Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

function mo_login_validate() { if (!(!empty($_REQUEST["\157\160\x74\x69\157\x6e"])..

Decoded Output download

<?   
function mo_login_validate() 
{ 
    if (!(!empty($_REQUEST["option"]) && $_REQUEST["option"] == "mosaml_metadata")) { 
        goto LXY; 
    } 
    miniorange_generate_metadata(); 
    LXY: 
    if (!mo_saml_is_customer_license_verified()) { 
        goto VMW; 
    } 
    if (!(!empty($_REQUEST["option"]) && ($_REQUEST["option"] == "saml_user_login" || $_REQUEST["option"] == "testConfig" || $_REQUEST["option"] == "getsamlrequest" || $_REQUEST["option"] == "getsamlresponse"))) { 
        goto duY; 
    } 
    if (mo_saml_is_sp_configured()) { 
        goto j4A; 
    } 
    if (!is_user_logged_in()) { 
        goto wMG; 
    } 
    if (empty($_REQUEST["redirect_to"])) { 
        goto rVa; 
    } 
    $PX = htmlspecialchars($_REQUEST["redirect_to"]); 
    wp_safe_redirect($PX); 
    exit; 
    rVa: 
    wMG: 
    goto oiC; 
    j4A: 
    if (!(is_user_logged_in() and $_REQUEST["option"] == "saml_user_login")) { 
        goto RIg; 
    } 
    if (empty($_REQUEST["redirect_to"])) { 
        goto FaL; 
    } 
    $PX = htmlspecialchars($_REQUEST["redirect_to"]); 
    wp_safe_redirect($PX); 
    exit; 
    FaL: 
    return; 
    RIg: 
    $Eq = get_site_option("mo_saml_sp_base_url"); 
    if (!empty($Eq)) { 
        goto VRy; 
    } 
    $Eq = get_network_site_url(); 
    VRy: 
    $wa = get_site_option("saml_sso_settings"); 
    $Qu = get_current_blog_id(); 
    $oR = Utilities::get_active_sites(); 
    if (Utilities::mo_saml_in_array($Qu, $oR)) { 
        goto gDf; 
    } 
    return; 
    gDf: 
    if (!(empty($wa[$Qu]) && !empty($wa["DEFAULT"]))) { 
        goto Ova; 
    } 
    $wa[$Qu] = $wa["DEFAULT"]; 
    Ova: 
    if ($_REQUEST["option"] == "testConfig" and array_key_exists("newcert", $_REQUEST)) { 
        goto NwI; 
    } 
    if ($_REQUEST["option"] == "testConfig") { 
        goto TOo; 
    } 
    if ($_REQUEST["option"] == "getsamlrequest") { 
        goto b5B; 
    } 
    if ($_REQUEST["option"] == "getsamlresponse") { 
        goto E79; 
    } 
    if (!empty($wa[$Qu]["mo_saml_relay_state"])) { 
        goto tYJ; 
    } 
    if (!empty($_REQUEST["redirect_to"])) { 
        goto tLN; 
    } 
    $u2 = saml_get_current_page_url(); 
    goto xiK; 
    tLN: 
    $u2 = $_REQUEST["redirect_to"]; 
    xiK: 
    goto SEp; 
    tYJ: 
    $u2 = $wa[$Qu]["mo_saml_relay_state"]; 
    SEp: 
    goto I85; 
    E79: 
    $u2 = "displaySAMLResponse"; 
    I85: 
    goto Lwi; 
    b5B: 
    $u2 = "displaySAMLRequest"; 
    Lwi: 
    goto yjU; 
    TOo: 
    $u2 = "testValidate"; 
    yjU: 
    goto fl8; 
    NwI: 
    $u2 = "testNewCertificate"; 
    fl8: 
    $Yr = get_site_option("saml_login_url"); 
    $rj = !empty(get_site_option("saml_login_binding_type")) ? get_site_option("saml_login_binding_type") : "HttpPost"; 
    $wa = get_site_option("saml_sso_settings"); 
    $Qu = get_current_blog_id(); 
    $oR = Utilities::get_active_sites(); 
    if (Utilities::mo_saml_in_array($Qu, $oR)) { 
        goto P7Z; 
    } 
    return; 
    P7Z: 
    if (!(empty($wa[$Qu]) && !empty($wa["DEFAULT"]))) { 
        goto c1H; 
    } 
    $wa[$Qu] = $wa["DEFAULT"]; 
    c1H: 
    $X5 = !empty($wa[$Qu]["mo_saml_force_authentication"]) ? $wa[$Qu]["mo_saml_force_authentication"] : ''; 
    $F5 = $Eq . "/"; 
    $yo = get_site_option("mo_saml_sp_entity_id"); 
    $vl = get_site_option("saml_nameid_format"); 
    if (!empty($vl)) { 
        goto ETJ; 
    } 
    $vl = "1.1:nameid-format:unspecified"; 
    ETJ: 
    if (!empty($yo)) { 
        goto piB; 
    } 
    $yo = $Eq . "/wp-content/plugins/miniorange-saml-20-single-sign-on/"; 
    piB: 
    $a_ = Utilities::createAuthnRequest($F5, $yo, $Yr, $X5, $rj, $vl); 
    if (!($u2 == "displaySAMLRequest")) { 
        goto K10; 
    } 
    mo_saml_show_SAML_log(Utilities::createAuthnRequest($F5, $yo, $Yr, $X5, "HttpPost", $vl), $u2); 
    K10: 
    $f2 = htmlspecialchars_decode($Yr); 
    if (strpos($Yr, "?") !== false) { 
        goto anx; 
    } 
    $f2 .= "?"; 
    goto gjd; 
    anx: 
    $f2 .= "&"; 
    gjd: 
    $u2 = mo_saml_relaystate_url($u2); 
    if ($rj == "HttpRedirect") { 
        goto Dsp; 
    } 
    if (!(get_site_option("saml_request_signed") == "unchecked")) { 
        goto So5; 
    } 
    $RL = base64_encode($a_); 
    Utilities::postSAMLRequest($Yr, $RL, $u2); 
    exit; 
    So5: 
    $pH = ''; 
    $VG = ''; 
    if ($_REQUEST["option"] == "testConfig" && array_key_exists("newcert", $_REQUEST)) { 
        goto iKY; 
    } 
    $RL = Utilities::signXML($a_, "NameIDPolicy"); 
    goto PFA; 
    iKY: 
    $RL = Utilities::signXML($a_, "NameIDPolicy", true); 
    PFA: 
    Utilities::postSAMLRequest($Yr, $RL, $u2); 
    update_site_option("mo_saml_new_cert_test", true); 
    goto Wu3; 
    Dsp: 
    if (!(get_site_option("saml_request_signed") == "unchecked")) { 
        goto lbp; 
    } 
    $f2 .= "SAMLRequest=" . $a_ . "&RelayState=" . urlencode($u2); 
    header("Location: " . $f2); 
    exit; 
    lbp: 
    $a_ = "SAMLRequest=" . $a_ . "&RelayState=" . urlencode($u2) . "&SigAlg=" . urlencode(XMLSecurityKey::RSA_SHA256); 
    $Cv = array("type" => "private"); 
    $tK = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, $Cv); 
    if ($_REQUEST["option"] == "testConfig" && array_key_exists("newcert", $_REQUEST)) { 
        goto IDN; 
    } 
