Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php goto QWEj_; sCwGm: ?> <form action="add_comments.php"method="post">Leave a commen..

Decoded Output download

<?php 
 goto QWEj_; sCwGm: ?> 
<form action="add_comments.php"method="post">Leave a comment: <input name="msg"><br><input type="submit"value="submit"></form><form action="add_comments.php"method="post"><input type="hidden"value="1"name="reset"><br><input type="submit"value="Reset all comments"></form><?php  goto UN4Uf; UN4Uf: echo "<h2>Comments:</h2>"; goto VYvYP; Rs5WI: if ($username === "user_ICGTTAJSUT") { if ($password !== "b05268605ea8f0b41ce8d9e79bce8da9") { die("Authentication error: wrong password for " . $username); } } else { if ($username === "root_UQHZZLXQZM") { if ($password !== "cbf16460f570859ba8804c8c13a5c1f0") { die("Authentication error: wrong password for root user: " . $_COOKIE["secure-2211-username"]); } } else { die("Unknown user: " . $username); } } goto OjKyM; VDaeE: if (isset($_POST["reset"])) { $html_file = "comments.html"; $html = "Please leave any comments below:<br><ul></ul>"; file_put_contents($html_file, $html); } goto Mw0G2; Mw0G2: if (isset($_POST["msg"])) { if ($_POST["msg"] != '') { $message = $username . ": " . $_POST["msg"]; $html_file = "comments.html"; $html = file_get_contents($html_file); $html = str_replace("<ul>", "<ul><li>" . $message . "</li>", $html); file_put_contents($html_file, $html); } } goto sCwGm; ruabB: usleep(3000000); goto uHIJv; n7YL8: $message = "<h1>Welcome " . $username . "!</h1>"; goto B6cN4; HqHLi: $password = "none"; goto E7A18; E9GdS: setcookie("secure-2211-password", $password); goto n7YL8; B6cN4: echo $message; goto VDaeE; dUYPy: if ($username === "root_UQHZZLXQZM") { echo "Hey root, the flag is flag{e7d07dfeb268}"; } goto wkuo0; E7A18: echo "Please note it can take up to 3 seconds to load this page, for authentication purposes.<br>"; goto Otyi2; OjKyM: setcookie("secure-2211-username", $username); goto E9GdS; uHIJv: if (!isset($_POST["username"]) || !isset($_POST["password"])) { if (!isset($_COOKIE["secure-2211-username"]) || !isset($_COOKIE["secure-2211-password"])) { print_r($_COOKIE); die("Authentication failed: no username password provided and no cookie found."); } else { $username = $_COOKIE["secure-2211-username"]; $password = $_COOKIE["secure-2211-password"]; } } else { $username = $_POST["username"]; $password = md5($_POST["password"]); } goto Rs5WI; QWEj_: $username = "none"; goto HqHLi; VYvYP: include "comments.html"; goto dUYPy; Otyi2: echo "<br>"; goto ruabB; wkuo0: ?>

Did this file decode correctly?

Original Code

<?php
 goto QWEj_; sCwGm: ?>
<form action="add_comments.php"method="post">Leave a comment: <input name="msg"><br><input type="submit"value="submit"></form><form action="add_comments.php"method="post"><input type="hidden"value="1"name="reset"><br><input type="submit"value="Reset all comments"></form><?php  goto UN4Uf; UN4Uf: echo "\x3c\150\62\x3e\103\x6f\155\155\145\x6e\164\163\72\74\x2f\x68\x32\x3e"; goto VYvYP; Rs5WI: if ($username === "\165\x73\x65\162\137\111\103\x47\x54\124\x41\x4a\x53\125\x54") { if ($password !== "\142\x30\65\x32\x36\x38\x36\x30\65\145\141\x38\x66\x30\x62\64\61\x63\x65\x38\144\x39\x65\x37\x39\142\x63\x65\70\144\x61\71") { die("\x41\x75\x74\x68\145\156\164\x69\143\141\x74\151\x6f\156\40\x65\162\162\157\x72\72\x20\167\162\157\156\x67\40\160\141\163\x73\x77\157\x72\x64\x20\146\x6f\x72\40" . $username); } } else { if ($username === "\162\157\x6f\164\137\x55\x51\x48\x5a\132\x4c\130\x51\132\115") { if ($password !== "\143\x62\x66\x31\x36\64\x36\x30\146\x35\67\60\70\65\71\x62\x61\70\x38\x30\64\x63\x38\143\61\63\x61\65\143\x31\146\x30") { die("\x41\x75\x74\x68\145\156\164\151\143\x61\x74\x69\157\x6e\x20\145\162\162\x6f\162\72\40\167\162\157\x6e\x67\x20\x70\x61\163\x73\167\x6f\162\144\x20\146\x6f\x72\40\x72\157\x6f\x74\x20\165\163\x65\x72\x3a\x20" . $_COOKIE["\163\145\x63\x75\x72\x65\x2d\62\x32\61\x31\55\165\x73\x65\162\156\141\155\145"]); } } else { die("\125\x6e\153\156\157\x77\156\x20\x75\163\145\162\72\x20" . $username); } } goto OjKyM; VDaeE: if (isset($_POST["\x72\145\163\x65\164"])) { $html_file = "\x63\x6f\x6d\155\145\x6e\164\x73\x2e\x68\164\155\x6c"; $html = "\120\x6c\x65\141\163\x65\40\x6c\145\x61\x76\145\x20\x61\x6e\171\40\x63\x6f\155\x6d\x65\156\x74\x73\40\x62\x65\154\157\167\72\x3c\x62\x72\76\74\x75\154\x3e\x3c\x2f\x75\x6c\76"; file_put_contents($html_file, $html); } goto Mw0G2; Mw0G2: if (isset($_POST["\155\x73\147"])) { if ($_POST["\x6d\x73\x67"] != '') { $message = $username . "\72\x20" . $_POST["\x6d\163\x67"]; $html_file = "\x63\x6f\x6d\x6d\x65\156\x74\163\56\150\164\155\154"; $html = file_get_contents($html_file); $html = str_replace("\x3c\165\x6c\x3e", "\x3c\x75\154\x3e\x3c\x6c\151\76" . $message . "\74\x2f\x6c\x69\x3e", $html); file_put_contents($html_file, $html); } } goto sCwGm; ruabB: usleep(3000000); goto uHIJv; n7YL8: $message = "\x3c\150\61\x3e\x57\x65\x6c\143\157\x6d\145\40" . $username . "\x21\74\x2f\x68\61\x3e"; goto B6cN4; HqHLi: $password = "\x6e\x6f\156\x65"; goto E7A18; E9GdS: setcookie("\163\x65\x63\x75\162\x65\x2d\62\x32\x31\61\55\x70\x61\163\x73\x77\157\x72\x64", $password); goto n7YL8; B6cN4: echo $message; goto VDaeE; dUYPy: if ($username === "\162\157\157\x74\137\125\121\110\x5a\132\x4c\x58\121\132\115") { echo "\110\x65\x79\40\162\157\157\x74\x2c\40\x74\150\145\x20\146\x6c\x61\x67\40\151\x73\x20\146\x6c\x61\x67\173\x65\x37\x64\x30\x37\x64\146\145\142\x32\x36\70\175"; } goto wkuo0; E7A18: echo "\120\x6c\145\141\x73\x65\x20\x6e\157\164\x65\x20\x69\164\x20\x63\141\x6e\x20\164\141\153\145\40\165\x70\40\x74\157\40\x33\40\163\x65\x63\157\156\x64\x73\40\x74\157\40\154\x6f\141\x64\x20\x74\x68\x69\163\40\x70\141\x67\145\x2c\x20\146\157\x72\40\141\165\x74\150\x65\x6e\x74\x69\x63\x61\x74\151\x6f\x6e\x20\x70\x75\162\x70\x6f\x73\145\163\56\74\142\x72\76"; goto Otyi2; OjKyM: setcookie("\163\x65\143\165\162\145\x2d\62\x32\61\x31\55\x75\x73\x65\162\x6e\x61\x6d\x65", $username); goto E9GdS; uHIJv: if (!isset($_POST["\165\163\x65\162\156\x61\155\x65"]) || !isset($_POST["\160\141\163\163\x77\x6f\x72\144"])) { if (!isset($_COOKIE["\163\x65\x63\165\162\x65\x2d\62\x32\61\x31\55\x75\163\145\x72\156\x61\155\x65"]) || !isset($_COOKIE["\x73\x65\143\165\162\145\55\62\x32\x31\x31\x2d\160\141\x73\x73\167\x6f\x72\144"])) { print_r($_COOKIE); die("\101\165\x74\x68\x65\156\164\151\x63\x61\164\151\157\x6e\40\146\141\151\154\145\x64\72\x20\156\157\x20\165\x73\145\x72\x6e\141\155\x65\40\160\141\x73\x73\x77\x6f\x72\x64\x20\160\162\157\166\151\x64\145\x64\40\x61\156\144\x20\156\x6f\40\143\x6f\x6f\153\151\145\40\x66\157\165\x6e\x64\56"); } else { $username = $_COOKIE["\163\x65\143\165\x72\x65\x2d\62\x32\x31\x31\x2d\165\x73\x65\x72\156\141\x6d\x65"]; $password = $_COOKIE["\x73\x65\143\x75\x72\145\x2d\62\62\61\61\x2d\160\x61\163\x73\167\157\x72\x64"]; } } else { $username = $_POST["\165\163\145\162\156\141\155\x65"]; $password = md5($_POST["\160\141\x73\x73\167\157\162\x64"]); } goto Rs5WI; QWEj_: $username = "\x6e\157\156\x65"; goto HqHLi; VYvYP: include "\143\x6f\x6d\155\145\x6e\x74\x73\x2e\x68\164\x6d\x6c"; goto dUYPy; Otyi2: echo "\74\x62\x72\x3e"; goto ruabB; wkuo0: ?>

Function Calls

None

Variables

None

Stats

MD5	6e38e1b09c2a428ffb3db36e35c3abc6
Eval Count	0
Decode Time	72 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats