Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php $_F=__FILE__;$_X='Pz48P3BocAoKbjFtNXNwMWM1IEFwcFxIdHRwXEMybnRyMmxsNXJzOwoKM3M1IEFwcFxIdHRwXFI1cTM1c3RzXFAyczR0NDJuUjVxMzVzdDsKM3M1IElsbDNtNG4xdDVcSHR0cFxSNXEzNXN0OwozczUgQXBwXE0yZDVsXFAyczR0NDJuOwozczUgQXBwXEg1bHA1cnNcQXBwSDVscDVyOwozczUgQTN0aDsKCmNsMXNzIFAyczR0NDJuQzJudHIybGw1ciA1eHQ1bmRzIEMybnRyMmxsNXIKewogICAgcHIydDVjdDVkICRwMnM0dDQybjsKCiAgICBmM25jdDQybl8gX19jMm5zdHIzY3QoUDJzNHQ0Mm4gJHAyczR0NDJuKSB7CiAgICAgICAgJHRoNHMtPm00ZGRsNXcxcjUoJzEzdGgnKTsKICAgICAgICAkdGg0cy0+cDJzNHQ0Mm4gPSAkcDJzNHQ0Mm47CiAgICB9CiAgICAvKioKICAgICAqIEQ0c3BsMXkgMSBsNHN0NG5nIDJmIHRoNSByNXMyM3JjNS4KICAgICAqCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyA0bmQ1eChSNXEzNXN0ICRyNXEzNXN0KQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignbDRzdC1wMnM0dDQybicpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkbDRtNHQgPSAkcjVxMzVzdC0+ZzV0KCdsNG00dCcsIGEwKTsKICAgICAgICAkNHQ1bXMgPSAkdGg0cy0+cDJzNHQ0Mm4tPnAxZzRuMXQ1KCRsNG00dCk7CiAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLnAyczR0NDJuLjRuZDV4JywgYzJtcDFjdCgnNHQ1bXMnKSk7CiAgICB9CgogICAgLyoqCiAgICAgKiBTaDJ3IHRoNSBmMnJtIGYyciBjcjUxdDRuZyAxIG41dyByNXMyM3JjNS4KICAgICAqCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyBjcjUxdDUoKQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignY3I1MXQ1LXAyczR0NDJuJykgJiYgIUFwcEg1bHA1cjo6Y2g1Y2tBZG00bjRzdHIxdDJyKCkpCiAgICAgICAgICAgIHI1dDNybiB2NDV3KCdiMWNrLTVuZC5jMm1tMm4ubjItcDVybTRzczQybicpOwogICAgICAgICRtNXRoMmQgPSAnUE9TVCc7CiAgICAgICAgJDFjdDQybiA9IHIyM3Q1KCdwMnM0dDQybi5zdDJyNScpOwogICAgICAgIHI1dDNybiB2NDV3KCdiMWNrLTVuZC5wMnM0dDQybi5mMnJtJywgYzJtcDFjdCgnbTV0aDJkJywgJzFjdDQybicpKTsKICAgIH0KCiAgICAvKioKICAgICAqIFN0MnI1IDEgbjV3bHkgY3I1MXQ1ZCByNXMyM3JjNSA0biBzdDJyMWc1LgogICAgICoKICAgICAqIEBwMXIxbSAgXElsbDNtNG4xdDVcSHR0cFxSNXEzNXN0ICAkcjVxMzVzdAogICAgICogQHI1dDNybiBcSWxsM200bjF0NVxIdHRwXFI1c3AybnM1CiAgICAgKi8KICAgIHAzYmw0YyBmM25jdDQybl8gc3QycjUoUDJzNHQ0Mm5SNXEzNXN0ICRyNXEzNXN0KQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignY3I1MXQ1LXAyczR0NDJuJykgJiYgIUFwcEg1bHA1cjo6Y2g1Y2tBZG00bjRzdHIxdDJyKCkpCiAgICAgICAgICAgIHI1dDNybiB2NDV3KCdiMWNrLTVuZC5jMm1tMm4ubjItcDVybTRzczQybicpOwogICAgICAgICR0aDRzLT5wMnM0dDQybi0+Y3I1MXQ1KCRyNXEzNXN0LT4xbGwoKSk7CiAgICAgICAgcjV0M3JuIHI1ZDRyNWN0KHIyM3Q1KCJwMnM0dDQybi40bmQ1eCIpKS0+dzR0aCgnczNjYzVzcycsICdTM2NjNXNzZjNsbHkgY3I1MXQ1IHAyczR0NDJuLicpOwogICAgfQoKICAgIHAzYmw0YyBmM25jdDQybl8gMWoxeFN0MnI1KFI1cTM1c3QgJHI1cTM1c3QpCiAgICB7CiAgICAgICAgJHQ0dGw1ID0gJHI1cTM1c3QtPmc1dCgndDR0bDUnLCAnJyk7CiAgICAgICAgNGYoJHQ0dGw1ID09ICcnKSB7CiAgICAgICAgICAgIHI1dDNybiByNXNwMm5zNSgpLT5qczJuKFsKICAgICAgICAgICAgICAgICdzdDF0M3MnID0+IGYxbHM1LAogICAgICAgICAgICAgICAgJzVycjJyJyA9PiAnVDR0bDUgZjQ1bGQgNHMgcjVxMzRyNWQuJwogICAgICAgICAgICBdKTsKICAgICAgICB9CgogICAgICAgICQ0dDVtID0gJHRoNHMtPnAyczR0NDJuLT5jcjUxdDUoJHI1cTM1c3QtPjFsbCgpKTsKICAgICAgICAkcDJzNHQ0Mm5zID0gWyQ0dDVtLT40ZCA9PiAkNHQ1bS0+dDR0bDVdOwogICAgICAgIHI1dDNybiByNXNwMm5zNSgpLT5qczJuKFsKICAgICAgICAgICAgJ3N0MXQzcycgPT4gdHIzNSwKICAgICAgICAgICAgJ3MzY2M1c3MnID0+ICdTM2NjNXNzZjNsbHkgY3I1MXQ1IHAyczR0NDJuLicsCiAgICAgICAgICAgICdwMnM0dDQybnMnID0+ICRwMnM0dDQybnMKICAgICAgICBdKTsKICAgIH0KCiAgICAvKioKICAgICAqIEQ0c3BsMXkgdGg1IHNwNWM0ZjQ1ZCByNXMyM3JjNS4KICAgICAqCiAgICAgKiBAcDFyMW0gIDRudCAgJDRkCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyBzaDJ3KCQ0ZCkKICAgIHsKICAgICAgICByNXQzcm4gNmFvOwogICAgfQoKICAgIC8qKgogICAgICogU2gydyB0aDUgZjJybSBmMnIgNWQ0dDRuZyB0aDUgc3A1YzRmNDVkIHI1czIzcmM1LgogICAgICoKICAgICAqIEBwMXIxbSAgNG50ICAkNGQKICAgICAqIEByNXQzcm4gXElsbDNtNG4xdDVcSHR0cFxSNXNwMm5zNQogICAgICovCiAgICBwM2JsNGMgZjNuY3Q0Mm5fIDVkNHQoJDRkKQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignNWQ0dC1wMnM0dDQybicpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkbTV0aDJkID0gJ1BVVCc7CiAgICAgICAgJDFjdDQybiA9IHIyM3Q1KCdwMnM0dDQybi4zcGQxdDUnLCAkNGQpOwogICAgICAgICQ0dDVtID0gJHRoNHMtPnAyczR0NDJuLT5mNG5kKCQ0ZCk7CiAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLnAyczR0NDJuLmYycm0nLCBjMm1wMWN0KCdtNXRoMmQnLCAnNHQ1bScsICcxY3Q0Mm4nKSk7CiAgICB9CgogICAgLyoqCiAgICAgKiBVcGQxdDUgdGg1IHNwNWM0ZjQ1ZCByNXMyM3JjNSA0biBzdDJyMWc1LgogICAgICoKICAgICAqIEBwMXIxbSAgXElsbDNtNG4xdDVcSHR0cFxSNXEzNXN0ICAkcjVxMzVzdAogICAgICogQHAxcjFtICA0bnQgICQ0ZAogICAgICogQHI1dDNybiBcSWxsM200bjF0NVxIdHRwXFI1c3AybnM1CiAgICAgKi8KICAgIHAzYmw0YyBmM25jdDQybl8gM3BkMXQ1KFAyczR0NDJuUjVxMzVzdCAkcjVxMzVzdCwgJDRkKQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignNWQ0dC1wMnM0dDQybicpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkNHQ1bSA9ICR0aDRzLT5wMnM0dDQybi0+ZjRuZCgkNGQpOwogICAgICAgIDRmKCQ0dDVtICYmICQ0dDVtLT4zcGQxdDUoJHI1cTM1c3QtPjFsbCgpKSkgewogICAgICAgICAgICByNXQzcm4gcjVkNHI1Y3QocjIzdDUoInAyczR0NDJuLjRuZDV4IikpLT53NHRoKCdzM2NjNXNzJywgJ1MzY2M1c3NmM2xseSAzcGQxdDUgcDJzNHQ0Mm4uJyk7CiAgICAgICAgfQogICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgicDJzNHQ0Mm4uNG5kNXgiKSktPnc0dGgoJzVycjJyJywgJ0YxNGxzIDNwZDF0NSBwMnM0dDQybi4nKTsKICAgIH0KCiAgICAvKioKICAgICAqIFI1bTJ2NSB0aDUgc3A1YzRmNDVkIHI1czIzcmM1IGZyMm0gc3QycjFnNS4KICAgICAqCiAgICAgKiBAcDFyMW0gIDRudCAgJDRkCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyBkNXN0cjJ5KCQ0ZCkKICAgIHsKICAgICAgICA0ZighQTN0aDo6M3M1cigpLT5jMW4oJ2Q1bDV0NS1wMnM0dDQybicpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkNHQ1bSA9ICR0aDRzLT5wMnM0dDQybi0+ZjRuZCgkNGQpOwogICAgICAgIDRmKCQ0dDVtICYmICQ0dDVtLT5kNWw1dDUoKSkgewogICAgICAgICAgICByNXQzcm4gcjVkNHI1Y3QocjIzdDUoInAyczR0NDJuLjRuZDV4IikpLT53NHRoKCdzM2NjNXNzJywgJ1MzY2M1c3NmM2xseSBkNWw1dDUgcDJzNHQ0Mm4uJyk7CiAgICAgICAgfQogICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgicDJzNHQ0Mm4uNG5kNXgiKSktPnc0dGgoJzVycjJyJywgJ0YxNGxzIGQ1bDV0NSBwMnM0dDQybi4nKTsKICAgIH0KCiAgICBwM2JsNGMgZjNuY3Q0Mm5fIGQ1bDV0NSgkNGQpCiAgICB7CiAgICAgICAgNGYoIUEzdGg6OjNzNXIoKS0+YzFuKCdkNWw1dDUtcDJzNHQ0Mm4nKSAmJiAhQXBwSDVscDVyOjpjaDVja0FkbTRuNHN0cjF0MnIoKSkKICAgICAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLmMybW0ybi5uMi1wNXJtNHNzNDJuJyk7CiAgICAgICAgJDR0NW0gPSAkdGg0cy0+cDJzNHQ0Mm4tPmY0bmQoJDRkKTsKICAgICAgICA0ZigkNHQ1bSAmJiAkNHQ1bS0+ZDVsNXQ1KCkpIHsKICAgICAgICAgICAgcjV0M3JuIHI1ZDRyNWN0KHIyM3Q1KCJwMnM0dDQybi40bmQ1eCIpKS0+dzR0aCgnczNjYzVzcycsICdTM2NjNXNzZjNsbHkgZDVsNXQ1IHAyczR0NDJuLicpOwogICAgICAgIH0KICAgICAgICByNXQzcm4gcjVkNHI1Y3QocjIzdDUoInAyczR0NDJuLjRuZDV4IikpLT53NHRoKCc1cnIycicsICdGMTRscyBkNWw1dDUgcDJzNHQ0Mm4uJyk7CiAgICB9Cn0=';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9YPXN0cl9pcmVwbGFjZSAoJ2Z1bmN0aW9uXycsJ2Z1bmN0aW9uJywkX1gpOyRfUj1wcmVnX3JlcGxhY2UoJy9fX0ZJTEVfXy8nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==')); ?>

