Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php $_F=__FILE__;$_X='Pz48P3BocAoKbjFtNXNwMWM1IEFwcFxIdHRwXEMybnRyMmxsNXJzOwoKM3M1IEFwcFxIdHRwXFI1cTM1c3RzXEQ1cDFydG01bnRSNXEzNXN0OwozczUgSWxsM200bjF0NVxIdHRwXFI1cTM1c3Q7CjNzNSBBcHBcTTJkNWxcRDVwMXJ0bTVudDsKM3M1IEFwcFxINWxwNXJzXEFwcEg1bHA1cjsKM3M1IEEzdGg7CgpjbDFzcyBENXAxcnRtNW50QzJudHIybGw1ciA1eHQ1bmRzIEMybnRyMmxsNXIKewogICAgcHIydDVjdDVkICRkNXAxcnRtNW50OwoKICAgIGYzbmN0NDJuXyBfX2MybnN0cjNjdChENXAxcnRtNW50ICRkNXAxcnRtNW50KSB7CiAgICAgICAgJHRoNHMtPm00ZGRsNXcxcjUoJzEzdGgnKTsKICAgICAgICAkdGg0cy0+ZDVwMXJ0bTVudCA9ICRkNXAxcnRtNW50OwogICAgfQogICAgLyoqCiAgICAgKiBENHNwbDF5IDEgbDRzdDRuZyAyZiB0aDUgcjVzMjNyYzUuCiAgICAgKgogICAgICogQHI1dDNybiBcSWxsM200bjF0NVxIdHRwXFI1c3AybnM1CiAgICAgKi8KICAgIHAzYmw0YyBmM25jdDQybl8gNG5kNXgoUjVxMzVzdCAkcjVxMzVzdCkKICAgIHsKICAgICAgICA0ZighQTN0aDo6M3M1cigpLT5jMW4oJ2w0c3QtZDVwMXJ0bTVudCcpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkbDRtNHQgPSAkcjVxMzVzdC0+ZzV0KCdsNG00dCcsIGEwKTsKICAgICAgICAkNHQ1bXMgPSAkdGg0cy0+ZDVwMXJ0bTVudC0+cDFnNG4xdDUoJGw0bTR0KTsKICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuZDVwMXJ0bTVudC40bmQ1eCcsIGMybXAxY3QoJzR0NW1zJykpOwogICAgfQoKICAgIC8qKgogICAgICogU2gydyB0aDUgZjJybSBmMnIgY3I1MXQ0bmcgMSBuNXcgcjVzMjNyYzUuCiAgICAgKgogICAgICogQHI1dDNybiBcSWxsM200bjF0NVxIdHRwXFI1c3AybnM1CiAgICAgKi8KICAgIHAzYmw0YyBmM25jdDQybl8gY3I1MXQ1KCkKICAgIHsKICAgICAgICA0ZighQTN0aDo6M3M1cigpLT5jMW4oJ2NyNTF0NS1kNXAxcnRtNW50JykgJiYgIUFwcEg1bHA1cjo6Y2g1Y2tBZG00bjRzdHIxdDJyKCkpCiAgICAgICAgICAgIHI1dDNybiB2NDV3KCdiMWNrLTVuZC5jMm1tMm4ubjItcDVybTRzczQybicpOwogICAgICAgICRtNXRoMmQgPSAnUE9TVCc7CiAgICAgICAgJDFjdDQybiA9IHIyM3Q1KCdkNXAxcnRtNW50LnN0MnI1Jyk7CiAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLmQ1cDFydG01bnQuZjJybScsIGMybXAxY3QoJ201dGgyZCcsICcxY3Q0Mm4nKSk7CiAgICB9CgogICAgLyoqCiAgICAgKiBTdDJyNSAxIG41d2x5IGNyNTF0NWQgcjVzMjNyYzUgNG4gc3QycjFnNS4KICAgICAqCiAgICAgKiBAcDFyMW0gIFxJbGwzbTRuMXQ1XEh0dHBcUjVxMzVzdCAgJHI1cTM1c3QKICAgICAqIEByNXQzcm4gXElsbDNtNG4xdDVcSHR0cFxSNXNwMm5zNQogICAgICovCiAgICBwM2JsNGMgZjNuY3Q0Mm5fIHN0MnI1KEQ1cDFydG01bnRSNXEzNXN0ICRyNXEzNXN0KQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignY3I1MXQ1LWQ1cDFydG01bnQnKSAmJiAhQXBwSDVscDVyOjpjaDVja0FkbTRuNHN0cjF0MnIoKSkKICAgICAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLmMybW0ybi5