0

I am having the strangest problem. I wrote a module for WHMCS which is working fine in my WHMCS but not in a client's... We have the exact same setup's (server related) both are cPanel and both versions of WHMCS are the same. The only difference it seems is in the php version.

He is running PHP 5.4.24 and I am running 5.5 when he enters into my main module he gets an intimidate message :

Deprecated: Function ereg_replace() is deprecated in /home/dir/.....:eval()'d code on line 1

When he tried to generate a PDF he gets this error:

Notice: Undefined variable: response in /home/dir.../index.php(1) : eval()'d code(1) : eval()'d code on line 102

I have searched and searched... I cannot find the function or the eval()'d value anywhere in my code. I am not sure at all where this is coming from.

Also, I have checked line 102 and it simply says: 

<h3 style="text-align:center"><? echo $response; ?></h3>

Even if the $response variable does not exist it should not give that error should it?

How can I locate where this issue is coming from?

PS:

The code is encrypted, but even when searching the encrypted code I cannot see the function or anything related.

Any assistance would be awesome in resolving this issue :)

Marcel
  • 874
  • 1
  • 14
  • 28
  • Check your php.ini error reporting levels – Mark Baker Nov 23 '15 at 20:23
  • Check the PHP error log level: [error_reporting()](https://secure.php.net/manual/function.error-reporting.php). I assume it differs on the two servers – Reeno Nov 23 '15 at 20:23
  • And it's never good to use eval(), not simply because it's dangerous, but because it's very difficult to trace errors in evalled code – Mark Baker Nov 23 '15 at 20:24
  • Use preg_replace. Same as: http://stackoverflow.com/questions/3132844/function-ereg-replace-is-deprecated-how-to-clear-this-bug – Osama Yawar Khawaja Nov 23 '15 at 20:25
  • 1
    btw, [ereg_replace](https://secure.php.net/manual/function.ereg-replace.php) is deprecated since 5.3.0 – Reeno Nov 23 '15 at 20:25
  • Thanks for all the quick responses... But the issue is I never used eval()... I even searched the encrypted code but it was not there either... – Marcel Nov 23 '15 at 20:26
  • 1
    `the encrypted code...` This almost guarentees the code gets decrypted, then `eval`ed. Why are you doing that in the 1st place? – Steve Nov 23 '15 at 20:27
  • @steve The software is licensed and I do not want them to simply remove the license functions or copy the code... – Marcel Nov 23 '15 at 20:28
  • 1
    Sure, but the point is,its absolutely trivial to reverse this type of protection, so all it does is making debugging harder for you (and any honest users), and reduce confidence in your product (no 3rd party code encrypted in this way would be allowed onto our servers for example) – Steve Nov 23 '15 at 20:52
  • To expand on @Reeno's comment above, PHP 5.3 was released more than 6 years ago. There's no excuse to use `ereg_*` since then; transitions to `preg_*` functions are so easy 95% of the time. – miken32 Nov 23 '15 at 21:11
  • So @miken32 if the encryption software still uses `ereg_` it would mean that it is no longer being updated? Meaning conflicts would become imminent... Because I did not at the code, i can only think the encryptor is adding the code. – Marcel Nov 23 '15 at 21:19
  • Probably. You're causing yourself a whole lot of unnecessary work by trying to hide your code. If someone is running this code on their server, there's a good chance they could figure out how to get your code in 20 minutes because they have to have the encryption key, or they can't run the code. If you're that worried, learn C and write an executable! – miken32 Nov 23 '15 at 21:23

0 Answers0