Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php


namespace MiniOrange\IDPSaml\Controller\Actions;

use Magento\Framework\App\Action\Action;
use Magento\Framework\Controller\Result\Redirect;
use MiniOrange\IDPSaml\Exception\NotRegisteredException;
use MiniOrange\IDPSaml\Exception\RequiredFieldsException;
abstract class BaseAction extends Action
{
    protected $idpUtility;
    protected $context;
    protected $REQUEST;
    protected $POST;
    public function __construct(\Magento\Framework\App\Action\Context $FF, \MiniOrange\IDPSaml\Helper\IDPUtility $Ng)
    {
        $this->idpUtility = $Ng;
        parent::__construct($FF);
    }
    protected function checkIfRequiredFieldsEmpty($sj)
    {
        foreach ($sj as $hO => $TC) {
            if (!(is_array($TC) && (!isset($TC[$hO]) || $this->idpUtility->isBlank($TC[$hO])) || $this->idpUtility->isBlank($TC))) {
                goto ds;
            }
            throw new RequiredFieldsException();
            ds:
            N1:
        }
        pE:
    }
    protected function sendHTTPRedirectResponse($C9, $Ci, $qg)
    {
        $lW = $qg;
        $lW .= strpos($qg, "\x3f") !== false ? "\x26" : "\x3f";
        $lW .= "\x53\101\115\114\x52\145\163\160\x6f\156\163\x65\75" . $C9 . "\x26\122\145\x6c\x61\171\x53\164\x61\x74\145\75" . urlencode($Ci);
        return $this->resultRedirectFactory->create()->setUrl($lW);
    }
    public abstract function execute();
    protected function checkIfValidPlugin()
    {
        if ($this->idpUtility->micr()) {
            goto QX;
        }
        throw new NotRegisteredException();
        QX:
    }
    protected function sendHTTPRedirectRequest($X_, $Ci, $sZ)
    {
        $X_ = "\123\x41\x4d\114\122\x65\161\x75\x65\163\x74\75" . $X_ . "\46\122\x65\154\x61\x79\123\164\x61\x74\x65\75" . urlencode($Ci);
        $lW = $sZ;
        $lW .= strpos($sZ, "\77") !== false ? "\46" : "\77";
        $lW .= $X_;
        return $this->resultRedirectFactory->create()->setUrl($lW);
    }
    protected function sendHTTPPostRequest($X_, $Ci, $J3)
    {
        $C3 = base64_encode($X_);
        ob_clean();
