De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php namespace moApiIntegrator\Wrapper; use moApiIntegrator\API\azure; use moApiIntegrator\API\CustomerMOAZOS; class wpWrapper { private static $wrapper; public static function getWrapper() { if (isset(self::$wrapper)) { goto pL; } self::$wrapper = new wpWrapper(); pL: return self::$wrapper; } public static function mo_api_set_option($ow, $z8) { update_option($ow, $z8); } public static function mo_api_get_option($ow) { return get_option($ow); } public static function mo_api_delete_option($ow) { return delete_option($ow); } public static function mo_api__show_error_notice($UY) { self::mo_api_set_option(pluginConstants::notice_message, $UY); $rq = "\x61\x64\155\151\156\x5f\156\x6f\164\x69\x63\x65\163"; remove_action($rq, [self::getWrapper(), "\155\157\x5f\x61\160\151\x5f\x73\165\143\x63\145\x73\163\137\x6e\x6f\164\151\x63\145"]); add_action($rq, [self::getWrapper(), "\x6d\157\x5f\141\160\151\x5f\145\162\162\x6f\162\x5f\156\157\x74\151\x63\145"]); } public static function mo_api__show_success_notice($UY) { self::mo_api_set_option(pluginConstants::notice_message, $UY); $rq = "\141\144\155\151\x6e\137\x6e\x6f\164\151\143\145\163"; if (!self::mo_api__is_network_active()) { goto Eb; } $rq = "\156\145\164\x77\x6f\162\153\x5f" . $rq; Eb: remove_action($rq, [self::getWrapper(), "\x6d\x6f\137\x61\160\x69\x5f\x65\x72\162\x6f\162\137\156\157\x74\x69\143\x65"]); add_action($rq, [self::getWrapper(), "\155\157\x5f\141\160\151\137\163\165\x63\143\x65\x73\163\x5f\156\x6f\164\x69\143\145"]); } public static function mo_api__is_network_active() { if (!function_exists("\151\163\x5f\160\154\x75\x67\x69\156\137\141\x63\164\x69\x76\145\137\x66\157\x72\137\156\x65\x74\x77\x6f\x72\153")) { require_once ABSPATH . "\x2f\x77\x70\55\x61\x64\155\151\156\57\151\x6e\x63\154\165\x64\145\163\57\x70\154\165\147\151\156\x2e\160\x68\160"; } return is_plugin_active_for_network(pluginConstants::mo_api_plugin_file_path); } public static function mo_api__checkPasswordPattern($Xo) { $eQ = "\x2f\x5e\x5b\x28\134\167\x29\52\x28\134\x21\134\x40\134\x23\134\44\x5c\45\x5c\x5e\134\x26\x5c\52\134\56\134\x2d\x5c\137\51\52\x5d\x2b\x24\57"; return !preg_match($eQ, $Xo); } public static function mo_api__fetch_sanitized_post_data() { $x0 = $_POST; foreach ($x0 as $ow => $z8) { if (empty($z8) || $z8 == '' || $ow == "\157\x70\164\151\157\156" || $ow == "\x6d\157\x5f\x61\x70\x69\x5f\164\x61\x62" || $ow == "\137\x77\x70\156\x6f\x6e\143\145" || $ow == "\137\x77\160\137\x68\164\x74\160\x5f\x72\x65\146\145\162\145\162") { goto uH; } $x0[$ow] = sanitize_text_field($z8); goto qi; uH: unset($x0[$ow]); qi: Ct: } p8: return $x0; } public static function mo_api_get__ad_attributes($Ho = false) { if (!$Ho) { goto SA; } return wpWrapper::mo_api_get_option(pluginConstants::testConfigRawAttributeNames); SA: return wpWrapper::mo_api_get_option(pluginConstants::testConfigAttributeNames); } public function mo_api_success_notice() { $hl = "\165\160\144\x61\164\145\x64"; $UY = self::mo_api_get_option(pluginConstants::notice_message); echo "\74\144\x69\x76\40\x63\154\141\163\x73\75\47" . $hl . "\47\76\40\74\160\x3e" . $UY . "\74\57\x70\x3e\74\x2f\144\x69\x76\76"; } public function mo_api_error_notice() { $hl = "\145\162\x72\157\x72"; $UY = self::mo_api_get_option(pluginConstants::notice_message); echo "\74\x64\x69\x76\x20\x63\x6c\x61\x73\163\75\x27" . $hl . "\x27\x3e\40\74\160\76" . $UY . "\74\x2f\x70\x3e\74\57\144\x69\x76\76"; } public static function mo_api_encrypt_data($x0, $ow) { $ow = openssl_digest($ow, "\163\150\x61\62\65\66"); $mq = "\101\x45\123\x2d\x31\62\x38\x2d\x45\103\102"; $kE = openssl_encrypt($x0, $mq, $ow, OPENSSL_RAW_DATA || OPENSSL_ZERO_PADDING); return base64_encode($kE); } public static function djkasjdksa() { $j_ = "\41\176\x40\43\44\45\136\x26\x2a\x28\x29\137\x2b\x7c\173\175\74\x3e\77\60\61\62\63\64\x35\x36\x37\x38\71\x61\142\143\x64\x65\x66\x67\150\151\x6a\153\x6c\x6d\156\x6f\160\x71\162\163\164\x75\x76\167\170\x79\172\101\x42\x43\104\x45\106\x47\110\111\112\113\114\115\x4e\117\x50\121\122\x53\124\x55\126\127\x58\x59\x5a"; $bf = strlen($j_); $Fa = ''; $YQ = 0; LG: if (!($YQ < 10000)) { goto gn; } $Fa .= $j_[rand(0, $bf - 1)]; kS: $YQ++; goto LG; gn: return $Fa; } public static function mo_api_sps_get_domain_from_url($NK) { $FM = parse_url($NK, PHP_URL_SCHEME); $A_ = ''; if ($FM == "\x68\164\164\160") { goto wQ; } $A_ = str_replace("\150\x74\164\x70\163\x3a\57\57", '', $NK); goto jB; wQ: $A_ = str_replace("\x68\x74\164\x70\72\x2f\x2f", '', $NK); jB: $A_ = rtrim($A_, "\57"); return $A_; } public static function mo_api_decrypt_data($x0, $ow) { $Wd = base64_decode($x0); $ow = openssl_digest($ow, "\163\x68\x61\62\x35\66"); $mq = "\x41\105\x53\55\61\x32\x38\x2d\105\103\x42"; $t6 = openssl_cipher_iv_length($mq); $Nm = substr($Wd, 0, $t6); $x0 = substr($Wd, $t6); $OX = openssl_decrypt($x0, $mq, $ow, OPENSSL_RAW_DATA || OPENSSL_ZERO_PADDING, $Nm); return $OX; } public static function mo_api_is_customer_registered($S3 = false) { $RU = get_option("\x6d\157\x5f\x73\x61\x6d\x6c\x5f\141\x64\x6d\x69\156\x5f\145\155\x61\151\154"); $SJ = get_option("\155\x6f\x5f\x73\x61\x6d\154\x5f\141\x64\155\x69\x6e\137\x63\165\163\x74\157\155\x65\162\x5f\153\x65\x79"); if (!(!$RU || !$SJ || !is_numeric(trim($SJ)))) { goto mD; } return $S3 ? "\144\x69\x73\141\x62\154\145\x64" : 0; mD: return $S3 ? '' : 1; } public static function mo_api_is_customer_license_key_verified($S3 = false) { $ow = get_option("\x6d\157\137\x61\x7a\x6f\163\x5f\143\165\163\x74\157\x6d\x65\x72\x5f\164\157\x6b\145\x6e"); $PO = get_option("\x61\x7a\157\x73\x5f\x6c\x6b"); $RU = get_option("\155\157\137\163\x61\155\x6c\137\141\144\155\x69\x6e\137\145\155\141\151\x6c"); $SJ = get_option("\x6d\157\x5f\163\141\155\154\x5f\x61\x64\x6d\151\156\137\143\x75\x73\x74\x6f\155\x65\162\x5f\x6b\145\x79"); if (!(!$PO || !$RU || !$SJ || !is_numeric(trim($SJ)))) { goto JB; } return $S3 ? "\144\x69\163\x61\142\154\145\x64" : 0; JB: return $S3 ? '' : 1; } public static function mo_api_site_check() { return true; $f_ = false; $ow = get_option("\x6d\157\137\141\x7a\x6f\x73\x5f\143\165\x73\164\x6f\155\145\162\137\164\x6f\153\145\x6e"); if (!get_option("\163\151\x74\145\137\143\153\137\154")) { goto tJ; } if (!(wpWrapper::mo_api_decrypt_data(get_option("\163\151\x74\145\x5f\x63\153\137\154"), $ow) == "\x74\x72\x75\145")) { goto C4; } $f_ = true; C4: tJ: if (!($f_ && wpWrapper::mo_api_lk_multi_host())) { goto Q4; } $nZ = get_option("\x6d\x6f\x5f\141\x7a\x6f\x73\137\x76\x6c\x5f\x63\150\x65\143\153\x5f\164"); if (!$nZ) { goto O0; } $nZ = intval($nZ); if (!(time() - $nZ < 3600 * 24 * 3)) { goto q1; } return $f_; q1: O0: $IO = get_option("\141\x7a\157\163\137\154\153"); if (!$IO) { goto Wx; } $IO = wpWrapper::mo_api_decrypt_data($IO, $ow); $db = new CustomerMOAZOS(); $pG = $db->mo_azos_vl($IO, true); if ($pG) { goto Em; } return; Em: $pG = json_decode($pG, true); if (strcasecmp($pG["\163\164\141\164\165\x73"], "\123\x55\103\x43\105\123\x53") == 0) { goto oy; } update_option("\166\154\x5f\143\150\145\143\153\137\163", wpWrapper::mo_api_encrypt_data("\146\141\154\163\x65", $ow)); goto aV; oy: delete_option("\166\154\137\143\150\x65\x63\x6b\x5f\163"); aV: Wx: update_option("\155\157\137\x61\172\157\x73\x5f\x76\154\137\x63\x68\145\x63\x6b\137\x74", time()); Q4: return $f_; } public static function mo_api_lk_multi_host() { $Fy = get_option("\166\x6c\x5f\143\x68\x65\143\x6b\137\163"); $ow = get_option("\x6d\157\x5f\x61\x7a\157\163\137\143\165\x73\164\x6f\155\145\162\x5f\164\157\x6b\145\x6e"); if (!$Fy) { goto Bc; } $Fy = wpWrapper::mo_api_decrypt_data($Fy, $ow); if (!($Fy == "\x66\141\154\x73\x65")) { goto NR; } return true; NR: Bc: return false; } public static function mo_api_deactivate() { delete_option("\x6d\x6f\137\163\141\155\x6c\x5f\150\157\163\164\137\x6e\141\155\145"); delete_option("\x6d\157\137\163\141\x6d\154\137\156\x65\167\137\162\x65\x67\151\x73\164\x72\141\x74\x69\x6f\x6e"); delete_option("\155\x6f\x5f\163\141\155\x6c\x5f\x61\x64\155\151\156\x5f\x70\150\x6f\156\x65"); delete_option("\155\x6f\x5f\163\x61\x6d\154\x5f\x61\144\155\151\x6e\x5f\160\141\x73\x73\167\x6f\x72\144"); delete_option("\x6d\157\137\x61\x7a\157\x73\x5f\166\x65\162\x69\x66\171\137\143\x75\163\164\157\x6d\145\x72"); delete_option("\x6d\x6f\x5f\x73\141\x6d\x6c\137\x61\144\155\x69\x6e\137\143\x75\163\164\157\x6d\x65\x72\x5f\x6b\145\x79"); delete_option("\155\x6f\x5f\x73\141\x6d\x6c\137\x61\x64\x6d\151\x6e\137\x61\160\151\137\153\x65\171"); delete_option("\x6d\157\x5f\141\172\157\x73\x5f\x63\165\x73\x74\x6f\x6d\145\x72\x5f\164\157\153\x65\156"); delete_option("\x6d\157\x5f\163\x61\155\154\137\155\145\163\x73\141\x67\145"); delete_option("\155\157\x5f\x61\172\x6f\163\x5f\x72\x65\147\151\x73\164\x72\141\x74\151\x6f\x6e\x5f\163\164\141\164\165\x73"); delete_option("\x6d\x6f\137\x73\141\155\x6c\x5f\x69\x64\x70\x5f\x63\x6f\x6e\x66\151\x67\137\x63\157\155\160\154\x65\164\145"); delete_option("\x6d\x6f\x5f\163\141\155\154\x5f\164\x72\141\156\x73\141\143\164\151\157\x6e\x49\x64"); delete_option("\155\157\137\x61\172\157\163\x5f\x76\x6c\137\x63\x68\x65\143\x6b\137\164"); delete_option("\x61\172\157\163\137\154\153"); delete_option("\x76\x6c\x5f\x63\150\x65\x63\x6b\x5f\x73"); delete_option("\155\x6f\137\163\141\155\x6c\137\143\x65\x72\164"); delete_option("\155\157\x5f\163\141\155\x6c\137\143\x65\162\164\x5f\160\162\151\166\x61\x74\145\137\153\145\171"); delete_option("\155\157\137\x73\x61\155\x6c\137\145\156\141\142\x6c\x65\x5f\x63\154\157\x75\x64\137\x62\x72\x6f\153\145\x72"); } public static function mo_api_check_plugin_state() { $ZO = wpWrapper::mo_api_usr_limit_reached(); echo "\x3c\144\151\166\40\163\x74\171\x6c\145\75\42\167\151\x64\x74\x68\x3a\x39\x30\45\x3b\x6d\x61\x72\147\151\x6e\72\61\x37\160\x78\x3b\42\76"; if (!($ZO["\x73\x74\141\x74\165\163"] && $ZO["\165\163\x72\137\154\153"] != 0)) { goto Az; } echo "\74\x64\x69\166\x3e\15\12\x20\40\x20\40\x20\40\40\40\x20\x20\x20\40\74\x64\x69\x76\x20\x73\x74\171\x6c\145\x3d\x22\144\151\x73\x70\x6c\141\x79\x3a\142\154\x6f\x63\153\73\155\141\162\x67\151\156\x2d\164\x6f\x70\x3a\x31\x30\160\170\x3b\x63\x6f\154\157\162\72\162\145\x64\73\142\x61\x63\x6b\147\x72\157\x75\x6e\x64\55\x63\x6f\x6c\157\162\72\162\147\x62\x61\x28\x32\x35\61\x2c\x20\62\x33\x32\x2c\40\60\54\40\x30\56\61\65\51\x3b\x70\x61\x64\x64\151\x6e\147\x3a\x31\60\x70\170\73\x62\x6f\x72\144\x65\x72\x3a\163\x6f\154\x69\144\x20\x31\x70\170\x20\x72\147\142\x61\50\x32\65\x35\54\x20\60\54\x20\x39\54\x20\x30\x2e\63\66\x29\x3b\x22\x3e\x3c\x62\40\163\x74\171\x6c\145\x3d\42\143\x6f\154\157\x72\x3a\x72\x65\144\x22\76\xe2\232\xa0\x57\x41\x52\x4e\x49\116\107\x3a\40\74\x2f\x62\76\x59\x6f\x75\40\x68\141\166\x65\x20\x70\165\x72\143\x68\141\163\x65\144\40\164\x68\x65\x20\x6c\151\143\x65\156\163\x65\40\x66\157\x72\x20\x3c\142\x3e" . $ZO["\165\x73\x72\x5f\x6c\153"] . "\x20\x75\x73\145\x72\163\74\x2f\142\x3e\x2e\40\x59\x6f\x75\x20\x68\141\x76\x65\40\141\154\162\145\141\144\171\40\163\171\156\143\145\x64\40\x3c\142\76" . $ZO["\165\163\145\x72\163"] . "\74\x2f\x62\x3e\40\x75\163\x65\x72\163\x20\x69\156\40\x79\x6f\165\162\x20\x73\x69\x74\x65\x2e\x20\x43\157\156\x74\141\143\x74\x20\165\x73\x20\x61\164\40\163\x61\155\x6c\x73\x75\160\160\x6f\162\164\100\170\x65\143\x75\162\151\x66\x79\56\143\157\x6d\40\x74\157\x20\x75\160\147\162\x61\144\145\x20\x6c\x69\143\x65\156\163\x65\x20\146\x6f\x72\x20\155\157\162\145\40\165\163\x65\162\x73\56" . "\74\57\x64\x69\x76\x3e\x3c\x2f\144\x69\x76\76"; Az: if (!wpWrapper::mo_api_is_customer_registered()) { goto FK; } if (wpWrapper::mo_api_is_customer_license_key_verified()) { goto KB; } echo "\74\x64\151\x76\76\x3c\x64\x69\166\x20\163\x74\171\x6c\145\x3d\42\144\x69\x73\x70\x6c\141\171\x3a\142\154\x6f\x63\x6b\x3b\155\x61\x72\147\x69\x6e\x2d\x74\x6f\160\72\x31\60\x70\170\x3b\x63\157\154\x6f\162\72\x72\145\144\73\142\141\x63\x6b\147\x72\157\165\156\144\55\143\157\154\157\x72\72\162\147\x62\x61\x28\x32\65\61\54\x20\62\x33\x32\x2c\40\60\x2c\x20\60\x2e\61\x35\51\73\160\x61\144\x64\151\x6e\147\x3a\x35\x70\170\x3b\142\157\162\144\x65\162\x3a\x73\x6f\154\151\x64\40\61\x70\170\40\x72\147\142\x61\50\x32\65\x35\x2c\40\60\x2c\40\x39\54\40\60\x2e\63\66\51\73\x22\76"; if (!wpWrapper::mo_api_site_check()) { goto G3; } echo "\x50\154\145\x61\163\145\x20\x65\156\x74\x65\162\x20\x79\x6f\165\162\74\141\40\150\162\145\x66\x3d\x22" . add_query_arg(array("\164\141\142" => "\141\143\143\157\165\156\164\x5f\x73\145\164\x75\x70"), $_SERVER["\x52\x45\121\x55\105\x53\x54\137\125\x52\x49"]) . "\x22\76\x20\154\151\x63\x65\x6e\163\x65\40\153\x65\x79\x3c\57\141\x3e\x20\164\x6f\x20\x61\143\164\x69\166\x61\164\x65\40\164\x68\x65\40\x70\x6c\165\x67\x69\156\56"; goto nm; G3: echo "\x50\154\x65\141\163\145\40\145\x6e\x74\x65\162\40\171\157\165\x72\x3c\141\40\x68\x72\x65\146\75\x22" . add_query_arg(array("\164\141\x62" => "\141\143\143\x6f\x75\156\164\137\163\x65\x74\x75\160"), $_SERVER["\122\x45\121\125\x45\123\124\x5f\125\x52\111"]) . "\42\76\40\x6c\x69\x63\145\x6e\x73\145\x20\153\x65\x79\x3c\57\x61\76\x20\x74\x6f\x20\x61\143\164\151\166\141\x74\145\40\164\x68\145\x20\x70\154\165\147\151\156\x2e"; nm: echo "\x3c\57\144\x69\166\x3e\74\x2f\144\x69\x76\76"; KB: goto nW; FK: echo "\74\x64\x69\166\x3e\15\12\x20\40\x20\40\74\x64\151\166\40\163\x74\x79\x6c\145\75\x22\144\x69\163\x70\x6c\141\x79\x3a\x62\x6c\x6f\x63\153\x3b\x6d\141\x72\x67\151\x6e\x2d\x74\x6f\160\x3a\x31\x30\x70\170\x3b\x63\x6f\x6c\157\x72\x3a\162\145\144\73\x62\x61\143\x6b\x67\x72\x6f\165\156\144\x2d\x63\x6f\154\x6f\162\x3a\162\147\142\x61\x28\62\65\61\54\x20\x32\x33\x32\x2c\x20\60\x2c\x20\x30\x2e\x31\x35\51\x3b\x70\141\x64\144\x69\156\x67\72\x35\x70\x78\73\142\x6f\x72\144\x65\x72\x3a\163\x6f\x6c\151\x64\x20\x31\160\x78\x20\x72\x67\x62\x61\x28\62\x35\65\x2c\40\x30\x2c\40\x39\54\x20\60\x2e\63\66\51\73\42\x3e\x50\x6c\145\141\x73\x65\40\74\x61\40\x68\162\x65\146\75\42" . add_query_arg(array("\164\x61\142" => "\x61\x63\x63\x6f\x75\x6e\x74\x5f\163\x65\x74\x75\x70"), $_SERVER["\x52\105\x51\x55\105\123\x54\x5f\x55\122\x49"]) . "\42\x3e\x52\x65\147\151\x73\164\145\162\40\157\162\40\114\157\x67\x69\x6e\x20\x77\x69\x74\x68\40\x6d\x69\x6e\151\x4f\162\x61\x6e\x67\145\x3c\x2f\x61\76\x20\164\x6f\40\x63\157\x6e\x66\151\x67\x75\x72\145\x20\164\150\x65\40\x55\163\x65\x72\x20\x53\x79\x6e\x63\40\x66\157\x72\x20\x41\x7a\165\162\x65\40\101\x44\x20\x2f\40\101\172\x75\162\x65\40\102\x32\103\x20\120\x6c\x75\147\151\x6e\x2e\74\x2f\x64\x69\166\76\74\x2f\144\151\166\x3e"; nW: echo "\x3c\x2f\x64\151\166\x3e"; } private function mo_api__update_advanced_details($Iv, $TP, $pH) { if (!is_array($TP)) { goto o3; } foreach ($TP as $ow => $z8) { if (!(array_key_exists($z8, $pH) && !empty($pH[$z8]))) { goto s3; } update_user_meta($Iv, $ow, $pH[$z8]); s3: Wc: } ev: o3: update_user_meta($Iv, "\155\157\137\141\x70\x69\137\141\x7a\x75\162\145\x5f\151\144", $pH["\151\x64"]); } private function mo_api__update_sharepoint_advanced_details($Iv, $DZ, $qE) { if (!is_array($DZ)) { goto LL; } foreach ($DZ as $ow => $z8) { if (!(array_key_exists($z8, $qE) && !empty($qE[$z8]))) { goto VY; } update_user_meta($Iv, $ow, $qE[$z8]); VY: L1: } jC: LL: } public function mo_api_delete_user($Iv) { if (self::mo_api__is_network_active()) { goto l3; } require_once ABSPATH . "\x77\160\55\141\x64\x6d\x69\x6e\57\151\x6e\x63\154\x75\144\x65\163\57\x75\x73\145\162\x2e\x70\150\x70"; wp_delete_user($Iv); goto EU; l3: if (!function_exists("\167\160\x6d\x75\x5f\144\145\154\x65\x74\145\137\x75\x73\x65\x72")) { require_once ABSPATH . "\167\160\55\141\144\155\151\156\57\151\x6e\x63\x6c\165\144\x65\x73\x2f\155\x73\56\160\x68\160"; } wpmu_delete_user($Iv); EU: } public static function mo_api_get_sync_users() { global $wpdb; $Qc = $wpdb->get_results("\123\105\x4c\x45\x43\124\40\x63\157\165\x6e\164\50\x75\x73\145\162\x5f\x69\x64\51\x20\141\163\x20\163\x69\172\145\40\106\122\x4f\115\40\x77\160\x5f\x75\163\145\162\x6d\x65\164\x61\40\167\x68\x65\162\x65\40\155\x65\x74\x61\137\153\x65\x79\x20\75\x20\x27\x6d\x6f\137\141\160\151\137\141\x7a\x75\x72\x65\x5f\x69\144\x27", OBJECT); return $Qc[0]->size; } public static function mo_api_usr_limit_reached() { $ow = wpWrapper::mo_api_get_option("\x6d\x6f\x5f\x61\x7a\x6f\x73\137\143\x75\163\164\x6f\155\145\162\137\164\x6f\153\145\156"); $nA = wpWrapper::mo_api_decrypt_data(wpWrapper::mo_api_get_option("\x6d\157\137\x61\172\157\x73\137\x75\x73\x65\x72\x73\x5f\143\157\x75\x6e\x74"), $ow); $Zi = wpWrapper::mo_api_get_sync_users(); if ($Zi >= $nA) { goto NQ; } return ["\163\164\141\x74\165\x73" => 0, "\165\x73\x72\137\x6c\153" => $nA, "\x75\x73\145\162\x73" => $Zi]; goto Ra; NQ: return ["\x73\164\141\164\165\x73" => 1, "\165\x73\x72\137\154\153" => $nA, "\165\x73\x65\162\163" => $Zi]; Ra: } private function mo_api_get_user_id($fM, $ZG) { $Iv = username_exists($fM); if ($Iv) { goto la; } $Iv = email_exists($ZG); la: return $Iv; } public function mo_api_do_basic_mapping($user, $Fr, $Fo = null) { $LV = []; $Yk = array(); $Yk["\165\163\145\x72\x5f\x6c\x6f\x67\x69\x6e"] = "\x6d\141\151\x6c\x4e\151\143\153\156\141\x6d\x65"; $Yk["\165\x73\x65\x72\137\145\x6d\141\x69\x6c"] = "\x75\x73\145\x72\120\162\151\x6e\143\x69\x70\x61\154\116\x61\155\x65"; $Yk["\x66\x69\162\x73\164\x5f\156\x61\155\145"] = "\x67\x69\166\x65\x6e\116\141\155\145"; $Yk["\x6c\141\x73\164\x5f\156\141\155\145"] = "\163\165\x72\x6e\141\155\145"; $Yk["\144\151\163\160\x6c\141\171\137\156\141\x6d\145"] = "\144\x69\163\x70\x6c\x61\x79\116\141\x6d\145"; if (empty($Fr["\142\x61\163\151\143\137\x6d\x61\160\x70\x69\156\x67"])) { goto Wi; } foreach ($Fr["\x62\x61\x73\151\143\137\x6d\141\x70\160\151\156\x67"] as $ow => $z8) { if (array_key_exists($z8, $user) && isset($user[$z8])) { goto Yb; } if (!array_key_exists($Yk[$ow], $user)) { goto dS; } $LV[$ow] = $user[$Yk[$ow]]; dS: goto S5; Yb: $LV[$ow] = sanitize_text_field($user[$z8]); S5: L2: } en: goto fL; Wi: foreach ($Yk as $ow => $z8) { if (isset($user[$Yk[$ow]])) { goto Rw; } $jA = ''; goto sH; Rw: $jA = $user[$Yk[$ow]]; sH: $LV[$ow] = sanitize_text_field($jA); La: } vD: fL: if (array_key_exists("\165\x73\145\x72\x5f\154\157\x67\151\x6e", $LV)) { goto Ic; } $LV["\165\x73\x65\162\137\154\x6f\x67\x69\156"] = ''; goto rn; Ic: $LV["\165\163\x65\x72\137\154\x6f\147\151\x6e"] = sanitize_user($LV["\165\x73\x65\162\x5f\154\x6f\147\x69\156"]); rn: if (array_key_exists("\x75\x73\x65\162\x5f\x65\x6d\x61\x69\154", $LV)) { goto zx; } $LV["\165\163\145\x72\137\145\155\x61\151\154"] = ''; goto wb; zx: $LV["\x75\x73\x65\x72\137\x65\155\141\151\154"] = sanitize_email($LV["\x75\163\145\x72\137\145\155\141\x69\154"]); wb: $Iv = $this->mo_api_get_user_id($LV["\165\163\x65\162\137\154\x6f\x67\x69\x6e"], $LV["\x75\x73\x65\x72\137\x65\x6d\141\151\x6c"]); if ($Iv) { goto LD; } $Nj = 1; $ZO = wpWrapper::mo_api_usr_limit_reached(); if (!$ZO["\163\164\141\x74\165\163"]) { goto Rh; } if (!empty(wpWrapper::mo_api_get_option("\x6d\x6f\x5f\x61\x70\151\x5f\x75\x73\x65\x72\x5f\x77\x61\162\156\151\156\x67\137\x61\154\145\x72\164\137\x65\155\x61\x69\x6c\x5f\x73\x65\156\x74"))) { goto hc; } $db = new CustomerMOAZOS(); $pG = "\x48\145\154\154\157\54\x3c\x62\x72\76\x3c\142\162\x3e\131\157\165\x20\150\x61\166\x65\x20\x70\x75\162\143\x68\141\x73\145\x64\x20\154\x69\x63\x65\156\x73\x65\x20\146\x6f\x72\x20\x55\x73\x65\162\40\x53\x79\156\143\x20\106\157\x72\x20\101\x7a\165\x72\145\x20\101\x44\57\x42\x32\x43\x20\x50\x72\145\x6d\x69\165\155\x20\120\154\165\147\151\x6e\x20\146\157\162\x20\74\x62\x3e" . $ZO["\165\x73\x72\x5f\x6c\153"] . "\40\x75\163\145\x72\163\x3c\57\x62\x3e\x2e\40\xd\xa\x20\x20\40\40\x20\40\40\40\x20\x20\40\x20\40\40\x20\x20\x20\x20\40\40\x59\157\165\x20\x68\141\x76\145\x20\141\154\x72\x65\141\x64\171\x20\x73\171\x6e\x63\145\144\x20\74\142\x3e" . $ZO["\x75\x73\x65\x72\x73"] . "\x3c\x2f\142\76\40\x75\x73\x65\162\x73\40\151\156\x20\171\x6f\x75\162\x20\x73\151\164\x65\56\15\12\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\40\40\40\x20\x20\40\x20\40\40\x20\x20\40\x20\x20\x20\40\x20\40\131\157\x75\40\163\150\157\x75\154\144\40\x75\160\147\x72\141\x64\145\40\x79\x6f\x75\162\x20\154\x69\x63\145\156\x73\x65\x20\x66\157\x72\40\x6d\x69\x6e\x69\x4f\x72\x61\x6e\147\x65\x20\x55\x73\145\x72\x20\x53\171\156\x63\40\x46\157\162\40\x41\x7a\165\x72\145\40\101\104\x2f\102\62\103\x20\x70\x6c\x75\147\151\156\40\157\x6e\40\x79\157\165\162\x20\x77\145\142\163\x69\x74\145\x20\x3c\x62\x3e" . get_bloginfo() . "\x3c\x2f\x62\x3e\56\74\142\162\76\74\x62\x72\76\15\12\x20\40\40\40\x20\40\40\40\40\40\40\x20\40\40\x20\40\40\x20\x20\x20\40\x20\40\x20\x20\x20\x20\x20\x50\x6c\145\141\x73\145\40\162\145\141\x63\x68\x20\x6f\165\x74\40\164\x6f\40\165\x73\x20\141\x74\x20\74\x61\40\150\162\x65\x66\75\x27\155\x61\151\154\x74\x6f\72\x69\156\146\x6f\x40\x78\x65\x63\165\x72\151\146\x79\56\x63\157\x6d\47\76\x73\x61\155\x6c\x73\x75\x70\x70\157\x72\x74\x40\170\145\143\165\x72\x69\x66\x79\56\x63\157\x6d\x3c\57\x61\x3e\56\xd\xa\x20\x20\x20\40\40\x20\x20\x20\x20\x20\x20\40\x20\40\x20\40\x20\x20\x20\x20\x20\40\40\40\x20\x20\x20\x20\x3c\142\x72\x3e\x3c\x62\162\x3e\x54\x68\141\156\x6b\x73\54\x3c\142\x72\x3e\x6d\x69\156\151\117\162\141\x6e\147\x65"; $yi = "\x4c\151\x63\x65\156\163\x65\40\114\151\155\151\164\x20\105\170\x63\x65\x65\x64\x65\144\x20\106\x6f\x72\40\x4e\x6f\x20\x4f\x66\40\125\163\145\162\163\40\55\x20\x55\163\x65\x72\40\123\x79\x6e\143\40\x46\157\x72\x20\x41\172\165\162\145\40\x41\x44\x2f\x42\62\103\x20\120\x72\x65\x6d\151\165\x6d\40\x70\154\165\x67\x69\x6e\40\174\40" . get_bloginfo(); $db->notify($pG, $yi); wpWrapper::mo_api_set_option("\155\157\x5f\141\160\151\x5f\x75\x73\145\x72\137\x77\141\162\x6e\151\x6e\147\137\141\154\145\x72\164\x5f\x65\x6d\x61\x69\154\137\x73\x65\156\x74", 1); hc: error_log("\x2a\52\x2a\x2a\40\x44\x65\x6c\164\141\x20\141\x63\164\x69\157\156\x3a\72\40\x2a\52\x2a\52\40\165\x73\x65\x72\x20\154\x69\x6d\x69\x74\x20\x65\x78\x63\145\145\x64\x65\x64\x2e\x20\125\x73\145\x72\40\167\x69\154\x6c\40\156\x6f\x74\x20\x62\x65\x20\163\171\x6e\x63\150\x72\x6f\156\x69\172\145\x64\x2e"); return "\x6c\x69\x6d\151\164\137\x72\145\141\143\x68\x65\x64"; Rh: $LV["\165\163\145\x72\x5f\x72\x65\147\151\x73\164\145\x72\145\144"] = date("\x59\55\x6d\x2d\144\40\110\72\x69\x3a\163", time()); $LV["\165\163\145\162\x5f\160\141\x73\x73"] = wp_generate_password("\61\x32", false); goto N9; LD: $Nj = 0; $LV["\111\104"] = $Iv; N9: $Ux = wpWrapper::mo_api_get_option(pluginConstants::auto_update_users_in_ad) ?? ''; $yB = wpWrapper::mo_api_get_option(pluginConstants::auto_create_users_in_ad) ?? ''; if (!($yB && $Ux)) { goto rW; } update_option("\155\157\137\x5f\141\x64\137\164\157\137\x77\160\x5f\163\171\x6e\x63\151\156\147", true); rW: $f_ = wp_insert_user($LV); if (!wpWrapper::mo_api_get_option(pluginConstants::is_audit_log_enable)) { goto HK; } if (is_wp_error($f_)) { goto ut; } if ($Nj) { goto sI; } dbWrapper::mo_add_query_in_audit($user["\x75\x73\145\x72\x50\x72\151\156\143\x69\x70\x61\154\116\x61\155\145"], "\125\x50\x44\101\124\x45\x44", "\x55\163\145\162\40\125\160\x64\x61\x74\x65\144\x20\123\165\x63\143\x65\163\163\x66\165\x6c\154\x79"); goto Ny; ut: dbWrapper::mo_add_query_in_audit($user["\x75\163\x65\162\x50\x72\151\x6e\x63\x69\x70\x61\154\x4e\141\x6d\145"], "\106\x41\111\114\x55\122\105", $f_->get_error_message()); goto Ny; sI: dbWrapper::mo_add_query_in_audit($user["\165\163\145\162\x50\x72\151\x6e\x63\151\x70\141\154\116\141\155\145"], "\103\122\105\x41\124\105\104", "\x55\x73\145\162\x20\103\162\x65\x61\164\x65\144\40\123\165\143\143\145\163\163\x66\x75\154\x6c\x79"); Ny: HK: $tq = dbWrapper::mo_count_users_in_audit(); if (!($tq == 1000)) { goto Ug; } dbWrapper::mo_delete_top__in_audit(500); Ug: $this->mo_api__update_advanced_details($f_, $Fr["\x61\x64\166\x5f\155\141\160\x70\x69\156\x67"], $user); $this->mo_api__update_sharepoint_advanced_details($f_, $Fr["\163\x68\141\x72\145\160\157\x69\x6e\x74\137\x6d\141\160\x70\x69\x6e\147"], $user); $this->mo_api__update_profile_pic_details($Fr["\160\x72\x6f\x66\151\x6c\145\137\x6d\141\160\160\x69\x6e\x67"], $user); $this->mo_api__update_taxanomy_details($f_, $Fr["\164\x61\x78\x61\156\x6f\x6d\x79\137\x6d\x61\160\x70\x69\156\147"], $user, $Fo); $this->mo_api__update_bp_field_details($f_, $Fr["\x62\160\137\x66\151\x65\154\x64\x5f\155\141\160\x70\x69\156\x67"], $user); $this->mo_api__update_role_details($f_, $Fr["\x72\157\154\x65\137\155\x61\x70\160\x69\x6e\x67"], $user); return $f_; } public function mo_api__update_profile_pic_details($An, $user) { if (!($An && isset($An["\160\x72\x6f\x66\151\154\x65\137\160\x69\143\x5f\163\x79\x6e\x63"]) && $An["\x70\162\157\146\151\154\145\x5f\x70\151\143\137\163\x79\x6e\x63"] == "\157\x6e")) { goto ck; } $Qe = wpWrapper::mo_api_get_option(pluginConstants::client_config); $gu = azure::getClient($Qe); $EJ = $gu->get_profile_pic($user["\151\144"]); if (!empty($EJ)) { goto Qc; } if (empty($An["\160\x72\x6f\x66\x69\x6c\145\137\160\x69\x63\x5f\x76\141\154\x75\145"])) { goto sa; } $this->store_profile_pic_to_uploads($An["\x70\162\157\146\151\x6c\x65\x5f\x70\x69\x63\137\166\141\154\x75\145"], "\x64\x65\146\141\165\154\x74"); sa: goto eB; Qc: $this->store_profile_pic_to_uploads($EJ, $user["\151\x64"]); eB: ck: } public function mo_api__update_bp_field_details($Z9, $ry, $user) { if (!function_exists("\x69\x73\x5f\160\x6c\x75\x67\151\x6e\x5f\141\143\x74\151\x76\145")) { include_once ABSPATH . "\x77\160\55\141\144\155\151\x6e\x2f\x69\x6e\x63\x6c\x75\144\145\x73\x2f\160\x6c\165\147\151\156\56\160\x68\x70"; } if (is_plugin_active("\142\165\x64\x64\x79\160\x72\x65\163\163\x2f\x62\x70\55\x6c\x6f\141\x64\145\x72\56\x70\x68\x70")) { goto pl; } return; pl: if (is_numeric($Z9)) { goto SF; } return; SF: if (!empty($ry)) { goto QN; } return; QN: if (is_array($ry)) { goto yc; } $ry = []; yc: foreach ($ry as $NL => $Up) { if (!(isset($Up["\166\141\154\x75\145"]) && isset($user[$Up["\166\141\154\165\x65"]]))) { goto W5; } if ($Up["\x74\x79\160\145"] == "\x64\x61\164\x65\x62\x6f\170") { goto bJ; } xprofile_set_field_data(str_replace("\137", "\x20", $NL), $Z9, $user[$Up["\x76\141\154\165\145"]]); goto DU; bJ: xprofile_set_field_data(str_replace("\x5f", "\40", $NL), $Z9, date("\131\55\155\55\144\x20\x30\x30\x3a\60\x30\72\60\x30", strtotime($user[$Up["\x76\141\154\165\145"]]))); DU: W5: M9: } xr: } public function mo_api__update_taxanomy_details($Z9, $CJ, $user, $Fo) { if (!is_null($Fo)) { goto Uc; } return; Uc: if (is_numeric($Z9)) { goto nH; } return; nH: if (!empty($CJ)) { goto aN; } return; aN: if (is_array($CJ)) { goto Yh; } $CJ = []; Yh: foreach ($CJ as $Ih => $Wn) { if (!(!empty($Wn) && isset($Fo[$Wn]))) { goto Ph; } wp_set_object_terms($Z9, $Fo[$Wn], $Ih); Ph: HA: } ks: } public function mo_api__update_role_details($Z9, $hY, $user) { if (!empty($hY)) { goto qv; } return; qv: $xd = get_user_by("\x69\144", $Z9); $Qe = wpWrapper::mo_api_get_option(pluginConstants::client_config); $gu = azure::getClient($Qe); $Ob = $gu->check_if_user_is_group_member($user["\x69\x64"]); if (!isset($Ob["\x76\141\154\165\x65"])) { goto ZF; } $Ob = $Ob["\x76\141\x6c\x75\145"]; $Ob = array_map(function ($S2) { return $S2["\x69\x64"]; }, $Ob); foreach ($hY as $cy => $GB) { if (in_array($GB, $Ob)) { goto s4; } $xd->remove_role($cy); goto gR; s4: $xd->add_role($cy); gR: w9: } pW: ZF: } public function store_profile_pic_to_uploads($yq, $Av) { $Rt = wp_upload_dir(); $cN = str_replace("\57", DIRECTORY_SEPARATOR, $Rt["\142\141\x73\x65\x64\x69\x72"]) . DIRECTORY_SEPARATOR . "\155\157\137\x67\162\x61\166\141\x74\141\162\x73" . DIRECTORY_SEPARATOR; $zm = str_replace("\x64\x61\x74\141\72\x69\155\x61\x67\x65\57\152\x70\x65\x67\x3b\x62\x61\x73\x65\x36\64\54", '', $yq); $zm = str_replace("\x20", "\53", $zm); $m4 = base64_decode($zm); $W4 = $Av . "\x2e\x6a\160\x65\147"; $xt = "\x69\x6d\x61\x67\145\57\152\x70\145\x67"; if ($Av == "\x64\145\146\141\165\154\x74") { goto k0; } $sh = md5($W4) . "\x5f" . $W4; goto Pt; k0: $sh = $W4; Pt: if (is_dir($cN)) { goto Ed; } mkdir($cN, 0777, true); Ed: $sn = file_put_contents($cN . $sh, $m4); $MY = array("\160\157\x73\164\137\155\x69\x6d\145\x5f\164\171\160\x65" => $xt, "\160\x6f\x73\x74\137\164\151\164\x6c\x65" => preg_replace("\x2f\134\56\x5b\136\56\135\x2b\x24\57", '', basename($sh)), "\160\157\x73\164\137\143\157\x6e\x74\145\156\x74" => '', "\x70\157\x73\x74\x5f\x73\164\141\164\165\163" => "\151\156\x68\145\x72\x69\164", "\147\x75\x69\144" => $Rt["\165\162\154"] . "\57" . basename($sh)); $bQ = wp_insert_attachment($MY, $Rt["\160\x61\164\150"] . "\x2f" . $sh); } public function mo_azos_array_flatten_attributes($nq) { $mn = []; foreach ($nq as $ow => $z8) { if (!empty($z8)) { goto s1; } goto qL; s1: if (!is_array($z8)) { goto AN; } $this->mo_azos_flatten_lvl_2($ow, $z8, $mn); goto R1; AN: $mn[$ow] = sanitize_text_field($z8); R1: qL: } iV: return $mn; } public function mo_azos_flatten_lvl_2($tM, $mn, &$O3) { foreach ($mn as $ow => $z8) { if (!empty($z8)) { goto tk; } goto dc; tk: if (!is_array($z8)) { goto oH; } $this->mo_azos_flatten_lvl_2($tM . "\x7c" . $ow, $z8, $O3); goto SH; oH: if (strpos(strtolower($tM), "\x65\162\x72\x6f\162")) { goto F3; } $O3[$tM . "\174" . $ow] = $z8; F3: SH: dc: } WJ: } }
