phplockitv2 decode??? |
Posted: Thu Oct 14, 2010 7:20 pm |
klih |
Regular user |

Joined: Oct 12, 2010 |
Posts: 11 |
Posted: Fri Oct 15, 2010 12:14 am |
tsabitah |
Valuable expert |

Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
Code: | <?php
$file = $_GET[file];
function xkdl_determine_action($att_option, $default_msg = '')
global $helper;
if ($att_option) {
if ($helper->isURL($att_option)) {
header('Location: ' . $att_option);
} else {
} else
if (!empty($file)) {
global $current_user;
$helper = new xkdl_funcs();
$file_data = $helper->url_decrypt($file);
$file_args = unserialize($file_data);
$xkdl_reqlogin = isset($file_args[reqlogin]) ? $file_args[reqlogin] : get_option('xkdl_reqlogin');
$xkdl_refcheck = isset($file_args[checkref]) ? $file_args[checkref] : get_option('xkdl_refcheck');
$xkdl_reqlogin_invalid = isset($file_args[reqlogin_invalid]) ? $file_args[reqlogin_invalid] : get_option('xkdl_reqlogin_invalid');
$xkdl_refcheck_invalid = isset($file_args[refcheck_invalid]) ? $file_args[refcheck_invalid] : get_option('xkdl_refcheck_invalid');
$xkdl_link_expired = isset($file_args[link_expired]) ? $file_args[link_expired] : get_option('xkdl_link_expired');
if (!$current_user->ID && $xkdl_reqlogin) {
xkdl_determine_action($xkdl_reqlogin_invalid, 'You must be logged in to download this file.');
if ($xkdl_refcheck == 'flash') {
header('Location: ' . $file_args['url']);
if ($xkdl_refcheck && !$helper->verifyReferer()) {
xkdl_determine_action($xkdl_refcheck_invalid, 'You do not have permission to access this file.');
$actual = $file_args['url'];
if (strpos($actual, 'http://s3.amazonaws.com') !== false) {
if (!$helper->checkS3LinkActive($actual)) {
exit('Invalid Link');
} elseif (isset($file_args[expires])) {
if (time() > $file_args[expires])
xkdl_determine_action($xkdl_link_expired, 'Link has expired.');
?> |
Posted: Fri Oct 15, 2010 12:15 am |
tsabitah |
Valuable expert |

Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
Code: | <?php
class xkdl_funcs
function xkdl_funcs()
return false;
function showPre($arr)
echo '<pre>';
echo '</pre>';
function toBase64($str)
return base64_encode($str);
function fromBase64($str)
$str = ($this->lastChar($str) == '=') ? substr($str, 0, -1) : $str;
return base64_decode($str);
function lastChar($str)
return substr($str, -1);
function isURL($str)
return(strpos($str, '://') !== false);
function url_encrypt($url)
$url = trim($url);
$url = $this->encrypt_decrypt($url);
$url = htmlentities(urlencode($url));
$url = urlencode($this->toBase64($url));
return $url;
function url_decrypt($url)
$url = urldecode($url);
$url = $this->fromBase64($url);
$url = urldecode($url);
$url = $this->encrypt_decrypt($url);
return $url;
function encrypt_decrypt($Str_Message)
$Len_Str_Message = strlen($Str_Message);
$Str_Encrypted_Message = '';
for ($Position = 0; $Position < $Len_Str_Message; $Position++) {
$Key_To_Use = (($Len_Str_Message + $Position) + 1);
$Key_To_Use = (255 + $Key_To_Use) % 255;
$Byte_To_Be_Encrypted = substr($Str_Message, $Position, 1);
$Ascii_Num_Byte_To_Encrypt = ord($Byte_To_Be_Encrypted);
$Xored_Byte = $Ascii_Num_Byte_To_Encrypt ^ $Key_To_Use;
$Encrypted_Byte = chr($Xored_Byte);
$Str_Encrypted_Message .= $Encrypted_Byte;
return $Str_Encrypted_Message;
function relativize($url, $dots)
if (strpos($url, 'http') === 0)
return $url;
if (strpos($url, '/') === 0) {
