Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php /** * @author Bart Visscher <[email protected]> * @author Christopher Schpers <kond..

Decoded Output download

<?php
/**
 * @author Bart Visscher <[email protected]>
 * @author Christopher Schpers <[email protected]>
 * @author Georg Ehrke <[email protected]>
 * @author Jakob Sack <[email protected]>
 * @author Lukas Reschke <[email protected]>
 * @author Robin Appelman <[email protected]>
 * @author Thomas Mller <[email protected]>
 *
 * @copyright Copyright (c) 2018, ownCloud GmbH
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();

$username = (string)$_POST['username'];
$group = (string)$_POST['group'];

if ($username === OC_User::getUser() && $group === "admin" &&  OC_User::isAdminUser($username)) {
	$l = \OC::$server->getL10N('core');
	OC_JSON::error(['data' => ['message' => $l->t('Admins can\'t remove themself from the admin group')]]);
	exit();
}

$isUserAccessible = false;
$isGroupAccessible = false;
$currentUserObject = \OC::$server->getUserSession()->getUser();
$targetUserObject = \OC::$server->getUserManager()->get($username);
$targetGroupObject = \OC::$server->getGroupManager()->get($group);
if ($targetUserObject !== null && $currentUserObject !== null && $targetGroupObject !== null) {
	$isUserAccessible = \OC::$server->getGroupManager()->getSubAdmin()->isUserAccessible($currentUserObject, $targetUserObject);
	$isGroupAccessible = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdminofGroup($currentUserObject, $targetGroupObject);
}

if (!OC_User::isAdminUser(OC_User::getUser())
	&& (!$isUserAccessible
		|| !$isGroupAccessible)) {
	$l = \OC::$server->getL10N('core');
	OC_JSON::error(['data' => ['message' => $l->t('Authentication error')]]);
	exit();
}

if ($targetUserObject === null) {
	$l = \OC::$server->getL10N('core');
	OC_JSON::error(['data' => ['message' => $l->t('Unknown user')]]);
	exit();
}

if (!\OC::$server->getGroupManager()->groupExists($group)) {
	$targetGroupObject = \OC::$server->getGroupManager()->createGroup($group);
}

$l = \OC::$server->getL10N('settings');

$action = "add";

// Toggle group
if (\OC::$server->getGroupManager()->inGroup($username, $group)) {
	$action = "remove";
	$targetGroupObject->removeUser($targetUserObject);
	$usersInGroup = $targetGroupObject->getUsers();
	$usersInGroup = rray_values(rray_map(function (\OCP\IUser $g) {
		return $g->getUID();
	}, $usersInGroup));
} else {
	$targetGroupObject->addUser($targetUserObject);
}

if ($action === "add" && \OC::$server->getGroupManager()->isInGroup($username, $group)) {
	OC_JSON::success([
		"data" => [
			"username" => $username,
			"action" => $action,
			"group" => [
				"gid" => $targetGroupObject->getGID(),
				"name" => $targetGroupObject->getDisplayName(),
			],
		]
	]);
} elseif ($action === "remove" && !\OC::$server->getGroupManager()->isInGroup($username, $group)) {
	OC_JSON::success([
		"data" => [
			"username" => $username,
			"action" => $action,
			"group" => [
				"gid" => $targetGroupObject->getGID(),
				"name" => $targetGroupObject->getDisplayName(),
			],
		]
	]);
} else {
	OC_JSON::error();
}
 ?>

Did this file decode correctly?

Original Code

<?php
/**
 * @author Bart Visscher <[email protected]>
 * @author Christopher Schpers <[email protected]>
 * @author Georg Ehrke <[email protected]>
 * @author Jakob Sack <[email protected]>
 * @author Lukas Reschke <[email protected]>
 * @author Robin Appelman <[email protected]>
 * @author Thomas Mller <[email protected]>
 *
 * @copyright Copyright (c) 2018, ownCloud GmbH
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();

$username = (string)$_POST['username'];
$group = (string)$_POST['group'];

if ($username === OC_User::getUser() && $group === "admin" &&  OC_User::isAdminUser($username)) {
	$l = \OC::$server->getL10N('core');
	OC_JSON::error(['data' => ['message' => $l->t('Admins can\'t remove themself from the admin group')]]);
	exit();
}

$isUserAccessible = false;
$isGroupAccessible = false;
$currentUserObject = \OC::$server->getUserSession()->getUser();
$targetUserObject = \OC::$server->getUserManager()->get($username);
$targetGroupObject = \OC::$server->getGroupManager()->get($group);
if ($targetUserObject !== null && $currentUserObject !== null && $targetGroupObject !== null) {
	$isUserAccessible = \OC::$server->getGroupManager()->getSubAdmin()->isUserAccessible($currentUserObject, $targetUserObject);
	$isGroupAccessible = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdminofGroup($currentUserObject, $targetGroupObject);
}

if (!OC_User::isAdminUser(OC_User::getUser())
	&& (!$isUserAccessible
		|| !$isGroupAccessible)) {
	$l = \OC::$server->getL10N('core');
	OC_JSON::error(['data' => ['message' => $l->t('Authentication error')]]);
	exit();
}

if ($targetUserObject === null) {
	$l = \OC::$server->getL10N('core');
	OC_JSON::error(['data' => ['message' => $l->t('Unknown user')]]);
	exit();
}

if (!\OC::$server->getGroupManager()->groupExists($group)) {
	$targetGroupObject = \OC::$server->getGroupManager()->createGroup($group);
}

$l = \OC::$server->getL10N('settings');

$action = "add";

// Toggle group
if (\OC::$server->getGroupManager()->inGroup($username, $group)) {
	$action = "remove";
	$targetGroupObject->removeUser($targetUserObject);
	$usersInGroup = $targetGroupObject->getUsers();
	$usersInGroup = \array_values(\array_map(function (\OCP\IUser $g) {
		return $g->getUID();
	}, $usersInGroup));
} else {
	$targetGroupObject->addUser($targetUserObject);
}

if ($action === "add" && \OC::$server->getGroupManager()->isInGroup($username, $group)) {
	OC_JSON::success([
		"data" => [
			"username" => $username,
			"action" => $action,
			"group" => [
				"gid" => $targetGroupObject->getGID(),
				"name" => $targetGroupObject->getDisplayName(),
			],
		]
	]);
} elseif ($action === "remove" && !\OC::$server->getGroupManager()->isInGroup($username, $group)) {
	OC_JSON::success([
		"data" => [
			"username" => $username,
			"action" => $action,
			"group" => [
				"gid" => $targetGroupObject->getGID(),
				"name" => $targetGroupObject->getDisplayName(),
			],
		]
	]);
} else {
	OC_JSON::error();
}

Function Calls

None

Variables

None

Stats

MD5 13f00d713a3a9bf4d846582d2bc58505
Eval Count 0
Decode Time 97 ms