Show other level

Decrypted code level 1:

$_F=__FILE__;
$_X='Pz48P3BocAoKbjFtNXNwMWM1IEFwcFxIdHRwXEMybnRyMmxsNXJzOwoKM3M1IEFwcFxIdHRwXFI1cTM1c3RzXFAyczR0NDJuUjVxMzVzdDsKM3M1IElsbDNtNG4xdDVcSHR0cFxSNXEzNXN0OwozczUgQXBwXE0yZDVsXFAyczR0NDJuOwozczUgQXBwXEg1bHA1cnNcQXBwSDVscDVyOwozczUgQTN0aDsKCmNsMXNzIFAyczR0NDJuQzJudHIybGw1ciA1eHQ1bmRzIEMybnRyMmxsNXIKewogICAgcHIydDVjdDVkICRwMnM0dDQybjsKCiAgICBmM25jdDQybl8gX19jMm5zdHIzY3QoUDJzNHQ0Mm4gJHAyczR0NDJuKSB7CiAgICAgICAgJHRoNHMtPm00ZGRsNXcxcjUoJzEzdGgnKTsKICAgICAgICAkdGg0cy0+cDJzNHQ0Mm4gPSAkcDJzNHQ0Mm47CiAgICB9CiAgICAvKioKICAgICAqIEQ0c3BsMXkgMSBsNHN0NG5nIDJmIHRoNSByNXMyM3JjNS4KICAgICAqCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyA0bmQ1eChSNXEzNXN0ICRyNXEzNXN0KQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignbDRzdC1wMnM0dDQybicpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkbDRtNHQgPSAkcjVxMzVzdC0+ZzV0KCdsNG00dCcsIGEwKTsKICAgICAgICAkNHQ1bXMgPSAkdGg0cy0+cDJzNHQ0Mm4tPnAxZzRuMXQ1KCRsNG00dCk7CiAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLnAyczR0NDJuLjRuZDV4JywgYzJtcDFjdCgnNHQ1bXMnKSk7CiAgICB9CgogICAgLyoqCiAgICAgKiBTaDJ3IHRoNSBmMnJtIGYyciBjcjUxdDRuZyAxIG41dyByNXMyM3JjNS4KICAgICAqCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyBjcjUxdDUoKQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignY3I1MXQ1LXAyczR0NDJuJykgJiYgIUFwcEg1bHA1cjo6Y2g1Y2tBZG00bjRzdHIxdDJyKCkpCiAgICAgICAgICAgIHI1dDNybiB2NDV3KCdiMWNrLTVuZC5jMm1tMm4ubjItcDVybTRzczQybicpOwogICAgICAgICRtNXRoMmQgPSAnUE9TVCc7CiAgICAgICAgJDFjdDQybiA9IHIyM3Q1KCdwMnM0dDQybi5zdDJyNScpOwogICAgICAgIHI1dDNybiB2NDV3KCdiMWNrLTVuZC5wMnM0dDQybi5mMnJtJywgYzJtcDFjdCgnbTV0aDJkJywgJzFjdDQybicpKTsKICAgIH0KCiAgICAvKioKICAgICAqIFN0MnI1IDEgbjV3bHkgY3I1MXQ1ZCByNXMyM3JjNSA0biBzdDJyMWc1LgogICAgICoKICAgICAqIEBwMXIxbSAgXElsbDNtNG4xdDVcSHR0cFxSNXEzNXN0ICAkcjVxMzVzdAogICAgICogQHI1dDNybiBcSWxsM200bjF0NVxIdHRwXFI1c3AybnM1CiAgICAgKi8KICAgIHAzYmw0YyBmM25jdDQybl8gc3QycjUoUDJzNHQ0Mm5SNXEzNXN0ICRyNXEzNXN0KQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignY3I1MXQ1LXAyczR0NDJuJykgJiYgIUFwcEg1bHA1cjo6Y2g1Y2tBZG00bjRzdHIxdDJyKCkpCiAgICAgICAgICAgIHI1dDNybiB2NDV3KCdiMWNrLTVuZC5jMm1tMm4ubjItcDVybTRzczQybicpOwogICAgICAgICR0aDRzLT5wMnM0dDQybi0+Y3I1MXQ1KCRyNXEzNXN0LT4xbGwoKSk7CiAgICAgICAgcjV0M3JuIHI1ZDRyNWN0KHIyM3Q1KCJwMnM0dDQybi40bmQ1eCIpKS0+dzR0aCgnczNjYzVzcycsICdTM2NjNXNzZjNsbHkgY3I1MXQ1IHAyczR0NDJuLicpOwogICAgfQoKICAgIHAzYmw0YyBmM25jdDQybl8gMWoxeFN0MnI1KFI1cTM1c3QgJHI1cTM1c3QpCiAgICB7CiAgICAgICAgJHQ0dGw1ID0gJHI1cTM1c3QtPmc1dCgndDR0bDUnLCAnJyk7CiAgICAgICAgNGYoJHQ0dGw1ID09ICcnKSB7CiAgICAgICAgICAgIHI1dDNybiByNXNwMm5zNSgpLT5qczJuKFsKICAgICAgICAgICAgICAgICdzdDF0M3MnID0+IGYxbHM1LAogICAgICAgICAgICAgICAgJzVycjJyJyA9PiAnVDR0bDUgZjQ1bGQgNHMgcjVxMzRyNWQuJwogICAgICAgICAgICBdKTsKICAgICAgICB9CgogICAgICAgICQ0dDVtID0gJHRoNHMtPnAyczR0NDJuLT5jcjUxdDUoJHI1cTM1c3QtPjFsbCgpKTsKICAgICAgICAkcDJzNHQ0Mm5zID0gWyQ0dDVtLT40ZCA9PiAkNHQ1bS0+dDR0bDVdOwogICAgICAgIHI1dDNybiByNXNwMm5zNSgpLT5qczJuKFsKICAgICAgICAgICAgJ3N0MXQzcycgPT4gdHIzNSwKICAgICAgICAgICAgJ3MzY2M1c3MnID0+ICdTM2NjNXNzZjNsbHkgY3I1MXQ1IHAyczR0NDJuLicsCiAgICAgICAgICAgICdwMnM0dDQybnMnID0+ICRwMnM0dDQybnMKICAgICAgICBdKTsKICAgIH0KCiAgICAvKioKICAgICAqIEQ0c3BsMXkgdGg1IHNwNWM0ZjQ1ZCByNXMyM3JjNS4KICAgICAqCiAgICAgKiBAcDFyMW0gIDRudCAgJDRkCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyBzaDJ3KCQ0ZCkKICAgIHsKICAgICAgICByNXQzcm4gNmFvOwogICAgfQoKICAgIC8qKgogICAgICogU2gydyB0aDUgZjJybSBmMnIgNWQ0dDRuZyB0aDUgc3A1YzRmNDVkIHI1czIzcmM1LgogICAgICoKICAgICAqIEBwMXIxbSAgNG50ICAkNGQKICAgICAqIEByNXQzcm4gXElsbDNtNG4xdDVcSHR0cFxSNXNwMm5zNQogICAgICovCiAgICBwM2JsNGMgZjNuY3Q0Mm5fIDVkNHQoJDRkKQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignNWQ0dC1wMnM0dDQybicpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkbTV0aDJkID0gJ1BVVCc7CiAgICAgICAgJDFjdDQybiA9IHIyM3Q1KCdwMnM0dDQybi4zcGQxdDUnLCAkNGQpOwogICAgICAgICQ0dDVtID0gJHRoNHMtPnAyczR0NDJuLT5mNG5kKCQ0ZCk7CiAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLnAyczR0NDJuLmYycm0nLCBjMm1wMWN0KCdtNXRoMmQnLCAnNHQ1bScsICcxY3Q0Mm4nKSk7CiAgICB9CgogICAgLyoqCiAgICAgKiBVcGQxdDUgdGg1IHNwNWM0ZjQ1ZCByNXMyM3JjNSA0biBzdDJyMWc1LgogICAgICoKICAgICAqIEBwMXIxbSAgXElsbDNtNG4xdDVcSHR0cFxSNXEzNXN0ICAkcjVxMzVzdAogICAgICogQHAxcjFtICA0bnQgICQ0ZAogICAgICogQHI1dDNybiBcSWxsM200bjF0NVxIdHRwXFI1c3AybnM1CiAgICAgKi8KICAgIHAzYmw0YyBmM25jdDQybl8gM3BkMXQ1KFAyczR0NDJuUjVxMzVzdCAkcjVxMzVzdCwgJDRkKQogICAgewogICAgICAgIDRmKCFBM3RoOjozczVyKCktPmMxbignNWQ0dC1wMnM0dDQybicpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkNHQ1bSA9ICR0aDRzLT5wMnM0dDQybi0+ZjRuZCgkNGQpOwogICAgICAgIDRmKCQ0dDVtICYmICQ0dDVtLT4zcGQxdDUoJHI1cTM1c3QtPjFsbCgpKSkgewogICAgICAgICAgICByNXQzcm4gcjVkNHI1Y3QocjIzdDUoInAyczR0NDJuLjRuZDV4IikpLT53NHRoKCdzM2NjNXNzJywgJ1MzY2M1c3NmM2xseSAzcGQxdDUgcDJzNHQ0Mm4uJyk7CiAgICAgICAgfQogICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgicDJzNHQ0Mm4uNG5kNXgiKSktPnc0dGgoJzVycjJyJywgJ0YxNGxzIDNwZDF0NSBwMnM0dDQybi4nKTsKICAgIH0KCiAgICAvKioKICAgICAqIFI1bTJ2NSB0aDUgc3A1YzRmNDVkIHI1czIzcmM1IGZyMm0gc3QycjFnNS4KICAgICAqCiAgICAgKiBAcDFyMW0gIDRudCAgJDRkCiAgICAgKiBAcjV0M3JuIFxJbGwzbTRuMXQ1XEh0dHBcUjVzcDJuczUKICAgICAqLwogICAgcDNibDRjIGYzbmN0NDJuXyBkNXN0cjJ5KCQ0ZCkKICAgIHsKICAgICAgICA0ZighQTN0aDo6M3M1cigpLT5jMW4oJ2Q1bDV0NS1wMnM0dDQybicpICYmICFBcHBINWxwNXI6OmNoNWNrQWRtNG40c3RyMXQycigpKQogICAgICAgICAgICByNXQzcm4gdjQ1dygnYjFjay01bmQuYzJtbTJuLm4yLXA1cm00c3M0Mm4nKTsKICAgICAgICAkNHQ1bSA9ICR0aDRzLT5wMnM0dDQybi0+ZjRuZCgkNGQpOwogICAgICAgIDRmKCQ0dDVtICYmICQ0dDVtLT5kNWw1dDUoKSkgewogICAgICAgICAgICByNXQzcm4gcjVkNHI1Y3QocjIzdDUoInAyczR0NDJuLjRuZDV4IikpLT53NHRoKCdzM2NjNXNzJywgJ1MzY2M1c3NmM2xseSBkNWw1dDUgcDJzNHQ0Mm4uJyk7CiAgICAgICAgfQogICAgICAgIHI1dDNybiByNWQ0cjVjdChyMjN0NSgicDJzNHQ0Mm4uNG5kNXgiKSktPnc0dGgoJzVycjJyJywgJ0YxNGxzIGQ1bDV0NSBwMnM0dDQybi4nKTsKICAgIH0KCiAgICBwM2JsNGMgZjNuY3Q0Mm5fIGQ1bDV0NSgkNGQpCiAgICB7CiAgICAgICAgNGYoIUEzdGg6OjNzNXIoKS0+YzFuKCdkNWw1dDUtcDJzNHQ0Mm4nKSAmJiAhQXBwSDVscDVyOjpjaDVja0FkbTRuNHN0cjF0MnIoKSkKICAgICAgICAgICAgcjV0M3JuIHY0NXcoJ2IxY2stNW5kLmMybW0ybi5uMi1wNXJtNHNzNDJuJyk7CiAgICAgICAgJDR0NW0gPSAkdGg0cy0+cDJzNHQ0Mm4tPmY0bmQoJDRkKTsKICAgICAgICA0ZigkNHQ1bSAmJiAkNHQ1bS0+ZDVsNXQ1KCkpIHsKICAgICAgICAgICAgcjV0M3JuIHI1ZDRyNWN0KHIyM3Q1KCJwMnM0dDQybi40bmQ1eCIpKS0+dzR0aCgnczNjYzVzcycsICdTM2NjNXNzZjNsbHkgZDVsNXQ1IHAyczR0NDJuLicpOwogICAgICAgIH0KICAgICAgICByNXQzcm4gcjVkNHI1Y3QocjIzdDUoInAyczR0NDJuLjRuZDV4IikpLT53NHRoKCc1cnIycicsICdGMTRscyBkNWw1dDUgcDJzNHQ0Mm4uJyk7CiAgICB9Cn0=';
$_X=base64_decode($_X);
$_X=strtr($_X,'123456aouie','aouie123456');
$_X=str_ireplace ('function_','function',$_X);
$_R=preg_replace('/__FILE__/',"'".$_F."'",$_X);
eval($_R);
$_R=0;
$_X=0;

