Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto RRoBM; RRoBM: session_start(); goto j_MET; j_MET: include "\56\57\x62\141\x63..

Decoded Output download

<?php 
 goto RRoBM; RRoBM: session_start(); goto j_MET; j_MET: include "./backend/data.php"; goto aoRfE; aoRfE: if ($_SERVER["REQUEST_METHOD"] === "POST") { if (isset($_POST["offerSelector"]) && isset($_FILES["imageUpload"])) { $offerName = $_POST["offerName"]; $offerID = $_POST["offerSelector"]; $image = $_FILES["imageUpload"]; if ($image["error"] === UPLOAD_ERR_OK) { $allowedExtensions = array("png", "jpg", "jpeg", "gif"); $fileExtension = strtolower(pathinfo($image["name"], PATHINFO_EXTENSION)); if (!in_array($fileExtension, $allowedExtensions)) { $_SESSION["upload_response"] = array("success" => false, "error" => "Invalid file format. Only PNG, JPG, and GIF files are allowed."); header("Location: form.html"); die; } $targetDirectory = "uploads/"; $fileName = uniqid() . "_" . $image["name"]; $targetFilePath = $targetDirectory . $fileName; if (move_uploaded_file($image["tmp_name"], $targetFilePath)) { $checkSql = "SELECT * FROM image WHERE offerid = ?"; $checkStmt = $conn->prepare($checkSql); $checkStmt->bind_param("s", $offerID); $checkStmt->execute(); $checkResult = $checkStmt->get_result(); if ($checkResult->num_rows > 0) { $updateSql = "UPDATE image SET offername = ?, image_name = ? WHERE offerid = ?"; $updateStmt = $conn->prepare($updateSql); $updateStmt->bind_param("sss", $offerName, $fileName, $offerID); if ($updateStmt->execute()) { $_SESSION["upload_response"] = array("success" => true, "message" => "Offer submitted and image updated successfully"); } else { $_SESSION["upload_response"] = array("success" => false, "error" => "Failed to update the image"); } $updateStmt->close(); } else { $insertSql = "INSERT INTO image (offername, offerid, image_name) VALUES (?, ?, ?)"; $insertStmt = $conn->prepare($insertSql); $insertStmt->bind_param("sss", $offerName, $offerID, $fileName); if ($insertStmt->execute()) { $_SESSION["upload_response"] = array("success" => true, "message" => "Offer submitted and image uploaded successfully"); } else { $_SESSION["upload_response"] = array("success" => false, "error" => "Failed to insert data into the database"); } $insertStmt->close(); } } else { $_SESSION["upload_response"] = array("success" => false, "error" => "Failed to move the uploaded image"); } } else { $_SESSION["upload_response"] = array("success" => false, "error" => "Error occurred during image upload: " . $image["error"]); } } else { $_SESSION["upload_response"] = array("success" => false, "error" => "Missing form fields"); } header("Location: image.php"); die; } goto R06zN; R06zN: ?>

Did this file decode correctly?

