From b06588ffa1c925d0a008a34bf8fa5c316b964b87 Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Thu, 20 Oct 2011 15:57:35 +0200 Subject: [PATCH 01/14] Initial work adding oauth to api --- include/api.php | 31 +- include/oauth.php | 194 +++ library/oauth2-php/CHANGELOG.txt | 98 ++ library/oauth2-php/LICENSE.txt | 21 + library/oauth2-php/lib/OAuth2.inc | 1560 ++++++++++++++++++++ library/oauth2-php/lib/OAuth2Client.inc | 721 +++++++++ library/oauth2-php/lib/OAuth2Exception.inc | 85 ++ library/stanlemon-jgrowl-tip.tar.gz | Bin 213973 -> 0 bytes 8 files changed, 2709 insertions(+), 1 deletion(-) create mode 100644 include/oauth.php create mode 100644 library/oauth2-php/CHANGELOG.txt create mode 100644 library/oauth2-php/LICENSE.txt create mode 100644 library/oauth2-php/lib/OAuth2.inc create mode 100644 library/oauth2-php/lib/OAuth2Client.inc create mode 100644 library/oauth2-php/lib/OAuth2Exception.inc delete mode 100644 library/stanlemon-jgrowl-tip.tar.gz diff --git a/include/api.php b/include/api.php index 1334d8eae..252caeb8e 100644 --- a/include/api.php +++ b/include/api.php @@ -2,7 +2,7 @@ require_once("bbcode.php"); require_once("datetime.php"); require_once("conversation.php"); - + require_once("oauth.php"); /* * Twitter-Like API * @@ -1135,3 +1135,32 @@ } api_register_func('api/direct_messages/sent','api_direct_messages_sentbox',true); api_register_func('api/direct_messages','api_direct_messages_inbox',true); + + + + function api_oauth_request_token(&$a, $type){ + try{ + $oauth = new FKOAuth1(); + $r = $oauth->fetch_request_token(OAuthRequest::from_request()); + }catch(Exception $e){ + echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme(); + } + echo "oauth_token=".$r->key."&oauth_secret=".$r->secret; + killme(); + } + function api_oauth_access_token(&$a, $type){ + try{ + $oauth = new FKOAuth1(); + $r = $oauth->fetch_access_token(OAuthRequest::from_request()); + }catch(Exception $e){ + echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme(); + } + echo "oauth_token=".$r->key."&oauth_secret=".$r->secret; + killme(); + } + function api_oauth_authorize(&$a, $type){ + } + api_register_func('api/oauth/request_token', 'api_oauth_request_token', false); + api_register_func('api/oauth/access_token', 'api_oauth_access_token', false); + api_register_func('api/oauth/authorize', 'api_oauth_authorize', false); + diff --git a/include/oauth.php b/include/oauth.php new file mode 100644 index 000000000..63d5fcd92 --- /dev/null +++ b/include/oauth.php @@ -0,0 +1,194 @@ + + * + */ + +define('TOKEN_DURATION', 300); + +require_once("library/OAuth1.php"); +require_once("library/oauth2-php/lib/OAuth2.inc"); + +class FKOAuthDataStore extends OAuthDataStore { + function gen_token(){ + return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid()))); + } + + function lookup_consumer($consumer_key) { + //echo "
"; var_dump($consumer_key); killme();
+	  
+		$r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
+			dbesc($consumer_key)
+		);
+		if (count($r))
+			return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
+		return null;
+  }
+
+  function lookup_token($consumer, $token_type, $token) {
+		//echo __file__.":".__line__."
"; var_dump($consumer, $token_type, $token); killme();
+		$r = q("SELECT id, secret,scope, expires  FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
+			dbesc($consumer->key),
+			dbesc($token_type),
+			dbesc($token)
+		);
+		if (count($r)){
+			$ot=new OAuthToken($r[0]['id'],$r[0]['secret']);
+			$ot->scope=$r[0]['scope'];
+			$ot->expires = $r[0]['expires'];
+			return $ot;
+		}
+		return null;
+  }
+
+  function lookup_nonce($consumer, $token, $nonce, $timestamp) {
+		//echo __file__.":".__line__."
"; var_dump($consumer,$key); killme();
+		$r = q("SELECT id, secret  FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d",
+			dbesc($consumer->key),
+			dbesc($nonce),
+			intval($timestamp)
+		);
+		if (count($r))
+			return new OAuthToken($r[0]['id'],$r[0]['secret']);
+		return null;
+  }
+
+  function new_request_token($consumer, $callback = null) {
+		$key = $this->gen_token();
+		$sec = $this->gen_token();
+		$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
+				dbesc($key),
+				dbesc($sec),
+				dbesc($consumer->key),
+				'request',
+				intval(TOKEN_DURATION));
+		if (!$r) return null;
+		return new OAuthToken($key,$sec);
+  }
+
+  function new_access_token($token, $consumer, $verifier = null) {
+    // return a new access token attached to this consumer
+    // for the user associated with this token if the request token
+    // is authorized
+    // should also invalidate the request token
+    
+    $ret=Null;
+    
+    if (!is_null($token) && $token->expires > time()){
+		
+		$key = $this->gen_token();
+		$sec = $this->gen_token();
+		$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
+				dbesc($key),
+				dbesc($sec),
+				dbesc($consumer->$key),
+				'access',
+				intval(TOKEN_DURATION));
+		if ($r)
+			$ret = new OAuthToken($key,$sec);		
+	}
+		
+		
+	q("DELETE FROM tokens WHERE id='%s'", $token->key);
+		
+    return $ret;
+    
+  }
+}
+
+class FKOAuth1 extends OAuthServer {
+	function __construct() {
+		parent::__construct(new FKOAuthDataStore());
+		$this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
+	}
+}
+
+class FKOAuth2 extends OAuth2 {
+
+	private function db_secret($client_secret){
+		return hash('whirlpool',$client_secret);
+	}
+
+	public function addClient($client_id, $client_secret, $redirect_uri) {
+		$client_secret = $this->db_secret($client_secret);
+		$r = q("INSERT INTO clients (client_id, pw, redirect_uri) VALUES ('%s', '%s', '%s')",
+			dbesc($client_id),
+			dbesc($client_secret),
+			dbesc($redirect_uri)
+		);
+		  
+		return $r;
+	}
+
+	protected function checkClientCredentials($client_id, $client_secret = NULL) {
+		$client_secret = $this->db_secret($client_secret);
+		
+		$r = q("SELECT pw FROM clients WHERE client_id = '%s'",
+			dbesc($client_id));
+
+		if ($client_secret === NULL)
+			return $result !== FALSE;
+
+		return $result["client_secret"] == $client_secret;
+	}
+
+	protected function getRedirectUri($client_id) {
+		$r = q("SELECT redirect_uri FROM clients WHERE client_id = '%s'",
+				dbesc($client_id));
+		if ($r === FALSE)
+			return FALSE;
+
+		return isset($r[0]["redirect_uri"]) && $r[0]["redirect_uri"] ? $r[0]["redirect_uri"] : NULL;
+	}
+
+	protected function getAccessToken($oauth_token) {
+		$r = q("SELECT client_id, expires, scope FROM tokens WHERE id = '%s'",
+				dbesc($oauth_token));
+	
+		if (count($r))
+			return $r[0];
+		return null;
+	}
+
+
+	
+	protected function setAccessToken($oauth_token, $client_id, $expires, $scope = NULL) {
+		$r = q("INSERT INTO tokens (id, client_id, expires, scope) VALUES ('%s', '%s', %d, '%s')",
+				dbesc($oauth_token),
+				dbesc($client_id),
+				intval($expires),
+				dbesc($scope));
+				
+		return $r;
+	}
+
+	protected function getSupportedGrantTypes() {
+		return array(
+		  OAUTH2_GRANT_TYPE_AUTH_CODE,
+		);
+	}
+
+
+	protected function getAuthCode($code) {
+		$r = q("SELECT id, client_id, redirect_uri, expires, scope FROM auth_codes WHERE id = '%s'",
+				dbesc($code));
+		
+		if (count($r))
+			return $r[0];
+		return null;
+	}
+
+	protected function setAuthCode($code, $client_id, $redirect_uri, $expires, $scope = NULL) {
+		$r = q("INSERT INTO auth_codes 
+					(id, client_id, redirect_uri, expires, scope) VALUES 
+					('%s', '%s', '%s', %d, '%s')",
+				dbesc($code),
+				dbesc($client_id),
+				dbesc($redirect_uri),
+				intval($expires),
+				dbesc($scope));
+		return $r;	  
+	}	
+	
+}
diff --git a/library/oauth2-php/CHANGELOG.txt b/library/oauth2-php/CHANGELOG.txt
new file mode 100644
index 000000000..d854598b6
--- /dev/null
+++ b/library/oauth2-php/CHANGELOG.txt
@@ -0,0 +1,98 @@
+oauth2-php revision xxx, xxxx-xx-xx (development version)
+----------------------
+
+oauth2-php revision 23, 2011-01-25
+----------------------
+* introduce Drupal style getVariable() and setVariable, replace legacy
+  variable get/set functions.
+* remove hardcode PHP display_error and errror_reporting, as this should
+  be manually implement within 3rd party integration.
+* make verbose error as configurable and default disable, as this should
+  be manually enable within 3rd party integration.
