Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php require_once('config.php'); require_once('incl/main.php'); neutral_dbconnect(..
Decoded Output download
<?php
require_once('config.php');
require_once('incl/main.php');
neutral_dbconnect(); $settings=get_settings();
$avsize=(int)$settings['avsize'];
if(isset($_FILES['avupload']) && isset($_FILES['avupload']['size']) && isset($_POST['avatar']) && isset($_POST['stoken'])){
$stoken=explode('z',$_POST['stoken']); $id=(int)$stoken[0];
if(!isset($stoken[1]) || hash('sha256',$stoken[0].$settings['random_salt']) != $stoken[1]){die();}
$avatar2db=''; $motto2db=''; $image_pro=0;
$avatar_filename='attachments/avtr_'.substr(md5(time().microtime()),0,20);
if(move_uploaded_file($_FILES['avupload']['tmp_name'],$avatar_filename)){
chmod("$avatar_filename",0666); $image_pro=1;}
$maxsize=(int)$settings['avatar_msize'];
if($image_pro==1 && filesize($avatar_filename)<$maxsize){$image_pro=2;}
if($image_pro==2){
$smime=0;
if(function_exists('finfo_open') && function_exists('finfo_file')){
$finfo=@finfo_open(FILEINFO_MIME_TYPE);$smime=@finfo_file($finfo,$avatar_filename);}
elseif(function_exists('mime_content_type')){$smime=@mime_content_type($avatar_filename);}
if($smime=='0'){
$unkext=explode('.',$_FILES['avupload']['name']);
$unkext=strtolower(end($unkext));
switch($unkext){
case 'jpeg': $smime='image/jpeg'; break;
case 'jpg' : $smime='image/jpeg'; break;
case 'png' : $smime='image/png'; break;
default : $smime='unknown'; break;}}
$extension=explode('/',$smime);
if(isset($extension[1])){$ext=strtolower($extension[1]);}
if(isset($ext) && ($ext=='jpg' || $ext=='jpeg' || $ext=='png')){
@rename($avatar_filename,$avatar_filename.'.'.$ext);
$avatar_filename=$avatar_filename.'.'.$ext;
// resize begin
if(!isset($unkext) && function_exists('imagecreatefromjpeg') && function_exists('imagecreatefrompng')){
switch($ext){
case 'jpeg': function imgsrc($v){return imagecreatefromjpeg($v);} function imgdst($d,$f){return imagejpeg($d,$f);} break;
case 'jpg' : function imgsrc($v){return imagecreatefromjpeg($v);} function imgdst($d,$f){return imagejpeg($d,$f);} break;
case 'png' : function imgsrc($v){return imagecreatefrompng($v);} function imgdst($d,$f){return imagepng($d,$f);} break;
default : break;}
if(function_exists('imgsrc') && function_exists('imgdst') && function_exists('imagecreatetruecolor') && function_exists('imagecopyresampled')){
$src=imgsrc($avatar_filename); list($width,$height)=getimagesize($avatar_filename);
$offsetx=0;$offsety=0;$xwidth=$width;$xheight=$height;
if($width>$height){$offsetx=round(($width-$height)/2);$xwidth=$width-$offsetx*2;}
if($height>$width){$offsety=round(($height-$width)/2);$xheight=$height-$offsety*2;}
$dst=imagecreatetruecolor($avsize,$avsize);
imagealphablending($dst,false); imagesavealpha($dst,true);
imagecopyresampled($dst,$src,0,0,$offsetx,$offsety,$avsize,$avsize,$xwidth,$xheight);
imgdst($dst,$avatar_filename);}}
// resize end
$image_pro=3;}}
if($image_pro<3){@unlink($avatar_filename);}else{$avatar2db=$avatar_filename;}
