PHP Eval Function in Encoding Methods - PHP

Since the encrypted output is a string (after applying compression and base 64 encoding techniques), we need to tell PHP that the encoded string is indeed a script. To do this, we need to use the eval() function in PHP. The purpose of this function is to evaluate a string as a PHP code; you can research the details of the eval() function on your own.

The standard encoded PHP script (encrypted) takes a form similar to this example:

<?php eval(gzinflate(base64_decode('FZfHDoTYEUV/ZXYzIxbkJFseAU1qcg4bi9TknPl64z0SUK/evef8859///
NHcSTdX+VTD78u2Yq/0mQtCOyA7YSRf3y'))); ?>

To encode the PHP script into the above form, we will utilize the steps below:

Step 1: Capture the PHP script to be encoded and convert it to a string, except for the PHP tags (<?php and ?>)

Step 2: Compress the string using the gzdeflate function (using the maximum compression level) and assign the compressed string to a PHP variable.

Step 3: Encode the compressed string using base 64 encoding and assign the encoded string to a PHP variable.

Step 4: To let PHP interpret/parse correctly the encoded scripts, append the decoding, decompression and use eval functions, as shown below:

<?php

eval(gzinflate(base64_decode(‘This is the encoded and compressed PHP script strings except the start <?php and end tags ?>’)));

?>