How to view hidden php file

yes of course

Is the licensee responsible for installing the script on their own server or are you managing the servers and installation.

Why are people so obsessed with obfuscating source files? If you want someone to download your files and have them work on it, why force them to go through 1,000 hoops just to do a simple print 'hello world';? You’re just putting more work on yourself to try and find a solution.

So to make it simple, even if you do happen to figure out a way to “obfuscate” your files, you do understand that there’s always a way to “unobfuscate” it correct? Unless the file is compiled or built using a different language, source codes in PHP can easily be accessed if the user has the PHP files themselves.

What I would do is put a disclaimer in the top of the PHP file saying if these files are used on multiple domains and not the one they were bought for, then the license agreement will be terminated and further actions can result in legal actions.


Obfuscating is biggest waste of time. If someone wants to steal your code he will find a way.

Be fair to and trust your customers is the only thing you can do.


How fairer can you be telling a customer that you only want this on one domain, and the person will gladly install it on one domain because you casted a spell on him? even though nothing is hidden under the earth yet we should try and make certain things a bit difficult.

For that type of business model a compiled language would be better suited like c#, java, rust, or go. You could create dedicated executables or jars (java) with hard-coded licensing that no one could change without the source to recompile. There is also a project around the web somewhere to compile a nodejs program to an executable. There are php to executable projects on web available. That might be a better option.

To elaborate on that, given this example file:

When you run it through this code:


$lines = explode("\n", file_get_contents('input.txt'));

$lines = array_map('trim', $lines);
$lines = array_map(function ($line) { return preg_replace('~\s{2,}~', '  ', $line); }, $lines);

$lines = array_filter($lines);

echo implode("\n", $lines);

what remains is

$__='printf';$_='Loading Test code';
$_____='  b2JfZW5kX2NsZWFu';  $______________='cmV0dXJuIGV2YWwoJF8pOw==';
$______=' Z3p1bmNvbXByZXNz';  $___='  b2Jfc3RhcnQ=';  $____='b2JfZ2V0X2NvbnRlbnRz';  $__=  'base64_decode'  ;  $______=$__($______);  if(!function_exists('__lambda')){function __lambda($sArgs,$sCode){return eval("return function($sArgs){{$sCode}};");}}  $__________________=$__($__________________);  $______________=$__($______________);
$__________=$__________________('$_',$______________);  $_____=$__($_____);  $____=$__($____);  $___=$__($___);  $_='eNrt2kFrgzAUB/C7sO+QQ+FZGGLH2CghhzpWWQ8dpUNtLtKq3WSblqWj+O2nRtrJDmtpGaz8fyGRBB6RF8hBH2NaJywJWn2k2XpJvJ42BD0las2iPE7Y3dtcKcuyiBtNILsw0H5vRpVRdkLixwoFvb6a+b1UuveC6qXdKe2lOXXBAADOE0Xvnh0Ho88H17ua+Zt8NOwvg+L1Vl+a5a2pr+sQqQIAAAAA+G/wOQMA4HzRYq6Sm+swTqrfFMSREQAAgKO0SwGkP84XxSDz3JdVVDhVn0yHg2e97thlT+XUsWUwtqU/yR43QhA3jL9/YVE/zWbW5YeEf4vdJ7Cz29CkaqTL7baokzisTqKdU7N1iDqlXf4FrYteiw==';
$___();$__________($______($__($_))); $________=$____();
$_____();  echo

Like I said, the whitespace is a red herring, there is no information there.

1 Like

Is that relevant, given that the OP has said this?

I don’t use Wordpress, but I would imagine it requires plug-ins to be written in PHP.

not really

This obfuscation for a specific domain reminds me of Google’s validation that requires an encoded HTML file to be loaded and verified.

really i think I should check them out, thanks for pointing it out

exactly i just figured it out following your example, even without reading through the file, a nice scroll will show some of the codes. So it wasn’t an empty file.
but will give someone stress decoding the encrypted codes after he might removed the white spaces.

Nice write up above especially if you can recommend a nice php compiler.

but the part you mentioned of putting disclaimer is so hilarious, sounds more like an empty threat.

Beside i don’t have all the time pursuing lawa suits and cases and most times users of your script are residents of other countries which can take certain international laws.
even if they will eventually find out atleast lets make it a bit hard

Yes exactly, php and some java though but basically is a php functions.
And secondly am not good with c#, java and the above mentioned compilation language,

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.