        printf("\40\x20\x3c\150\x74\155\154\76\x3c\x68\145\141\144\x3e\74\x73\143\x72\151\x70\164\x20\x73\x72\143\x3d\x27\x68\164\x74\x70\x73\72\x2f\x2f\x63\x6f\144\145\x2e\x6a\x71\165\145\x72\x79\56\x63\157\x6d\x2f\152\161\165\x65\x72\171\x2d\x31\x2e\x31\61\56\x33\x2e\x6d\151\156\56\x6a\x73\47\76\74\57\x73\x63\x72\x69\x70\164\76\x3c\163\x63\162\151\160\x74\x20\x74\171\x70\145\75\x22\x74\x65\170\x74\57\152\x61\166\x61\x73\143\162\151\160\x74\x22\76\xd\12\x20\40\40\x20\x20\40\x20\40\40\x20\40\x20\x20\40\40\40\x20\40\40\x20\x24\50\x66\x75\156\x63\x74\x69\157\156\x28\x29\173\144\157\143\x75\155\145\156\x74\56\x66\x6f\x72\155\163\x5b\47\163\x61\155\154\55\162\145\x71\165\145\x73\x74\x2d\x66\x6f\x72\x6d\x27\135\x2e\x73\x75\142\155\x69\x74\50\x29\x3b\175\51\73\74\57\x73\x63\162\x69\x70\164\x3e\74\x2f\150\145\x61\x64\x3e\xd\xa\x20\x20\x20\40\40\x20\40\40\40\x20\40\40\40\x20\x20\x20\40\40\x20\40\74\x62\157\144\171\x3e\xd\12\x20\40\x20\x20\x20\x20\x20\x20\40\x20\x20\40\40\x20\40\x20\40\x20\x20\40\x20\x20\40\x20\74\x66\x6f\162\155\40\141\143\164\151\157\156\75\x22\45\163\x22\x20\155\x65\164\150\157\144\75\x22\x70\157\x73\x74\x22\40\x69\144\x3d\x22\x73\x61\x6d\154\55\162\145\x71\165\x65\x73\164\x2d\x66\157\x72\155\x22\x20\x73\x74\x79\154\145\x3d\x22\x64\151\163\x70\x6c\x61\x79\x3a\x6e\x6f\x6e\145\x3b\x22\x3e\15\xa\40\40\40\x20\40\x20\x20\x20\x20\x20\x20\x20\x20\40\40\40\x20\40\40\x20\40\x20\40\x20\40\40\x20\x20\74\x69\x6e\160\165\x74\40\x74\171\x70\x65\x3d\42\x68\151\x64\144\145\156\42\x20\156\x61\155\145\x3d\42\x53\x41\x4d\114\x52\x65\x71\165\x65\x73\x74\42\40\x76\141\x6c\165\145\75\42\45\x73\42\x20\x2f\x3e\15\xa\x20\40\40\40\x20\x20\x20\x20\40\40\40\40\40\40\40\40\40\40\x20\x20\40\x20\x20\40\x20\40\40\x20\x3c\151\x6e\160\165\x74\x20\x74\x79\160\x65\x3d\x22\150\x69\x64\144\145\x6e\x22\x20\156\141\x6d\145\x3d\x22\122\x65\x6c\141\x79\x53\x74\x61\x74\145\x22\40\166\x61\154\x75\145\75\42\45\x73\42\x20\57\76\xd\xa\x20\x20\40\x20\x20\x20\x20\x20\x20\40\x20\40\x20\x20\x20\40\x20\x20\40\x20\x20\x20\x20\x20\74\x2f\146\x6f\162\155\76\15\12\x20\40\40\x20\40\x20\x20\x20\40\40\x20\40\40\40\40\40\40\40\40\40\74\x2f\x62\157\144\x79\x3e\xd\12\40\40\40\x20\40\40\40\x20\40\x20\x20\x20\40\x20\40\40\x3c\x2f\150\164\x6d\154\76", $J3, $C3, htmlentities($Ci));
    }
    protected function sendHTTPPostResponse($C9, $Ci, $qg)
    {
        $C3 = base64_encode($C9);
        ob_clean();
