Friday, 10 August 2018

Obfusticating PHP Code

You will sometimes want to make sure that your code is a better hidden from the end user. For example, you might want to make sure that your database password files are completely hidden from prying eyes so that even if your web server is hacked your database server isn't also compromised.
Take the following code, which prints out "Hello world".
echo "Hello world";
You can encode this into meaningless text by using the base64_encode() function.
$code = base64_encode('echo "Hello world";');
This turns the $code variable into the following.
ZWNobyAiSGVsbG8gd29ybGQiOw==
Which can be run again by using the bade64_decode() function in conjunction with the eval() function.
eval(base64_decode($code));
This produces the same output as the original code. You can just copy and paste the encoded code into a string and pass this string into the eval() and base64_decode() functions.
The only problem with the technique is that it adds another level of complexity to your PHP code, which in turn will slow it down. So by all means use this code in your own projects, but don't convert your entire application or it will crawl.

0 comments:

Post a Comment