Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php include_once "\x61\x75\164\x6f\x6c\x6f\x61\x64\x2e\x70\150\160"; use MiniOrang..

Decoded Output download

<?php 
 
 
include_once "autoload.php"; 
use MiniOrange\Helper\Lib\XMLSecLibs\XMLSecurityKey; 
use MiniOrange\Helper\Lib\XMLSecLibs\XMLSecurityDSig; 
use MiniOrange\Helper\PluginSettings; 
$hX = PluginSettings::getPluginSettings(); 
$Zi = $hX->getSiteLogoutUrl(); 
if (!isset($_REQUEST["SAMLResponse"])) { 
    goto vG; 
} 
$v3 = $_REQUEST["SAMLResponse"]; 
$v3 = base64_decode($v3); 
if (!(array_key_exists("SAMLResponse", $_GET) && !empty($_GET["SAMLResponse"]))) { 
    goto O3; 
} 
$v3 = gzinflate($v3); 
O3: 
$TV = new DOMDocument(); 
$TV->loadXML($v3); 
$Oz = $TV->firstChild; 
$dK = $TV->documentElement; 
$Gq = new DOMXpath($TV); 
$Gq->registerNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"); 
$Gq->registerNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion"); 
if (!($Oz->localName == "LogoutResponse")) { 
    goto nK; 
} 
header("Location: " . $Zi . "?slo=success"); 
exit; 
nK: 
vG: 
if (!(!session_id() || session_id() == '' || !isset($_SESSION))) { 
    goto fz; 
} 
session_start(); 
fz: 
if (empty($hX->getSamlLogoutUrl())) { 
    goto MN; 
} 
if (!isset($_SESSION["mo_NameID"])) { 
    goto fw; 
} 
$wN = $_SESSION["mo_NameID"]; 
session_destroy(); 
$ov = $hX->getSpEntityId(); 
$Yn = $hX->getSamlLogoutUrl(); 
$eW = $Yn; 
$TE = $hX->getSessionIndex(); 
$Ut = $Zi; 
$Ls = createLogoutRequest($wN, $ov, $eW, $TE, "HttpRedirect"); 
$Ls = "SAMLRequest=" . $Ls . "&RelayState=" . urlencode($Ut) . "&SigAlg=" . urlencode(XMLSecurityKey::RSA_SHA256); 
$Tn = array("type" => "private"); 
$pf = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, $Tn); 
$cU = "resources" . DIRECTORY_SEPARATOR . "sp-key.key"; 
$pf->loadKey($cU, TRUE); 
$Af = new XMLSecurityDSig(); 
$d3 = $pf->signData($Ls); 
$d3 = base64_encode($d3); 
$BQ = "?"; 
if (!(strpos($Yn, "?") !== false)) { 
    goto ha; 
} 
$BQ = "&"; 
ha: 
$vW = $Yn . $BQ . $Ls . "&Signature=" . urlencode($d3); 
header("Location: " . $vW); 
exit; 
fw: 
MN: 
if (empty($Zi)) { 
    goto J5; 
} 
session_destroy(); 
header("Location: " . $Zi); 
exit; 
J5: 
function createLogoutRequest($wN, $ov, $eW, $TE = '', $zD = "HttpRedirect") 
{ 
    $hM = "<?xml version="1.0" encoding="UTF-8"?>" . "<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="" . generateID() . "" IssueInstant="" . generateTimestamp() . "" Version="2.0" Destination="" . $eW . "">\xa\x9		\x9	\x9<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">" . $ov . "</saml:Issuer>
\x9	\x9	\x9	<saml:NameID SPNameQualifier="" . $ov . "" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">" . $wN[0] . "</saml:NameID>"; 
    if (empty($TE)) { 
        goto FE; 
    } 
    $hM .= "<samlp:SessionIndex>" . $TE . "</samlp:SessionIndex>"; 
    FE: 
    $hM .= "</samlp:LogoutRequest>"; 
    if (!(empty($zD) || $zD == "HttpRedirect")) { 
        goto Bl; 
    } 
    $KT = gzdeflate($hM); 
    $rY = base64_encode($KT); 
    $l5 = urlencode($rY); 
    $hM = $l5; 
    Bl: 
    return $hM; 
} 
function generateTimestamp($jU = NULL) 
{ 
    if (!($jU === NULL)) { 
        goto cQ; 
    } 
    $jU = time(); 
    cQ: 
    return gmdate("Y-m-d\TH:i:s\Z", $jU); 
} 
function generateID() 
{ 
    return "_" . stringToHex(generateRandomBytes(21)); 
} 
function stringToHex($ad) 
{ 
    $wf = ''; 
    $pD = 0; 
    Nb: 
    if (!($pD < strlen($ad))) { 
        goto En; 
    } 
    $wf .= sprintf("%02x", ord($ad[$pD])); 
    Z6: 
    $pD++; 
    goto Nb; 
    En: 
    return $wf; 
} 
function generateRandomBytes($BE, $gn = TRUE) 
{ 
    return openssl_random_pseudo_bytes($BE); 
} 
 ?>

Did this file decode correctly?

Original Code

<?php


include_once "\x61\x75\164\x6f\x6c\x6f\x61\x64\x2e\x70\150\160";
use MiniOrange\Helper\Lib\XMLSecLibs\XMLSecurityKey;
use MiniOrange\Helper\Lib\XMLSecLibs\XMLSecurityDSig;
use MiniOrange\Helper\PluginSettings;
$hX = PluginSettings::getPluginSettings();
$Zi = $hX->getSiteLogoutUrl();
if (!isset($_REQUEST["\123\101\115\114\x52\145\163\x70\157\156\163\x65"])) {
    goto vG;
}
$v3 = $_REQUEST["\x53\101\115\x4c\x52\x65\x73\x70\157\x6e\x73\x65"];
$v3 = base64_decode($v3);
if (!(array_key_exists("\123\101\115\x4c\x52\145\x73\x70\x6f\156\163\x65", $_GET) && !empty($_GET["\x53\101\115\114\122\x65\163\160\x6f\156\x73\145"]))) {
    goto O3;
}
$v3 = gzinflate($v3);
O3:
$TV = new DOMDocument();
$TV->loadXML($v3);
$Oz = $TV->firstChild;
$dK = $TV->documentElement;
$Gq = new DOMXpath($TV);
$Gq->registerNamespace("\x73\x61\x6d\154\x70", "\x75\162\156\x3a\157\141\163\151\x73\72\156\141\x6d\x65\x73\x3a\164\143\x3a\x53\101\115\x4c\72\x32\x2e\x30\x3a\160\162\x6f\164\157\143\157\x6c");
$Gq->registerNamespace("\163\x61\155\154", "\x75\162\x6e\x3a\x6f\x61\163\x69\x73\x3a\x6e\x61\x6d\x65\x73\72\x74\x63\x3a\123\101\115\114\72\62\x2e\x30\x3a\141\163\163\x65\x72\x74\x69\157\x6e");
if (!($Oz->localName == "\114\157\x67\157\x75\164\122\x65\163\160\x6f\156\163\x65")) {
    goto nK;
}
header("\114\157\143\141\x74\x69\x6f\x6e\x3a\40" . $Zi . "\77\163\x6c\x6f\x3d\x73\x75\x63\143\145\x73\163");
exit;
nK:
vG:
if (!(!session_id() || session_id() == '' || !isset($_SESSION))) {
    goto fz;
}
session_start();
fz:
if (empty($hX->getSamlLogoutUrl())) {
    goto MN;
}
if (!isset($_SESSION["\x6d\157\137\x4e\x61\155\x65\x49\104"])) {
    goto fw;
}
$wN = $_SESSION["\x6d\x6f\137\x4e\x61\x6d\145\x49\104"];
session_destroy();
$ov = $hX->getSpEntityId();
$Yn = $hX->getSamlLogoutUrl();
$eW = $Yn;
$TE = $hX->getSessionIndex();
$Ut = $Zi;
$Ls = createLogoutRequest($wN, $ov, $eW, $TE, "\110\164\164\160\x52\145\144\x69\162\x65\x63\x74");
$Ls = "\123\101\115\114\122\145\161\165\x65\x73\164\75" . $Ls . "\46\x52\145\x6c\x61\171\123\x74\141\x74\x65\75" . urlencode($Ut) . "\x26\x53\151\x67\x41\x6c\x67\75" . urlencode(XMLSecurityKey::RSA_SHA256);
$Tn = array("\x74\171\x70\x65" => "\x70\x72\x69\x76\141\164\x65");
$pf = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, $Tn);
$cU = "\x72\x65\x73\157\165\x72\143\x65\x73" . DIRECTORY_SEPARATOR . "\163\160\x2d\x6b\x65\x79\56\153\x65\x79";
$pf->loadKey($cU, TRUE);
$Af = new XMLSecurityDSig();
$d3 = $pf->signData($Ls);
$d3 = base64_encode($d3);
$BQ = "\x3f";
if (!(strpos($Yn, "\77") !== false)) {
    goto ha;
}
$BQ = "\x26";
ha:
$vW = $Yn . $BQ . $Ls . "\46\123\x69\x67\156\x61\x74\x75\162\145\75" . urlencode($d3);
header("\x4c\x6f\143\x61\x74\x69\x6f\x6e\x3a\x20" . $vW);
exit;
fw:
MN:
if (empty($Zi)) {
    goto J5;
}
session_destroy();
header("\114\157\x63\141\x74\x69\x6f\156\72\40" . $Zi);
exit;
J5:
function createLogoutRequest($wN, $ov, $eW, $TE = '', $zD = "\110\x74\x74\x70\122\x65\x64\151\x72\145\143\164")
{
    $hM = "\74\x3f\170\155\154\x20\166\x65\162\163\151\157\x6e\x3d\42\61\56\x30\x22\x20\x65\x6e\143\x6f\x64\151\156\147\75\x22\x55\124\x46\55\70\42\77\x3e" . "\74\x73\141\x6d\x6c\160\x3a\114\157\147\157\x75\164\x52\145\161\x75\145\x73\x74\40\170\155\x6c\x6e\x73\x3a\163\x61\155\154\x70\x3d\x22\x75\x72\x6e\72\157\x61\x73\151\x73\x3a\156\141\x6d\x65\163\x3a\x74\x63\x3a\x53\101\115\x4c\x3a\62\56\x30\72\x70\x72\x6f\x74\157\x63\157\x6c\x22\x20\x78\155\154\x6e\163\72\x73\x61\x6d\x6c\75\x22\165\x72\156\x3a\157\x61\163\151\x73\x3a\x6e\x61\x6d\145\163\x3a\x74\143\72\123\101\x4d\x4c\72\x32\56\60\72\x61\163\x73\145\162\x74\151\157\x6e\42\40\111\x44\x3d\42" . generateID() . "\x22\40\111\163\163\x75\x65\111\x6e\x73\164\141\156\x74\x3d\42" . generateTimestamp() . "\42\x20\126\145\x72\x73\151\x6f\156\75\x22\62\56\60\x22\40\104\145\163\x74\151\156\141\x74\151\157\156\x3d\42" . $eW . "\x22\x3e\xa\x9\11\11\x9\11\x9\74\x73\x61\x6d\154\72\x49\163\x73\x75\145\162\40\170\x6d\154\x6e\x73\x3a\x73\x61\155\x6c\75\42\165\162\x6e\72\x6f\141\x73\151\x73\x3a\156\141\155\145\x73\x3a\164\143\x3a\123\x41\115\x4c\x3a\62\x2e\60\x3a\141\x73\163\x65\162\164\151\x6f\156\x22\76" . $ov . "\x3c\x2f\163\141\155\x6c\x3a\111\163\163\x75\145\x72\x3e\12\x9\11\x9\11\x9\11\x3c\163\141\x6d\154\72\x4e\x61\155\x65\x49\x44\x20\123\x50\x4e\x61\155\145\121\165\x61\154\151\x66\151\x65\162\x3d\x22" . $ov . "\x22\40\x46\x6f\162\x6d\x61\164\x3d\x22\x75\x72\156\72\157\141\x73\x69\x73\72\156\141\155\145\x73\72\164\143\x3a\123\x41\x4d\x4c\x3a\x32\56\60\72\x6e\x61\155\145\151\x64\x2d\x66\x6f\x72\155\x61\164\72\164\x72\141\x6e\x73\151\x65\x6e\164\x22\40\x78\155\x6c\156\x73\72\163\x61\x6d\154\75\42\x75\x72\x6e\x3a\157\x61\163\x69\163\x3a\x6e\141\x6d\145\163\x3a\x74\143\72\123\x41\x4d\x4c\72\62\56\x30\72\x61\163\x73\x65\x72\164\x69\x6f\156\x22\x3e" . $wN[0] . "\x3c\x2f\x73\141\155\154\x3a\116\141\x6d\x65\x49\104\76";
    if (empty($TE)) {
        goto FE;
    }
    $hM .= "\74\163\141\155\x6c\x70\72\x53\145\x73\x73\151\x6f\156\x49\156\144\x65\x78\76" . $TE . "\74\x2f\x73\x61\155\154\x70\72\x53\145\x73\x73\x69\157\x6e\x49\156\x64\x65\x78\76";
    FE:
    $hM .= "\74\57\163\141\155\x6c\160\72\114\157\x67\157\165\x74\x52\x65\161\x75\145\163\164\x3e";
    if (!(empty($zD) || $zD == "\x48\x74\x74\160\122\x65\x64\151\162\145\x63\164")) {
        goto Bl;
    }
    $KT = gzdeflate($hM);
    $rY = base64_encode($KT);
    $l5 = urlencode($rY);
    $hM = $l5;
    Bl:
    return $hM;
}
function generateTimestamp($jU = NULL)
{
    if (!($jU === NULL)) {
        goto cQ;
    }
    $jU = time();
    cQ:
    return gmdate("\131\55\x6d\x2d\144\134\x54\x48\72\x69\x3a\163\134\132", $jU);
}
function generateID()
{
    return "\137" . stringToHex(generateRandomBytes(21));
}
function stringToHex($ad)
{
    $wf = '';
    $pD = 0;
    Nb:
    if (!($pD < strlen($ad))) {
        goto En;
    }
    $wf .= sprintf("\x25\60\x32\x78", ord($ad[$pD]));
    Z6:
    $pD++;
    goto Nb;
    En:
    return $wf;
}
function generateRandomBytes($BE, $gn = TRUE)
{
    return openssl_random_pseudo_bytes($BE);
}

Function Calls

None

Variables

None

Stats

MD5 40415a938312953273f4476e4f27520b
Eval Count 0
Decode Time 62 ms