search

PrestaShopCorp / erpillicopresta

1 stars 2 forks source link

base64 encoded content #3

Open SebSept opened 7 years ago

SebSept commented 7 years ago

Hello,

Are we supposed to blindly trust the obfuscated content in config/control.php and config/interval.php ?

😨 😱

Shagshag commented 7 years ago

Obfuscation is useless, those who don't care doesn't need it, those who care can bypass it easily. content of config/control.php:

<?php

require_once _PS_MODULE_DIR_.'erpillicopresta/config/define.php';
require_once _PS_MODULE_DIR_.'erpillicopresta/config/Licence.php';
$a = false;
$b = false;
if($a) {
    Configuration::updateValue('ERP_BLACKLIST', '1');
    $c = '2015-03-30';
    $d = '2015-02-27';
    $e = (($f = Configuration::get('ERP_WS_CHECK_COUNT')) == 0) ? 5 : 1;
} else { 
    $c = Date('Y-m-d');
    $d = Date(Configuration::get('ERP_WS_DATE'));
    $e = (($f = Configuration::get('ERP_WS_CHECK_COUNT')) == 0) ? 5 : 1;
} 
$g = date('Y-m-d', strtotime($d . ' + ' . $e . ' day' . (($e > 1) ? 's' : ''))); 
if ((($c >= $g) && $c != Configuration::get('ERP_LAST_CHECK_DATE')) || $d == '') { 
    if($a) echo 'entrée test'.''."\n".''."\r".'';
    if($b) { 
        $h = array();
        $h[0] = '';
    } else 
        $h = get_headers(ERP_WS); 
    if ($h[0] != 'HTTP/1.1 200 OK') { 
        if($a) 
            echo 'WS NOK'.''."\n".''."\r".''; 
        if ($f >= 4) { 
            if($a) 
                echo 'DELETE ALL'.''."\n".''."\r".''; 
            Db::getInstance()->delete('erpip_feature');
            Configuration::deleteByName('ERP_WS_DATE');
            Configuration::updateValue('ERP_LICENCE_VALIDITY', '0');
            Configuration::deleteByName('ERP_WS_CHECK_COUNT');
        } else {
            Configuration::updateValue('ERP_WS_CHECK_COUNT', $f +1);
            Configuration::updateValue('ERP_LAST_CHECK_DATE', $c);
        } 
        if(Configuration::get('ERP_BLACKLIST') == '1') {
            $i = array( 'active' => '0', 'blacklist' => '1' );
            $obLicence = new Licence();
            $obLicence->number = Configuration::get('ERP_LICENCE');
            var_dump($obLicence->updateLicence($i));
        }
    } else { 
        if($a) echo 'WS OK'."\n";
        Configuration::updateValue('ERP_WS_CHECK_COUNT', 0);
        if (Licence::getChecksum(_PS_MODULE_DIR_.'erpillicopresta')) { 
            if($a) echo 'Checksum OK'."\n"; 
            $obLicence = new Licence(); 
            $obLicence->number = Configuration::get('ERP_LICENCE'); 
            $obLicence->loadLicence(); 
        }
    }
} 
if($a) { 
    echo 'today : '.$c."\n"; 
    echo 'interval : '.$e."\n"; 
    echo 'wsdate : '.$d."\n"; 
    echo 'checkdate : '.$g."\n"; 
    echo 'last checkdate : '.Configuration::get('ERP_LAST_CHECK_DATE')."\n"; 
    echo 'check count : '.Configuration::get('ERP_WS_CHECK_COUNT')."\n"; 
    die(); 
} 
?>