+* add lib/OAuth2Client.inc and lib/OAuth2Exception.inc for client-side
+  implementation.
+
+oauth2-php revision 21, 2010-12-18
+----------------------
+* cleanup tabs and trailing whitespace at the end.
+* remove server/examples/mongo/lib/oauth.php and
+  server/examples/pdo/lib/oauth.php, so only keep single copy as
+  lib /oauth.php.
+* issue #5: Wrong variable name in get_access_token() in pdo_oatuh.php.
+* issue #6: mysql_create_tables.sql should allow scope to be NULL.
+* issue #7: authorize_client_response_type() is never used.
+* issue #9: Change "redirect_uri" filtering from FILTER_VALIDATE_URL to
+  FILTER_SANITIZE_URL.
+* better coding syntax for error() and callback_error().
+* better pdo_oauth2.php variable naming with change to
+  mysql_create_tables.sql.
+* change REGEX_CLIENT_ID as 3-32 characters long, so will work with md5()
+  result directly.
+* debug linkage to oauth2.php during previous commit.
+* debug redirect_uri check for AUTH_CODE_GRANT_TYPE, clone from
+  get_authorize_params().
+* update mysql_create_tables.sql with phpmyadmin export format.
+* rename library files, prepare for adding client-side implementation.
+* code cleanup with indent and spacing.
+* code cleanup true/false/null with TRUE/FALSE/NULL.
+* rename constants with OAUTH2_ prefix, prevent 3rd party integration
+  conflict.
+* remove HTTP 400 response constant, as useless refer to draft v10.
+* merge ERROR_INVALID_CLIENT_ID and ERROR_UNAUTHORIZED_CLIENT as
+  OAUTH2_ERROR_INVALID_CLIENT, as refer to that of draft v9 to v10 changes.
+* improve constants comment with doxygen syntax.
+* update class function call naming.
+* coding style clean up.
+* update part of documents.
+* change expirseRefreshToken() as unsetRefreshToken().
+* update token and auth code generation as md5() result, simpler for manual
+  debug with web browser.
+* update all documents.
+* restructure @ingroup.
+* rename checkRestrictedClientResponseTypes() as
+  checkRestrictedAuthResponseType().
+* rename checkRestrictedClientGrantTypes() as checkRestrictedGrantType().
+* rename error() as errorJsonResponse().
+* rename errorCallback() as errorDoRedirectUriCallback().
+* rename send401Unauthorized() as errorWWWAuthenticateResponseHeader(),
+  update support with different HTTP status code.
+* update __construct() with array input.
+* update finishClientAuthorization() with array input.
+* add get/set functions for $access_token_lifetime, $auth_code_lifetime and
+  $refresh_token_lifetime.
+* fix a lots of typos.
+* document all sample server implementation.
+* more documents.
+* add config.doxy for doxygen default setup.
+* add MIT LICENSE.txt.
+* add CHANGELOG.txt.
+
+oauth2-php revision 9, 2010-09-04
+----------------------
+- fixes for issues #2 and #4, updates oauth lib in the example folders to
+  the latest version in the 'lib' folder.
+- updates server library to revision 10 of the OAuth 2.0 spec.
+- adds an option for more verbose error messages to be returned in the JSON
+  response.
+- adds method to be overridden for expiring used refresh tokens.
+- fixes bug checking token expiration.
+- makes some more methods protected instead of private so they can be
+  overridden.
+- fixes issue #1 http://code.google.com/p/oauth2-php/issues/detail?id=1
+
+oauth2-php revision 7, 2010-06-29
+----------------------
+- fixed mongo connection constants.
+- updated store_refresh_token to include expires time.
+- changed example server directory structure
+- corrected "false" return result on get_stored_auth_code.
+- implemented PDO example adapter.
+- corrected an error in assertion grant type.
+- updated for ietf draft v9:
+  http://tools.ietf.org/html/draft-ietf-oauth-v2-09.
+- updated updated to support v9 lib.
+- added mysql table creation script.
+
+oauth2-php revision 0, 2010-06-27
+----------------------
+- initial commit.
diff --git a/library/oauth2-php/LICENSE.txt b/library/oauth2-php/LICENSE.txt
new file mode 100644
index 000000000..7979b1c85
--- /dev/null
+++ b/library/oauth2-php/LICENSE.txt
@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2010 Tim Ridgely 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/library/oauth2-php/lib/OAuth2.inc b/library/oauth2-php/lib/OAuth2.inc
new file mode 100644
index 000000000..e10e0f26d
--- /dev/null
+++ b/library/oauth2-php/lib/OAuth2.inc
@@ -0,0 +1,1560 @@
+ Open Dining. Supports
+ * IETF draft v10.
+ *
+ * Source repo has sample servers implementations for
+ *  PHP Data Objects and
+ * MongoDB. Easily adaptable to other
+ * storage engines.
+ *
+ * PHP Data Objects supports a variety of databases, including MySQL,
+ * Microsoft SQL Server, SQLite, and Oracle, so you can try out the sample
+ * to see how it all works.
+ *
+ * We're expanding the wiki to include more helpful documentation, but for
+ * now, your best bet is to view the oauth.php source - it has lots of
+ * comments.
+ *
+ * @author Tim Ridgely 
+ * @author Aaron Parecki 
+ * @author Edison Wong 
+ *
+ * @see http://code.google.com/p/oauth2-php/
+ */
+
+
+/**
+ * The default duration in seconds of the access token lifetime.
+ */
+define("OAUTH2_DEFAULT_ACCESS_TOKEN_LIFETIME", 3600);
+
+/**
+ * The default duration in seconds of the authorization code lifetime.
+ */
+define("OAUTH2_DEFAULT_AUTH_CODE_LIFETIME", 30);
+
+/**
+ * The default duration in seconds of the refresh token lifetime.
+ */
+define("OAUTH2_DEFAULT_REFRESH_TOKEN_LIFETIME", 1209600);
+
+
+/**
+ * @defgroup oauth2_section_2 Client Credentials
+ * @{
+ *
+ * When interacting with the authorization server, the client identifies
+ * itself using a client identifier and authenticates using a set of
+ * client credentials. This specification provides one mechanism for
+ * authenticating the client using password credentials.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-2
+ */
+
+/**
+ * Regex to filter out the client identifier (described in Section 2 of IETF draft).
+ *
+ * IETF draft does not prescribe a format for these, however I've arbitrarily
+ * chosen alphanumeric strings with hyphens and underscores, 3-32 characters
+ * long.
+ *
+ * Feel free to change.
+ */
+define("OAUTH2_CLIENT_ID_REGEXP", "/^[a-z0-9-_]{3,32}$/i");
+
+/**
+ * @}
+ */
+
+
+/**
+ * @defgroup oauth2_section_3 Obtaining End-User Authorization
+ * @{
+ *
+ * When the client interacts with an end-user, the end-user MUST first
+ * grant the client authorization to access its protected resources.
+ * Once obtained, the end-user access grant is expressed as an
+ * authorization code which the client uses to obtain an access token.
+ * To obtain an end-user authorization, the client sends the end-user to
+ * the end-user authorization endpoint.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3
+ */
+
+/**
+ * Denotes "token" authorization response type.
+ */
+define("OAUTH2_AUTH_RESPONSE_TYPE_ACCESS_TOKEN", "token");
+
+/**
+ * Denotes "code" authorization response type.
+ */
+define("OAUTH2_AUTH_RESPONSE_TYPE_AUTH_CODE", "code");
+
+/**
+ * Denotes "code-and-token" authorization response type.
+ */
+define("OAUTH2_AUTH_RESPONSE_TYPE_CODE_AND_TOKEN", "code-and-token");
+
+/**
+ * Regex to filter out the authorization response type.
+ */
+define("OAUTH2_AUTH_RESPONSE_TYPE_REGEXP", "/^(token|code|code-and-token)$/");
+
+/**
+ * @}
+ */
+
+
+/**
+ * @defgroup oauth2_section_4 Obtaining an Access Token
+ * @{
+ *
+ * The client obtains an access token by authenticating with the
+ * authorization server and presenting its access grant (in the form of
+ * an authorization code, resource owner credentials, an assertion, or a
+ * refresh token).
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4
+ */
+
+/**
+ * Denotes "authorization_code" grant types (for token obtaining).
+ */
+define("OAUTH2_GRANT_TYPE_AUTH_CODE", "authorization_code");
+
+/**
+ * Denotes "password" grant types (for token obtaining).
+ */
+define("OAUTH2_GRANT_TYPE_USER_CREDENTIALS", "password");
+
+/**
+ * Denotes "assertion" grant types (for token obtaining).
+ */
+define("OAUTH2_GRANT_TYPE_ASSERTION", "assertion");
+
+/**
+ * Denotes "refresh_token" grant types (for token obtaining).
+ */
+define("OAUTH2_GRANT_TYPE_REFRESH_TOKEN", "refresh_token");
+
+/**
+ * Denotes "none" grant types (for token obtaining).
+ */
+define("OAUTH2_GRANT_TYPE_NONE", "none");
+
+/**
+ * Regex to filter out the grant type.
