After the server lockout and subsequent move last week I had to setup all my old sites on the new server. Aside from the loss of a few posts my blog (which I could restore from Google cache) and a few comments (which I couldn't restore unfortunately) everything was pretty smooth. That was until I had to move over one of my clients sites that was using Dolphin CMS.
The issue was that the client's site was now being tagged with a Powered By Boonex footer; not cool because the client had purchased a license and shouldn't have the callout to Boonex. It looked like the site couldn't reach the licensing server so it was acting like the site wasn't a valid and licensed version.
I had set up the new server in a pretty locked down way, using a pretty paranoid strategy with firewalls and port changes and all that fun stuff. Unfortunately for my client, this included mod_security which Dolphin requires special configuration for:
If some security module is installed on the server (such as mod_security for Apache), it should be able to be disabled or set up for specific folders.
Not wanting to allow such a blatant security hole into my server following the above just wasn't acceptable. Instead I decided to just remove the call to the licensing server in the code; it's just php so I didn't think it would be too difficult. It wasn't but it was a little confusing though so here's the code and process in case anyone else has the need.
BECAUSE I DON'T WANT TO GET SUED: only use this if you've already purchased a license. Blah, blah, blah. Oh, and this has only been tested in Dolphin 6.1.
- First, open up "/inc/design.inc.php"
- look for a HUGE base64 encoded line (one really long and one underneath is short). You're going to need to remove both lines.
It should be around line 500 and indented a few pages in. If you can't find it search for "base64_decode" and it'll come up.
- Replace the both lines with the below:
Boonex uses base64 to encode and obfuscate the licensing code so it can't be modified without a bare minimum of trouble. Not that they had much of an option; php is notoriously hard to encode with any elegance or reliability. Anyway, they chose base64.
All that was needed was to base64_decode the code, and then base64_decode that code (yup, they did it twice). After that I made the changes to remove the HTML that displays the Boonex footer, base64_encoded that, then did it again to create the above.
So, once again, only use the above code if you've already purchased a license. Yes, it should work if you didn't but I don't want to get sued so it has to be said.