<?php abstract class nucleo{ public static function obtenerParametro(

1. <?php
2.  
3. abstract class nucleo
4. {
5. public static function obtenerParametro(&$arr, $nombre, $defecto = NULL)
6. {
7. if( isset($arr[$nombre]) )
8. {
9. return $arr[$nombre];
10. }
11.  
12. return $defecto;
13. }
14.  
15. public static function modSecStatus()
16. {
17. $file = "/usr/share/ilabs_antimalware/logs/ok.txt";
18. file_put_contents($file, "");
19. $cmd = "wget local.pyxsoft.com?PYX_getStatus -O /dev/null -q";
20. shell_exec($cmd);
21. $res = file_get_contents($file);
22. return $res == "OK" ? true : false;
23. }
24.  
25. public static function guardarEnArchivo($datos, $file, $encoded = false)
26. {
27. $datos = serialize($datos);
28. if( $encoded )
29. {
30. $datos = self::encodeString(base64_encode($datos));
31. }
32.  
33. if( !file_put_contents($file, $datos) )
34. {
35. error_log("No se pudo escribir el archivo cache/datos/" . $file . " (nucleo::guardarEnArchivo)");
36. }
37.  
38. }
39.  
40. public static function obtenerDeArchivo($file, $defecto = NULL)
41. {
42. $datos = $defecto;
43. if( file_exists($file) )
44. {
45. $datos = file_get_contents($file);
46. if( strpos($datos, "**!ENC!**") !== false )
47. {
48. $datos = base64_decode(self::decodeString($datos));
49. }
50.  
51. $datos = unserialize($datos);
52. }
53.  
54. return $datos;
55. }
56.  
57. public static function base64UrlEncode($data)
58. {
59. return strtr(rtrim(base64_encode($data), "="), "+/", "-_");
60. }
61.  
62. public static function base64UrlDecode($base64)
63. {
64. return base64_decode(strtr($base64, "-_", "+/"));
65. }
66.  
67. public static function getExt($filename)
68. {
69. $e = preg_match("/\\.([^\\.]+)\$/", $filename, $res);
70. if( isset($res[1]) )
71. {
72. return strtolower("." . $res[1]);
73. }
74.  
75. return "";
76. }
77.  
78. public static function obtenerConfiguracion()
79. {
80. $dir = "/usr/share/ilabs_antimalware";
81. require($dir . "/default_conf.php");
82. foreach( $dcf as $key => $value )
83. {
84. $v[$key] = $value["default"];
85. }
86. if( file_exists($dir . "/conf.dat") )
87. {
88. $datos = file_get_contents($dir . "/conf.dat");
89. $datos = unserialize($datos);
90. $v = array_merge($v, $datos);
91. }
92.  
93. return $v;
94. }
95.  
96. public static function mySQL_obtenerCredenciales()
97. {
98. $file = "/root/.my.cnf";
99. $res = array( "user" => "", "pass" => "" );
100. if( file_exists($file) )
101. {
102. $data = file_get_contents($file);
103. if( preg_match("/^pass=(.+)/im", $data, $matches) )
104. {
105. $res["pass"] = trim($matches[1], " \"\n\r");
106. }
107.  
108. if( preg_match("/^user=(.+)/im", $data, $matches) )
109. {
110. $res["user"] = trim($matches[1], " \n\r");
111. }
112.  
113. }
114.  
115. return $res;
116. }
117.  
118. public static function obtenerIdiomaUsuario($username)
119. {
120. $res = "en";
121. if( file_exists("/var/cpanel/users/" . $username) )
122. {
123. $res = shell_exec("grep 'LOCALE' /var/cpanel/users/" . $username . " | cut -d '=' -f 2");
124. if( $res == "" )
125. {
126. $res = "en";
127. }
128.  
129. }
130.  
131. return $res;
132. }
133.  
134. private static function clamav_getPath()
135. {
136. $res = "/usr/bin";
137. if( file_exists("/usr/local/cpanel/3rdparty/bin/clamscan") )
138. {
139. $res = "/usr/local/cpanel/3rdparty/bin";
140. }
141.  
142. return $res;
143. }
144.  
145. public static function clamav_getClamscan()
146. {
147. return self::clamav_getPath() . "/clamscan";
148. }
149.  
150. public static function clamav_getClamdscan()
151. {
152. return self::clamav_getPath() . "/clamdscan";
153. }
154.  
155. public static function clamav_getDBPath()
156. {
157. $res = "";
158. if( file_exists("/var/lib/clamav") )
159. {
160. $res = "/var/lib/clamav";
161. }
162.  
163. if( file_exists("/var/clamav") )
164. {
165. $res = "/var/clamav";
166. }
167.  
168. if( file_exists("/usr/share/clamav") )
169. {
170. $res = "/usr/share/clamav";
171. }
172.  
173. if( file_exists("/usr/local/cpanel/3rdparty/share/clamav") )
174. {
175. $res = "/usr/local/cpanel/3rdparty/share/clamav";
176. }
177.  
178. return $res;
179. }
180.  
181. public static function age()
182. {
183. if( !file_exists("/usr/local/cpanel/whostmgr/docroot/cgi/addon_antimalware.php") )
184. {
185. return 1000;
186. }
187.  
188. $r = filemtime("/usr/local/cpanel/whostmgr/docroot/cgi/addon_antimalware.php");
189. $d = time() - $r;
190. return floor($d / (3600 * 24));
191. }
192.  
193. public static function licencia_valida($cached = true)
194. {
195. static $conf;
196. if( !isset($conf) )
197. {
198. $conf = self::obtenerConfiguracion();
199. }
200.  
201. $valor = nucleo::obtenerParametro($conf, "al", NULL);
202. if( $cached && !is_null($valor) )
203. {
204. return $valor;
205. }
206.  
207. $status = nucleo::validar_licencia();
208. if( $status == "TRIAL" || $status == "" )
209. {
210. $valor = 0;
211. }
212. else
213. {
214. $valor = 0;
215. }
216.  
