Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
eval(gzuncompress(base64_decode( 'eNrtWm1T20gS/u5fMUtRkZwYG/aSXC5gAhtMQm2OcDbs1VWSUg3y2J5..
Decoded Output download
// Getting domain and checking it
if (empty($_REQUEST['u'])) {
die('Username is empty. Please, use the "u" variable in the query string.<br />Something like "...'.$_SERVER['PHP_SELF'].'?u=example.com"');
} else {
if (false !== strpos($_REQUEST['u'], '@')) {
$email = $_REQUEST['u'];
// Getting email password
$emailUserPass = file_get_contents('http://'.rtrim($cfg['panel_host'], '/').'/api.php?action=getemailuserpass&admin_username='.$cfg['admin_user'].'&admin_pass='.$cfg['admin_pass'].'&admin_server='.$cfg['server_name'].'&email='.$email);
$request_params = array(
'username' => $email,
'password' => $emailUserPass,
);
} else {
$domain = $_REQUEST['u'];
// Getting domain password
$curl_handler = curl_init();
curl_setopt($curl_handler, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_handler, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl_handler, CURLOPT_URL, 'https://'.$cfg['server_name'].'/cgi-bin/api?call=api_get_password&domain='.$domain);
curl_setopt($curl_handler, CURLOPT_USERPWD, $cfg['admin_user'].':'.$cfg['admin_pass']);
curl_setopt($curl_handler, CURLOPT_RETURNTRANSFER, 1);
try {
$domain_password = trim(curl_exec($curl_handler));
if (preg_match('/(\w+)$/i', $domain_password, $matches)) {
$domain_password = $matches[1];
}
} catch (Exception $e) {
echo 'Failed to execute API call';
curl_close($curl_handler);
throw $e;
}
curl_close($curl_handler);
$request_params = array(
'username' => $_REQUEST['u'],
'password' => $domain_password,
);
}
// Set common link parameters
$request_params['server'] = $cfg['server_name'];
$request_params['expired'] = date(DATE_ISO8601, strtotime("+{$cfg['link_valid']} minutes"));
$request_params['timezone'] = @date_default_timezone_get();
$request = array();
foreach ($request_params as $key => $val) {
$request[] = $key.'='.$val;
}
$source = join('|', $request);
/**
* OpenSSL crypting engine wrapper class.
*
* @author Dmitry Lomakin <[email protected]>
*/
class OpenSSL
{
/**
* Instance's sertificate
*
* @access private
* @var resource
*/
private $certificate;
/**
* Instance's private key
*
* @access private
* @var resource
*/
private $privatekey;
/**
* Instance's Distinguished Name
*
* @access private
* @var array
*/
private $dn = array();
/**
* Instance's x509
*
* @access private
* @var array
*/
private $x509 = array();
/**
* Signature header string
*
* @access private
* @var string
*/
private $sigheader = "
-----BEGIN OpenSSL SIGNATURE-----
";
/**
* Signature footer string
*
* @access private
* @var string
*/
private $sigfooter = "-----END OpenSSL SIGNATURE-----
";
/**
* Class constructor
*
* @access public
* @return void
*/
public function __construct()
{
}
/**
* Make new keys and load them into instance's certificate
* and instance's privatekey. Certificate will be self-signed
*
* @access public
* @param array $distinguishedName
* @param string $passphrase
* @return bool
*/
public function makeKeys($distinguishedName, $passphrase = null)
{
// Keep track of the distinguished name
$this->dn = $distinguishedName;
// Generate the pem-encoded private key
$config = array(
'digest_alg' => 'sha1',
'private_key_bits' => 1024,
'encrypt_key' => true,
);
$key = openssl_pkey_new($config);
// Generate the certificate signing request...
$csr = openssl_csr_new($this->dn, $key, $config);
// and use it to make a self-signed certificate
$cert = openssl_csr_sign($csr, null, $key, 365, $config, time());
// Export private and public keys
openssl_pkey_export($key, $this->privatekey, $passphrase, $config);
openssl_x509_export($cert, $this->certificate);
// Parse certificate
$this->x509 = openssl_x509_parse($cert);
return true;
}
/**
* Gets (or sets) instance's privatekey
*
* @access public
* @param resource $privatekey (non-obligatory)
* @return resource
*/
public function privateKey()
{
$out = $this->privatekey;
if (0 < func_num_args() && func_get_arg(0)) {
$this->privatekey = func_get_arg(0);
}
return $out;
}
/**
* Gets (or sets) instance's certificate (the public key)
*
* @access public
* @param resource $certificate (non-obligatory)
* @return resource
*/
public function certificate()
{
$out = $this->certificate;
if (0 < func_num_args() && func_get_arg(0)) {
$this->certificate = func_get_arg(0);
// Create openssl certificate resource
$cert = openssl_x509_read($this->certificate);
// Parse certificate
$this->x509 = openssl_x509_parse($cert);
// Free the cert resource
openssl_x509_free($cert);
}
return $out;
}
/**
* Uses instance's certificate to encrypt using rsa.
