Settings

The file pobs-ini.inc.php controls many aspects of POBS behavior. POBS will try to include it and looks for it in the current working directory.
Instead of a real "ini-file" it's just a plain PHP scriptfile. It is assumed you are familiar with PHP code syntax if you use PHP Obscure so configuring this file won't give you too much trouble.

Replace selectively
When you first use POBS you are advised to NOT replace variables immediately. Just replace functions and constants first and see whether your program still runs properly. If it does, you might want to replace variables as well.

$ReplaceFunctions=TRUE;
$ReplaceConstants=TRUE;
$ReplaceVariables=FALSE;

Exclude variables, constants or functions
You probably want to exclude certain variables. This is particularly helpful when you make use of these variables in your Query_String I.e.: http://www.domain.com/phpprogram.php?uid=234&action=select.
In this particular example you might need ( I do strongly recommend it) to add at least "uid" and "action" to $UdExcVarArray in order to keep your program running properly. It also prevents your URLs from appearing extraterrestrial) Do NOT use the dollar sign ($) to indicate the name of a variable in this array. The names of the variables, constants and functions are case sensitive (which should go without saying since PHP is case-sensitive too.)

My advice would be to use a naming convention for all QUERY_STRING parameters. Personally I use variablenames like "PA" and "POR" in the QUERY_STRING so that they can easily be dealt with and can easily be excluded from being replaced by POBS (by adding them to $UdExcVarArray).

$UdExcVarArray=array("Dummy Entry","var1","*var2","var3","params_*","whc_*");
Wildcards can be used at the beginning or at the end of each variablename.

$UdExcConstArray=array('Dummy Entry',"FRAMESET");
$UdExcFuncArray=array('Dummy Entry', "CheckValue");

Do not remove the Dummy Entry since it may result in bad breath and other nasty things.

Predefined PHP Variables
It is essential that POBS does not replace Predefined PHP Variables. These variables are included in the $StdExcVarArray. Since newer versions of PHP can have new predefined variables you might add these yourself.

It is adviced not to delete entries from $StdExcVarArray as it may result in a none-working program. To keep things tidy it is advised to only add new entries which are clearly predefined PHP variables.

For adding your own excluded variables it is recommended to edit $UdExcVarArray

Source and target directories
Before running POBS for the first time your need to change both directories to your liking. POBS will not create the directories for you in case they don't exist. N.B. These directories are complete (absolute) directories and NOT relative to the root directory of your webserver!
The program will not run in case source and target directory are identical. Make sure the source directory is read enabled and the target directory is write enabled. Directories are case-SENSITIVE (Well, not on Win32, that is)

$SourceDir="/application/php";
$TargetDir="/application/phpcrypt";

Remove comments and indents and returns
To further obscure your sourcecode you can remove the comments and indents. This should only be done in the end, when you have replaced variables, functions and constants and are certain your obfuscated code works.

$RemoveComments=FALSE;
$RemoveIndents=FALSE;
$ConcatenateLines=FALSE;

The concatenation of lines can create problems when used with inline Javascript or inline HTML with the <pre> tag used.

function JsCheckField() {
var1="x"
var2="y"
}

In the example above, concatenation will lead to a malfunctioning Javascript function.

function JsCheckField() {var1="x"var2="y"}

To avoid this you can:

  1. Turn concatenation off
  2. End every javascript codeline with ';"
  3. echo Javascript like: echo "function JsCheckField() {n";

$FileExtArray
This array is used for the allowed file-extensions. Like php, inc, php4 etc. A user asdked me how to let POBS scan files without any file-extension. Good question. Up till now there is no solution for that yet. Hopefully in the next version. It's on the todo list.

$StdExcVarArray
This is the array with all the predefined PHP variables in it. Since PHP will add new ones in the future you must add them to this array if you use them in your PHP code.

$StdObjRetFunctionsArray
If you use classes and want classes to be replaced by POBS a problem might occur. Suppose you have a databasetable with the fields "name", "address" and "telephone" in it. You fetch these records with the function mysql_fetch_object.

Consider the following code:

echo $telephone;
while ($row = mysql_fetch_object ($result)) {
echo $row->name;
echo $row->address;
echo $row->telephone;
}

POBS will replace both the variablename $telephone (with Vb9bb7e7b) and $row->telephone with $Vf1965a85->Vb9bb7e7b. The first replacement is okay but the second is wrong since the fieldname in your database will not change from telephone to Vb9bb7e7b. Adding mysql_fetch_object to $StdObjRetFunctionsArray prevents the replacement of telephone as part of the object $row.

$StdReplaceComments
$StdReplaceComments will let you control which comments you want to remove. By default these are /* combined with */ , # and //
But, the removal of comments can be hazardous. Consider the following code:

header("Location: http://www.amsterdam.nl"); // All OK, redirect browser
or
$LinkColorA=" color: #".$LinkColorA.";";

Both // and # are considered commentsmarkers. If you instruct POBS to remove comments you might end up with
$LinkColorA=" color: instead of
$LinkColorA=" color: #".$LinkColorA.";";

In this case it would be easiest to do not remove comments.

$StdExcKeyArray
This array contains variables for which their key will be not replaced if used in an array. For example if HTTP_SERVER_VARS is part of $StdExcKeyArray REMOTE_ADDR in HTTP_SERVER_VARS['REMOTE_ADDR'] will be not replaced.



Walhalla Publicaties (c) 2001