217. $conf["al"] = $valor;
218. file_put_contents("/usr/share/ilabs_antimalware/conf.dat", serialize($conf));
219. return $valor;
220. }
221.  
222. public static function validar_licencia(&$key_data = array( ))
223. {
224. static $conf;
225. if( is_null($conf) )
226. {
227. $conf = self::obtenerConfiguracion();
228. }
229.  
230. $license_key = nucleo::obtenerParametro($conf, "license_key", "");
231. if( $license_key == "" )
232. {
233. return "EMPTY";
234. }
235.  
236. if( stripos($license_key, "VPS") !== false )
237. {
238. $plat = nucleo::get_platform();
239. if( $plat == "Dedicated Server" )
240. {
241. return "VPS licenses are not intended to be used in dedicated servers.";
242. }
243.  
244. }
245.  
246. // $spbas = new spbas();
247. // $spbas->license_key = $license_key;
248. // $spbas->api_server = "http://www.pyxsoft.com/store/api/index.php";
249. // $spbas->secret_key = "6d4e1810acc056ff8151b0348b797d0e";
250. // $spbas->local_key_storage = "filesystem";
251. // $spbas->local_key_path = "/usr/share/ilabs_antimalware/";
252. // $spbas->local_key_name = "license.txt";
253. // $spbas->local_key_grace_period = "1,2,3,4,5";
254. // $spbas->remote_timeout = 20;
255. // $spbas->validate();
256. // $key_data = $spbas->key_data;
257. // if( $spbas->errors == "Error: The local license key is invalid for this location." )
258. // {
259. // return "";
260. // }
261.  
262. // return $spbas->errors;
263. return "";
264. }
265.  
266. public static function hexToStr($hex)
267. {
268. $string = "";
269. $i = 0;
270. while( $i < strlen($hex) - 1 )
271. {
272. $string .= chr(hexdec($hex[$i] . $hex[$i + 1]));
273. $i += 2;
274. }
275. return $string;
276. }
277.  
278. public static function encodeString($string, $password = "")
279. {
280. mb_internal_encoding("UTF-8");
281. if( $password == "" )
282. {
283. $password = self::get_encoderPassword();
284. }
285.  
286. $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789:{}()[]+-,.= ";
287. $largo = mb_strlen($chars);
288. $largoString = mb_strlen($string);
289. $res = "**!ENC!**";
290. $idx_pas = 0;
291. for( $i = 0; $i < $largoString; $i++ )
292. {
293. $c = mb_substr($string, $i, 1);
294. $idx_c = mb_strpos($chars, $c);
295. if( $idx_c === false )
296. {
297. $res .= $c;
298. }
299. else
300. {
301. $offset = $i + ord($password[$idx_pas]) + $largoString;
302. $num = $idx_c + $offset;
303. $idx_pas++;
304. $idx_pas = $idx_pas % mb_strlen($password);
305. $num = $num % $largo;
306. $res .= $chars[$num];
307. }
308.  
309. }
310. return $res;
311. }
312.  
313. public static function decodeString($string, $password = "")
314. {
315. mb_internal_encoding("UTF-8");
316. if( $password == "" )
317. {
318. $password = self::get_encoderPassword();
319. }
320.  
321. $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789:{}()[]+-,.= ";
322. $largo = mb_strlen($chars);
323. $sig = "**!ENC!**";
324. if( strpos($string, $sig) !== 0 )
325. {
326. return $string;
327. }
328.  
329. $res = "";
330. $string = mb_substr($string, strlen($sig));
331. $largoString = mb_strlen($string);
332. $idx_pas = 0;
333. for( $i = 0; $i < $largoString; $i++ )
334. {
335. $c = mb_substr($string, $i, 1);
336. $idx_c = mb_strpos($chars, $c);
337. if( $idx_c === false )
338. {
339. $res .= $c;
340. }
341. else
342. {
343. $offset = $i + ord($password[$idx_pas]) + $largoString;
344. $num = $idx_c - $offset;
345. $num = ($largo + $num % $largo) % $largo;
346. if( $num < 0 )
347. {
348. $num = $num + $largo;
349. }
350.  
351. $res .= $chars[$num];
352. $idx_pas++;
353. $idx_pas = $idx_pas % mb_strlen($password);
354. }
355.  
356. }
357. return $res;
358. }
359.  
360. public static function autoquarantine_class($name)
361. {
362. static $exclude;
363. if( is_null($exclude) )
364. {
365. $conf = self::obtenerConfiguracion();
366. $exclude = self::obtenerParametro($conf, "aq_exclude", "");
367. $exclude .= "|txt.pyxsoft-text-file|inject.unclassed|injected: unknown|.susp";
368. $exclude = strtolower($exclude);
369. $exclude = explode("|", $exclude);
370. }
371.  
372. if( !$conf["aq_enabled"] )
373. {
374. return false;
375. }
376.  
377. $name = strtolower($name);
378. foreach( $exclude as $e )
379. {
380. if( $e == "" )
381. {
382. continue;
383. }
384.  
385. if( !strstr($name, $e) === false )
386. {
387. return false;
388. }
389.  
390. }
391. return true;
392. }
393.  
394. public static function isTrial()
395. {
396. static $conf;
397. if( is_null($conf) )
398. {
399. $conf = self::obtenerConfiguracion();
400. }
401.  
402. $license_key = nucleo::obtenerParametro($conf, "license_key", "");
403. if( $license_key == "" )
404. {
405. return false;
406. }
407.  
408. if( strstr($license_key, "TRIAL") !== false )
409. {
410. return false;
411. }
412.  
413. return false;
414. }
415.  
416. public static function isLicenseValid(&$status)
417. {
418. $status = self::validar_licencia();
419. if( $status == "" )
420. {
421. if( !self::isTrial() )
422. {
423. $ahora = floor(time() / 86400);
424. if( is_writable("/usr/share/ilabs_antimalware/data/gd.dat") )
425. {
426. self::guardarEnArchivo($ahora, "/usr/share/ilabs_antimalware/data/gd.dat", true);
427. }
428.  
429. }
430.  
