Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61..
Decoded Output download
?><?php
$nano = new NanoFramework();
if (file_exists($bp . "/config/db.php")) {
include_once $bp . "/config/db.php";
}
if (file_exists($bp . "/config/auth.php")) {
include_once $bp . "/config/auth.php";
}
/*
$nano->set('REWRITE', FALSE);
$nano->set('UI', 'gui/');*/
$getHome=function ($nano, $params)
{
global $baseurl;
$baseurl = baseurl() . "";
include "App/gui/index.html";
};
$nano->get('/', $getHome);
$installError=function($p)
{
json_push(array("install" => true,'data'=>$p));
};
$activationError=function ($p)
{
json_push(array("activate" => true));
};
function generateRandomString($length = 10)
{
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, strlen($characters) - 1)];
}
return $randomString;
}
$addUser=function ()
{
global $dbnew;
global $dbdata;
$dbnew = new PDO('mysql:host=' . $dbdata['host'] . ';port=' . $dbdata['port'] . ';dbname=' . $dbdata['name'] . '',
$dbdata['user'],
$dbdata['password']);
global $bp;
try {
$item = new User();
$item->name = $_POST['user'];
$item->password = md5($_POST['password']);
$item->save();
json_push(array("ok" => 1));
file_put_contents($bp . "/config/db.php", file_get_contents($bp . "/config/db.php") . '$installed=true; $api="' . generateRandomString(20) . '";');
} catch (Exception $ex) {
json_push(array("error" => $ex->getMessage()));
}
};
$testDB=function ()
{
$dbdata = $_POST;
try {
if (empty($dbdata['name'])) {
throw new Exception('Invalid DB');
}
global $dbnew;
$dbnew = new PDO('mysql:host=' . $dbdata['host'] . ';port=' . $dbdata['port'] . ';dbname=' . $dbdata['name'] . '',
$dbdata['user'],
$dbdata['password']);
DB::run("SELECT USER();");
global $bp;
file_put_contents($bp . "/config/db.php", '<?php $dbdata=json_decode("' . str_replace('"', '\"', json_encode($dbdata)) . '",true);');
json_push(array("ok" => 1));
} catch (Exception $ex) {
json_push(array("error" => $ex->getMessage()));
}
};
$importSQL=function ()
{
global $bp;
global $dbnew;
global $dbdata;
$dbnew = new PDO('mysql:host=' . $dbdata['host'] . ';port=' . $dbdata['port'] . ';dbname=' . $dbdata['name'] . '',
$dbdata['user'],
$dbdata['password']);
DB::run("SELECT USER();");
$temp = '';
$count = 0;
$file = fopen($bp . "/App/install.sql", 'r');
while ($line = fgets($file)) {
if ((substr($line, 0, 2) != '--') && (substr($line, 0, 2) != '/*') && strlen($line) > 1) {
$last = trim(substr($line, -2, 1));
$temp .= trim(substr($line, 0, -1));
if ($last == ';') {
DB::run($temp);
$count++;
$temp = '';
}
}
}
fclose($file);
json_push(array("ok" => 1));
};
$install=function ()
{
global $bp;
$req = array();
$errors = 0;
$req[] = array('type' => 'success', 'text' => "PHP version greater or equal 5.3: <b>" . PHP_VERSION . "</b>");
if (is_writable($bp . "/config")) {
