Disable Exposure of the PHP Code for any user

well there’s a easy way to view the code, even though it was marked with bCompiler in the project build,
to start with the ExeOutput application built has total access to the Data Folder

so all you need is to add a html file chooser then select any of the files of your code inside the Data folder, and then echo the content of the file.

Ex: file.htm

File: test.php

<?php echo file_get_contents($_FILES'file_']'tmp_name']); ?>

Done. Now All of your hard working code is shown to the end user.

it would be better when you read manual and description of every option which exeoutput offer.

You cant get contents of folder with nothing than exeoutput, Data is virtual folder.
It is true that when you browse for file, eg for upload, you can browse Data folder too, and you can see source code of your fildes in this virtual folder when you have got enabled preview file option in explorer. But dont say that you can see decompiled source code of php, it is not true. Bcompiled file is compiled not readable.

But you have got option, PHP Settings > Main Settings > General Options > Use and absolute path for virtual “Data” subfolder.

Now you cant browse files in Data folder and you cant preview it.

Next time dont panic, but take some times and read about any options which software offer, not only exeoutput. Read what is written about “Use an absolute path …”, there are written which you write about.

Ok If I activate bcompiler in the project , it works , but we can still see the name of functions and the functions we are using so they could rebuild the code.
And how using absolute path for a folder would make it more secure? It doesn’t help at all, I tested.
you can still see a lot of string names and stuff with bcompiler, well I guess there’s no way out.

I discovered this problem about half year ago, but now it is ok, change to X:\Data and you couldn’t browse this folder

That’s not really a solution, is it? because it’s somewhere. but I guess that’s not much to do, although if you combine the obfuscation with http://www.fopo.com.ar/ with the BCOmpiler it generates a file that is very hard to bring the code back. Because BCompiler only deals with values basically. the function names and what you are using, is exposed. and http://www.fopo.com.ar/ obfuscate all in one long string. and after is bcompiled , it changes completely, so it’s a good option. :slight_smile:

in bcompiler sources you can see function names, raw text you put in script, eg $password=“MySecretPassword” you can find MySecretPassword,
but you have to use PHP Settings > String Protections and ad eg variable password and value MySecretPassword and in your code you have to write
Then when somebody could look in your bcompied script, he couldnt find your MySecretPassword

Not true:
If you change Data folder to X:\Data, A:\Data, B:\mydata, C:\Windows\ nobody can browse your files because it is virtual folder accesible only for exeoutput
put in your application and try to browse C:\Windows or something you set :wink: it is not possible to find something

But it is docs to exeoutput :wink:

I asked about it lots of time ago and in 1.5 it works perfectly.

I dont understand you, that you use online obfuscators, they got your source files, passwords etc.

If you need compiler look at http://stackoverflow.com/questions/1408417/can-you-compile-php-code

Now I’m having problem with BCompiler, when I use BCompiler in my application it always looks the file as it was in my project.

for example if it was in C:\wamp\www\project

when I compile and run it, and then after the Exe is done, I rename my project folder, it says:

Warning: include(C:\wamp\www\project\includes\basic_functions.php): failed to open stream: No such file or directory in

and it crashes my application.

and when I deactivate BCompiler it runs normally.

oh My God, do I have to do something else? is it normal?

Well, it is normal that the contents of your PHP code appears inside your application if you decide so:

<?php echo file_get_contents($_FILES'file_']'tmp_name']); ?>

will display the content of any file, including ones of the “Data” subfolder!
If you add a simple check in your code above to find out whether the selected file is inside the “Data” subfolder, you could easily avoid this problem.
The fact that the “Data” subfolder is visible in the standard Open dialog box does not mean files are insecure. If you try to copy these files to another folder, it will fail. If you want the “Data” subfolder to be invisible, then as servage said, it’s explained in the doc. Using an absolute path like “X:\Data” works fine…

Regarding security, keep in mind that any software program can be reverse engineered. It is just a matter of time, skills and means.

I suggest that you read http://www.exeoutput.com/help/phpmainsettings.htm

<< Since PHP scripts must be unpacked to memory in order to be interpreted by the PHP runtime, it may be possible for a skilled hacker to extract portions of compiled PHP files. To make this task even more complicate and time-consuming, ExeOutput for PHP includes some security measures such as debugger detection and internal software protection. >>

Using bcompiler lets you make the source code even more difficult to reverse engineer or unpack.

BTW If you are getting problems with bcompiler, please start a new thread.