Hello friends, I'm using PHP code to host site and found some issue with code. If server is down my site is going down due to remote check issues. I want make changes like even server is down my site should not go down or its should not perform remote check. Please advice. function check_license($licensekey, $localkey = '') { $whmcsurl = 'http://abc.com/license'; $licensing_secret_key = 'xyzabd123*******'; $check_token = time( ) . md5( mt_rand( 1000000000, 9999999999 ) . $licensekey ); date( 'Ymd' ); $checkdate = ; $usersip = (isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['LOCAL_ADDR']); $localkeydays = 21; $allowcheckfaildays = 16; $localkeyvalid = false; if ($localkey) {str_replace( '', '', $localkey ); $localkey = ; substr( $localkey, 0, strlen( $localkey ) - 32 ); $localdata = ; substr( $localkey, strlen( $localkey ) - 32 ); $md5hash = ; if ($md5hash == md5( $localdata . $licensing_secret_key )) { strrev( $localdata ); $localdata = ; substr( $localdata, 0, 32 ); $md5hash = ; substr( $localdata, 32 ); $localdata = ; base64_decode( $localdata ); $localdata = ; unserialize( $localdata ); $localkeyresults = ; $localkeyresults['checkdate']; $originalcheckdate = ; if ($md5hash == md5( $originalcheckdate . $licensing_secret_key )) { date( 'Ymd', mktime( 0, 0, 0, date( 'm' ), date( 'd' ) - $localkeydays, date( 'Y' ) ) ); $localexpiry = ; if ($localexpiry < $originalcheckdate) {$localkeyvalid = true; $localkeyresults; $results = ; explode( ',', $results['validdomain'] ); $validdomains = ; if (!in_array( $_SERVER['SERVER_NAME'], $validdomains )) { $localkeyvalid = false; $localkeyresults['status'] = 'Invalid'; $results = array( ); } explode( ',', $results['validip'] ); $validips = ; if (!in_array( $usersip, $validips )) { $localkeyvalid = false; $localkeyresults['status'] = 'Invalid'; $results = array( ); } if ($results['validdirectory'] != dirname( __FILE__ )) { $localkeyvalid = false; $localkeyresults['status'] = 'Invalid'; $results = array( ); } } } } } if (!$localkeyvalid) { $postfields['licensekey'] = $licensekey; $postfields['domain'] = $_SERVER['SERVER_NAME']; $postfields['ip'] = $usersip; $postfields['dir'] = dirname( __FILE__ ); if ($check_token) { $postfields['check_token'] = $check_token; } if (function_exists( 'curl_exec' )) { curl_init( ); $ch = ; curl_setopt( $ch, CURLOPT_URL, $whmcsurl . 'modules/servers/licensing/verify.php' ); curl_setopt( $ch, CURLOPT_POST, 1 ); curl_setopt( $ch, CURLOPT_POSTFIELDS, $postfields ); curl_setopt( $ch, CURLOPT_TIMEOUT, 30 ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 ); curl_exec( $ch ); $data = ; curl_close( $ch ); } else { fsockopen( $whmcsurl, 80, $errno, $errstr, 5 ); $fp = ; if ($fp) { $querystring = ''; foreach ($postfields as ) {[0];[1]; $v = ; $k = ; $querystring .= '' . $k . '=' . urlencode( $v ) . '&'; } $header = 'POST ' . $whmcsurl . 'modules/servers/licensing/verify.php HTTP/1.0'; $header .= 'Host: ' . $whmcsurl . ''; $header .= 'Content-type: application/x-www-form-urlencoded'; $header .= 'Content-length: ' . @strlen( $querystring ) . ''; $header .