Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php //$flag and $secret in flag.php and strlen($secret)==15 include("flag.php"); i..

Decoded Output download

 
<?php  
//$flag and $secret in flag.php and strlen($secret)==15 
include("flag.php"); 
if(!isset($_POST['username'])){show_source(__FILE__);die();} 
$username = $_POST["username"]; 
$password = $_POST["password"]; 
 
if (!empty($_COOKIE["getmein"])) { 
 
    if (urldecode($username) === "admin" && urldecode($password) != "admin") { 
        if ($_COOKIE["getmein"] === md5($secret . urldecode($username . $password))) { 
            echo "Congratulations! You are a registered user.
"; 
            die ("The flag is ". $flag); 
        } 
        else { 
            die ("Your cookies don't match up! STOP HACKING THIS SITE."); 
        } 
    } 
    else { 
        die ("You are not an admin! LEAVE."); 
    } 
} 
 
setcookie("sample-hash", md5($secret . urldecode("admin" . "admin")), time() + (60 * 60 * 24 * 7)); 
 
if (empty($_COOKIE["source"])) { 
    setcookie("source", 0, time() + (60 * 60 * 24 * 7)); 
} 
else { 
    if ($_COOKIE["source"] != 0) { 
        echo ""; // This source code is outputted here 
    } 
} 
//admin%80%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%c8%00%00%00%00%00%00%00dsd 
 
 ?>

Did this file decode correctly?

Original Code


<?php 
//$flag and $secret in flag.php and strlen($secret)==15
include("flag.php");
if(!isset($_POST['username'])){show_source(__FILE__);die();}
$username = $_POST["username"];
$password = $_POST["password"];

if (!empty($_COOKIE["getmein"])) {

    if (urldecode($username) === "admin" && urldecode($password) != "admin") {
        if ($_COOKIE["getmein"] === md5($secret . urldecode($username . $password))) {
            echo "Congratulations! You are a registered user.\n";
            die ("The flag is ". $flag);
        }
        else {
            die ("Your cookies don't match up! STOP HACKING THIS SITE.");
        }
    }
    else {
        die ("You are not an admin! LEAVE.");
    }
}

setcookie("sample-hash", md5($secret . urldecode("admin" . "admin")), time() + (60 * 60 * 24 * 7));

if (empty($_COOKIE["source"])) {
    setcookie("source", 0, time() + (60 * 60 * 24 * 7));
}
else {
    if ($_COOKIE["source"] != 0) {
        echo ""; // This source code is outputted here
    }
}
//admin%80%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%c8%00%00%00%00%00%00%00dsd

Function Calls

None

Variables

None

Stats

MD5 e5911c5754d859d594f32e92d00f02cf
Eval Count 0
Decode Time 57 ms