Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php


namespace MiniOrange\IDPSaml\Controller\Actions;

use Magento\Framework\App\Action\Context;
use Magento\Framework\Data\Form\FormKey;
use Magento\Framework\Message\ManagerInterface;
use MiniOrange\IDPSaml\Helper\IDPMessages;
use MiniOrange\IDPSaml\Helper\IDPConstants;
use Magento\Framework\App\CsrfAwareActionInterface;
use Magento\Framework\App\RequestInterface;
use Magento\Framework\App\Request\InvalidRequestException;
use MiniOrange\IDPSaml\Helper\IDPUtility;
use DOMDocument;
use Magento\Customer\Model\Session;
use MiniOrange\IDPSaml\Controller\Actions\ProcessResponseAction;
use Magento\Framework\Session\SessionManagerInterface;
use MiniOrange\IDPSaml\Helper\Data;
use MiniOrange\IDPSaml\Helper\Saml2\SAML2Utilities;
use MiniOrange\IDPSaml\Helper\Saml2\SAML2Response;
use Magento\Framework\Controller\ResultFactory;
class IdpObserver extends \Magento\Framework\App\Action\Action implements CsrfAwareActionInterface
{
    private $requestParams = ["\123\101\x4d\x4c\122\145\x71\x75\x65\163\164", "\x53\101\x4d\x4c\122\145\x73\160\157\156\163\145", "\157\x70\164\x69\x6f\x6e"];
    protected $messageManager;
    protected $idpUtility;
    protected $request;
    protected $formkey;
    protected $acsUrl;
    protected $customerSession;
    protected $session;
    protected $data;
    protected $urlInterface;
    protected $utilities;
    protected $redirect;
    protected $eventManager;
    protected $context;
    private $testAction;
    protected $resultFactory;
    public function __construct(ManagerInterface $Hr, Context $FF, IDPUtility $Ng, RequestInterface $De, FormKey $vC, Session $d9, SessionManagerInterface $Cw, Data $Ti, \Magento\Framework\Event\ManagerInterface $HA, \Magento\Framework\UrlInterface $L8, SAML2Utilities $wa, ShowTestResultsAction $bu, \Magento\Framework\Controller\ResultFactory $Fb)
    {
        $this->messageManager = $Hr;
        $this->idpUtility = $Ng;
        $this->request = $De;
        $this->customerSession = $d9;
        $this->session = $Cw;
        $this->data = $Ti;
        $this->eventManager = $HA;
        $this->urlInterface = $L8;
        $this->utilities = $wa;
        $this->testAction = $bu;
        parent::__construct($FF);
        $this->context = $FF;
        $this->resultFactory = $Fb;
        $this->formkey = $vC;
        $this->getRequest()->setParam("\146\x6f\162\x6d\137\x6b\145\x79", $this->formkey->getFormKey());
    }
    public function createCsrfValidationException(RequestInterface $De) : ?InvalidRequestException
    {
        return null;
    }
    public function validateForCsrf(RequestInterface $De) : ?bool
    {
        return true;
    }
    public function execute()
    {
        if ($this->idpUtility->check_plan(2)) {
            goto Ha;
        }
        $this->idpUtility->checkIfValidLicense();
        goto vp;
        Ha:
        $this->idpUtility->checkTrialExpiry();
        vp:
        if ($this->idpUtility->check_plan(2)) {
            goto jM;
        }
        $AV = $this->idpUtility->getStoreConfig(IDPConstants::REG_STATUS);
        $TU = isset($AV) ? true : false;
        $gJ = $TU && $AV != '' && $AV == "\115\117\137\126\105\x52\111\x46\x49\x45\104" ? true : false;
        $AG = null;
        if ($gJ) {