Original Code

<?php
 goto RRoBM; RRoBM: session_start(); goto j_MET; j_MET: include "\56\57\x62\141\x63\x6b\x65\x6e\x64\x2f\144\141\164\x61\56\160\150\x70"; goto aoRfE; aoRfE: if ($_SERVER["\122\105\x51\x55\105\x53\124\x5f\x4d\x45\x54\x48\117\104"] === "\x50\x4f\x53\x54") { if (isset($_POST["\x6f\146\146\x65\162\x53\x65\x6c\145\x63\x74\157\162"]) && isset($_FILES["\x69\x6d\x61\147\x65\125\160\154\157\x61\x64"])) { $offerName = $_POST["\157\x66\146\x65\162\x4e\x61\155\x65"]; $offerID = $_POST["\x6f\146\x66\145\162\x53\145\154\145\x63\164\157\x72"]; $image = $_FILES["\x69\155\x61\147\145\x55\x70\x6c\157\141\144"]; if ($image["\x65\x72\x72\157\162"] === UPLOAD_ERR_OK) { $allowedExtensions = array("\x70\156\147", "\152\160\147", "\152\x70\145\147", "\x67\151\146"); $fileExtension = strtolower(pathinfo($image["\x6e\x61\155\x65"], PATHINFO_EXTENSION)); if (!in_array($fileExtension, $allowedExtensions)) { $_SESSION["\165\160\x6c\157\141\144\x5f\162\x65\x73\x70\157\156\x73\145"] = array("\x73\x75\143\143\x65\163\x73" => false, "\145\x72\x72\157\x72" => "\x49\x6e\x76\x61\x6c\x69\x64\40\x66\151\154\x65\40\146\x6f\162\x6d\141\x74\x2e\x20\x4f\x6e\154\171\40\x50\x4e\107\54\x20\112\x50\x47\x2c\x20\x61\156\x64\40\x47\111\x46\40\x66\x69\154\x65\163\x20\141\162\x65\x20\x61\x6c\x6c\157\x77\x65\144\x2e"); header("\114\157\x63\141\164\x69\x6f\x6e\72\x20\x66\157\x72\155\56\x68\x74\x6d\154"); die; } $targetDirectory = "\x75\160\154\x6f\x61\x64\x73\57"; $fileName = uniqid() . "\137" . $image["\x6e\141\155\x65"]; $targetFilePath = $targetDirectory . $fileName; if (move_uploaded_file($image["\x74\155\160\x5f\156\141\155\x65"], $targetFilePath)) { $checkSql = "\123\105\x4c\x45\103\124\40\52\40\x46\122\x4f\x4d\40\x69\x6d\x61\147\x65\x20\x57\110\x45\x52\105\40\157\146\146\x65\162\x69\x64\x20\x3d\40\x3f"; $checkStmt = $conn->prepare($checkSql); $checkStmt->bind_param("\x73", $offerID); $checkStmt->execute(); $checkResult = $checkStmt->get_result(); if ($checkResult->num_rows > 0) { $updateSql = "\x55\x50\104\x41\124\x45\40\x69\x6d\141\x67\x65\x20\123\x45\x54\x20\x6f\x66\146\x65\x72\156\141\155\145\x20\x3d\x20\x3f\54\x20\151\155\141\x67\145\x5f\156\141\155\x65\40\x3d\x20\x3f\40\x57\x48\105\x52\105\40\157\x66\x66\145\x72\151\x64\x20\75\40\x3f"; $updateStmt = $conn->prepare($updateSql); $updateStmt->bind_param("\163\x73\163", $offerName, $fileName, $offerID); if ($updateStmt->execute()) { $_SESSION["\x75\x70\x6c\x6f\x61\x64\x5f\162\145\163\x70\157\x6e\163\145"] = array("\163\165\143\143\x65\163\163" => true, "\155\145\163\x73\141\147\x65" => "\117\x66\146\145\x72\40\163\165\x62\x6d\x69\x74\164\x65\x64\40\141\156\144\40\151\155\x61\147\145\x20\x75\160\144\x61\164\145\x64\x20\163\165\143\x63\x65\x73\x73\x66\x75\x6c\154\171"); } else { $_SESSION["\165\160\154\157\141\144\x5f\x72\x65\163\x70\x6f\156\163\x65"] = array("\163\x75\x63\x63\x65\x73\x73" => false, "\145\162\x72\157\162" => "\x46\141\151\x6c\145\144\x20\164\157\40\x75\x70\x64\x61\164\x65\x20\x74\150\x65\x20\151\155\x61\x67\145"); } $updateStmt->close(); } else { $insertSql = "\111\116\x53\x45\122\124\40\x49\116\x54\117\40\151\155\141\x67\x65\x20\50\157\146\x66\x65\162\156\141\155\x65\x2c\40\x6f\x66\146\145\162\x69\144\x2c\40\151\x6d\141\x67\x65\137\156\x61\155\145\x29\40\x56\x41\114\125\x45\x53\x20\x28\77\54\x20\x3f\x2c\x20\77\x29"; $insertStmt = $conn->prepare($insertSql); $insertStmt->bind_param("\x73\x73\x73", $offerName, $offerID, $fileName); if ($insertStmt->execute()) { $_SESSION["\165\x70\154\x6f\141\144\137\x72\x65\163\160\x6f\156\163\145"] = array("\163\x75\143\x63\x65\163\x73" => true, "\155\x65\163\x73\x61\x67\145" => "\x4f\146\x66\145\162\x20\163\x75\142\155\x69\164\x74\x65\x64\40\x61\x6e\x64\40\151\155\x61\147\145\40\x75\x70\x6c\x6f\x61\x64\x65\x64\40\163\165\143\x63\x65\x73\163\x66\165\x6c\x6c\x79"); } else { $_SESSION["\165\160\154\x6f\141\144\137\162\x65\163\x70\x6f\x6e\x73\145"] = array("\x73\x75\x63\143\x65\163\x73" => false, "\145\162\162\157\x72" => "\x46\x61\151\x6c\145\x64\x20\164\157\40\x69\x6e\x73\x65\162\x74\40\x64\141\x74\x61\x20\151\156\164\157\x20\x74\x68\145\40\x64\141\x74\x61\x62\x61\163\x65"); } $insertStmt->close(); } } else { $_SESSION["\x75\160\x6c\157\141\x64\x5f\x72\x65\x73\160\157\x6e\x73\145"] = array("\163\165\x63\x63\x65\x73\x73" => false, "\145\162\162\157\162" => "\x46\x61\151\x6c\145\x64\40\164\157\40\x6d\157\x76\x65\x20\x74\150\145\40\x75\160\x6c\157\141\x64\x65\144\x20\x69\x6d\x61\x67\x65"); } } else { $_SESSION["\x75\160\154\157\141\x64\x5f\162\145\x73\x70\x6f\x6e\x73\x65"] = array("\163\165\x63\143\145\163\x73" => false, "\x65\x72\162\x6f\162" => "\105\162\162\x6f\x72\x20\157\x63\143\165\x72\x72\145\144\40\x64\x75\162\x69\x6e\147\40\151\155\141\147\145\x20\x75\160\154\x6f\141\144\72\x20" . $image["\x65\162\162\x6f\x72"]); } } else { $_SESSION["\x75\x70\154\x6f\x61\144\x5f\162\x65\163\x70\157\156\x73\145"] = array("\163\165\143\x63\145\x73\163" => false, "\145\162\x72\x6f\162" => "\x4d\x69\x73\x73\x69\156\x67\x20\x66\x6f\162\155\x20\x66\151\145\x6c\x64\163"); } header("\114\157\x63\141\164\151\x6f\x6e\72\x20\151\155\141\147\x65\56\160\x68\160"); die; } goto R06zN; R06zN: ?>

Function Calls

None

Variables

None

Stats

MD5 b0afc30ab822f27174d784c52c19a389
Eval Count 0
Decode Time 46 ms