/* Decoded by unphp.net */ $UR, "password" => $Yn, "returnSecureToken" => true); $qJ = json_encode($Qj); $FD = curl_init(); curl_setopt($FD, CURLOPT_URL, $tT); curl_setopt($FD, CURLOPT_RETURNTRANSFER, 1); curl_setopt($FD, CURLOPT_POST, 1); curl_setopt($FD, CURLOPT_POSTFIELDS, $qJ); curl_setopt($FD, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); $sG = curl_exec($FD); return $sG; } public function mo_rest_extend_tokenendpoint_flow($xb) { if (!(strpos($_SERVER["REQUEST_URI"], "/api/v1/firebase-token") !== false)) { goto aH; } $PW = file_get_contents("php://input"); $PW = json_decode($PW, true); if (!(json_last_error() !== JSON_ERROR_NONE)) { goto k2; } $PW = $_POST; k2: $at = false; $ft = new MRAUtils(); $gO = $ft->mo_rest_api_authentication_get_option("mo_api_authentication_method_extras") ? $ft->mo_rest_api_authentication_get_option("mo_api_authentication_method_extras") : array(); $j4 = isset($gO["oauth_client"]) ? $gO["oauth_client"] : false; if ($j4["client_id"] === $PW["client_id"] && $j4["client_secret"] === $PW["client_secret"]) { goto g0; } $at = array("status" => "error", "code" => 400, "error" => "BAD_REQUEST", "error_description" => "Invalid client ID or secret."); goto oc; g0: $XU = sanitize_text_field($PW["username"]); $Yn = sanitize_text_field($PW["password"]); $user = get_user_by("login", $XU); if ($user) { goto tx; } $user = get_user_by("email", $XU); tx: if ($user) { goto qg; } $at = array("status" => "error", "code" => 403, "error" => "FORBIDDEN", "error_description" => "Invalid username."); goto QK; qg: $t8 = get_user_meta($user->ID, "mo_rest_firebase_migrated"); $qk = get_option("mo_firebase_auth_api_key"); if (false !== $t8 && !empty($t8)) { goto Nj; } if (wp_check_password($Yn, $user->user_pass, $user->ID)) { goto gy; } $at = array("status" => "error", "code" => 403, "error" => "FORBIDDEN", "error_description" => "Invalid password."); goto bW; gy: update_user_meta($user->ID, "mo_rest_firebase_migrated", true); $at = $this->firebase_remote_call("https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=" . $qk, $user->user_email, $Yn); echo $at; die; bW: goto pX; Nj: $at = $this->firebase_remote_call("https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=" . $qk, $user->user_email, $Yn); echo $at; die; pX: QK: oc: $ft->send_json_response($at); aH: } public function mo_rest_extend_authentication_flow($NY) { $at = false; if (!isset($NY["TPP-PROVIDER"])) { goto pM; } if ("firebase" === $NY["TPP-PROVIDER"]) { goto xn; } if ("apple" === $NY["TPP-PROVIDER"]) { goto D9; } if ("facebook" === $NY["TPP-PROVIDER"]) { goto Jh; } if (!("google" === $NY["TPP-PROVIDER"])) { goto Ki; } $SS = "https://oauth2.googleapis.com/tokeninfo"; $Qj["id_token"] = $NY["ID-TOKEN"]; $Dh["method"] = "GET"; $tk = array("Accept" => "application/json"); $Dh["body"] = $Qj; $Dh["headers"] = $tk; $DQ = $this->check_valid_token($SS, $Dh); if (!(false !== $DQ)) { goto jw; } $at = true; $this->set_woocommerce_session($DQ, $NY["ID-TOKEN"]); jw: Ki: goto yR; Jh: $SS = "https://graph.facebook.com/me/?fields=id,name,email,age_range,first_name,gender,last_name,link"; $Qj["access_token"] = $NY["ACCESS-TOKEN"]; $Dh["method"] = "POST"; $tk = array("Accept" => "application/json"); $Dh["body"] = $Qj; $Dh["headers"] = $tk; $DQ = $this->check_valid_token($SS, $Dh); if (!(false !== $DQ)) { goto Wb; } $at = true; $this->set_woocommerce_session($DQ, $NY["ACCESS-TOKEN"]); Wb: yR: goto aA; D9: $VU = new JWTUtils($NY["ID-TOKEN"]); $LW = $VU->verify_from_jwks("https://appleid.apple.com/auth/keys"); if (!