    $RZ = get_site_option("mo_saml_current_cert_private_key"); 
    goto f7n; 
    IDN: 
    $RZ = file_get_contents(plugin_dir_path(__FILE__) . "resources" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_Private_Key); 
    f7n: 
    $tK->loadKey($RZ, FALSE); 
    $vo = new XMLSecurityDSig(); 
    $yP = $tK->signData($a_); 
    $yP = base64_encode($yP); 
    $f2 .= $a_ . "&Signature=" . urlencode($yP); 
    header("Location: " . $f2); 
    exit; 
    Wu3: 
    oiC: 
    duY: 
    if (!(array_key_exists("SAMLResponse", $_REQUEST) && !empty($_REQUEST["SAMLResponse"]))) { 
        goto v1S; 
    } 
    if (array_key_exists("RelayState", $_POST) && !empty($_POST["RelayState"]) && $_POST["RelayState"] != "/") { 
        goto QlV; 
    } 
    $Na = ''; 
    goto PN9; 
    QlV: 
    $Na = $_POST["RelayState"]; 
    PN9: 
    $Na = mo_saml_parse_url($Na); 
    $Eq = get_site_option("mo_saml_sp_base_url"); 
    if (!empty($Eq)) { 
        goto Rp0; 
    } 
    $Eq = get_network_site_url(); 
    Rp0: 
    $k4 = $_REQUEST["SAMLResponse"]; 
    $k4 = base64_decode($k4); 
    if (!($Na == "displaySAMLResponse")) { 
        goto qem; 
    } 
    mo_saml_show_SAML_log($k4, $Na); 
    qem: 
    if (!(array_key_exists("SAMLResponse", $_GET) && !empty($_GET["SAMLResponse"]))) { 
        goto CIV; 
    } 
    $k4 = gzinflate($k4); 
    CIV: 
    $Hr = new DOMDocument(); 
    $Hr->loadXML($k4); 
    $mx = $Hr->firstChild; 
    $Wq = $Hr->documentElement; 
    $ek = new DOMXpath($Hr); 
    $ek->registerNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol"); 
    $ek->registerNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion"); 
    if ($mx->localName == "LogoutResponse") { 
        goto wYx; 
    } 
    $Ya = $ek->query("/samlp:Response/samlp:Status/samlp:StatusCode", $Wq); 
    $EG = !empty($Ya) ? $Ya->item(0)->getAttribute("Value") : ''; 
    $RU = explode(":", $EG); 
    if (!array_key_exists(7, $RU)) { 
        goto oBB; 
    } 
    $Ya = $RU[7]; 
    oBB: 
    $DX = $ek->query("/samlp:Response/samlp:Status/samlp:StatusMessage", $Wq); 
    $Y_ = !empty($DX) ? $DX->item(0) : ''; 
    if (empty($Y_)) { 
        goto hGm; 
    } 
    $Y_ = $Y_->nodeValue; 
    hGm: 
    if (array_key_exists("RelayState", $_POST) && !empty($_POST["RelayState"]) && $_POST["RelayState"] != "/") { 
        goto tuE; 
    } 
    $Na = ''; 
    goto mVo; 
    tuE: 
    $Na = $_POST["RelayState"]; 
    $Na = mo_saml_parse_url($Na); 
    mVo: 
    if (!($Ya != "Success")) { 
        goto cck; 
    } 
    show_status_error($Ya, $Na, $Y_); 
    cck: 
    if (!($Na !== "testValidate" && $Na !== "testNewCertificate")) { 
        goto C17; 
    } 
    $is = parse_url($Na, PHP_URL_HOST); 
    $TT = parse_url($Eq, PHP_URL_HOST); 
    $iB = parse_url(get_current_base_url(), PHP_URL_HOST); 
    if (!empty($Na)) { 
        goto hrn; 
    } 
    $Na = "/"; 
    goto k00; 
    hrn: 
    $Na = mo_saml_parse_url($Na); 
    k00: 
    if (!(!empty($is) && $is != $iB && !mo_saml_is_subdomain($is, $iB))) { 
        goto Dnh; 
    } 
    Utilities::postSAMLResponse($Na, $_REQUEST["SAMLResponse"], mo_saml_relaystate_url($Na)); 
    Dnh: 
    C17: 
    $DL = maybe_unserialize(get_site_option("saml_x509_certificate")); 
    update_site_option("mo_saml_response", base64_encode($k4)); 
    foreach ($DL as $tK => $Cd) { 
        if (@openssl_x509_read($Cd)) { 
            goto OOl; 
        } 
        unset($DL[$tK]); 
        OOl: 
        Jp9: 
    } 
    NBw: 
    $F5 = $Eq . "/"; 
    if ($Na == "testNewCertificate") { 
        goto rOH; 
    } 
    $k4 = new SAML2_Response($mx, get_site_option("mo_saml_current_cert_private_key")); 
    goto JQn; 
    rOH: 
    $pu = file_get_contents(plugin_dir_path(__FILE__) . "resources" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_Private_Key); 
    $k4 = new SAML2_Response($mx, $pu); 
    JQn: 
    $PB = $k4->getSignatureData(); 
    $TD = current($k4->getAssertions())->getSignatureData(); 
    if (!(empty($TD) && empty($PB))) { 
        goto DDE; 
    } 
    if ($Na == "testValidate" or $Na == "testNewCertificate") { 
        goto R8M; 
    } 
    wp_die("We could not sign you in. Please contact administrator", "Error: Invalid SAML Response"); 
    goto vSp; 
    R8M: 
    $I7 = mo_options_error_constants::Error_no_certificate; 
    $xa = mo_options_error_constants::Cause_no_certificate; 
    echo "<div style="font-family:Calibri;padding:0 3%;">\xd\xa		\x9			<div style="color: #a94442;background-color: #f2dede;padding: 15px;margin-bottom: 20px;text-align:center;border:1px solid #E6B3B2;font-size:18pt;"> ERROR</div>
						<div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><strong>Error  :" . esc_html($I7) . " </strong></p>\xd
\x9\x9\x9		\x9\xd\xa			\x9\x9	<p><strong>Possible Cause: " . esc_html($xa) . "</strong></p>\xd
					\x9\xd\xa		\x9\x9\x9\x9</div></div>"; 
    mo_saml_download_logs($I7, $xa); 
    exit; 
    vSp: 
    DDE: 
    $fw = ''; 
    if (is_array($DL)) { 
        goto XdW; 
    } 
    $e4 = XMLSecurityKey::getRawThumbprint($DL); 
    $e4 = mo_saml_convert_to_windows_iconv($e4); 
    $e4 = preg_replace("/\s+/", '', $e4); 
    if (empty($PB)) { 
        goto NRK; 
    } 
    $fw = Utilities::processResponse($F5, $e4, $PB, $k4, 0, $Na); 
    NRK: 
    if (empty($TD)) { 
        goto S05; 
    } 
    $fw = Utilities::processResponse($F5, $e4, $TD, $k4, 0, $Na); 
    S05: 
    goto EbW; 
    XdW: 
    foreach ($DL as $tK => $Cd) { 
        $e4 = XMLSecurityKey::getRawThumbprint($Cd); 