= 'Connection: close'; $querystring; $header .= ; $data = ''; @stream_set_timeout( $fp, 20 ); @fputs( $fp, $header ); @socket_get_status( $fp ); $status = ; while (( !@feof( $fp ) && $status )) { @fgets( $fp, 1024 ); $data .= ; @socket_get_status( $fp ); $status = ; } @fclose( $fp ); } } if (!$data) { date( 'Ymd', mktime( 0, 0, 0, date( 'm' ), date( 'd' ) - ( $localkeydays + $allowcheckfaildays ), date( 'Y' ) ) ); $localexpiry = ; if ($localexpiry < $originalcheckdate) { $localkeyresults; $results = ; } else { $results['status'] = 'Invalid'; $results['description'] = 'Remote Check Failed'; return $results; } } preg_match_all( '/<(.*?)>([^<]+)<\/\1>/i', $data, $matches ); $results = array( ); foreach ($matches[1] as ) { [0]; [1]; $v = ; $k = ; $results[$v] = $matches[2][$k]; } if ($results['md5hash']) { if ($results['md5hash'] != md5( $licensing_secret_key . $check_token )) { $results['status'] = 'Invalid'; $results['description'] = 'MD5 Checksum Verification Failed'; return $results; } } if ($results['status'] == 'Active') { $results['checkdate'] = $checkdate; serialize( $results ); $data_encoded = ; base64_encode( $data_encoded ); $data_encoded = ; $data_encoded = md5( $checkdate . $licensing_secret_key ) . $data_encoded; strrev( $data_encoded ); $data_encoded = ; $data_encoded = $data_encoded . md5( $data_encoded . $licensing_secret_key ); wordwrap( $data_encoded, 80, ' ', true ); $data_encoded = ; $results['localkey'] = $data_encoded; } $results['remotecheck'] = true; } unset( $postfields,$data,$matches,$whmcsurl,$licensing_secret_key,$checkdate,$usersip,$localkeydays,$allowcheckfaildays,$md5hash ); return $results; $file = 'license.txt'; explode( '', file_get_contents( $file ) ); $lines = ; $lines[0]; $licensekey = ; $localkey = '9tjIxIzNwgDMwIjI6gjOztjIlRXYkt2Ylh2YioTO6M3OicmbpNnblNWasx1cyVmdyV2ccNXZsVHZv1GX zNWbodHXlNmc192czNWbodHXzN2bkRHacBFUNFEWcNHduVWb1N2bExFd0FWTcNnclNXVcpzQioDM4ozc 7ISey9GdjVmcpRGZpxWY2JiO0EjOztjIx4CMuAjL3ITMioTO6M3OiAXaklGbhZnI6cjOztjI0N3boxWY j9Gbuc3d3xCdz9GasF2YvxmI6MjM6M3Oi4Wah12bkRWasFmdioTMxozc7ISeshGdu9WTiozN6M3OiUGb jl3Yn5WasxWaiJiOyEjOztjI3ATL4ATL4ADMyIiOwEjOztjIlRXYkVWdkRHel5mI6ETM6M3OicDMtcDM tgDMwIjI6ATM6M3OiUGdhR2ZlJnI6cjOztjIlNXYlxEI5xGa052bNByUD1ESXJiO5EjOztjIl1WYuR3Y 1R2byBnI6ETM6M3OicjI6EjOztjIklGdjVHZvJHcioTO6M3Oi02bj5ycj1Ga3BEd0FWbioDNxozc7ICb pFWblJiO1ozc7IyUD1ESXBCd0FWTioDMxozc7ISZtFmbkVmclR3cpdWZyJiO0EjOztjIlZXa0NWQiojN 6M3OiMXd0FGdzJiO2ozc7pjMxoTY8baca0885830a33725148e94e693f3f073294c0558d38e31f844 c5e399e3c16a'; if (!file_exists( 'includes/licensevalidator.php' )) { exit( 'license validator is missing....' ); } require_once( 'includes/licensevalidator.php' ); if (!empty( $acHash )) { $toCheck = 518; if ($acHash == md5( date( 'Y-m-d A', strtotime( 'now' ) ) . 