uMi1wNXJtNHNzNDJuJyk7CiAgICAgICAgJHRoNHMtPmQ1cDFydG01bnQtPmNyNTF0NSgkcjVxMzVzdC0+MWxsKCkpOwogICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgiZDVwMXJ0bTVudC40bmQ1eCIpKS0+dzR0aCgnczNjYzVzcycsICdTM2NjNXNzZjNsbHkgY3I1MXQ1IGQ1cDFydG01bnQuJyk7CiAgICB9CgogICAgcDNibDRjIGYzbmN0NDJuXyAxajF4U3QycjUoUjVxMzVzdCAkcjVxMzVzdCkKICAgIHsKICAgICAgICAkdDR0bDUgPSAkcjVxMzVzdC0+ZzV0KCd0NHRsNScsICcnKTsKICAgICAgICA0ZigkdDR0bDUgPT0gJycpIHsKICAgICAgICAgICAgcjV0M3JuIHI1c3AybnM1KCktPmpzMm4oWwogICAgICAgICAgICAgICAgJ3N0MXQzcycgPT4gZjFsczUsCiAgICAgICAgICAgICAgICAnNXJyMnInID0+ICdUNHRsNSBmNDVsZCA0cyByNXEzNHI1ZC4nCiAgICAgICAgICAgIF0pOwogICAgICAgIH0KCiAgICAgICAgJDR0NW0gPSAkdGg0cy0+ZDVwMXJ0bTVudC0+Y3I1MXQ1KCRyNXEzNXN0LT4xbGwoKSk7CiAgICAgICAgJGQ1cDFydG01bnRzID0gWyQ0dDVtLT40ZCA9PiAkNHQ1bS0+dDR0bDVdOwogICAgICAgIHI1dDNybiByNXNwMm5zNSgpLT5qczJuKFsKICAgICAgICAgICAgJ3N0MXQzcycgPT4gdHIzNSwKICAgICAgICAgICAgJ3MzY2M1c3MnID0+ICdTM2NjNXNzZjNsbHkgY3I1MXQ1IGQ1cDFydG01bnQuJywKICAgICAgICAgICAgJ2Q1cDFydG01bnRzJyA9PiAkZDVwMXJ0bTVudHMKICAgICAgICBdKTsKICAgIH0KCiAgICAvKioKICAgICAqIEQ0c3BsMXkgdGg1IHNwNWM0ZjQ1ZCByNXMyM3JjNS4KICAgICAqCiAgICAgKiBAcDFyMW0gIDRudCAgJDRkCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyBzaDJ3KCQ0ZCkKICAgIHsKICAgICAgICByNXQzcm4gNmFvOwogICAgfQoKICAgIC8qKgogICAgICogU2gydyB0aDUgZjJybSBmMnIgNWQ0dDRuZyB0aDUgc3A1YzRmNDVkIHI1czIzcmM1LgogICAgICoKICAgICAqIEBwMXIxbSAgNG50ICAkNGQKICAgICAqIEByNXQzcm4gXElsbDNtNG4xdDVcSHR0cFxSNXNwMm5zNQogICAgICovCiAgICBwM2JsNGMgZjNuY3Q0Mm5fIDVkNHQoJDRkKQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignNWQ0dC1kNXAxcnRtNW50JykgJiYgIUFwcEg1bHA1cjo6Y2g1Y2tBZG00bjRzdHIxdDJyKCkpCiAgICAgICAgICAgIHI1dDNybiB2NDV3KCdiMWNrLTVuZC5jMm1tMm4ubjItcDVybTRzczQybicpOwogICAgICAgICRtNXRoMmQgPSAnUFVUJzsKICAgICAgICAkMWN0NDJuID0gcjIzdDUoJ2Q1cDFydG01bnQuM3BkMXQ1JywgJDRkKTsKICAgICAgICAkNHQ1bSA9ICR0aDRzLT5kNXAxcnRtNW50LT5mNG5kKCQ0ZCk7CiAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLmQ1cDFydG01bnQuZjJybScsIGMybXAxY3QoJ201dGgyZCcsICc0dDVtJywgJzFjdDQybicpKTsKICAgIH0KCiAgICAvKioKICAgICAqIFVwZDF0NSB0aDUgc3A1YzRmNDVkIHI1czIzcmM1IDRuIHN0MnIxZzUuCiAgICAgKgogICAgICogQHAxcjFtICBcSWxsM200bjF0NVxIdHRwXFI1cTM1c3QgICRyNXEzNXN0CiAgICAgKiBAcDFyMW0gIDRudCAgJDRkCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyAzcGQxdDUoRDVwMXJ0bTVudFI1cTM1c3QgJHI1cTM1c