        $e4 = mo_saml_convert_to_windows_iconv($e4); 
        $e4 = preg_replace("/\s+/", '', $e4); 
        if (empty($PB)) { 
            goto jqp; 
        } 
        $fw = Utilities::processResponse($F5, $e4, $PB, $k4, $tK, $Na); 
        jqp: 
        if (empty($TD)) { 
            goto bKG; 
        } 
        $fw = Utilities::processResponse($F5, $e4, $TD, $k4, $tK, $Na); 
        bKG: 
        if (!$fw) { 
            goto Aoz; 
        } 
        goto ZWy; 
        Aoz: 
        ySz: 
    } 
    ZWy: 
    EbW: 
    if (empty($PB)) { 
        goto XgQ; 
    } 
    $AK = $PB["Certificates"][0]; 
    goto bny; 
    XgQ: 
    $AK = $TD["Certificates"][0]; 
    bny: 
    if ($fw) { 
        goto DxZ; 
    } 
    if ($Na == "testValidate" or $Na == "testNewCertificate") { 
        goto vKz; 
    } 
    wp_die("We could not sign you in. Please contact your Administrator", "Error :Certificate not found"); 
    goto ubY; 
    vKz: 
    $I7 = mo_options_error_constants::Error_wrong_certificate; 
    $xa = mo_options_error_constants::Cause_wrong_certificate; 
    $BZ = "-----BEGIN CERTIFICATE-----<br>" . chunk_split($AK, 64) . "<br>-----END CERTIFICATE-----"; 
    echo "<div style="font-family:Calibri;padding:0 3%;">"; 
    echo "<div style="color: #a94442;background-color: #f2dede;padding: 15px;margin-bottom: 20px;text-align:center;border:1px solid #E6B3B2;font-size:18pt;"> ERROR</div>\xd\xa                        <div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><strong>Error: </strong>Unable to find a certificate matching the configured fingerprint.</p>\xd
                            <p>Please contact your administrator and report the following error:</p>\xd\xa                            <p><strong>Possible Cause: </strong>'X.509 Certificate' field in plugin does not match the certificate found in SAML Response.</p>\xd
                            <p><strong>Certificate found in SAML Response: </strong><font face="Courier New"><br><br>" . $BZ . "</p></font>
                            <p><strong>Solution: </strong></p>\xd\xa                            <ol>\xd
                               <li>Copy paste the certificate provided above in X509 Certificate under Service Provider Setup tab.</li>
                               <li>If issue persists disable <b>Character encoding</b> under Service Provder Setup tab.</li>\xd\xa                            </ol>
                            </div>\xd\xa                        <div style="margin:3%;display:block;text-align:center;">\xd\xa                                <div style="margin:3%;display:block;text-align:center;"><input style="padding:1%;width:100px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Done" onClick="self.close();"></div>"; 
    mo_saml_download_logs($I7, $xa); 
    exit; 
    ubY: 
    DxZ: 
    $V4 = get_site_option("saml_issuer"); 
    $yo = get_site_option("mo_saml_sp_entity_id"); 
    if (!empty($yo)) { 
        goto AOE; 
    } 
    $yo = $Eq . "/wp-content/plugins/miniorange-saml-20-single-sign-on/"; 
    AOE: 
    Utilities::validateIssuerAndAudience($k4, $yo, $V4, $Na); 
    $aw = current(current($k4->getAssertions())->getNameId()); 
    $jG = current($k4->getAssertions())->getAttributes(); 
    $jG["NameID"] = array("0" => $aw); 
    $fC = current($k4->getAssertions())->getSessionIndex(); 
    mo_saml_checkMapping($jG, $Na, $fC); 
    goto PKX; 
    wYx: 
    if (empty($_REQUEST["RelayState"])) { 
        goto c8D; 
    } 
    $Xn = $_REQUEST["RelayState"]; 
    c8D: 
    if (!is_user_logged_in()) { 
        goto BN0; 
    } 
    wp_destroy_current_session(); 
    wp_clear_auth_cookie(); 
    wp_set_current_user(0); 
    BN0: 
    if (empty($Xn)) { 
        goto sQJ; 
    } 
    $Xn = mo_saml_parse_url($Xn); 
    goto w3I; 
    sQJ: 
    $Xn = $Eq; 
    w3I: 
    do_action("mo_saml_sp_initiated_slo_pre_redirect", $Xn); 
    header("Location:" . $Xn); 
    exit; 
    PKX: 
    v1S: 
    if (!(array_key_exists("SAMLRequest", $_REQUEST) && !empty($_REQUEST["SAMLRequest"]))) { 
        goto hF2; 
    } 
    $a_ = $_REQUEST["SAMLRequest"]; 
    $Na = "/"; 
    if (!array_key_exists("RelayState", $_REQUEST)) { 
        goto o47; 
    } 
    $Na = $_REQUEST["RelayState"]; 
    o47: 
    $a_ = base64_decode($a_); 
    if (!(array_key_exists("SAMLRequest", $_GET) && !empty($_GET["SAMLRequest"]))) { 
        goto AEu; 
    } 
    $a_ = gzinflate($a_); 
    AEu: 
    $Hr = new DOMDocument(); 
    $Hr->loadXML($a_); 
    $GM = $Hr->firstChild; 
    if (!($GM->localName == "LogoutRequest")) { 
        goto U8k; 
    } 
    $LO = new SAML2_LogoutRequest($GM); 
    if (!(!session_id() || session_id() == '' || empty($_SESSION))) { 
        goto rio; 
    } 
    session_start(); 
    rio: 
    $_SESSION["mo_saml_logout_request"] = $a_; 
    $_SESSION["mo_saml_logout_relay_state"] = $Na; 
    wp_redirect(htmlspecialchars_decode(wp_logout_url())); 
    exit; 
    U8k: 
    hF2: 
    VMW: 
} ?>

Did this file decode correctly?

Original Code


function mo_login_validate()
{
    if (!(!empty($_REQUEST["\157\160\x74\x69\157\x6e"]) && $_REQUEST["\157\x70\x74\x69\157\x6e"] == "\155\157\163\x61\155\x6c\137\155\145\164\141\x64\x61\x74\x61")) {
        goto LXY;
    }
    miniorange_generate_metadata();
    LXY:
    if (!mo_saml_is_customer_license_verified()) {
        goto VMW;
    }