<?php namespace moApiIntegrator\Wrapper; use moApiIntegrator\API\azure; use moApiIntegrator\API\CustomerMOAZOS; class wpWrapper { private static $wrapper; public static function getWrapper() { if (isset(self::$wrapper)) { goto pL; } self::$wrapper = new wpWrapper(); pL: return self::$wrapper; } public static function mo_api_set_option($ow, $z8) { update_option($ow, $z8); } public static function mo_api_get_option($ow) { return get_option($ow); } public static function mo_api_delete_option($ow) { return delete_option($ow); } public static function mo_api__show_error_notice($UY) { self::mo_api_set_option(pluginConstants::notice_message, $UY); $rq = "admin_notices"; remove_action($rq, [self::getWrapper(), "mo_api_success_notice"]); add_action($rq, [self::getWrapper(), "mo_api_error_notice"]); } public static function mo_api__show_success_notice($UY) { self::mo_api_set_option(pluginConstants::notice_message, $UY); $rq = "admin_notices"; if (!self::mo_api__is_network_active()) { goto Eb; } $rq = "network_" . $rq; Eb: remove_action($rq, [self::getWrapper(), "mo_api_error_notice"]); add_action($rq, [self::getWrapper(), "mo_api_success_notice"]); } public static function mo_api__is_network_active() { if (!function_exists("is_plugin_active_for_network")) { require_once "ABSPATH/wp-admin/includes/plugin.php"; } return is_plugin_active_for_network(pluginConstants::mo_api_plugin_file_path); } public static function mo_api__checkPasswordPattern($Xo) { $eQ = "/^[(\\w)*(\\!\\@\\#\\\$\\%\\^\\&\\*\\.\\-\\_)*]+\$/"; return !preg_match($eQ, $Xo); } public static function mo_api__fetch_sanitized_post_data() { $x0 = $_POST; foreach ($x0 as $ow => $z8) { if (empty($z8) || $z8 == '' || $ow == "option" || $ow == "mo_api_tab" || $ow == "_wpnonce" || $ow == "_wp_http_referer") { unset($x0[$ow]); // [PHPDeobfuscator] Implied goto goto qi; } $x0[$ow] = sanitize_text_field($z8); qi: } return $x0; } public static function mo_api_get__ad_attributes($Ho = false) { if (!$Ho) { return wpWrapper::mo_api_get_option(pluginConstants::testConfigAttributeNames); } return wpWrapper::mo_api_get_option(pluginConstants::testConfigRawAttributeNames); } public function mo_api_success_notice() { $hl = "updated"; $UY = self::mo_api_get_option(pluginConstants::notice_message); echo "<div class='updated'> <p>" . $UY . "</p></div>"; } public function mo_api_error_notice() { $hl = "error"; $UY = self::mo_api_get_option(pluginConstants::notice_message); echo "<div class='error'> <p>" . $UY . "</p></div>"; } public static function mo_api_encrypt_data($x0, $ow) { $ow = openssl_digest($ow, "sha256"); $mq = "AES-128-ECB"; $kE = openssl_encrypt($x0, $mq, $ow, true); return base64_encode($kE); } public static function djkasjdksa() { $j_ = "!~@#\$%^&*()_+|{}<>?0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; $bf = strlen($j_); $Fa = ''; $YQ = 0; LG: if (!true) { return $Fa; } $Fa .= $j_[rand(0, $bf - 1)]; $YQ++; goto LG; } public static function mo_api_sps_get_domain_from_url($NK) { $FM = parse_url($NK, PHP_URL_SCHEME); $A_ = ''; if ($FM == "http") { $A_ = str_replace("http://", '', $NK); // [PHPDeobfuscator] Implied goto goto jB; } $A_ = str_replace("https://", '', $NK); jB: $A_ = rtrim($A_, "/"); return $A_; } public static function mo_api_decrypt_data($x0, $ow) { $Wd = base64_decode($x0); $ow = openssl_digest($ow, "sha256"); $mq = "AES-128-ECB"; $t6 = openssl_cipher_iv_length($mq); $Nm = substr($Wd, 0, $t6); $x0 = substr($Wd, $t6); $OX = openssl_decrypt($x0, $mq, $ow, true, $Nm); return $OX; } public static function mo_api_is_customer_registered($S3 = false) { $RU = get_option("mo_saml_admin_email"); $SJ = get_option("mo_saml_admin_customer_key"); if (!(!$RU || !$SJ || !is_numeric(trim($SJ)))) { return $S3 ? '' : 1; } return $S3 ? "disabled" : 0; } public static function mo_api_is_customer_license_key_verified($S3 = false) { $ow = get_option("mo_azos_customer_token"); $PO = get_option("azos_lk"); $RU = get_option("mo_saml_admin_email"); $SJ = get_option("mo_saml_admin_customer_key"); if (!(!$PO || !$RU || !$SJ || !is_numeric(trim($SJ)))) { return $S3 ? '' : 1; } return $S3 ? "disabled" : 0; } public static function mo_api_site_check() { return true; } public static function mo_api_lk_multi_host() { $Fy = get_option("vl_check_s"); $ow = get_option("mo_azos_customer_token"); if (!$Fy) { NR: return false; } $Fy = wpWrapper::mo_api_decrypt_data($Fy, $ow); if (!($Fy == "false")) { goto NR; } return true; } public static function mo_api_deactivate() { delete_option("mo_saml_host_name"); delete_option("mo_saml_new_registration"); delete_option("mo_saml_admin_phone"); delete_option("mo_saml_admin_password"); delete_option("mo_azos_verify_customer"); delete_option("mo_saml_admin_customer_key"); delete_option("mo_saml_admin_api_key"); delete_option("mo_azos_customer_token"); delete_option("mo_saml_message"); delete_option("mo_azos_registration_status"); delete_option("mo_saml_idp_config_complete"); delete_option("mo_saml_transactionId"); delete_option("mo_azos_vl_check_t"); delete_option("azos_lk"); delete_option("vl_check_s"); delete_option("mo_saml_cert"); delete_option("mo_saml_cert_private_key"); delete_option("mo_saml_enable_cloud_broker"); } public static function mo_api_check_plugin_state() { $ZO = wpWrapper::mo_api_usr_limit_reached(); echo "<div style=\"width:90%;margin:17px;\">"; if (!