Category Archives: Uncategorized

DO YOU THINK THAT NOW IS THE RIGHT TIME TO START YOUR WEB DESIGN PROJECT?

Maybe this will help you make your decision!

Custom web design projects can be quite expensive, and we at Designing World certainly recognise that. This is especially true for small businesses where their design budgets are smaller and more stringent than the bigger companies. Every pound has to count and your return on your investment in a site design has to show.

We have released a special discount offer for all prospective clients looking to design a new site, or perhaps re-design an existing (dated) website. The discount equates to 15% off our regular pricing, which can amount to HUGE savings on a substantial web design project.

Please contact us now and claim your discount code before its too late!

Easy!

BEST WAY TO ENCRYPT AND EXECUTE YOUR PHP CODE WITH MCRYPT OR OPENSSL

Hello!

While the scenario may not necessarily be common in which you would want to encrypt your PHP code and execute it, it is something that I would consider an interesting discussion nonetheless.

I fully support free and open source software, however if you are developing an application that manages or monitors systems or services or an application that needs to reside in a “hostile” environment, it might be pertinent to consider encrypting the code before executing it. This protects your code from even being read (and ultimately executed) unless the proper key is passed in order to decrypt it.

In the following example & breakdown, we will be (separately) using both the Mcrypt and OpenSSL to encrypt a block of code with a specified key. We will then use that same key to decrypt the encrypted code in order to run it. The reason why I am giving both examples is, as some users have already pointed out, Mcrypt is being deprecated in PHP 7 and ultimately removed in PHP 7.2.

Its important to note that the key can be passed as a POST variable (which incidentally are not logged by default with most web services like apache or nginx), or it can be passed as a GET variable or any other way really. In our example we will hard code the key in the code to keep things simple.

The first thing we want to do is define our key variable that we will be using to encrypt everything and then the IV size for the encryption method and strength :

DEFINE THE ENCRYPTION KEY AND CIPHER

For MCRYPT you would define the key and cipher this way :

For OPENSSL you would define the key the same way, and the cipher would be declared in the actual openssl_encrypt function (shown later) :

The above stipulates that we will be using AES 128bit encryption for mcrypt and AES 256bit encryption with openssl, both with cipher block chaining (CBC). Obviously the key is not really that secure, you would want something a bit stronger than just numeric value, but you get the idea.

ENCRYPT YOUR PHP CODE

The next thing we want to do is define two functions : one to encrypt input and one to decrypt. We will define the encrypt function first and really this could be part of a separate class or PHP file since we would only have to encrypt the PHP code once.

To encrypt your code with Mcrypt :

To encrypt your code with OpenSSL :

You can see for both examples that ultimately we are encrypting the functions input ($payload) using either the mcrypt_encrypt or openssl_encryptfunction. Further down in both functions you can see that we are also encoding the encrypted content with the base64_encode function, and returning the encoded data.

So what you would want to do is pass whatever php code to this encrypt function and save the output. Since we are ultimately going to be running eval function against this encrypted code, you shouldn’t need to include encapsulating php open/close tags, but that may also depend on your php version and web server environment.

Once you have the php code encrypted and saved (perhaps in a text file in the same folder as this script), you can then work on the bulk of the actual operation of this exercise.

DECRYPT YOUR PHP CODE

Lets establish a decrypt function that we can use to interpret and decrypt the code.

With Mcrypt :

With OpenSSL :

You can see that for both the Mcrypt and OpenSSL decrypt functions, it is very similar to the encrypt functions (except in reverse). First we want to use base64_decode to decode the data, then either the mcrypt_decrypt or openssl_decrypt functions to decrypt the data. The data is then returned for us to do whatever we want, which is to execute it.

EXECUTE YOUR DECRYPTED PHP CODE

In our example, we will simply take the $payload variable returned by the decrypt function and execute it.

For the $code variable, you could simply paste the encrypted string of text and assign it to this variable. You might want to load it from a file or a remote location. It really doesn’t matter as long as its assigned to this variable.

Then we simply use the eval function to execute it. But the eval has a nested execution of the decrypt function inside it so that the code can be decrypted and returned before eval tries to decrypt it. You can also see that we are applying the $key variable in order to decrypt it.

ALTERNATIVE WAYS TO PASS YOUR ENCRYPTION KEY TO DECRYPT AND EXECUTE YOUR PHP CODE

If you didn’t want to hard code the $key in your own code (why would you, it would defeat the purpose!), you could pass it as a $_POST variable. Again HTTP POSTs are typically not logged by default in Apache, Nginx or most web services. HTTP GETs are indeed logged so that would open passing the variable to exposure. Of course if your website is encrypted with HTTPS then your variables should be protected further.

If you wanted to run this as a console application, then it could simply be passed as a command line argument.

To pass it as a POST, then you could simply do something along the lines of this :

Whats going on in the above snippet? Well we’re listening for a POST variable called dec. We have implemented some straightforward logic to establish a session cookie that carries the key within the cookie. If the key is present the value is used to attempt to decrypt the code and execute it. If the key doesn’t match, nothing happens.

If nothing matches then the cookie is cleared (if its even present). This is such a simple and straightforward example, you could add more protections and / or other strategies with how you could pass the key to the code in order to decrypt it. Anything is possible!

I hope this has been useful, its certainly an exercise in how to use encryption with PHP and if for nothing else will help people understand the types of mechanisms that are built into modern web frameworks like Laravel by default.

How do I verify that my domain is eligible for transfer?

Before purchasing the transfer of any gTLD (e.g., .COM / .NET / .ORG / .BIZ / .INFO etc.) or a new gTLD (e.g. .CLUB / .CLOUD / .TRADE / .TOP etc.), make sure that your domain meets the following conditions:

1. Your domain was registered or transferred at least 60 days ago;
2. The domain is unlocked at the current registrar (its Whois status should be OK or Active);
3. Your domain shows a valid and accessible Admin email address in Whois (we will send the Transfer Approval email there);

We recommend disabling any type of Whois privacy protection / private registration for your domain in order to avoid possible delays with the approval email delivery and possible transfer failure due to enabled privacy.

4. Request an up-to-date Auth/EPP code for the domain at the current registrar.

These conditions apply to the following ccTLDs: .PE / .COM.PE / .NET.PE / .ORG.PE / .US / .CO / .TV / .ME / .IN / .CC / .IO / .CA.

If all criteria are met, you should be able to successfully complete the transfer.

Still, some ccTLDs (.ES and .UK) have additional transfer requirements and/or exclude some points from the list above.

You may check specific guides for your TLD here:

 .UK / .CO.UK / .ORG.UK / .ME.UK transfers to DW Domains
.ES / .COM.ES / .ORG.ES / .NOM.ES transfers to DW Domains

Note: Make sure the domain status is active, not expired. If you wish to transfer an expired domain to DW Domains, please contact our Support Team.

Need assistance on submitting the transfer? Check out the following guide.

That’s it!

Transfer of .ES / .COM.ES / .ORG.ES / .NOM.ES to DW Domains

.ES domains do not support the 60-day transfer lock period, generic transfer lock and do not require Auth/EPP codes to be processed.

Still, the transfer should be approved via the Transfer Approval email which is sent by the .ES registry (NIC.ES). This email is sent to the Admin contact listed in Whois for the domain and should be responded to within 7 days after the transfer submission.

.ES domain transfers are free of charge and such domains are not renewed during the process. Thus if you are transferring a .ES domain that is close to expiration, we strongly advise you to manually renew the domain via your account after the transfer completion.

Domain Transfer Checklist

How do I transfer my existing domain to DW Domains?

Domain transfers can take anywhere from 30 minutes to 8 days to complete. The exact time-frame depends on the domain’s TLD and the time required for your current registrar to complete the process. Here are the steps to transfer a domain to DW Domains:

1. Verify that your domain is eligible for transfer

Before initiating the transfer, make sure your domain qualifies for it. Here are the standard requirements for most domains, including all gTLDs (e.g., .COM / .NET / .ORG etc.), new gTLDs (e.g., .BID / .CLUB / .TRADE / .TECH etc.) and some ccTLDs (.TV / .ME / .CO etc.):

  • The domain must have been registered or transferred at least 60 days ago;
  • The domain must be unlocked at the current registrar (its Whois status should read OK or Active);
  • The domain must show a valid and accessible Admin email address in Whois, as the Transfer Approval email will be sent there.

Some ccTLDs (.ES / .UK / .IO, etc.) have additional transfer requirements and/or exclude some points from the list above. Please check the specific transfer requirements for your TLD here.

2. Order the transfer

After verifying that your domain meets all transfer requirements, feel free to purchase the transfer from us.

3. Approve the transfer via email

After you check out and enter the Auth code, a Transfer Approval email will be sent to the domain’s Admin email address listed under Whois. This email is sent from support@designingworld.net (or donotreply@designingworld.net). To confirm the transfer, follow the link in the email.

Once the transfer is confirmed, your previous registrar should release the domain within up to 5-7 calendar days to approve the transfer. If they do not take any actions within this period, the transfer will be approved automatically. You may also check with the previous registrar if it is possible to speed up outgoing transfers with them.

You will receive a notification from Designing World when the transfer is complete. Depending on a TLD, the domain will be renewed for one year and its status will automatically be set to ‘clientTransferProhibited’ (that is, the transfer Lock will be enabled).

Note 1: Please remember that a domain transfer does not imply automatic DNS change. The nameservers for your domain will remain the same after the transfer and are not automatically changed to DW Hosting DNS. If your domain is using the default DNS at your previous registrar, the transfer process may cause temporary downtime of your website and/or email service interruption.

Note 2: If your domain expired with your previous registrar, and you’ve reactivated it (renewed after expiration) with them, please do not transfer it within 45 days of the previous expiration date. According to ICANN, the domain will be renewed for 1 year by the new registrar, but the reactivation year added to your domain by the previous registrar will be revoked. You may also lose renewal fees paid to the previous registrar.

That’s it!

Transfer of .UK / .CO.UK / .ORG.UK / .ME.UK to DW Domains

Standard transfer requirements which are true for all gTLDs and for the majority of ccTLDs are not applicable to .UK:

1) .UK domains can be transferred within 60 days after registration or a previous transfer;
2) .UK domains do NOT support Transfer Lock;
3) .UK domains do NOT support Auth/EPP code;
4) .UK transfers are NOT approved via email.

To transfer your .UK domain to DW Domains, you need to change its IPS tag to ENOM at the current registrar (you may do it either in the client’s account with your current registrar or by contacting their support) and purchase the transfer at DW Domains.

Keep in mind that .UK domains have a special renewal policy:

1. If  a .UK domain is close to its expiration date (i.e., it will expire within 3 months), and a transfer is initiated, the money we charged for the transfer will be used to renew the domain for 1 year.
2. If a .UK domain is transferred earlier than 3 months before its expiration date, its transfer should be free, and the domain will not be renewed during the transfer. Such a transfer order will be refunded to your DW Domains account balance automatically after the transfer completion.

That’s it!

css.php