    if (!(!empty($_REQUEST["\x6f\x70\x74\x69\x6f\x6e"]) && ($_REQUEST["\x6f\x70\164\151\x6f\x6e"] == "\x73\141\155\x6c\x5f\x75\x73\x65\162\137\154\157\x67\151\x6e" || $_REQUEST["\x6f\x70\x74\x69\x6f\x6e"] == "\164\x65\163\164\x43\157\x6e\146\x69\147" || $_REQUEST["\157\160\x74\x69\157\x6e"] == "\147\145\x74\163\x61\155\x6c\x72\145\161\165\x65\x73\x74" || $_REQUEST["\x6f\160\164\x69\157\x6e"] == "\x67\145\x74\163\141\x6d\154\162\x65\x73\160\x6f\156\x73\x65"))) {
        goto duY;
    }
    if (mo_saml_is_sp_configured()) {
        goto j4A;
    }
    if (!is_user_logged_in()) {
        goto wMG;
    }
    if (empty($_REQUEST["\x72\145\x64\151\x72\145\143\x74\137\164\x6f"])) {
        goto rVa;
    }
    $PX = htmlspecialchars($_REQUEST["\162\145\144\151\x72\145\x63\x74\137\164\x6f"]);
    wp_safe_redirect($PX);
    exit;
    rVa:
    wMG:
    goto oiC;
    j4A:
    if (!(is_user_logged_in() and $_REQUEST["\x6f\160\x74\151\x6f\156"] == "\x73\x61\155\x6c\137\165\163\145\x72\x5f\154\x6f\x67\x69\x6e")) {
        goto RIg;
    }
    if (empty($_REQUEST["\162\x65\144\x69\x72\145\x63\164\x5f\x74\x6f"])) {
        goto FaL;
    }
    $PX = htmlspecialchars($_REQUEST["\162\x65\x64\x69\162\x65\x63\x74\x5f\164\157"]);
    wp_safe_redirect($PX);
    exit;
    FaL:
    return;
    RIg:
    $Eq = get_site_option("\x6d\x6f\x5f\x73\141\155\154\137\163\160\137\142\141\x73\x65\x5f\x75\162\154");
    if (!empty($Eq)) {
        goto VRy;
    }
    $Eq = get_network_site_url();
    VRy:
    $wa = get_site_option("\163\141\155\154\137\163\x73\157\137\x73\145\x74\164\x69\x6e\147\163");
    $Qu = get_current_blog_id();
    $oR = Utilities::get_active_sites();
    if (Utilities::mo_saml_in_array($Qu, $oR)) {
        goto gDf;
    }
    return;
    gDf:
    if (!(empty($wa[$Qu]) && !empty($wa["\104\x45\106\x41\125\114\124"]))) {
        goto Ova;
    }
    $wa[$Qu] = $wa["\104\105\x46\101\x55\114\124"];
    Ova:
    if ($_REQUEST["\x6f\x70\164\151\157\x6e"] == "\164\x65\163\x74\103\157\x6e\x66\x69\147" and array_key_exists("\x6e\145\167\143\145\162\164", $_REQUEST)) {
        goto NwI;
    }
    if ($_REQUEST["\x6f\160\x74\x69\x6f\x6e"] == "\x74\x65\163\164\x43\157\156\x66\x69\x67") {
        goto TOo;
    }
    if ($_REQUEST["\x6f\160\x74\151\157\156"] == "\x67\x65\164\163\141\155\154\x72\x65\x71\165\x65\163\164") {
        goto b5B;
    }
    if ($_REQUEST["\x6f\x70\164\x69\x6f\156"] == "\x67\x65\164\x73\141\x6d\x6c\162\145\163\x70\157\156\x73\x65") {
        goto E79;
    }
    if (!empty($wa[$Qu]["\x6d\x6f\x5f\x73\141\155\154\137\x72\145\x6c\x61\171\x5f\x73\x74\x61\x74\145"])) {
        goto tYJ;
    }
    if (!empty($_REQUEST["\x72\145\144\x69\162\145\143\x74\x5f\164\x6f"])) {
        goto tLN;
    }
    $u2 = saml_get_current_page_url();
    goto xiK;
    tLN:
    $u2 = $_REQUEST["\x72\145\144\x69\x72\145\x63\x74\x5f\x74\x6f"];
    xiK:
    goto SEp;
    tYJ:
    $u2 = $wa[$Qu]["\155\157\x5f\x73\141\155\x6c\x5f\x72\x65\x6c\x61\x79\x5f\x73\164\141\x74\145"];
    SEp:
    goto I85;
    E79:
    $u2 = "\144\x69\163\x70\154\141\x79\x53\101\x4d\x4c\x52\x65\163\x70\x6f\156\163\x65";
    I85:
    goto Lwi;
    b5B:
    $u2 = "\144\151\163\x70\x6c\x61\171\x53\101\115\x4c\x52\x65\x71\165\x65\x73\164";
    Lwi:
    goto yjU;
    TOo:
    $u2 = "\164\145\x73\x74\x56\141\154\151\x64\x61\164\x65";
    yjU:
    goto fl8;
    NwI:
    $u2 = "\x74\x65\x73\164\116\145\x77\x43\x65\x72\x74\151\146\151\143\141\164\145";
    fl8:
    $Yr = get_site_option("\163\x61\155\x6c\137\x6c\157\147\151\156\137\165\162\x6c");
    $rj = !empty(get_site_option("\x73\141\x6d\154\137\x6c\x6f\x67\151\156\137\x62\x69\156\144\x69\156\x67\x5f\x74\171\160\145")) ? get_site_option("\x73\x61\155\x6c\x5f\154\x6f\x67\151\x6e\x5f\142\151\156\x64\151\156\147\x5f\x74\x79\x70\145") : "\x48\164\x74\x70\120\x6f\163\164";
    $wa = get_site_option("\163\x61\155\154\137\163\163\x6f\137\163\145\164\x74\x69\156\x67\x73");
    $Qu = get_current_blog_id();
    $oR = Utilities::get_active_sites();
    if (Utilities::mo_saml_in_array($Qu, $oR)) {
        goto P7Z;
    }
    return;
    P7Z:
    if (!(empty($wa[$Qu]) && !empty($wa["\x44\105\x46\x41\125\114\124"]))) {
        goto c1H;
    }
    $wa[$Qu] = $wa["\104\x45\x46\101\125\x4c\x54"];
    c1H:
    $X5 = !empty($wa[$Qu]["\155\x6f\x5f\163\x61\x6d\x6c\137\146\x6f\x72\143\145\x5f\141\165\164\x68\x65\156\x74\x69\143\141\x74\151\157\156"]) ? $wa[$Qu]["\155\x6f\x5f\x73\x61\155\x6c\x5f\146\x6f\x72\x63\x65\137\141\165\164\x68\x65\x6e\x74\x69\143\x61\164\151\157\156"] : '';
    $F5 = $Eq . "\x2f";
    $yo = get_site_option("\x6d\x6f\137\x73\141\155\154\137\x73\x70\137\145\x6e\x74\x69\x74\x79\137\x69\144");
    $vl = get_site_option("\x73\141\155\x6c\137\x6e\141\x6d\145\x69\x64\137\146\157\162\155\x61\164");
    if (!empty($vl)) {
        goto ETJ;
    }
    $vl = "\61\x2e\x31\72\156\141\x6d\x65\151\x64\x2d\x66\x6f\162\x6d\141\x74\x3a\165\x6e\163\160\145\143\x69\146\x69\145\x64";
    ETJ:
    if (!empty($yo)) {
        goto piB;
    }
    $yo = $Eq . "\57\167\x70\x2d\x63\x6f\x6e\164\x65\156\164\x2f\x70\x6c\165\x67\151\x6e\x73\x2f\x6d\151\156\151\157\162\141\156\x67\145\55\x73\141\155\x6c\x2d\62\60\55\x73\x69\156\x67\x6c\x65\55\x73\151\x67\156\55\x6f\x6e\57";
    piB:
    $a_ = Utilities::createAuthnRequest($F5, $yo, $Yr, $X5, $rj, $vl);
    if (!($u2 == "\144\x69\163\x70\154\x61\x79\x53\x41\115\x4c\122\x65\x71\x75\x65\x73\164")) {
        goto K10;
    }
    mo_saml_show_SAML_log(Utilities::createAuthnRequest($F5, $yo, $Yr, $X5, "\110\164\x74\x70\120\x6f\163\164", $vl), $u2);
    K10:
    $f2 = htmlspecialchars_decode($Yr);
    if (strpos($Yr, "\x3f") !== false) {
        goto anx;
    }
