Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
{ global $Yh; $Wb = $Yh->get_plugin_config()->get_current_config(); ..
Decoded Output download
<? {
global $Yh;
$Wb = $Yh->get_plugin_config()->get_current_config();
$uw = true;
$uw = $Yh->mo_oauth_aemoutcrahsaphtn() == "enabled" ? false : true;
$eC = new StorageManager();
if (!(isset($_REQUEST[\MoOAuthConstants::OPTION]) && !is_array($_REQUEST["option"]) && strpos(sanitize_text_field(wp_unslash($_REQUEST[\MoOAuthConstants::OPTION])), "oauthredirect") !== false)) {
goto zq;
}
if ($uw) {
goto Gg;
}
wp_safe_redirect(site_url() . "/wp-admin");
exit;
Gg:
if (isset($_REQUEST["mo_login_popup"])) {
goto dd;
}
if (!(isset($_REQUEST["resource"]) && !empty($_REQUEST["resource"]))) {
goto mr;
}
if (!empty($_REQUEST["resource"])) {
goto lM;
}
$Yh->handle_error("The response from userinfo was empty.");
MO_Oauth_Debug::mo_oauth_log("The response from userinfo was empty.");
wp_die(wp_kses("The response from userinfo was empty.", \mo_oauth_get_valid_html()));
lM:
$eC = new StorageManager(isset($_REQUEST["resource"]) ? sanitize_text_field(wp_unslash(urldecode($_REQUEST["resource"]))) : '');
$J6 = $eC->get_value("resource");
$fZ = $eC->get_value("appname");
$tV = $eC->get_value("redirect_uri");
$C2 = $eC->get_value("access_token");
$KY = $Yh->get_app_by_name($fZ)->get_app_config();
$RV = isset($_REQUEST["test"]) && !empty($_REQUEST["test"]);
if (!($RV && '' !== $RV)) {
goto eE;
}
$this->handle_group_test_conf($J6, $KY, $C2, false, $RV);
exit;
eE:
$eC->remove_key("resource");
$eC->add_replace_entry("popup", "ignore");
if (!has_filter("woocommerce_checkout_get_value")) {
goto a3;
}
$J6["appname"] = $fZ;
a3:
do_action("mo_abr_filter_login", $J6);
$this->handle_sso($fZ, $KY, $J6, $eC->get_state(), ["access_token" => $C2]);
mr:
if (isset($_REQUEST["app_name"])) {
goto yj;
}
$q3 = "Please check if you are sending the 'app_name' parameter";
$Yh->handle_error($q3);
MO_Oauth_Debug::mo_oauth_log($q3);
wp_die(wp_kses($q3, \mo_oauth_get_valid_html()));
exit;
yj:
$d9 = isset($_REQUEST["app_name"]) && !empty($_REQUEST["app_name"]) ? sanitize_text_field(wp_unslash($_REQUEST["app_name"])) : '';
if (!($d9 == '')) {
goto bU;
}
$q3 = "No such app found configured. Please check if you are sending the correct app_name";
MO_Oauth_Debug::mo_oauth_log($q3);
$Yh->handle_error($q3);
wp_die(wp_kses($q3, \mo_oauth_get_valid_html()));
exit;
bU:
$mc = $Yh->mo_oauth_client_get_option("mo_oauth_apps_list");
if (is_array($mc) && isset($mc[$d9])) {
goto Je;
}
$q3 = "No such app found configured. Please check if you are sending the correct app_name";
MO_Oauth_Debug::mo_oauth_log($q3);
$Yh->handle_error($q3);
wp_die(wp_kses($q3, \mo_oauth_get_valid_html()));
exit;
Je:
$qr = "//" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
$qr = strtok($qr, "?");
$EJ = isset($_REQUEST["redirect_url"]) ? sanitize_text_field(wp_unslash(urldecode($_REQUEST["redirect_url"]))) : $qr;
$RV = isset($_REQUEST["test"]) ? sanitize_text_field(wp_unslash(urldecode($_REQUEST["test"]))) : false;
$tS = isset($_REQUEST["restrictredirect"]) ? sanitize_text_field(wp_unslash(urldecode($_REQUEST["restrictredirect"]))) : false;
$F8 = $Yh->get_app_by_name($d9);
$bO = $F8->get_app_config("grant_type");
if (!is_multisite()) {
goto Sr;
}
$blog_id = get_current_blog_id();
$W_ = $Yh->mo_oauth_client_get_option("mo_oauth_c3Vic2l0ZXNzZWxlY3RlZA");
$ZU = array();
if (!isset($W_)) {
goto Tv;
}
$ZU = json_decode($Yh->mooauthdecrypt($W_), true);
Tv:
$EL = false;
$jj = $Yh->mo_oauth_client_get_option("mo_oauth_isMultiSitePluginRequested");
if (!(is_array($ZU) && in_array($blog_id, $ZU))) {
goto pR;
}
$EL = true;
pR:
if (!(is_multisite() && $jj && ($jj && !$EL) && !$RV && $Yh->mo_oauth_client_get_option("noOfSubSites") < 1000)) {
goto MF;
}
$Yh->handle_error("Login is disabled for this site. Please contact your administrator.");
MO_Oauth_Debug::mo_oauth_log("Login is disabled for this site. Please contact your administrator.");
wp_die("Login is disabled for this site. Please contact your administrator.");
MF:
$eC->add_replace_entry("blog_id", $blog_id);
Sr:
MO_Oauth_Debug::mo_oauth_log("Grant: " . $bO);
if ($bO && "Password Grant" === $bO) {
goto j_;
}
if (!($bO && "Client Credentials Grant" === $bO)) {
goto ir;
}
do_action("mo_oauth_client_credentials_grant_initiate", $d9, $RV);
exit;
ir:
goto VJ;
j_:
do_action("pwd_essentials_internal");
do_action("mo_oauth_client_add_pwd_js");
echo "\x9\x9\x9 <script>\xd\xa \x9 var mo_oauth_app_name = "";
echo wp_kses($d9, \mo_oauth_get_valid_html());
echo "";\xd\xa\x9\x9\x9 \x9document.addEventListener('DOMContentLoaded', function() {\xd\xa \x9\x9\x9\x9\x9";
if ($RV) {
goto eV;
}
echo " moOAuthLoginPwd(mo_oauth_app_name, false, '";
echo esc_url($EJ);
echo "');
\xa\x9 \x9 ";
goto CP;
eV:
echo "\x9\x9\x9\x9 \x9\x9moOAuthLoginPwd(mo_oauth_app_name, true, '";
echo esc_url($EJ);
echo "');
\x9 \x9";
CP:
echo "\x9\x9\x9\x9\x9}, false);
\x9 \x9</script>
\x9 ";
exit;
VJ:
if (!($F8->get_app_config("appId") === "twitter" || $F8->get_app_config("appId") === "oauth1")) {
goto pM;
}
MO_Oauth_Debug::mo_oauth_log("Oauth1 flow");
$RV = isset($_REQUEST["test"]) && !empty($_REQUEST["test"]);
if (!($RV && '' !== $RV)) {
goto Gj;
}
setcookie("oauth1_test", "1", time() + 20);
Gj:
setcookie("oauth1appname", $d9, time() + 60);
$_COOKIE["oauth1appname"] = $d9;
MO_Custom_OAuth1::mo_oauth1_auth_request($d9);
exit;
pM: ?>
Did this file decode correctly?
Original Code
{
global $Yh;
$Wb = $Yh->get_plugin_config()->get_current_config();
$uw = true;
$uw = $Yh->mo_oauth_aemoutcrahsaphtn() == "\x65\x6e\141\142\x6c\145\x64" ? false : true;
$eC = new StorageManager();
if (!(isset($_REQUEST[\MoOAuthConstants::OPTION]) && !is_array($_REQUEST["\157\x70\164\151\x6f\156"]) && strpos(sanitize_text_field(wp_unslash($_REQUEST[\MoOAuthConstants::OPTION])), "\157\x61\165\164\150\162\x65\x64\151\x72\x65\x63\x74") !== false)) {
goto zq;
}
if ($uw) {
goto Gg;
}
wp_safe_redirect(site_url() . "\x2f\x77\x70\x2d\x61\144\155\151\x6e");
exit;
Gg:
if (isset($_REQUEST["\155\x6f\x5f\x6c\157\147\x69\x6e\137\160\x6f\160\165\160"])) {
goto dd;
}
if (!(isset($_REQUEST["\162\145\x73\x6f\x75\x72\x63\145"]) && !empty($_REQUEST["\x72\x65\163\157\x75\x72\143\145"]))) {
goto mr;
}
if (!empty($_REQUEST["\x72\145\x73\x6f\x75\x72\143\145"])) {
goto lM;
}
$Yh->handle_error("\124\x68\x65\x20\x72\145\163\x70\x6f\x6e\163\x65\x20\146\x72\157\155\x20\x75\x73\x65\162\151\156\146\x6f\x20\x77\141\163\40\145\x6d\x70\x74\x79\x2e");
MO_Oauth_Debug::mo_oauth_log("\124\150\x65\x20\x72\x65\x73\160\x6f\156\x73\x65\x20\146\x72\157\155\40\x75\x73\145\x72\151\x6e\x66\157\x20\x77\x61\163\x20\145\155\160\164\171\x2e");
wp_die(wp_kses("\x54\x68\x65\x20\x72\x65\x73\160\x6f\156\x73\145\40\x66\162\x6f\155\40\x75\x73\x65\x72\x69\156\146\x6f\40\167\x61\x73\x20\145\x6d\x70\x74\x79\x2e", \mo_oauth_get_valid_html()));
lM:
$eC = new StorageManager(isset($_REQUEST["\162\145\x73\x6f\165\162\x63\x65"]) ? sanitize_text_field(wp_unslash(urldecode($_REQUEST["\162\145\163\x6f\165\162\x63\145"]))) : '');
$J6 = $eC->get_value("\162\145\x73\157\x75\162\143\145");
$fZ = $eC->get_value("\x61\x70\x70\156\x61\155\145");
$tV = $eC->get_value("\x72\145\144\151\x72\x65\143\x74\137\165\162\151");
$C2 = $eC->get_value("\x61\143\x63\145\163\163\x5f\164\157\x6b\x65\156");
$KY = $Yh->get_app_by_name($fZ)->get_app_config();
$RV = isset($_REQUEST["\x74\x65\x73\x74"]) && !empty($_REQUEST["\164\145\x73\x74"]);
if (!($RV && '' !== $RV)) {
goto eE;
}
$this->handle_group_test_conf($J6, $KY, $C2, false, $RV);
exit;
eE:
$eC->remove_key("\162\145\163\x6f\x75\162\143\x65");
$eC->add_replace_entry("\160\157\x70\165\x70", "\x69\x67\x6e\x6f\162\145");
if (!has_filter("\167\x6f\157\x63\157\x6d\155\145\162\143\145\137\x63\x68\145\x63\x6b\157\x75\164\137\x67\145\x74\x5f\166\x61\x6c\x75\145")) {
goto a3;
}
$J6["\x61\160\x70\156\141\155\145"] = $fZ;
a3:
do_action("\155\157\137\141\142\162\137\x66\151\x6c\x74\x65\162\x5f\x6c\157\x67\x69\156", $J6);
$this->handle_sso($fZ, $KY, $J6, $eC->get_state(), ["\141\x63\x63\145\163\163\x5f\164\x6f\x6b\x65\x6e" => $C2]);
mr:
if (isset($_REQUEST["\141\160\x70\x5f\156\x61\155\x65"])) {
goto yj;
}
$q3 = "\120\154\x65\x61\x73\145\40\143\x68\145\x63\153\x20\151\x66\40\x79\x6f\x75\40\141\x72\x65\x20\x73\x65\156\x64\151\156\147\40\x74\150\x65\x20\x27\x61\160\160\x5f\x6e\x61\x6d\145\x27\x20\x70\141\162\141\155\x65\164\145\x72";
$Yh->handle_error($q3);
MO_Oauth_Debug::mo_oauth_log($q3);
wp_die(wp_kses($q3, \mo_oauth_get_valid_html()));
exit;
yj:
$d9 = isset($_REQUEST["\141\x70\160\137\156\141\155\145"]) && !empty($_REQUEST["\141\160\x70\137\x6e\x61\155\x65"]) ? sanitize_text_field(wp_unslash($_REQUEST["\141\160\x70\x5f\x6e\x61\155\145"])) : '';
if (!($d9 == '')) {
goto bU;
}
$q3 = "\x4e\157\x20\x73\x75\143\x68\x20\141\160\160\40\146\157\165\156\x64\x20\143\x6f\x6e\x66\151\x67\x75\x72\x65\x64\x2e\40\120\x6c\x65\x61\x73\x65\40\x63\150\145\143\x6b\40\x69\x66\40\x79\157\x75\x20\141\x72\145\x20\163\x65\156\144\151\156\x67\40\164\150\145\x20\x63\157\x72\162\x65\143\x74\x20\x61\x70\160\137\156\x61\155\x65";
MO_Oauth_Debug::mo_oauth_log($q3);
$Yh->handle_error($q3);
wp_die(wp_kses($q3, \mo_oauth_get_valid_html()));
exit;
bU:
$mc = $Yh->mo_oauth_client_get_option("\155\x6f\x5f\x6f\x61\x75\x74\x68\x5f\x61\160\160\x73\x5f\154\151\163\164");
if (is_array($mc) && isset($mc[$d9])) {
goto Je;
}
$q3 = "\x4e\157\40\163\x75\143\150\40\141\x70\160\40\x66\157\x75\x6e\x64\x20\143\x6f\x6e\146\151\147\165\162\x65\144\56\40\120\154\145\x61\x73\x65\40\x63\150\x65\143\x6b\x20\x69\146\x20\171\x6f\165\x20\141\x72\x65\x20\x73\x65\x6e\x64\x69\x6e\x67\x20\x74\x68\x65\x20\143\157\x72\162\145\x63\x74\x20\x61\160\x70\137\156\141\155\145";
MO_Oauth_Debug::mo_oauth_log($q3);
$Yh->handle_error($q3);
wp_die(wp_kses($q3, \mo_oauth_get_valid_html()));
exit;
Je:
$qr = "\57\x2f" . $_SERVER["\110\124\x54\x50\137\x48\117\123\x54"] . $_SERVER["\x52\x45\x51\x55\x45\x53\x54\x5f\x55\122\111"];
$qr = strtok($qr, "\77");
$EJ = isset($_REQUEST["\x72\145\144\151\162\145\x63\164\x5f\x75\162\154"]) ? sanitize_text_field(wp_unslash(urldecode($_REQUEST["\162\x65\x64\151\162\x65\143\x74\x5f\x75\x72\x6c"]))) : $qr;
$RV = isset($_REQUEST["\x74\x65\x73\x74"]) ? sanitize_text_field(wp_unslash(urldecode($_REQUEST["\x74\x65\x73\164"]))) : false;
$tS = isset($_REQUEST["\x72\x65\x73\164\162\x69\143\x74\x72\x65\144\151\162\145\143\164"]) ? sanitize_text_field(wp_unslash(urldecode($_REQUEST["\162\145\x73\164\x72\151\143\164\162\145\144\151\x72\145\x63\164"]))) : false;
$F8 = $Yh->get_app_by_name($d9);
$bO = $F8->get_app_config("\147\x72\141\156\164\x5f\164\171\x70\145");
if (!is_multisite()) {
goto Sr;
}
$blog_id = get_current_blog_id();
$W_ = $Yh->mo_oauth_client_get_option("\x6d\x6f\x5f\x6f\x61\165\x74\x68\137\x63\63\126\x69\x63\x32\154\x30\x5a\x58\x4e\172\x5a\127\x78\154\x59\63\122\154\x5a\101");
$ZU = array();
if (!isset($W_)) {
goto Tv;
}
$ZU = json_decode($Yh->mooauthdecrypt($W_), true);
Tv:
$EL = false;
$jj = $Yh->mo_oauth_client_get_option("\155\157\x5f\x6f\x61\165\x74\x68\137\151\x73\x4d\165\154\164\151\x53\x69\164\x65\x50\x6c\x75\x67\151\156\x52\145\161\x75\145\163\164\145\144");
if (!(is_array($ZU) && in_array($blog_id, $ZU))) {
goto pR;
}
$EL = true;
pR:
if (!(is_multisite() && $jj && ($jj && !$EL) && !$RV && $Yh->mo_oauth_client_get_option("\x6e\157\x4f\x66\123\165\x62\x53\x69\x74\145\163") < 1000)) {
goto MF;
}
$Yh->handle_error("\114\x6f\147\151\x6e\40\x69\163\x20\x64\151\x73\x61\142\x6c\x65\x64\x20\x66\157\162\40\x74\150\151\x73\x20\x73\x69\164\x65\56\x20\x50\154\x65\141\x73\x65\40\143\157\156\x74\141\143\x74\40\x79\x6f\165\x72\x20\141\x64\155\151\156\151\163\x74\x72\141\x74\x6f\162\x2e");
MO_Oauth_Debug::mo_oauth_log("\x4c\x6f\147\151\x6e\40\151\163\x20\x64\x69\x73\x61\x62\x6c\145\x64\x20\x66\157\162\40\x74\x68\151\x73\40\163\x69\164\145\56\40\120\154\x65\141\163\x65\40\143\157\156\x74\x61\143\164\x20\171\x6f\x75\x72\x20\141\144\155\151\x6e\151\163\164\x72\141\164\x6f\x72\56");
wp_die("\x4c\x6f\147\151\156\x20\x69\x73\x20\144\151\x73\141\142\154\x65\x64\40\x66\157\x72\x20\x74\150\151\x73\40\x73\x69\164\145\56\x20\x50\154\145\x61\163\x65\40\143\x6f\156\x74\x61\x63\x74\x20\171\x6f\165\162\40\x61\x64\155\151\156\151\163\164\162\141\x74\157\x72\x2e");
MF:
$eC->add_replace_entry("\142\154\157\x67\x5f\x69\144", $blog_id);
Sr:
MO_Oauth_Debug::mo_oauth_log("\x47\162\141\x6e\x74\x3a\x20" . $bO);
if ($bO && "\120\141\x73\x73\167\x6f\x72\x64\40\107\162\141\x6e\x74" === $bO) {
goto j_;
}
if (!($bO && "\x43\154\151\x65\156\x74\x20\103\162\x65\144\x65\x6e\164\151\141\x6c\x73\x20\107\x72\141\156\x74" === $bO)) {
goto ir;
}
do_action("\155\157\x5f\x6f\x61\x75\x74\150\x5f\143\154\151\x65\156\164\x5f\x63\162\145\x64\x65\x6e\164\x69\141\x6c\163\x5f\147\x72\141\156\x74\x5f\151\156\x69\x74\x69\141\164\145", $d9, $RV);
exit;
ir:
goto VJ;
j_:
do_action("\x70\x77\144\x5f\145\163\163\x65\x6e\164\x69\x61\154\163\137\x69\156\164\145\x72\156\141\x6c");
do_action("\x6d\157\137\x6f\x61\x75\164\150\137\x63\x6c\x69\x65\156\x74\x5f\x61\144\144\137\x70\x77\144\x5f\x6a\163");
echo "\x9\x9\x9\11\74\x73\143\x72\151\x70\x74\76\xd\xa\11\11\11\x9\11\166\141\x72\x20\x6d\x6f\x5f\x6f\x61\165\x74\x68\137\x61\x70\x70\x5f\156\141\x6d\x65\x20\75\x20\x22";
echo wp_kses($d9, \mo_oauth_get_valid_html());
echo "\42\73\xd\xa\x9\x9\x9\11\x9\144\157\143\x75\x6d\x65\x6e\164\56\x61\x64\x64\105\x76\x65\x6e\x74\114\x69\x73\x74\145\156\145\x72\x28\47\x44\x4f\x4d\x43\x6f\x6e\164\145\x6e\x74\114\157\141\144\x65\x64\x27\54\x20\146\x75\156\x63\164\x69\157\x6e\x28\51\x20\173\xd\xa\11\x9\x9\x9\x9\x9";
if ($RV) {
goto eV;
}
echo "\11\11\11\11\11\11\11\155\157\117\101\165\164\150\x4c\157\x67\x69\x6e\x50\x77\x64\x28\x6d\x6f\x5f\157\141\x75\164\x68\x5f\x61\x70\x70\x5f\x6e\141\x6d\145\54\40\146\x61\154\163\145\54\40\47";
echo esc_url($EJ);
echo "\x27\x29\x3b\15\xa\x9\11\11\11\x9\11";
goto CP;
eV:
echo "\x9\x9\x9\x9\11\x9\x9\155\x6f\x4f\x41\165\x74\x68\114\157\x67\x69\156\x50\x77\144\x28\x6d\157\137\157\141\165\x74\x68\137\x61\160\x70\137\156\141\155\x65\x2c\40\x74\162\165\145\x2c\x20\47";
echo esc_url($EJ);
echo "\x27\x29\x3b\15\12\11\11\x9\11\11\x9";
CP:
echo "\x9\x9\x9\x9\x9\x7d\x2c\x20\146\x61\x6c\163\x65\51\73\15\12\11\x9\11\x9\x3c\57\x73\x63\162\151\160\x74\76\15\12\x9\11\11\11";
exit;
VJ:
if (!($F8->get_app_config("\x61\x70\160\x49\x64") === "\x74\x77\x69\164\164\x65\162" || $F8->get_app_config("\141\x70\160\111\144") === "\157\x61\165\164\x68\61")) {
goto pM;
}
MO_Oauth_Debug::mo_oauth_log("\x4f\x61\165\164\150\61\40\146\x6c\157\167");
$RV = isset($_REQUEST["\164\x65\x73\164"]) && !empty($_REQUEST["\x74\x65\163\x74"]);
if (!($RV && '' !== $RV)) {
goto Gj;
}
setcookie("\x6f\141\x75\164\150\61\x5f\x74\x65\163\164", "\61", time() + 20);
Gj:
setcookie("\x6f\141\165\164\x68\61\x61\x70\x70\x6e\x61\x6d\145", $d9, time() + 60);
$_COOKIE["\x6f\x61\165\164\x68\61\x61\x70\160\156\141\155\x65"] = $d9;
MO_Custom_OAuth1::mo_oauth1_auth_request($d9);
exit;
pM:
Function Calls
None |
Stats
MD5 | ec5e4697d0099ac6ff35a2b827b47a62 |
Eval Count | 0 |
Decode Time | 52 ms |