+ */
+define("OAUTH2_GRANT_TYPE_REGEXP", "/^(authorization_code|password|assertion|refresh_token|none)$/");
+
+/**
+ * @}
+ */
+
+
+/**
+ * @defgroup oauth2_section_5 Accessing a Protected Resource
+ * @{
+ *
+ * Clients access protected resources by presenting an access token to
+ * the resource server. Access tokens act as bearer tokens, where the
+ * token string acts as a shared symmetric secret. This requires
+ * treating the access token with the same care as other secrets (e.g.
+ * end-user passwords). Access tokens SHOULD NOT be sent in the clear
+ * over an insecure channel.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5
+ */
+
+/**
+ * Used to define the name of the OAuth access token parameter (POST/GET/etc.).
+ *
+ * IETF Draft sections 5.1.2 and 5.1.3 specify that it should be called
+ * "oauth_token" but other implementations use things like "access_token".
+ *
+ * I won't be heartbroken if you change it, but it might be better to adhere
+ * to the spec.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.1.2
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.1.3
+ */
+define("OAUTH2_TOKEN_PARAM_NAME", "oauth_token");
+
+/**
+ * @}
+ */
+
+
+/**
+ * @defgroup oauth2_http_status HTTP status code
+ * @{
+ */
+
+/**
+ * "Found" HTTP status code.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3
+ */
+define("OAUTH2_HTTP_FOUND", "302 Found");
+
+/**
+ * "Bad Request" HTTP status code.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.2.1
+ */
+define("OAUTH2_HTTP_BAD_REQUEST", "400 Bad Request");
+
+/**
+ * "Unauthorized" HTTP status code.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.2.1
+ */
+define("OAUTH2_HTTP_UNAUTHORIZED", "401 Unauthorized");
+
+/**
+ * "Forbidden" HTTP status code.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.2.1
+ */
+define("OAUTH2_HTTP_FORBIDDEN", "403 Forbidden");
+
+/**
+ * @}
+ */
+
+
+/**
+ * @defgroup oauth2_error Error handling
+ * @{
+ *
+ * @todo Extend for i18n.
+ */
+
+/**
+ * The request is missing a required parameter, includes an unsupported
+ * parameter or parameter value, or is otherwise malformed.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3.2.1
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3.1
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.2.1
+ */
+define("OAUTH2_ERROR_INVALID_REQUEST", "invalid_request");
+
+/**
+ * The client identifier provided is invalid.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3.2.1
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3.1
+ */
+define("OAUTH2_ERROR_INVALID_CLIENT", "invalid_client");
+
+/**
+ * The client is not authorized to use the requested response type.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3.2.1
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3.1
+ */
+define("OAUTH2_ERROR_UNAUTHORIZED_CLIENT", "unauthorized_client");
+
+/**
+ * The redirection URI provided does not match a pre-registered value.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3.2.1
+ */
+define("OAUTH2_ERROR_REDIRECT_URI_MISMATCH", "redirect_uri_mismatch");
+
+/**
+ * The end-user or authorization server denied the request.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3.2.1
+ */
+define("OAUTH2_ERROR_USER_DENIED", "access_denied");
+
+/**
+ * The requested response type is not supported by the authorization server.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3.2.1
+ */
+define("OAUTH2_ERROR_UNSUPPORTED_RESPONSE_TYPE", "unsupported_response_type");
+
+/**
+ * The requested scope is invalid, unknown, or malformed.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3.2.1
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3.1
+ */
+define("OAUTH2_ERROR_INVALID_SCOPE", "invalid_scope");
+
+/**
+ * The provided access grant is invalid, expired, or revoked (e.g. invalid
+ * assertion, expired authorization token, bad end-user password credentials,
+ * or mismatching authorization code and redirection URI).
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3.1
+ */
+define("OAUTH2_ERROR_INVALID_GRANT", "invalid_grant");
+
+/**
+ * The access grant included - its type or another attribute - is not
+ * supported by the authorization server.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3.1
+ */
+define("OAUTH2_ERROR_UNSUPPORTED_GRANT_TYPE", "unsupported_grant_type");
+
+/**
+ * The access token provided is invalid. Resource servers SHOULD use this
+ * error code when receiving an expired token which cannot be refreshed to
+ * indicate to the client that a new authorization is necessary. The resource
+ * server MUST respond with the HTTP 401 (Unauthorized) status code.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.2.1
+ */
+define("OAUTH2_ERROR_INVALID_TOKEN", "invalid_token");
+
+/**
+ * The access token provided has expired. Resource servers SHOULD only use
+ * this error code when the client is expected to be able to handle the
+ * response and request a new access token using the refresh token issued
+ * with the expired access token. The resource server MUST respond with the
+ * HTTP 401 (Unauthorized) status code.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.2.1
+ */
+define("OAUTH2_ERROR_EXPIRED_TOKEN", "expired_token");
+
+/**
+ * The request requires higher privileges than provided by the access token.
+ * The resource server SHOULD respond with the HTTP 403 (Forbidden) status
+ * code and MAY include the "scope" attribute with the scope necessary to
+ * access the protected resource.
+ *
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.2.1
+ */
+define("OAUTH2_ERROR_INSUFFICIENT_SCOPE", "insufficient_scope");
+
+/**
+ * @}
+ */
+
+/**
+ * OAuth2.0 draft v10 server-side implementation.
+ *
+ * @author Originally written by Tim Ridgely .
+ * @author Updated to draft v10 by Aaron Parecki .
+ * @author Debug, coding style clean up and documented by Edison Wong .
+ */
+abstract class OAuth2 {
+
+  /**
+   * Array of persistent variables stored.
+   */
+  protected $conf = array();
+
+  /**
+   * Returns a persistent variable.
+   *
+   * To avoid problems, always use lower case for persistent variable names.
+   *
+   * @param $name
+   *   The name of the variable to return.
+   * @param $default
+   *   The default value to use if this variable has never been set.
+   *
+   * @return
+   *   The value of the variable.
+   */
+  public function getVariable($name, $default = NULL) {
+    return isset($this->conf[$name]) ? $this->conf[$name] : $default;
+  }
+
+  /**
+   * Sets a persistent variable.
+   *
+   * To avoid problems, always use lower case for persistent variable names.
+   *
+   * @param $name
+   *   The name of the variable to set.
+   * @param $value
+   *   The value to set.
+   */
+  public function setVariable($name, $value) {
+    $this->conf[$name] = $value;
+    return $this;
+  }
+
+  // Subclasses must implement the following functions.
+
+  /**
+   * Make sure that the client credentials is valid.
+   *
+   * @param $client_id
+   *   Client identifier to be check with.
+   * @param $client_secret
+   *   (optional) If a secret is required, check that they've given the right one.
+   *
+   * @return
+   *   TRUE if client credentials are valid, and MUST return FALSE if invalid.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-2.1
+   *
+   * @ingroup oauth2_section_2
+   */
+  abstract protected function checkClientCredentials($client_id, $client_secret = NULL);
+
+  /**
+   * Get the registered redirect URI of corresponding client_id.
+   *
+   * OAuth says we should store request URIs for each registered client.
+   * Implement this function to grab the stored URI for a given client id.
+   *
+   * @param $client_id
+   *   Client identifier to be check with.
+   *
+   * @return
+   *   Registered redirect URI of corresponding client identifier, and MUST
+   *   return FALSE if the given client does not exist or is invalid.
+   *
+   * @ingroup oauth2_section_3
+   */
+  abstract protected function getRedirectUri($client_id);
+
+  /**
+   * Look up the supplied oauth_token from storage.
+   *
+   * We need to retrieve access token data as we create and verify tokens.
+   *
+   * @param $oauth_token
+   *   oauth_token to be check with.
+   *
+   * @return
+   *   An associative array as below, and return NULL if the supplied oauth_token
+   *   is invalid:
+   *   - client_id: Stored client identifier.
+   *   - expires: Stored expiration in unix timestamp.
+   *   - scope: (optional) Stored scope values in space-separated string.
+   *
+   * @ingroup oauth2_section_5
+   */
+  abstract protected function getAccessToken($oauth_token);
+
+  /**
+   * Store the supplied access token values to storage.
+   *
+   * We need to store access token data as we create and verify tokens.
+   *
+   * @param $oauth_token
+   *   oauth_token to be stored.
+   * @param $client_id
+   *   Client identifier to be stored.
+   * @param $expires
+   *   Expiration to be stored.
+   * @param $scope
+   *   (optional) Scopes to be stored in space-separated string.
+   *
+   * @ingroup oauth2_section_4
+   */
+  abstract protected function setAccessToken($oauth_token, $client_id, $expires, $scope = NULL);
+
+  // Stuff that should get overridden by subclasses.
+  //
+  // I don't want to make these abstract, because then subclasses would have
+  // to implement all of them, which is too much work.
+  //
+  // So they're just stubs. Override the ones you need.
+
+  /**
+   * Return supported grant types.
+   *
+   * You should override this function with something, or else your OAuth
+   * provider won't support any grant types!
+   *
+   * @return
+   *   A list as below. If you support all grant types, then you'd do:
+   * @code
+   * return array(
+   *   OAUTH2_GRANT_TYPE_AUTH_CODE,
+   *   OAUTH2_GRANT_TYPE_USER_CREDENTIALS,
+   *   OAUTH2_GRANT_TYPE_ASSERTION,
+   *   OAUTH2_GRANT_TYPE_REFRESH_TOKEN,
+   *   OAUTH2_GRANT_TYPE_NONE,
+   * );
+   * @endcode
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function getSupportedGrantTypes() {
+    return array();
+  }
+
+  /**
+   * Return supported authorization response types.
