Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /** * Plugin Name: OAuth Single Sign On - SSO (OAuth client) * Plugin URI: http..
Decoded Output download
<?php
/**
* Plugin Name: OAuth Single Sign On - SSO (OAuth client)
* Plugin URI: http://miniorange.com
* Description: This plugin enables login to your WordPress site using OAuth apps like Google, Facebook, EVE Online and other.
* Version: 28.4.9
* Author: miniOrange
* Author URI: https://www.miniorange.com
* License: miniOrange
*/
require "_autoload.php";
require_once "mo-oauth-client-plugin-version-update.php";
use MoOauthClient\Base\BaseStructure;
use MoOauthClient\MOUtils;
use MoOauthClient\GrantTypes\JWTUtils;
use MoOauthClient\Base\InstanceHelper;
use MoOauthClient\MoOauthClientWidget;
use MoOauthClient\Free\MOCVisualTour;
use MoOauthClient\Free\CustomizationSettings;
global $Xa;
$VK = new InstanceHelper();
$Xa = $VK->get_utils_instance();
$Pg = $Xa->get_plugin_config()->get_current_config();
$LP = $VK->get_settings_instance();
$Bs = new BaseStructure();
$I6 = $VK->get_login_handler_instance();
$F_ = new CustomizationSettings();
$F_ = $F_->mo_oauth_custom_icons_intiater();
function register_mo_oauth_widget()
{
register_widget("\MoOauthClient\MoOauthClientWidget");
}
function mo_oauth_shortcode_login($Bv)
{
global $Xa;
$UB = new MoOauthClientWidget();
if ($Xa->check_versi(4) && $Xa->mo_oauth_client_get_option("mo_oauth_activate_single_login_flow")) {
goto thN;
}
if (empty($Bv["redirect_url"])) {
goto uCc;
}
return $Bv && isset($Bv["appname"]) && !empty($Bv["appname"]) ? $UB->mo_oauth_login_form($mi = true, $Px = $Bv["appname"], $kw = $Bv["redirect_url"]) : $UB->mo_oauth_login_form($mi = false, $Px = '', $kw = $Bv["redirect_url"]);
uCc:
return $Bv && isset($Bv["appname"]) && !empty($Bv["appname"]) ? $UB->mo_oauth_login_form($mi = true, $Px = $Bv["appname"]) : $UB->mo_oauth_login_form(false);
goto a8t;
thN:
return $UB->mo_activate_single_login_flow_form();
a8t:
}
add_action("widgets_init", "register_mo_oauth_widget");
add_shortcode("mo_oauth_login", "mo_oauth_shortcode_login");
add_action("init", "mo_get_version_number");
add_action("init", "mo_oauth_frontslo");
add_action("init", "mo_oauth_backslo");
function mo_get_version_number()
{
if (!(isset($_GET["action"]) && $_GET["action"] === "mo_version_number" && isset($_GET["apiKey"]) && $_GET["apiKey"] === "c20a7df86b3d4d1abe2d47d0e1b1f847")) {
goto kWO;
}
echo mo_oauth_client_options_plugin_constants::Version;
exit;
kWO:
}
function mo_oauth_frontslo()
{
$Xa = new MOUtils();
if (!($Xa->check_versi(4) && isset($_SERVER["REQUEST_URI"]) && sanitize_url($_SERVER["REQUEST_URI"]) != NULL && strpos(sanitize_url($_SERVER["REQUEST_URI"]), "frontchannel_logout") != false)) {
goto NAb;
}
$BR = get_current_user_id();
$Nr = get_user_meta($BR, "mo_oauth_client_last_id_token", true);
$VY = new JWTUtils($Nr);
$eE = $VY->get_decoded_payload();
$mo = sanitize_url($_SERVER["REQUEST_URI"]);
$bh = parse_url($mo);
parse_str($bh["query"], $C3);
$q5 = $eE["sid"];
$Me = $C3["sid"];
if ($q5 === $Me) {
goto SgL;
}
$fB = array("code" => 400, "description" => "User Id not found");
