Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php // ** This script is copyright and must not be distributed ** $domaincod..

Decoded Output download

?><?
// Copyright AX Gold Software Ltd 2009 - All Rights Reserved

error_reporting (E_ALL ^ E_NOTICE);

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

$domain = $_SERVER['SERVER_NAME'];
if (substr ($domain, 0, 4) == 'www.')  $domain = substr ($domain, 4);
$len = strlen ($domain);
$val = 2476931 + ($len * 28737);
for ($c = 0; $c < $len; $c ++)  $val += ord($domain[$c]) * (93 + $c);
if ($val != $domaincode)  die ("<BR><BR><BR>This website is not the one that this script was created for.<BR><BR><BR>Please re-generate this script using domain name <b>$domain</b>");

$fname = '';
if ($_GET['zkwz'])
{
	$fname = $_GET['zkwz'];
	$len = strlen ($fname);
	if ($len < 5  ||  (substr ($fname, $len - 4) != '.htm'  &&  substr ($fname, $len - 5) != '.html'))  die ("Illegal File Name (non HTML file): $fname");
	if (strpos ($fname, '..') !== false  ||  strpos ($fname, '\') !== false  ||  $fname[0] == '/')  die ("Illegal File Name: $fname");
	if (! file_exists ($fname))  die ("File Not Found: $fname");
	$p = strpos ($_SERVER['QUERY_STRING'], '&');
	if ($p)  $_SERVER['QUERY_STRING'] = substr ($_SERVER['QUERY_STRING'], $p + 1);
	else $_SERVER['QUERY_STRING'] = '';
}

$agent = strtolower ($_SERVER['HTTP_USER_AGENT']);

$url = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; 

foreach ($spiderlist as $spider)
{ 
	if (strpos ($agent, $spider) !== false)  $found = $spider;
}

if ($found)
{
	$found = ucwords ($found);
	$body = 
"This is an automated email from your Search Engine Detector script


Spider \"$found\" has visited:

$url



Full Spider ID: " . $_SERVER['HTTP_USER_AGENT'] . "

Spider IP Addresss: " . $_SERVER['REMOTE_ADDR'] . "

Date: " . date('F j Y 	 H:i') . " 

"; 

	mail ($email, $subject, $body, "From: $from");
}


if ($fname)
{
	$p = strrpos ($fname, '/');
	if ($p)
	{
		chdir (substr ($fname, 0, $p));
		$fname = substr ($fname, $p + 1);
	}
	include $fname;
}
?><?

Did this file decode correctly?

Original Code

<?php

// ** This script is copyright and must not be distributed **




$domaincode = 2861300;

$spiderlist = array ('googlebot');

$email = '';

$from = '';

$subject = 'Search Engine Detected';






eval(gzinflate(base64_decode('
fVZtU+JIEP4sVfyHNkUZOFHwbT0QtDiJyBawXohX
tyVcKiQDZDdkqMlE1r31v2/3JLxJaRVWJumn3/vp
8ea6dpPNlEpwy+cvwp9MJTT+hRYPPOjzsVw4gkFH
enBaLlfgCBpBACahIjBZxMQz87KZbIYJwYUt2JwL
6YcTyBt2o9OB/8Cwe1+s9q1RuCLYlDkeE3nN+DH3
BYuq0OVhEU4/wec4gJNK5RLKF9VyGX/Q6loaKS1V
Ok4kj7rc88c+86qgwTFMZp4jWV5rFsGDLnyF+6pf
jbQCirQd/VvHnbKjWx5KwYMqhPwoklywIp1ckhVh
FqMLwZ6dwCfDH6nPOULxi/u9Xi7CXLDli1aEsRNE
bFP3QTiTmVNdedKSYuQ8PnP8EOqQs/uG+Y9hPunJ
0+41uoY+RJQ/hnwUjyIpIJ/ii4AezwtQr4O+WCyO
9QLA2tQO+Jyc5QKmhFLQYSlUEswWJafnl58qZydw
iEKC/AGnf16eXRJizMmci6DyFeCzBoRQx8ND8k0W
DuvAhbc0/JRzhwW0ka+cocWcW0gzUdD9+jJcl3sM
DXg+g7xW+8u8Xv5ZUz+CBRtFvmSAx5BLkFMGPGT4
dOgFv0au8OcSFk4ErmDYMA8w1uNNQw8BcyIG2J4J
C5lAzJZqHNGsprULnRmD2ug6Da5WGl0vGzVWMqy3
vkzEbhnWk/7z++KnPixkM/9nM3sr1JbwiiRvqq+A
ZHpP2aKPNbgA+PULNrqtUEVVbOQdNhwLpx9P5UwH
ODgAeAd4sQYGemFV3nYQsAlW/84PGPQo0HzIQ7i3
uh0Y47dCFRJD2iowtI5jvnagH9Os7ePcqQlP4t0B
DQa7oET4VB6qoS3p70e1G8W+Cs9mP/xIrvys80o0
cT7ueBx62+q5eVL1JMAVx/5+NMyvdt8y272WPsSQ
D/R1M+Y00e9AN+n1rjV0eggnyiCjAnxgTI3Tq5ow
B+dTJtFKHvAF2/Jxb1kP9iO+2Y2W0bNw5JK5jAVx
V5tKOa+WSrQS39kkWxLTwEj6lv1otnE+gSwhbxhu
JvQZzX3cWQEWG5BX6StNOLydChVycQVZ95wqOKZu
EBcS6TJPVWIlW5EmBcbuAhdItBKr/o2494KybEZT
GwF/TghOLJGgxHaGPA1gLPgMXngsoM8cgUkY4cTH
RdFkkrm44lOyk/tspq/CgYGWuBloMMU0n33aNF51
WdQEm83cxXjbpSrtZnLpfNAVunc2nLQfoOF5eM1F
0VtV0+h+sfCKbDbNtVoTk0qA6lrT7+Ab3mkDZyDp
YtOTa42AWtK0PZV+PqfKQI2IR98wYzxR3Yqg3WFl
iBH4UIR4TbJKmqBolDYh5ckbJpe2aIEnwu65U88X
u2uqTJNfUArrTbizotbceCXLoRvEHks5mwR4g/+O
/AY=
'))); ?>

Function Calls

gzinflate 1
base64_decode 1

Variables

$from
$email
$subject Search Engine Detected
$domaincode 2861300
$spiderlist [{'key': 0, 'value': 'googlebot'}]

Stats

MD5 8848964229f91f44492523104d71ff22
Eval Count 1
Decode Time 57 ms