Title: eval(base64_decode Code Problem!
Last modified: August 19, 2016

---

# eval(base64_decode Code Problem!

 *  [SUISSAC](https://wordpress.org/support/users/suissac/)
 * (@suissac)
 * [15 years, 8 months ago](https://wordpress.org/support/topic/evalbase64_decode-code-problem/)
 * Hello,
 * I download a wordpress template/theme from the internet and i opened some files
   and i see this kind of code:
    In header.php: <?php eval(base64_decode(‘ZnVuY3Rpb24gdGhlbWVfZm9vdGVyX3QoKSB7IGlmICghKGZ1bmN0aW9uX2V4aXN0cygiY2hlY2tfdGhlbWVfZm9vdGVyIikgJiYgZnVuY3Rpb25fZXhpc3RzKCJjaGVja190aGVtZV9oZWFkZXIiKSkpIHsgdGhlbWVfdXNhZ2VfbWVzc2FnZSgpOyBkaWU7IH0gfSB0aGVtZV9mb290ZXJfdCgpOw
   ==’)); ?>
 * or
 * eval(base64_decode(‘ZnVuY3Rpb24gZnVuY3Rpb25zX2ZpbGVfZXhpc3RzKCkgeyBpZiAoIWZpbGVfZXhpc3RzKGRpcm5hbWUoX19maWxlX18pIC4gIi9mdW5jdGlvbnMucGhwIikgfHwgIWZ1bmN0aW9uX2V4aXN0cygidGhlbWVfdXNhZ2VfbWVzc2FnZSIpICkgeyBlY2hvICgiPHAgc3R5bGU9XCJwYWRkaW5nOjEwcHg7IG1hcmdpbjogMTBweDsgdGV4dC1hbGlnbjpjZW50ZXI7IGJvcmRlcjogMnB4IGRhc2hlZCBSZWQ7IGZvbnQtZmFtaWx5OmFyaWFsOyBmb250LXdlaWdodDpib2xkOyBiYWNrZ3JvdW5kOiAjZmZmOyBjb2xvcjogIzAwMDtcIj5UaGlzIHRoZW1lIGlzIHJlbGVhc2VkIGZyZWUgZm9yIHVzZSB1bmRlciBjcmVhdGl2ZSBjb21tb25zIGxpY2VuY2UuIEFsbCBsaW5rcyBpbiB0aGUgZm9vdGVyIHNob3VsZCByZW1haW4gaW50YWN0LiBUaGVzZSBsaW5rcyBhcmUgYWxsIGZhbWlseSBmcmllbmRseSBhbmQgd2lsbCBub3QgaHVydCB5b3VyIHNpdGUgaW4gYW55IHdheS4gVGhpcyBncmVhdCB0aGVtZSBpcyBicm91Z2h0IHRvIHlvdSBmb3IgZnJlZSBieSB0aGVzZSBzdXBwb3J0ZXJzLjwvcD4iKTsgZGllOyB9IH0gZnVuY3Rpb25zX2ZpbGVfZXhpc3RzKCk7’));
 * I see this kind of code in functions.php too!
 * Is this some kind of hacks or something like that? Seemed a little suspicious
   to me!
    Can someone tell me what is this and help me?
 * Thank you!
    All The Best!

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [aut0poietic](https://wordpress.org/support/users/aut0poietic/)
 * (@aut0poietic)
 * [15 years, 8 months ago](https://wordpress.org/support/topic/evalbase64_decode-code-problem/#post-1676576)
 * You just need to run the code through an online decoder to see what it is doing.
   For instance, the first line in your header:
 * `function theme_footer_t() { if (!(function_exists("check_theme_footer") && function_exists("
   check_theme_header"))) { theme_usage_message(); die; } } theme_footer_t();`
 * and the footer:
 * `function functions_file_exists() { if (!file_exists(dirname(__file__) . "/functions.
   php") || !function_exists("theme_usage_message") ) { echo ("<p style=\"padding:
   10px; margin: 10px; text-align:center; border: 2px dashed Red; font-family:arial;
   font-weight:bold; background: #fff; color: #000;\">This theme is released free
   for use under creative commons licence. All links in the footer should remain
   intact. These links are all family friendly and will not hurt your site in any
   way. This great theme is brought to you for free by these supporters.</p>"); 
   die; } } functions_file_exists();`
 * So in this case, it’s just code included to require that you use their footer.
   Personally, this kinda thing ticks me off like no other, and I refuse to use 
   a theme that does it. </rant>
 * If you need to decode more base64 yourself, the decoder I used is here: [http://www.opinionatedgeek.com/dotnet/tools/base64decode/](http://www.opinionatedgeek.com/dotnet/tools/base64decode/)
 *  [adihamo](https://wordpress.org/support/users/adihamo/)
 * (@adihamo)
 * [15 years, 6 months ago](https://wordpress.org/support/topic/evalbase64_decode-code-problem/#post-1677058)
 * <?php // This file is protected by copyright law and provided under license. 
   Reverse engineering of this file is strictly prohibited.
    $OOO0O0O00=__FILE__;
   $O00O00O00=__LINE__;$OO00O0000=2176;eval((base64_decode(‘JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDM3MiksJ0VudGVyeW91d2toUkhZS05XT1VUQWFCYkNjRGRGZkdnSWlKakxsTW1QcFFxU3NWdlh4WnowMTIzNDU2Nzg5Ky89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs
   =’)));return;?> kr9NHenNHenNHe1lFMamb3klFoxiC2APk19gOLlHOa9gkZXJkZwVkr9NTznNHr8XHt4JkZwShokiF2A2Yy9LcBYvcoAPF3OZfuwPcmklCBWPkr8XHenNHr8XHtXLT08XHr8XHeEXhUXmOB50cbk5d3a3D2iUUylRTlfNaaOnCAkJW2YrcrcMO2fkDApQToxYdanXAbyTF1c2BuiDGjExHjH0YTC3KeLqRz0mRtfnWLYrOAcuUrlhU0xYTL9WAakTayaBa1icBMyJC2OlcMfPDBpqdo1Vd3nxFmY0fbc3Gul6HerZHzW1YjF4KUSvkZLphUL7cMYSd3YlhtONHeEXTznNHeEpK2a2CBXPkr9NHenNHenNHtL7wtOvFuOpd24INUnmcbOgd3n0DB9VhtficMcpdMl0GU1vFuOpd25zkZL7weslC2ivwtFktWLYtILktTXvcol2NI0htWLkeWPktWL8wU0swraVctnbFMyXFoaZwt0sNI0htWLkeWPktWL8wU0sWMamDB4IWM90fo9swyYlC3Opd24sRT4YtILktW0htWLkNoOpfJnpce0JCM90fo9sRBkmwj4YtILktWL8col2woYSCbYzNUk3FMyXFoaZwj4YtILktWLYtILktWLkkzSIDBCPko9XfolvdlSmCBcMDB5pfulgcM9vfoaZb2kSd2fZd2xSk10INT0Ik3OZfBAmhUn7weslC2ivwtFktWLkeWPktWLktTxLDbCIDBW9wMkvfuOvdU1scB51wj4YtILktWLktTxLDbCIDBW9wMkvfuOvdU1scB51HJw
   +eWPktWLktWLkNoOpfJnpce0JCM90fo9sRB1ldmAzwj4YtILktWLktWLkNoOpfJnpce0JCM90fo9sRB1ldmAsd3clFMxiGUw
   +eWPktWLktWLktWL8col2woYSCbYzNUksd2O1doa0CBkScUw+eWPktWLktWLktWLkNuaSwoYSCbYzNUkscB51RB5ifJw
   +eWPktWLktWLktWLktW0htWLktWLktWLktWLmKZn3Fy9SDbY0b2kvd2ssCbkqFZImfol0doagdoL9kM9ZcoaZCmL9kZ4Ld3n0DB9VBZficMcpdMl0Ga9Md290cbkgCMxvc3kvdoxgd3kLcbwmbU4mkMxpdBl0NUFVko9XfolvdlSmCBcMDB5pfulgcM9vfoaZb2kSd2fZd2xSb2xpdBl0k10VkZc0DbOSca9JcBcvFMA9NoI0NJc0DbOSca9icmOlFj08R2I0NJcjCbOlc29ZDbplNTEMC2y0cBfvFmL9kZ4Ld3n0DB9VBZficMcpdMl0Ga9Md290cbkgCMxvc3kvdoxgC2y0cBfvFmLmbUL7weslC2ivwtFktWLktWLktWLktW0htWLktWLktWLktTXvfBX
   +eWPktWLktWLktWL8R2Opfj4YtILktWLktWLkNt9LDbC+eWPktWLktWLkNt9LDbC+eWPktWLktWL8R2Opfj4YtILktWLkNt9LDbC
   +eWPktWLktW0htWLktWLmKZn9weslC2ivwtFktWLktW0htWLktTXvcol2NI0htWLkNt9LDbC+eWPktWL8col2wolLNUkJd3O0d20JNI0htWLktTxLDbCIC2xiF3H9wmfZCbnXcbwJNI0htWLktWL8col2woYSCbYzNUkjd3n5FMlmDuWsCMxvC2SJNI0htWLktWLkeWPktWLktWLmKZnpcJILd3n0DB9VBZficMcpdMl0Ga9jd3n5FMlmDuWmbUE9NUEmfuk1cUFpwuSIK2ajDo8IkXLktWLkeWPktWLktWL8col2wolLNUkjd3n5FMlmDuWJNI0htWLktWLkeWPktWLktWLkAo93cbklctnJGUE8CUnPFMaMNUkPfuOXKJ8vf3f3RMcZcBAsFukldBl1dU13d3kLFuklF3HsfoildBazRMYvdUw
   +OmklcUnWFMasDbaswyfvFMOXFMazFZnADoascbH8R2r+eWPktWLktWLYtILktWLktTXvcol2NI0htWLktWLkeWPktWLktWLmKZn9weslC2ivwtFktWLktWLYtILktWLktUF7wolMhtOvFuOpd25dk2yMcMlVDbO5b3kvC2slfoxvc28mbUE9NUEmfuk1cUFpwuSIK2ajDo8IkXLktWLktW0htWLktWLkNorIDuklcj0JDuO0FePvR3f3fZ5MFMalRbnZcB1pfB0sf29ZcunZcbYzRbOPcB1lFZ5jd20JwuOpfoxlNUkMFMalwunZcB1pfB0If29ZcunZcbYzwuOPcB1lFZwIDBW9wmkvC2slftw