($ZO["status"] && $ZO["usr_lk"] != 0)) { goto Az; } echo "<div>\r\n <div style=\"display:block;margin-top:10px;color:red;background-color:rgba(251, 232, 0, 0.15);padding:10px;border:solid 1px rgba(255, 0, 9, 0.36);\"><b style=\"color:red\">⚠WARNING: </b>You have purchased the license for <b>" . $ZO["usr_lk"] . " users</b>. You have already synced <b>" . $ZO["users"] . "</b> users in your site. Contact us at samlsupport@xecurify.com to upgrade license for more users." . "</div></div>"; Az: if (!wpWrapper::mo_api_is_customer_registered()) { echo "<div>\r\n <div style=\"display:block;margin-top:10px;color:red;background-color:rgba(251, 232, 0, 0.15);padding:5px;border:solid 1px rgba(255, 0, 9, 0.36);\">Please <a href=\"" . add_query_arg(array("tab" => "account_setup"), $_SERVER["REQUEST_URI"]) . "\">Register or Login with miniOrange</a> to configure the User Sync for Azure AD / Azure B2C Plugin.</div></div>"; // [PHPDeobfuscator] Implied goto goto nW; } if (wpWrapper::mo_api_is_customer_license_key_verified()) { goto KB; } echo "<div><div style=\"display:block;margin-top:10px;color:red;background-color:rgba(251, 232, 0, 0.15);padding:5px;border:solid 1px rgba(255, 0, 9, 0.36);\">"; if (!wpWrapper::mo_api_site_check()) { echo "Please enter your<a href=\"" . add_query_arg(array("tab" => "account_setup"), $_SERVER["REQUEST_URI"]) . "\"> license key</a> to activate the plugin."; // [PHPDeobfuscator] Implied goto goto nm; } echo "Please enter your<a href=\"" . add_query_arg(array("tab" => "account_setup"), $_SERVER["REQUEST_URI"]) . "\"> license key</a> to activate the plugin."; nm: echo "</div></div>"; KB: nW: echo "</div>"; } private function mo_api__update_advanced_details($Iv, $TP, $pH) { if (!is_array($TP)) { goto o3; } foreach ($TP as $ow => $z8) { if (!(array_key_exists($z8, $pH) && !empty($pH[$z8]))) { goto s3; } update_user_meta($Iv, $ow, $pH[$z8]); s3: } o3: update_user_meta($Iv, "mo_api_azure_id", $pH["id"]); } private function mo_api__update_sharepoint_advanced_details($Iv, $DZ, $qE) { if (!is_array($DZ)) { goto LL; } foreach ($DZ as $ow => $z8) { if (!(array_key_exists($z8, $qE) && !empty($qE[$z8]))) { goto VY; } update_user_meta($Iv, $ow, $qE[$z8]); VY: } LL: } public function mo_api_delete_user($Iv) { if (self::mo_api__is_network_active()) { if (!function_exists("wpmu_delete_user")) { require_once "ABSPATHwp-admin/includes/ms.php"; } wpmu_delete_user($Iv); // [PHPDeobfuscator] Implied goto goto EU; } require_once "ABSPATHwp-admin/includes/user.php"; wp_delete_user($Iv); EU: } public static function mo_api_get_sync_users() { global $wpdb; $Qc = $wpdb->get_results("SELECT count(user_id) as size FROM wp_usermeta where meta_key = 'mo_api_azure_id'", OBJECT); return $Qc[0]->size; } public static function mo_api_usr_limit_reached() { $ow = wpWrapper::mo_api_get_option("mo_azos_customer_token"); $nA = wpWrapper::mo_api_decrypt_data(wpWrapper::mo_api_get_option("mo_azos_users_count"), $ow); $Zi = wpWrapper::mo_api_get_sync_users(); if ($Zi >= $nA) { return ["status" => 1, "usr_lk" => $nA, "users" => $Zi]; } return ["status" => 0, "usr_lk" => $nA, "users" => $Zi]; } private function mo_api_get_user_id($fM, $ZG) { $Iv = username_exists($fM); if ($Iv) { goto la; } $Iv = email_exists($ZG); la: return $Iv; } public function mo_api_do_basic_mapping($user, $Fr, $Fo = null) { $LV = []; $Yk = array(); $Yk["user_login"] = "mailNickname"; $Yk["user_email"] = "userPrincipalName"; $Yk["first_name"] = "givenName"; $Yk["last_name"] = "surname"; $Yk["display_name"] = "displayName"; if (empty($Fr["basic_mapping"])) { foreach ($Yk as $ow => $z8) { if (isset($user[$Yk[$ow]])) { $jA = $user[$Yk[$ow]]; // [PHPDeobfuscator] Implied goto goto sH; } $jA = ''; sH: $LV[$ow] = sanitize_text_field($jA); } // [PHPDeobfuscator] Implied goto goto vD; } foreach ($Fr["basic_mapping"] as $ow => $z8) { if (array_key_exists($z8, $user) && isset($user[$z8])) { $LV[$ow] = sanitize_text_field($user[$z8]); // [PHPDeobfuscator] Implied goto goto S5; } if (!array_key_exists($Yk[$ow], $user)) { goto dS; } $LV[$ow] = $user[$Yk[$ow]]; dS: S5: } vD: if (array_key_exists("user_login", $LV)) { $LV["user_login"] = sanitize_user($LV["user_login"]); // [PHPDeobfuscator] Implied goto goto rn; } $LV["user_login"] = ''; rn: if (array_key_exists("user_email", $LV)) { $LV["user_email"] = sanitize_email($LV["user_email"]); // [PHPDeobfuscator] Implied goto goto wb; } $LV["user_email"] = ''; wb: $Iv = $this->mo_api_get_user_id($LV["user_login"], $LV["user_email"]); if ($Iv) { $Nj = 0; $LV["ID"] = $Iv; N9: $Ux = wpWrapper::mo_api_get_option(pluginConstants::auto_update_users_in_ad) ?? ''; $yB = wpWrapper::mo_api_get_option(pluginConstants::auto_create_users_in_ad) ?? ''; if (!($yB && $Ux)) { goto rW; } update_option("mo__ad_to_wp_syncing", true); rW: $f_ = wp_insert_user($LV); if (!wpWrapper::mo_api_get_option(pluginConstants::is_audit_log_enable)) { goto HK; } if (is_wp_error($f_)) { dbWrapper::mo_add_query_in_audit($user["userPrincipalName"], "FAILURE", $f_->get_error_message()); goto Ny; } if ($Nj) { dbWrapper::mo_add_query_in_audit($user["userPrincipalName"], "CREATED", "User Created Successfully"); // [PHPDeobfuscator] Implied goto goto Ny; } dbWrapper::mo_add_query_in_audit($user["userPrincipalName"], "UPDATED", "User Updated Successfully"); Ny: HK: $tq = dbWrapper::mo_count_users_in_audit(); if (!