Un-encoding a php file?

Hi,

I downloaded and installed a WordPress theme:
Free WP Template – Designme WordPress Theme

Trouble is, the footer has links to dodgy websites, which I’d like to remove.

When I look at the “footer.php” file, it looks like the code at the bottom of this post. Is there any way I can get at the actual HTML that the code represents?

Any advice much appreciated.

Thanks

<?php $_F=__FILE__;$_X='Pz48L2Q0dj4gPCEtLSA1bmQgZDR2ICNwMWc1LTRubjVyIC0tPg0KPC9kNHY+IDwhLS0gNW5kIGQ0diAjcDFnNSAtLT4NCjwhLS0gRU5EIFBBR0UgLS0+DQoNCg0KCTw/cGhwIDRmIChnNXRfMnB0NDJuKCc1dDVkXzFjdDR2MXQ1X2IydHQybV9tNW4zJyApID09J3RyMzUnICkgezRuY2wzZDUoVEVNUExBVEVQQVRIIC4gJy80bmNsM2Q1cy9iMnR0Mm0tbTVuMy5waHAnKTsgfSA/PiANCgkNCg0KCTwhLS0gQkVHSU4gRk9PVEVSIC0tPg0KCTxkNHYgNGQ9ImYyMnQ1ciI+DQoJPGQ0diA0ZD0iZjIydDVyLTRubjVyIiBjbDFzcz0iY2w1MXJmNHgiPg0KCQkNCgkJPGQ0diA0ZD0iZjIydDVyLWw1ZnQiPg0KCQkJPHA+VGg1bTUgYnkgPDEgaHI1Zj0iaHR0cDovL3RyM2Nrcy5yNXY0NXc0dDJubDRuNS5uNXQvIiB0NHRsNT0iVHIzY2tzIj5UcjNja3M8LzE+PGJyIC8+DQoJCQk8MSBocjVmPSJodHRwOi8vd3d3LmI1c3RzM3ZyMXQ0bmdzLmMybS8iIHQ0dGw1PSJTVVYiPlNVVjwvMT4gfCA8MSBocjVmPSJodHRwOi8vd3d3Lmc1bjVyNGsxajV0enQuYzJtL3Y0MWdyMS1nNW41cjRrMS5odG1sIiB0NHRsNT0iVjQxZ3IxIEc1bjVyNGsxIj5WNDFncjEgRzVuNXI0azE8LzE+IHwgPDEgaHI1Zj0iaHR0cDovL3d3dy5nNW41cjRrMWo1dHp0LmMybS9jNDFsNHMtZzVuNXI0azEuaHRtbCIgdDR0bDU9IkM0MWw0cyBHNW41cjRrMSI+QzQxbDRzIEc1bjVyNGsxPC8xPjwvcD4JCQkNCgkJPC9kNHY+IDwhLS0gNW5kIGQ0diAjZjIydDVyLWw1ZnQgLS0+DQoNCgkJPGQ0diA0ZD0iZjIydDVyLXI0Z2h0Ij4NCgkJCTxwPiZjMnB5OyA8P3BocCA1Y2gyIGQxdDUoJ1knKTs/PiA8MSBocjVmPSI8P3BocCBibDJnNG5mMignczR0NTNybCcpOz8+LyIgdDR0bDU9Ijw/cGhwIGJsMmc0bmYyKCduMW01Jyk7Pz4iID48P3BocCBibDJnNG5mMignbjFtNScpOz8+PC8xPjxiciAvPg0KCQkJPD9waHAgNWNoMiBzdHI0cHNsMXNoNXMoZzV0XzJwdDQybignNXQ1ZF9mMjJ0NXJfdDV4dCcpKTsgPz48L3A+DQoJCTwvZDR2PiA8IS0tIDVuZCBkNHYgI2YyMnQ1ci1yNGdodCAtLT4NCg0KCTwvZDR2PiA8IS0tIDVuZCBkNHYgI2YyMnQ1ci00bm41ciAtLT4NCgk8L2Q0dj4gPCEtLSA1bmQgZDR2ICNmMjJ0NXIgLS0+DQoJPCEtLSBFTkQgRk9PVEVSIC0tPg0KCQkNCjwvZDR2PiA8IS0tIDVuZCB3cjFwcDVyIC0tPg0KDQo8P3BocCB3cF9mMjJ0NXIoKTsgPz4NCjw/cGhwIDRmICggZzV0XzJwdDQybignNXQ1ZF9nMV9jMmQ1JykgPD4gIiIgKSB7IDVjaDIgc3RyNHBzbDFzaDVzKGc1dF8ycHQ0Mm4oJzV0NWRfZzFfYzJkNScpKTsgfSA/Pg0KDQo8L2IyZHk+DQo8L2h0bWw+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