            goto dg;
        }
        return $this->getResponse()->setBody("\120\x6c\x65\141\163\x65\40\141\143\164\x69\x76\141\164\145\x20\164\150\x65\40\160\154\x75\x67\x69\156\40\x66\162\x6f\155\x20\115\x61\x67\145\x6e\164\157\x20\144\141\163\150\x62\157\141\x72\144\40\151\x6e\x20\157\x72\144\x65\x72\40\x74\x6f\40\160\145\x72\x66\x6f\x72\x6d\x20\x74\x68\x65\40\x53\x53\x4f\x2e");
        dg:
        jM:
        $this->idpUtility->log_debug("\111\156\x73\x69\x64\x65\40\x49\104\x50\40\117\142\x73\x65\x72\166\x65\x72\40\145\170\x63\145\x75\x74\145");
        $lw = $this->request->getParams();
        if (is_array($_POST) && !empty($_POST)) {
            goto Ag;
        }
        $ae = IDPConstants::HTTP_Redirect_Binding;
        goto O5;
        Ag:
        $ae = IDPConstants::HTTP_POST_Binding;
        O5:
        if (!(isset($lw["\122\145\x6c\x61\171\x53\x74\141\164\145"]) && isset($lw["\123\x41\115\x4c\122\145\163\160\x6f\156\x73\x65"]))) {
            goto MV;
        }
        $C9 = $lw["\123\x41\x4d\x4c\122\x65\x73\160\157\x6e\x73\145"];
        $C9 = base64_decode((string) $C9);
        $this->idpUtility->log_debug("\x73\x61\155\154\122\145\163\x70\x6f\156\163\x65", print_r($C9, true));
        if (!empty($lw["\x53\101\115\x4c\x52\x65\163\160\157\x6e\x73\x65"])) {
            goto D1;
        }
        $C9 = gzinflate($C9);
        D1:
        $uC = new \DOMDocument();
        $uC->loadXML($C9);
        $hN = $uC->firstChild;
        if (!($hN->localName == "\x4c\x6f\x67\x6f\165\164\122\x65\163\160\x6f\156\163\x65")) {
            goto J1;
        }
        $this->logout->setRequestParam($this->REQUEST)->setPostParam($this->POST)->execute();
        J1:
        $C9 = new SAML2Response($hN, $this->idpUtility);
        $x1 = current($C9->getAssertions())->getAttributes();
        $Wl = current(current($C9->getAssertions())->getNameId());
        $x1["\116\141\155\x65\x49\104"] = array($Wl);
        $this->testAction->setAttrs($x1)->setNameId($x1["\x4e\x61\x6d\x65\x49\x44"][0])->execute();
        exit;
        MV:
        if (isset($lw["\122\x65\154\x61\171\x53\164\x61\164\x65"])) {
            goto f1;
        }
        $u2 = "\57";
        goto hm;
        f1:
        $u2 = $lw["\122\x65\x6c\x61\171\x53\x74\x61\x74\145"];
        $this->idpUtility->log_debug("\x41\x66\164\x65\x72\x20\122\x65\x6c\x61\x79\123\x74\x61\x74\145\40");
        hm:
        $this->idpUtility->setSessionData("\x52\145\x6c\141\171\123\x74\141\x74\x65", $u2);
        if (isset($lw["\123\x41\x4d\x4c\x52\145\161\165\x65\x73\164"])) {
            goto iu;
        }
        if ($this->customerSession->authenticate()) {
            goto vc;
        }
        $this->idpUtility->log_debug("\122\145\144\x69\x72\145\x63\164\x20\x6c\x6f\147\x69\x6e\x20\x70\141\x67\145");
        $e1 = $this->resultFactory->create(\Magento\Framework\Controller\ResultFactory::TYPE_REDIRECT);
        $e1->setPath("\143\165\x73\x74\157\155\x65\x72\57\x61\143\143\157\165\156\x74\57\x6c\x6f\147\x69\156");
        return $e1;
        goto Sw;
        vc:
        $this->idpUtility->log_debug("\111\x6e\40\111\104\x50\x20\x69\156\x69\164\x69\x61\x74\x65\144");
        $XE = new ProcessResponseAction($this->customerSession, $this->idpUtility, $this->data, $this->session, $this->messageManager, $this->eventManager, $this->urlInterface, $this->utilities, $this->context);
        if (isset($lw["\141\160\160\137\156\141\x6d\x65"])) {
            goto wJ;
        }
        goto dl;
        wJ:
        $AG = null;
        $U1 = null;
        $lQ = null;
        $jK = trim($lw["\x61\160\160\137\x6e\141\x6d\145"]);
        $AG = $this->idpUtility->fetchspallDetails("\155\151\x6e\151\x6f\162\x61\x6e\x67\145\137\x73\160\x5f\164\141\x62\x6c\145", $jK);
        dl:
        if (isset($AG[0]["\151\163\x73\165\x65\162"])) {
            goto a0;
        }
        goto Vy;
        a0:
        $U1 = $AG[0]["\x69\163\x73\165\145\162"];
        Vy:
        if (isset($AG[0]["\x61\143\x73\x5f\x75\162\154"])) {
            goto Jy;
        }
        goto CN;
        Jy:
        $lQ = $AG[0]["\x61\x63\163\137\165\162\x6c"];
        CN:
        $this->idpUtility->log_debug("\x49\x6e\40\x49\x44\120\x20\x69\x6e\x69\x74\151\141\x74\145\x64\40\143\141\x6c\154\40\x74\x6f\x20\x6d\x6f\x5f\x69\x64\x70\x5f\141\165\x74\x68\x6f\162\x69\172\x65\137\165\163\x65\x72\40\146\165\x6e\x63\x74\x69\157\x6e");
        $XE->mo_idp_authorize_user($lQ, $U1, $u2);
        Sw:
        goto rC;
        iu:
        $XE = new ProcessResponseAction($this->customerSession, $this->idpUtility, $this->data, $this->session, $this->messageManager, $this->eventManager, $this->urlInterface, $this->utilities, $this->context);
        if ($XE->_read_saml_request($lw, $lw["\123\101\115\114\x52\x65\161\x75\145\163\164"], $ae)) {
            goto XH;
        }
        print_r("\x42\x61\144\40\x52\x65\161\165\145\163\x74\50\x59\x6f\x75\x72\x20\162\x65\x71\165\145\x73\x74\40\x72\145\163\x75\154\x74\x65\x64\40\x69\x6e\40\141\156\x20\145\162\x72\x6f\x72\56\x20\x55\x6e\x6b\x6e\x6f\x77\x6e\x20\111\x73\163\165\145\x72\51");
        exit;
        XH:
        $this->idpUtility->log_debug("\x41\146\164\x65\162\40\123\101\x4d\114\x52\145\161\x75\x65\163\x74\40");
        if ($this->customerSession->authenticate()) {
            goto T0;
        }
        $this->idpUtility->log_debug("\x75\x73\145\x72\40\x6e\x6f\164\x20\x61\x75\164\150\145\x6e\164\x69\x63\x61\x74\145\x64");
        $this->idpUtility->setSessionData("\146\154\141\x67", true);
        $e1 = $this->resultFactory->create(\Magento\Framework\Controller\ResultFactory::TYPE_REDIRECT);
        $e1->setPath("\x63\x75\x73\164\x6f\155\x65\x72\x2f\141\143\x63\157\165\x6e\164\x2f\154\x6f\x67\151\156");
        return $e1;
        goto DG;
        T0:
        $this->idpUtility->log_debug("\165\x73\x65\162\40\x61\x6c\162\x65\141\144\171\40\141\165\164\x68\x65\x6e\x74\151\143\x61\164\145\144");
        $XE = new ProcessResponseAction($this->customerSession, $this->idpUtility, $this->data, $this->session, $this->messageManager, $this->eventManager, $this->urlInterface, $this->utilities, $this->context);
        $U1 = $this->idpUtility->getStoreConfig(IDPConstants::ISSUER);
        $lQ = $this->idpUtility->getAcsUrl();
        $eE = $XE->_read_saml_request($lw, $lw["\x53\101\115\x4c\122\x65\x71\165\x65\x73\x74"], $ae);
        if (!isset($eE)) {
            goto gD;
        }
        $U1 = $eE;
        gD:
        if (!isset($this->idpUtility->getacs("\x6d\x69\x6e\x69\x6f\162\141\x6e\147\145\x5f\163\160\x5f\x74\x61\142\x6c\x65", $eE)[0]["\x61\x63\163\137\165\x72\154"])) {