wp_send_json($fB, 400);
goto kBb;
SgL:
$BW = '';
if (!isset($eE["iat"])) {
goto bmk;
}
$BW = $eE["iat"];
bmk:
if (!is_user_logged_in()) {
goto xBW;
}
mo_slo_logout_user($BR);
xBW:
kBb:
NAb:
}
function mo_oauth_backslo()
{
$Xa = new MOUtils();
if (!($Xa->check_versi(4) && isset($_SERVER["REQUEST_URI"]) && sanitize_url($_SERVER["REQUEST_URI"]) != NULL && strpos(sanitize_url($_SERVER["REQUEST_URI"]), "backchannel_logout") != false)) {
goto wqc;
}
$LW = file_get_contents("php://input");
$wx = explode("=", $LW);
if (!(json_last_error() !== JSON_ERROR_NONE)) {
goto uS3;
}
$LW = array_map("esc_attr", sanitize_post($_POST));
uS3:
if ($wx[0] == "logout_token") {
goto L1j;
}
$fB = array("code" => 400, "description" => "The Logout token is either not sent or sent incorrectly.");
wp_send_json($fB, 400);
goto LR6;
L1j:
$Vz = $wx[1];
$VY = new JWTUtils($Vz);
$m3 = isset($_REQUEST["appname"]) && sanitize_text_field($_REQUEST["appname"]) != NULL ? sanitize_text_field($_REQUEST["appname"]) : '';
$Ag = false;
$yb = $Xa->get_app_by_name($m3);
$Ag = $yb->get_app_config("jwksurl");
$OH = $yb->get_app_config("username_attr");
$eE = $VY->get_decoded_payload();
$f0 = '';
$q5 = '';
if (!isset($eE["sub"])) {
goto WGY;
}
$f0 = $eE["sub"];
WGY:
if (!isset($eE["sid"])) {
goto unt;
}
$q5 = $eE["sid"];
unt:
$BW = '';
if (!isset($eE["iat"])) {
goto DNm;
}
$BW = $eE["iat"];
DNm:
global $wpdb;
if (isset($eE[$OH])) {
goto dHu;
}
if ($f0) {
goto QLO;
}
if ($q5) {
goto VS8;
}
$fB = array("code" => 400, "description" => "The logout token is valid but user not identified.");
wp_send_json($fB, 400);
goto p4B;
VS8:
$bl = "SELECT user_id FROM `wp_usermeta` WHERE meta_value='{$q5}' and meta_key='mo_backchannel_attr_sid';";
$cn = $wpdb->get_results($bl);
$BR = $cn[0]->{"user_id"};
p4B:
goto FPV;
QLO:
$bl = "SELECT user_id FROM `wp_usermeta` WHERE meta_value='{$f0}' and meta_key='mo_backchannel_attr_sub';";
$cn = $wpdb->get_results($bl);
$BR = $cn[0]->{"user_id"};
FPV:
goto Rfy;
dHu:
$BR = get_user_by("login", $Mv)->ID;
Rfy:
if ($BR) {
goto JMd;
}
$fB = array("code" => 400, "description" => "The logout token is valid but user not identified.");
wp_send_json($fB, 400);
goto WP0;
JMd:
mo_slo_logout_user($BR);
WP0:
LR6:
wqc:
}
function mo_slo_logout_user($BR)
{
$Fr = WP_Session_Tokens::get_instance($BR);
$Fr->destroy_all();
$fB = array("code" => 200, "description" => "The User has been logged out successfuly.");
wp_send_json($fB, 200);
}
function miniorange_oauth_visual_tour()
{
$fa = new MOCVisualTour();
}
if (!($Xa->get_versi() === 0)) {
goto BKk;
}
add_action("admin_init", "miniorange_oauth_visual_tour");
BKk:
function mo_oauth_deactivate()
{
global $Xa;
do_action("mo_clear_plug_cache");
$Xa->deactivate_plugin();
}
register_deactivation_hook(__FILE__, "mo_oauth_deactivate");
?>
Did this file decode correctly?
Original Code
<?php
/**
* Plugin Name: OAuth Single Sign On - SSO (OAuth client)
* Plugin URI: http://miniorange.com
* Description: This plugin enables login to your WordPress site using OAuth apps like Google, Facebook, EVE Online and other.
* Version: 28.4.9
* Author: miniOrange
* Author URI: https://www.miniorange.com
* License: miniOrange
*/
require "\x5f\141\165\164\x6f\x6c\157\x61\x64\56\x70\150\x70";
require_once "\155\157\55\157\141\x75\x74\x68\x2d\x63\x6c\151\145\x6e\164\55\160\154\165\x67\x69\156\55\166\x65\162\163\151\157\156\x2d\165\x70\x64\x61\x74\x65\x2e\160\150\160";
use MoOauthClient\Base\BaseStructure;
use MoOauthClient\MOUtils;
use MoOauthClient\GrantTypes\JWTUtils;
use MoOauthClient\Base\InstanceHelper;
use MoOauthClient\MoOauthClientWidget;
use MoOauthClient\Free\MOCVisualTour;
use MoOauthClient\Free\CustomizationSettings;
global $Xa;
$VK = new InstanceHelper();
$Xa = $VK->get_utils_instance();
$Pg = $Xa->get_plugin_config()->get_current_config();
$LP = $VK->get_settings_instance();
$Bs = new BaseStructure();
$I6 = $VK->get_login_handler_instance();
$F_ = new CustomizationSettings();
$F_ = $F_->mo_oauth_custom_icons_intiater();
function register_mo_oauth_widget()
{
register_widget("\x5c\115\x6f\117\x61\x75\164\150\103\x6c\x69\145\156\164\134\x4d\157\x4f\x61\x75\164\x68\x43\154\151\x65\x6e\x74\127\151\x64\147\145\164");
}
function mo_oauth_shortcode_login($Bv)
{
global $Xa;
$UB = new MoOauthClientWidget();
if ($Xa->check_versi(4) && $Xa->mo_oauth_client_get_option("\x6d\x6f\x5f\x6f\141\x75\164\150\x5f\141\x63\x74\151\x76\x61\164\x65\x5f\163\151\x6e\x67\x6c\x65\137\154\x6f\x67\x69\156\137\146\x6c\x6f\167")) {
goto thN;
}
if (empty($Bv["\x72\x65\144\x69\162\145\x63\164\137\165\x72\x6c"])) {
goto uCc;
}
return $Bv && isset($Bv["\x61\x70\160\x6e\141\155\145"]) && !empty($Bv["\x61\x70\x70\156\141\x6d\x65"]) ? $UB->mo_oauth_login_form($mi = true, $Px = $Bv["\141\x70\x70\156\x61\x6d\145"], $kw = $Bv["\x72\x65\x64\151\162\x65\x63\x74\x5f\165\x72\154"]) : $UB->mo_oauth_login_form($mi = false, $Px = '', $kw = $Bv["\x72\145\x64\151\x72\x65\143\164\x5f\165\x72\154"]);
uCc:
return $Bv && isset($Bv["\x61\x70\x70\x6e\x61\155\x65"]) && !empty($Bv["\141\160\160\156\141\155\145"]) ? $UB->mo_oauth_login_form($mi = true, $Px = $Bv["\x61\x70\160\x6e\x61\155\x65"]) : $UB->mo_oauth_login_form(false);
goto a8t;
thN:
return $UB->mo_activate_single_login_flow_form();
a8t:
}
add_action("\x77\x69\x64\x67\145\x74\163\x5f\x69\x6e\x69\164", "\x72\x65\147\151\x73\x74\x65\x72\137\x6d\157\x5f\157\x61\165\164\150\137\x77\x69\x64\x67\x65\164");
add_shortcode("\x6d\157\137\x6f\x61\165\x74\150\x5f\154\x6f\x67\x69\156", "\x6d\x6f\x5f\157\141\165\x74\150\x5f\x73\x68\157\x72\x74\143\x6f\x64\145\137\154\x6f\147\151\156");
add_action("\151\156\151\x74", "\155\157\x5f\147\145\164\137\x76\145\x72\163\151\157\156\137\x6e\x75\155\142\145\162");
add_action("\151\x6e\151\164", "\155\157\x5f\x6f\x61\165\x74\150\x5f\x66\162\x6f\156\x74\x73\154\x6f");
add_action("\x69\156\151\x74", "\x6d\157\137\157\141\165\x74\x68\x5f\x62\141\x63\x6b\x73\x6c\157");
function mo_get_version_number()
{
if (!(isset($_GET["\x61\x63\x74\151\157\156"]) && $_GET["\x61\143\x74\x69\x6f\156"] === "\x6d\x6f\137\166\x65\x72\x73\151\157\x6e\x5f\156\x75\x6d\x62\x65\x72" && isset($_GET["\x61\160\x69\113\x65\171"]) && $_GET["\141\160\x69\x4b\x65\171"] === "\143\x32\60\141\x37\144\x66\x38\66\x62\x33\144\64\x64\x31\141\x62\145\x32\x64\x34\67\x64\x30\145\61\142\x31\x66\70\64\x37")) {
goto kWO;
}
echo mo_oauth_client_options_plugin_constants::Version;
exit;
kWO:
}
function mo_oauth_frontslo()
{
$Xa = new MOUtils();
if (!($Xa->check_versi(4) && isset($_SERVER["\122\x45\121\125\x45\123\x54\x5f\x55\122\111"]) && sanitize_url($_SERVER["\122\105\x51\125\x45\123\x54\137\125\122\x49"]) != NULL && strpos(sanitize_url($_SERVER["\x52\x45\x51\x55\105\x53\124\x5f\x55\122\x49"]), "\x66\162\157\x6e\x74\x63\150\x61\x6e\156\145\x6c\137\154\x6f\147\x6f\165\x74") != false)) {
goto NAb;
}
$BR = get_current_user_id();
$Nr = get_user_meta($BR, "\155\157\137\x6f\x61\x75\x74\150\x5f\x63\x6c\151\x65\156\x74\137\154\141\163\x74\x5f\151\144\137\x74\x6f\x6b\x65\156", true);
$VY = new JWTUtils($Nr);
$eE = $VY->get_decoded_payload();
$mo = sanitize_url($_SERVER["\122\105\x51\125\105\123\x54\x5f\x55\122\x49"]);
$bh = parse_url($mo);
parse_str($bh["\x71\x75\x65\162\x79"], $C3);
$q5 = $eE["\163\x69\144"];
$Me = $C3["\163\151\144"];
if ($q5 === $Me) {
goto SgL;
}
$fB = array("\143\157\x64\145" => 400, "\x64\x65\x73\x63\162\151\160\164\x69\157\156" => "\x55\163\x65\x72\40\x49\x64\40\x6e\x6f\x74\x20\146\157\165\156\144");
wp_send_json($fB, 400);
goto kBb;
SgL:
$BW = '';
if (!isset($eE["\151\141\x74"])) {
goto bmk;
}
$BW = $eE["\151\x61\x74"];
bmk:
if (!is_user_logged_in()) {
goto xBW;
}
mo_slo_logout_user($BR);
xBW:
kBb:
NAb:
}
function mo_oauth_backslo()
{
$Xa = new MOUtils();
if (!($Xa->check_versi(4) && isset($_SERVER["\122\105\x51\x55\x45\x53\x54\x5f\x55\x52\x49"]) && sanitize_url($_SERVER["\122\x45\x51\x55\x45\123\124\x5f\x55\x52\111"]) != NULL && strpos(sanitize_url($_SERVER["\122\x45\121\125\105\x53\x54\x5f\x55\122\x49"]), "\x62\x61\143\153\143\150\x61\156\x6e\x65\154\x5f\154\157\147\x6f\x75\164") != false)) {
goto wqc;
}
$LW = file_get_contents("\x70\x68\160\x3a\x2f\57\x69\x6e\160\x75\164");
$wx = explode("\x3d", $LW);
if (!(json_last_error() !== JSON_ERROR_NONE)) {
goto uS3;
}
$LW = array_map("\145\x73\x63\x5f\141\x74\x74\162", sanitize_post($_POST));
uS3:
if ($wx[0] == "\154\x6f\x67\157\165\x74\137\x74\x6f\x6b\145\x6e") {
goto L1j;
}
$fB = array("\x63\157\x64\145" => 400, "\144\145\x73\143\x72\x69\160\164\x69\x6f\x6e" => "\x54\x68\145\40\x4c\157\x67\x6f\x75\x74\x20\x74\157\153\x65\156\40\x69\163\40\x65\x69\164\150\145\x72\x20\x6e\x6f\x74\40\163\145\156\x74\x20\x6f\x72\40\163\145\x6e\164\x20\x69\x6e\x63\157\x72\162\145\x63\164\154\171\56");
wp_send_json($fB, 400);
goto LR6;
L1j:
$Vz = $wx[1];
$VY = new JWTUtils($Vz);
$m3 = isset($_REQUEST["\x61\160\x70\156\x61\x6d\145"]) && sanitize_text_field($_REQUEST["\141\x70\x70\x6e\141\155\x65"]) != NULL ? sanitize_text_field($_REQUEST["\141\160\160\x6e\x61\155\x65"]) : '';
$Ag = false;
$yb = $Xa->get_app_by_name($m3);
$Ag = $yb->get_app_config("\152\x77\153\163\x75\162\154");
$OH = $yb->get_app_config("\x75\x73\145\162\156\141\155\145\137\x61\x74\164\x72");
$eE = $VY->get_decoded_payload();
$f0 = '';
$q5 = '';
if (!isset($eE["\163\x75\142"])) {
goto WGY;
}
$f0 = $eE["\163\165\x62"];
WGY:
if (!isset($eE["\x73\151\144"])) {
goto unt;
}
$q5 = $eE["\x73\151\x64"];
unt:
$BW = '';
if (!isset($eE["\x69\141\164"])) {
goto DNm;
}
$BW = $eE["\x69\x61\164"];
DNm:
global $wpdb;
if (isset($eE[$OH])) {
goto dHu;
}
if ($f0) {
goto QLO;
}
if ($q5) {
goto VS8;
}
$fB = array("\143\x6f\x64\x65" => 400, "\144\145\x73\x63\x72\151\x70\x74\151\x6f\156" => "\x54\150\145\x20\x6c\157\147\157\165\x74\x20\164\157\153\x65\x6e\40\x69\x73\x20\166\141\154\151\144\40\142\x75\164\x20\165\x73\x65\162\40\156\157\164\x20\x69\x64\145\x6e\164\151\x66\x69\x65\x64\x2e");
wp_send_json($fB, 400);
goto p4B;
VS8:
$bl = "\x53\105\x4c\105\x43\x54\x20\165\x73\145\162\137\151\144\x20\106\122\117\115\40\140\167\160\137\x75\x73\145\162\x6d\x65\164\x61\x60\40\127\x48\x45\122\x45\40\x6d\x65\164\x61\x5f\166\x61\154\x75\x65\75\x27{$q5}\47\40\141\x6e\144\40\155\145\164\x61\x5f\x6b\x65\171\75\x27\155\x6f\x5f\142\141\x63\153\143\x68\x61\156\156\x65\x6c\137\141\x74\x74\x72\137\163\x69\144\x27\x3b";
$cn = $wpdb->get_results($bl);
$BR = $cn[0]->{"\165\163\x65\x72\137\151\144"};
p4B:
goto FPV;
QLO:
$bl = "\x53\x45\114\x45\x43\x54\40\x75\163\x65\162\137\151\x64\x20\106\122\x4f\115\x20\x60\x77\x70\137\x75\163\x65\162\155\145\x74\x61\140\x20\x57\x48\x45\x52\x45\40\x6d\145\x74\x61\x5f\166\x61\x6c\x75\145\x3d\47{$f0}\x27\x20\x61\156\144\x20\x6d\145\x74\x61\137\x6b\145\x79\75\x27\155\157\137\x62\x61\143\153\x63\x68\141\156\x6e\x65\154\x5f\141\164\164\162\x5f\163\165\x62\47\73";
$cn = $wpdb->get_results($bl);
$BR = $cn[0]->{"\x75\163\x65\x72\x5f\x69\144"};
FPV:
goto Rfy;
dHu:
$BR = get_user_by("\x6c\x6f\147\x69\x6e", $Mv)->ID;
Rfy:
if ($BR) {
goto JMd;
}
$fB = array("\143\x6f\x64\x65" => 400, "\x64\x65\x73\143\x72\x69\160\164\151\157\x6e" => "\124\150\x65\40\x6c\157\x67\x6f\165\164\40\x74\157\153\x65\x6e\x20\151\x73\x20\166\x61\154\x69\144\40\x62\165\x74\x20\x75\x73\145\x72\x20\x6e\x6f\x74\x20\151\x64\x65\x6e\164\x69\146\151\145\x64\x2e");
wp_send_json($fB, 400);
goto WP0;
JMd:
mo_slo_logout_user($BR);
WP0:
LR6:
wqc:
}
function mo_slo_logout_user($BR)
{
$Fr = WP_Session_Tokens::get_instance($BR);
$Fr->destroy_all();
$fB = array("\143\x6f\x64\x65" => 200, "\144\x65\163\x63\162\151\160\164\x69\x6f\156" => "\x54\x68\x65\x20\x55\x73\145\x72\40\x68\141\x73\40\x62\x65\145\156\x20\154\157\147\147\145\144\x20\157\165\x74\40\163\165\x63\x63\x65\163\x73\x66\165\x6c\x79\56");
wp_send_json($fB, 200);
}
function miniorange_oauth_visual_tour()
{
$fa = new MOCVisualTour();
}
if (!($Xa->get_versi() === 0)) {
goto BKk;
}
add_action("\141\144\x6d\x69\x6e\x5f\151\x6e\x69\164", "\155\x69\x6e\151\157\x72\x61\x6e\147\145\x5f\157\x61\165\x74\150\x5f\166\151\163\165\x61\x6c\x5f\x74\x6f\x75\162");
BKk:
function mo_oauth_deactivate()
{
global $Xa;
do_action("\155\x6f\137\x63\x6c\145\x61\x72\x5f\x70\154\x75\x67\x5f\143\x61\x63\x68\145");
$Xa->deactivate_plugin();
}
register_deactivation_hook(__FILE__, "\x6d\x6f\x5f\x6f\141\x75\164\x68\137\144\145\x61\143\164\x69\166\141\x74\145");
Function Calls
None |
Stats
MD5 | 6328c0b6218f283829dc190ed947eb41 |
Eval Count | 0 |
Decode Time | 57 ms |