$docroot = explode('/', $_SERVER['DOCUMENT_ROOT']);
$drstart = '/' . $docroot[1] . '/' . $docroot[2] . '/';
if (strpos($url, $drstart) === false)
$returl = 'http://' . $_SERVER['HTTP_HOST'] . $url;
$returl = $url;
} else {
$returl = $dots . $url;
return $returl;
function getRemoteFileSize($url)
$parsed = parse_url($url);
$host = $parsed['host'];
$fp = @fsockopen($host, 80, $errno, $errstr, 20);
if (!$fp)
return false;
else {
@fputs($fp, "HEAD $url HTTP/1.1\r\n");
@fputs($fp, "HOST: $host\r\n");
@fputs($fp, "Connection: close\r\n\r\n");
$headers = '';
while (!@feof($fp))
$headers .= @fgets($fp, 128);
$ret = false;
$arr_headers = explode('\n', $headers);
foreach ($arr_headers as $header) {
$s = 'Content-Length: ';
if (substr(strtolower($header), 0, strlen($s)) == strtolower($s)) {
$ret = trim(substr($header, strlen($s)));
} else {
preg_match('|Content-Length: ([0-9]+)|is', $header, $matches);
$ret = $matches[1];
return $ret;
function sendBrowserFile($download, $fnToUse = false)
$file = $download;
$fileparts = explode('/', $download);
$filename = $fileparts[count($fileparts) - 1];
$pURL = parse_url($filename);
$baseFilename = $pURL['path'];
$overrideMIMEType = true;
if (!function_exists('mime_content_type') || $overrideMIMEType) {
function mime_content_type_ii($filename)
$idx = strtolower(end(explode('.', $filename)));
$mimetype = array('htm' => 'text/html', 'html' => 'text/html', 'shtml' => 'text/html', 'php' => 'text/html', 'asp' => 'text/html', 'aspx' => 'text/html', 'ai' => 'application/postscript', 'aif' => 'audio/x-aiff', 'aifc' => 'audio/x-aiff', 'mp3' => 'application/iTunes', 'mp3orig' => 'audio/mpeg', 'wav' => 'audio/x-wav', 'swf' => 'application/x-shockwave-flash', 'xyz' => 'chemical/x-xyz', 'zip' => 'application/zip', 'pdf' => 'application/pdf', 'doc' => 'application/msword', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', 'exe' => 'application/octet-stream', 'gif' => 'image/gif', 'png' => 'image/png', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'flv' => 'video/x-flv', 'mpeg' => 'video/mpeg', 'mpg' => 'video/mpeg', 'mpe' => 'video/mpeg', 'mov' => 'video/quicktime', 'avi' => 'video/x-msvideo');
if (isset($mimetype[$idx]))
return $mimetype[$idx];
return 'application/octet-stream';
$fileExists = @fopen($file, 'rb');
if (!$fileExists && $this->isURL($file)) {
$file = str_replace('%20', ' ', $file);
$filename = str_replace('%20', ' ', $filename);
$pURL = parse_url($file);
$file = $_SERVER[DOCUMENT_ROOT] . $pURL[path];
$fileExists = @fopen($file, 'rb');
if (!$fileExists)
exit('File does not exist');
$pURL = parse_url($filename);
$baseFilename = $pURL['path'];
$baseFilename = ($fnToUse !== false) ? $fnToUse : $baseFilename;
$Filefilesize = $this->isURL($file) ? $this->getRemoteFileSize($file) : @filesize($file);
$filename = $file;
header("Content-Disposition: attachment; filename=$baseFilename;");
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Content-Description: File Transfer');
header('Content-Type: ' . mime_content_type_ii($baseFilename));
header('Expires: 0');
header('Pragma: public');
header('Content-Transfer-Encoding: binary');
header("Content-Length: $Filefilesize");
$file = @fopen($filename, 'rb');
if ($file) {
while (!feof($file)) {
print(fread($file, 1024 * 8));
if (connection_status() != 0) {
function getAuthUrl($bucket, $path, $lifespan, $secretKey, $accessKey)
