Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /** * Plugin Name: OAuth Single Sign On - SSO (OAuth client) * Plugin URI: http..
Decoded Output download
<?php
/**
* Plugin Name: OAuth Single Sign On - SSO (OAuth client)
* Plugin URI: http://miniorange.com
* Description: This plugin enables login to your WordPress site using OAuth apps like Google, Facebook, EVE Online and other.
* Version: 48.5.0
* Author: miniOrange
* Author URI: https://www.miniorange.com
* License: miniOrange
*/
require "_autoload.php";
require_once "mo-oauth-client-plugin-version-update.php";
define("MO_OAUTH_PREMIUM_CSS_JS_VERSION", mo_oauth_client_options_plugin_constants::Version);
use MoOauthClient\Base\BaseStructure;
use MoOauthClient\MOUtils;
use MoOauthClient\GrantTypes\JWTUtils;
use MoOauthClient\Base\InstanceHelper;
use MoOauthClient\MoOauthClientWidget;
use MoOauthClient\Free\MOCVisualTour;
use MoOauthClient\Free\CustomizationSettings;
global $Rg;
$tb = new InstanceHelper();
$Rg = $tb->get_utils_instance();
$gL = $Rg->get_plugin_config()->get_current_config();
$A2 = $tb->get_settings_instance();
$pA = new BaseStructure();
$tx = $tb->get_login_handler_instance();
$K6 = new CustomizationSettings();
$K6 = $K6->mo_oauth_custom_icons_intiater();
function register_mo_oauth_widget()
{
register_widget("\MoOauthClient\MoOauthClientWidget");
}
function mo_oauth_shortcode_login($S1)
{
global $Rg;
$ma = new MoOauthClientWidget();
if ($Rg->check_versi(4) && $Rg->mo_oauth_client_get_option("mo_oauth_activate_single_login_flow")) {
goto wC7;
}
if (!(!empty($S1["redirect_url"]) || !empty($S1["button_text"]))) {
goto bMa;
}
$bn = isset($S1["redirect_url"]) ? $S1["redirect_url"] : '';
$Gc = isset($S1["button_text"]) ? $S1["button_text"] : '';
return $S1 && isset($S1["appname"]) && !empty($S1["appname"]) ? $ma->mo_oauth_login_form($go = true, $tJ = $S1["appname"], $bn, $Gc) : $ma->mo_oauth_login_form($go = false, $tJ = '', $bn, $Gc);
bMa:
return $S1 && isset($S1["appname"]) && !empty($S1["appname"]) ? $ma->mo_oauth_login_form($go = true, $tJ = $S1["appname"]) : $ma->mo_oauth_login_form(false);
goto rj2;
wC7:
return $ma->mo_activate_single_login_flow_form();
rj2:
}
add_action("widgets_init", "register_mo_oauth_widget");
add_shortcode("mo_oauth_login", "mo_oauth_shortcode_login");
add_action("init", "mo_get_version_number");
add_action("init", "mo_oauth_frontslo");
add_action("init", "mo_oauth_backslo");
function mo_get_version_number()
{
if (!(isset($_GET["action"]) && $_GET["action"] === "mo_version_number" && isset($_GET["apiKey"]) && $_GET["apiKey"] === "c20a7df86b3d4d1abe2d47d0e1b1f847")) {
goto BFL;
}
echo mo_oauth_client_options_plugin_constants::Version;
exit;
BFL:
}
function mo_oauth_frontslo()
{
$Rg = new MOUtils();
if (!($Rg->check_versi(4) && isset($_SERVER["REQUEST_URI"]) && sanitize_url($_SERVER["REQUEST_URI"]) != NULL && strpos(sanitize_url($_SERVER["REQUEST_URI"]), "frontchannel_logout") != false)) {
goto HX2;
}
$YM = get_current_user_id();
$Rp = get_user_meta($YM, "mo_oauth_client_last_id_token", true);
$lb = new JWTUtils($Rp);