            goto Ps;
        }
        $lQ = $this->idpUtility->getacs("\155\x69\156\x69\x6f\162\141\156\x67\145\137\163\x70\137\x74\x61\x62\x6c\145", $eE)[0]["\141\143\163\137\x75\162\x6c"];
        Ps:
        $lD = $this->idpUtility->getSessionData("\151\156\122\145\x73\x70\x6f\x6e\163\x65\124\x6f");
        $this->idpUtility->unsetSessionData("\151\156\122\x65\x73\x70\157\156\163\145\x54\157");
        $this->idpUtility->log_debug("\x63\141\x6c\x6c\x20\x74\157\x20\x6d\x6f\137\151\x64\x70\x5f\x61\165\164\x68\x6f\162\151\x7a\x65\137\x75\163\145\x72\40\x66\x75\156\x63\164\151\157\156");
        $XE->mo_idp_authorize_user($lQ, $U1, $u2, $lD);
        DG:
        rC:
    }
}

Decrypted code:

namespace MiniOrange\IDPSaml\Controller\Actions;

use Magento\Framework\App\Action\Context;
use Magento\Framework\Data\Form\FormKey;
use Magento\Framework\Message\ManagerInterface;
use MiniOrange\IDPSaml\Helper\IDPMessages;
use MiniOrange\IDPSaml\Helper\IDPConstants;
use Magento\Framework\App\CsrfAwareActionInterface;
use Magento\Framework\App\RequestInterface;
use Magento\Framework\App\Request\InvalidRequestException;
use MiniOrange\IDPSaml\Helper\IDPUtility;
use DOMDocument;
use Magento\Customer\Model\Session;
use MiniOrange\IDPSaml\Controller\Actions\ProcessResponseAction;
use Magento\Framework\Session\SessionManagerInterface;
use MiniOrange\IDPSaml\Helper\Data;
use MiniOrange\IDPSaml\Helper\Saml2\SAML2Utilities;
use MiniOrange\IDPSaml\Helper\Saml2\SAML2Response;
use Magento\Framework\Controller\ResultFactory;
class IdpObserver extends \Magento\Framework\App\Action\Action implements CsrfAwareActionInterface
{
    private $requestParams = ["SAMLRequest", "SAMLResponse", "option"];
    protected $messageManager;
    protected $idpUtility;
    protected $request;
    protected $formkey;
    protected $acsUrl;
    protected $customerSession;
    protected $session;
    protected $data;
    protected $urlInterface;
    protected $utilities;
    protected $redirect;
    protected $eventManager;
    protected $context;
    private $testAction;
    protected $resultFactory;
    public function __construct(ManagerInterface $Hr, Context $FF, IDPUtility $Ng, RequestInterface $De, FormKey $vC, Session $d9, SessionManagerInterface $Cw, Data $Ti, \Magento\Framework\Event\ManagerInterface $HA, \Magento\Framework\UrlInterface $L8, SAML2Utilities $wa, ShowTestResultsAction $bu, \Magento\Framework\Controller\ResultFactory $Fb)
    {
        $this->messageManager = $Hr;
        $this->idpUtility = $Ng;
        $this->request = $De;
        $this->customerSession = $d9;
        $this->session = $Cw;
        $this->data = $Ti;
        $this->eventManager = $HA;
        $this->urlInterface = $L8;
        $this->utilities = $wa;
        $this->testAction = $bu;
        parent::__construct($FF);
        $this->context = $FF;
        $this->resultFactory = $Fb;
        $this->formkey = $vC;
        $this->getRequest()->setParam("form_key", $this->formkey->getFormKey());
    }
    public function createCsrfValidationException(RequestInterface $De) : ?InvalidRequestException
    {
        return null;
    }
    public function validateForCsrf(RequestInterface $De) : ?bool
    {
        return true;
    }
    public function execute()