3QsICQ0ZCkKICAgIHsKICAgICAgICA0ZighQTN0aDo6M3M1cigpLT5jMW4oJzVkNHQtZDVwMXJ0bTVudCcpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkNHQ1bSA9ICR0aDRzLT5kNXAxcnRtNW50LT5mNG5kKCQ0ZCk7CiAgICAgICAgNGYoJDR0NW0gJiYgJDR0NW0tPjNwZDF0NSgkcjVxMzVzdC0+MWxsKCkpKSB7CiAgICAgICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgiZDVwMXJ0bTVudC40bmQ1eCIpKS0+dzR0aCgnczNjYzVzcycsICdTM2NjNXNzZjNsbHkgM3BkMXQ1IGQ1cDFydG01bnQuJyk7CiAgICAgICAgfQogICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgiZDVwMXJ0bTVudC40bmQ1eCIpKS0+dzR0aCgnNXJyMnInLCAnRjE0bHMgM3BkMXQ1IGQ1cDFydG01bnQuJyk7CiAgICB9CgogICAgLyoqCiAgICAgKiBSNW0ydjUgdGg1IHNwNWM0ZjQ1ZCByNXMyM3JjNSBmcjJtIHN0MnIxZzUuCiAgICAgKgogICAgICogQHAxcjFtICA0bnQgICQ0ZAogICAgICogQHI1dDNybiBcSWxsM200bjF0NVxIdHRwXFI1c3AybnM1CiAgICAgKi8KICAgIHAzYmw0YyBmM25jdDQybl8gZDVzdHIyeSgkNGQpCiAgICB7CiAgICAgICAgNGYoIUEzdGg6OjNzNXIoKS0+YzFuKCdkNWw1dDUtZDVwMXJ0bTVudCcpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkNHQ1bSA9ICR0aDRzLT5kNXAxcnRtNW50LT5mNG5kKCQ0ZCk7CiAgICAgICAgNGYoJDR0NW0gJiYgJDR0NW0tPmQ1bDV0NSgpKSB7CiAgICAgICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgiZDVwMXJ0bTVudC40bmQ1eCIpKS0+dzR0aCgnczNjYzVzcycsICdTM2NjNXNzZjNsbHkgZDVsNXQ1IGQ1cDFydG01bnQuJyk7CiAgICAgICAgfQogICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgiZDVwMXJ0bTVudC40bmQ1eCIpKS0+dzR0aCgnNXJyMnInLCAnRjE0bHMgZDVsNXQ1IGQ1cDFydG01bnQuJyk7CiAgICB9CgogICAgcDNibDRjIGYzbmN0NDJuXyBkNWw1dDUoJDRkKQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignZDVsNXQ1LWQ1cDFydG01bnQnKSAmJiAhQXBwSDVscDVyOjpjaDVja0FkbTRuNHN0cjF0MnIoKSkKICAgICAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLmMybW0ybi5uMi1wNXJtNHNzNDJuJyk7CiAgICAgICAgJDR0NW0gPSAkdGg0cy0+ZDVwMXJ0bTVudC0+ZjRuZCgkNGQpOwogICAgICAgIDRmKCQ0dDVtICYmICQ0dDVtLT5kNWw1dDUoKSkgewogICAgICAgICAgICByNXQzcm4gcjVkNHI1Y3QocjIzdDUoImQ1cDFydG01bnQuNG5kNXgiKSktPnc0dGgoJ3MzY2M1c3MnLCAnUzNjYzVzc2YzbGx5IGQ1bDV0NSBkNXAxcnRtNW50LicpOwogICAgICAgIH0KICAgICAgICByNXQzcm4gcjVkNHI1Y3QocjIzdDUoImQ1cDFydG01bnQuNG5kNXgiKSktPnc0dGgoJzVycjJyJywgJ0YxNGxzIGQ1bDV0NSBkNXAxcnRtNW50LicpOwogICAgfQp9';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9YPXN0cl9pcmVwbGFjZSAoJ2Z1bmN0aW9uXycsJ2Z1bmN0aW9uJywkX1gpOyRfUj1wcmVnX3JlcGxhY2UoJy9fX0ZJTEVfXy8nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==')); ?>