$x2 = $lb->get_decoded_payload();
$XO = sanitize_url($_SERVER["REQUEST_URI"]);
$Iv = parse_url($XO);
parse_str($Iv["query"], $u3);
$Ls = $x2["sid"];
$VZ = $u3["sid"];
if ($Ls === $VZ) {
goto dZ1;
}
$jm = array("code" => 400, "description" => "User Id not found");
wp_send_json($jm, 400);
goto VXb;
dZ1:
$N8 = '';
if (!isset($x2["iat"])) {
goto iYQ;
}
$N8 = $x2["iat"];
iYQ:
if (!is_user_logged_in()) {
goto Qn4;
}
mo_slo_logout_user($YM);
Qn4:
VXb:
HX2:
}
function mo_oauth_backslo()
{
$Rg = new MOUtils();
if (!($Rg->check_versi(4) && isset($_SERVER["REQUEST_URI"]) && sanitize_url($_SERVER["REQUEST_URI"]) != NULL && strpos(sanitize_url($_SERVER["REQUEST_URI"]), "backchannel_logout") != false)) {
goto iFZ;
}
$D_ = file_get_contents("php://input");
$HD = explode("=", $D_);
if (!(json_last_error() !== JSON_ERROR_NONE)) {
goto Msy;
}
$D_ = array_map("esc_attr", sanitize_post($_POST));
Msy:
if ($HD[0] == "logout_token") {
goto bbt;
}
$jm = array("code" => 400, "description" => "The Logout token is either not sent or sent incorrectly.");
wp_send_json($jm, 400);
goto Fqr;
bbt:
$aA = $HD[1];
$lb = new JWTUtils($aA);
$Xq = isset($_REQUEST["appname"]) && sanitize_text_field($_REQUEST["appname"]) != NULL ? sanitize_text_field($_REQUEST["appname"]) : '';
$nn = false;
$s2 = $Rg->get_app_by_name($Xq);
$nn = $s2->get_app_config("jwksurl");
$ut = $s2->get_app_config("username_attr");
$x2 = $lb->get_decoded_payload();
$Im = '';
$Ls = '';
if (!isset($x2["sub"])) {
goto ZcI;
}
$Im = $x2["sub"];
ZcI:
if (!isset($x2["sid"])) {
goto ZH2;
}
$Ls = $x2["sid"];
ZH2:
$N8 = '';
if (!isset($x2["iat"])) {
goto DY0;
}
$N8 = $x2["iat"];
DY0:
global $wpdb;
if (isset($x2[$ut])) {
goto ak3;
}
if ($Im) {
goto eMD;
}
if ($Ls) {
goto ANw;
}
$jm = array("code" => 400, "description" => "The logout token is valid but user not identified.");
wp_send_json($jm, 400);
goto SIE;
ANw:
$rJ = "SELECT user_id FROM `wp_usermeta` WHERE meta_value='{$Ls}' and meta_key='mo_backchannel_attr_sid';";
$P_ = $wpdb->get_results($rJ);
$YM = $P_[0]->{"user_id"};
SIE:
goto AuH;
eMD:
$rJ = "SELECT user_id FROM `wp_usermeta` WHERE meta_value='{$Im}' and meta_key='mo_backchannel_attr_sub';";
$P_ = $wpdb->get_results($rJ);
$YM = $P_[0]->{"user_id"};
AuH:
goto DwJ;
ak3:
$YM = get_user_by("login", $jF)->ID;
DwJ:
if ($YM) {
goto p24;
}
$jm = array("code" => 400, "description" => "The logout token is valid but user not identified.");
wp_send_json($jm, 400);
goto pXu;
p24:
mo_slo_logout_user($YM);
pXu:
Fqr:
iFZ:
}
function mo_slo_logout_user($YM)
{
$GU = WP_Session_Tokens::get_instance($YM);
$GU->destroy_all();
$jm = array("code" => 200, "description" => "The User has been logged out successfuly.");
wp_send_json($jm, 200);
}
function miniorange_oauth_visual_tour()
{
$Ad = new MOCVisualTour();
}
if (!($Rg->get_versi() === 0)) {
goto Orf;
}
add_action("admin_init", "miniorange_oauth_visual_tour");
Orf:
function mo_oauth_deactivate()
{
global $Rg;
do_action("mo_clear_plug_cache");
$Rg->deactivate_plugin();
}
register_deactivation_hook(__FILE__, "mo_oauth_deactivate");
?>Did this file decode correctly?