+   *
+   * You should override this function with your supported response types.
+   *
+   * @return
+   *   A list as below. If you support all authorization response types,
+   *   then you'd do:
+   * @code
+   * return array(
+   *   OAUTH2_AUTH_RESPONSE_TYPE_AUTH_CODE,
+   *   OAUTH2_AUTH_RESPONSE_TYPE_ACCESS_TOKEN,
+   *   OAUTH2_AUTH_RESPONSE_TYPE_CODE_AND_TOKEN,
+   * );
+   * @endcode
+   *
+   * @ingroup oauth2_section_3
+   */
+  protected function getSupportedAuthResponseTypes() {
+    return array(
+      OAUTH2_AUTH_RESPONSE_TYPE_AUTH_CODE,
+      OAUTH2_AUTH_RESPONSE_TYPE_ACCESS_TOKEN,
+      OAUTH2_AUTH_RESPONSE_TYPE_CODE_AND_TOKEN
+    );
+  }
+
+  /**
+   * Return supported scopes.
+   *
+   * If you want to support scope use, then have this function return a list
+   * of all acceptable scopes (used to throw the invalid-scope error).
+   *
+   * @return
+   *   A list as below, for example:
+   * @code
+   * return array(
+   *   'my-friends',
+   *   'photos',
+   *   'whatever-else',
+   * );
+   * @endcode
+   *
+   * @ingroup oauth2_section_3
+   */
+  protected function getSupportedScopes() {
+    return array();
+  }
+
+  /**
+   * Check restricted authorization response types of corresponding Client
+   * identifier.
+   *
+   * If you want to restrict clients to certain authorization response types,
+   * override this function.
+   *
+   * @param $client_id
+   *   Client identifier to be check with.
+   * @param $response_type
+   *   Authorization response type to be check with, would be one of the
+   *   values contained in OAUTH2_AUTH_RESPONSE_TYPE_REGEXP.
+   *
+   * @return
+   *   TRUE if the authorization response type is supported by this
+   *   client identifier, and FALSE if it isn't.
+   *
+   * @ingroup oauth2_section_3
+   */
+  protected function checkRestrictedAuthResponseType($client_id, $response_type) {
+    return TRUE;
+  }
+
+  /**
+   * Check restricted grant types of corresponding client identifier.
+   *
+   * If you want to restrict clients to certain grant types, override this
+   * function.
+   *
+   * @param $client_id
+   *   Client identifier to be check with.
+   * @param $grant_type
+   *   Grant type to be check with, would be one of the values contained in
+   *   OAUTH2_GRANT_TYPE_REGEXP.
+   *
+   * @return
+   *   TRUE if the grant type is supported by this client identifier, and
+   *   FALSE if it isn't.
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function checkRestrictedGrantType($client_id, $grant_type) {
+    return TRUE;
+  }
+
+  // Functions that help grant access tokens for various grant types.
+
+  /**
+   * Fetch authorization code data (probably the most common grant type).
+   *
+   * Retrieve the stored data for the given authorization code.
+   *
+   * Required for OAUTH2_GRANT_TYPE_AUTH_CODE.
+   *
+   * @param $code
+   *   Authorization code to be check with.
+   *
+   * @return
+   *   An associative array as below, and NULL if the code is invalid:
+   *   - client_id: Stored client identifier.
+   *   - redirect_uri: Stored redirect URI.
+   *   - expires: Stored expiration in unix timestamp.
+   *   - scope: (optional) Stored scope values in space-separated string.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.1.1
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function getAuthCode($code) {
+    return NULL;
+  }
+
+  /**
+   * Take the provided authorization code values and store them somewhere.
+   *
+   * This function should be the storage counterpart to getAuthCode().
+   *
+   * If storage fails for some reason, we're not currently checking for
+   * any sort of success/failure, so you should bail out of the script
+   * and provide a descriptive fail message.
+   *
+   * Required for OAUTH2_GRANT_TYPE_AUTH_CODE.
+   *
+   * @param $code
+   *   Authorization code to be stored.
+   * @param $client_id
+   *   Client identifier to be stored.
+   * @param $redirect_uri
+   *   Redirect URI to be stored.
+   * @param $expires
+   *   Expiration to be stored.
+   * @param $scope
+   *   (optional) Scopes to be stored in space-separated string.
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function setAuthCode($code, $client_id, $redirect_uri, $expires, $scope = NULL) {
+  }
+
+  /**
+   * Grant access tokens for basic user credentials.
+   *
+   * Check the supplied username and password for validity.
+   *
+   * You can also use the $client_id param to do any checks required based
+   * on a client, if you need that.
+   *
+   * Required for OAUTH2_GRANT_TYPE_USER_CREDENTIALS.
+   *
+   * @param $client_id
+   *   Client identifier to be check with.
+   * @param $username
+   *   Username to be check with.
+   * @param $password
+   *   Password to be check with.
+   *
+   * @return
+   *   TRUE if the username and password are valid, and FALSE if it isn't.
+   *   Moreover, if the username and password are valid, and you want to
+   *   verify the scope of a user's access, return an associative array
+   *   with the scope values as below. We'll check the scope you provide
+   *   against the requested scope before providing an access token:
+   * @code
+   * return array(
+   *   'scope' => ,
+   * );
+   * @endcode
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.1.2
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function checkUserCredentials($client_id, $username, $password) {
+    return FALSE;
+  }
+
+  /**
+   * Grant access tokens for assertions.
+   *
+   * Check the supplied assertion for validity.
+   *
+   * You can also use the $client_id param to do any checks required based
+   * on a client, if you need that.
+   *
+   * Required for OAUTH2_GRANT_TYPE_ASSERTION.
+   *
+   * @param $client_id
+   *   Client identifier to be check with.
+   * @param $assertion_type
+   *   The format of the assertion as defined by the authorization server.
+   * @param $assertion
+   *   The assertion.
+   *
+   * @return
+   *   TRUE if the assertion is valid, and FALSE if it isn't. Moreover, if
+   *   the assertion is valid, and you want to verify the scope of an access
+   *   request, return an associative array with the scope values as below.
+   *   We'll check the scope you provide against the requested scope before
+   *   providing an access token:
+   * @code
+   * return array(
+   *   'scope' => ,
+   * );
+   * @endcode
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.1.3
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function checkAssertion($client_id, $assertion_type, $assertion) {
+    return FALSE;
+  }
+
+  /**
+   * Grant refresh access tokens.
+   *
+   * Retrieve the stored data for the given refresh token.
+   *
+   * Required for OAUTH2_GRANT_TYPE_REFRESH_TOKEN.
+   *
+   * @param $refresh_token
+   *   Refresh token to be check with.
+   *
+   * @return
+   *   An associative array as below, and NULL if the refresh_token is
+   *   invalid:
+   *   - client_id: Stored client identifier.
+   *   - expires: Stored expiration unix timestamp.
+   *   - scope: (optional) Stored scope values in space-separated string.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.1.4
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function getRefreshToken($refresh_token) {
+    return NULL;
+  }
+
+  /**
+   * Take the provided refresh token values and store them somewhere.
+   *
+   * This function should be the storage counterpart to getRefreshToken().
+   *
+   * If storage fails for some reason, we're not currently checking for
+   * any sort of success/failure, so you should bail out of the script
+   * and provide a descriptive fail message.
+   *
+   * Required for OAUTH2_GRANT_TYPE_REFRESH_TOKEN.
+   *
+   * @param $refresh_token
+   *   Refresh token to be stored.
+   * @param $client_id
+   *   Client identifier to be stored.
+   * @param $expires
+   *   expires to be stored.
+   * @param $scope
+   *   (optional) Scopes to be stored in space-separated string.
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function setRefreshToken($refresh_token, $client_id, $expires, $scope = NULL) {
+    return;
+  }
+
+  /**
+   * Expire a used refresh token.
+   *
+   * This is not explicitly required in the spec, but is almost implied.
+   * After granting a new refresh token, the old one is no longer useful and
+   * so should be forcibly expired in the data store so it can't be used again.
+   *
+   * If storage fails for some reason, we're not currently checking for
+   * any sort of success/failure, so you should bail out of the script
+   * and provide a descriptive fail message.
+   *
+   * @param $refresh_token
+   *   Refresh token to be expirse.
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function unsetRefreshToken($refresh_token) {
+    return;
+  }
+
+  /**
+   * Grant access tokens for the "none" grant type.
+   *
+   * Not really described in the IETF Draft, so I just left a method
+   * stub... Do whatever you want!
+   *
+   * Required for OAUTH2_GRANT_TYPE_NONE.
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function checkNoneAccess($client_id) {
+    return FALSE;
+  }
+
+  /**
+   * Get default authentication realm for WWW-Authenticate header.
+   *
+   * Change this to whatever authentication realm you want to send in a
+   * WWW-Authenticate header.
+   *
+   * @return
+   *   A string that you want to send in a WWW-Authenticate header.
+   *
+   * @ingroup oauth2_error
+   */
+  protected function getDefaultAuthenticationRealm() {
+    return "Service";
+  }
+
+  // End stuff that should get overridden.
+
+  /**
+   * Creates an OAuth2.0 server-side instance.