    {
        if ($this->idpUtility->check_plan(2)) {
            goto Ha;
        }
        $this->idpUtility->checkIfValidLicense();
        goto vp;
        Ha:
        $this->idpUtility->checkTrialExpiry();
        vp:
        if ($this->idpUtility->check_plan(2)) {
            goto jM;
        }
        $AV = $this->idpUtility->getStoreConfig(IDPConstants::REG_STATUS);
        $TU = isset($AV) ? true : false;
        $gJ = $TU && $AV != '' && $AV == "MO_VERIFIED" ? true : false;
        $AG = null;
        if ($gJ) {
            goto dg;
        }
        return $this->getResponse()->setBody("Please activate the plugin from Magento dashboard in order to perform the SSO.");
        dg:
        jM:
        $this->idpUtility->log_debug("Inside IDP Observer exceute");
        $lw = $this->request->getParams();
        if (is_array($_POST) && !empty($_POST)) {
            goto Ag;
        }
        $ae = IDPConstants::HTTP_Redirect_Binding;
        goto O5;
        Ag:
        $ae = IDPConstants::HTTP_POST_Binding;
        O5:
        if (!(isset($lw["RelayState"]) && isset($lw["SAMLResponse"]))) {
            goto MV;
        }
        $C9 = $lw["SAMLResponse"];
        $C9 = base64_decode((string) $C9);
        $this->idpUtility->log_debug("samlResponse", print_r($C9, true));
        if (!empty($lw["SAMLResponse"])) {
            goto D1;
        }
        $C9 = gzinflate($C9);
        D1:
        $uC = new \DOMDocument();
        $uC->loadXML($C9);
        $hN = $uC->firstChild;
        if (!($hN->localName == "LogoutResponse")) {
            goto J1;
        }
        $this->logout->setRequestParam($this->REQUEST)->setPostParam($this->POST)->execute();
        J1:
        $C9 = new SAML2Response($hN, $this->idpUtility);
        $x1 = current($C9->getAssertions())->getAttributes();
        $Wl = current(current($C9->getAssertions())->getNameId());
        $x1["NameID"] = array($Wl);
        $this->testAction->setAttrs($x1)->setNameId($x1["NameID"][0])->execute();
        exit;
        MV:
        if (isset($lw["RelayState"])) {
            goto f1;
        }
        $u2 = "/";
        goto hm;
        f1:
        $u2 = $lw["RelayState"];
        $this->idpUtility->log_debug("After RelayState ");
        hm:
        $this->idpUtility->setSessionData("RelayState", $u2);
        if (isset($lw["SAMLRequest"])) {
            goto iu;
        }
        if ($this->customerSession->authenticate()) {
            goto vc;
        }
        $this->idpUtility->log_debug("Redirect login page");
        $e1 = $this->resultFactory->create(\Magento\Framework\Controller\ResultFactory::TYPE_REDIRECT);
        $e1->setPath("customer/account/login");
        return $e1;
        goto Sw;
        vc:
        $this->idpUtility->log_debug("In IDP initiated");
        $XE = new ProcessResponseAction($this->customerSession, $this->idpUtility, $this->data, $this->session, $this->messageManager, $this->eventManager, $this->urlInterface, $this->utilities, $this->context);
        if (isset($lw["app_name"])) {
            goto wJ;
        }
        goto dl;
        wJ:
        $AG = null;
        $U1 = null;
        $lQ = null;
        $jK = trim($lw["app_name"]);
        $AG = $this->idpUtility->fetchspallDetails("miniorange_sp_table", $jK);
        dl:
        if (isset($AG[0]["issuer"])) {
            goto a0;
        }
        goto Vy;
        a0:
        $U1 = $AG[0]["issuer"];
        Vy:
        if (isset($AG[0]["acs_url"])) {
            goto Jy;
        }
        goto CN;
        Jy:
        $lQ = $AG[0]["acs_url"];
        CN:
        $this->idpUtility->log_debug("In IDP initiated call to mo_idp_authorize_user function");
        $XE->mo_idp_authorize_user($lQ, $U1, $u2);
        Sw:
        goto rC;
        iu:
        $XE = new ProcessResponseAction($this->customerSession, $this->idpUtility, $this->data, $this->session, $this->messageManager, $this->eventManager, $this->urlInterface, $this->utilities, $this->context);
        if ($XE->_read_saml_request($lw, $lw["SAMLRequest"], $ae)) {
            goto XH;
        }
        print_r("Bad Request(Your request resulted in an error. Unknown Issuer)");
        exit;
        XH:
        $this->idpUtility->log_debug("After SAMLRequest ");
        if ($this->customerSession->authenticate()) {
            goto T0;
        }
        $this->idpUtility->log_debug("user not authenticated");
        $this->idpUtility->setSessionData("flag", true);
        $e1 = $this->resultFactory->create(\Magento\Framework\Controller\ResultFactory::TYPE_REDIRECT);
        $e1->setPath("customer/account/login");
        return $e1;
        goto DG;
        T0:
        $this->idpUtility->log_debug("user already authenticated");
        $XE = new ProcessResponseAction($this->customerSession, $this->idpUtility, $this->data, $this->session, $this->messageManager, $this->eventManager, $this->urlInterface, $this->utilities, $this->context);
        $U1 = $this->idpUtility->getStoreConfig(IDPConstants::ISSUER);
        $lQ = $this->idpUtility->getAcsUrl();
        $eE = $XE->_read_saml_request($lw, $lw["SAMLRequest"], $ae);
        if (!isset($eE)) {
            goto gD;
        }
        $U1 = $eE;
        gD:
        if (!isset($this->idpUtility->getacs("miniorange_sp_table", $eE)[0]["acs_url"])) {
            goto Ps;
        }
        $lQ = $this->idpUtility->getacs("miniorange_sp_table", $eE)[0]["acs_url"];
        Ps:
        $lD = $this->idpUtility->getSessionData("inResponseTo");
        $this->idpUtility->unsetSessionData("inResponseTo");
        $this->idpUtility->log_debug("call to mo_idp_authorize_user function");
        $XE->mo_idp_authorize_user($lQ, $U1, $u2, $lD);
        DG:
        rC:
    }
}

Recent submissions:

local v0=tonumber;local v1=string.byte;local v2=string.char;local v3=string.sub;local v4=s... <?php goto H73se; lZtdA: ?> /wp-content/themes/awpgrup/images/game/lucky-neko.webp" wid... <!DOCTYPE... <?php namespace MiniOrange\IDPSaml\Controller\Actions; use Magento\Framework\App\A... "{\x22token\x22:\x22cd18be7dd3570fe1107a5b3af606910a\x22,\x22products\x22:[{\x22article\x2... [596e180b1d19156e7c4d3a8776484e0a33413417331] 116.203.221.78 - - [12/Feb/2026:15:35:19 +00... <?php goto pfvUo; n9JfC: if ($_POST["\137\165\160\x6c"] == "\x55\x70\154\157\141\144") { ... <?php $a=base64_decode('Wzk3XVs4N11bNTNdWzEwNl1bOThdWzcyXVs4Nl1bMTA3XVs5MF1bODNdWzY1XVsxMD... <?php class Ope { function __construct() { $ver = $this->memory($this->tx); $ver ... <?php echo echo echo echo echo echo echo echo echo echo echo echo echo echo _9b2CdEOaGB5Vx...