Original Code
<?php
/**
* Plugin Name: OAuth Single Sign On - SSO (OAuth client)
* Plugin URI: http://miniorange.com
* Description: This plugin enables login to your WordPress site using OAuth apps like Google, Facebook, EVE Online and other.
* Version: 48.5.0
* Author: miniOrange
* Author URI: https://www.miniorange.com
* License: miniOrange
*/
require "\137\x61\165\164\157\154\x6f\141\x64\x2e\x70\150\x70";
require_once "\x6d\157\55\x6f\141\x75\x74\150\55\143\154\151\145\156\x74\55\x70\154\x75\147\x69\156\x2d\166\x65\162\x73\151\157\x6e\x2d\165\160\x64\x61\x74\x65\56\x70\x68\160";
define("\x4d\x4f\137\117\101\x55\124\x48\137\120\x52\x45\x4d\111\x55\x4d\x5f\x43\123\123\x5f\112\123\x5f\126\105\x52\123\x49\x4f\x4e", mo_oauth_client_options_plugin_constants::Version);
use MoOauthClient\Base\BaseStructure;
use MoOauthClient\MOUtils;
use MoOauthClient\GrantTypes\JWTUtils;
use MoOauthClient\Base\InstanceHelper;
use MoOauthClient\MoOauthClientWidget;
use MoOauthClient\Free\MOCVisualTour;
use MoOauthClient\Free\CustomizationSettings;
global $Rg;
$tb = new InstanceHelper();
$Rg = $tb->get_utils_instance();
$gL = $Rg->get_plugin_config()->get_current_config();
$A2 = $tb->get_settings_instance();
$pA = new BaseStructure();
$tx = $tb->get_login_handler_instance();
$K6 = new CustomizationSettings();
$K6 = $K6->mo_oauth_custom_icons_intiater();
function register_mo_oauth_widget()
{
register_widget("\x5c\x4d\157\117\x61\x75\164\150\x43\154\151\x65\156\164\134\115\157\117\141\x75\x74\x68\x43\154\x69\145\x6e\164\x57\151\x64\x67\145\x74");
}
function mo_oauth_shortcode_login($S1)
{
global $Rg;
$ma = new MoOauthClientWidget();
if ($Rg->check_versi(4) && $Rg->mo_oauth_client_get_option("\x6d\x6f\137\157\141\165\164\150\137\x61\143\x74\151\166\x61\164\145\x5f\163\151\156\147\x6c\x65\x5f\154\157\147\x69\x6e\x5f\146\154\157\167")) {
goto wC7;
}
if (!(!empty($S1["\162\x65\x64\x69\162\x65\143\164\x5f\x75\x72\x6c"]) || !empty($S1["\142\x75\164\x74\157\156\137\164\145\170\x74"]))) {
goto bMa;
}
$bn = isset($S1["\x72\145\144\x69\x72\145\143\x74\x5f\x75\162\154"]) ? $S1["\162\x65\144\x69\162\145\143\x74\137\x75\x72\154"] : '';
$Gc = isset($S1["\x62\165\x74\x74\157\x6e\137\x74\145\x78\x74"]) ? $S1["\x62\165\164\x74\x6f\x6e\137\x74\145\170\164"] : '';
return $S1 && isset($S1["\141\x70\x70\x6e\x61\155\x65"]) && !empty($S1["\141\x70\x70\156\x61\x6d\x65"]) ? $ma->mo_oauth_login_form($go = true, $tJ = $S1["\141\160\x70\156\141\155\x65"], $bn, $Gc) : $ma->mo_oauth_login_form($go = false, $tJ = '', $bn, $Gc);
