Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php namespace miniorangedev\craftsinglesignon\controllers; use miniorangedev\cra..
Decoded Output download
<?php
namespace miniorangedev\craftsinglesignon\controllers;
use miniorangedev\craftsinglesignon\Craftsinglesignon;
use craft\elements\User;
use craft\helpers\UrlHelper;
use miniorangedev\craftsinglesignon\controllers\ResourcesController;
use miniorangedev\craftsinglesignon\controllers\LoginController;
use miniorangedev\craftsinglesignon\utilities\Utilities;
use miniorangedev\craftsinglesignon\utilities\SAML2SPResponse;
use DOMDocument;
use DOMXPath;
use Craft;
use craft\web\Controller;
class MethodController extends Controller
{
public $enableCsrfValidation = false;
protected array|int|bool $allowAnonymous = ["xhjsdop", "saml", "callback", "samllogin", "validSignature"];
public static function actionXhjsdop($qh, $CP)
{
$fR = base64_encode($CP);
$l8 = count(User::find()->slug("mologin")->all());
return ResourcesController::actionPtrriejj($l8, $fR);
}
public function actionSaml()
{
error_log("Hello");
var_dump("hi");
exit;
$Fo = isset($_GET["test_config"]) ? "test_config" : "pro_config";
$ma = ResourcesController::actionDatadb("samlsettings") != null ? ResourcesController::actionDatadb("samlsettings") : array();
$Bf = isset($ma["login_url"]) ? $ma["login_url"] : '';
$xB = isset($ma["issuer"]) ? $ma["issuer"] : '';
$xs = Craft::$app->version > 4 ? getenv("PRIMARY_SITE_URL") : getenv("PRIMARY_SITE_URL");
$LB = $xs . "/mosinglesignon/samllogin";
$Qh = false;
$Cd = "HttpRedirect";
$QT = "1.1:nameid-format:unspecified";
$Vv = Utilities::createAuthnRequest($LB, $xB, $Bf, $Qh, $Cd, $QT);
header("Location: " . $Bf . "?SAMLRequest=" . $Vv . "&RelayState=" . $Fo);
exit;
}
public function actionSamllogin()
{
$Fo = $Tl = $FK = '';
$J7 = array();
$so = ResourcesController::actionDatadb() != null ? ResourcesController::actionDatadb() : array();
$ma = isset($so["samlsettings"]) ? $so["samlsettings"] : '';
$hq = isset($so["samlattribute"]) ? $so["samlattribute"] : '';
$Ba = isset($hq["email_attribute"]) ? $hq["email_attribute"] : '';
$E4 = isset($hq["firstname_attribute"]) ? $hq["firstname_attribute"] : '';
$JO = isset($hq["lastname_attribute"]) ? $hq["lastname_attribute"] : '';
if (array_key_exists("SAMLResponse", $_REQUEST) && !empty($_REQUEST["SAMLResponse"])) {
goto xD;
}
exit("We could not sign you in. Please contact administrator Error: Invalid SAML Response");
goto Ia;
xD:
$dp = $_POST["SAMLResponse"];
$dp = htmlspecialchars($dp);
$dp = base64_decode($dp);
$Fo = $_POST["RelayState"];
if (!(array_key_exists("SAMLResponse", $_GET) && !empty($_GET["SAMLResponse"]))) {
goto fM;
}
$dp = gzinflate($dp);
fM:
Ia:
$oG = new DOMDocument();
$oG->loadXML($dp);
$AS = $oG->firstChild;
$zd = $oG->documentElement;
$PK = new DOMXpath($oG);
$PK->registerNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
$PK->registerNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
foreach ($PK->query("/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute", $zd) as $hq) {
foreach ($PK->query("saml:AttributeValue", $hq) as $rO) {
$J7[$hq->getAttribute("Name")] = $rO->textContent;
if (!($hq->getAttribute("Name") == $Ba)) {
goto MI;
}
$Tl = $rO->textContent;
MI:
if (!($hq->getAttribute("Name") == $E4)) {
goto kF;
}
$FK = $rO->textContent;
kF:
if (!($hq->getAttribute("Name") == $JO)) {
goto gL;
}
$F9 = $rO->textContent;
gL:
ed:
}
s3:
B0:
}
y5:
self::actionvalidSignature($ma, $AS);
if ($Fo == "test_config") {
goto dW;
}
if (isset($FK) && isset($Tl)) {
goto me;
}
exit("No profile data return from provider!");
goto Xt;
me:
LoginController::actionLogin_flow($so, $FK, $Tl);
Xt:
goto LT;
dW:
LoginController::actionTest_config($J7);
LT:
}
public function actionvalidSignature($ma, $AS)
{
$p0 = 0;
$xi = @$ma["meta_data"] ?: null;
$xs = Craft::$app->version > 4 ? getenv("PRIMARY_SITE_URL") : getenv("PRIMARY_SITE_URL");
$xs = preg_replace("{/$}", '', $xs);
$LB = $xs . "/mosinglesignon/samllogin";
if (!(array_key_exists("RelayState", $_POST) && !empty($_POST["RelayState"]) && $_POST["RelayState"] != "/")) {
goto GI;
}
$iP = $_POST["RelayState"];
GI:
$sF = self::getRawThumbprint($xi);
$sF = iconv("UTF-8", "CP1252//IGNORE", $sF);
$sF = preg_replace("/\s+/", '', $sF);
$cz = file_get_contents(Craft::$app->getPath()->getvendorPath() . "/miniorangedev/craft-single-sign-on/src/variables/miniorange_sp_2020_priv.key");
$dp = new SAML2SPResponse($AS, $cz);
$Ly = $dp->getSignatureData();
$e7 = current($dp->getAssertions())->getSignatureData();
if (empty($Ly)) {
goto mM;
}
$hy = Utilities::processResponse($LB, $sF, $Ly, $dp, $p0, $iP);
mM:
if (empty($e7)) {
goto qr;
}
$hy = Utilities::processResponse($LB, $sF, $e7, $dp, $p0, $iP);
qr:
if ($hy) {
goto HN;
}
exit("Signature validation failed");
goto E9;
HN:
return true;
E9:
}
public function getRawThumbprint($fu)
{
$hz = explode("
", $fu);
$ma = '';
$R6 = false;
foreach ($hz as $hI) {
if (!$R6) {
goto lu;
}
if (!(strncmp($hI, "-----END CERTIFICATE", 20) == 0)) {
goto hT;
}
goto CB;
hT:
$ma .= trim($hI);
goto fP;
lu:
if (!(strncmp($hI, "-----BEGIN CERTIFICATE", 22) == 0)) {
goto cI;
}
$R6 = true;
cI:
fP:
aU:
}
CB:
if (empty($ma)) {
goto TL;
}
return strtolower(sha1(base64_decode($ma)));
TL:
return null;
}
}
?>
Did this file decode correctly?
