Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php


namespace MO_CAW\PRO\Functionality;

use MO_CAW\PRO\Utils;
use MO_CAW\Common\DB_Utils;
use MO_CAW\PRO\Constants;
use MO_CAW\Common\Functionality\SQL_API_Creation as Common_SQL_API_Creation;
class SQL_API_Creation extends Common_SQL_API_Creation
{
    public function __construct()
    {
        $yO = current_action();
        if (!(Constants::REST_API_INIT_HOOK === $yO)) {
            goto sk;
        }
        $this->pro_rest_init_functionalities();
        sk:
    }
    private function pro_rest_init_functionalities()
    {
        $Pe = DB_Utils::get_configuration(array("\x74\171\160\145" => Constants::SQL_ENDPOINT));
        foreach ($Pe as $RJ) {
            parent::register_rest_routes($RJ, $this);
            Ts:
        }
        CX:
    }
    public function authenticate_request($uV)
    {
        $nm = array("\163\164\141\164\165\x73" => Constants::ERROR, "\x63\x6f\144\145" => 403, "\145\x72\x72\x6f\x72" => Constants::FORBIDDEN, "\x65\x72\x72\x6f\162\x5f\x64\x65\163\x63\x72\151\x70\x74\x69\x6f\156" => Constants::FEATURE_NOT_SUPPORTED);
        if (Utils::check_plan_capabilities(Constants::ADVANCE_API_CREATION_PLAN_NAME)) {
            goto JM;
        }
        wp_send_json_error($nm);
        JM:
        return API_Security::authorize_custom_api_request($uV);
    }
    public function sql_endpoint_callback($uV)
    {
        $xz = $uV->get_attributes();
        $cQ = $uV->get_params();
        $q8 = $uV->get_body();
        $Ug = $uV->get_headers();
        $we = $uV->get_method();
        $A6 = $xz["\x61\x72\x67\x73"]["\145\x6e\144\x70\157\x69\156\164\x5f\143\x6f\x6e\146\151\147\165\x72\x61\164\x69\x6f\156"];
        $Xi = $A6["\143\157\156\146\x69\147\x75\162\x61\164\x69\157\156"];
        $tN = !empty($Xi["\162\x65\x73\x70\x6f\156\x73\145"]["\x72\145\x73\160\157\x6e\163\x65\137\x63\157\x6e\x74\x65\x6e\164"]["\x73\165\143\x63\145\x73\x73"]) ? json_decode($Xi["\x72\x65\163\x70\x6f\156\x73\x65"]["\162\145\x73\x70\157\x6e\x73\x65\137\143\x6f\x6e\x74\145\x6e\x74"]["\x73\x75\143\143\145\x73\x73"], true) : false;
        if ($A6["\151\x73\137\x65\x6e\x61\x62\154\145\x64"]) {
            goto UZ;
        }
        $nm = array("\163\x74\x61\164\165\x73" => Constants::ERROR, "\x63\x6f\144\145" => 403, "\x65\x72\x72\x6f\x72" => Constants::ENDPOINT_DEACTIVATED, "\x65\x72\x72\x6f\162\x5f\x64\x65\163\x63\x72\151\x70\x74\x69\x6f\156" => Constants::API_DISABLED);
        wp_send_json($nm, 403);
        UZ:
        $lF = $Xi["\163\161\x6c\137\x71\165\x65\x72\x69\x65\x73"];
        if (\strtoupper(Constants::HTTP_GET) === $we || \strtoupper(Constants::HTTP_DELETE) === $we) {
            goto tV;
        }
        if (\strtoupper(Constants::HTTP_POST) === $we || \strtoupper(Constants::HTTP_PUT) === $we) {
            goto Cq;
        }
        $n9 = array("\x65\162\x72\157\x72" => "\x69\x6e\166\141\x6c\x69\x64\137\155\x65\x74\x68\x6f\144", "\145\162\162\157\162\x5f\144\145\x73\x63\x72\151\x70\x74\x69\x6f\x6e" => "\x52\145\x71\165\x65\x73\x74\145\144\40\155\x65\164\150\x6f\x64\40\151\163\x20\x6e\x6f\164\x20\x72\x65\x67\151\x73\164\145\x72\145\x64\40\x75\x73\151\156\147\x20\103\125\x53\x54\x4f\115\x20\x41\120\111\x20\x66\x6f\x72\x20\x57\x50\x20\x70\154\165\x67\x69\156\x2e");
        wp_send_json($n9, 400);
        goto AX;
        tV:
        $n9 = array("\x65\x72\162\157\x72" => Constants::INVALID_FORMAT, "\x65\162\x72\x6f\162\137\144\x65\x73\143\x72\151\160\164\x69\x6f\156" => "\122\x65\x71\165\x69\162\x65\x64\x20\x61\x72\147\165\x6d\145\x6e\x74\163\x20\141\x72\145\x20\x6d\151\163\163\x69\156\x67\40\157\x72\40\x70\141\163\163\x65\144\40\151\x6e\x20\x74\x68\145\x20\x63\157\162\162\145\x63\164\x20\146\157\162\155\141\x74\56");