bMa:
return $S1 && isset($S1["\x61\x70\x70\x6e\x61\x6d\145"]) && !empty($S1["\141\160\160\156\141\155\x65"]) ? $ma->mo_oauth_login_form($go = true, $tJ = $S1["\x61\x70\x70\156\141\x6d\145"]) : $ma->mo_oauth_login_form(false);
goto rj2;
wC7:
return $ma->mo_activate_single_login_flow_form();
rj2:
}
add_action("\167\x69\144\147\145\x74\x73\x5f\x69\156\151\164", "\162\x65\x67\151\x73\164\145\x72\x5f\x6d\157\x5f\157\x61\165\x74\150\137\x77\151\x64\x67\145\x74");
add_shortcode("\155\157\137\157\141\165\164\x68\x5f\154\x6f\147\151\156", "\x6d\x6f\137\x6f\141\165\164\150\x5f\x73\x68\157\x72\x74\143\x6f\x64\145\x5f\154\157\x67\151\x6e");
add_action("\151\156\x69\x74", "\155\157\137\x67\x65\x74\137\x76\x65\162\163\x69\157\156\137\x6e\165\x6d\x62\x65\162");
add_action("\x69\x6e\151\164", "\155\157\137\157\141\x75\x74\x68\137\x66\x72\x6f\156\x74\x73\x6c\x6f");
add_action("\151\156\x69\164", "\155\x6f\x5f\x6f\x61\165\x74\x68\137\142\141\143\153\163\x6c\x6f");
function mo_get_version_number()
{
if (!(isset($_GET["\141\x63\164\151\x6f\156"]) && $_GET["\141\143\164\x69\x6f\156"] === "\x6d\x6f\x5f\166\145\162\x73\x69\157\x6e\x5f\x6e\x75\x6d\142\145\162" && isset($_GET["\x61\x70\151\x4b\145\x79"]) && $_GET["\141\160\x69\113\x65\171"] === "\x63\x32\60\x61\x37\144\x66\x38\66\x62\x33\144\64\144\61\141\x62\x65\x32\144\x34\x37\x64\x30\x65\x31\142\61\x66\70\x34\67")) {
goto BFL;
}
echo mo_oauth_client_options_plugin_constants::Version;
exit;
BFL:
}
function mo_oauth_frontslo()
{
$Rg = new MOUtils();
if (!($Rg->check_versi(4) && isset($_SERVER["\x52\x45\x51\x55\x45\x53\x54\x5f\125\x52\x49"]) && sanitize_url($_SERVER["\122\105\x51\x55\105\123\124\137\x55\122\x49"]) != NULL && strpos(sanitize_url($_SERVER["\122\x45\x51\125\x45\x53\124\137\125\122\x49"]), "\x66\162\x6f\156\x74\x63\150\x61\156\156\145\154\137\x6c\x6f\147\157\x75\x74") != false)) {
goto HX2;
}
$YM = get_current_user_id();
$Rp = get_user_meta($YM, "\x6d\x6f\x5f\x6f\141\165\164\150\137\143\154\x69\x65\x6e\164\137\x6c\141\163\164\x5f\151\144\x5f\164\x6f\153\145\x6e", true);
$lb = new JWTUtils($Rp);
$x2 = $lb->get_decoded_payload();
$XO = sanitize_url($_SERVER["\122\105\x51\125\105\123\x54\x5f\x55\122\x49"]);
$Iv = parse_url($XO);
parse_str($Iv["\161\165\145\162\x79"], $u3);
$Ls = $x2["\163\x69\144"];
$VZ = $u3["\x73\x69\144"];
if ($Ls === $VZ) {
goto dZ1;
}
$jm = array("\x63\157\144\145" => 400, "\144\x65\x73\143\x72\151\x70\x74\151\157\x6e" => "\x55\163\x65\x72\40\111\x64\40\156\157\x74\40\146\157\x75\156\x64");