Original Code
<?php
namespace miniorangedev\craftsinglesignon\controllers;
use miniorangedev\craftsinglesignon\Craftsinglesignon;
use craft\elements\User;
use craft\helpers\UrlHelper;
use miniorangedev\craftsinglesignon\controllers\ResourcesController;
use miniorangedev\craftsinglesignon\controllers\LoginController;
use miniorangedev\craftsinglesignon\utilities\Utilities;
use miniorangedev\craftsinglesignon\utilities\SAML2SPResponse;
use DOMDocument;
use DOMXPath;
use Craft;
use craft\web\Controller;
class MethodController extends Controller
{
public $enableCsrfValidation = false;
protected array|int|bool $allowAnonymous = ["\x78\150\x6a\x73\x64\157\160", "\163\141\155\154", "\x63\141\154\x6c\x62\141\x63\x6b", "\163\141\155\x6c\x6c\157\147\151\156", "\x76\141\x6c\x69\x64\x53\x69\147\156\141\x74\x75\162\x65"];
public static function actionXhjsdop($qh, $CP)
{
$fR = base64_encode($CP);
$l8 = count(User::find()->slug("\x6d\x6f\154\x6f\x67\x69\x6e")->all());
return ResourcesController::actionPtrriejj($l8, $fR);
}
public function actionSaml()
{
error_log("\x48\x65\154\x6c\x6f");
var_dump("\150\151");
exit;
$Fo = isset($_GET["\164\x65\163\164\x5f\143\157\x6e\x66\151\x67"]) ? "\164\x65\163\164\x5f\x63\x6f\x6e\x66\151\x67" : "\x70\162\157\x5f\143\x6f\x6e\x66\x69\147";
$ma = ResourcesController::actionDatadb("\x73\x61\x6d\x6c\x73\x65\x74\x74\151\156\147\x73") != null ? ResourcesController::actionDatadb("\163\141\x6d\154\x73\x65\x74\164\x69\x6e\147\163") : array();
$Bf = isset($ma["\154\157\147\x69\156\x5f\165\x72\154"]) ? $ma["\x6c\x6f\x67\x69\156\x5f\165\162\154"] : '';
$xB = isset($ma["\151\x73\163\165\x65\x72"]) ? $ma["\151\163\163\x75\x65\162"] : '';
$xs = Craft::$app->version > 4 ? getenv("\120\x52\111\115\x41\x52\x59\137\123\x49\124\105\x5f\125\x52\x4c") : getenv("\x50\x52\111\x4d\101\122\131\137\123\x49\x54\x45\x5f\x55\122\114");
$LB = $xs . "\57\155\157\x73\x69\x6e\147\x6c\x65\163\151\x67\156\157\156\57\x73\141\155\x6c\x6c\x6f\147\151\x6e";
$Qh = false;
$Cd = "\110\164\164\160\x52\145\144\151\x72\x65\143\164";
$QT = "\61\56\x31\72\x6e\141\155\x65\x69\x64\55\146\x6f\162\x6d\141\x74\x3a\165\x6e\x73\x70\145\143\151\146\151\145\x64";
$Vv = Utilities::createAuthnRequest($LB, $xB, $Bf, $Qh, $Cd, $QT);
header("\x4c\157\x63\x61\x74\x69\x6f\156\72\40" . $Bf . "\77\123\x41\115\x4c\x52\x65\x71\165\145\x73\164\75" . $Vv . "\46\x52\145\154\x61\171\x53\x74\141\x74\x65\75" . $Fo);
exit;
}
public function actionSamllogin()
{
$Fo = $Tl = $FK = '';
$J7 = array();
$so = ResourcesController::actionDatadb() != null ? ResourcesController::actionDatadb() : array();
$ma = isset($so["\163\x61\x6d\154\x73\145\164\x74\x69\x6e\x67\163"]) ? $so["\x73\x61\x6d\154\x73\145\x74\164\151\x6e\x67\x73"] : '';
$hq = isset($so["\163\x61\x6d\154\x61\164\164\x72\151\x62\x75\x74\x65"]) ? $so["\x73\x61\x6d\154\x61\164\x74\162\151\x62\165\x74\145"] : '';
$Ba = isset($hq["\x65\155\141\151\x6c\x5f\141\x74\x74\162\x69\142\165\x74\145"]) ? $hq["\145\155\141\151\154\137\141\x74\164\162\x69\x62\x75\x74\x65"] : '';
$E4 = isset($hq["\x66\151\x72\163\164\156\141\155\x65\137\x61\x74\x74\x72\151\x62\x75\x74\x65"]) ? $hq["\146\x69\x72\163\x74\156\x61\155\x65\x5f\141\x74\164\x72\x69\x62\x75\x74\x65"] : '';
$JO = isset($hq["\154\x61\163\x74\x6e\141\155\145\137\141\x74\164\162\x69\142\165\x74\x65"]) ? $hq["\154\x61\x73\164\156\x61\155\145\137\x61\x74\x74\x72\151\142\165\164\145"] : '';
if (array_key_exists("\x53\x41\115\x4c\x52\x65\163\160\157\156\163\x65", $_REQUEST) && !empty($_REQUEST["\123\x41\115\x4c\x52\x65\163\160\157\x6e\163\145"])) {
goto xD;
}
exit("\127\x65\x20\x63\x6f\165\154\144\40\156\x6f\x74\40\163\x69\147\x6e\x20\x79\x6f\165\40\151\x6e\x2e\x20\120\x6c\145\141\x73\145\40\143\157\156\164\141\143\164\x20\141\144\x6d\x69\x6e\x69\x73\x74\x72\x61\x74\x6f\162\40\105\x72\162\157\x72\x3a\x20\x49\x6e\166\x61\x6c\151\x64\x20\x53\101\115\x4c\40\122\145\x73\x70\x6f\x6e\163\x65");
goto Ia;
xD:
$dp = $_POST["\x53\101\115\x4c\122\x65\x73\160\x6f\156\x73\x65"];
$dp = htmlspecialchars($dp);
$dp = base64_decode($dp);
$Fo = $_POST["\122\145\154\x61\x79\x53\x74\141\x74\x65"];
if (!(array_key_exists("\x53\101\115\x4c\x52\x65\163\x70\x6f\156\163\x65", $_GET) && !empty($_GET["\x53\101\115\x4c\122\x65\x73\160\157\156\163\145"]))) {
goto fM;
}
$dp = gzinflate($dp);
fM:
Ia:
$oG = new DOMDocument();
$oG->loadXML($dp);
$AS = $oG->firstChild;
$zd = $oG->documentElement;
$PK = new DOMXpath($oG);
$PK->registerNamespace("\163\141\x6d\x6c\x70", "\x75\162\x6e\x3a\x6f\141\x73\151\163\x3a\x6e\x61\155\x65\x73\x3a\x74\x63\72\x53\101\x4d\114\x3a\62\x2e\x30\72\x70\x72\157\164\157\143\x6f\x6c");
$PK->registerNamespace("\x73\x61\155\x6c", "\x75\x72\156\72\x6f\141\163\151\163\x3a\156\x61\155\145\x73\x3a\164\x63\x3a\123\101\115\x4c\72\62\56\60\72\141\x73\x73\x65\x72\164\151\157\x6e");
foreach ($PK->query("\x2f\x73\x61\155\154\x70\x3a\x52\x65\163\160\x6f\x6e\x73\145\x2f\163\x61\155\x6c\72\x41\x73\163\x65\162\x74\151\157\156\57\163\x61\x6d\x6c\x3a\101\x74\164\162\x69\x62\x75\164\x65\x53\x74\x61\164\x65\x6d\x65\156\x74\57\163\x61\155\x6c\72\101\164\x74\162\151\142\x75\164\x65", $zd) as $hq) {
foreach ($PK->query("\163\141\x6d\x6c\x3a\101\x74\x74\x72\x69\142\165\164\145\x56\141\154\x75\x65", $hq) as $rO) {
$J7[$hq->getAttribute("\116\141\155\x65")] = $rO->textContent;
if (!($hq->getAttribute("\116\141\x6d\x65") == $Ba)) {
goto MI;
}
$Tl = $rO->textContent;
MI:
if (!($hq->getAttribute("\x4e\x61\x6d\x65") == $E4)) {
goto kF;
}
$FK = $rO->textContent;
kF:
if (!($hq->getAttribute("\116\x61\155\x65") == $JO)) {
goto gL;
}
$F9 = $rO->textContent;
gL:
ed:
}
s3:
B0:
}
y5:
self::actionvalidSignature($ma, $AS);
if ($Fo == "\164\x65\x73\x74\137\x63\x6f\156\x66\x69\147") {
goto dW;
}
if (isset($FK) && isset($Tl)) {
goto me;
}
exit("\x4e\157\x20\x70\x72\x6f\x66\151\x6c\x65\x20\x64\x61\164\141\40\162\145\x74\165\162\x6e\40\146\x72\x6f\155\40\x70\162\157\x76\x69\144\145\162\41");
goto Xt;
me:
LoginController::actionLogin_flow($so, $FK, $Tl);
Xt:
goto LT;
dW:
LoginController::actionTest_config($J7);
LT:
}
public function actionvalidSignature($ma, $AS)
{
$p0 = 0;
$xi = @$ma["\155\145\164\141\137\144\141\x74\141"] ?: null;
$xs = Craft::$app->version > 4 ? getenv("\x50\x52\111\115\x41\x52\131\137\x53\111\x54\x45\x5f\125\122\x4c") : getenv("\x50\122\x49\115\101\x52\x59\137\123\x49\124\105\137\x55\122\x4c");
$xs = preg_replace("\173\x2f\x24\x7d", '', $xs);
$LB = $xs . "\x2f\155\157\x73\151\x6e\x67\154\145\163\151\x67\x6e\157\x6e\57\x73\141\155\154\x6c\x6f\x67\x69\156";
if (!(array_key_exists("\122\145\x6c\x61\x79\123\x74\x61\x74\x65", $_POST) && !empty($_POST["\122\145\154\x61\171\x53\164\141\164\x65"]) && $_POST["\x52\145\x6c\141\171\x53\x74\141\164\145"] != "\57")) {
goto GI;
}
$iP = $_POST["\122\145\154\141\171\123\x74\x61\x74\145"];
GI:
$sF = self::getRawThumbprint($xi);
$sF = iconv("\x55\124\106\55\70", "\103\120\61\62\x35\x32\x2f\x2f\111\107\116\117\122\x45", $sF);
$sF = preg_replace("\x2f\x5c\x73\53\57", '', $sF);
$cz = file_get_contents(Craft::$app->getPath()->getvendorPath() . "\x2f\155\151\156\151\x6f\x72\x61\156\x67\145\x64\x65\x76\x2f\143\162\x61\146\x74\x2d\x73\x69\156\x67\154\145\55\x73\151\147\x6e\x2d\x6f\156\57\x73\x72\x63\x2f\x76\x61\x72\151\x61\x62\x6c\x65\x73\x2f\155\151\156\x69\x6f\162\x61\156\x67\x65\137\163\160\137\62\60\62\60\x5f\160\162\x69\166\x2e\153\x65\x79");
$dp = new SAML2SPResponse($AS, $cz);
$Ly = $dp->getSignatureData();
$e7 = current($dp->getAssertions())->getSignatureData();
if (empty($Ly)) {
goto mM;
}
$hy = Utilities::processResponse($LB, $sF, $Ly, $dp, $p0, $iP);
mM:
if (empty($e7)) {
goto qr;
}
$hy = Utilities::processResponse($LB, $sF, $e7, $dp, $p0, $iP);
qr:
if ($hy) {
goto HN;
}
exit("\x53\x69\147\x6e\x61\x74\x75\162\145\x20\x76\141\x6c\151\x64\141\x74\151\157\156\x20\146\x61\151\x6c\x65\x64");
goto E9;
HN:
return true;
E9:
}
public function getRawThumbprint($fu)
{
$hz = explode("\12", $fu);
$ma = '';
$R6 = false;
foreach ($hz as $hI) {
if (!$R6) {
goto lu;
}
if (!(strncmp($hI, "\55\55\55\x2d\55\x45\x4e\x44\40\x43\x45\122\x54\x49\106\111\103\x41\x54\x45", 20) == 0)) {
goto hT;
}
goto CB;
hT:
$ma .= trim($hI);
goto fP;
lu:
if (!(strncmp($hI, "\x2d\55\55\x2d\55\102\105\107\111\116\40\x43\105\x52\124\111\x46\x49\103\x41\x54\105", 22) == 0)) {
goto cI;
}
$R6 = true;
cI:
fP:
aU:
}
CB:
if (empty($ma)) {
goto TL;
}
return strtolower(sha1(base64_decode($ma)));
TL:
return null;
}
}
Function Calls
None |
Stats
MD5 | 448a3b6c23d6cf5f6b2356be2d828087 |
Eval Count | 0 |
Decode Time | 52 ms |