$badurl = true;
$count = 0;
while ($badurl && $count < 60) {
$expires = time() + $lifespan * 60 + $count++;
$string_to_sign = "GET\n\n\n" . $expires . "\n/" . $bucket . '/' . $path;
$string_to_sign_utf8_encode = utf8_encode($string_to_sign);
$signature_pre = base64_encode(hash_hmac('sha1', $string_to_sign_utf8_encode, $secretKey, true));
$signature = urlencode($signature_pre);
$badurl = (strpos($signature, '%2B') !== false || strpos($signature, '%2F') !== false);
$authParamsPrefix = (strpos($path, '?') !== false) ? '&' : '?';
$authParams = $authParamsPrefix . 'AWSAccessKeyId=' . $accessKey;
$authParams .= '&Expires=' . $expires;
$authParams .= '&Signature=' . $signature;
return 'http://s3.amazonaws.com/' . $bucket . '/' . $path . $authParams;
function verifyReferer()
if ($_SERVER['HTTP_REFERER'] == '') {
$refererDomain = '';
} else {
$domainReferer = parse_url($_SERVER['HTTP_REFERER']);
$refererDomain = $domainReferer['host'];
$validRefererHosts = array($refererDomain, str_replace('www.', '', $refererDomain));
$currentDomain = $_SERVER['HTTP_HOST'];
$sameDomainReferer = ($refererDomain != '' && in_array($currentDomain, $validRefererHosts));
return $sameDomainReferer;
function checkS3LinkActive($awsURL)
$httpAccess = $this->fetchAndGet($awsURL, 2);
$badAccessStr = 'AccessDenied';
$validAccess = (strpos($httpAccess, $badAccessStr) === false && ($httpAccess !== false));
return $validAccess;
function fetchAndGet($url, $qty = 0)
$tmon = @fopen($url, 'rb');
$i = 0;
if ($tmon) {
while (!feof($tmon) && $i <= $qty) {
$readfile = $readfile . fread($tmon, 1024);
$qty = ($qty == 0) ? $i + 10 : $qty;
} else
$readfile = false;
return $readfile;
?> |
Posted: Fri Oct 15, 2010 12:17 am |
tsabitah |
Valuable expert |

Joined: Jul 07, 2010 |
Posts: 328 |
Location: surabaya |
Code: | <?php
class xkSecureDL
var $xkToken = 'secdl';
var $helper;
function xkSecureDL()
$this->helper = new xkdl_funcs();
add_option('xkdl_awslifespan', 10);
add_option('xkdl_reqlogin', true);
add_option('xkdl_refcheck', true);
function admin()
if (function_exists('add_options_page'))
add_options_page('Secure DL', 'Secure DL', 'manage_options', 'SecureDL/SecureDL.php', 'xkdl_admin');
function code_pre($a)
echo '<pre>';
echo '</pre>';
function sani_shortcode_callback($content)
$true_content = $content[0];
$true_content = eregi_replace('\<br?[ ]?\/\>', ' ', $true_content);
$true_content = str_replace(array('<br />', '<br/>', '<br>'), array(" \n", " \n", " \n"), $true_content);
$true_content = str_replace(array("\r"), ' ', $true_content);
return $true_content;
function sani_shortcode($content)
preg_match_all('|\[secdl(.*?)\]|is', $content, $matches);
$token_shortcode = 'secdl';
$fixed_content = preg_replace_callback('|(\[' . $token_shortcode . '.*?\/?\])|is', array(&$this, 'sani_shortcode_callback'), $content);
$content = $fixed_content;
return $content;
function secure_shortcode($attr_array, $content = null)
$bucket = get_option('xkdl_awsbucket');
$hide = false;
foreach ($attr_array as $key => $value) {
switch ($key) {
case 'file':
case 'href':
$url = $value;
case 'bucket':
$type = 'S3';
$bucket = $value;
case 'path':
$type = 'S3';
$path = $value;
case 'life':
$lifespan = $value;
case 'hide':
$hide = (bool)$value;
case 'checkref':
$checkref = $value;
case 'reqlogin':
$reqlogin = $value;
case 'method':
$method = $value;
if ($type == 'S3') {
$secretKey = get_option('xkdl_awssecretkey');
$accessKey = get_option('xkdl_awskey');
$lifespan = isset($lifespan) ? $lifespan : get_option('xkdl_awslifespan', 10);
$url = $this->helper->getAuthUrl($bucket, $path, $lifespan, $secretKey, $accessKey);
} else
$hide = true;
if ($hide) {
$dlbase = get_option('siteurl') . '/wp-content/plugins/SecureDL/download.php';
$purl = parse_url($_SERVER[SCRIPT_URI]);
$baseUrl = $purl[scheme] . '://' . $purl[host];
$wkgdir = $baseUrl . str_replace('//', '/', dirname($purl[path] . 'a')) . '/';
$url = $this->helper->relativize($url, $wkgdir);
$hide_args = array('url' => $url);
if (isset($checkref))
$hide_args[checkref] = $checkref;
if (isset($reqlogin))
$hide_args[reqlogin] = $reqlogin;
if (isset($lifespan) && $type != 'S3')
$hide_args[expires] = time() + $lifespan * 60;
foreach (array('link_expired', 'reqlogin_invalid', 'refcheck_invalid') as $attr_isset)
if (isset($attr_array[$attr_isset]))
$hide_args[$attr_isset] = $attr_array[$attr_isset];
$hide_data = serialize($hide_args);
$dlfile = $this->helper->url_encrypt($hide_data);
$url = "$dlbase?file=$dlfile";
if ($method == 'player') {
$purl = parse_url($url);
$nurl = $purl[scheme] . '://' . $purl[host] . $purl[path];
$endExt = end(explode('.', $nurl));
$addType = (strpos($url, '?') !== false) && strcasecmp($endExt, 'php');
$typeExt = ($addType) ? '&type=' . $endExt : '';
$ampRepl = '%26';
$srchArr = array('?', '&', '=');
$replArr = array('%3F', $ampRepl, '%3D');
$urlprep = str_replace($srchArr, $replArr, $url);
$url = $urlprep . $typeExt;
return $url;
function relativize($url)
if (strpos($url, '/') === 0) {
$docroot = $_SERVER['DOCUMENT_ROOT'];
$drparts = explode('/', $docroot);
$drstart = '/' . $drparts[0] . '/' . $drparts[1];
if (strpos($url, $drstart) === false)
$returl = 'http://' . $_SERVER['HTTP_HOST'] . $url;
$returl = $url;
} else {
$returl = '../../../' . $url;
return $returl;
function xkdl_admin()
if (isset($_POST['update'])) {
update_option('xkdl_awskey', trim($_POST['awskey']));
update_option('xkdl_awssecretkey', trim($_POST['awssecretkey']));
update_option('xkdl_awsbucket', trim($_POST['awsbucket']));
update_option('xkdl_awslifespan', trim($_POST['awslifespan']));
update_option('xkdl_reqlogin', isset($_POST['reqlogin']));
update_option('xkdl_refcheck', isset($_POST['refcheck']));
update_option('xkdl_reqlogin_invalid', trim($_POST['reqlogin_invalid']));
update_option('xkdl_refcheck_invalid', trim($_POST['refcheck_invalid']));
update_option('xkdl_link_expired', trim($_POST['link_expired']));
} elseif (isset($_POST['reg'])) {
$reg_updated = 1;
update_option('xkdl_activated', $_POST['reg']);
$formurl = get_option('siteurl') . '/wp-admin/admin.php?page=SecureDL/SecureDL.php';
$activated = get_option('xkdl_activated');
$ch = curl_init('http://rap-extras.com/extrakick/securedl/register.php');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$args = array('domain' => $_SERVER['SERVER_NAME'], 'product' => 'SECURE_DL');
if ($reg_updated)
$args['pp'] = $activated;
curl_setopt($ch, CURLOPT_POSTFIELDS, $args);
$resp = curl_exec($ch);
if ($resp == 'OK' && !empty($activated)) {
$xkdl_awssecretkey = get_option('xkdl_awssecretkey');
$xkdl_awskey = get_option('xkdl_awskey');
$xkdl_awsbucket = get_option('xkdl_awsbucket');
$xkdl_awslifespan = get_option('xkdl_awslifespan');
$xkdl_reqlogin = get_option('xkdl_reqlogin');