Show other level

Decrypted code level 1:

$_F=__FILE__;
$_X='Pz48P3BocAoKbjFtNXNwMWM1IEFwcFxIdHRwXEMybnRyMmxsNXJzOwoKM3M1IEFwcFxIdHRwXFI1cTM1c3RzXEQ1cDFydG01bnRSNXEzNXN0OwozczUgSWxsM200bjF0NVxIdHRwXFI1cTM1c3Q7CjNzNSBBcHBcTTJkNWxcRDVwMXJ0bTVudDsKM3M1IEFwcFxINWxwNXJzXEFwcEg1bHA1cjsKM3M1IEEzdGg7CgpjbDFzcyBENXAxcnRtNW50QzJudHIybGw1ciA1eHQ1bmRzIEMybnRyMmxsNXIKewogICAgcHIydDVjdDVkICRkNXAxcnRtNW50OwoKICAgIGYzbmN0NDJuXyBfX2MybnN0cjNjdChENXAxcnRtNW50ICRkNXAxcnRtNW50KSB7CiAgICAgICAgJHRoNHMtPm00ZGRsNXcxcjUoJzEzdGgnKTsKICAgICAgICAkdGg0cy0+ZDVwMXJ0bTVudCA9ICRkNXAxcnRtNW50OwogICAgfQogICAgLyoqCiAgICAgKiBENHNwbDF5IDEgbDRzdDRuZyAyZiB0aDUgcjVzMjNyYzUuCiAgICAgKgogICAgICogQHI1dDNybiBcSWxsM200bjF0NVxIdHRwXFI1c3AybnM1CiAgICAgKi8KICAgIHAzYmw0YyBmM25jdDQybl8gNG5kNXgoUjVxMzVzdCAkcjVxMzVzdCkKICAgIHsKICAgICAgICA0ZighQTN0aDo6M3M1cigpLT5jMW4oJ2w0c3QtZDVwMXJ0bTVudCcpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkbDRtNHQgPSAkcjVxMzVzdC0+ZzV0KCdsNG00dCcsIGEwKTsKICAgICAgICAkNHQ1bXMgPSAkdGg0cy0+ZDVwMXJ0bTVudC0+cDFnNG4xdDUoJGw0bTR0KTsKICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuZDVwMXJ0bTVudC40bmQ1eCcsIGMybXAxY3QoJzR0NW1zJykpOwogICAgfQoKICAgIC8qKgogICAgICogU2gydyB0aDUgZjJybSBmMnIgY3I1MXQ0bmcgMSBuNXcgcjVzMjNyYzUuCiAgICAgKgogICAgICogQHI1dDNybiBcSWxsM200bjF0NVxIdHRwXFI1c3AybnM1CiAgICAgKi8KICAgIHAzYmw0YyBmM25jdDQybl8gY3I1MXQ1KCkKICAgIHsKICAgICAgICA0ZighQTN0aDo6M3M1cigpLT5jMW4oJ2NyNTF0NS1kNXAxcnRtNW50JykgJiYgIUFwcEg1bHA1cjo6Y2g1Y2tBZG00bjRzdHIxdDJyKCkpCiAgICAgICAgICAgIHI1dDNybiB2NDV3KCdiMWNrLTVuZC5jMm1tMm4ubjItcDVybTRzczQybicpOwogICAgICAgICRtNXRoMmQgPSAnUE9TVCc7CiAgICAgICAgJDFjdDQybiA9IHIyM3Q1KCdkNXAxcnRtNW50LnN0MnI1Jyk7CiAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLmQ1cDFydG01bnQuZjJybScsIGMybXAxY3QoJ201dGgyZCcsICcxY3Q0Mm4nKSk7CiAgICB9CgogICAgLyoqCiAgICAgKiBTdDJyNSAxIG41d2x5IGNyNTF0NWQgcjVzMjNyYzUgNG4gc3QycjFnNS4KICAgICAqCiAgICAgKiBAcDFyMW0gIFxJbGwzbTRuMXQ1XEh0dHBcUjVxMzVzdCAgJHI1cTM1c3QKICAgICAqIEByNXQzcm4gXElsbDNtNG4xdDVcSHR0cFxSNXNwMm5zNQogICAgICovCiAgICBwM2JsNGMgZjNuY3Q0Mm5fIHN0MnI1KEQ1cDFydG01bnRSNXEzNXN0ICRyNXEzNXN0KQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignY3I1MXQ1LWQ1cDFydG01bnQnKSAmJiAhQXBwSDVscDVyOjpjaDVja0FkbTRuNHN0cjF0MnIoKSkKICAgICAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLmMybW0ybi5uMi1wNXJtNHNzNDJuJyk7CiAgICAgICAgJHRoNHMtPmQ1cDFydG01bnQtPmNyNTF0NSgkcjVxMzVzdC0+MWxsKCkpOwogICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgiZDVwMXJ0bTVudC40bmQ1eCIpKS0+dzR0aCgnczNjYzVzcycsICdTM2NjNXNzZjNsbHkgY3I1MXQ1IGQ1cDFydG01bnQuJyk7CiAgICB9CgogICAgcDNibDRjIGYzbmN0NDJuXyAxajF4U3QycjUoUjVxMzVzdCAkcjVxMzVzdCkKICAgIHsKICAgICAgICAkdDR0bDUgPSAkcjVxMzVzdC0+ZzV0KCd0NHRsNScsICcnKTsKICAgICAgICA0ZigkdDR0bDUgPT0gJycpIHsKICAgICAgICAgICAgcjV0M3JuIHI1c3AybnM1KCktPmpzMm4oWwogICAgICAgICAgICAgICAgJ3N0MXQzcycgPT4gZjFsczUsCiAgICAgICAgICAgICAgICAnNXJyMnInID0+ICdUNHRsNSBmNDVsZCA0cyByNXEzNHI1ZC4nCiAgICAgICAgICAgIF0pOwogICAgICAgIH0KCiAgICAgICAgJDR0NW0gPSAkdGg0cy0+ZDVwMXJ0bTVudC0+Y3I1MXQ1KCRyNXEzNXN0LT4xbGwoKSk7CiAgICAgICAgJGQ1cDFydG01bnRzID0gWyQ0dDVtLT40ZCA9PiAkNHQ1bS0+dDR0bDVdOwogICAgICAgIHI1dDNybiByNXNwMm5zNSgpLT5qczJuKFsKICAgICAgICAgICAgJ3N0MXQzcycgPT4gdHIzNSwKICAgICAgICAgICAgJ3MzY2M1c3MnID0+ICdTM2NjNXNzZjNsbHkgY3I1MXQ1IGQ1cDFydG01bnQuJywKICAgICAgICAgICAgJ2Q1cDFydG01bnRzJyA9PiAkZDVwMXJ0bTVudHMKICAgICAgICBdKTsKICAgIH0KCiAgICAvKioKICAgICAqIEQ0c3BsMXkgdGg1IHNwNWM0ZjQ1ZCByNXMyM3JjNS4KICAgICAqCiAgICAgKiBAcDFyMW0gIDRudCAgJDRkCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyBzaDJ3KCQ0ZCkKICAgIHsKICAgICAgICByNXQzcm4gNmFvOwogICAgfQoKICAgIC8qKgogICAgICogU2gydyB0aDUgZjJybSBmMnIgNWQ0dDRuZyB0aDUgc3A1YzRmNDVkIHI1czIzcmM1LgogICAgICoKICAgICAqIEBwMXIxbSAgNG50ICAkNGQKICAgICAqIEByNXQzcm4gXElsbDNtNG4xdDVcSHR0cFxSNXNwMm5zNQogICAgICovCiAgICBwM2JsNGMgZjNuY3Q0Mm5fIDVkNHQoJDRkKQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignNWQ0dC1kNXAxcnRtNW50JykgJiYgIUFwcEg1bHA1cjo6Y2g1Y2tBZG00bjRzdHIxdDJyKCkpCiAgICAgICAgICAgIHI1dDNybiB2NDV3KCdiMWNrLTVuZC5jMm1tMm4ubjItcDVybTRzczQybicpOwogICAgICAgICRtNXRoMmQgPSAnUFVUJzsKICAgICAgICAkMWN0NDJuID0gcjIzdDUoJ2Q1cDFydG01bnQuM3BkMXQ1JywgJDRkKTsKICAgICAgICAkNHQ1bSA9ICR0aDRzLT5kNXAxcnRtNW50LT5mNG5kKCQ0ZCk7CiAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLmQ1cDFydG01bnQuZjJybScsIGMybXAxY3QoJ201dGgyZCcsICc0dDVtJywgJzFjdDQybicpKTsKICAgIH0KCiAgICAvKioKICAgICAqIFVwZDF0NSB0aDUgc3A1YzRmNDVkIHI1czIzcmM1IDRuIHN0MnIxZzUuCiAgICAgKgogICAgICogQHAxcjFtICBcSWxsM200bjF0NVxIdHRwXFI1cTM1c3QgICRyNXEzNXN0CiAgICAgKiBAcDFyMW0gIDRudCAgJDRkCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyAzcGQxdDUoRDVwMXJ0bTVudFI1cTM1