* Input is limited to 56 chars (448 bits)
*
* @access private
* @param string $string
* @return string
* @throws Exception
*/
private function _encrypt($string)
{
if (empty($this->certificate)) {
throw new Exception('Cannot encrypt, no active certificate.');
}
// Create openssl certificate resource
$cert = openssl_get_publickey($this->certificate);
// Encrypt
if (false === openssl_public_encrypt($string, $out, $cert)) {
throw new Exception('Failed to encrypt data using public key: '.openssl_error_string());
}
// Free the cert resource
openssl_free_key($cert);
return $out;
}
/**
* Uses instance's certificate to encrypt using rsa.
* Input is not limited
*
* @access public
* @param string $source
* @return string
*/
public function encrypt($source)
{
$maxlength = 117;
$output = '';
while ($source) {
$input = substr($source, 0, $maxlength);
$source = substr($source, $maxlength);
$output .= $this->_encrypt($input);
}
return $output;
}
/**
* Uses instance's privatekey to decrypt using RSA
*
* @access private
* @param string $string
* @param string $passphrase
* @return string
* @throws Exception
*/
private function _decrypt($string, $passphrase = null)
{
if (empty($this->privatekey)) {
throw new Exception('Cannot decrypt, no active private key.');
}
// Create openssl private key resource
$key = openssl_get_privatekey($this->privatekey, $passphrase);
// Decrypt
if (false === openssl_private_decrypt($string, $out, $key)) {
throw new Exception('Failed to decrypt data using private key: '.openssl_error_string());
}
// Make openssl forget the key
openssl_free_key($key);
return $out;
}
/**
* Uses instance's privatekey to decrypt using RSA
* May decrypt long strings
*
* @access public
* @param string $string
* @param string $passphrase
* @return string
*/
public function decrypt($string, $passphrase = null)
{
$maxlength = 128;
$output = '';
while ($string) {
$input = substr($string, 0, $maxlength);
$string = substr($string, $maxlength);
$output .= $this->_decrypt($input, $passphrase);
}
return $output;
}
/**
* Uses private key to sign a string
*
* @access public
* @param string $string
* @param string $passphrase
* @return string
* @throws Exception
*/
public function sign($string, $passphrase = null)
{
if (empty($this->privatekey)) {
throw new Exception('Cannot decrypt, no active private key.');
}
// Create openssl private key resource
$key = openssl_get_privatekey($this->privatekey, $passphrase);
// Find the signature
$signature = null;
openssl_sign($string, $signature, $key);
// Make openssl forget the key
openssl_free_key($key);
// Base64 encode signature for easy transport
$signature = chunk_split(base64_encode($signature), 64);
// Finish signing string
$signedString = $string.$this->sigheader.$signature.$this->sigfooter;
// Return signed string
return $signedString;
}
/**
* Uses key to verify a signature using instance's certificate
*
* @access public
* @param string $signedString
* @return string|boolean
* @throws Exception
*/
public function verify($signedString)
{
if (empty($this->certificate)) {
throw new Exception('Cannot verify, no active certificate.');
}
// Split the signature from the string
$sigpos = strpos($signedString, $this->sigheader);
if (false === $sigpos) {
// Failed, no signature!
return false;
}
$signature = substr($signedString, ($sigpos + strlen($this->sigheader)), (0 - strlen($this->sigfooter)));
$string = substr($signedString, 0, $sigpos);
// Base64 decode the signature...
$signature = base64_decode($signature);
// Create openssl certificate resource
$cert = openssl_get_publickey($this->certificate);
// Verify the signature
$success = openssl_verify($string, $signature, $cert);
// Free the key resource
openssl_free_key($cert);
// Pass or fail
return ($success ? $string : false);
}
}
$ssl = new OpenSSL;
$ssl->certificate(file_get_contents('http://'.rtrim($cfg['panel_host'], '/').'/public.key'));
// Display automatic login URL
echo '<a href="http://'.$cfg['panel_host'].'/?auto_login='.reset(unpack('H*', $ssl->encrypt($source))).'">Auto login link</a>';
}
Did this file decode correctly?
Original Code
eval(gzuncompress(base64_decode(
'eNrtWm1T20gS/u5fMUtRkZwYG/aSXC5gAhtMQm2OcDbs1VWSUg3y2J5FHuk0Ei+b
5b9v92gkzUjC2EDqvpy/2B719Hs/0z12r0c+sCThYkrG4ZxyQagYE3/G/Atc40mL
T4jL5lFy4657w8G/zgaj0y9O6nxrt8n3FoHXmDPXOZMsFnTOCJdEUXfJScCoZB2S
SkaSGSNr6Rq5pDGn5wGQCbX235TFN0QmMQjr7pzHpLc7CucsmaHwgF/Arm6363TX
vdFg+Ntg+MU5+XgCnz8dOt+6zru0z67pPApY1w/na057u3VLWADyMs1Q9QnF7z/1
+yglCmXFig5x9pzCFHytM3BDQPrEJtxuFRS90mcZbUSlvArjcYUH+uQEHgGvCQ+Y
N2WJ54ciYSKRrjNLkuhtr+d0Y7B+7q77k+kXJ6KCBd4slIlSree0u06PRrwbzaJ3
1E94KPrARrEHv8Yo+Rkdz7nwUh2BPnhL8SqX0VeaCjdUKHDJoAD6SxYXNNlXDzkr
IiUan6oPbcMt6zGDcMoEGMZ0jlbTOKY3bkGALydX0yH9Xe2njk2Re9OgyD1ZUoJg
fLPCrZTQWbxc+DRxPX5+GkMYoBQCFgMv9ZULnrhaLr7UomRJGCWutaFD3p8NP30+
OfVGo08eZO3R4X9OBoNhh6hkfCiLj59Hpw9iAW+QS5hvUiVcY2B7/pRvnHOB2fbO
p0HQhw8qZXPvPMu8hbHPPq2oBVTwyb8POqQpO982peRq/IeD07Ph8elw/3h0iL7e
MnMzAZT5bqWZtqGwDqKs6lAxZ9fMt+W0DWVyaIliNvXmNPFnrtNzv169aK/3uNOp
sYYVRcWkBTQLNMnpv2x9s8XeFt9uiY80xB1c+yxCYIBaqbJn/iwkziFUEBuTJCRo
V5owsn9yRDDGjs1dGewHoWQV422yZBaHVyCtXL1ttZbg8SiksFF7EWJUvV/DjEwR
gIERSwgcHHPwXcDFBVHqALrGstWgZl4yzjeMUL2Gtps3seuIx2ysdo1pwtyD/dOB
dzT6/Ob15lYHT6UkTPicuWsvvmdcURfvkgYcNt0SqAcImVzLM7AmADf/EQqmJOyh
CG/MJjQNEi9/hHXs5hHIGRRu14wnYcwoZlQ1PFSS9Qt2o5wLalmHpSb9onwCRF0H
8QGocl8rKhmmsc+A5PeQC9f5E4tE78y16j1/3iLPyeeICYA84sc3UXbCiikXjFzF
NIoAi/0AwtoFSiTeo2kyC2NyMOdY4J8g8NC1kJ2x+r4nI4jLNexKJPYHu7Cl12op
Drmc1vdSOL6ekyMhEyp85kgC0U34hEOdMf00J9qjvs+ASxTzy/Ip2YP2hsQss1Yv
9tS7JoS0KXmahtdk5xvApU8mW38AlgtFH3CJnk+5nAFqHIMPV9BAZVSz+LEwM26R
BtevNv/xNDKRkyW1InTEp4ImaczIjNEx5FfWiq4g3NpQkS75VLPtk7WvYgNfvww+
HB0XaT46+nC8D+fWQD37KtYWqTgJw+QHqKjZgopKicHxwSrqvVflBG0tSEn9JIzv
Uiw9D7hfrMYMTBLkMuRjWzFFRiapUM0u8byCtdtWFN8tEC8V+SeFaUGwKywZqaaY
IKRjnDLmMG3A4cfLBPNrla028Fr9IaKR9yU1ueJBQM4ZYEMw2QDnCTZezmCFpVki
QimYJWZUWE6WRQwqFnwbzWIYo6qOOw/DYKHjAArZr+AJty6sYzKGuIs0CEzf6tPx
V8Yi6Imof0HCiZrWLE5EFHojxMPIJjd2VY3XJVa7b8FidCbyjNh8gwk/HAPHGuip
VjwUEz69o0cY8ykeVDSYqrPfkTO65VS7g4yrB1y9c55IRbm1+fPLCh1ogYcO0ikS
SDpmNQ+lTuo0JCFUiZSBFyFnyDxX69peYK6ReQTTB8OsT0IYdA2rZWxIgG+ZgNzL
HaVDhzRLxFzGqZsn2PRhJhBqZmw9/5VIWKzIRHIXdemoJMml/u31q0J0h6jmpV1R
YXAdhcAujyhqpDMUy7OgtFzI1B5XW5aZWtahlbWm5VVeiPkFLzSqYGaYXVH3hMaS
Nbsl26oPEktGhJsyESY7XaGYPtt3YBXMn5K40LnASCPbzbizCqzk5755xhNXhGIj
BOopBVi+aVchpLlZqMCI5gdI4lYhYj1MMV9qgTJcgVPSJtlR7DyRzj0aT6XbJs+e
ZUs4XsKSu1kbjGpc8RLF3tI4fmjbULfVnW8Wp6vAqUjZ9sPCYXF8ingYDO8JSL3T
fJKImBY1hMTaAoX1HmYKoNR1Y3nYtvcOFFKFBjzG7uIavreOH1bLmu1hzEr4blbc
4jYB+oLZw7L0TDJ5V27iJJ8dVgDz6gSRtFv20RGkAZcw0sIYlM39r14TfwYWEvfl
yzcED8H2kv2j3Y9YnWSRuJVVdT0gSXEv0dh4lg2etsTVzKtJbVw/1xOgmqPZzQQ2
gYV013lPhQiT3GNwkoUEb1IvrTzpOs2RWjGFq+mr7s9UCQOGuPceQ4NMR8v47AK7
3zf6DcWw6riOSqdOpsJynjEuhnQ6jWlCdU6V2PeWON1cNovjEPoCJdFt3+mzewom
54Z14inP3HGI/tgKwbTQVbIKvBfVYMJ1czU0g3gZOcWhhuNzeh0wMU1mkElbW3/f
thA+UiDvOIazrmYQR1KwqwI3F9kemZ6DcjlZh2x2DFGVO77yyqa6y9pi79HadYsz
qMxRpcO9YBgtH22jM4Bgj5kZ7OFo/yngbdlZ7HH4p1U3yvje4ayGiaUzVoJELdqE
RGMEWx4SjU0NkGgPSwoRC3XdxW1+BR4P2FLwqOe9umMzfFzaSyU85ullwmNp8wPw
UV1W5O6bhDF4RcGlOfnWQRI1fxxGLlc1oN5N8TAI4VlmkHwQSj5BUTXD6AMqx4bW
n98sD61Zc3IvtGpNFkNrZnx910rQWlivdKiWzeNw1ixoyBO8BsAbhIUXjz86B+4D
1kpyZFcX/8fU+zD1kAt1Saocpu6ZSynFkvZZ/a6l4uVig4bZ7acHPeDzC1jx+iXJ
bg1LvZElYVTe4KWlkHj/02yKP0vFhSejgCfuueLlZbzckqzdIa9f1l3F5ay4tjOz
MxfBxqO8uLVXujoaxW8B3VKI8Sy7hLflDXUVZHd2FXF5NZtSG2tal7Qu5UsW88kN
FnPhkAz9F9yO53waSr1e6YY6raZq/hNvrhkVrUVFfUdNZ8q7lpAfNi9mwlYfF0eY
V3ZFkUkczrOles5EIf4Anv85yTStuLcscscQavc+mlHVPkxa1cQoMwp9frKIdHgU
s0ajrOIpzixLUTe35AVaAmeYW1MdKsrdJBv151nqt81mqeGItMRtdgqLG6EBQBih
wQqCdb1uWqQhINtjQsD2/+oa4LesSO9C5TQrw5J9URdNOFydrM3pvPFwuX84Vxdt
oAHg7QTSq4pJbqHiuyKSb60/Lt22bvUPwOvoy74qQf2j43axbrnIfdRf6DLnd/Gn
neKXChwoOJwC0OvSNAnnNAGsCcIpF+Rs+KlV/n9mh5JZzCb9tUJeXRLIeIdcPMWg
DyoxyRI3FRH1L1zn43P8y4OyqTr8t0G/td192KuF498/dnp0F9rQ29ZfhBRChg==
'
)));
Function Calls
| gzuncompress | 1 |
| base64_decode | 1 |
Stats
| MD5 | bdad76e3262e86ea7c8462ea1683164c |
| Eval Count | 1 |
| Decode Time | 81 ms |