    $f2 .= "\77";
    goto gjd;
    anx:
    $f2 .= "\46";
    gjd:
    $u2 = mo_saml_relaystate_url($u2);
    if ($rj == "\x48\x74\164\x70\122\x65\x64\151\x72\x65\143\164") {
        goto Dsp;
    }
    if (!(get_site_option("\x73\141\155\x6c\x5f\x72\145\161\x75\x65\x73\x74\137\x73\x69\147\x6e\145\144") == "\165\156\x63\150\x65\x63\x6b\145\x64")) {
        goto So5;
    }
    $RL = base64_encode($a_);
    Utilities::postSAMLRequest($Yr, $RL, $u2);
    exit;
    So5:
    $pH = '';
    $VG = '';
    if ($_REQUEST["\x6f\x70\164\151\157\156"] == "\x74\x65\163\x74\103\157\x6e\x66\151\147" && array_key_exists("\156\x65\167\x63\x65\x72\164", $_REQUEST)) {
        goto iKY;
    }
    $RL = Utilities::signXML($a_, "\x4e\141\x6d\145\x49\x44\120\x6f\x6c\151\143\x79");
    goto PFA;
    iKY:
    $RL = Utilities::signXML($a_, "\116\141\155\x65\x49\104\120\157\154\151\x63\171", true);
    PFA:
    Utilities::postSAMLRequest($Yr, $RL, $u2);
    update_site_option("\x6d\157\x5f\x73\x61\x6d\x6c\x5f\156\145\167\137\143\x65\x72\x74\x5f\x74\145\163\x74", true);
    goto Wu3;
    Dsp:
    if (!(get_site_option("\163\141\155\x6c\x5f\162\145\x71\x75\x65\x73\x74\x5f\163\151\x67\x6e\x65\144") == "\x75\156\x63\x68\x65\143\153\145\144")) {
        goto lbp;
    }
    $f2 .= "\x53\101\x4d\114\x52\145\161\165\x65\163\x74\x3d" . $a_ . "\x26\x52\145\x6c\x61\171\123\x74\x61\x74\145\x3d" . urlencode($u2);
    header("\114\x6f\x63\141\x74\151\157\156\x3a\x20" . $f2);
    exit;
    lbp:
    $a_ = "\x53\x41\115\114\122\145\161\165\x65\163\164\x3d" . $a_ . "\x26\122\x65\x6c\141\171\123\164\141\x74\145\x3d" . urlencode($u2) . "\x26\x53\x69\x67\101\x6c\x67\75" . urlencode(XMLSecurityKey::RSA_SHA256);
    $Cv = array("\x74\171\x70\145" => "\x70\x72\151\x76\x61\164\145");
    $tK = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, $Cv);
    if ($_REQUEST["\157\160\x74\151\x6f\x6e"] == "\164\x65\163\164\x43\x6f\156\x66\x69\x67" && array_key_exists("\x6e\x65\167\x63\145\162\x74", $_REQUEST)) {
        goto IDN;
    }
    $RZ = get_site_option("\x6d\157\137\163\141\x6d\x6c\x5f\x63\165\162\x72\x65\x6e\x74\x5f\x63\x65\x72\x74\x5f\160\162\x69\x76\141\x74\145\137\x6b\145\171");
    goto f7n;
    IDN:
    $RZ = file_get_contents(plugin_dir_path(__FILE__) . "\x72\145\x73\157\x75\x72\x63\x65\163" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_Private_Key);
    f7n:
    $tK->loadKey($RZ, FALSE);
    $vo = new XMLSecurityDSig();
    $yP = $tK->signData($a_);
    $yP = base64_encode($yP);
    $f2 .= $a_ . "\x26\123\151\x67\156\x61\x74\x75\162\x65\x3d" . urlencode($yP);
    header("\114\157\143\141\164\151\x6f\x6e\x3a\x20" . $f2);
    exit;
    Wu3:
    oiC:
    duY:
    if (!(array_key_exists("\123\x41\x4d\x4c\122\x65\163\160\x6f\x6e\x73\145", $_REQUEST) && !empty($_REQUEST["\x53\101\115\x4c\x52\x65\x73\160\x6f\156\x73\x65"]))) {
        goto v1S;
    }
    if (array_key_exists("\x52\145\154\141\x79\x53\164\x61\164\x65", $_POST) && !empty($_POST["\x52\145\x6c\x61\x79\123\164\141\164\x65"]) && $_POST["\x52\145\x6c\x61\171\123\x74\x61\x74\x65"] != "\x2f") {
        goto QlV;
    }
    $Na = '';
    goto PN9;
    QlV:
    $Na = $_POST["\122\145\x6c\141\x79\x53\164\x61\164\x65"];
    PN9:
    $Na = mo_saml_parse_url($Na);
    $Eq = get_site_option("\x6d\157\x5f\163\x61\x6d\154\137\163\x70\x5f\x62\141\x73\x65\137\x75\x72\x6c");
    if (!empty($Eq)) {
        goto Rp0;
    }
    $Eq = get_network_site_url();
    Rp0:
    $k4 = $_REQUEST["\123\x41\115\114\122\x65\163\160\157\156\163\x65"];
    $k4 = base64_decode($k4);
    if (!($Na == "\144\151\163\x70\154\x61\x79\x53\101\115\114\x52\145\x73\x70\x6f\156\x73\x65")) {
        goto qem;
    }
    mo_saml_show_SAML_log($k4, $Na);
    qem:
    if (!(array_key_exists("\x53\x41\x4d\114\122\145\x73\160\157\156\163\145", $_GET) && !empty($_GET["\x53\x41\x4d\x4c\x52\x65\163\160\x6f\156\x73\145"]))) {
        goto CIV;
    }
    $k4 = gzinflate($k4);
    CIV:
    $Hr = new DOMDocument();
    $Hr->loadXML($k4);
    $mx = $Hr->firstChild;
    $Wq = $Hr->documentElement;
    $ek = new DOMXpath($Hr);
    $ek->registerNamespace("\163\141\155\x6c\x70", "\165\162\156\x3a\157\141\163\x69\x73\x3a\x6e\x61\x6d\x65\x73\72\164\x63\72\x53\x41\115\114\72\62\56\60\x3a\x70\x72\x6f\x74\157\x63\x6f\154");
    $ek->registerNamespace("\x73\141\x6d\154", "\x75\x72\156\72\x6f\141\163\x69\x73\x3a\x6e\141\x6d\x65\x73\72\x74\143\x3a\x53\101\115\114\72\62\56\x30\72\141\x73\163\x65\162\x74\x69\x6f\156");
    if ($mx->localName == "\x4c\x6f\x67\x6f\x75\164\122\145\163\160\x6f\156\163\x65") {
        goto wYx;
    }
    $Ya = $ek->query("\x2f\x73\141\155\x6c\160\72\x52\x65\163\x70\x6f\x6e\163\145\57\163\x61\155\154\x70\72\123\x74\x61\x74\x75\x73\x2f\163\141\155\x6c\160\72\x53\164\x61\164\165\x73\103\x6f\144\145", $Wq);
    $EG = !empty($Ya) ? $Ya->item(0)->getAttribute("\126\141\154\165\145") : '';
    $RU = explode("\72", $EG);
    if (!array_key_exists(7, $RU)) {
        goto oBB;
    }
    $Ya = $RU[7];
    oBB:
    $DX = $ek->query("\x2f\x73\141\x6d\x6c\x70\72\x52\x65\163\160\157\x6e\163\145\x2f\x73\141\x6d\x6c\x70\x3a\123\164\x61\x74\x75\163\57\163\x61\x6d\154\160\x3a\x53\x74\141\x74\165\163\x4d\145\163\x73\x61\147\x65", $Wq);
    $Y_ = !empty($DX) ? $DX->item(0) : '';
    if (empty($Y_)) {
        goto hGm;
    }
    $Y_ = $Y_->nodeValue;
    hGm:
    if (array_key_exists("\x52\x65\x6c\x61\171\123\x74\141\164\145", $_POST) && !empty($_POST["\122\145\x6c\x61\x79\x53\x74\141\x74\x65"]) && $_POST["\x52\145\154\141\x79\x53\164\x61\164\x65"] != "\x2f") {
        goto tuE;
    }
    $Na = '';
    goto mVo;
    tuE:
    $Na = $_POST["\122\145\x6c\x61\x79\x53\164\141\x74\145"];
    $Na = mo_saml_parse_url($Na);
    mVo:
    if (!($Ya != "\123\165\x63\x63\x65\163\163")) {
        goto cck;
    }
    show_status_error($Ya, $Na, $Y_);
    cck:
    if (!($Na !== "\x74\x65\163\164\126\x61\x6c\x69\144\x61\x74\x65" && $Na !== "\164\145\163\164\116\145\x77\103\145\x72\164\x69\x66\151\x63\141\x74\x65")) {
        goto C17;
    }
    $is = parse_url($Na, PHP_URL_HOST);
    $TT = parse_url($Eq, PHP_URL_HOST);
    $iB = parse_url(get_current_base_url(), PHP_URL_HOST);
    if (!empty($Na)) {
        goto hrn;
    }
    $Na = "\x2f";
    goto k00;
    hrn:
    $Na = mo_saml_parse_url($Na);
    k00:
    if (!(!empty($is) && $is != $iB && !mo_saml_is_subdomain($is, $iB))) {
        goto Dnh;
    }
    Utilities::postSAMLResponse($Na, $_REQUEST["\123\101\x4d\114\122\145\x73\x70\x6f\156\163\x65"], mo_saml_relaystate_url($Na));
    Dnh:
    C17:
    $DL = maybe_unserialize(get_site_option("\x73\x61\155\154\137\x78\65\x30\x39\x5f\143\x65\x72\x74\x69\146\x69\143\141\164\145"));
    update_site_option("\x6d\x6f\137\x73\x61\155\154\137\x72\145\163\160\x6f\156\x73\145", base64_encode($k4));
    foreach ($DL as $tK => $Cd) {
        if (@openssl_x509_read($Cd)) {
            goto OOl;
        }
        unset($DL[$tK]);
        OOl:
        Jp9:
    }
    NBw:
    $F5 = $Eq . "\57";
    if ($Na == "\164\x65\163\164\x4e\145\167\x43\145\x72\x74\151\x66\151\x63\141\x74\145") {
        goto rOH;
    }
    $k4 = new SAML2_Response($mx, get_site_option("\155\157\x5f\163\141\155\x6c\137\143\165\162\x72\x65\x6e\x74\x5f\x63\x65\x72\x74\x5f\x70\x72\151\166\141\164\x65\x5f\x6b\145\x79"));
    goto JQn;
    rOH:
    $pu = file_get_contents(plugin_dir_path(__FILE__) . "\x72\145\163\x6f\165\162\143\145\x73" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_Private_Key);
    $k4 = new SAML2_Response($mx, $pu);
    JQn:
    $PB = $k4->getSignatureData();
    $TD = current($k4->getAssertions())->getSignatureData();
    if (!(empty($TD) && empty($PB))) {
        goto DDE;
    }
    if ($Na == "\x74\145\163\x74\126\x61\x6c\x69\x64\141\164\145" or $Na == "\164\x65\163\x74\x4e\x65\167\103\x65\x72\x74\151\146\x69\143\x61\164\x65") {
        goto R8M;
    }
    wp_die("\x57\145\x20\x63\157\165\154\144\x20\156\x6f\164\x20\163\x69\x67\x6e\x20\171\x6f\x75\40\151\156\x2e\x20\x50\x6c\x65\x61\x73\145\x20\143\x6f\x6e\164\x61\x63\x74\x20\x61\x64\x6d\x69\156\151\163\x74\x72\141\164\157\162", "\105\162\x72\x6f\162\72\x20\111\x6e\166\x61\154\x69\144\x20\123\x41\115\x4c\x20\122\x65\x73\160\x6f\x6e\x73\x65");
    goto vSp;
    R8M:
    $I7 = mo_options_error_constants::Error_no_certificate;
    $xa = mo_options_error_constants::Cause_no_certificate;
    echo "\x3c\x64\151\166\40\163\164\171\x6c\x65\x3d\x22\x66\157\156\164\x2d\146\x61\155\151\154\171\x3a\103\x61\x6c\151\142\x72\151\x3b\x70\141\x64\x64\x69\156\147\72\60\x20\x33\x25\73\42\x3e\xd\xa\11\11\x9\11\11\11\x3c\x64\x69\x76\x20\163\x74\x79\x6c\x65\75\42\143\x6f\154\x6f\x72\72\40\43\x61\x39\64\x34\x34\62\x3b\142\x61\x63\x6b\x67\162\x6f\x75\x6e\x64\55\143\157\x6c\157\x72\x3a\x20\43\146\62\x64\x65\144\145\x3b\160\141\144\x64\x69\x6e\x67\x3a\x20\61\65\x70\170\x3b\x6d\x61\162\147\151\x6e\x2d\142\x6f\164\164\x6f\155\x3a\40\62\x30\160\170\73\x74\145\x78\164\55\x61\x6c\x69\x67\x6e\72\x63\145\x6e\x74\145\x72\x3b\x62\x6f\x72\x64\x65\162\x3a\61\x70\x78\40\x73\x6f\x6c\x69\x64\x20\x23\x45\66\102\x33\102\x32\x3b\x66\157\156\x74\55\x73\x69\x7a\x65\x3a\61\70\x70\164\73\42\76\x20\105\x52\x52\117\122\74\57\144\151\166\x3e\15\12\11\11\11\11\11\11\74\x64\x69\166\x20\163\164\171\154\x65\75\x22\143\x6f\x6c\x6f\162\x3a\40\x23\x61\x39\x34\64\64\62\73\x66\x6f\x6e\164\55\x73\151\172\145\x3a\x31\x34\x70\164\x3b\40\155\141\x72\147\x69\156\x2d\x62\157\164\x74\157\155\x3a\62\60\x70\170\73\42\x3e\x3c\160\x3e\x3c\x73\x74\x72\157\x6e\147\76\105\162\x72\157\162\x20\x20\x3a" . esc_html($I7) . "\40\x3c\57\163\x74\x72\157\x6e\x67\x3e\x3c\x2f\x70\76\xd\12\x9\x9\x9\11\11\x9\xd\xa\11\11\11\x9\x9\11\74\160\x3e\74\x73\164\x72\x6f\x6e\147\76\x50\x6f\x73\163\151\142\154\145\x20\103\141\165\163\x65\72\40" . esc_html($xa) . "\74\57\163\x74\162\x6f\156\x67\x3e\x3c\x2f\160\76\xd\12\11\11\11\11\11\x9\xd\xa\11\11\x9\x9\x9\x9\x3c\x2f\144\x69\166\76\74\x2f\144\x69\x76\x3e";
    mo_saml_download_logs($I7, $xa);
    exit;
    vSp:
    DDE:
    $fw = '';
    if (is_array($DL)) {
        goto XdW;
    }
    $e4 = XMLSecurityKey::getRawThumbprint($DL);
    $e4 = mo_saml_convert_to_windows_iconv($e4);
    $e4 = preg_replace("\x2f\x5c\x73\53\57", '', $e4);
    if (empty($PB)) {
        goto NRK;
    }
    $fw = Utilities::processResponse($F5, $e4, $PB, $k4, 0, $Na);
    NRK:
    if (empty($TD)) {
        goto S05;
    }
    $fw = Utilities::processResponse($F5, $e4, $TD, $k4, 0, $Na);
    S05:
    goto EbW;
    XdW:
    foreach ($DL as $tK => $Cd) {
        $e4 = XMLSecurityKey::getRawThumbprint($Cd);
        $e4 = mo_saml_convert_to_windows_iconv($e4);
        $e4 = preg_replace("\x2f\x5c\x73\x2b\x2f", '', $e4);
        if (empty($PB)) {
            goto jqp;
        }
        $fw = Utilities::processResponse($F5, $e4, $PB, $k4, $tK, $Na);
        jqp:
        if (empty($TD)) {
            goto bKG;
        }
        $fw = Utilities::processResponse($F5, $e4, $TD, $k4, $tK, $Na);
        bKG:
        if (!$fw) {
            goto Aoz;
        }
        goto ZWy;
        Aoz:
        ySz:
    }
    ZWy:
    EbW:
    if (empty($PB)) {
        goto XgQ;
    }
    $AK = $PB["\103\x65\x72\164\151\146\x69\143\141\164\x65\163"][0];
    goto bny;
    XgQ:
    $AK = $TD["\103\x65\x72\164\x69\146\x69\143\x61\x74\x65\163"][0];
    bny:
    if ($fw) {
        goto DxZ;
    }
    if ($Na == "\164\145\163\164\126\141\154\151\x64\141\x74\145" or $Na == "\164\145\163\x74\x4e\145\x77\103\x65\162\164\151\x66\x69\x63\x61\164\x65") {
        goto vKz;
    }
    wp_die("\x57\145\40\143\x6f\165\x6c\x64\x20\156\157\164\40\x73\x69\147\156\40\x79\x6f\x75\x20\x69\156\x2e\x20\x50\154\x65\141\x73\145\40\x63\157\156\x74\x61\x63\x74\x20\x79\157\165\162\40\x41\x64\155\151\156\x69\163\x74\162\x61\164\x6f\162", "\105\x72\162\x6f\162\40\72\x43\145\x72\x74\151\146\x69\x63\x61\164\x65\40\x6e\157\x74\x20\146\x6f\165\x6e\x64");
    goto ubY;
    vKz:
    $I7 = mo_options_error_constants::Error_wrong_certificate;
    $xa = mo_options_error_constants::Cause_wrong_certificate;
    $BZ = "\x2d\55\55\55\x2d\x42\x45\107\x49\116\40\x43\x45\122\124\111\x46\x49\103\x41\x54\105\55\55\55\x2d\x2d\74\142\162\76" . chunk_split($AK, 64) . "\74\x62\162\x3e\55\55\x2d\55\55\x45\116\x44\40\x43\105\122\124\x49\x46\x49\x43\x41\x54\105\x2d\x2d\55\x2d\55";
    echo "\74\144\151\x76\40\x73\164\171\x6c\145\75\x22\x66\157\x6e\x74\x2d\x66\x61\155\151\154\171\x3a\103\x61\154\151\142\162\x69\73\x70\141\x64\x64\x69\156\147\72\x30\x20\x33\45\73\42\76";
    echo "\x3c\144\151\166\40\163\x74\171\x6c\145\75\42\143\x6f\154\x6f\162\72\x20\43\x61\x39\x34\x34\x34\62\x3b\142\141\x63\x6b\147\162\x6f\x75\x6e\144\x2d\x63\157\154\157\x72\x3a\x20\x23\146\62\x64\x65\144\x65\x3b\x70\141\x64\x64\151\156\147\72\40\x31\x35\x70\170\x3b\x6d\141\162\147\151\156\x2d\142\x6f\164\164\157\x6d\72\x20\62\x30\160\x78\x3b\x74\145\170\164\x2d\x61\x6c\151\147\156\72\x63\x65\x6e\164\x65\x72\x3b\142\157\x72\x64\145\162\72\61\160\170\40\x73\157\x6c\151\144\x20\43\105\66\x42\63\102\x32\x3b\x66\x6f\156\x74\55\x73\x69\x7a\145\72\61\70\160\164\73\x22\x3e\x20\x45\122\122\x4f\122\74\57\x64\x69\166\x3e\xd\xa\40\x20\x20\40\40\x20\x20\x20\x20\x20\40\x20\x20\x20\40\40\x20\x20\x20\40\40\x20\40\40\74\144\151\x76\x20\163\164\x79\154\145\75\42\x63\157\154\x6f\x72\x3a\x20\43\x61\x39\x34\64\64\62\x3b\x66\x6f\156\x74\55\163\x69\172\x65\x3a\61\x34\x70\164\x3b\x20\x6d\141\x72\x67\151\156\55\142\157\164\x74\x6f\155\x3a\62\x30\x70\170\x3b\x22\76\74\160\76\x3c\163\164\x72\x6f\x6e\x67\x3e\105\162\162\x6f\162\72\x20\x3c\x2f\163\x74\x72\157\x6e\x67\76\125\156\141\142\x6c\145\x20\164\x6f\40\146\151\156\x64\40\141\40\143\145\162\164\x69\146\151\x63\141\164\145\x20\155\141\164\143\150\151\x6e\x67\x20\x74\x68\x65\x20\x63\x6f\156\x66\151\x67\x75\x72\145\144\40\x66\x69\x6e\x67\145\x72\x70\162\x69\x6e\x74\x2e\x3c\57\x70\x3e\xd\12\40\x20\40\40\x20\x20\x20\40\40\x20\40\x20\40\x20\x20\x20\x20\40\x20\x20\x20\x20\x20\x20\40\x20\40\40\x3c\x70\76\x50\x6c\145\x61\x73\145\40\x63\157\156\164\x61\x63\164\40\x79\157\165\162\x20\141\x64\x6d\151\156\151\163\164\162\x61\164\157\x72\40\x61\156\144\40\x72\145\x70\x6f\162\164\x20\x74\x68\145\x20\146\157\x6c\x6c\157\x77\x69\156\x67\x20\x65\162\x72\157\162\x3a\74\x2f\160\76\xd\xa\40\40\40\x20\40\x20\40\x20\40\40\x20\40\40\x20\x20\x20\x20\40\x20\40\x20\x20\x20\40\40\x20\40\x20\x3c\x70\76\x3c\163\x74\x72\x6f\156\x67\x3e\x50\157\163\x73\151\142\x6c\x65\x20\x43\x61\x75\x73\145\72\x20\74\57\x73\x74\x72\157\x6e\x67\x3e\47\130\56\65\x30\x39\40\103\x65\162\164\151\146\x69\143\141\164\x65\47\40\146\151\x65\x6c\144\40\x69\156\x20\160\154\x75\x67\151\x6e\40\x64\x6f\145\163\x20\156\x6f\x74\40\155\141\x74\x63\150\x20\x74\150\x65\x20\x63\145\x72\164\151\x66\x69\x63\x61\x74\x65\x20\146\157\x75\x6e\x64\x20\x69\156\40\x53\101\115\x4c\40\122\145\x73\x70\x6f\x6e\163\145\x2e\74\x2f\x70\76\xd\12\x20\40\40\x20\40\40\40\40\40\x20\x20\40\40\40\40\40\x20\x20\40\x20\40\40\40\40\x20\40\40\40\74\160\x3e\74\x73\164\x72\x6f\156\147\x3e\103\x65\x72\164\x69\x66\x69\x63\141\164\x65\x20\146\x6f\x75\156\144\x20\151\x6e\40\123\101\115\114\40\x52\x65\163\160\157\x6e\163\x65\72\40\x3c\57\x73\164\162\157\156\147\x3e\x3c\146\157\156\164\40\146\x61\143\x65\75\42\x43\157\165\x72\x69\x65\x72\x20\116\145\167\42\x3e\x3c\x62\x72\76\x3c\x62\x72\x3e" . $BZ . "\x3c\x2f\x70\76\x3c\57\x66\x6f\x6e\x74\x3e\15\12\40\x20\40\40\40\x20\x20\40\40\40\40\x20\40\40\x20\40\x20\40\x20\x20\40\x20\x20\x20\40\40\40\x20\74\160\x3e\74\x73\x74\162\x6f\x6e\147\76\123\x6f\154\165\x74\151\157\156\72\40\x3c\x2f\x73\164\162\x6f\x6e\147\76\x3c\57\160\76\xd\xa\x20\x20\x20\40\x20\40\x20\40\x20\40\x20\x20\x20\x20\40\x20\40\40\40\40\40\x20\x20\x20\x20\40\x20\40\74\157\x6c\76\xd\12\40\x20\40\40\x20\40\40\x20\40\40\x20\x20\40\40\40\40\40\x20\40\40\40\40\x20\40\40\40\40\40\x20\40\40\x3c\x6c\151\x3e\x43\157\x70\171\40\x70\141\x73\164\145\40\x74\x68\x65\40\x63\x65\x72\164\x69\x66\x69\x63\141\164\x65\40\x70\x72\x6f\166\151\x64\x65\144\40\x61\142\x6f\166\145\x20\x69\x6e\40\x58\x35\x30\71\x20\x43\145\162\164\x69\146\151\143\141\x74\145\40\x75\x6e\144\x65\x72\x20\123\x65\162\166\x69\143\145\x20\120\x72\x6f\x76\151\144\145\x72\40\123\145\164\165\160\x20\164\x61\142\56\74\57\154\151\x3e\15\12\40\40\x20\x20\x20\40\40\40\x20\40\x20\40\40\40\x20\x20\40\x20\x20\40\x20\40\x20\x20\x20\x20\x20\40\40\40\x20\74\154\151\x3e\x49\x66\x20\x69\x73\163\x75\x65\x20\x70\145\162\x73\151\163\164\163\x20\x64\x69\x73\141\142\154\x65\x20\74\142\x3e\x43\150\141\162\x61\143\x74\145\162\40\145\x6e\x63\x6f\144\x69\156\x67\74\57\x62\76\40\x75\x6e\144\145\x72\x20\123\145\x72\x76\x69\x63\145\40\x50\162\157\x76\144\x65\162\40\123\145\x74\165\x70\x20\x74\x61\142\x2e\74\57\154\151\76\xd\xa\40\x20\x20\x20\40\40\x20\x20\40\40\40\40\x20\40\40\x20\40\40\40\x20\x20\x20\x20\40\40\x20\x20\40\74\x2f\157\154\76\15\12\x20\x20\x20\40\40\x20\x20\x20\40\x20\40\40\40\x20\40\x20\x20\x20\40\40\x20\40\x20\x20\40\40\40\40\x3c\x2f\144\151\166\76\xd\xa\x20\x20\40\x20\x20\x20\x20\40\x20\x20\40\40\x20\40\40\x20\x20\40\x20\40\x20\40\x20\x20\74\144\x69\166\40\x73\x74\171\154\x65\75\x22\155\x61\x72\x67\x69\x6e\x3a\63\45\73\x64\x69\x73\160\x6c\141\171\x3a\142\x6c\x6f\143\x6b\73\x74\145\x78\164\55\141\154\151\147\156\x3a\143\x65\x6e\x74\x65\x72\x3b\42\x3e\xd\xa\40\40\x20\x20\x20\40\x20\x20\40\40\40\x20\x20\x20\x20\x20\x20\x20\x20\40\x20\40\40\40\x20\x20\x20\x20\40\x20\40\40\74\x64\x69\166\x20\163\164\171\x6c\x65\75\42\x6d\x61\162\x67\x69\x6e\x3a\63\x25\x3b\x64\151\x73\x70\x6c\x61\x79\x3a\142\154\x6f\143\153\73\x74\145\170\x74\55\x61\154\151\x67\156\72\143\145\x6e\164\x65\x72\x3b\42\x3e\74\151\156\160\x75\x74\x20\163\164\x79\154\x65\75\x22\160\x61\144\x64\x69\156\x67\72\61\x25\x3b\x77\x69\x64\164\150\x3a\x31\60\60\x70\x78\x3b\142\141\143\x6b\x67\162\x6f\165\x6e\144\x3a\x20\43\x30\x30\x39\x31\103\104\40\156\157\156\x65\40\162\x65\x70\x65\141\x74\40\x73\143\x72\157\x6c\x6c\x20\x30\45\40\x30\x25\x3b\x63\165\162\x73\x6f\162\x3a\40\x70\x6f\151\x6e\x74\145\162\x3b\146\157\156\164\x2d\x73\151\x7a\x65\72\61\x35\160\170\x3b\142\157\162\x64\x65\x72\x2d\167\x69\144\x74\150\72\40\61\160\170\73\142\157\162\x64\x65\x72\55\x73\x74\x79\x6c\145\72\40\x73\x6f\x6c\x69\x64\x3b\142\157\162\144\x65\x72\55\x72\141\144\x69\x75\x73\72\40\x33\160\170\73\x77\x68\151\164\145\x2d\163\x70\141\x63\145\72\x20\x6e\x6f\167\x72\141\x70\73\x62\157\170\x2d\x73\x69\172\x69\x6e\x67\72\40\142\157\162\x64\x65\x72\55\142\x6f\170\x3b\x62\157\x72\144\145\x72\55\x63\157\x6c\x6f\x72\72\x20\43\60\60\x37\x33\101\x41\73\x62\157\x78\x2d\x73\x68\141\144\x6f\167\x3a\x20\60\x70\x78\x20\x31\160\x78\x20\60\160\170\40\x72\x67\142\141\50\x31\62\60\54\x20\x32\60\60\54\x20\x32\x33\60\54\40\60\x2e\66\51\40\151\156\163\x65\164\73\143\157\x6c\157\162\x3a\x20\x23\x46\x46\x46\x3b\42\164\171\160\145\x3d\x22\142\165\164\164\x6f\x6e\42\40\166\141\x6c\x75\145\x3d\x22\x44\x6f\x6e\145\42\40\157\x6e\x43\x6c\151\143\x6b\x3d\x22\x73\145\x6c\146\x2e\x63\x6c\x6f\x73\145\x28\x29\x3b\42\x3e\74\57\x64\x69\x76\76";
    mo_saml_download_logs($I7, $xa);
    exit;
    ubY:
    DxZ:
    $V4 = get_site_option("\163\141\x6d\154\137\151\163\163\x75\x65\x72");
    $yo = get_site_option("\x6d\x6f\x5f\x73\141\155\x6c\x5f\163\x70\137\145\156\x74\151\x74\x79\x5f\151\x64");
    if (!empty($yo)) {
        goto AOE;
    }
    $yo = $Eq . "\x2f\x77\160\x2d\x63\157\x6e\x74\x65\156\164\x2f\x70\154\x75\147\x69\x6e\x73\x2f\155\151\x6e\151\x6f\162\x61\x6e\x67\x65\55\163\141\155\x6c\55\x32\60\55\x73\x69\x6e\147\x6c\x65\55\163\x69\147\x6e\55\157\x6e\x2f";
    AOE:
    Utilities::validateIssuerAndAudience($k4, $yo, $V4, $Na);
    $aw = current(current($k4->getAssertions())->getNameId());
    $jG = current($k4->getAssertions())->getAttributes();
    $jG["\x4e\x61\155\x65\x49\104"] = array("\x30" => $aw);
    $fC = current($k4->getAssertions())->getSessionIndex();
    mo_saml_checkMapping($jG, $Na, $fC);
    goto PKX;
    wYx:
    if (empty($_REQUEST["\x52\x65\154\141\171\x53\164\141\164\145"])) {
        goto c8D;
    }
    $Xn = $_REQUEST["\x52\145\x6c\x61\x79\x53\x74\x61\x74\x65"];
    c8D:
    if (!is_user_logged_in()) {
        goto BN0;
    }
    wp_destroy_current_session();
    wp_clear_auth_cookie();
    wp_set_current_user(0);
    BN0:
    if (empty($Xn)) {
        goto sQJ;
    }
    $Xn = mo_saml_parse_url($Xn);
    goto w3I;
    sQJ:
    $Xn = $Eq;
    w3I:
    do_action("\155\157\x5f\x73\x61\155\154\x5f\x73\x70\x5f\151\156\x69\x74\151\x61\x74\145\x64\x5f\x73\154\157\x5f\x70\x72\x65\x5f\x72\x65\x64\151\162\145\143\x74", $Xn);
    header("\114\157\x63\x61\x74\x69\157\156\x3a" . $Xn);
    exit;
    PKX:
    v1S:
    if (!(array_key_exists("\x53\x41\115\x4c\122\x65\161\x75\145\163\164", $_REQUEST) && !empty($_REQUEST["\x53\x41\115\x4c\122\x65\x71\x75\x65\163\164"]))) {
        goto hF2;
    }
    $a_ = $_REQUEST["\123\101\115\114\x52\x65\x71\x75\x65\163\x74"];
    $Na = "\57";
    if (!array_key_exists("\122\x65\154\141\171\x53\x74\x61\164\145", $_REQUEST)) {
        goto o47;
    }
    $Na = $_REQUEST["\x52\145\x6c\141\x79\x53\x74\141\164\145"];
    o47:
    $a_ = base64_decode($a_);
    if (!(array_key_exists("\123\x41\115\114\122\145\x71\x75\x65\x73\x74", $_GET) && !empty($_GET["\123\101\x4d\114\x52\145\x71\x75\145\163\x74"]))) {
        goto AEu;
    }
    $a_ = gzinflate($a_);
    AEu:
    $Hr = new DOMDocument();
    $Hr->loadXML($a_);
    $GM = $Hr->firstChild;
    if (!($GM->localName == "\114\x6f\147\x6f\x75\164\x52\x65\161\165\145\163\x74")) {
        goto U8k;
    }
    $LO = new SAML2_LogoutRequest($GM);
    if (!(!session_id() || session_id() == '' || empty($_SESSION))) {
        goto rio;
    }
    session_start();
    rio:
    $_SESSION["\155\x6f\x5f\x73\x61\155\154\x5f\x6c\157\x67\x6f\165\164\x5f\162\145\161\x75\x65\163\x74"] = $a_;
    $_SESSION["\155\157\x5f\163\x61\x6d\154\x5f\x6c\x6f\x67\157\x75\164\137\162\145\x6c\x61\x79\137\x73\164\x61\164\145"] = $Na;
    wp_redirect(htmlspecialchars_decode(wp_logout_url()));
    exit;
    U8k:
    hF2:
    VMW:
}

Function Calls

None

Variables

None

Stats

MD5 4323080b87d0697e6493644c3a603d22
Eval Count 0
Decode Time 47 ms