+   *
+   * @param $config
+   *   An associative array as below:
+   *   - access_token_lifetime: (optional) The lifetime of access token in
+   *     seconds.
+   *   - auth_code_lifetime: (optional) The lifetime of authorization code in
+   *     seconds.
+   *   - refresh_token_lifetime: (optional) The lifetime of refresh token in
+   *     seconds.
+   *   - display_error: (optional) Whether to show verbose error messages in
+   *     the response.
+   */
+  public function __construct($config = array()) {
+    foreach ($config as $name => $value) {
+      $this->setVariable($name, $value);
+    }
+  }
+
+  // Resource protecting (Section 5).
+
+  /**
+   * Check that a valid access token has been provided.
+   *
+   * The scope parameter defines any required scope that the token must have.
+   * If a scope param is provided and the token does not have the required
+   * scope, we bounce the request.
+   *
+   * Some implementations may choose to return a subset of the protected
+   * resource (i.e. "public" data) if the user has not provided an access
+   * token or if the access token is invalid or expired.
+   *
+   * The IETF spec says that we should send a 401 Unauthorized header and
+   * bail immediately so that's what the defaults are set to.
+   *
+   * @param $scope
+   *   A space-separated string of required scope(s), if you want to check
+   *   for scope.
+   * @param $exit_not_present
+   *   If TRUE and no access token is provided, send a 401 header and exit,
+   *   otherwise return FALSE.
+   * @param $exit_invalid
+   *   If TRUE and the implementation of getAccessToken() returns NULL, exit,
+   *   otherwise return FALSE.
+   * @param $exit_expired
+   *   If TRUE and the access token has expired, exit, otherwise return FALSE.
+   * @param $exit_scope
+   *   If TRUE the access token does not have the required scope(s), exit,
+   *   otherwise return FALSE.
+   * @param $realm
+   *   If you want to specify a particular realm for the WWW-Authenticate
+   *   header, supply it here.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5
+   *
+   * @ingroup oauth2_section_5
+   */
+  public function verifyAccessToken($scope = NULL, $exit_not_present = TRUE, $exit_invalid = TRUE, $exit_expired = TRUE, $exit_scope = TRUE, $realm = NULL) {
+    $token_param = $this->getAccessTokenParams();
+    if ($token_param === FALSE) // Access token was not provided
+      return $exit_not_present ? $this->errorWWWAuthenticateResponseHeader(OAUTH2_HTTP_BAD_REQUEST, $realm, OAUTH2_ERROR_INVALID_REQUEST, 'The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.', NULL, $scope) : FALSE;
+    // Get the stored token data (from the implementing subclass)
+    $token = $this->getAccessToken($token_param);
+    if ($token === NULL)
+      return $exit_invalid ? $this->errorWWWAuthenticateResponseHeader(OAUTH2_HTTP_UNAUTHORIZED, $realm, OAUTH2_ERROR_INVALID_TOKEN, 'The access token provided is invalid.', NULL, $scope) : FALSE;
+
+    // Check token expiration (I'm leaving this check separated, later we'll fill in better error messages)
+    if (isset($token["expires"]) && time() > $token["expires"])
+      return $exit_expired ? $this->errorWWWAuthenticateResponseHeader(OAUTH2_HTTP_UNAUTHORIZED, $realm, OAUTH2_ERROR_EXPIRED_TOKEN, 'The access token provided has expired.', NULL, $scope) : FALSE;
+
+    // Check scope, if provided
+    // If token doesn't have a scope, it's NULL/empty, or it's insufficient, then throw an error
+    if ($scope && (!isset($token["scope"]) || !$token["scope"] || !$this->checkScope($scope, $token["scope"])))
+      return $exit_scope ? $this->errorWWWAuthenticateResponseHeader(OAUTH2_HTTP_FORBIDDEN, $realm, OAUTH2_ERROR_INSUFFICIENT_SCOPE, 'The request requires higher privileges than provided by the access token.', NULL, $scope) : FALSE;
+
+    return TRUE;
+  }
+
+  /**
+   * Check if everything in required scope is contained in available scope.
+   *
+   * @param $required_scope
+   *   Required scope to be check with.
+   * @param $available_scope
+   *   Available scope to be compare with.
+   *
+   * @return
+   *   TRUE if everything in required scope is contained in available scope,
+   *   and False if it isn't.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5
+   *
+   * @ingroup oauth2_section_5
+   */
+  private function checkScope($required_scope, $available_scope) {
+    // The required scope should match or be a subset of the available scope
+    if (!is_array($required_scope))
+      $required_scope = explode(" ", $required_scope);
+
+    if (!is_array($available_scope))
+      $available_scope = explode(" ", $available_scope);
+
+    return (count(array_diff($required_scope, $available_scope)) == 0);
+  }
+
+  /**
+   * Pulls the access token out of the HTTP request.
+   *
+   * Either from the Authorization header or GET/POST/etc.
+   *
+   * @return
+   *   Access token value if present, and FALSE if it isn't.
+   *
+   * @todo Support PUT or DELETE.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.1
+   *
+   * @ingroup oauth2_section_5
+   */
+  private function getAccessTokenParams() {
+    $auth_header = $this->getAuthorizationHeader();
+
+    if ($auth_header !== FALSE) {
+      // Make sure only the auth header is set
+      if (isset($_GET[OAUTH2_TOKEN_PARAM_NAME]) || isset($_POST[OAUTH2_TOKEN_PARAM_NAME]))
+        $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST, 'Auth token found in GET or POST when token present in header');
+
+      $auth_header = trim($auth_header);
+
+      // Make sure it's Token authorization
+      if (strcmp(substr($auth_header, 0, 5), "OAuth ") !== 0)
+        $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST, 'Auth header found that doesn\'t start with "OAuth"');
+
+      // Parse the rest of the header
+      if (preg_match('/\s*OAuth\s*="(.+)"/', substr($auth_header, 5), $matches) == 0 || count($matches) < 2)
+        $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST, 'Malformed auth header');
+
+      return $matches[1];
+    }
+
+    if (isset($_GET[OAUTH2_TOKEN_PARAM_NAME])) {
+      if (isset($_POST[OAUTH2_TOKEN_PARAM_NAME])) // Both GET and POST are not allowed
+        $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST, 'Only send the token in GET or POST, not both');
+
+      return $_GET[OAUTH2_TOKEN_PARAM_NAME];
+    }
+
+    if (isset($_POST[OAUTH2_TOKEN_PARAM_NAME]))
+      return $_POST[OAUTH2_TOKEN_PARAM_NAME];
+
+    return FALSE;
+  }
+
+  // Access token granting (Section 4).
+
+  /**
+   * Grant or deny a requested access token.
+   *
+   * This would be called from the "/token" endpoint as defined in the spec.
+   * Obviously, you can call your endpoint whatever you want.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4
+   *
+   * @ingroup oauth2_section_4
+   */
+  public function grantAccessToken() {
+    $filters = array(
+      "grant_type" => array("filter" => FILTER_VALIDATE_REGEXP, "options" => array("regexp" => OAUTH2_GRANT_TYPE_REGEXP), "flags" => FILTER_REQUIRE_SCALAR),
+      "scope" => array("flags" => FILTER_REQUIRE_SCALAR),
+      "code" => array("flags" => FILTER_REQUIRE_SCALAR),
+      "redirect_uri" => array("filter" => FILTER_SANITIZE_URL),
+      "username" => array("flags" => FILTER_REQUIRE_SCALAR),
+      "password" => array("flags" => FILTER_REQUIRE_SCALAR),
+      "assertion_type" => array("flags" => FILTER_REQUIRE_SCALAR),
+      "assertion" => array("flags" => FILTER_REQUIRE_SCALAR),
+      "refresh_token" => array("flags" => FILTER_REQUIRE_SCALAR),
+    );
+
+    $input = filter_input_array(INPUT_POST, $filters);
+
+    // Grant Type must be specified.