$req[] = array('type' => 'success', 'text' => "Folder config/ is writable");
} else {
$errors++;
$req[] = array('type' => 'error', 'text' => "Folder config/ is not writable");
}
if (is_writable($bp . "/App/tmp")) {
$req[] = array('type' => 'success', 'text' => "Folder App/tmp is writable");
} else {
$errors++;
$req[] = array('type' => 'error', 'text' => "Folder App/tmp is not writable");
}
if (function_exists('curl_init')) {
$req[] = array('type' => 'success', 'text' => "PHP cUrl installed");
} else {
$errors++;
$req[] = array('type' => 'error', 'text' => "PHP cUrl missing");
}
if (function_exists('imap_open')) {
$req[] = array('type' => 'success', 'text' => "PHP IMAP installed");
} else {
$errors++;
$req[] = array('type' => 'error', 'text' => "PHP IMAP missing");
}
if (function_exists('gd_info')) {
$req[] = array('type' => 'success', 'text' => "PHP GD installed");
} else {
$errors++;
$req[] = array('type' => 'error', 'text' => "PHP GD missing");
}
if (defined('PDO::ATTR_DRIVER_NAME')) {
$req[] = array('type' => 'success', 'text' => "PHP Data Objects installed");
} else {
$errors++;
$req[] = array('type' => 'error', 'text' => "PHP Data Objects (PDO) missing");
}
$socket = @fsockopen("smtp.gmail.com", 587, $errno, $errstr, 1);
if (!$socket) {
$req[] = array('type' => 'warning', 'text' => "Your hosting provider seems to be blocking outbound connections");
} else {
$req[] = array('type' => 'success', 'text' => "Outbound Connections working.");
fclose($socket);
}
$data = array("requirement" => $req);
if ($errors == 0) {
$data['ok'] = 1;
}
json_push($data);
};
if (!isset($installed)) {
$nano->get('/install', $install);
$nano->get('/importSQL', $importSQL);
$nano->post('/install', $testDB);
$nano->post('/adduser', $addUser);
//$nano->set('ONERROR', 'installError');
$nano->error_handler($installError);
$nano->run();
exit();
}
$domain = $_SERVER['HTTP_HOST'];
if (substr($domain, 0, 4) === "www.") {
$domain = substr($domain, 4);
}
$code = md5($dbdata['name'] . $domain . getcwd() . json_encode($dbdata));
try {
if (isset($key) && md5($code . "" . "qtQ%8G4lS%[9S!8VQ8J,jr2y<tV95@j{nG(y24TD5@O\"w") == $key) {
$activated = "adasdads";
}
} catch (Exception $ex) {
}
$getActivate=function ()
{
global $bp, $code;
$pass = array('key' => $_POST['licence'], 'url' => baseurl(), 'code' => $code);
$fields_string = "";
foreach ($pass as $key => $value) {
$fields_string .= $key . '=' . urlencode($value) . '&';
}
rtrim($fields_string, '&');
$ch = curl_init();
$url = 'http://dev.ynh.io/licences/activate';
//set the url, number of POST vars, POST data
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, count($pass));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//execute post
$result = curl_exec($ch);
curl_close($ch);
$data = json_decode($result, true);