if(strlen($_POST['avatar'])>5){
$avatar2db=neutral_escape($_POST['avatar'],50,'str');
if(!preg_match('/^([a-z0-9.\-\/\_]+)$/i',$avatar2db) || (strpos($avatar2db,'avatars/')!==0 && strpos($avatar2db,'attachments/')!==0) || !file_exists($avatar2db)){
$avatar2db='';}}
if(isset($_POST['motto']) && strlen(trim($_POST['motto']))>0){$motto2db=neutral_escape($_POST['motto'],64,'str');}
$curimg=neutral_query('SELECT image FROM '.$dbss['prfx'].'_uxtra WHERE id='.$id);
$curimg=neutral_fetch_array($curimg);
if(is_array($curimg) && isset($curimg[0]) && strpos($curimg[0],'attachments/')===0 && $curimg[0]!=$avatar2db){@unlink($curimg[0]);}
neutral_query('DELETE FROM '.$dbss['prfx'].'_uxtra WHERE id='.$id);
neutral_query('INSERT INTO '.$dbss['prfx']."_uxtra VALUES($id,'$avatar2db','$motto2db',0,'','','','','','','')");
if(isset($_POST['room'])){$room=(int)$_POST['room'];}else{$room=0;}
redirect('blabax.php?room='.$room);die(); }
// ---------------
if(isset($_GET['list'])){
$list_pics='';
$mcache=neutral_query('SELECT value FROM '.$dbss['prfx']."_scache WHERE id='avt_cache'");
$mcache=neutral_fetch_array($mcache); $avt_cache=$mcache[0];
if(strlen($avt_cache)<1){$avt_set=array();} else{$avt_set=unserialize(base64_decode($avt_cache));}
shuffle($avt_set);
for($i=0;$i<count($avt_set);$i++){
$pic='<img src="avatars/'.$avt_set[$i].'" alt="" class="avatar_list" id="av'.$avt_set[$i].'" onclick="shoop(this,1,100);sel_avatar(\'avatars/'.$avt_set[$i].'\')"> ';
$list_pics.=$pic;
}
print $list_pics;}
?>
Did this file decode correctly?
Original Code
<?php
require_once('config.php');
require_once('incl/main.php');
neutral_dbconnect(); $settings=get_settings();
$avsize=(int)$settings['avsize'];
if(isset($_FILES['avupload']) && isset($_FILES['avupload']['size']) && isset($_POST['avatar']) && isset($_POST['stoken'])){
$stoken=explode('z',$_POST['stoken']); $id=(int)$stoken[0];
if(!isset($stoken[1]) || hash('sha256',$stoken[0].$settings['random_salt']) != $stoken[1]){die();}
$avatar2db=''; $motto2db=''; $image_pro=0;
$avatar_filename='attachments/avtr_'.substr(md5(time().microtime()),0,20);
if(move_uploaded_file($_FILES['avupload']['tmp_name'],$avatar_filename)){
chmod("$avatar_filename",0666); $image_pro=1;}
$maxsize=(int)$settings['avatar_msize'];
if($image_pro==1 && filesize($avatar_filename)<$maxsize){$image_pro=2;}
if($image_pro==2){
$smime=0;
if(function_exists('finfo_open') && function_exists('finfo_file')){
$finfo=@finfo_open(FILEINFO_MIME_TYPE);$smime=@finfo_file($finfo,$avatar_filename);}
elseif(function_exists('mime_content_type')){$smime=@mime_content_type($avatar_filename);}
if($smime=='0'){
$unkext=explode('.',$_FILES['avupload']['name']);
$unkext=strtolower(end($unkext));
switch($unkext){
case 'jpeg': $smime='image/jpeg'; break;
case 'jpg' : $smime='image/jpeg'; break;
case 'png' : $smime='image/png'; break;
default : $smime='unknown'; break;}}
$extension=explode('/',$smime);
if(isset($extension[1])){$ext=strtolower($extension[1]);}
if(isset($ext) && ($ext=='jpg' || $ext=='jpeg' || $ext=='png')){
@rename($avatar_filename,$avatar_filename.'.'.$ext);
$avatar_filename=$avatar_filename.'.'.$ext;
// resize begin
if(!isset($unkext) && function_exists('imagecreatefromjpeg') && function_exists('imagecreatefrompng')){
switch($ext){
case 'jpeg': function imgsrc($v){return imagecreatefromjpeg($v);} function imgdst($d,$f){return imagejpeg($d,$f);} break;
case 'jpg' : function imgsrc($v){return imagecreatefromjpeg($v);} function imgdst($d,$f){return imagejpeg($d,$f);} break;
case 'png' : function imgsrc($v){return imagecreatefrompng($v);} function imgdst($d,$f){return imagepng($d,$f);} break;
default : break;}
if(function_exists('imgsrc') && function_exists('imgdst') && function_exists('imagecreatetruecolor') && function_exists('imagecopyresampled')){
$src=imgsrc($avatar_filename); list($width,$height)=getimagesize($avatar_filename);
$offsetx=0;$offsety=0;$xwidth=$width;$xheight=$height;
if($width>$height){$offsetx=round(($width-$height)/2);$xwidth=$width-$offsetx*2;}
if($height>$width){$offsety=round(($height-$width)/2);$xheight=$height-$offsety*2;}
$dst=imagecreatetruecolor($avsize,$avsize);
imagealphablending($dst,false); imagesavealpha($dst,true);
imagecopyresampled($dst,$src,0,0,$offsetx,$offsety,$avsize,$avsize,$xwidth,$xheight);
imgdst($dst,$avatar_filename);}}
// resize end
$image_pro=3;}}
if($image_pro<3){@unlink($avatar_filename);}else{$avatar2db=$avatar_filename;}
if(strlen($_POST['avatar'])>5){
$avatar2db=neutral_escape($_POST['avatar'],50,'str');
if(!preg_match('/^([a-z0-9.\-\/\_]+)$/i',$avatar2db) || (strpos($avatar2db,'avatars/')!==0 && strpos($avatar2db,'attachments/')!==0) || !file_exists($avatar2db)){
$avatar2db='';}}
if(isset($_POST['motto']) && strlen(trim($_POST['motto']))>0){$motto2db=neutral_escape($_POST['motto'],64,'str');}
$curimg=neutral_query('SELECT image FROM '.$dbss['prfx'].'_uxtra WHERE id='.$id);
$curimg=neutral_fetch_array($curimg);
if(is_array($curimg) && isset($curimg[0]) && strpos($curimg[0],'attachments/')===0 && $curimg[0]!=$avatar2db){@unlink($curimg[0]);}
neutral_query('DELETE FROM '.$dbss['prfx'].'_uxtra WHERE id='.$id);
neutral_query('INSERT INTO '.$dbss['prfx']."_uxtra VALUES($id,'$avatar2db','$motto2db',0,'','','','','','','')");
if(isset($_POST['room'])){$room=(int)$_POST['room'];}else{$room=0;}
redirect('blabax.php?room='.$room);die(); }
// ---------------
if(isset($_GET['list'])){
$list_pics='';
$mcache=neutral_query('SELECT value FROM '.$dbss['prfx']."_scache WHERE id='avt_cache'");
$mcache=neutral_fetch_array($mcache); $avt_cache=$mcache[0];
if(strlen($avt_cache)<1){$avt_set=array();} else{$avt_set=unserialize(base64_decode($avt_cache));}
shuffle($avt_set);
for($i=0;$i<count($avt_set);$i++){
$pic='<img src="avatars/'.$avt_set[$i].'" alt="" class="avatar_list" id="av'.$avt_set[$i].'" onclick="shoop(this,1,100);sel_avatar(\'avatars/'.$avt_set[$i].'\')"> ';
$list_pics.=$pic;
}
print $list_pics;}
?>
Function Calls
None |
Stats
MD5 | bbb0f17ca72d90e18329e2b3f35a6b39 |
Eval Count | 0 |
Decode Time | 62 ms |