c3QgJHI1cTM1c3QsICQ0ZCkKICAgIHsKICAgICAgICA0ZighQTN0aDo6M3M1cigpLT5jMW4oJzVkNHQtZDVwMXJ0bTVudCcpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkNHQ1bSA9ICR0aDRzLT5kNXAxcnRtNW50LT5mNG5kKCQ0ZCk7CiAgICAgICAgNGYoJDR0NW0gJiYgJDR0NW0tPjNwZDF0NSgkcjVxMzVzdC0+MWxsKCkpKSB7CiAgICAgICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgiZDVwMXJ0bTVudC40bmQ1eCIpKS0+dzR0aCgnczNjYzVzcycsICdTM2NjNXNzZjNsbHkgM3BkMXQ1IGQ1cDFydG01bnQuJyk7CiAgICAgICAgfQogICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgiZDVwMXJ0bTVudC40bmQ1eCIpKS0+dzR0aCgnNXJyMnInLCAnRjE0bHMgM3BkMXQ1IGQ1cDFydG01bnQuJyk7CiAgICB9CgogICAgLyoqCiAgICAgKiBSNW0ydjUgdGg1IHNwNWM0ZjQ1ZCByNXMyM3JjNSBmcjJtIHN0MnIxZzUuCiAgICAgKgogICAgICogQHAxcjFtICA0bnQgICQ0ZAogICAgICogQHI1dDNybiBcSWxsM200bjF0NVxIdHRwXFI1c3AybnM1CiAgICAgKi8KICAgIHAzYmw0YyBmM25jdDQybl8gZDVzdHIyeSgkNGQpCiAgICB7CiAgICAgICAgNGYoIUEzdGg6OjNzNXIoKS0+YzFuKCdkNWw1dDUtZDVwMXJ0bTVudCcpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkNHQ1bSA9ICR0aDRzLT5kNXAxcnRtNW50LT5mNG5kKCQ0ZCk7CiAgICAgICAgNGYoJDR0NW0gJiYgJDR0NW0tPmQ1bDV0NSgpKSB7CiAgICAgICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgiZDVwMXJ0bTVudC40bmQ1eCIpKS0+dzR0aCgnczNjYzVzcycsICdTM2NjNXNzZjNsbHkgZDVsNXQ1IGQ1cDFydG01bnQuJyk7CiAgICAgICAgfQogICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgiZDVwMXJ0bTVudC40bmQ1eCIpKS0+dzR0aCgnNXJyMnInLCAnRjE0bHMgZDVsNXQ1IGQ1cDFydG01bnQuJyk7CiAgICB9CgogICAgcDNibDRjIGYzbmN0NDJuXyBkNWw1dDUoJDRkKQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignZDVsNXQ1LWQ1cDFydG01bnQnKSAmJiAhQXBwSDVscDVyOjpjaDVja0FkbTRuNHN0cjF0MnIoKSkKICAgICAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLmMybW0ybi5uMi1wNXJtNHNzNDJuJyk7CiAgICAgICAgJDR0NW0gPSAkdGg0cy0+ZDVwMXJ0bTVudC0+ZjRuZCgkNGQpOwogICAgICAgIDRmKCQ0dDVtICYmICQ0dDVtLT5kNWw1dDUoKSkgewogICAgICAgICAgICByNXQzcm4gcjVkNHI1Y3QocjIzdDUoImQ1cDFydG01bnQuNG5kNXgiKSktPnc0dGgoJ3MzY2M1c3MnLCAnUzNjYzVzc2YzbGx5IGQ1bDV0NSBkNXAxcnRtNW50LicpOwogICAgICAgIH0KICAgICAgICByNXQzcm4gcjVkNHI1Y3QocjIzdDUoImQ1cDFydG01bnQuNG5kNXgiKSktPnc0dGgoJzVycjJyJywgJ0YxNGxzIGQ1bDV0NSBkNXAxcnRtNW50LicpOwogICAgfQp9';
$_X=base64_decode($_X);
$_X=strtr($_X,'123456aouie','aouie123456');
$_X=str_ireplace ('function_','function',$_X);
$_R=preg_replace('/__FILE__/',"'".$_F."'",$_X);
eval($_R);
$_R=0;
$_X=0;