if (isset($data['error'])) {
json_push($data);
} else {
try {
file_put_contents($bp . "/config/auth.php", '<?php $key="' . $data['key'] . '";');
} catch (Exception $ex) {
json_push(array('error' => $ex->getMessage()));
exit();
}
json_push(array('ok' => 1));
}
};
$idf = isset($code) ? md5($code) : "";
$kc = isset($_POST['key']) && isset($key) && $key == $_POST['key'];
$delac=function ()
{
global $bp, $idf;
include $bp . "/config/auth.php";
global $kc;
if (isset($_POST['key']) && $idf == $_POST['key']) {
json_push(array('ok' => 'ok'));
} else if ($kc) {
if (isset($_POST['del'])) {
file_put_contents($bp . "/config/auth.php", '<?php ');
json_push(array('ok' => 'ok'));
}
} else {
json_push(array('error'));
}
};
if (!isset($activated)) {
$nano->post('/activate', $getActivate);
$nano->error_handler($activationError);
$nano->run();
exit();
} else {
$nano->post('/activate', $delac);
}
unset ($code);
if (isset($key)) {
unset ($key);
}
unset ($activated);
unset ($domain);
addRouting('POST /auth', 'auth', true);
function auth($nano, $params)
{
global $secret;
if (md5($_POST['key'] . "" . $secret) == $_POST['key2']) {
DB::run('DELETE s FROM `sessions` as s WHERE user_id NOT IN (SELECT id FROM `users`) OR s.`lastaccess` < now() - interval 3 day');
$data = DB::run('SELECT * FROM `users` WHERE `name` = :username AND MD5(CONCAT(`password`,:key)) = :password', array(
':password' => $_POST['password'],
':username' => $_POST['username'],
':key' => $_POST['key']
));
if (count($data) > 0) {
json_push(array("accessToken" => createSession($data[0]['id'])));
return;
}
}
json_push(array("accessToken" => ""));
}
function userid()
{
return md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
}
function createSession($user_id)
{
$at = md5(time() . "" . rand(0, 1999900));
$item = new Session();
$item->user_id = intval($user_id);
$item->lastaccess = date("Y-m-d H:i:s");
$item->accesstoken = $at;
$item->clientid = userid();
$item->ip = $_SERVER['REMOTE_ADDR'];
$item->save();
return $at;
}
$about= function($nano, $params)
{
if (authenticated()) {
json_push(array('username' => "Admin"));
}
};
$loggedin = null;
function authenticated()
{
global $loggedin;
if ($loggedin == null) {
if (isset($_GET['access_token']) && $_GET['access_token'] != "") {
$item = getSessionItem();
if ($item == null || $item->accesstoken != $_GET['access_token']) {
$loggedin = false;
return $loggedin;
}
$item->lastaccess = date("Y-m-d H:i:s");
$item->save();
$loggedin = true;
} else {
$loggedin = false;
}
}
return $loggedin;
}
function authenticatedAPI($nano)
{
global $api;
return isset($api) && $_GET['api'] === $api;
}
function getSessionItem()
{
$item = Session::findOne(array("accesstoken" => $_GET['access_token'], "clientid" => userid()));
return $item;
}
function addRouting($a, $m, $public = false, $api = false)
{
global $nano;
if ($public || authenticated() || ($api && authenticatedAPI($nano))) {
list($method, $route) = explode(" ", $a);
$route = str_replace("@", ":", $route);
if ($method == "GET") {
$nano->get($route, $m);
} else if ($method == "POST") {
$nano->post($route, $m);
} else if ($method == "DELETE") {
$nano->delete($route, $m);
} else if ($method == "PUT") {
$nano->put($route, $m);
}
}
}
addRouting('GET /about', $about, true);Did this file decode correctly?
Original Code
preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'zVjHDsRIbv2XuaxtGavYCvBJOecsLGAoq5Vz+nr3eBawL777QBBFsgCqxHp8rHkt6/9cy7lP8/Jf/gD//m9g+ce///GPG//84ybwn4Z/wv7jRsifJn42+qepn/A/wf/y/RlDYH/t+e845J829C8b+otDf/6P8Fv/Mw7/0/e/1gj5N/c5DfchlFenPJeTfJ/tDrVQ/MXMeqy22d63hfAK+4GeXvmhkVbtLuPK3Lnlg3tI6IxRvDiZxI+y07d+0/nIAl0b+Q3rTmyZ0Gjc00ijyj7Gx6msJPru+AIDC4sb9k7UqWrXperU2TDSsIk4MX/7ZUX9j6DM72D++Nf/mP//nJiRFBKLBWk/RRJccOAUtf5ET9Kn8xyatOBhtAYvvz7RaZ7ZTRVW8ZUdoqqTGT7XyrQ+JgiSYA6C6yV/WBR7sZ1HnxP4YL6bIQIYje2nAgueLJLqBXH8Bj8pAFgVCLUgBB1AlY/gSoAw1WhJRRDoiFYgQIAAtZag4Fcu+JoSCHZSulGrc2wuHGKAavobsejP3Jdw/WG3X+YfPUimwRX1jkxVOgkJRWuDEI638n5eiuUUSzU+uFHlnLVqFedORwhbdyNFHF5jZIPRQ4vA76u/TrF+W80MgHDJC6nC1qMBJLurnIOHL4CwBENKW2+RpVZ4ssP6noqT9G86bygJHq6MGywvBTAef++WG66wa1r5mRKIkYfK0iiAt77ZrRqDF52frLm5VzW9QYsvvgbq8kFO+nCli5PZjmNwFXfITj53v1WjfdR2TLZvlFPXWQFF1Wo3b2EWWD7y5NOZ7sYWn7FRsy87msoqdIKB3OT3Vt2ctGksXiClDcVrILpBnkuV66GzoBlEi+U8Jv2kcKoXXZW7jCc1w0DxkhqU6imhenVH8Ypcp3anWqaM88OqjNUADfdP0z+lIyEYgoQM8Blp3qAmnL9qQOgfEA/S13HeftsbJnqxYpcc3LSYjGtgxbJNa6ix8xDWnDp9FHZbOp0F1AOKMJmUT9zorJ6htAJbUGZOHHi3B/hWXzMAswfWCunorm+HPN4+2CYhGnr2Orb0tdF994HkcGlt7dNoJ61AdOJAvoAxlTI7x6RycXg65mQThXKadzP1rE1N6CaD0lOnE1Vi+H21+tG7BVPerzuB0UWDm4qe6jJPKJ8z0V2PZm8fsMSMkgVDgRDyTgAn2ncP6yPuPjuQGwnFoiQLUDq1dsDBVHEn7miOInj8acaeMVHj3kfkoTmrTSNo4LUghY1mda25MgXkMiZfoYKn5eQkj/rw46/uuTaPbvyq82AsWABnuGrHGUkTCURhNezNIts8VPV2hoWJcfBNJStCRbZoMmObxIVSE0jUB3EqKCVpF4ssyEIZVxzjndSCPDGBeJVkXvjAZXy9lTPca2EA4bOonCoKIPNo/MCsOPb1V0UJftVrG9goQZbtBky1K/CQlIC5t/hjBmz3+iXDSB24OXLQEvA7aPfEtOYjpVeMps5grU26CHG/r14W3/3Eznskh9Q6AOrGLLM+tW/3EoB538ZktrF1HUc4sKIRnzjadw1gzJYW4+tVDLcKTrRnsA8HsR44123TEZsE6M4iVE6UxOSCLMMUXOwOfTEX8rqf0aTVtqco2pBXTgekA6ESaAg1IJW/8o54/QXRKjDu8EGRA7ksda+0+X3RTiRD0dJoGBe4H+NBPwAMicSyrOQNoMJpkIN3nKcg9r0ji1U6i54SM6PPy3YgvZNOt0tnkpuusqV1vDXTX/xDrr2jYJEI6+gQsu3cOQsE3c5hV4qq3zmR6I+4r2UrQZ7j+DSj5s112mXYx7036oHCycYMrM/6zr6wi9yNHr3nINPdVdbJ561fxrBobngKRxKH5Ai++LoJXp5z32HuB6KNrxsgAODX5maNGplO5iFiOXssPuA4HTX2LRpf13wqTMrCAgNZF4zvfWt3ho3VG+hN6yw74GQ+ChVEUtG77TFAMQU0VeGBlOSZFIaSP97wPWiqcBbuHfL844O8uOjVtMEVSnctnXNdNr8SbTKufpoELtdoiVHfK9Xk9r3IFDll+tbKu7SPRnnJCG5n7qb8fUPrQFTIPEhZ7osz6L7N6x11ebIn5LdI+XuvKilCv3hf1YUo6Y2XfO9Z4JPvqH9/WGKhYdC5dbHLTMg18RiaBmgtH1z4AO66Ui8Khvl4Am4ffQW24YIAWhG8oa+x52b0KflwE9eI+MD0fGy4qdxkSGFzaAc3LwBXpxCqhSmD9Kn0bUPjtsntqhKSQKO4b9GYH9bDHush9zj4WloeN1jLMmNStow2hk9eiXVDMLd8JMVVSYuGQLiX6qQI3TMhtczWzVF9ZmFbtOuA1Q6pV8hHjFeL1uQBs3VN5YyPzGSRV9Xr0zpHcpvPhkUzAKnWQiWlKfBZjcShROdoFEDBohsLK3oJ/iqkHi0LtLBOFeq6ER50noWINLEmwpBnjtBERPak7nzpPmJtm/OV7jzvBghcBObSpzOfrIQLJZJ80hyGd7w/9LrjFC6F0S/HEgsA/q2sW85oUjRcs2IUCydku3mc28rUGyY6UpZVSuUBYi0SPY4imjalQDuNgk6tN185F7S393RRyKkmjEEy0En4D0WkH4vB8Gkc+lAU9vMyt+JwYN9Sw0zX1Yjh/MPYnLGorKkDvGfzAHIYWKl4tMpujQCZi202L0zOCXuTLBwUKbgQYWT0YwDOkYAWhnSFsl6vB61hC/P0fconUGFk26/UI7QJlE9Ph+WvBQ738bIEEntBbVpx+Iyz3ogVL9F26A2ZsMKfQJL4LTmbMkIgGUK7XqD00abg8nVbS+2whNv7ho2gzOajtVUB2AJ6/vKqj6AqcnssxN4JtrfzZYFLd68neBzo9qRg7A901cJH7L6evSbjXE3nPUtbWiqnNXQQA7QLGbQtf38AnuAq35XtYdEaCGdGxbavO7onMztq+i5Z1DiGtfubRUL7tIMPu/r9rhvoTIVXsTvwxwlbk4Dd3Dk1reF8a47NVlw2L9mcSkckAbjNKoxH5QLWCPoACuuYivbD+++vTB3uhBCYUgEbrPtgiqYTnxpyJtWRSG3ZxRS/4smP9uweQLwbJTYSHQu9Z+XyUtHCw0PWZb66fDVAnxg2E6xCBvNWegQWkPf14e2HEydhzNlhzGAQgUF8NGZyXXEWL4gbNd83K7EQdJ0I4gw9USxF0gN4NY3vqCns0N3xPVa8rvDADyMHqBOTYgGNG63R67vN5J33zGatfBwgvGY0/R1f6cC4vzosIztGfoRERycTamY++zEKvYCw783XWLXw675NUlnjfd/hUvV5b3srCzE5tTUTqvMW0vZP3NeWKSXIlOofnF1rXZC+caf/phel1EZbzUpXzaB9F21hHFn1BLZ7xxZ7La1nY7HXuHEzDjlVaLrezE++btceVtoPNciwbmqZuKHvVmnNqwQmiDEFfCxvoimOCMFHQnOjNbvcxnpyNFfWyjj1G8xTCjif0FrrOiZuX33E654ojcZTxyRGl/ik1i3uOK3PAI32WwaNvgIr08NtCewkje9yN10/nD0EpuF+xz7r2FAiWaFlXawWbzPlHAb/PNIp48qrdd1D4/RAmSwWTWZPvcKCzgaOWmP9m8JevFk6a07ZSKf4oAjBBZmVBD08k25wgC1hkCeQhDvZ0j3GW8bJdVBQMG7RHxBhirJVB/6lGBfNTbzHweV+mcgKvtXuIK4KPYQLBHguyWzzfSEIufLvYFjJQde0i56CCmfSYFNWPQKlxM26VUkhMcj5Na+uEtPjV9Se+8upAJuhGtUrEikfK3V0CLoFFGEQkTs+8dzdXwuT532jgETgVkpNNLT5NZ8f61OEWogxPR7f5jcmELYYNgF90XyJNWa9GLUKqi4+kfrJMq6RplUz4ctgw5fxEtl3IH/sKpCIbX/njB/ZtThBbZexQr64zzLKZh2D5GliPXVn8glZbKaAdXRXhUfcseG4UqvUlbZKQbXBnulIGI4BvZ/G+hIFyc3clga4z4w4d2S8qYjJcuVgNR+R3XVIyQNjOAlID0SFwPfF3KpUN4cjwvTQr76NK6r6HAHoiVPNe36IodQNdRpUoHbqxO+p3nI7rSTK1sr6Y4o+2D6orjKhkI28caGTkQaGLeM5Lb2WKM1zZ7t0iX8x//TpHTjVkJFqNUlsZxcPvyT2yvdavYxQQ0VjY8m//Ff7VNl+yLG9J1t8CuykNfdCWZWvOqewPX4YDGXjiHbt4DLLCFSTezUuMGK/sLjMwOnHQFvdp/aj7CN4kbWvk6xecDfTqm+TNXIwKBmQ2wxNAWxRc3qVZT0KSTjeOR18xNToJ6Ps8tkZ3X2S/dPH2Zdho5OEWIYsj0Qjr8LqhjRpuq4mYzKsbaveFH2vwDcxt/MVhIyf5C8fl0b1wbT6+R4u6FzAG8IS/6CazQIh5uBLsjyODb2aVquslr3SrUfWmJxIiUYbzFavJOe64ZneB1+xPP7RLKwgbwVJC7woY4Kivhz1ayyZEXeXR3mNd8Hmx8C+06VTV923nRexYfbN+Xrj0s6TEhXS9uKynoyIQV81SBHIdMmdHHZcyUIkpwAYYo6KQhdC72TTE+NJGA67GIs4czOUtaUQZr1071IHp8RNL0ry+/iQziLvK1pny+qU0lJ8VG4/08DzpNWHsZQviqHo5XhO4nFj3OfwGXqDUnF8HtBNnGNEziY30+ypjx6DnvxYs8Asu1ngKnIq6jVRB5ks+9mddch4V65rTsMLa0ZYE0ZUdZBVIlUkqzNMVzppI4a9bN8WdDgK7M5x9NmqQfAMz+p3nf6Pl53/Ag=='\x29\x29\x29\x3B","");Function Calls
| d1 | 1 |
| gzinflate | 4 |
| preg_replace | 3 |
| base64_decode | 4 |
Stats
| MD5 | ac10b30f082458cf3fa10ce967d8f33a |
| Eval Count | 7 |
| Decode Time | 130 ms |