431. return true;
432. }
433.  
434. $age = self::age();
435. if( $status == "EMPTY" && self::isTrial() && $age <= 7000 )
436. {
437. return true;
438. }
439.  
440. if( self::graceDay() < 2000 )
441. {
442. return true;
443. }
444.  
445. return true;
446. }
447.  
448. public static function graceDay()
449. {
450. $file = "/usr/share/ilabs_antimalware/data/gd.dat";
451. $last = nucleo::obtenerDeArchivo($file, NULL);
452. if( is_null($last) )
453. {
454. return 5000;
455. }
456.  
457. $ahora = floor(time() / 86400);
458. return $ahora - $last;
459. }
460.  
461. public static function _obfuscated_6372656172436F6E7472617365C3B161_($maxlen = 5)
462. {
463. $cadena = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890";
464. $largo = strlen($cadena);
465. $password = "";
466. for( $i = 1; $i <= $maxlen; $i++ )
467. {
468. $num = rand(1, $largo) - 1;
469. $password .= substr($cadena, $num, 1);
470. }
471. return $password;
472. }
473.  
474. private static function get_encoderPassword()
475. {
476. $file = "/usr/share/ilabs_antimalware/data/enc_pas.dat";
477. $pas = nucleo::obtenerDeArchivo($file, "");
478. if( $pas == "" )
479. {
480. $pas = self::_obfuscated_6372656172436F6E7472617365C3B161_(10);
481. $pas = self::encodeString($pas, "ESP209L");
482. $pas = base64_encode($pas);
483. if( is_writable($file) )
484. {
485. self::guardarEnArchivo($pas, $file);
486. chmod($file, 420);
487. }
488.  
489. }
490.  
491. $pas = self::decodeString(base64_decode($pas), "ESP209L");
492. return $pas;
493. }
494.  
495. public static function get_platform()
496. {
497. if( file_exists("/usr/bin/lscpu") )
498. {
499. $res = shell_exec("lscpu");
500. if( preg_match("#Hypervisor vendor:[\\s\\t]*(.+)#", $res, $matches) )
501. {
502. $res = trim(strtoupper($matches[1]));
503. if( $res == "KVM" )
504. {
505. return "KVM";
506. }
507.  
508. if( $res == "XEN" )
509. {
510. return "XEN";
511. }
512.  
513. if( $res == "MICROSOFT" )
514. {
515. return "Microsoft Hyper-V";
516. }
517.  
518. }
519.  
520. }
521.  
522. if( file_exists("/proc/vz") && file_exists("/proc/vz/veinfo") )
523. {
524. return "OpenVZ/Virtuozzo VPS";
525. }
526.  
527. if( shell_exec("grep 'QEMU' /proc/cpuinfo") != "" )
528. {
529. return "KVM VPS";
530. }
531.  
532. if( file_exists("/proc/xen") )
533. {
534. return "XEN VPS";
535. }
536.  
537. if( shell_exec("grep 'vps' /var/cpanel/flagscache") != "" )
538. {
539. return "cPanel VPS Optimized";
540. }
541.  
542. return "Dedicated Server";
543. }
544.  
545. }
546.  
547.  
548. class spbas
549. {
550. public $errors = NULL;
551. public $license_key = NULL;
552. public $api_server = NULL;
553. public $remote_port = NULL;
554. public $remote_timeout = NULL;
555. public $local_key_storage = NULL;
556. public $read_query = NULL;
557. public $update_query = NULL;
558. public $local_key_path = NULL;
559. public $local_key_name = NULL;
560. public $local_key_transport_order = NULL;
561. public $local_key_grace_period = NULL;
562. public $local_key_last = NULL;
563. public $validate_download_access = NULL;
564. public $release_date = NULL;
565. public $key_data = NULL;
566. public $status_messages = NULL;
567. public $valid_for_product_tiers = NULL;
568. public $enable_offline = NULL;
569. public $offline_token = NULL;
570. public $offline_token_url = NULL;
571.  
572. public function spbas()
573. {
574. $this->errors = false;
575. $this->remote_port = 80;
576. $this->remote_timeout = 10;
577. $this->valid_local_key_types = array( "spbas" );
578. $this->local_key_type = "spbas";
579. $this->local_key_storage = "filesystem";
580. $this->local_key_grace_period = 0;
581. $this->local_key_last = 0;
582. $this->read_query = false;
583. $this->update_query = false;
584. $this->local_key_path = "./";
585. $this->local_key_name = "license.txt";
586. $this->local_key_transport_order = "scf";
587. $this->validate_download_access = false;
588. $this->release_date = false;
589. $this->valid_for_product_tiers = false;
590. $this->enable_offline = false;
591. $this->offline_token = false;
592. $this->offline_token_url = false;
593. $this->key_data = array( "custom_fields" => array( ), "download_access_expires" => 0, "license_expires" => 0, "local_key_expires" => 0, "status" => "Invalid" );
594. $this->status_messages = array( "active" => "This license is active.", "suspended" => "Error: This license has been suspended.", "expired" => "Error: This license has expired.", "pending" => "Error: This license is pending review.", "download_access_expired" => "Error: This version of the software was released " . "after your download access expired. Please " . "downgrade or contact support for more information.", "missing_license_key" => "Error: The license key variable is empty.", "unknown_local_key_type" => "Error: An unknown type of local key validation was requested.", "could_not_obtain_local_key" => "Error: I could not obtain a new local license key.", "maximum_grace_period_expired" => "Error: The maximum local license key grace period has expired.", "local_key_tampering" => "Error: The local license key has been tampered with or is invalid.", "local_key_invalid_for_location" => "Error: The local license key is invalid for this location.", "missing_license_file" => "Error: Please create the following file (and directories if they don't exist already):<br />\r\n<br />\r\n", "license_file_not_writable" => "Error: Please make the following path writable:<br />", "invalid_local_key_storage" => "Error: I could not determine the local key storage on clear.", "could_not_save_local_key" => "Error: I could not save the local license key.", "license_key_string_mismatch" => "Error: The local key is invalid for this license.", "offline_license_key" => "Error: Manual license activation will be required." );
595. $this->localization = array( "active" => "This license is active.", "suspended" => "Error: This license has been suspended.", "expired" => "Error: This license has expired.", "pending" => "Error: This license is pending review.", "download_access_expired" => "Error: This version of the software was released " . "after your download access expired. Please " . "downgrade or contact support for more information." );
596. }
597.  