wp_send_json($jm, 400);
goto VXb;
dZ1:
$N8 = '';
if (!isset($x2["\151\x61\164"])) {
goto iYQ;
}
$N8 = $x2["\151\141\164"];
iYQ:
if (!is_user_logged_in()) {
goto Qn4;
}
mo_slo_logout_user($YM);
Qn4:
VXb:
HX2:
}
function mo_oauth_backslo()
{
$Rg = new MOUtils();
if (!($Rg->check_versi(4) && isset($_SERVER["\122\105\121\125\105\x53\124\137\125\x52\111"]) && sanitize_url($_SERVER["\122\105\x51\x55\x45\x53\124\x5f\x55\122\x49"]) != NULL && strpos(sanitize_url($_SERVER["\122\x45\x51\x55\105\x53\x54\x5f\x55\122\111"]), "\x62\141\143\x6b\143\x68\141\156\156\145\x6c\x5f\154\157\147\157\165\x74") != false)) {
goto iFZ;
}
$D_ = file_get_contents("php://input");
$HD = explode("\75", $D_);
if (!(json_last_error() !== JSON_ERROR_NONE)) {
goto Msy;
}
$D_ = array_map("\145\163\x63\x5f\x61\x74\x74\x72", sanitize_post($_POST));
Msy:
if ($HD[0] == "\x6c\157\147\x6f\165\x74\x5f\x74\x6f\153\145\x6e") {
goto bbt;
}
$jm = array("\x63\x6f\144\145" => 400, "\x64\x65\x73\143\x72\151\160\164\x69\x6f\x6e" => "\x54\x68\145\x20\x4c\x6f\147\x6f\x75\x74\x20\x74\157\x6b\145\156\40\x69\163\40\x65\x69\x74\x68\x65\162\x20\x6e\x6f\x74\40\163\145\x6e\164\40\x6f\x72\40\x73\145\x6e\164\40\x69\156\x63\x6f\162\x72\x65\x63\164\154\x79\x2e");
wp_send_json($jm, 400);
goto Fqr;
bbt:
$aA = $HD[1];
$lb = new JWTUtils($aA);
$Xq = isset($_REQUEST["\x61\x70\160\156\x61\155\x65"]) && sanitize_text_field($_REQUEST["\141\x70\160\156\141\155\x65"]) != NULL ? sanitize_text_field($_REQUEST["\141\x70\160\156\141\155\145"]) : '';
$nn = false;
$s2 = $Rg->get_app_by_name($Xq);
$nn = $s2->get_app_config("\x6a\167\153\x73\165\162\x6c");
$ut = $s2->get_app_config("\x75\163\145\x72\156\141\155\145\x5f\x61\x74\164\162");
$x2 = $lb->get_decoded_payload();
$Im = '';
$Ls = '';
if (!isset($x2["\x73\165\x62"])) {
goto ZcI;
}
$Im = $x2["\x73\x75\142"];
ZcI:
if (!isset($x2["\x73\151\x64"])) {
goto ZH2;
}
$Ls = $x2["\x73\x69\144"];
ZH2:
$N8 = '';
if (!isset($x2["\x69\141\x74"])) {
goto DY0;
}
$N8 = $x2["\x69\141\x74"];
DY0:
global $wpdb;
if (isset($x2[$ut])) {
goto ak3;
}
if ($Im) {
goto eMD;
}
if ($Ls) {
goto ANw;
}
$jm = array("\143\x6f\144\x65" => 400, "\x64\145\x73\143\162\x69\x70\x74\151\x6f\156" => "\124\150\145\40\x6c\x6f\147\x6f\x75\164\x20\164\x6f\153\145\x6e\x20\x69\163\40\166\x61\x6c\x69\x64\x20\x62\x75\164\x20\x75\x73\145\162\x20\x6e\x6f\x74\x20\x69\144\x65\x6e\x74\151\146\x69\145\144\x2e");
wp_send_json($jm, 400);
goto SIE;
ANw:
$rJ = "\123\x45\x4c\105\103\x54\40\165\x73\145\x72\x5f\x69\144\x20\x46\122\x4f\115\40\x60\167\160\137\165\163\145\162\x6d\145\164\141\x60\x20\x57\110\105\x52\105\x20\x6d\x65\164\141\x5f\x76\141\x6c\165\145\75\x27{$Ls}\47\x20\141\x6e\x64\40\155\x65\164\x61\x5f\153\145\x79\75\x27\x6d\157\137\142\141\143\153\x63\150\141\x6e\x6e\145\154\137\x61\x74\x74\162\137\163\151\x64\x27\73";
$P_ = $wpdb->get_results($rJ);
$YM = $P_[0]->{"\165\x73\x65\162\x5f\x69\144"};
SIE:
goto AuH;
eMD:
$rJ = "\123\105\114\105\x43\x54\x20\x75\163\x65\x72\x5f\x69\144\40\x46\x52\117\115\x20\x60\167\160\137\165\163\x65\x72\x6d\x65\164\141\140\40\127\110\105\x52\105\40\x6d\x65\x74\x61\x5f\166\x61\x6c\165\145\75\x27{$Im}\x27\40\141\x6e\144\40\155\145\x74\x61\x5f\x6b\145\x79\x3d\47\155\x6f\x5f\x62\141\x63\x6b\x63\150\141\156\156\145\x6c\x5f\x61\164\x74\162\137\x73\x75\142\x27\x3b";
$P_ = $wpdb->get_results($rJ);
$YM = $P_[0]->{"\x75\163\x65\162\137\151\144"};
AuH:
goto DwJ;
ak3:
$YM = get_user_by("\x6c\157\x67\151\x6e", $jF)->ID;
DwJ:
if ($YM) {
goto p24;
}
$jm = array("\x63\x6f\144\145" => 400, "\144\x65\163\x63\x72\x69\160\x74\x69\157\156" => "\124\x68\x65\40\x6c\157\x67\157\165\164\x20\x74\157\153\x65\156\x20\151\163\40\166\x61\x6c\x69\144\x20\x62\x75\164\x20\165\163\x65\x72\40\156\157\x74\x20\151\144\145\156\164\x69\146\x69\x65\x64\56");
wp_send_json($jm, 400);
goto pXu;
p24:
mo_slo_logout_user($YM);
pXu:
Fqr:
iFZ:
}
function mo_slo_logout_user($YM)
{
$GU = WP_Session_Tokens::get_instance($YM);
$GU->destroy_all();
$jm = array("\143\157\x64\145" => 200, "\144\x65\163\x63\x72\151\x70\164\151\157\x6e" => "\124\150\x65\40\125\163\145\162\40\150\141\x73\x20\x62\145\145\156\x20\154\x6f\x67\x67\x65\144\x20\157\165\164\40\163\x75\143\x63\x65\x73\163\146\x75\x6c\x79\56");
wp_send_json($jm, 200);
}
function miniorange_oauth_visual_tour()
{
$Ad = new MOCVisualTour();
}
if (!($Rg->get_versi() === 0)) {
goto Orf;
}
add_action("\x61\x64\155\151\x6e\x5f\151\x6e\151\x74", "\155\x69\156\151\157\162\141\156\147\x65\x5f\157\141\x75\164\150\137\166\151\163\x75\141\x6c\x5f\164\157\165\162");
Orf:
function mo_oauth_deactivate()
{
global $Rg;
do_action("\x6d\x6f\137\143\154\x65\141\162\x5f\x70\x6c\x75\147\137\x63\141\143\x68\145");
$Rg->deactivate_plugin();
}
register_deactivation_hook(__FILE__, "\x6d\x6f\137\x6f\141\165\x74\x68\x5f\144\x65\x61\143\164\x69\x76\x61\x74\x65");
Function Calls
| None |
Stats
| MD5 | 767a651fb63268a34eb0d5b38c3d7d57 |
| Eval Count | 0 |
| Decode Time | 63 ms |