The resulting HTML page of any script can be seen in your browser. Right click in the page and choose ‘view source’ or however it is called in your browser.

the footer has links to dodgy websites, which I’d like to remove.

What does the license say? Are you allowed to do that? If they went through the trouble of encoding that part, there might be a reason.

<?php
$_F=FILE;$_X=‘Pz48ZDR2IDRkPSJmMjJ0NXIiPjxwPjw/cGhwIGJsMmc0bmYyKCduMW01Jyk7ID8+IDRzIHByMjNkbHkgcD J3NXI1ZCBieSA8MSBocjVmPSJodHRwOi8vdzJyZHByNXNzLjJy Zy8iPlcycmRQcjVzczwvMT4uIEQ1czRnbjVkIGJ5OiA8MSBocj VmPSJodHRwOi8vd3d3Lm9laWsxcm0xLmMybSI+b2VpIEsxcm0x PC8xPjxicj4NClNwMm5zMnI1ZCBieTogPDEgaHI1Zj0iaHR0cD ovL3d3dy5teXI0bmd0Mm41c2gzYi5jMm0vIj5EMndubDIxZCBS NG5ndDJuNXM8LzE+IHwgPDEgaHI1Zj0iaHR0cDovLzRudjVzdD RuZy02MDYuMnJnLyI+SW52NXN0NG5nIDYwNjwvMT4gfCA8MSBo cjVmPSJodHRwOi8vc2s0bi1kNHM1MXM1Lm41dC8iPlNrNG4gRD RzNTFzNTwvMT4NCjwvc2NyNHB0PjwhLS0gfCA8P3BocCA1Y2gy IGc1dF9uM21fcTM1cjQ1cygpOyA/PiBxMzVyNDVzLiA8P3BocCB0NG01cl9zdDJwKDYpOyA/PiBzNWMybmRzLi0tPiA8P3BocCB3cF9mMjJ0NXIoKTsgPz48L3 A+PC9kNHY+’;

eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKT skX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIz NDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi 4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw== '));
?>

then

<?php

$test = base64_decode(‘JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g 9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2J yk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0Y uIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==’);

echo $test;
?>

$_X=base64_decode($_X);$_X=strtr($_X,‘123456aouie’ ,‘aouie123456’);$_R=ereg_replace(‘FILE’,“'”.$_F.“'”,$_X);eval($_R);$_R=0;$_X=0;

<?php
$_F=FILE;$_X=‘Pz48ZDR2IDRkPSJmMjJ0NXIiPjxwPjw/cGhwIGJsMmc0bmYyKCduMW01Jyk7ID8+IDRzIHByMjNkbHkgcD J3NXI1ZCBieSA8MSBocjVmPSJodHRwOi8vdzJyZHByNXNzLjJy Zy8iPlcycmRQcjVzczwvMT4uIEQ1czRnbjVkIGJ5OiA8MSBocj VmPSJodHRwOi8vd3d3Lm9laWsxcm0xLmMybSI+b2VpIEsxcm0x PC8xPjxicj4NClNwMm5zMnI1ZCBieTogPDEgaHI1Zj0iaHR0cD ovL3d3dy5teXI0bmd0Mm41c2gzYi5jMm0vIj5EMndubDIxZCBS NG5ndDJuNXM8LzE+IHwgPDEgaHI1Zj0iaHR0cDovLzRudjVzdD RuZy02MDYuMnJnLyI+SW52NXN0NG5nIDYwNjwvMT4gfCA8MSBo cjVmPSJodHRwOi8vc2s0bi1kNHM1MXM1Lm41dC8iPlNrNG4gRD RzNTFzNTwvMT4NCjwvc2NyNHB0PjwhLS0gfCA8P3BocCA1Y2gy IGc1dF9uM21fcTM1cjQ1cygpOyA/PiBxMzVyNDVzLiA8P3BocCB0NG01cl9zdDJwKDYpOyA/PiBzNWMybmRzLi0tPiA8P3BocCB3cF9mMjJ0NXIoKTsgPz48L3 A+PC9kNHY+’;

