2016年2月5日 星期五

為 PHP 檔加密


現在開發手機應用程式,少不免會連接服務器取得最新數據。我喜歡用 .php 作為應用程式跟服務器的中介接口,貪他方便又資源豐富。有時客人希望自己管理服務器,但是我又不想被客戶簡單地拿後台的 .php 源代碼,於是參考了 https://www.dontbebad.com/blog/2013/04/simple-php-obfuscator/ 編寫出以下程式:
<?php
//----------------------------------------------------------------------------------------
//  PHP File Obfuscator
//  This program will compress a PHP file and name it .min.php
//----------------------------------------------------------------------------------------
//  Written by Pacess HO
//  Copyright 2016 Pacess Studio.  All rights reserved.
//----------------------------------------------------------------------------------------

//----------------------------------------------------------------------------------------
function getDirectoryArray($directory)  {
   $resultArray = array(); 
   $fileArray = scandir($directory); 
   foreach ($fileArray as $key => $value)  {

      //  Skip . & ..
      if (in_array($value, array(".", "..")))  {continue;}

      $filePath = $directory.DIRECTORY_SEPARATOR.$value;
      if (is_dir($filePath) == false)  {$resultArray[] = $filePath;}
      else  {

         $subdirectoryArray = getDirectoryArray($filePath);
         $resultArray = array_merge($resultArray, $subdirectoryArray);
      }
   } 
   return $resultArray; 
} 

//=========================================================================================
//  Main program
$encryptedPHPHeader = "<?php\n".
   "//----------------------------------------------------------------------------------------\n".
   "//  Written by Pacess HO\n".
   "//  Copyright 2016 Pacess Studio.  All rights reserved.\n".
   "//----------------------------------------------------------------------------------------\n".
   "ob_start();";
$encryptedPHPFooter = 'eval(gzuncompress(base64_decode($code)));$v=ob_get_contents();ob_end_clean(); ?>';
$encrypedPHPCount = 0;

echo("\n");
echo("-----------------------------------------------------------\n");
echo("--  PHP File Obfuscator v1.00                            --\n");
echo("-----------------------------------------------------------\n");
echo("--  Written by Pacess HO                                 --\n");
echo("--  Copyright 2016 Pacess Studio.  All rights reserved.  --\n");
echo("-----------------------------------------------------------\n");
echo("\n");

$fileArray = getDirectoryArray(".");
foreach ($fileArray as $key => $filePath)  {
   echo("#$key ");

   $tail = strtolower(substr($filePath, -8));
   if ($tail == ".min.php")  {
      echo("Skip [$filePath] because it is already compressed.\n");
      continue;
   }

   $tail = strtolower(substr($filePath, -4));
   if ($tail != ".php")  {
      echo("Skip [$filePath] because it is not a PHP file.\n");
      continue;
   }

   //  Check if this .php file, if yes then skip
   if (strpos($filePath, "phpEncrypt.php") !== false)  {
      echo("Skip [$filePath] because it is current tool file.\n");
      continue;
   }

   //  It is .php file, encrypt now!
   echo("Encoding [$filePath]...");
   $data = "ob_end_clean();?>";
   $data .= php_strip_whitespace($filePath);

   //  Compress data
   $zipData = gzcompress($data, 9);
   $base64Data = base64_encode($zipData);
   $encryptedPHPContent = '$code=\''.$base64Data.'\';';

   $outputPath = substr($filePath, 0, -4).".min.php";
   $result = file_put_contents($outputPath, $encryptedPHPHeader.$encryptedPHPContent.$encryptedPHPFooter);
   echo("[$outputPath]...$result bytes written.\n");

   $encrypedPHPCount++;
}
echo("\nTotal $encrypedPHPCount PHP files have been encrypted.\n~ Finish ~\n\n");
?>
執行方法是在 Terminal 中輸入 php phpEncrypt.php,就會將當前目錄以下的所有 .php 檔案加密,並儲存成 .min.php 檔案。

沒有留言: