Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php /** * Plugin Name: OAuth Single Sign On - SSO (OAuth client) * Plugin URI: http..

Decoded Output download

<?php 
/** 
 * Plugin Name: OAuth Single Sign On - SSO (OAuth client) 
 * Plugin URI: http://miniorange.com 
 * Description: This plugin enables login to your WordPress site using OAuth apps like Google, Facebook, EVE Online and other. 
 * Version: 28.4.9 
 * Author: miniOrange 
 * Author URI: https://www.miniorange.com 
 * License: miniOrange 
 */ 
 
 
require "_autoload.php"; 
require_once "mo-oauth-client-plugin-version-update.php"; 
use MoOauthClient\Base\BaseStructure; 
use MoOauthClient\MOUtils; 
use MoOauthClient\GrantTypes\JWTUtils; 
use MoOauthClient\Base\InstanceHelper; 
use MoOauthClient\MoOauthClientWidget; 
use MoOauthClient\Free\MOCVisualTour; 
use MoOauthClient\Free\CustomizationSettings; 
global $Xa; 
$VK = new InstanceHelper(); 
$Xa = $VK->get_utils_instance(); 
$Pg = $Xa->get_plugin_config()->get_current_config(); 
$LP = $VK->get_settings_instance(); 
$Bs = new BaseStructure(); 
$I6 = $VK->get_login_handler_instance(); 
$F_ = new CustomizationSettings(); 
$F_ = $F_->mo_oauth_custom_icons_intiater(); 
function register_mo_oauth_widget() 
{ 
    register_widget("\MoOauthClient\MoOauthClientWidget"); 
} 
function mo_oauth_shortcode_login($Bv) 
{ 
    global $Xa; 
    $UB = new MoOauthClientWidget(); 
    if ($Xa->check_versi(4) && $Xa->mo_oauth_client_get_option("mo_oauth_activate_single_login_flow")) { 
        goto thN; 
    } 
    if (empty($Bv["redirect_url"])) { 
        goto uCc; 
    } 
    return $Bv && isset($Bv["appname"]) && !empty($Bv["appname"]) ? $UB->mo_oauth_login_form($mi = true, $Px = $Bv["appname"], $kw = $Bv["redirect_url"]) : $UB->mo_oauth_login_form($mi = false, $Px = '', $kw = $Bv["redirect_url"]); 
    uCc: 
    return $Bv && isset($Bv["appname"]) && !empty($Bv["appname"]) ? $UB->mo_oauth_login_form($mi = true, $Px = $Bv["appname"]) : $UB->mo_oauth_login_form(false); 
    goto a8t; 
    thN: 
    return $UB->mo_activate_single_login_flow_form(); 
    a8t: 
} 
add_action("widgets_init", "register_mo_oauth_widget"); 
add_shortcode("mo_oauth_login", "mo_oauth_shortcode_login"); 
add_action("init", "mo_get_version_number"); 
add_action("init", "mo_oauth_frontslo"); 
add_action("init", "mo_oauth_backslo"); 
function mo_get_version_number() 
{ 
    if (!(isset($_GET["action"]) && $_GET["action"] === "mo_version_number" && isset($_GET["apiKey"]) && $_GET["apiKey"] === "c20a7df86b3d4d1abe2d47d0e1b1f847")) { 
        goto kWO; 
    } 
    echo mo_oauth_client_options_plugin_constants::Version; 
    exit; 
    kWO: 
} 
function mo_oauth_frontslo() 
{ 
    $Xa = new MOUtils(); 
    if (!($Xa->check_versi(4) && isset($_SERVER["REQUEST_URI"]) && sanitize_url($_SERVER["REQUEST_URI"]) != NULL && strpos(sanitize_url($_SERVER["REQUEST_URI"]), "frontchannel_logout") != false)) { 
        goto NAb; 
    } 
    $BR = get_current_user_id(); 
    $Nr = get_user_meta($BR, "mo_oauth_client_last_id_token", true); 
    $VY = new JWTUtils($Nr); 
    $eE = $VY->get_decoded_payload(); 
    $mo = sanitize_url($_SERVER["REQUEST_URI"]); 
    $bh = parse_url($mo); 
    parse_str($bh["query"], $C3); 
    $q5 = $eE["sid"]; 
    $Me = $C3["sid"]; 
    if ($q5 === $Me) { 
        goto SgL; 
    } 
    $fB = array("code" => 400, "description" => "User Id not found"); 
    wp_send_json($fB, 400); 
    goto kBb; 
    SgL: 
    $BW = ''; 
    if (!isset($eE["iat"])) { 
        goto bmk; 
    } 
    $BW = $eE["iat"]; 
    bmk: 
    if (!is_user_logged_in()) { 
        goto xBW; 
    } 
    mo_slo_logout_user($BR); 
    xBW: 
    kBb: 
    NAb: 
} 
function mo_oauth_backslo() 
{ 
    $Xa = new MOUtils(); 
    if (!($Xa->check_versi(4) && isset($_SERVER["REQUEST_URI"]) && sanitize_url($_SERVER["REQUEST_URI"]) != NULL && strpos(sanitize_url($_SERVER["REQUEST_URI"]), "backchannel_logout") != false)) { 
        goto wqc; 
    } 
    $LW = file_get_contents("php://input"); 
    $wx = explode("=", $LW); 
    if (!(json_last_error() !== JSON_ERROR_NONE)) { 
        goto uS3; 
    } 
    $LW = array_map("esc_attr", sanitize_post($_POST)); 
    uS3: 
    if ($wx[0] == "logout_token") { 
        goto L1j; 
    } 
    $fB = array("code" => 400, "description" => "The Logout token is either not sent or sent incorrectly."); 
    wp_send_json($fB, 400); 
    goto LR6; 
    L1j: 
    $Vz = $wx[1]; 
    $VY = new JWTUtils($Vz); 
    $m3 = isset($_REQUEST["appname"]) && sanitize_text_field($_REQUEST["appname"]) != NULL ? sanitize_text_field($_REQUEST["appname"]) : ''; 
    $Ag = false; 
    $yb = $Xa->get_app_by_name($m3); 
    $Ag = $yb->get_app_config("jwksurl"); 
    $OH = $yb->get_app_config("username_attr"); 
    $eE = $VY->get_decoded_payload(); 
    $f0 = ''; 
    $q5 = ''; 
    if (!isset($eE["sub"])) { 
        goto WGY; 
    } 
    $f0 = $eE["sub"]; 
    WGY: 
    if (!isset($eE["sid"])) { 
        goto unt; 
    } 
    $q5 = $eE["sid"]; 
    unt: 
    $BW = ''; 
    if (!isset($eE["iat"])) { 
        goto DNm; 
    } 
    $BW = $eE["iat"]; 
    DNm: 
    global $wpdb; 
    if (isset($eE[$OH])) { 
        goto dHu; 
    } 
    if ($f0) { 
        goto QLO; 
    } 
    if ($q5) { 
        goto VS8; 
    } 
    $fB = array("code" => 400, "description" => "The logout token is valid but user not identified."); 
    wp_send_json($fB, 400); 
    goto p4B; 
    VS8: 
    $bl = "SELECT user_id FROM `wp_usermeta` WHERE meta_value='{$q5}' and meta_key='mo_backchannel_attr_sid';"; 
    $cn = $wpdb->get_results($bl); 
    $BR = $cn[0]->{"user_id"}; 
    p4B: 
    goto FPV; 
    QLO: 
    $bl = "SELECT user_id FROM `wp_usermeta` WHERE meta_value='{$f0}' and meta_key='mo_backchannel_attr_sub';"; 
    $cn = $wpdb->get_results($bl); 
    $BR = $cn[0]->{"user_id"}; 
    FPV: 
    goto Rfy; 
    dHu: 
    $BR = get_user_by("login", $Mv)->ID; 
    Rfy: 
    if ($BR) { 
        goto JMd; 
    } 
    $fB = array("code" => 400, "description" => "The logout token is valid but user not identified."); 
    wp_send_json($fB, 400); 
    goto WP0; 
    JMd: 
    mo_slo_logout_user($BR); 
    WP0: 
    LR6: 
    wqc: 
} 
function mo_slo_logout_user($BR) 
{ 
    $Fr = WP_Session_Tokens::get_instance($BR); 
    $Fr->destroy_all(); 
    $fB = array("code" => 200, "description" => "The User has been logged out successfuly."); 
    wp_send_json($fB, 200); 
} 
function miniorange_oauth_visual_tour() 
{ 
    $fa = new MOCVisualTour(); 
} 
if (!($Xa->get_versi() === 0)) { 
    goto BKk; 
} 
add_action("admin_init", "miniorange_oauth_visual_tour"); 
BKk: 
function mo_oauth_deactivate() 
{ 
    global $Xa; 
    do_action("mo_clear_plug_cache"); 
    $Xa->deactivate_plugin(); 
} 
register_deactivation_hook(__FILE__, "mo_oauth_deactivate"); 
 ?>

Did this file decode correctly?

Original Code

<?php
/**
 * Plugin Name: OAuth Single Sign On - SSO (OAuth client)
 * Plugin URI: http://miniorange.com
 * Description: This plugin enables login to your WordPress site using OAuth apps like Google, Facebook, EVE Online and other.
 * Version: 28.4.9
 * Author: miniOrange
 * Author URI: https://www.miniorange.com
 * License: miniOrange
 */


require "\x5f\141\165\164\x6f\x6c\157\x61\x64\56\x70\150\x70";
require_once "\155\157\55\157\141\x75\x74\x68\x2d\x63\x6c\151\145\x6e\164\55\160\154\165\x67\x69\156\55\166\x65\162\163\151\157\156\x2d\165\x70\x64\x61\x74\x65\x2e\160\150\160";
use MoOauthClient\Base\BaseStructure;
use MoOauthClient\MOUtils;
use MoOauthClient\GrantTypes\JWTUtils;
use MoOauthClient\Base\InstanceHelper;
use MoOauthClient\MoOauthClientWidget;
use MoOauthClient\Free\MOCVisualTour;
use MoOauthClient\Free\CustomizationSettings;
global $Xa;
$VK = new InstanceHelper();
$Xa = $VK->get_utils_instance();
$Pg = $Xa->get_plugin_config()->get_current_config();
$LP = $VK->get_settings_instance();
$Bs = new BaseStructure();
$I6 = $VK->get_login_handler_instance();
$F_ = new CustomizationSettings();
$F_ = $F_->mo_oauth_custom_icons_intiater();
function register_mo_oauth_widget()
{
    register_widget("\x5c\115\x6f\117\x61\x75\164\150\103\x6c\x69\145\156\164\134\x4d\157\x4f\x61\x75\164\x68\x43\154\151\x65\x6e\x74\127\151\x64\147\145\164");
}
function mo_oauth_shortcode_login($Bv)
{
    global $Xa;
    $UB = new MoOauthClientWidget();
    if ($Xa->check_versi(4) && $Xa->mo_oauth_client_get_option("\x6d\x6f\x5f\x6f\141\x75\164\150\x5f\141\x63\x74\151\x76\x61\164\x65\x5f\163\151\x6e\x67\x6c\x65\137\154\x6f\x67\x69\156\137\146\x6c\x6f\167")) {
        goto thN;
    }
    if (empty($Bv["\x72\x65\144\x69\162\145\x63\164\137\165\x72\x6c"])) {
        goto uCc;
    }
    return $Bv && isset($Bv["\x61\x70\160\x6e\141\155\145"]) && !empty($Bv["\x61\x70\x70\156\141\x6d\x65"]) ? $UB->mo_oauth_login_form($mi = true, $Px = $Bv["\141\x70\x70\156\x61\x6d\145"], $kw = $Bv["\x72\x65\x64\151\162\x65\x63\x74\x5f\165\x72\154"]) : $UB->mo_oauth_login_form($mi = false, $Px = '', $kw = $Bv["\x72\145\x64\151\x72\x65\143\164\x5f\165\x72\154"]);
    uCc:
    return $Bv && isset($Bv["\x61\x70\x70\x6e\x61\155\x65"]) && !empty($Bv["\141\160\160\156\141\155\145"]) ? $UB->mo_oauth_login_form($mi = true, $Px = $Bv["\x61\x70\160\x6e\x61\155\x65"]) : $UB->mo_oauth_login_form(false);
    goto a8t;
    thN:
    return $UB->mo_activate_single_login_flow_form();
    a8t:
}
add_action("\x77\x69\x64\x67\145\x74\163\x5f\x69\x6e\x69\164", "\x72\x65\147\151\x73\x74\x65\x72\137\x6d\157\x5f\157\x61\165\164\150\137\x77\x69\x64\x67\x65\164");
add_shortcode("\x6d\157\137\x6f\x61\165\x74\150\x5f\154\x6f\x67\x69\156", "\x6d\x6f\x5f\157\141\165\x74\150\x5f\x73\x68\157\x72\x74\143\x6f\x64\145\137\154\x6f\147\151\156");
add_action("\151\156\151\x74", "\155\157\x5f\147\145\164\137\x76\145\x72\163\151\157\156\137\x6e\x75\155\142\145\162");
add_action("\151\x6e\151\164", "\155\157\x5f\x6f\x61\165\x74\150\x5f\x66\162\x6f\156\x74\x73\154\x6f");
add_action("\x69\156\151\x74", "\x6d\157\137\157\141\165\x74\x68\x5f\x62\141\x63\x6b\x73\x6c\157");
function mo_get_version_number()
{
    if (!(isset($_GET["\x61\x63\x74\151\157\156"]) && $_GET["\x61\143\x74\x69\x6f\156"] === "\x6d\x6f\137\166\x65\x72\x73\151\157\x6e\x5f\156\x75\x6d\x62\x65\x72" && isset($_GET["\x61\160\x69\113\x65\171"]) && $_GET["\141\160\x69\x4b\x65\171"] === "\143\x32\60\141\x37\144\x66\x38\66\x62\x33\144\64\x64\x31\141\x62\145\x32\x64\x34\67\x64\x30\145\61\142\x31\x66\70\64\x37")) {
        goto kWO;
    }
    echo mo_oauth_client_options_plugin_constants::Version;
    exit;
    kWO:
}
function mo_oauth_frontslo()
{
    $Xa = new MOUtils();
    if (!($Xa->check_versi(4) && isset($_SERVER["\122\x45\121\125\x45\123\x54\x5f\x55\122\111"]) && sanitize_url($_SERVER["\122\105\x51\125\x45\123\x54\137\125\122\x49"]) != NULL && strpos(sanitize_url($_SERVER["\x52\x45\x51\x55\105\x53\124\x5f\x55\122\x49"]), "\x66\162\157\x6e\x74\x63\150\x61\x6e\156\145\x6c\137\154\x6f\147\x6f\165\x74") != false)) {
        goto NAb;
    }
    $BR = get_current_user_id();
    $Nr = get_user_meta($BR, "\155\157\137\x6f\x61\x75\x74\150\x5f\x63\x6c\151\x65\156\x74\137\154\141\163\x74\x5f\151\144\137\x74\x6f\x6b\x65\156", true);
    $VY = new JWTUtils($Nr);
    $eE = $VY->get_decoded_payload();
    $mo = sanitize_url($_SERVER["\122\105\x51\125\105\123\x54\x5f\x55\122\x49"]);
    $bh = parse_url($mo);
    parse_str($bh["\x71\x75\x65\162\x79"], $C3);
    $q5 = $eE["\163\x69\144"];
    $Me = $C3["\163\151\144"];
    if ($q5 === $Me) {
        goto SgL;
    }
    $fB = array("\143\157\x64\145" => 400, "\x64\x65\x73\x63\162\151\160\164\x69\157\156" => "\x55\163\x65\x72\40\x49\x64\40\x6e\x6f\x74\x20\146\157\165\156\144");
    wp_send_json($fB, 400);
    goto kBb;
    SgL:
    $BW = '';
    if (!isset($eE["\151\141\x74"])) {
        goto bmk;
    }
    $BW = $eE["\151\x61\x74"];
    bmk:
    if (!is_user_logged_in()) {
        goto xBW;
    }
    mo_slo_logout_user($BR);
    xBW:
    kBb:
    NAb:
}
function mo_oauth_backslo()
{
    $Xa = new MOUtils();
    if (!($Xa->check_versi(4) && isset($_SERVER["\122\105\x51\x55\x45\x53\x54\x5f\x55\x52\x49"]) && sanitize_url($_SERVER["\122\x45\x51\x55\x45\123\124\x5f\x55\x52\111"]) != NULL && strpos(sanitize_url($_SERVER["\122\x45\121\125\105\x53\x54\x5f\x55\122\x49"]), "\x62\x61\143\153\143\150\x61\156\x6e\x65\154\x5f\154\157\147\x6f\x75\164") != false)) {
        goto wqc;
    }
    $LW = file_get_contents("\x70\x68\160\x3a\x2f\57\x69\x6e\160\x75\164");
    $wx = explode("\x3d", $LW);
    if (!(json_last_error() !== JSON_ERROR_NONE)) {
        goto uS3;
    }
    $LW = array_map("\145\x73\x63\x5f\141\x74\x74\162", sanitize_post($_POST));
    uS3:
    if ($wx[0] == "\154\x6f\x67\157\165\x74\137\x74\x6f\x6b\145\x6e") {
        goto L1j;
    }
    $fB = array("\x63\157\x64\145" => 400, "\144\145\x73\143\x72\x69\160\164\x69\x6f\x6e" => "\x54\x68\145\40\x4c\157\x67\x6f\x75\x74\x20\x74\157\153\x65\156\40\x69\163\40\x65\x69\164\150\145\x72\x20\x6e\x6f\x74\40\163\145\156\x74\x20\x6f\x72\40\163\145\x6e\164\x20\x69\x6e\x63\157\x72\162\145\x63\164\154\171\56");
    wp_send_json($fB, 400);
    goto LR6;
    L1j:
    $Vz = $wx[1];
    $VY = new JWTUtils($Vz);
    $m3 = isset($_REQUEST["\x61\160\x70\156\x61\x6d\145"]) && sanitize_text_field($_REQUEST["\141\x70\x70\x6e\141\155\x65"]) != NULL ? sanitize_text_field($_REQUEST["\141\160\160\x6e\x61\155\x65"]) : '';
    $Ag = false;
    $yb = $Xa->get_app_by_name($m3);
    $Ag = $yb->get_app_config("\152\x77\153\163\x75\162\154");
    $OH = $yb->get_app_config("\x75\x73\145\162\156\141\155\145\137\x61\x74\164\x72");
    $eE = $VY->get_decoded_payload();
    $f0 = '';
    $q5 = '';
    if (!isset($eE["\163\x75\142"])) {
        goto WGY;
    }
    $f0 = $eE["\163\165\x62"];
    WGY:
    if (!isset($eE["\x73\151\144"])) {
        goto unt;
    }
    $q5 = $eE["\x73\151\x64"];
    unt:
    $BW = '';
    if (!isset($eE["\x69\141\164"])) {
        goto DNm;
    }
    $BW = $eE["\x69\x61\164"];
    DNm:
    global $wpdb;
    if (isset($eE[$OH])) {
        goto dHu;
    }
    if ($f0) {
        goto QLO;
    }
    if ($q5) {
        goto VS8;
    }
    $fB = array("\143\x6f\x64\x65" => 400, "\144\145\x73\x63\x72\151\x70\x74\151\x6f\156" => "\x54\150\145\x20\x6c\157\147\157\165\x74\x20\164\157\153\x65\x6e\40\x69\x73\x20\166\141\154\151\144\40\142\x75\164\x20\165\x73\x65\162\40\156\157\164\x20\x69\x64\145\x6e\164\151\x66\x69\x65\x64\x2e");
    wp_send_json($fB, 400);
    goto p4B;
    VS8:
    $bl = "\x53\105\x4c\105\x43\x54\x20\165\x73\145\162\137\151\144\x20\106\122\117\115\40\140\167\160\137\x75\x73\145\162\x6d\x65\164\x61\x60\40\127\x48\x45\122\x45\40\x6d\x65\164\x61\x5f\166\x61\154\x75\x65\75\x27{$q5}\47\40\141\x6e\144\40\155\145\164\x61\x5f\x6b\x65\171\75\x27\155\x6f\x5f\142\141\x63\153\143\x68\x61\156\156\x65\x6c\137\141\x74\x74\x72\137\163\x69\144\x27\x3b";
    $cn = $wpdb->get_results($bl);
    $BR = $cn[0]->{"\165\163\x65\x72\137\151\144"};
    p4B:
    goto FPV;
    QLO:
    $bl = "\x53\x45\114\x45\x43\x54\40\x75\163\x65\162\137\151\x64\x20\106\122\x4f\115\x20\x60\x77\x70\137\x75\163\x65\162\155\145\x74\x61\140\x20\x57\x48\x45\x52\x45\40\x6d\145\x74\x61\x5f\166\x61\x6c\x75\145\x3d\47{$f0}\x27\x20\x61\156\144\x20\x6d\145\x74\x61\137\x6b\145\x79\75\x27\155\157\137\x62\x61\143\153\x63\x68\141\156\x6e\x65\154\x5f\141\164\164\162\x5f\163\165\x62\47\73";
    $cn = $wpdb->get_results($bl);
    $BR = $cn[0]->{"\x75\163\x65\x72\x5f\x69\144"};
    FPV:
    goto Rfy;
    dHu:
    $BR = get_user_by("\x6c\x6f\147\x69\x6e", $Mv)->ID;
    Rfy:
    if ($BR) {
        goto JMd;
    }
    $fB = array("\143\x6f\x64\x65" => 400, "\x64\x65\x73\143\x72\x69\160\164\151\157\x6e" => "\124\150\x65\40\x6c\157\x67\x6f\165\164\40\x74\157\153\x65\x6e\x20\151\x73\x20\166\x61\154\x69\144\40\x62\165\x74\x20\x75\x73\145\x72\x20\x6e\x6f\x74\x20\151\x64\x65\x6e\164\x69\146\151\145\x64\x2e");
    wp_send_json($fB, 400);
    goto WP0;
    JMd:
    mo_slo_logout_user($BR);
    WP0:
    LR6:
    wqc:
}
function mo_slo_logout_user($BR)
{
    $Fr = WP_Session_Tokens::get_instance($BR);
    $Fr->destroy_all();
    $fB = array("\143\x6f\x64\x65" => 200, "\144\x65\163\x63\162\151\160\164\x69\x6f\156" => "\x54\x68\x65\x20\x55\x73\145\x72\40\x68\141\x73\40\x62\x65\145\156\x20\154\157\147\147\145\144\x20\157\165\x74\40\163\165\x63\x63\x65\163\x73\x66\165\x6c\x79\56");
    wp_send_json($fB, 200);
}
function miniorange_oauth_visual_tour()
{
    $fa = new MOCVisualTour();
}
if (!($Xa->get_versi() === 0)) {
    goto BKk;
}
add_action("\141\144\x6d\x69\x6e\x5f\151\x6e\x69\164", "\155\x69\x6e\151\157\x72\x61\x6e\147\145\x5f\157\x61\165\x74\150\x5f\166\151\163\165\x61\x6c\x5f\x74\x6f\x75\162");
BKk:
function mo_oauth_deactivate()
{
    global $Xa;
    do_action("\155\x6f\137\x63\x6c\145\x61\x72\x5f\x70\154\x75\x67\x5f\143\x61\x63\x68\145");
    $Xa->deactivate_plugin();
}
register_deactivation_hook(__FILE__, "\x6d\x6f\x5f\x6f\141\x75\164\x68\137\144\145\x61\143\164\x69\166\141\x74\145");

Function Calls

None

Variables

None

Stats

MD5 6328c0b6218f283829dc190ed947eb41
Eval Count 0
Decode Time 57 ms