($tq == 1000)) { goto Ug; } dbWrapper::mo_delete_top__in_audit(500); Ug: $this->mo_api__update_advanced_details($f_, $Fr["adv_mapping"], $user); $this->mo_api__update_sharepoint_advanced_details($f_, $Fr["sharepoint_mapping"], $user); $this->mo_api__update_profile_pic_details($Fr["profile_mapping"], $user); $this->mo_api__update_taxanomy_details($f_, $Fr["taxanomy_mapping"], $user, $Fo); $this->mo_api__update_bp_field_details($f_, $Fr["bp_field_mapping"], $user); $this->mo_api__update_role_details($f_, $Fr["role_mapping"], $user); return $f_; } $Nj = 1; $ZO = wpWrapper::mo_api_usr_limit_reached(); if (!$ZO["status"]) { $LV["user_registered"] = date("Y-m-d H:i:s", time()); $LV["user_pass"] = wp_generate_password("12", false); goto N9; } if (!empty(wpWrapper::mo_api_get_option("mo_api_user_warning_alert_email_sent"))) { goto hc; } $db = new CustomerMOAZOS(); $pG = "Hello,<br><br>You have purchased license for User Sync For Azure AD/B2C Premium Plugin for <b>" . $ZO["usr_lk"] . " users</b>. \r\n You have already synced <b>" . $ZO["users"] . "</b> users in your site.\r\n You should upgrade your license for miniOrange User Sync For Azure AD/B2C plugin on your website <b>" . get_bloginfo() . "</b>.<br><br>\r\n Please reach out to us at <a href='mailto:info@xecurify.com'>samlsupport@xecurify.com</a>.\r\n <br><br>Thanks,<br>miniOrange"; $yi = "License Limit Exceeded For No Of Users - User Sync For Azure AD/B2C Premium plugin | " . get_bloginfo(); $db->notify($pG, $yi); wpWrapper::mo_api_set_option("mo_api_user_warning_alert_email_sent", 1); hc: error_log("**** Delta action:: **** user limit exceeded. User will not be synchronized."); return "limit_reached"; } public function mo_api__update_profile_pic_details($An, $user) { if (!($An && isset($An["profile_pic_sync"]) && $An["profile_pic_sync"] == "on")) { goto ck; } $Qe = wpWrapper::mo_api_get_option(pluginConstants::client_config); $gu = azure::getClient($Qe); $EJ = $gu->get_profile_pic($user["id"]); if (!empty($EJ)) { $this->store_profile_pic_to_uploads($EJ, $user["id"]); // [PHPDeobfuscator] Implied goto goto eB; } if (empty($An["profile_pic_value"])) { goto sa; } $this->store_profile_pic_to_uploads($An["profile_pic_value"], "default"); sa: eB: ck: } public function mo_api__update_bp_field_details($Z9, $ry, $user) { if (!function_exists("is_plugin_active")) { include_once "ABSPATHwp-admin/includes/plugin.php"; } if (is_plugin_active("buddypress/bp-loader.php")) { if (is_numeric($Z9)) { if (!empty($ry)) { if (is_array($ry)) { goto yc; } $ry = []; yc: foreach ($ry as $NL => $Up) { if (!(isset($Up["value"]) && isset($user[$Up["value"]]))) { goto W5; } if ($Up["type"] == "datebox") { xprofile_set_field_data(str_replace("_", " ", $NL), $Z9, date("Y-m-d 00:00:00", strtotime($user[$Up["value"]]))); // [PHPDeobfuscator] Implied goto goto DU; } xprofile_set_field_data(str_replace("_", " ", $NL), $Z9, $user[$Up["value"]]); DU: W5: } // [PHPDeobfuscator] Implied return return; } return; } return; } return; } public function mo_api__update_taxanomy_details($Z9, $CJ, $user, $Fo) { if (!is_null($Fo)) { if (is_numeric($Z9)) { if (!empty($CJ)) { if (is_array($CJ)) { goto Yh; } $CJ = []; Yh: foreach ($CJ as $Ih => $Wn) { if (!(!empty($Wn) && isset($Fo[$Wn]))) { goto Ph; } wp_set_object_terms($Z9, $Fo[$Wn], $Ih); Ph: } // [PHPDeobfuscator] Implied return return; } return; } return; } return; } public function mo_api__update_role_details($Z9, $hY, $user) { if (!empty($hY)) { $xd = get_user_by("id", $Z9); $Qe = wpWrapper::mo_api_get_option(pluginConstants::client_config); $gu = azure::getClient($Qe); $Ob = $gu->check_if_user_is_group_member($user["id"]); if (!isset($Ob["value"])) { goto ZF; } $Ob = $Ob["value"]; $Ob = array_map(function ($S2) { return $S2["id"]; }, $Ob); foreach ($hY as $cy => $GB) { if (in_array($GB, $Ob)) { $xd->add_role($cy); // [PHPDeobfuscator] Implied goto goto gR; } $xd->remove_role($cy); gR: } ZF: // [PHPDeobfuscator] Implied return return; } return; } public function store_profile_pic_to_uploads($yq, $Av) { $Rt = wp_upload_dir(); $cN = str_replace("/", DIRECTORY_SEPARATOR, $Rt["basedir"]) . DIRECTORY_SEPARATOR . "mo_gravatars" . DIRECTORY_SEPARATOR; $zm = str_replace("data:image/jpeg;base64,", '', $yq); $zm = str_replace(" ", "+", $zm); $m4 = base64_decode($zm); $W4 = $Av . ".jpeg"; $xt = "image/jpeg"; if ($Av == "default") { $sh = $W4; // [PHPDeobfuscator] Implied goto goto Pt; } $sh = md5($W4) . "_" . $W4; Pt: if (is_dir($cN)) { goto Ed; } mkdir($cN, 0777, true); Ed: $sn = file_put_contents($cN . $sh, $m4); $MY = array("post_mime_type" => $xt, "post_title" => preg_replace("/\\.[^.]+\$/", '', basename($sh)), "post_content" => '', "post_status" => "inherit", "guid" => $Rt["url"] . "/" . basename($sh)); $bQ = wp_insert_attachment($MY, $Rt["path"] . "/" . $sh); } public function mo_azos_array_flatten_attributes($nq) { $mn = []; foreach ($nq as $ow => $z8) { if (!empty($z8)) { if (!is_array($z8)) { $mn[$ow] = sanitize_text_field($z8); // [PHPDeobfuscator] Implied goto goto R1; } $this->mo_azos_flatten_lvl_2($ow, $z8, $mn); goto R1; } R1: } return $mn; } public function mo_azos_flatten_lvl_2($tM, $mn, &$O3) { foreach ($mn as $ow => $z8) { if (!empty($z8)) { if (!is_array($z8)) { if (strpos(strtolower($tM), "error")) { goto F3; } $O3[$tM . "|" . $ow] = $z8; // [PHPDeobfuscator] Implied goto goto F3; } $this->mo_azos_flatten_lvl_2($tM . "|" . $ow, $z8, $O3); goto SH; } F3: SH: } } }
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.