(true === $LW)) { goto dY; } $at = true; $this->set_woocommerce_session($VU->get_decoded_payload(), $NY["ID-TOKEN"]); dY: aA: goto sr; xn: $VU = new JWTUtils($NY["ID-TOKEN"]); $LW = $VU->verify_from_jwks("https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com"); if (!(true === $LW)) { goto QF; } $at = true; $this->set_woocommerce_session($VU->get_decoded_payload(), $NY["ID-TOKEN"]); QF: sr: pM: return $at; } private function set_woocommerce_session($dJ, $qA) { if (!isset($dJ["email"])) { goto RZ; } $UR = $dJ["email"]; $user = get_user_by("email", $UR); if (false === $user) { goto Ok; } $qV = $user->ID; goto Yy; Ok: $Yn = wp_generate_password(10, true); $qV = wp_create_user($UR, $Yn, $UR); Yy: RZ: wp_set_current_user($qV); if (!class_exists("Mo_Wc_Compliance")) { goto BS; } $gR = new \Mo_Wc_Compliance(); $gR->set_user_id($qV, $qA); BS: } public function check_valid_token($HQ, $Dh) { $at = wp_remote_request($HQ, $Dh); if (!is_wp_error($at)) { goto AC; } return false; AC: if ($at["response"]["code"] === 200) { goto vv; } return false; goto gc; vv: $at = $at["body"]; if (is_array(json_decode($at, true))) { goto Qc; } return false; Qc: $xb = json_decode($at, true); if (isset($xb["error_description"])) { goto Da; } if (isset($xb["error"])) { goto rs; } goto Lg; Da: return false; goto Lg; rs: return false; Lg: return $xb; gc: } function miniorange_oauth_mobile() { if (!(isset($_GET["mo_token"]) && isset($_GET["appname"]) && !empty($_GET["appname"]) && !empty($_GET["mo_token"]))) { goto x3; } $Qm = $_GET["appname"]; $Tj = $_GET["mo_token"]; $ec = ''; $sG = array(); if ($Qm === "facebook") { goto Bo; } if ($Qm === "google") { goto O3; } if ($Qm === "apple") { goto pD; } if ($Qm === "firebase") { goto vk; } if (!($Qm === "wordpress")) { goto KC; } $ft = new MRAUtils(); $gO = $ft->mo_rest_api_authentication_get_option("mo_api_authentication_method_extras") ? $ft->mo_rest_api_authentication_get_option("mo_api_authentication_method_extras") : array(); $Ko = $gO["oauth_client"]["client_secret"]; $VU = new JWTUtils($Tj); $LW = $VU->verify($Ko); if (!(true === $LW)) { goto Ep; } $nF = $VU->get_decoded_payload(); if (!($nF !== false)) { goto i1; } $sG["email"] = isset($nF["email"]) ? $nF["email"] : false; i1: Ep: KC: goto P5; vk: $VU = new JWTUtils($Tj); $LW = $VU->verify_from_jwks("https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com"); if (!(true === $LW)) { goto AG; } $nF = $VU->get_decoded_payload(); if (!($nF !== false)) { goto ZB; } $sG["email"] = isset($nF["email"]) ? $nF["email"] : false; ZB: AG: P5: goto ll; pD: $VU = new JWTUtils($Tj); $LW = $VU->verify_from_jwks("https://appleid.apple.com/auth/keys"); if (!(true === $LW)) { goto xy; } $nF = $VU->get_decoded_payload(); if (!($nF !== false)) { goto X2; } $sG["email"] = isset($nF["email"]) ? $nF["email"] : false; X2: xy: ll: goto iw; O3: $ec = "https://oauth2.googleapis.com/tokeninfo"; $Qj["id_token"] = $Tj; $tk = array("Accept" => "application/json"); $Dh["method"] = "GET"; $Dh["body"] = $Qj; $Dh["headers"] = $tk; $sG = $this->check_valid_token($ec, $Dh); iw: goto MK; Bo: $ec = "https://graph.facebook.com/me/?fields=id,name,email,age_range,first_name,gender,last_name,link"; $Qj["access_token"] = $Tj; $tk = array("Accept" => "application/json"); $Dh["method"] = "POST"; $Dh["body"] = $Qj; $Dh["headers"] = $tk; $sG = $this->check_valid_token($ec, $Dh); MK: if (!(!empty($sG) && $sG !== false)) { goto iH; } $UR = isset($sG["email"]) ? $sG["email"] : ''; $user = get_user_by("email", $UR); if (!($user !== false)) { goto SG; } wp_set_current_user($user->ID); wp_set_auth_cookie($user->ID); do_action("wp_login", $user->user_login, $user); SG: iH: x3: } } new Mo_OAuth_Mobile_Token(); ?>