+    if (!$input["grant_type"])
+      $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST, 'Invalid grant_type parameter or parameter missing');
+
+    // Make sure we've implemented the requested grant type
+    if (!in_array($input["grant_type"], $this->getSupportedGrantTypes()))
+      $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_UNSUPPORTED_GRANT_TYPE);
+
+    // Authorize the client
+    $client = $this->getClientCredentials();
+
+    if ($this->checkClientCredentials($client[0], $client[1]) === FALSE)
+      $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_CLIENT);
+
+    if (!$this->checkRestrictedGrantType($client[0], $input["grant_type"]))
+      $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_UNAUTHORIZED_CLIENT);
+
+    // Do the granting
+    switch ($input["grant_type"]) {
+      case OAUTH2_GRANT_TYPE_AUTH_CODE:
+        if (!$input["code"] || !$input["redirect_uri"])
+          $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST);
+
+        $stored = $this->getAuthCode($input["code"]);
+
+        // Ensure that the input uri starts with the stored uri
+        if ($stored === NULL || (strcasecmp(substr($input["redirect_uri"], 0, strlen($stored["redirect_uri"])), $stored["redirect_uri"]) !== 0) || $client[0] != $stored["client_id"])
+          $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_GRANT);
+
+        if ($stored["expires"] < time())
+          $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_EXPIRED_TOKEN);
+
+        break;
+      case OAUTH2_GRANT_TYPE_USER_CREDENTIALS:
+        if (!$input["username"] || !$input["password"])
+          $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST, 'Missing parameters. "username" and "password" required');
+
+        $stored = $this->checkUserCredentials($client[0], $input["username"], $input["password"]);
+
+        if ($stored === FALSE)
+          $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_GRANT);
+
+        break;
+      case OAUTH2_GRANT_TYPE_ASSERTION:
+        if (!$input["assertion_type"] || !$input["assertion"])
+          $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST);
+
+        $stored = $this->checkAssertion($client[0], $input["assertion_type"], $input["assertion"]);
+
+        if ($stored === FALSE)
+          $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_GRANT);
+
+        break;
+      case OAUTH2_GRANT_TYPE_REFRESH_TOKEN:
+        if (!$input["refresh_token"])
+          $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found');
+
+        $stored = $this->getRefreshToken($input["refresh_token"]);
+
+        if ($stored === NULL || $client[0] != $stored["client_id"])
+          $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_GRANT);
+
+        if ($stored["expires"] < time())
+          $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_EXPIRED_TOKEN);
+
+        // store the refresh token locally so we can delete it when a new refresh token is generated
+        $this->setVariable('_old_refresh_token', $stored["token"]);
+
+        break;
+      case OAUTH2_GRANT_TYPE_NONE:
+        $stored = $this->checkNoneAccess($client[0]);
+
+        if ($stored === FALSE)
+          $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_REQUEST);
+    }
+
+    // Check scope, if provided
+    if ($input["scope"] && (!is_array($stored) || !isset($stored["scope"]) || !$this->checkScope($input["scope"], $stored["scope"])))
+      $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_SCOPE);
+
+    if (!$input["scope"])
+      $input["scope"] = NULL;
+
+    $token = $this->createAccessToken($client[0], $input["scope"]);
+
+    $this->sendJsonHeaders();
+    echo json_encode($token);
+  }
+
+  /**
+   * Internal function used to get the client credentials from HTTP basic
+   * auth or POST data.
+   *
+   * @return
+   *   A list containing the client identifier and password, for example
+   * @code
+   * return array(
+   *   $_POST["client_id"],
+   *   $_POST["client_secret"],
+   * );
+   * @endcode
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-2
+   *
+   * @ingroup oauth2_section_2
+   */
+  protected function getClientCredentials() {
+    if (isset($_SERVER["PHP_AUTH_USER"]) && $_POST && isset($_POST["client_id"]))
+      $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_CLIENT);
+
+    // Try basic auth
+    if (isset($_SERVER["PHP_AUTH_USER"]))
+      return array($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]);
+
+    // Try POST
+    if ($_POST && isset($_POST["client_id"])) {
+      if (isset($_POST["client_secret"]))
+        return array($_POST["client_id"], $_POST["client_secret"]);
+
+      return array($_POST["client_id"], NULL);
+    }
+
+    // No credentials were specified
+    $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_CLIENT);
+  }
+
+  // End-user/client Authorization (Section 3 of IETF Draft).
+
+  /**
+   * Pull the authorization request data out of the HTTP request.
+   *
+   * @return
+   *   The authorization parameters so the authorization server can prompt
+   *   the user for approval if valid.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3
+   *
+   * @ingroup oauth2_section_3
+   */
+  public function getAuthorizeParams() {
+    $filters = array(
+      "client_id" => array("filter" => FILTER_VALIDATE_REGEXP, "options" => array("regexp" => OAUTH2_CLIENT_ID_REGEXP), "flags" => FILTER_REQUIRE_SCALAR),
+      "response_type" => array("filter" => FILTER_VALIDATE_REGEXP, "options" => array("regexp" => OAUTH2_AUTH_RESPONSE_TYPE_REGEXP), "flags" => FILTER_REQUIRE_SCALAR),
+      "redirect_uri" => array("filter" => FILTER_SANITIZE_URL),
+      "state" => array("flags" => FILTER_REQUIRE_SCALAR),
+      "scope" => array("flags" => FILTER_REQUIRE_SCALAR),
+    );
+
+    $input = filter_input_array(INPUT_GET, $filters);
+
+    // Make sure a valid client id was supplied
+    if (!$input["client_id"]) {
+      if ($input["redirect_uri"])
+        $this->errorDoRedirectUriCallback($input["redirect_uri"], OAUTH2_ERROR_INVALID_CLIENT, NULL, NULL, $input["state"]);
+
+      $this->errorJsonResponse(OAUTH2_HTTP_FOUND, OAUTH2_ERROR_INVALID_CLIENT); // We don't have a good URI to use
+    }
+
+    // redirect_uri is not required if already established via other channels
+    // check an existing redirect URI against the one supplied
+    $redirect_uri = $this->getRedirectUri($input["client_id"]);
+
+    // At least one of: existing redirect URI or input redirect URI must be specified
+    if (!$redirect_uri && !$input["redirect_uri"])
+      $this->errorJsonResponse(OAUTH2_HTTP_FOUND, OAUTH2_ERROR_INVALID_REQUEST);
+
+    // getRedirectUri() should return FALSE if the given client ID is invalid
+    // this probably saves us from making a separate db call, and simplifies the method set
+    if ($redirect_uri === FALSE)
+      $this->errorDoRedirectUriCallback($input["redirect_uri"], OAUTH2_ERROR_INVALID_CLIENT, NULL, NULL, $input["state"]);
+
+    // If there's an existing uri and one from input, verify that they match
+    if ($redirect_uri && $input["redirect_uri"]) {
+      // Ensure that the input uri starts with the stored uri
+      if (strcasecmp(substr($input["redirect_uri"], 0, strlen($redirect_uri)), $redirect_uri) !== 0)
+        $this->errorDoRedirectUriCallback($input["redirect_uri"], OAUTH2_ERROR_REDIRECT_URI_MISMATCH, NULL, NULL, $input["state"]);
+    }
+    elseif ($redirect_uri) { // They did not provide a uri from input, so use the stored one
+      $input["redirect_uri"] = $redirect_uri;
+    }
+
+    // type and client_id are required
+    if (!$input["response_type"])
+      $this->errorDoRedirectUriCallback($input["redirect_uri"], OAUTH2_ERROR_INVALID_REQUEST, 'Invalid response type.', NULL, $input["state"]);
+
+    // Check requested auth response type against the list of supported types
+    if (array_search($input["response_type"], $this->getSupportedAuthResponseTypes()) === FALSE)
+      $this->errorDoRedirectUriCallback($input["redirect_uri"], OAUTH2_ERROR_UNSUPPORTED_RESPONSE_TYPE, NULL, NULL, $input["state"]);
+
+    // Restrict clients to certain authorization response types
+    if ($this->checkRestrictedAuthResponseType($input["client_id"], $input["response_type"]) === FALSE)
+      $this->errorDoRedirectUriCallback($input["redirect_uri"], OAUTH2_ERROR_UNAUTHORIZED_CLIENT, NULL, NULL, $input["state"]);
+
+    // Validate that the requested scope is supported
+    if ($input["scope"] && !$this->checkScope($input["scope"], $this->getSupportedScopes()))
+      $this->errorDoRedirectUriCallback($input["redirect_uri"], OAUTH2_ERROR_INVALID_SCOPE, NULL, NULL, $input["state"]);
+
+    return $input;
+  }
+
+  /**
+   * Redirect the user appropriately after approval.
+   *
+   * After the user has approved or denied the access request the
+   * authorization server should call this function to redirect the user
+   * appropriately.
+   *
+   * @param $is_authorized
+   *   TRUE or FALSE depending on whether the user authorized the access.
+   * @param $params
+   *   An associative array as below:
+   *   - response_type: The requested response: an access token, an
+   *     authorization code, or both.
+   *   - client_id: The client identifier as described in Section 2.
+   *   - redirect_uri: An absolute URI to which the authorization server
+   *     will redirect the user-agent to when the end-user authorization
+   *     step is completed.
+   *   - scope: (optional) The scope of the access request expressed as a
+   *     list of space-delimited strings.
+   *   - state: (optional) An opaque value used by the client to maintain
+   *     state between the request and callback.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3
+   *
+   * @ingroup oauth2_section_3
+   */
+  public function finishClientAuthorization($is_authorized, $params = array()) {
+    $params += array(
+      'scope' => NULL,
+      'state' => NULL,
+    );
+    extract($params);
+
+    if ($state !== NULL)
+      $result["query"]["state"] = $state;
+
+    if ($is_authorized === FALSE) {
+      $result["query"]["error"] = OAUTH2_ERROR_USER_DENIED;
+    }
+    else {
+      if ($response_type == OAUTH2_AUTH_RESPONSE_TYPE_AUTH_CODE || $response_type == OAUTH2_AUTH_RESPONSE_TYPE_CODE_AND_TOKEN)
+        $result["query"]["code"] = $this->createAuthCode($client_id, $redirect_uri, $scope);
+
+      if ($response_type == OAUTH2_AUTH_RESPONSE_TYPE_ACCESS_TOKEN || $response_type == OAUTH2_AUTH_RESPONSE_TYPE_CODE_AND_TOKEN)
+        $result["fragment"] = $this->createAccessToken($client_id, $scope);
+    }
+
+    $this->doRedirectUriCallback($redirect_uri, $result);
+  }
+
+  // Other/utility functions.