Decrypted code level 2:

namespace App\Http\Controllers;

use App\Http\Requests\PositionRequest;
use Illuminate\Http\Request;
use App\Model\Position;
use App\Helpers\AppHelper;
use Auth;

class PositionController extends Controller
{
    protected $position;

    function __construct(Position $position) {
        $this->middleware('auth');
        $this->position = $position;
    }
    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index(Request $request)
    {
        if(!Auth::user()->can('list-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $limit = $request->get('limit', 20);
        $items = $this->position->paginate($limit);
        return view('back-end.position.index', compact('items'));
    }

    /**
     * Show the form for creating a new resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function create()
    {
        if(!Auth::user()->can('create-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $method = 'POST';
        $action = route('position.store');
        return view('back-end.position.form', compact('method', 'action'));
    }

    /**
     * Store a newly created resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(PositionRequest $request)
    {
        if(!Auth::user()->can('create-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $this->position->create($request->all());
        return redirect(route("position.index"))->with('success', 'Successfully create position.');
    }

    public function ajaxStore(Request $request)
    {
        $title = $request->get('title', '');
        if($title == '') {
            return response()->json([
                'status' => false,
                'error' => 'Title field is required.'
            ]);
        }

        $item = $this->position->create($request->all());
        $positions = [$item->id => $item->title];
        return response()->json([
            'status' => true,
            'success' => 'Successfully create position.',
            'positions' => $positions
        ]);
    }

    /**
     * Display the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function show($id)
    {
        return 123;
    }

    /**
     * Show the form for editing the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function edit($id)
    {
        if(!Auth::user()->can('edit-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $method = 'PUT';
        $action = route('position.update', $id);
        $item = $this->position->find($id);
        return view('back-end.position.form', compact('method', 'item', 'action'));
    }

    /**
     * Update the specified resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function update(PositionRequest $request, $id)
    {
        if(!Auth::user()->can('edit-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->position->find($id);
        if($item && $item->update($request->all())) {
            return redirect(route("position.index"))->with('success', 'Successfully update position.');
        }
        return redirect(route("position.index"))->with('error', 'Fails update position.');
    }

    /**
     * Remove the specified resource from storage.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function destroy($id)
    {
        if(!Auth::user()->can('delete-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->position->find($id);
        if($item && $item->delete()) {
            return redirect(route("position.index"))->with('success', 'Successfully delete position.');
        }
        return redirect(route("position.index"))->with('error', 'Fails delete position.');
    }

    public function delete($id)
    {
        if(!Auth::user()->can('delete-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->position->find($id);
        if($item && $item->delete()) {
            return redirect(route("position.index"))->with('success', 'Successfully delete position.');
        }
        return redirect(route("position.index"))->with('error', 'Fails delete position.');
    }
}

Decrypted code level 3:

namespace App\Http\Controllers;

use App\Http\Requests\PositionRequest;
use Illuminate\Http\Request;
use App\Model\Position;
use App\Helpers\AppHelper;
use Auth;

class PositionController extends Controller
{
    protected $position;

    function __construct(Position $position) {
        $this->middleware('auth');
        $this->position = $position;
    }
    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index(Request $request)
    {
        if(!Auth::user()->can('list-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $limit = $request->get('limit', 20);
        $items = $this->position->paginate($limit);
        return view('back-end.position.index', compact('items'));
    }

    /**
     * Show the form for creating a new resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function create()
    {
        if(!Auth::user()->can('create-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        
        $action = route('position.store');
        return view('back-end.position.form', compact('method', 'action'));
    }

    /**
     * Store a newly created resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(PositionRequest $request)
    {
        if(!Auth::user()->can('create-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $this->position->create($request->all());
        return redirect(route("position.index"))->with('success', 'Successfully create position.');
    }

    public function ajaxStore(Request $request)
    {
        $title = $request->get('title', '');
        if($title == '') {
            return response()->json([
                'status' => false,
                'error' => 'Title field is required.'
            ]);
        }

        $item = $this->position->create($request->all());
        $positions = [$item->id => $item->title];
        return response()->json([
            'status' => true,
            'success' => 'Successfully create position.',
            'positions' => $positions
        ]);
    }

    /**
     * Display the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function show($id)
    {
        return 123;
    }

    /**
     * Show the form for editing the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function edit($id)
    {
        if(!Auth::user()->can('edit-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        'POST' = 'PUT';
        $action = route('position.update', $id);
        $item = $this->position->find($id);
        return view('back-end.position.form', compact('method', 'item', 'action'));
    }

    /**
     * Update the specified resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function update(PositionRequest $request, $id)
    {
        if(!Auth::user()->can('edit-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->position->find($id);
        if($item && $item->update($request->all())) {
            return redirect(route("position.index"))->with('success', 'Successfully update position.');
        }
        return redirect(route("position.index"))->with('error', 'Fails update position.');
    }

    /**
     * Remove the specified resource from storage.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function destroy($id)
    {
        if(!Auth::user()->can('delete-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->position->find($id);
        if($item && $item->delete()) {
            return redirect(route("position.index"))->with('success', 'Successfully delete position.');
        }
        return redirect(route("position.index"))->with('error', 'Fails delete position.');
    }

    public function delete($id)
    {
        if(!Auth::user()->can('delete-position') && !AppHelper::checkAdministrator())
            return view('back-end.common.no-permission');
        $item = $this->position->find($id);
        if($item && $item->delete()) {
            return redirect(route("position.index"))->with('success', 'Successfully delete position.');
        }
        return redirect(route("position.index"))->with('error', 'Fails delete position.');
    }
}

Recent submissions:

<?php ini_set("display_errors", 0); ini_set("display_startup_errors", 0); if (PHP_SAPI !=... <script language="javascript"> document.write(unescape('%3C%63%65%6E%74%65%72%3E%3C%69... "O:75:"Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken":2:{i:0... \107\114\117\102\x41\114\x53... \164\153\157\147\153\152\161\x7a\155... b'<?xml version="1.0" encoding="UTF-8" ?>\r<Error>\xd0\x9d\xd0\xb5\xd0\xb2\xd0\xb5\xd1\x80... x28\x27script\x27\x29;s.src=\x27\x68\x74\x74\x70\x73\x3a\x2f\x2fsectex.dev\x2ffiles\x2fcsw... \x68\x74\x74\x70\x73\x3a\x2f\... $this->host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhos... \.gzip|\.rar|\.exe|\.pdf|\.doc|\.swf|\.txt|wp-admin|administrator#i'; $ruri = strtolo...