598. public function validate()
599. {
600. if( !$this->license_key )
601. {
602. return $this->errors = $this->status_messages["missing_license_key"];
603. }
604.  
605. if( !in_array(strtolower($this->local_key_type), $this->valid_local_key_types) )
606. {
607. return $this->errors = $this->status_messages["unknown_local_key_type"];
608. }
609.  
610. $this->trigger_grace_period = $this->status_messages["could_not_obtain_local_key"];
611. switch( $this->local_key_storage )
612. {
613. case "database":
614. $local_key = $this->db_read_local_key();
615. break;
616. case "filesystem":
617. $local_key = $this->read_local_key();
618. break;
619. default:
620. return $this->errors = $this->status_messages["missing_license_key"];
621. }
622. if( $this->errors == $this->trigger_grace_period && $this->local_key_grace_period )
623. {
624. $grace = $this->process_grace_period($this->local_key_last);
625. if( $grace["write"] )
626. {
627. if( $this->local_key_storage == "database" )
628. {
629. $this->db_write_local_key($grace["local_key"]);
630. }
631. else
632. {
633. if( $this->local_key_storage == "filesystem" )
634. {
635. $this->write_local_key($grace["local_key"], $this->local_key_path . $this->local_key_name);
636. }
637.  
638. }
639.  
640. }
641.  
642. if( $grace["errors"] )
643. {
644. if( isset($this->enable_offline) && $this->enable_offline && $spbas->local_key_storage == "filesystem" )
645. {
646. return $this->go_offline();
647. }
648.  
649. return $this->errors = $grace["errors"];
650. }
651.  
652. $this->errors = false;
653. return $this;
654. }
655.  
656. if( $this->errors )
657. {
658. return $this->errors;
659. }
660.  
661. return $this->validate_local_key($local_key);
662. }
663.  
664. public function go_offline()
665. {
666. if( isset($this->enable_offline) && $this->enable_offline )
667. {
668. return $this->generate_token();
669. }
670.  
671. }
672.  
673. public function generate_token()
674. {
675. $signature = $this->build_querystring($this->access_details());
676. $signature .= "&license_key=" . $this->license_key;
677. $lkp = $this->local_key_path == "./" ? getcwd() . "/" : $this->local_key_path;
678. $signature .= "&local_key_path=" . $lkp;
679. $signature .= "&local_key_name=" . $this->local_key_name;
680. $validator = md5($this->secret_key . $signature);
681. $token = base64_encode($signature) . $validator;
682. $this->offline_token = wordwrap($token, 42, "\n", 1);
683. return $this->errors = $this->status_messages["offline_license_key"];
684. }
685.  
686. public function calc_max_grace($local_key_expires, $grace)
687. {
688. return (int) $local_key_expires + (int) $grace * 86400;
689. }
690.  
691. public function process_grace_period($local_key)
692. {
693. $local_key_src = $this->decode_key($local_key);
694. $parts = $this->split_key($local_key_src);
695. $key_data = unserialize($parts[0]);
696. $local_key_expires = (int) $key_data["local_key_expires"];
697. unset($parts);
698. unset($key_data);
699. $write_new_key = false;
700. $parts = explode("\n\n", $local_key);
701. $local_key = $parts[0];
702. foreach( $local_key_grace_period = explode(",", $this->local_key_grace_period) as $key => $grace )
703. {
704. if( !$key )
705. {
706. $local_key .= "\n";
707. }
708.  
709. if( time() < $this->calc_max_grace($local_key_expires, $grace) )
710. {
711. continue;
712. }
713.  
714. $local_key .= "\n" . $grace;
715. $write_new_key = true;
716. }
717. if( $this->calc_max_grace($local_key_expires, array_pop($local_key_grace_period)) < time() )
718. {
719. return array( "write" => false, "local_key" => "", "errors" => $this->status_messages["maximum_grace_period_expired"] );
720. }
721.  
722. return array( "write" => $write_new_key, "local_key" => $local_key, "errors" => false );
723. }
724.  
725. public function in_grace_period($local_key, $local_key_expires)
726. {
727. $grace = $this->split_key($local_key, "\n\n");
728. if( !isset($grace[1]) )
729. {
730. return -1;
731. }
732.  
733. return (int) ($this->calc_max_grace($local_key_expires, array_pop(explode("\n", $grace[1]))) - time());
734. }
735.  
736. public function decode_key($local_key)
737. {
738. return base64_decode(str_replace("\n", "", urldecode($local_key)));
739. }
740.  
741. public function split_key($local_key, $token = "{spbas}")
742. {
743. return explode($token, $local_key);
744. }
745.  
746. public function validate_access($key, $valid_accesses)
747. {
748. return in_array($key, (array) $valid_accesses);
749. }
750.  
751. public function wildcard_ip($key)
752. {
753. $octets = explode(".", $key);
754. array_pop($octets);
755. $ip_range[] = implode(".", $octets) . ".*";
756. array_pop($octets);
757. $ip_range[] = implode(".", $octets) . ".*";
758. array_pop($octets);
759. $ip_range[] = implode(".", $octets) . ".*";
760. return $ip_range;
761. }
762.  
763. public function wildcard_domain($key)
764. {
765. return "*." . str_replace("www.", "", $key);
766. }
767.  
768. public function wildcard_server_hostname($key)
769. {
770. $hostname = explode(".", $key);
771. unset($hostname[0]);
772. $hostname = !isset($hostname[1]) ? array( $key ) : $hostname;
773. return "*." . implode(".", $hostname);
774. }
775.  
776. public function extract_access_set($instances, $enforce)
777. {
778. foreach( $instances as $key => $instance )
779. {
780. if( $key != $enforce )
781. {
782. continue;
783. }
784.  