+
+  /**
+   * Redirect the user agent.
+   *
+   * Handle both redirect for success or error response.
+   *
+   * @param $redirect_uri
+   *   An absolute URI to which the authorization server will redirect
+   *   the user-agent to when the end-user authorization step is completed.
+   * @param $params
+   *   Parameters to be pass though buildUri().
+   *
+   * @ingroup oauth2_section_3
+   */
+  private function doRedirectUriCallback($redirect_uri, $params) {
+    header("HTTP/1.1 ". OAUTH2_HTTP_FOUND);
+    header("Location: " . $this->buildUri($redirect_uri, $params));
+    exit;
+  }
+
+  /**
+   * Build the absolute URI based on supplied URI and parameters.
+   *
+   * @param $uri
+   *   An absolute URI.
+   * @param $params
+   *   Parameters to be append as GET.
+   *
+   * @return
+   *   An absolute URI with supplied parameters.
+   *
+   * @ingroup oauth2_section_3
+   */
+  private function buildUri($uri, $params) {
+    $parse_url = parse_url($uri);
+
+    // Add our params to the parsed uri
+    foreach ($params as $k => $v) {
+      if (isset($parse_url[$k]))
+        $parse_url[$k] .= "&" . http_build_query($v);
+      else
+        $parse_url[$k] = http_build_query($v);
+    }
+
+    // Put humpty dumpty back together
+    return
+      ((isset($parse_url["scheme"])) ? $parse_url["scheme"] . "://" : "")
+      . ((isset($parse_url["user"])) ? $parse_url["user"] . ((isset($parse_url["pass"])) ? ":" . $parse_url["pass"] : "") . "@" : "")
+      . ((isset($parse_url["host"])) ? $parse_url["host"] : "")
+      . ((isset($parse_url["port"])) ? ":" . $parse_url["port"] : "")
+      . ((isset($parse_url["path"])) ? $parse_url["path"] : "")
+      . ((isset($parse_url["query"])) ? "?" . $parse_url["query"] : "")
+      . ((isset($parse_url["fragment"])) ? "#" . $parse_url["fragment"] : "");
+  }
+
+  /**
+   * Handle the creation of access token, also issue refresh token if support.
+   *
+   * This belongs in a separate factory, but to keep it simple, I'm just
+   * keeping it here.
+   *
+   * @param $client_id
+   *   Client identifier related to the access token.
+   * @param $scope
+   *   (optional) Scopes to be stored in space-separated string.
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function createAccessToken($client_id, $scope = NULL) {
+    $token = array(
+      "access_token" => $this->genAccessToken(),
+      "expires_in" => $this->getVariable('access_token_lifetime', OAUTH2_DEFAULT_ACCESS_TOKEN_LIFETIME),
+      "scope" => $scope
+    );
+
+    $this->setAccessToken($token["access_token"], $client_id, time() + $this->getVariable('access_token_lifetime', OAUTH2_DEFAULT_ACCESS_TOKEN_LIFETIME), $scope);
+
+    // Issue a refresh token also, if we support them
+    if (in_array(OAUTH2_GRANT_TYPE_REFRESH_TOKEN, $this->getSupportedGrantTypes())) {
+      $token["refresh_token"] = $this->genAccessToken();
+      $this->setRefreshToken($token["refresh_token"], $client_id, time() + $this->getVariable('refresh_token_lifetime', OAUTH2_DEFAULT_REFRESH_TOKEN_LIFETIME), $scope);
+      // If we've granted a new refresh token, expire the old one
+      if ($this->getVariable('_old_refresh_token'))
+        $this->unsetRefreshToken($this->getVariable('_old_refresh_token'));
+    }
+
+    return $token;
+  }
+
+  /**
+   * Handle the creation of auth code.
+   *
+   * This belongs in a separate factory, but to keep it simple, I'm just
+   * keeping it here.
+   *
+   * @param $client_id
+   *   Client identifier related to the access token.
+   * @param $redirect_uri
+   *   An absolute URI to which the authorization server will redirect the
+   *   user-agent to when the end-user authorization step is completed.
+   * @param $scope
+   *   (optional) Scopes to be stored in space-separated string.
+   *
+   * @ingroup oauth2_section_3
+   */
+  private function createAuthCode($client_id, $redirect_uri, $scope = NULL) {
+    $code = $this->genAuthCode();
+    $this->setAuthCode($code, $client_id, $redirect_uri, time() + $this->getVariable('auth_code_lifetime', OAUTH2_DEFAULT_AUTH_CODE_LIFETIME), $scope);
+    return $code;
+  }
+
+  /**
+   * Generate unique access token.
+   *
+   * Implementing classes may want to override these function to implement
+   * other access token or auth code generation schemes.
+   *
+   * @return
+   *   An unique access token.
+   *
+   * @ingroup oauth2_section_4
+   */
+  protected function genAccessToken() {
+    return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid())));
+  }
+
+  /**
+   * Generate unique auth code.
+   *
+   * Implementing classes may want to override these function to implement
+   * other access token or auth code generation schemes.
+   *
+   * @return
+   *   An unique auth code.
+   *
+   * @ingroup oauth2_section_3
+   */
+  protected function genAuthCode() {
+    return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid())));
+  }
+
+  /**
+   * Pull out the Authorization HTTP header and return it.
+   *
+   * Implementing classes may need to override this function for use on
+   * non-Apache web servers.
+   *
+   * @return
+   *   The Authorization HTTP header, and FALSE if does not exist.
+   *
+   * @todo Handle Authorization HTTP header for non-Apache web servers.
+   *
+   * @ingroup oauth2_section_5
+   */
+  private function getAuthorizationHeader() {
+    if (array_key_exists("HTTP_AUTHORIZATION", $_SERVER))
+      return $_SERVER["HTTP_AUTHORIZATION"];
+
+    if (function_exists("apache_request_headers")) {
+      $headers = apache_request_headers();
+
+      if (array_key_exists("Authorization", $headers))
+        return $headers["Authorization"];
+    }
+
+    return FALSE;
+  }
+
+  /**
+   * Send out HTTP headers for JSON.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.2
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3
+   *
+   * @ingroup oauth2_section_4
+   */
+  private function sendJsonHeaders() {
+    header("Content-Type: application/json");
+    header("Cache-Control: no-store");
+  }
+
+  /**
+   * Redirect the end-user's user agent with error message.
+   *
+   * @param $redirect_uri
+   *   An absolute URI to which the authorization server will redirect the
+   *   user-agent to when the end-user authorization step is completed.
+   * @param $error
+   *   A single error code as described in Section 3.2.1.
+   * @param $error_description
+   *   (optional) A human-readable text providing additional information,
+   *   used to assist in the understanding and resolution of the error
+   *   occurred.
+   * @param $error_uri
+   *   (optional) A URI identifying a human-readable web page with
+   *   information about the error, used to provide the end-user with
+   *   additional information about the error.
+   * @param $state
+   *   (optional) REQUIRED if the "state" parameter was present in the client
+   *   authorization request. Set to the exact value received from the client.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3.2
+   *
+   * @ingroup oauth2_error
+   */
+  private function errorDoRedirectUriCallback($redirect_uri, $error, $error_description = NULL, $error_uri = NULL, $state = NULL) {
+    $result["query"]["error"] = $error;
+
+    if ($state)
+      $result["query"]["state"] = $state;
+
+    if ($this->getVariable('display_error') && $error_description)
+      $result["query"]["error_description"] = $error_description;
+
+    if ($this->getVariable('display_error') && $error_uri)
+      $result["query"]["error_uri"] = $error_uri;
+
+    $this->doRedirectUriCallback($redirect_uri, $result);
+  }
+
+  /**
+   * Send out error message in JSON.
+   *
+   * @param $http_status_code
+   *   HTTP status code message as predefined.
+   * @param $error
+   *   A single error code.
+   * @param $error_description
+   *   (optional) A human-readable text providing additional information,
+   *   used to assist in the understanding and resolution of the error
+   *   occurred.
+   * @param $error_uri
+   *   (optional) A URI identifying a human-readable web page with
+   *   information about the error, used to provide the end-user with
+   *   additional information about the error.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-4.3
+   *
+   * @ingroup oauth2_error
+   */
+  private function errorJsonResponse($http_status_code, $error, $error_description = NULL, $error_uri = NULL) {
+    $result['error'] = $error;
+
+    if ($this->getVariable('display_error') && $error_description)
+      $result["error_description"] = $error_description;
+
+    if ($this->getVariable('display_error') && $error_uri)
+      $result["error_uri"] = $error_uri;
+
+    header("HTTP/1.1 " . $http_status_code);
+    $this->sendJsonHeaders();
+    echo json_encode($result);
+
+    exit;
+  }
+
+  /**
+   * Send a 401 unauthorized header with the given realm and an error, if
+   * provided.
+   *
+   * @param $http_status_code
+   *   HTTP status code message as predefined.
+   * @param $realm
+   *   The "realm" attribute is used to provide the protected resources
+   *   partition as defined by [RFC2617].
+   * @param $scope
+   *   A space-delimited list of scope values indicating the required scope
+   *   of the access token for accessing the requested resource.
+   * @param $error
+   *   The "error" attribute is used to provide the client with the reason
+   *   why the access request was declined.
