v
These are just Comment Errors!
There are multiple Variable Definition errors too! There are other Multiple errors! Check the full code once!