$xkdl_refcheck = get_option('xkdl_refcheck');
$xkdl_reqlogin_invalid = get_option('xkdl_reqlogin_invalid');
$xkdl_refcheck_invalid = get_option('xkdl_refcheck_invalid');
$xkdl_link_expired = get_option('xkdl_link_expired');
$xkdl_reqlogin_checked = $xkdl_reqlogin ? "checked='true'" : '';
$xkdl_refcheck_checked = $xkdl_refcheck ? "checked='true'" : '';
echo " <div class='wrap'>
<h2>Secure DL Configuration</h2>";
if (isset($_POST['reg']))
echo " <div id=\"message\" class=\"updated fade\"><p><strong>Thank you for registering!</strong></p></div>";
echo " <FORM method='post' action='$formurl&updated=true'>
<tr><td colspan=3><h3> Amazon S3 Settings</h3></td></tr>
<tr><td>Secret Key</td><td colspan=2><input type=\"text\" size=\"60\"name=\"awssecretkey\" value=\"$xkdl_awssecretkey\"></td></tr>
<tr><td>Access Key</td><td colspan=2><input type=\"text\" size=\"60\"name=\"awskey\" value=\"$xkdl_awskey\"></td></tr>
<tr><td>Bucket</td><td colspan=2><input type=\"text\" size=\"60\"name=\"awsbucket\" value=\"$xkdl_awsbucket\"></td></tr>
<tr><td>Auth Lifespan</td><td><input type=\"text\" size=\"10\" name=\"awslifespan\" value=\"$xkdl_awslifespan\"></td><td align=left>minutes</td></tr>
<tr><td> ;;</td></tr>
<tr><td colspan=3><h3> General Site Settings</h3></td></tr>
<tr><td colspan=3 align=left><input type=checkbox name=\"reqlogin\" $xkdl_reqlogin_checked> Require Login</td></tr>
<tr><td colspan=3 align=left><input type=checkbox name=\"refcheck\" $xkdl_refcheck_checked> Check Referrer</td></tr>
<tr><td> ;;</td></tr>
<tr><td colspan=3><h3> Extra SecureDL Messages/Actions upon Invalidation</h3></td></tr>
<tr><td>Invalid Login:</td><td colspan=2><input type=\"text\" size=\"60\"name=\"reqlogin_invalid\" value=\"$xkdl_reqlogin_invalid\"></td></tr>
<tr><td>Invalid Referrer:</td><td colspan=2><input type=\"text\" size=\"60\"name=\"refcheck_invalid\" value=\"$xkdl_refcheck_invalid\"></td></tr>
<tr><td>Expired Link:</td><td colspan=2><input type=\"text\" size=\"60\"name=\"link_expired\" value=\"$xkdl_link_expired\"></td></tr>
<tr><td> ;;</td></tr>
<p><INPUT NAME=\"update\" TYPE=\"submit\" VALUE=\"Save Settings\">
} else {
echo " <div class='wrap'>
<h2>Secure DL Registration</h2>
<form method='post' action='$formurl'>
<table width='100%' cellspacing='2' cellpadding='5' class='editform'>
<tr valign='center'>
<th scope='row'>PayPal Email:</th>
<td><input name='reg' type='text' id='reg' value='' size='80'/></td>
<p class='submit'>
<input type='submit' name='submit' value='Validate Purchase'/>
function xkdl_settings_link($links)
$settings_link = '<a href="options-general.php?page=SecureDL/SecureDL.php">' . __('Settings') . '</a>';
array_unshift($links, $settings_link);
return $links;
if (!isset($xkdl))
$xkdl = new xkSecureDL();
add_action('admin_menu', array(&$xkdl, 'admin'));
add_shortcode('secdl', array(&$xkdl, 'secure_shortcode'));
add_filter('the_content', array(&$xkdl, 'sani_shortcode'));
add_filter('the_excerpt', array(&$xkdl, 'sani_shortcode'), 9);
add_filter('the_excerpt', 'do_shortcode');
add_filter('widget_text', array(&$xkdl, 'sani_shortcode'), 9);
add_filter('widget_text', 'do_shortcode');
add_filter('plugin_action_links_' . 'SecureDL/SecureDL.php', 'xkdl_settings_link');
?> |
Posted: Fri Oct 15, 2010 12:58 pm |
klih |
Regular user |

Joined: Oct 12, 2010 |
Posts: 11 |
thanks very much. |