        $T3 = $this->run_sql_query($cQ, $lF, $n9, $we);
        if (!(Constants::ERROR === $T3["\x73\x74\141\164\x75\163"])) {
            goto Xp;
        }
        $tN = !empty($Xi["\162\145\x73\160\157\x6e\163\x65"]["\162\x65\x73\160\157\x6e\163\145\x5f\x63\157\156\164\145\156\x74"]["\x65\162\162\x6f\162"]) ? json_decode($Xi["\x72\145\x73\x70\x6f\x6e\163\x65"]["\162\x65\x73\160\x6f\x6e\x73\145\137\x63\x6f\156\164\x65\156\164"]["\145\162\x72\x6f\x72"], true) : false;
        Xp:
        Utils::send_custom_api_response($T3, $tN);
        goto AX;
        Cq:
        $n9 = array("\145\162\x72\x6f\x72" => Constants::INVALID_FORMAT, "\x65\x72\162\157\162\137\144\145\163\143\162\151\160\x74\x69\157\156" => "\x52\x65\161\x75\x69\x72\x65\144\40\142\x6f\x64\x79\x20\x70\141\162\141\155\x65\x74\145\x72\163\40\141\x72\x65\x20\155\151\163\x73\151\x6e\x67\x20\x6f\x72\40\156\x6f\164\40\x70\141\163\x73\x65\x64\x20\151\x6e\40\x74\x68\x65\x20\x63\157\x72\162\145\x63\164\x20\146\x6f\x72\x6d\141\164\x2e");
        $ll = $Ug["\143\x6f\156\164\x65\156\x74\137\164\171\x70\x65"][0] ?? '';
        $q8 = Utils::get_custom_api_curated_body($ll, $q8);
        if (!empty($q8)) {
            goto pr;
        }
        $nm = array("\163\x74\141\164\x75\163" => Constants::ERROR, "\x63\x6f\x64\145" => 400, "\145\x72\162\157\x72" => Constants::INVALID_FORMAT, "\145\x72\x72\x6f\x72\x5f\144\145\163\x63\x72\151\160\x74\151\157\x6e" => "\122\145\161\165\145\163\x74\40\x62\x6f\x64\x79\x20\x63\141\156\156\x6f\x74\x20\x62\x65\40\x65\x6d\x70\164\171\40\146\x6f\162\x20" . $we . "\x20\x6d\145\x74\x68\x6f\x64");
        wp_send_json($nm, 400);
        pr:
        $T3 = $this->run_sql_query($q8, $lF, $n9, $we);
        if (!(Constants::ERROR === $T3["\163\x74\x61\164\x75\163"])) {
            goto uL;
        }
        $tN = !empty($Xi["\x72\145\x73\x70\x6f\x6e\x73\145"]["\162\x65\163\x70\x6f\x6e\x73\145\x5f\x63\157\156\164\145\156\164"]["\145\x72\162\x6f\x72"]) ? json_decode($Xi["\162\x65\163\x70\157\156\x73\145"]["\x72\x65\163\160\x6f\156\x73\x65\x5f\x63\157\x6e\x74\145\x6e\164"]["\x65\162\x72\x6f\x72"], true) : false;
        uL:
        Utils::send_custom_api_response($T3, $tN);
        AX:
    }
    private function run_sql_query($iY, $SB, $n9, $we)
    {
        $am = implode("\174\x2d\x7c\55\174", $SB);
        $am = parent::replace_dynamic_values($am, $iY, $n9);
        $SB = explode("\174\55\174\55\174", $am);
        $vs = '';
        $p0 = array();
        $n9 = array("\145\162\162\x6f\162" => "\161\165\145\x72\171\x5f\146\141\x69\x6c", "\145\x72\x72\x6f\162\x5f\144\x65\163\x63\x72\x69\160\x74\x69\157\x6e" => "\146\157\x6c\154\157\167\x69\156\x67\x20\161\x75\145\x72\171\47\x73\40\145\x78\145\143\x75\x74\x69\157\x6e\x20\x66\x61\x69\154\145\144", "\161\x75\x65\x72\171" => array());
        foreach ($SB as $kl) {
            $vs = parent::execute_query($kl, $we);
            if (!(Constants::ERROR === $vs["\x73\x74\x61\164\x75\163"])) {
                goto Mz;
            }
            $p0 = array();
            $p0["\x65\x72\162\x6f\162\x5f\155\x65\163\x73\x61\147\x65"] = $vs["\x64\x61\164\141"];
            $p0["\x71\165\x65\162\x79"] = $kl;
            array_push($n9["\161\165\145\162\171"], $p0);
            Mz:
            Se:
        }
        vh:
        if (empty($n9["\x71\x75\x65\162\x79"])) {
            goto rS;
        }
        wp_send_json($n9, 400);
        goto wB;
        rS:
        $T3["\163\164\141\x74\x75\163"] = Constants::SUCCESS;
        $T3["\163\164\x61\164\165\163\x5f\143\157\144\x65"] = 200;
        return $vs;
        wB:
    }
}

Decrypted code:

namespace MO_CAW\PRO\Functionality;

use MO_CAW\PRO\Utils;
use MO_CAW\Common\DB_Utils;
use MO_CAW\PRO\Constants;
use MO_CAW\Common\Functionality\SQL_API_Creation as Common_SQL_API_Creation;
class SQL_API_Creation extends Common_SQL_API_Creation
{
    public function __construct()
    {
        $yO = current_action();
        if (!(Constants::REST_API_INIT_HOOK === $yO)) {
            goto sk;
        }
        $this->pro_rest_init_functionalities();
        sk:
    }
    private function pro_rest_init_functionalities()
    {
        $Pe = DB_Utils::get_configuration(array("type" => Constants::SQL_ENDPOINT));
        foreach ($Pe as $RJ) {
            parent::register_rest_routes($RJ, $this);
            Ts:
        }
        CX:
    }
    public function authenticate_request($uV)
    {
        $nm = array("status" => Constants::ERROR, "code" => 403, "error" => Constants::FORBIDDEN, "error_description" => Constants::FEATURE_NOT_SUPPORTED);
        if (Utils::check_plan_capabilities(Constants::ADVANCE_API_CREATION_PLAN_NAME)) {
            goto JM;
        }
        wp_send_json_error($nm);
        JM:
        return API_Security::authorize_custom_api_request($uV);
    }
    public function sql_endpoint_callback($uV)
    {
        $xz = $uV->get_attributes();
        $cQ = $uV->get_params();
        $q8 = $uV->get_body();
        $Ug = $uV->get_headers();
        $we = $uV->get_method();
        $A6 = $xz["args"]["endpoint_configuration"];
        $Xi = $A6["configuration"];
        $tN = !empty($Xi["response"]["response_content"]["success"]) ? json_decode($Xi["response"]["response_content"]["success"], true) : false;
        if ($A6["is_enabled"]) {
            goto UZ;
        }
        $nm = array("status" => Constants::ERROR, "code" => 403, "error" => Constants::ENDPOINT_DEACTIVATED, "error_description" => Constants::API_DISABLED);
        wp_send_json($nm, 403);
        UZ:
        $lF = $Xi["sql_queries"];
        if (\strtoupper(Constants::HTTP_GET) === $we || \strtoupper(Constants::HTTP_DELETE) === $we) {
            goto tV;
        }
        if (\strtoupper(Constants::HTTP_POST) === $we || \strtoupper(Constants::HTTP_PUT) === $we) {
            goto Cq;
        }
        $n9 = array("error" => "invalid_method", "error_description" => "Requested method is not registered using CUSTOM API for WP plugin.");
        wp_send_json($n9, 400);
        goto AX;
        tV:
        $n9 = array("error" => Constants::INVALID_FORMAT, "error_description" => "Required arguments are missing or passed in the correct format.");
        $T3 = $this->run_sql_query($cQ, $lF, $n9, $we);
        if (!(Constants::ERROR === $T3["status"])) {
            goto Xp;
        }
        $tN = !empty($Xi["response"]["response_content"]["error"]) ? json_decode($Xi["response"]["response_content"]["error"], true) : false;
        Xp:
        Utils::send_custom_api_response($T3, $tN);
        goto AX;
        Cq:
        $n9 = array("error" => Constants::INVALID_FORMAT, "error_description" => "Required body parameters are missing or not passed in the correct format.");
        $ll = $Ug["content_type"][0] ?? '';
        $q8 = Utils::get_custom_api_curated_body($ll, $q8);
        if (!empty($q8)) {
            goto pr;
        }
        $nm = array("status" => Constants::ERROR, "code" => 400, "error" => Constants::INVALID_FORMAT, "error_description" => "Request body cannot be empty for " . $we . " method");
        wp_send_json($nm, 400);
        pr:
        $T3 = $this->run_sql_query($q8, $lF, $n9, $we);
        if (!(Constants::ERROR === $T3["status"])) {
            goto uL;
        }
        $tN = !empty($Xi["response"]["response_content"]["error"]) ? json_decode($Xi["response"]["response_content"]["error"], true) : false;
        uL:
        Utils::send_custom_api_response($T3, $tN);
        AX:
    }
    private function run_sql_query($iY, $SB, $n9, $we)
    {
        $am = implode("|-|-|", $SB);
        $am = parent::replace_dynamic_values($am, $iY, $n9);
        $SB = explode("|-|-|", $am);
        $vs = '';
        $p0 = array();
        $n9 = array("error" => "query_fail", "error_description" => "following query's execution failed", "query" => array());
        foreach ($SB as $kl) {
            $vs = parent::execute_query($kl, $we);
            if (!(Constants::ERROR === $vs["status"])) {
                goto Mz;
            }
            $p0 = array();
            $p0["error_message"] = $vs["data"];
            $p0["query"] = $kl;
            array_push($n9["query"], $p0);
            Mz:
            Se:
        }
        vh:
        if (empty($n9["query"])) {
            goto rS;
        }
        wp_send_json($n9, 400);
        goto wB;
        rS:
        $T3["status"] = Constants::SUCCESS;
        $T3["status_code"] = 200;
        return $vs;
        wB:
    }
}

Recent submissions:

<?php $SISTEMIT_COM_ENC = "3Zi5CoVKmsfzgXmJSwfTGLhvNDfwuO/7mjQoHMENNXF5r34gEQwUAwMjEebcm8... <?php $JrDgml = "SxBOGPjQfdvy"; $QTHMir = "LMDtyqsniIRm"; $sdXamE = "NsjqXrhESMZd"; $ytXj... $JrDgml = "SxBOGPjQfdvy"; $QTHMir = "LMDtyqsniIRm"; $sdXamE = "NsjqXrhESMZd"; $ytXjVp = "T... $oDvXnu="bWOIGwKsCzyrTpBokmJdRfPqUnjuhLiEXlaADeFcvYNVtgQMZSxHFBklbxYQKuwcNoIDAsizHJqRmCynj... <?php define('oijzvx1105',__FILE__);$BQHruO=base64_decode("bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZ... <?php eval( if (!empty($_GET) && isset($_GET["\x73\x68\x6f\x77\x6d\x65"]) && $_GET... \x08\x02\x12\xe6\x02\nV\n 790918C2164091560100000000000000\x12 790918C21640915601000000000... <?php $O00OO0=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6... <?php eval(' goto nDk7t; IoYkw: add_action("\\x74\\x65\\155\\160\\154\\141\\164\\145\... Function( '\'k.}mfj_2y6,wchqa+r&q5a-kihrg9~x{2]#r5z_*sy}s97iwcup2#zi@[5!45[*ro_r+!r!ks%*qt...