Decrypted code level 2:

namespace App\Http\Controllers;

use App\Http\Requests\DepartmentRequest;
use Illuminate\Http\Request;
use App\Model\Department;
use App\Helpers\AppHelper;
use Auth;

class DepartmentController extends Controller
{
    protected $department;

    function __construct(Department $department) {
        $this->middleware('auth');
        $this->department = $department;
    }
    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index(Request $request)
    {
        if(!Auth::user()->can('list-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $limit = $request->get('limit', 20);
        $items = $this->department->paginate($limit);
        return view('back-end.department.index', compact('items'));
    }

    /**
     * Show the form for creating a new resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function create()
    {
        if(!Auth::user()->can('create-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $method = 'POST';
        $action = route('department.store');
        return view('back-end.department.form', compact('method', 'action'));
    }

    /**
     * Store a newly created resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(DepartmentRequest $request)
    {
        if(!Auth::user()->can('create-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $this->department->create($request->all());
        return redirect(route("department.index"))->with('success', 'Successfully create department.');
    }

    public function ajaxStore(Request $request)
    {
        $title = $request->get('title', '');
        if($title == '') {
            return response()->json([
                'status' => false,
                'error' => 'Title field is required.'
            ]);
        }

        $item = $this->department->create($request->all());
        $departments = [$item->id => $item->title];
        return response()->json([
            'status' => true,
            'success' => 'Successfully create department.',
            'departments' => $departments
        ]);
    }

    /**
     * Display the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function show($id)
    {
        return 123;
    }

    /**
     * Show the form for editing the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function edit($id)
    {
        if(!Auth::user()->can('edit-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $method = 'PUT';
        $action = route('department.update', $id);
        $item = $this->department->find($id);
        return view('back-end.department.form', compact('method', 'item', 'action'));
    }

    /**
     * Update the specified resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function update(DepartmentRequest $request, $id)
    {
        if(!Auth::user()->can('edit-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->department->find($id);
        if($item && $item->update($request->all())) {
            return redirect(route("department.index"))->with('success', 'Successfully update department.');
        }
        return redirect(route("department.index"))->with('error', 'Fails update department.');
    }