$_X=base64_decode($_X);
$_X=strtr($_X,‘123456aouie’,‘aouie123456’);
$_R=ereg_replace(‘FILE’,“'”.$_F.“'”,$_X);
echo $_R;
?>

=

?><div id=“footer”><p><?php bloginfo(‘name’); ?> is proudly powered by <a href=“http://wordpress.org/”>WordPress</a>. Designed by: <a href=“http://www.365karma.com”>365 Karma</a><br>
Sponsored by: <a href=“http://www.myringtoneshub.com/”>Download Ringtones</a> | <a href=“http://investing-101.org/”>Investing 101</a> | <a href=“http://skin-disease.net/”>Skin Disease</a>
</script><!-- | <?php echo get_num_queries(); ?> queries. <?php timer_stop(1); ?> seconds.–> <?php wp_footer(); ?></p></div>

Also take a look at this url: http://www.pmkoch.com/blog/webpages/removing-wootheme-footers/

You see that in your browser? :open_mouth:

Except that I wouldnt use a deprecated command (ereg_replace)… yeah.

As guido said, I would read the license a bit before you go poking at things like this.

Never mind this post of mine, I thought it was a post from the OP, and instead it was an answer to one of his questions :slight_smile:

The only way I found to eliminate it (at least visually) was by changing its size. It is the footer-left and you can access it in the stylesheet file (stye.css) in the editor.
#footer-left, #footer-left a { font-size: 0% }

I hope this works :slight_smile:

Decoding this is easy, swap eval for echo. Then copy the results of that echo back into the file then replace eval one more with echo. You now have it decoded.


?>
</div><!-- end div #page-inner -->
</div><!-- end div #page -->

<!-- END PAGE -->

<?php if ( get_option( 'eted_activate_bottom_menu' ) =='true' ) {
  include TEMPLATEPATH . '/includes/bottom-menu.php'; } ?>

<!-- BEGIN FOOTER -->
<div id="footer">
  <div id="footer-inner" class="clearfix">
    <div id="footer-left">
      <p>Theme by <a href="[DELETED]" title="Trucks">Trucks</a><br>
      <a href="[DELETED]" title="SUV">SUV</a> | <a href="[DELETED]" title="Viagra Generika">Viagra Generika</a> | <a href="[DELETED]" title="Cialis Generika">Cialis Generika</a></p>
    </div><!-- end div #footer-left -->
    <div id="footer-right">
      <p>&copy; <?php echo date( 'Y' ); ?> <a href="<?php bloginfo( 'siteurl' ); ?>/" title="<?php bloginfo( 'name' ); ?>" ><?php bloginfo( 'name' );?></a><br />
      <?php echo stripslashes( get_option( 'eted_footer_text' ) ); ?></p>
    </div><!-- end div #footer-right -->
  </div><!-- end div #footer-inner -->
</div><!-- end div #footer -->
<!-- END FOOTER -->

</div><!-- end wrapper -->

<?php wp_footer();
  if ( get_option( 'eted_ga_code' ) <> "" ) {
    echo stripslashes( get_option( 'eted_ga_code' ) ); } ?>

</body>
</html>

And I see why you want to remove those links. nothing but garbage spam.

This thread is over a year old and the OP showed no interest after their initial post.

Doh…face + hand I didn’t look at the original post date. Assumed it was new. D:

Closing this post :slight_smile: