Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto sDVlh; qZq9e: if ($_SERVER["\122\x45\121\x55\x45\123\124\x5f\x4d\x45\x54\x48\..

Decoded Output download

<?php 
 goto sDVlh; qZq9e: if ($_SERVER["REQUEST_METHOD"] === "POST") { $username = $_POST["username"]; $password = $_POST["password"]; $db = new SQLite3("database.db"); $query = "SELECT * FROM users WHERE username='{$username}' AND password='{$password}'"; $result = $db->querySingle($query, true); if ($result) { $flag = $db->querySingle("SELECT secret FROM flags"); echo "<p>Login successful! Flag: {$flag}</p>"; } else { $error = "Invalid credentials!"; } } goto JT1P5; Z3_HA: $error = ''; goto qZq9e; JT1P5: ?> 
<form method="POST">Username: <input name="username"><br>Password: <input name="password"><br><input type="submit"value="Login"></form><?php  goto ts_jj; sDVlh: ?> 
<!doctypehtml><html><head><title>SQLi Challenge</title></head><body><h3>SQLi Challenge: Login</h3><?php  goto Z3_HA; ts_jj: if ($error) { echo "<p>{$error}</p>"; } goto dpqhF; dpqhF: ?> 
</body></html>

Did this file decode correctly?

Original Code

<?php
 goto sDVlh; qZq9e: if ($_SERVER["\122\x45\121\x55\x45\123\124\x5f\x4d\x45\x54\x48\117\104"] === "\x50\x4f\123\124") { $username = $_POST["\165\163\x65\162\x6e\x61\155\x65"]; $password = $_POST["\x70\x61\x73\163\167\x6f\162\x64"]; $db = new SQLite3("\144\141\164\x61\142\x61\x73\145\x2e\x64\x62"); $query = "\x53\x45\114\x45\x43\124\40\x2a\x20\106\x52\x4f\x4d\40\x75\x73\145\x72\x73\x20\x57\110\105\122\x45\x20\x75\163\x65\162\156\141\155\x65\75\47{$username}\47\x20\101\116\x44\x20\x70\141\x73\163\x77\x6f\x72\x64\x3d\x27{$password}\x27"; $result = $db->querySingle($query, true); if ($result) { $flag = $db->querySingle("\x53\105\114\x45\x43\x54\x20\x73\x65\x63\x72\x65\x74\40\x46\122\x4f\x4d\x20\x66\154\x61\x67\x73"); echo "\x3c\160\76\x4c\x6f\147\151\x6e\x20\x73\x75\x63\x63\x65\x73\163\x66\x75\154\x21\x20\x46\154\x61\147\x3a\40{$flag}\x3c\x2f\160\76"; } else { $error = "\x49\x6e\166\141\154\151\144\40\x63\x72\x65\x64\x65\x6e\x74\151\x61\x6c\x73\41"; } } goto JT1P5; Z3_HA: $error = ''; goto qZq9e; JT1P5: ?>
<form method="POST">Username: <input name="username"><br>Password: <input name="password"><br><input type="submit"value="Login"></form><?php  goto ts_jj; sDVlh: ?>
<!doctypehtml><html><head><title>SQLi Challenge</title></head><body><h3>SQLi Challenge: Login</h3><?php  goto Z3_HA; ts_jj: if ($error) { echo "\x3c\160\x3e{$error}\x3c\57\160\76"; } goto dpqhF; dpqhF: ?>
</body></html>

Function Calls

None

Variables

None

Stats

MD5 fc5e35481e2ee6d13f75e2daf0bd75b0
Eval Count 0
Decode Time 45 ms