   +Nt9iNI0htWLktWLkeWPktWLktWLmKZn9weslC2ivwtFktWLktWLYtILktWLkNt9LDbC+eWPktWLkNt9LDbC
   +eWPktWL8R2Opfj4YtILktW0htWLkNtrsRAaVctntd3O0d20IA2ajfolvdJ0sNI0htWLkeWPktTXvcol2NI0htTXvcol2NI0htW0htUF7wufXb2cvd3OlFJIpKZE7cBYPdZEmtW0hNt9Jd2O5NI0hNt9Pfo1SNJF7
 * I see this kind of code in footer.php !
 * Can someone tell me what is this and help me?
 * Thank you!
    All The Best!
 *  [Samuel B](https://wordpress.org/support/users/samboll/)
 * (@samboll)
 * [15 years, 6 months ago](https://wordpress.org/support/topic/evalbase64_decode-code-problem/#post-1677059)
 * adihamo
 *     ```
       $option = get_option('affinity-options'); ;echo '
       			</div>
   
       			<!-- End Wrapper -->
   
       			<!--Begin Bottom Section-->
   
       			<div id="bottom-bg">
       				<div class="wrapper">
   
       					'; if($option['affinity_footer_blogroll'] == 'true') { ;echo '
       					<div id="bottom-menu">
       						<div id="bottom-menu2">
       							<div id="bottom-menu3">
       								<div id="bottom-menu-overlay">
       									<div class="moduletable">
       										<ul class="menu-nav">
   
       											'; wp_list_bookmarks('title_li=&orderby='.$option['affinity_footer_blogroll_order'].'&limit='.$option['affinity_footer_blogroll_limit'].'&title_before=<h4>&title_after=</h4>&categorize=0&category='.$option['affinity_footer_blogroll_category']); ;echo '
       										</ul>
       									</div>
       								</div>
       							</div>
       						</div>
       					</div>
   
       					'; } ;echo '
       				</div>
       			</div>
       			<div id="bottom">
       				<div class="wrapper">
       					<div class="copyright-block">
   
       						'; if($option['affinity_copyright'] == 'true') { ;echo '
       						<div id="copyright">
   
       							Powered by <a href="http://www.free-premium-wordpress-themes.com">Free Premium WordPress Themes</a>
   
       						</div>
   
       						'; } ;echo '
       						'; if($option['affinity_rocketlogo'] == 'true') { ;echo '
       						<a href="http://www.free-premium-wordpress-themes.com" title="free premium wordpress themes" id="rocket"></a>
   
       						'; } ;echo '
       					</div>
       				</div>
       			</div>
   
       			<!--End Bottom Section-->
   
       		</div>
       	</div>
   
       	'; wp_footer(); ;echo '
       </body>
       </html>';
       ```
   
 * closing this as it’s not the correct place

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘eval(base64_decode Code Problem!’ is closed to new replies.

## Tags

 * [eval](https://wordpress.org/support/topic-tag/eval/)

 * 3 replies
 * 4 participants
 * Last reply from: [Samuel B](https://wordpress.org/support/users/samboll/)
 * Last activity: [15 years, 6 months ago](https://wordpress.org/support/topic/evalbase64_decode-code-problem/#post-1677059)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics