Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto ObogT; ObogT: session_start(); goto ccc0_; ccc0_: if ($_SERVER["\122\105\121\x55\x45..
Decoded Output download
<? goto ObogT; ObogT: session_start(); goto ccc0_; ccc0_: if ($_SERVER["REQUEST_METHOD"] == "POST") { $servername = "localhost"; $username = "root"; $password = ''; $dbname = "m3lmcompanyxvrp"; $conn = new mysqli($servername, $username, $password, $dbname); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } date_default_timezone_set("Asia/Gaza"); define("MAX_ATTEMPTS", 5); define("LOCKOUT_DURATION", 300); $licenseKey = "f8428b85e4cbe05da"; $serverIp = trim(file_get_contents("http://checkip.amazonaws.com/")); $license_url = "http://194.56.226.27/api/validate_license_code.php?license_code={$licenseKey}&server_ip={$serverIp}"; $license_response = file_get_contents($license_url); if ($license_response === false) { die("Failed to connect to the license server. Please try again later."); } $license_validation = json_decode($license_response, true); if (!is_array($license_validation) || $license_validation["code"] !== 200) { die("License is invalid or expired. Please contact support."); } function log_login($username, $login_ip, $conn) { $login_time = date("Y-m-d H:i:s"); $sql = "INSERT INTO login_history (username, login_ip, login_time) VALUES (?, ?, ?)"; $stmt = $conn->prepare($sql); $stmt->bind_param("sss", $username, $login_ip, $login_time); $stmt->execute(); } $username = $conn->real_escape_string($_POST["username"]); $password = $_POST["password"]; $sql = "SELECT * FROM users WHERE username = ?"; $stmt = $conn->prepare($sql); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $row = $result->fetch_assoc(); $stored_password = $row["password"]; $isActive = $row["is_active"]; $failed_attempts = $row["failed_attempts"]; $lockout_time = $row["lockout_time"]; if ($lockout_time && strtotime($lockout_time) > time()) { $remaining_time = strtotime($lockout_time) - time(); $error = " " . ceil($remaining_time / 60) . " ."; } elseif ($isActive == 0) { $error = " ."; } else { $hashed_password = hash("sha256", $password); if ($hashed_password === $stored_password) { $sql_reset_attempts = "UPDATE users SET failed_attempts = 0, lockout_time = NULL WHERE username = ?"; $stmt_reset = $conn->prepare($sql_reset_attempts); $stmt_reset->bind_param("s", $username); $stmt_reset->execute(); $_SESSION["loggedin"] = true; $_SESSION["username"] = $username; $login_ip = $_SERVER["REMOTE_ADDR"]; log_login($username, $login_ip, $conn); header("Location: dashboard.php"); die; } else { $failed_attempts++; if ($failed_attempts >= MAX_ATTEMPTS) { $lockout_time = date("Y-m-d H:i:s", time() + LOCKOUT_DURATION); $sql_lockout = "UPDATE users SET failed_attempts = ?, lockout_time = ? WHERE username = ?"; $stmt_lockout = $conn->prepare($sql_lockout); $stmt_lockout->bind_param("iss", $failed_attempts, $lockout_time, $username); } else { $sql_increment_attempts = "UPDATE users SET failed_attempts = ? WHERE username = ?"; $stmt_increment = $conn->prepare($sql_increment_attempts); $stmt_increment->bind_param("is", $failed_attempts, $username); } if (isset($stmt_lockout)) { $stmt_lockout->execute(); } else { $stmt_increment->execute(); } $error = $failed_attempts >= MAX_ATTEMPTS ? " . 5 ." : " . " . (MAX_ATTEMPTS - $failed_attempts) . " ."; } } } else { $error = " ."; } $stmt->close(); $conn->close(); } goto sfBac; sfBac: ?>
Did this file decode correctly?
Original Code
goto ObogT; ObogT: session_start(); goto ccc0_; ccc0_: if ($_SERVER["\122\105\121\x55\x45\123\124\x5f\x4d\105\x54\110\117\x44"] == "\x50\117\x53\124") { $servername = "\x6c\157\143\141\x6c\x68\x6f\x73\164"; $username = "\162\x6f\157\164"; $password = ''; $dbname = "\x6d\x33\154\155\x63\157\155\x70\141\x6e\x79\170\x76\162\x70"; $conn = new mysqli($servername, $username, $password, $dbname); if ($conn->connect_error) { die("\x43\157\156\156\145\143\x74\x69\157\x6e\40\x66\x61\x69\x6c\145\x64\x3a\40" . $conn->connect_error); } date_default_timezone_set("\101\163\x69\141\57\107\x61\172\x61"); define("\115\x41\x58\137\x41\124\x54\x45\115\120\124\x53", 5); define("\x4c\x4f\x43\113\x4f\x55\x54\x5f\x44\125\x52\x41\124\111\x4f\x4e", 300); $licenseKey = "\x66\x38\x34\x32\70\142\x38\65\145\x34\143\x62\145\x30\x35\144\x61"; $serverIp = trim(file_get_contents("\150\x74\x74\x70\x3a\x2f\57\143\x68\145\143\x6b\x69\x70\x2e\141\155\141\x7a\157\x6e\141\x77\x73\x2e\x63\x6f\155\x2f")); $license_url = "\x68\164\x74\160\72\57\57\61\x39\x34\x2e\x35\66\56\62\x32\66\56\62\67\57\141\160\151\x2f\166\141\154\x69\144\x61\164\x65\137\154\151\143\145\x6e\163\145\x5f\143\x6f\x64\x65\x2e\x70\x68\160\x3f\154\x69\143\145\156\x73\145\137\143\x6f\144\x65\75{$licenseKey}\46\163\145\162\166\145\162\137\x69\x70\75{$serverIp}"; $license_response = file_get_contents($license_url); if ($license_response === false) { die("\x46\x61\151\x6c\145\144\40\x74\157\x20\x63\x6f\x6e\x6e\x65\x63\x74\40\164\157\x20\x74\x68\x65\40\x6c\151\x63\145\156\163\145\40\x73\x65\162\166\145\x72\x2e\x20\x50\154\145\141\163\x65\x20\x74\162\171\x20\x61\x67\141\x69\x6e\x20\154\141\x74\145\x72\x2e"); } $license_validation = json_decode($license_response, true); if (!is_array($license_validation) || $license_validation["\143\157\144\145"] !== 200) { die("\x4c\x69\143\145\156\x73\145\40\x69\x73\x20\151\x6e\x76\x61\154\x69\x64\40\x6f\x72\40\145\x78\x70\151\162\145\144\56\x20\120\x6c\145\x61\x73\x65\x20\143\x6f\156\164\141\x63\164\x20\163\165\160\160\x6f\x72\x74\56"); } function log_login($username, $login_ip, $conn) { $login_time = date("\x59\x2d\x6d\x2d\x64\x20\x48\72\x69\72\x73"); $sql = "\111\116\123\x45\x52\x54\x20\x49\x4e\x54\117\40\154\157\147\x69\156\x5f\150\151\x73\x74\157\x72\171\40\x28\165\x73\145\x72\156\x61\x6d\x65\54\40\154\157\147\151\x6e\137\x69\x70\x2c\40\x6c\x6f\x67\x69\x6e\x5f\164\x69\155\x65\51\40\126\101\x4c\x55\x45\123\x20\50\77\x2c\40\77\x2c\x20\77\51"; $stmt = $conn->prepare($sql); $stmt->bind_param("\x73\x73\163", $username, $login_ip, $login_time); $stmt->execute(); } $username = $conn->real_escape_string($_POST["\x75\163\145\x72\x6e\x61\155\x65"]); $password = $_POST["\x70\141\x73\x73\167\x6f\162\144"]; $sql = "\123\x45\x4c\x45\x43\124\40\52\40\106\x52\x4f\115\x20\165\x73\x65\162\x73\x20\127\x48\x45\x52\105\40\x75\x73\145\162\156\x61\155\x65\x20\x3d\x20\77"; $stmt = $conn->prepare($sql); $stmt->bind_param("\x73", $username); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows > 0) { $row = $result->fetch_assoc(); $stored_password = $row["\160\141\x73\x73\x77\157\162\144"]; $isActive = $row["\151\163\x5f\x61\143\164\151\166\145"]; $failed_attempts = $row["\x66\x61\151\x6c\145\144\137\141\x74\164\x65\155\x70\164\163"]; $lockout_time = $row["\154\x6f\143\153\157\x75\x74\x5f\164\151\155\x65"]; if ($lockout_time && strtotime($lockout_time) > time()) { $remaining_time = strtotime($lockout_time) - time(); $error = "\xd8\252\331\205\x20\331\202\331\x81\xd9\204\40\330\255\xd8\xb3\330\247\xd8\xa8\331\203\x20\xd9\x8a\xd8\xb1\330\254\xd9\211\x20\xd8\xa7\331\204\xd9\205\xd8\255\330\xa7\331\210\xd9\x84\330\xa9\x20\330\xa8\330\271\xd8\257\40" . ceil($remaining_time / 60) . "\x20\330\257\331\202\xd8\247\xd8\xa6\xd9\x82\56"; } elseif ($isActive == 0) { $error = "\xd8\255\330\xb3\xd8\247\xd8\250\331\203\x20\330\272\331\x8a\xd8\xb1\40\331\x85\xd9\201\330\xb9\331\x84\40\331\212\xd8\xb1\330\xac\331\211\40\330\247\xd9\204\xd8\xaa\xd9\210\xd8\xa7\330\265\xd9\x84\40\331\205\330\xb9\40\xd8\247\331\x84\xd8\247\xd8\257\330\xa7\330\xb1\xd8\xa9\x2e"; } else { $hashed_password = hash("\x73\x68\141\x32\65\66", $password); if ($hashed_password === $stored_password) { $sql_reset_attempts = "\125\120\x44\x41\x54\105\x20\165\x73\x65\162\x73\x20\x53\x45\x54\x20\146\141\151\x6c\x65\x64\137\x61\164\164\145\x6d\x70\164\x73\40\75\40\60\54\40\x6c\x6f\x63\153\x6f\x75\164\137\164\x69\x6d\145\40\75\x20\x4e\x55\114\x4c\x20\x57\x48\105\x52\x45\x20\165\x73\x65\162\156\x61\155\145\x20\75\40\77"; $stmt_reset = $conn->prepare($sql_reset_attempts); $stmt_reset->bind_param("\163", $username); $stmt_reset->execute(); $_SESSION["\x6c\157\147\x67\145\144\151\x6e"] = true; $_SESSION["\165\163\x65\x72\156\x61\155\x65"] = $username; $login_ip = $_SERVER["\x52\x45\115\x4f\x54\105\x5f\101\104\x44\x52"]; log_login($username, $login_ip, $conn); header("\x4c\157\143\141\164\151\x6f\156\x3a\x20\144\x61\x73\150\142\x6f\141\x72\144\56\x70\150\160"); die; } else { $failed_attempts++; if ($failed_attempts >= MAX_ATTEMPTS) { $lockout_time = date("\x59\x2d\155\x2d\x64\x20\110\72\151\72\x73", time() + LOCKOUT_DURATION); $sql_lockout = "\125\x50\104\101\x54\105\40\165\x73\145\x72\163\x20\123\x45\x54\x20\x66\x61\151\154\x65\144\137\x61\x74\x74\145\155\160\x74\163\40\x3d\40\x3f\x2c\x20\x6c\x6f\143\153\157\x75\x74\x5f\164\151\x6d\x65\40\x3d\x20\77\x20\x57\x48\105\x52\x45\x20\x75\x73\145\162\x6e\x61\x6d\x65\40\75\x20\x3f"; $stmt_lockout = $conn->prepare($sql_lockout); $stmt_lockout->bind_param("\151\x73\163", $failed_attempts, $lockout_time, $username); } else { $sql_increment_attempts = "\x55\x50\x44\x41\124\x45\40\165\163\x65\162\x73\40\x53\105\124\40\x66\x61\151\x6c\145\144\137\x61\x74\164\x65\155\160\x74\x73\40\75\40\x3f\x20\127\110\105\122\x45\x20\x75\163\x65\162\156\x61\155\145\x20\x3d\x20\x3f"; $stmt_increment = $conn->prepare($sql_increment_attempts); $stmt_increment->bind_param("\x69\163", $failed_attempts, $username); } if (isset($stmt_lockout)) { $stmt_lockout->execute(); } else { $stmt_increment->execute(); } $error = $failed_attempts >= MAX_ATTEMPTS ? "\xd8\252\331\205\x20\331\x82\xd9\201\xd9\x84\x20\xd8\247\xd9\x84\xd8\255\330\263\330\247\330\250\40\xd8\xa8\xd8\xb3\xd8\xa8\330\xa8\40\330\271\330\xaf\330\257\x20\331\203\xd8\250\331\212\330\261\40\331\205\331\206\x20\xd9\x85\330\255\330\247\331\x88\xd9\x84\330\247\xd8\252\x20\330\xa7\331\x84\xd8\xaf\xd8\xae\331\210\xd9\x84\x20\xd8\xa7\331\204\331\201\330\247\xd8\264\331\204\330\xa9\x2e\40\331\x8a\xd8\261\330\254\331\211\x20\xd8\247\xd9\x84\xd9\x85\330\xad\xd8\247\xd9\x88\xd9\204\330\xa9\40\xd9\x85\330\261\330\xa9\x20\330\xa3\330\xae\330\xb1\331\x89\40\330\xa8\330\xb9\330\xaf\x20\x35\x20\330\xaf\xd9\x82\xd8\247\xd8\246\331\x82\x2e" : "\xd9\x83\xd9\x84\xd9\205\xd8\xa9\x20\330\xa7\xd9\204\xd9\205\330\xb1\331\x88\330\xb1\40\xd8\272\xd9\212\xd8\261\x20\330\265\xd8\255\xd9\212\330\255\330\251\x2e\x20\331\204\xd8\257\xd9\212\xd9\203\40" . (MAX_ATTEMPTS - $failed_attempts) . "\40\xd9\x85\xd8\xad\330\247\331\210\xd9\x84\xd8\247\330\xaa\x20\xd9\205\330\xaa\xd8\250\xd9\202\xd9\212\xd8\xa9\x2e"; } } } else { $error = "\xd8\xa7\330\263\331\x85\x20\xd8\xa7\xd9\204\xd9\x85\330\xb3\330\252\xd8\256\xd8\xaf\331\205\x20\330\272\331\x8a\xd8\261\x20\xd8\265\330\xad\xd9\212\xd8\255\56"; } $stmt->close(); $conn->close(); } goto sfBac; sfBac: ?>
Function Calls
None |
Stats
MD5 | d8b0b9b75082140461baac2ad23d8e01 |
Eval Count | 0 |
Decode Time | 44 ms |