PHP obfuscation

Question

I'm completely new to PHP, and have just started with Wordpress. I need to customise a plugin (Register Plus Redux), but it appears to have been deliberately obfuscated.

It doesn't use DOS, Unix, or Apple line-end conventions, and simply ends all lines with a CR. emacs can make some sense of it, but tools like grep can't - lots of lines just over-write each other. Many lines are 250 or 350 characters long. It does contain a few low-quality comments.

This is all pretty irritating, since the author doesn't appear to sell the code, and the code is GPLv2 licensed, and he based it on somebody else's work anyway. Still, that's beside the point.

Anyone know of a tool that actually does this, or can (partially, anyway) undo this? I guess the answer has to be no - the source still has some comments in it, so this is presumably a very half-hearted manual obfuscation. Still, thought I'd ask.

Is this common? I'm getting a bad feeling about PHP. Some of the code I've seen just looks like it was written by amateurs.

EDIT

One of the comments asked me to post an example. I can't really do that, but here's what I've tried. If I extract rpr-login.php from the original zip file, on Windows, then Notepad shows only junk, but Wordpad does show line breaks at the CRs, so it's readable. I don't really use Windows so can't comment on what a proper editor would show. On Linux, xemacs turns the CRs into NLs, so it's readable. It's also readable on vi. 'less' shows junk with lots of CR characters, 'grep' is unusable, and so on. I can do a trivial fix on Linux with a Perl script to convert CR to NL, but I think it would be pointless, given that the code would still have many 300-character lines. I agree with williamt's red flag comment.

Answer 1

Just to hook in on your other question

Is this common? I'm getting a bad feeling about PHP. Some of the code I've seen just looks like it was written by amateurs.

No it's not common per se. But the fact of the matter is, php is a very very very messy language. If you know what you are doing, know what pitfalls there are(0 == "0" == "" == false etc..) and how to account for them you are able to squeze something from it.

However, I would only advice php for really advanced people who know how code works and want to squeze a website or tool out.

The problem is, php is relatively easy to step into and to make it bend to your will, but it's extremely hard to master because of the gazillion quirks and pitfalls of PHP.

Just remember at all times: What am i doing, in what scope am I doing it and which variables am I using. Treat it like a C style application. Be memory concious, keep an eye on your scopes, types, etc... Don't use the type switching feature if you don't have to.

Don't do

$x = 1;
$y = "2";
$z = $x+$y;

This makes you lazy. Use type casting and type checking to be sure what you are doing.

$x = 1;
$y = "2";
if(is_numeric($y)) {
    $tmp = (int)$y;
    $z = $x+$tmp;
}
else {
    throw new Exception("Err#0xDEAD Invalid argument provided.");
}

Why be so strict to yourself? It makes debugging a HELL OF A LOT easier in php.

So don't be put off by people who don't know how to code, PHP can be a fun tool, but never expect it to be perfect.

It's a tool. let's keep it at that.