'Active-Site-Validated-For-' . urlencode( $_SERVER['HTTP_HOST'] ) )) { $___EZY___wbValid______ = 'active'; $toCheck = 517; } else { if ($acHash == md5( date( 'Y-m-d A', strtotime( 'now' ) ) . '-INVALID-For-' . urlencode( $_SERVER['HTTP_HOST'] ) )) { $___EZY___wbValid______ = 'invalid'; } else { if ($acHash == md5( date( 'Y-m-d A', strtotime( 'now' ) ) . '-EXPIRED-For-' . urlencode( $_SERVER['HTTP_HOST'] ) )) { $___EZY___wbValid______ = 'expired'; } else { if ($acHash == md5( date( 'Y-m-d A', strtotime( 'now' ) ) . '-SUSPENDED-For-' . urlencode( $_SERVER['HTTP_HOST'] ) )) { $___EZY___wbValid______ = 'suspended'; } } } } } else { $toCheck = 518; } if ($toCheck == 1) { check_license( $licensekey, $localkey ); $results = ; fopen( 'includes/licensevalidator.php', 'w' ); $fp = ; if (!$fp) { exit( 'licensevalidator missing.....' ); } if ($results['status'] == 'Active') { md5( date( 'Y-m-d A', strtotime( 'now' ) ) . 'Active-Site-Validated-For-' . urlencode( $_SERVER['HTTP_HOST'] ) ); $md5HASH = ; $phpWrite = '<? $acHash = "' . $md5HASH . '"; ?>'; fwrite( $fp, $phpWrite ); $___EZY___wbValid______ = 'active'; } else { if ($results['status'] == 'Invalid') { md5( date( 'Y-m-d A', strtotime( 'now' ) ) . '-INVALID-For-' . urlencode( $_SERVER['HTTP_HOST'] ) ); $md5HASH = ; $phpWrite = '<? $acHash = "' . $md5HASH . '"; ?>'; fwrite( $fp, $phpWrite ); $___EZY___wbValid______ = 'Your License is Invalid'; } else { if ($results['status'] == 'Expired') { md5( date( 'Y-m-d A', strtotime( 'now' ) ) . '-EXPIRED-For-' . urlencode( $_SERVER['HTTP_HOST'] ) ); $md5HASH = ; $phpWrite = '<? $acHash = "' . $md5HASH . '"; ?>'; fwrite( $fp, $phpWrite ); $___EZY___wbValid______ = 'Your License is Expired'; } else { if ($results['status'] == 'Suspended') { md5( date( 'Y-m-d A', strtotime( 'now' ) ) . '-SUSPENDED-For-' . urlencode( $_SERVER['HTTP_HOST'] ) ); $md5HASH = ; $phpWrite = '<? $acHash = "' . $md5HASH . '"; ?>'; fwrite( $fp, $phpWrite ); $___EZY___wbValid______ = 'Your License is Suspended'; } } } } } if ($___EZY___wbValid______ != 'active') { exit( $___EZY___wbValid______ ); } PHP:
What is this for? I can see that it's a license-check, but what is the license for? The software/script running the site? Some plugin? Something you use on your site? If it's the site itself, it might be possible to store a local copy of the signature (I didn't look to closely at the code, but I see it fetches something using cURL) - and run off that. If it's just some plugin/part code, you should be able to show everything else except what this pertains to. Best bet would be to use something that doesn't require a license and licensecheck against a remote site.
I see your curl call is set to 30 seconds. Try to use a 5 sec or 10 seconds timeout instead. curl_setopt( $ch, CURLOPT_TIMEOUT, 5 ); Code (markup): This will probably make your script continue running but you will probably get some error message regarding your license check.
Without knowing how the rest of the script validates the retunvalues from the check_license-function, it's almost impossible to know - the function seems to just return values to a license.txt-file and some variables - if those can be faked, then sure, you can bypass this check, but I'm at least hoping the writers of whatever this is have done something to prevent that from happening.