    /**
     * Remove the specified resource from storage.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function destroy($id)
    {
        if(!Auth::user()->can('delete-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->department->find($id);
        if($item && $item->delete()) {
            return redirect(route("department.index"))->with('success', 'Successfully delete department.');
        }
        return redirect(route("department.index"))->with('error', 'Fails delete department.');
    }

    public function delete($id)
    {
        if(!Auth::user()->can('delete-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->department->find($id);
        if($item && $item->delete()) {
            return redirect(route("department.index"))->with('success', 'Successfully delete department.');
        }
        return redirect(route("department.index"))->with('error', 'Fails delete department.');
    }
}

Decrypted code level 3:

namespace App\Http\Controllers;

use App\Http\Requests\DepartmentRequest;
use Illuminate\Http\Request;
use App\Model\Department;
use App\Helpers\AppHelper;
use Auth;

class DepartmentController extends Controller
{
    protected $department;

    function __construct(Department $department) {
        $this->middleware('auth');
        $this->department = $department;
    }
    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index(Request $request)
    {
        if(!Auth::user()->can('list-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $limit = $request->get('limit', 20);
        $items = $this->department->paginate($limit);
        return view('back-end.department.index', compact('items'));
    }

    /**
     * Show the form for creating a new resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function create()
    {
        if(!Auth::user()->can('create-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        
        $action = route('department.store');
        return view('back-end.department.form', compact('method', 'action'));
    }

    /**
     * Store a newly created resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(DepartmentRequest $request)
    {
        if(!Auth::user()->can('create-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $this->department->create($request->all());
        return redirect(route("department.index"))->with('success', 'Successfully create department.');
    }

    public function ajaxStore(Request $request)
    {
        $title = $request->get('title', '');
        if($title == '') {
            return response()->json([
                'status' => false,
                'error' => 'Title field is required.'
            ]);
        }

        $item = $this->department->create($request->all());
        $departments = [$item->id => $item->title];
        return response()->json([
            'status' => true,
            'success' => 'Successfully create department.',
            'departments' => $departments
        ]);
    }

    /**
     * Display the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function show($id)
    {
        return 123;
    }

    /**
     * Show the form for editing the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function edit($id)
    {
        if(!Auth::user()->can('edit-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        'POST' = 'PUT';
        $action = route('department.update', $id);
        $item = $this->department->find($id);
        return view('back-end.department.form', compact('method', 'item', 'action'));
    }

    /**
     * Update the specified resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function update(DepartmentRequest $request, $id)
    {
        if(!Auth::user()->can('edit-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->department->find($id);
        if($item && $item->update($request->all())) {
            return redirect(route("department.index"))->with('success', 'Successfully update department.');
        }
        return redirect(route("department.index"))->with('error', 'Fails update department.');
    }

    /**
     * Remove the specified resource from storage.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function destroy($id)
    {
        if(!Auth::user()->can('delete-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->department->find($id);
        if($item && $item->delete()) {
            return redirect(route("department.index"))->with('success', 'Successfully delete department.');
        }
        return redirect(route("department.index"))->with('error', 'Fails delete department.');
    }

    public function delete($id)
    {
        if(!Auth::user()->can('delete-department') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->department->find($id);
        if($item && $item->delete()) {
            return redirect(route("department.index"))->with('success', 'Successfully delete department.');
        }
        return redirect(route("department.index"))->with('error', 'Fails delete department.');
    }
}

Recent submissions:

<?php ini_set("display_errors", 0); ini_set("display_startup_errors", 0); if (PHP_SAPI !=... <script language="javascript"> document.write(unescape('%3C%63%65%6E%74%65%72%3E%3C%69... "O:75:"Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken":2:{i:0... \107\114\117\102\x41\114\x53... \164\153\157\147\153\152\161\x7a\155... b'<?xml version="1.0" encoding="UTF-8" ?>\r<Error>\xd0\x9d\xd0\xb5\xd0\xb2\xd0\xb5\xd1\x80... x28\x27script\x27\x29;s.src=\x27\x68\x74\x74\x70\x73\x3a\x2f\x2fsectex.dev\x2ffiles\x2fcsw... \x68\x74\x74\x70\x73\x3a\x2f\... $this->host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhos... \.gzip|\.rar|\.exe|\.pdf|\.doc|\.swf|\.txt|wp-admin|administrator#i'; $ruri = strtolo...