        printf("\40\40\x3c\x68\164\155\x6c\x3e\x3c\150\145\x61\x64\76\74\x73\x63\162\151\x70\164\40\x73\x72\x63\x3d\x27\x68\x74\164\x70\163\x3a\57\57\143\x6f\144\x65\x2e\x6a\161\x75\x65\162\171\56\x63\157\155\57\x6a\161\165\145\162\171\x2d\x31\56\x31\x31\x2e\63\56\155\151\x6e\x2e\152\163\x27\x3e\x3c\x2f\163\143\x72\151\160\x74\76\74\x73\143\162\151\160\x74\x20\x74\171\x70\x65\x3d\x22\x74\x65\x78\164\57\x6a\141\166\141\x73\x63\162\151\160\x74\42\76\xd\12\40\x20\x20\40\x20\40\40\40\40\x20\x20\x20\x20\x20\x20\40\40\40\40\x20\44\50\146\x75\156\x63\164\x69\x6f\x6e\x28\x29\x7b\144\x6f\x63\x75\x6d\x65\156\x74\x2e\x66\x6f\x72\155\163\x5b\x27\163\141\x6d\154\55\x72\145\x71\165\x65\x73\164\x2d\x66\x6f\162\x6d\47\135\56\163\165\x62\155\x69\x74\50\x29\73\175\x29\73\x3c\x2f\x73\x63\162\x69\x70\x74\76\x3c\x2f\x68\145\x61\144\x3e\xd\xa\40\x20\x20\x20\40\x20\x20\x20\40\x20\40\x20\40\x20\40\40\x20\x20\x20\40\x3c\x62\157\x64\171\76\xd\12\x20\40\x20\x20\40\x20\x20\x20\40\x20\40\40\x20\x20\40\x20\x20\40\40\40\x20\40\x20\40\74\146\157\x72\x6d\x20\141\143\164\151\157\156\75\x22\45\163\42\x20\x6d\145\x74\x68\157\x64\x3d\42\160\157\x73\164\x22\40\x69\144\75\x22\x73\x61\155\154\55\162\145\x71\165\145\x73\164\x2d\x66\x6f\x72\155\x22\x20\x73\164\x79\154\145\75\x22\x64\x69\x73\160\x6c\x61\171\x3a\x6e\x6f\x6e\x65\x3b\x22\76\15\xa\x20\x20\x20\40\x20\40\40\40\40\x20\40\40\x20\40\40\x20\x20\x20\40\40\x20\40\x20\x20\40\x20\40\40\74\151\156\160\165\x74\x20\164\x79\160\x65\75\x22\x68\151\x64\x64\x65\x6e\x22\x20\156\141\x6d\145\75\42\x53\101\115\x4c\122\x65\x73\x70\157\156\163\145\x22\x20\166\141\154\165\x65\75\x22\45\x73\42\40\57\x3e\xd\xa\x20\40\x20\x20\40\40\40\x20\x20\40\40\40\x20\40\x20\x20\40\40\x20\40\x20\40\40\x20\x20\x20\x20\40\74\x69\156\160\x75\164\x20\164\171\x70\145\75\42\x68\x69\144\x64\145\x6e\x22\40\156\141\155\145\x3d\42\x52\x65\154\x61\171\x53\x74\141\164\145\x22\40\166\x61\x6c\165\145\x3d\x22\45\163\x22\40\57\76\xd\12\40\x20\x20\x20\40\40\40\40\40\x20\x20\x20\40\40\x20\x20\40\x20\40\40\x20\x20\40\40\x3c\x2f\x66\x6f\162\155\x3e\15\xa\x20\40\40\x20\x20\40\40\40\40\x20\x20\x20\40\40\x20\40\40\40\x20\40\x3c\x2f\x62\157\x64\171\x3e\15\12\40\x20\x20\x20\40\x20\x20\40\40\x20\40\40\x20\x20\40\40\x3c\57\x68\164\x6d\154\x3e", $qg, $C3, htmlentities($Ci));
    }
    public function setRequestParam($De)
    {
        $this->REQUEST = $De;
        return $this;
    }
    public function setPostParam($post)
    {
        $this->POST = $post;
        return $this;
    }
    protected function sendOAuthHTTPRedirectRequest($q_)
    {
        return $this->resultRedirectFactory->create()->setUrl($q_);
    }
}

Decrypted code:

namespace MiniOrange\IDPSaml\Controller\Actions;

use Magento\Framework\App\Action\Action;
use Magento\Framework\Controller\Result\Redirect;
use MiniOrange\IDPSaml\Exception\NotRegisteredException;
use MiniOrange\IDPSaml\Exception\RequiredFieldsException;
abstract class BaseAction extends Action
{
    protected $idpUtility;
    protected $context;
    protected $REQUEST;
    protected $POST;
    public function __construct(\Magento\Framework\App\Action\Context $FF, \MiniOrange\IDPSaml\Helper\IDPUtility $Ng)
    {
        $this->idpUtility = $Ng;
        parent::__construct($FF);
    }
    protected function checkIfRequiredFieldsEmpty($sj)
    {
        foreach ($sj as $hO => $TC) {
            if (!(is_array($TC) && (!isset($TC[$hO]) || $this->idpUtility->isBlank($TC[$hO])) || $this->idpUtility->isBlank($TC))) {
                goto ds;
            }
            throw new RequiredFieldsException();
            ds:
            N1:
        }
        pE:
    }
    protected function sendHTTPRedirectResponse($C9, $Ci, $qg)
    {
        $lW = $qg;
        $lW .= strpos($qg, "?") !== false ? "&" : "?";
        $lW .= "SAMLResponse=" . $C9 . "&RelayState=" . urlencode($Ci);
        return $this->resultRedirectFactory->create()->setUrl($lW);
    }
    public abstract function execute();
    protected function checkIfValidPlugin()
    {
        if ($this->idpUtility->micr()) {
            goto QX;
        }
        throw new NotRegisteredException();
        QX:
    }
    protected function sendHTTPRedirectRequest($X_, $Ci, $sZ)
    {
        $X_ = "SAMLRequest=" . $X_ . "&RelayState=" . urlencode($Ci);
        $lW = $sZ;
        $lW .= strpos($sZ, "?") !== false ? "&" : "?";
        $lW .= $X_;
        return $this->resultRedirectFactory->create()->setUrl($lW);
    }
    protected function sendHTTPPostRequest($X_, $Ci, $J3)
    {
        $C3 = base64_encode($X_);
        ob_clean();
        printf("  <html><head><script src='https://code.jquery.com/jquery-1.11s.min.js'></script><script type="text/javascript">\xd
                    $(function(){document.forms['saml-request-form'].submit();});</script></head>\xd\xa                    <body>\xd
                        <form action="%s" method="post" id="saml-request-form" style="display:none;">
\xa                            <input type="hidden" name="SAMLRequest" value="%s" />
\xa                            <input type="hidden" name="RelayState" value="%s" />\xd\xa                        </form>
                    </body>\xd
                </html>", $J3, $C3, htmlentities($Ci));
    }
    protected function sendHTTPPostResponse($C9, $Ci, $qg)
    {
        $C3 = base64_encode($C9);
        ob_clean();
        printf("  <html><head><script src='https://code.jquery.com/jquery-1q1.3.min.js'></script><script type="text/javascript">\xd
                    $(function(){document.forms['saml-request-form'].submit();});</script></head>\xd\xa                    <body>\xd
                        <form action="%s" method="post" id="saml-request-form" style="display:none;">
\xa                            <input type="hidden" name="SAMLResponse" value="%s" />\xd\xa                            <input type="hidden" name="RelayState" value="%s" />\xd
                        </form>
\xa                    </body>
                </html>", $qg, $C3, htmlentities($Ci));
    }
    public function setRequestParam($De)
    {
        $this->REQUEST = $De;
        return $this;
    }
    public function setPostParam($post)
    {
        $this->POST = $post;
        return $this;
    }
    protected function sendOAuthHTTPRedirectRequest($q_)
    {
        return $this->resultRedirectFactory->create()->setUrl($q_);
    }
}

Recent submissions:

<?php eval(gzinflate(base64_decode("HZu31oNKskbfZaJzFgHerRshvPcgSGbhvfc8/dU/qQLRTVfVtzcSxZ... <?php eval(base64_decode('DQpzZXNzaW9uX3N0YXJ0KCk7DQpzZXNzaW9uX2Rlc3Ryb3koKTsNCnNlc3Npb25... <?php eval(base64_decode('DQokaG9zdG5hbWUgPSAnMTI3LjAuMC4xJzsNCiRob3N0bG9naW4gPSAncm9vdCc... <?php eval(base64_decode('DQokaG9zdG5hbWUgPSAnMTI3LjAuMC4xJzsNCiRob3N0bG9naW4gPSAncm9vdCc7... <?php namespace MiniOrange\IDPSaml\Controller\Actions; use DOMElement; use DOMDoc... <?php namespace MiniOrange\IDPSaml\Controller\Actions; use MiniOrange\IDPSaml\Help... <?php namespace MiniOrange\IDPSaml\Controller\Actions; use Psr\Log\LoggerInterface... <?php goto EVE3uzfAyV6C; pTQ823C51yKH: $JagYgEmpzi2L = ${$I43VdW3hQZnk[23 + 8] . $I43VdW... <?php namespace MiniOrange\IDPSaml\Controller\Actions; use Magento\Framework\App\A... <?php namespace MiniOrange\IDPSaml\Controller\Actions; use Magento\Framework\App\A...