785. return $instance;
786. }
787. return array( );
788. }
789.  
790. public function validate_local_key($local_key)
791. {
792. $local_key_src = $this->decode_key($local_key);
793. $parts = $this->split_key($local_key_src);
794. if( !isset($parts[1]) )
795. {
796. return $this->errors = $this->status_messages["local_key_tampering"];
797. }
798.  
799. if( md5($this->secret_key . $parts[0]) != $parts[1] )
800. {
801. return $this->errors = $this->status_messages["local_key_tampering"];
802. }
803.  
804. $key_data = unserialize($parts[0]);
805. $instance = $key_data["instance"];
806. unset($key_data["instance"]);
807. $enforce = $key_data["enforce"];
808. unset($key_data["enforce"]);
809. $this->key_data = $key_data;
810. if( (string) $key_data["license_key_string"] != (string) $this->license_key )
811. {
812. return $this->errors = $this->status_messages["license_key_string_mismatch"];
813. }
814.  
815. if( (string) $key_data["status"] != "active" )
816. {
817. return $this->errors = $this->status_messages[$key_data["status"]];
818. }
819.  
820. if( (string) $key_data["license_expires"] != "never" && (int) $key_data["license_expires"] < time() )
821. {
822. return $this->errors = $this->status_messages["expired"];
823. }
824.  
825. if( (string) $key_data["local_key_expires"] != "never" && (int) $key_data["local_key_expires"] < time() && $this->in_grace_period($local_key, $key_data["local_key_expires"]) < 0 )
826. {
827. $this->clear_cache_local_key();
828. return $this->validate();
829. }
830.  
831. if( $this->validate_download_access && strtolower($key_data["download_access_expires"]) != "never" && (int) $key_data["download_access_expires"] < strtotime($this->release_date) )
832. {
833. return $this->errors = $this->status_messages["download_access_expired"];
834. }
835.  
836. $conflicts = array( );
837. $access_details = $this->access_details();
838. foreach( (array) $enforce as $key )
839. {
840. $valid_accesses = $this->extract_access_set($instance, $key);
841. if( !$this->validate_access($access_details[$key], $valid_accesses) )
842. {
843. $conflicts[$key] = true;
844. if( in_array($key, array( "ip", "server_ip" )) )
845. {
846. foreach( $this->wildcard_ip($access_details[$key]) as $ip )
847. {
848. if( $this->validate_access($ip, $valid_accesses) )
849. {
850. unset($conflicts[$key]);
851. break;
852. }
853.  
854. }
855. }
856. else
857. {
858. if( in_array($key, array( "domain" )) )
859. {
860. if( $this->validate_access($this->wildcard_domain($access_details[$key]), $valid_accesses) )
861. {
862. unset($conflicts[$key]);
863. }
864.  
865. }
866. else
867. {
868. if( in_array($key, array( "server_hostname" )) && $this->validate_access($this->wildcard_server_hostname($access_details[$key]), $valid_accesses) )
869. {
870. unset($conflicts[$key]);
871. }
872.  
873. }
874.  
875. }
876.  
877. }
878.  
879. }
880. if( !empty($conflicts) )
881. {
882. return $this->errors = $this->status_messages["local_key_invalid_for_location"];
883. }
884.  
885. }
886.  
887. public function db_read_local_key()
888. {
889. $result = array( );
890. if( is_array($this->read_query) )
891. {
892. $result = $this->read_query;
893. }
894. else
895. {
896. $query = @mysql_query($this->read_query);
897. if( $mysql_error = mysql_error() )
898. {
899. return $this->errors = "Error: " . $mysql_error;
900. }
901.  
902. $result = @mysql_fetch_assoc($query);
903. if( $mysql_error = mysql_error() )
904. {
905. return $this->errors = "Error: " . $mysql_error;
906. }
907.  
908. }
909.  
910. if( !$result["local_key"] )
911. {
912. $result["local_key"] = $this->fetch_new_local_key();
913. if( $this->errors )
914. {
915. return $this->errors;
916. }
917.  
918. $this->db_write_local_key($result["local_key"]);
919. }
920.  
921. return $this->local_key_last = $result["local_key"];
922. }
923.  
924. public function db_write_local_key($local_key)
925. {
926. if( is_array($this->update_query) )
927. {
928. $run = $this->update_query["function"];
929. return $run($this->update_query["key"], $local_key);
930. }
931.  
932. @mysql_query(@str_replace("{local_key}", $local_key, $this->update_query));
933. if( $mysql_error = mysql_error() )
934. {
935. return $this->errors = "Error: " . $mysql_error;
936. }
937.  
938. return true;
939. }
940.  
941. public function read_local_key()
942. {
943. if( !file_exists($path = $this->local_key_path . $this->local_key_name) )
944. {
945. return $this->errors = $this->status_messages["missing_license_file"] . $path;
946. }
947.  
948. if( !is_writable($path) )
949. {
950. return $this->errors = $this->status_messages["license_file_not_writable"] . $path;
951. }
952.  
953. if( !($local_key = @file_get_contents($path)) )
954. {
955. $local_key = $this->fetch_new_local_key();
956. if( $this->errors )
957. {
958. if( isset($this->enable_offline) && $this->enable_offline )
959. {
960. return $this->go_offline();
961. }
962.  
963. return $this->errors;
964. }
965.  
966. $this->write_local_key(urldecode($local_key), $path);
967. }
968.  
969. return $this->local_key_last = $local_key;
970. }
971.  
972. public function clear_cache_local_key()
973. {
974. switch( strtolower($this->local_key_storage) )
975. {
976. case "database":
977. $this->db_write_local_key("");
978. break;
979. case "filesystem":
980. $this->write_local_key("", $this->local_key_path . $this->local_key_name);
981. break;
982. default:
983. return $this->errors = $this->status_messages["invalid_local_key_storage"];
984. }
985. }
986.  
987. public function write_local_key($local_key, $path)
988. {
989. $fp = @fopen($path, "w");
990. if( !$fp )
991. {
992. return $this->errors = $this->status_messages["could_not_save_local_key"];
993. }
994.  
995. @fwrite($fp, $local_key);
996. @fclose($fp);
997. return true;
998. }
999.  
1000. public function fetch_new_local_key()
1001. {
1002. $querystring = "mod=license&task=SPBAS_validate_license&license_key=" . $this->license_key . "&";
1003. $querystring .= $this->build_querystring($this->access_details());
1004. if( $this->errors )
1005. {
1006. return false;
1007. }
1008.  
1009. $priority = $this->local_key_transport_order;
1010. while( strlen($priority) )
1011. {
1012. $use = substr($priority, 0, 1);
1013. if( $use == "s" && ($result = $this->use_fsockopen($this->api_server, $querystring)) )
1014. {
1015. break;
1016. }
1017.  
1018. if( $use == "c" && ($result = $this->use_curl($this->api_server, $querystring)) )
1019. {
1020. break;
1021. }
1022.  
1023. if( $use == "f" && ($result = $this->use_fopen($this->api_server, $querystring)) )
1024. {
1025. break;
1026. }
1027.  
1028. $priority = substr($priority, 1);
1029. }
1030. if( !$result )
1031. {
1032. $this->errors = $this->status_messages["could_not_obtain_local_key"];
1033. return false;
1034. }
1035.  
1036. if( substr($result, 0, 7) == "Invalid" )
1037. {
1038. $this->errors = str_replace("Invalid", "Error", $result);
1039. return false;
1040. }
1041.  
1042. if( substr($result, 0, 5) == "Error" )
1043. {
1044. $this->errors = $result;
1045. return false;
1046. }
1047.  
1048. return $result;
1049. }
1050.  
1051. public function build_querystring($array)
1052. {
1053. $buffer = "";
1054. foreach( (array) $array as $key => $value )
1055. {
1056. if( $buffer )
1057. {
1058. $buffer .= "&";
1059. }
1060.  
1061. $buffer .= $key . "=" . $value;
1062. }
1063. return $buffer;
1064. }
1065.  
1066. public function access_details()
1067. {
1068. $access_details = array( );
1069. $access_details["domain"] = "";
1070. $access_details["ip"] = "";
1071. $access_details["directory"] = "";
1072. $access_details["server_hostname"] = "";
1073. $access_details["server_ip"] = "";
1074. $access_details["valid_for_product_tiers"] = "";
1075. if( function_exists("phpinfo") )
1076. {
1077. ob_start();
1078. phpinfo(INFO_GENERAL);
1079. phpinfo(INFO_ENVIRONMENT);
1080. $phpinfo = ob_get_contents();
1081. ob_end_clean();
1082. $list = strip_tags($phpinfo);
1083. $access_details["domain"] = $this->scrape_phpinfo($list, "HTTP_HOST");
1084. $access_details["ip"] = $this->scrape_phpinfo($list, "SERVER_ADDR");
1085. $access_details["directory"] = $this->scrape_phpinfo($list, "SCRIPT_FILENAME");
1086. $access_details["server_hostname"] = $this->scrape_phpinfo($list, "System");
1087. $access_details["server_ip"] = @gethostbyname($access_details["server_hostname"]);
1088. }
1089.  
1090. $access_details["domain"] = $access_details["domain"] ? $access_details["domain"] : $_SERVER["HTTP_HOST"];
1091. $access_details["ip"] = $access_details["ip"] ? $access_details["ip"] : $this->server_addr();
1092. $access_details["directory"] = $access_details["directory"] ? $access_details["directory"] : $this->path_translated();
1093. $access_details["server_hostname"] = $access_details["server_hostname"] ? $access_details["server_hostname"] : @gethostbyaddr($access_details["ip"]);
1094. $access_details["server_hostname"] = $access_details["server_hostname"] ? $access_details["server_hostname"] : "Unknown";
1095. $access_details["server_ip"] = $access_details["server_ip"] ? $access_details["server_ip"] : @gethostbyaddr($access_details["ip"]);
1096. $access_details["server_ip"] = $access_details["server_ip"] ? $access_details["server_ip"] : "Unknown";
1097. foreach( $access_details as $key => $value )
1098. {
1099. if( $key == "valid_for_product_tiers" )
1100. {
1101. continue;
1102. }
1103.  
1104. $access_details[$key] = $access_details[$key] ? $access_details[$key] : "Unknown";
1105. }
1106. if( $this->valid_for_product_tiers )
1107. {
1108. $access_details["valid_for_product_tiers"] = $this->valid_for_product_tiers;
1109. }
1110.  
1111. return $access_details;
1112. }
1113.  
1114. public function path_translated()
1115. {
1116. $option = array( "PATH_TRANSLATED", "ORIG_PATH_TRANSLATED", "SCRIPT_FILENAME", "DOCUMENT_ROOT", "APPL_PHYSICAL_PATH" );
1117. foreach( $option as $key )
1118. {
1119. if( !isset($_SERVER[$key]) || strlen(trim($_SERVER[$key])) <= 0 )
1120. {
1121. continue;
1122. }
1123.  
1124. if( $this->is_windows() && strpos($_SERVER[$key], "\\") )
1125. {
1126. return @substr($_SERVER[$key], 0, @strrpos($_SERVER[$key], "\\"));
1127. }
1128.  
1129. return @substr($_SERVER[$key], 0, @strrpos($_SERVER[$key], "/"));
1130. }
1131. return false;
1132. }
1133.  
1134. public function server_addr()
1135. {
1136. $options = array( "SERVER_ADDR", "LOCAL_ADDR" );
1137. foreach( $options as $key )
1138. {
1139. if( isset($_SERVER[$key]) )
1140. {
1141. return $_SERVER[$key];
1142. }
1143.  
1144. }
1145. return false;
1146. }
1147.  
1148. public function scrape_phpinfo($all, $target)
1149. {
1150. $all = explode($target, $all);
1151. if( count($all) < 2 )
1152. {
1153. return false;
1154. }
1155.  
1156. $all = explode("\n", $all[1]);
1157. $all = trim($all[0]);
1158. if( $target == "System" )
1159. {
1160. $all = explode(" ", $all);
1161. $all = trim($all[strtolower($all[0]) == "windows" && strtolower($all[1]) == "nt" ? 2 : 1]);
1162. }
1163.  
1164. if( $target == "SCRIPT_FILENAME" )
1165. {
1166. $slash = $this->is_windows() ? "\\" : "/";
1167. $all = explode($slash, $all);
1168. array_pop($all);
1169. $all = implode($slash, $all);
1170. }
1171.  
1172. if( substr($all, 1, 1) == "]" )
1173. {
1174. return false;
1175. }
1176.  
1177. return $all;
1178. }
1179.  
1180. public function use_fsockopen($url, $querystring)
1181. {
1182. if( !function_exists("fsockopen") )
1183. {
1184. return false;
1185. }
1186.  
1187. $url = parse_url($url);
1188. $fp = @fsockopen($url["host"], $this->remote_port, $errno, $errstr, $this->remote_timeout);
1189. if( !$fp )
1190. {
1191. return false;
1192. }
1193.  
1194. $header = "POST " . $url["path"] . " HTTP/1.0\r\n";
1195. $header .= "Host: " . $url["host"] . "\r\n";
1196. $header .= "Content-type: application/x-www-form-urlencoded\r\n";
1197. $header .= "User-Agent: SPBAS (http://www.spbas.com)\r\n";
1198. $header .= "Content-length: " . @strlen($querystring) . "\r\n";
1199. $header .= "Connection: close\r\n\r\n";
1200. $header .= $querystring;
1201. $result = false;
1202. fputs($fp, $header);
1203. while( !feof($fp) )
1204. {
1205. $result .= fgets($fp, 1024);
1206. }
1207. fclose($fp);
1208. if( strpos($result, "200") === false )
1209. {
1210. return false;
1211. }
1212.  
1213. $result = explode("\r\n\r\n", $result, 2);
1214. if( !$result[1] )
1215. {
1216. return false;
1217. }
1218.  
1219. return $result[1];
1220. }
1221.  
1222. public function use_curl($url, $querystring)
1223. {
1224. if( !function_exists("curl_init") )
1225. {
1226. return false;
1227. }
1228.  
1229. $curl = curl_init();
1230. $header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
1231. $header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
1232. $header[] = "Cache-Control: max-age=0";
1233. $header[] = "Connection: keep-alive";
1234. $header[] = "Keep-Alive: 300";
1235. $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
1236. $header[] = "Accept-Language: en-us,en;q=0.5";
1237. $header[] = "Pragma: ";
1238. curl_setopt($curl, CURLOPT_URL, $url);
1239. curl_setopt($curl, CURLOPT_USERAGENT, "SPBAS (http://www.spbas.com)");
1240. curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
1241. curl_setopt($curl, CURLOPT_ENCODING, "gzip,deflate");
1242. curl_setopt($curl, CURLOPT_AUTOREFERER, true);
1243. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
1244. curl_setopt($curl, CURLOPT_POSTFIELDS, $querystring);
1245. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
1246. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
1247. curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, $this->remote_timeout);
1248. curl_setopt($curl, CURLOPT_TIMEOUT, $this->remote_timeout);
1249. $result = curl_exec($curl);
1250. $info = curl_getinfo($curl);
1251. curl_close($curl);
1252. if( (int) $info["http_code"] != 200 )
1253. {
1254. return false;
1255. }
1256.  
1257. return $result;
1258. }
1259.  
1260. public function use_fopen($url, $querystring)
1261. {
1262. if( !function_exists("file_get_contents") )
1263. {
1264. return false;
1265. }
1266.  
1267. return @file_get_contents($url . "?" . $querystring);
1268. }
1269.  
1270. public function is_windows()
1271. {
1272. return strtoupper(substr(PHP_OS, 0, 3)) === "WIN";
1273. }
1274.  
1275. public function pr($stack, $stop_execution = true)
1276. {
1277. $formatted = "<pre>" . var_export((array) $stack, 1) . "</pre>";
1278. if( $stop_execution )
1279. {
1280. exit( $formatted );
1281. }
1282.  
1283. return $formatted;
1284. }
1285.  
1286. }
1287.  
1288.  
1289. abstract class whmcs
1290. {
1291. private static function internal_check_license($licensekey, $localkey = "")
1292. {
1293. $whmcsurl = "http://www.pyxsoft.com/billing/";
1294. $licensing_secret_key = "6d4e1810acc056ff8151b0348b797d0e";
1295. $localkeydays = 15;
1296. $allowcheckfaildays = 5;
1297. $check_token = time() . md5(mt_rand(1000000000, 9999999999) . $licensekey);
1298. $checkdate = date("Ymd");
1299. $domain = $_SERVER["SERVER_NAME"];
1300. $usersip = isset($_SERVER["SERVER_ADDR"]) ? $_SERVER["SERVER_ADDR"] : $_SERVER["LOCAL_ADDR"];
1301. $dirpath = dirname(__FILE__);
1302. $verifyfilepath = "modules/servers/licensing/verify.php";
1303. $localkeyvalid = false;
1304. if( $localkey )
1305. {
1306. $localkey = str_replace("\n", "", $localkey);
1307. $localdata = substr($localkey, 0, strlen($localkey) - 32);
1308. $md5hash = substr($localkey, strlen($localkey) - 32);
1309. if( $md5hash == md5($localdata . $licensing_secret_key) )
1310. {
1311. $localdata = strrev($localdata);
1312. $md5hash = substr($localdata, 0, 32);
1313. $localdata = substr($localdata, 32);
1314. $localdata = base64_decode($localdata);
1315. $localkeyresults = unserialize($localdata);
1316. $originalcheckdate = $localkeyresults["checkdate"];
1317. if( $md5hash == md5($originalcheckdate . $licensing_secret_key) )
1318. {
1319. $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - $localkeydays, date("Y")));
1320. if( $localexpiry < $originalcheckdate )
1321. {
1322. $localkeyvalid = true;
1323. $results = $localkeyresults;
1324. $validdomains = explode(",", $results["validdomain"]);
1325. if( !in_array($_SERVER["SERVER_NAME"], $validdomains) )
1326. {
1327. $localkeyvalid = false;
1328. $localkeyresults["status"] = "Invalid";
1329. $results = array( );
1330. }
1331.  
1332. $validips = explode(",", $results["validip"]);
1333. if( !in_array($usersip, $validips) )
1334. {
1335. $localkeyvalid = false;
1336. $localkeyresults["status"] = "Invalid";
1337. $results = array( );
1338. }
1339.  
1340. $validdirs = explode(",", $results["validdirectory"]);
1341. if( !in_array($dirpath, $validdirs) )
1342. {
1343. $localkeyvalid = false;
1344. $localkeyresults["status"] = "Invalid";
1345. $results = array( );
1346. }
1347.  
1348. }
1349.  
1350. }
1351.  
1352. }
1353.  
1354. }
1355.  
1356. if( !$localkeyvalid )
1357. {
1358. $postfields = array( "licensekey" => $licensekey, "domain" => $domain, "ip" => $usersip, "dir" => $dirpath );
1359. if( $check_token )
1360. {
1361. $postfields["check_token"] = $check_token;
1362. }
1363.  
1364. $query_string = "";
1365. foreach( $postfields as $k => $v )
1366. {
1367. $query_string .= $k . "=" . urlencode($v) . "&";
1368. }
1369. if( function_exists("curl_exec") )
1370. {
1371. $ch = curl_init();
1372. curl_setopt($ch, CURLOPT_URL, $whmcsurl . $verifyfilepath);
1373. curl_setopt($ch, CURLOPT_POST, 1);
1374. curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string);
1375. curl_setopt($ch, CURLOPT_TIMEOUT, 30);
1376. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1377. $data = curl_exec($ch);
1378. curl_close($ch);
1379. }
1380. else
1381. {
1382. $fp = fsockopen($whmcsurl, 80, $errno, $errstr, 5);
1383. if( $fp )
1384. {
1385. $newlinefeed = "\r\n";
1386. $header = "POST " . $whmcsurl . $verifyfilepath . " HTTP/1.0" . $newlinefeed;
1387. $header .= "Host: " . $whmcsurl . $newlinefeed;
1388. $header .= "Content-type: application/x-www-form-urlencoded" . $newlinefeed;
1389. $header .= "Content-length: " . @strlen($query_string) . $newlinefeed;
1390. $header .= "Connection: close" . $newlinefeed . $newlinefeed;
1391. $header .= $query_string;
1392. $data = "";
1393. @stream_set_timeout($fp, 20);
1394. @fputs($fp, $header);
1395. $status = @socket_get_status($fp);
1396. while( !@feof($fp) && $status )
1397. {
1398. $data .= @fgets($fp, 1024);
1399. $status = @socket_get_status($fp);
1400. }
1401. @fclose($fp);
1402. }
1403.  
1404. }
1405.  
1406. if( !$data )
1407. {
1408. $localexpiry = date("Ymd", mktime(0, 0, 0, date("m"), date("d") - ($localkeydays + $allowcheckfaildays), date("Y")));
1409. if( $localexpiry < $originalcheckdate )
1410. {
1411. $results = $localkeyresults;
1412. }
1413. else
1414. {
1415. $results = array( );
1416. $results["status"] = "Invalid";
1417. $results["description"] = "Remote Check Failed";
1418. return $results;
1419. }
1420.  
1421. }
1422. else
1423. {
1424. preg_match_all("/<(.*?)>([^<]+)<\\/\\1>/i", $data, $matches);
1425. $results = array( );
1426. foreach( $matches[1] as $k => $v )
1427. {
1428. $results[$v] = $matches[2][$k];
1429. }
1430. }
1431.  
1432. if( !is_array($results) )
1433. {
1434. exit( "Invalid License Server Response" );
1435. }
1436.  
1437. if( $results["md5hash"] && $results["md5hash"] != md5($licensing_secret_key . $check_token) )
1438. {
1439. $results["status"] = "Invalid";
1440. $results["description"] = "MD5 Checksum Verification Failed";
1441. return $results;
1442. }
1443.  
1444. if( $results["status"] == "Active" )
1445. {
1446. $results["checkdate"] = $checkdate;
1447. $data_encoded = serialize($results);
1448. $data_encoded = base64_encode($data_encoded);
1449. $data_encoded = md5($checkdate . $licensing_secret_key) . $data_encoded;
1450. $data_encoded = strrev($data_encoded);
1451. $data_encoded = $data_encoded . md5($data_encoded . $licensing_secret_key);
1452. $data_encoded = wordwrap($data_encoded, 80, "\n", true);
1453. $results["localkey"] = $data_encoded;
1454. }
1455.  
1456. $results["remotecheck"] = true;
1457. }
1458.  
1459. unset($postfields);
1460. unset($data);
1461. unset($matches);
1462. unset($whmcsurl);
1463. unset($licensing_secret_key);
1464. unset($checkdate);
1465. unset($usersip);
1466. unset($localkeydays);
1467. unset($allowcheckfaildays);
1468. unset($md5hash);
1469. return $results;
1470. }
1471.  
1472. public static function check_license($licensekey)
1473. {
1474. $archivolocal = "/usr/share/ilabs_antimalware/license.txt";
1475. $localkey = file_get_contents($archivolocal);
1476. $results = self::internal_check_license($licensekey, $localkey);
1477. switch( $results["status"] )
1478. {
1479. case "Active":
1480. $localkeydata = $results["localkey"];
1481. file_put_contents($archivolocal, $localkeydata);
1482. return "";
1483. case "Invalid":
1484. return "License invalid";
1485. case "Expired":
1486. return "License expired";
1487. case "Suspended":
1488. return "License suspended";
1489. }
1490. return "Unknown status: " . $results["status"];
1491. }
1492.  
1493. }