+   * @param $error_description
+   *   (optional) The "error_description" attribute provides a human-readable text
+   *   containing additional information, used to assist in the understanding
+   *   and resolution of the error occurred.
+   * @param $error_uri
+   *   (optional) The "error_uri" attribute provides a URI identifying a human-readable
+   *   web page with information about the error, used to offer the end-user
+   *   with additional information about the error. If the value is not an
+   *   absolute URI, it is relative to the URI of the requested protected
+   *   resource.
+   *
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.2
+   *
+   * @ingroup oauth2_error
+   */
+  private function errorWWWAuthenticateResponseHeader($http_status_code, $realm, $error, $error_description = NULL, $error_uri = NULL, $scope = NULL) {
+    $realm = $realm === NULL ? $this->getDefaultAuthenticationRealm() : $realm;
+
+    $result = "WWW-Authenticate: OAuth realm='" . $realm . "'";
+
+    if ($error)
+      $result .= ", error='" . $error . "'";
+
+    if ($this->getVariable('display_error') && $error_description)
+      $result .= ", error_description='" . $error_description . "'";
+
+    if ($this->getVariable('display_error') && $error_uri)
+      $result .= ", error_uri='" . $error_uri . "'";
+
+    if ($scope)
+      $result .= ", scope='" . $scope . "'";
+
+    header("HTTP/1.1 ". $http_status_code);
+    header($result);
+
+    exit;
+  }
+}
diff --git a/library/oauth2-php/lib/OAuth2Client.inc b/library/oauth2-php/lib/OAuth2Client.inc
new file mode 100644
index 000000000..e87d723de
--- /dev/null
+++ b/library/oauth2-php/lib/OAuth2Client.inc
@@ -0,0 +1,721 @@
+.
+ * @author Update to draft v10 by Edison Wong .
+ *
+ * @sa Facebook PHP SDK.
+ */
+abstract class OAuth2Client {
+
+  /**
+   * Array of persistent variables stored.
+   */
+  protected $conf = array();
+
+  /**
+   * Returns a persistent variable.
+   *
+   * To avoid problems, always use lower case for persistent variable names.
+   *
+   * @param $name
+   *   The name of the variable to return.
+   * @param $default
+   *   The default value to use if this variable has never been set.
+   *
+   * @return
+   *   The value of the variable.
+   */
+  public function getVariable($name, $default = NULL) {
+    return isset($this->conf[$name]) ? $this->conf[$name] : $default;
+  }
+
+  /**
+   * Sets a persistent variable.
+   *
+   * To avoid problems, always use lower case for persistent variable names.
+   *
+   * @param $name
+   *   The name of the variable to set.
+   * @param $value
+   *   The value to set.
+   */
+  public function setVariable($name, $value) {
+    $this->conf[$name] = $value;
+    return $this;
+  }
+
+  // Stuff that should get overridden by subclasses.
+  //
+  // I don't want to make these abstract, because then subclasses would have
+  // to implement all of them, which is too much work.
+  //
+  // So they're just stubs. Override the ones you need.
+
+  /**
+   * Initialize a Drupal OAuth2.0 Application.
+   *
+   * @param $config
+   *   An associative array as below:
+   *   - base_uri: The base URI for the OAuth2.0 endpoints.
+   *   - code: (optional) The authorization code.
+   *   - username: (optional) The username.
+   *   - password: (optional) The password.
+   *   - client_id: (optional) The application ID.
+   *   - client_secret: (optional) The application secret.
+   *   - authorize_uri: (optional) The end-user authorization endpoint URI.
+   *   - access_token_uri: (optional) The token endpoint URI.
+   *   - services_uri: (optional) The services endpoint URI.
+   *   - cookie_support: (optional) TRUE to enable cookie support.
+   *   - base_domain: (optional) The domain for the cookie.
+   *   - file_upload_support: (optional) TRUE if file uploads are enabled.
+   */
+  public function __construct($config = array()) {
+    // We must set base_uri first.
+    $this->setVariable('base_uri', $config['base_uri']);
+    unset($config['base_uri']);
+
+    // Use predefined OAuth2.0 params, or get it from $_REQUEST.
+    foreach (array('code', 'username', 'password') as $name) {
+      if (isset($config[$name]))
+        $this->setVariable($name, $config[$name]);
+      else if (isset($_REQUEST[$name]) && !empty($_REQUEST[$name]))
+        $this->setVariable($name, $_REQUEST[$name]);
+      unset($config[$name]);
+    }
+
+    // Endpoint URIs.
+    foreach (array('authorize_uri', 'access_token_uri', 'services_uri') as $name) {
+      if (isset($config[$name]))
+        if (substr($config[$name], 0, 4) == "http")
+          $this->setVariable($name, $config[$name]);
+        else
+          $this->setVariable($name, $this->getVariable('base_uri') . $config[$name]);
+      unset($config[$name]);
+    }
+
+    // Other else configurations.
+    foreach ($config as $name => $value) {
+      $this->setVariable($name, $value);
+    }
+  }
+
+  /**
+   * Try to get session object from custom method.
+   *
+   * By default we generate session object based on access_token response, or
+   * if it is provided from server with $_REQUEST. For sure, if it is provided
+   * by server it should follow our session object format.
+   *
+   * Session object provided by server can ensure the correct expirse and
+   * base_domain setup as predefined in server, also you may get more useful
+   * information for custom functionality, too. BTW, this may require for
+   * additional remote call overhead.
+   *
+   * You may wish to override this function with your custom version due to
+   * your own server-side implementation.
+   *
+   * @param $access_token
+   *   (optional) A valid access token in associative array as below:
+   *   - access_token: A valid access_token generated by OAuth2.0
+   *     authorization endpoint.
+   *   - expires_in: (optional) A valid expires_in generated by OAuth2.0
+   *     authorization endpoint.
+   *   - refresh_token: (optional) A valid refresh_token generated by OAuth2.0
+   *     authorization endpoint.
+   *   - scope: (optional) A valid scope generated by OAuth2.0
+   *     authorization endpoint.
+   *
+   *  @return
+   *    A valid session object in associative array for setup cookie, and
+   *    NULL if not able to generate it with custom method.
+   */
+  protected function getSessionObject($access_token = NULL) {
+    $session = NULL;
+
+    // Try generate local version of session cookie.
+    if (!empty($access_token) && isset($access_token['access_token'])) {
+      $session['access_token'] = $access_token['access_token'];
+      $session['base_domain'] = $this->getVariable('base_domain', OAUTH2_DEFAULT_BASE_DOMAIN);
+      $session['expirse'] = isset($access_token['expires_in']) ? time() + $access_token['expires_in'] : time() + $this->getVariable('expires_in', OAUTH2_DEFAULT_EXPIRES_IN);
+      $session['refresh_token'] = isset($access_token['refresh_token']) ? $access_token['refresh_token'] : '';
+      $session['scope'] = isset($access_token['scope']) ? $access_token['scope'] : '';
+      $session['secret'] = md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid())));
+
+      // Provide our own signature.
+      $sig = self::generateSignature(
+        $session,
+        $this->getVariable('client_secret')
+      );
+      $session['sig'] = $sig;
+    }
+
+    // Try loading session from $_REQUEST.
+    if (!$session && isset($_REQUEST['session'])) {
+      $session = json_decode(
+        get_magic_quotes_gpc()
+          ? stripslashes($_REQUEST['session'])
+          : $_REQUEST['session'],
+        TRUE
+      );
+    }
+
+    return $session;
+  }
+
+  /**
+   * Make an API call.
+   *
+   * Support both OAuth2.0 or normal GET/POST API call, with relative
+   * or absolute URI.
+   *
+   * If no valid OAuth2.0 access token found in session object, this function
+   * will automatically switch as normal remote API call without "oauth_token"
+   * parameter.
+   *
+   * Assume server reply in JSON object and always decode during return. If
+   * you hope to issue a raw query, please use makeRequest().
+   *
+   * @param $path
+   *   The target path, relative to base_path/service_uri or an absolute URI.
+   * @param $method
+   *   (optional) The HTTP method (default 'GET').
+   * @param $params
+   *   (optional The GET/POST parameters.
+   *
+   * @return
+   *   The JSON decoded response object.
+   *
+   * @throws OAuth2Exception
+   */
+  public function api($path, $method = 'GET', $params = array()) {
+    if (is_array($method) && empty($params)) {
+      $params = $method;
+      $method = 'GET';
+    }
+
+    // json_encode all params values that are not strings.
+    foreach ($params as $key => $value) {
+      if (!is_string($value)) {
+        $params[$key] = json_encode($value);
+      }
+    }
+
+    $result = json_decode($this->makeOAuth2Request(
+      $this->getUri($path),
+      $method,
+      $params
+    ), TRUE);
+
+    // Results are returned, errors are thrown.
+    if (is_array($result) && isset($result['error'])) {
+      $e = new OAuth2Exception($result);
+      switch ($e->getType()) {
+        // OAuth 2.0 Draft 10 style.
+        case 'invalid_token':
+          $this->setSession(NULL);
+        default:
+          $this->setSession(NULL);
+      }
+      throw $e;
+    }
+    return $result;
+  }
+
+  // End stuff that should get overridden.
+
+  /**
+   * Default options for cURL.
+   */
+  public static $CURL_OPTS = array(
+    CURLOPT_CONNECTTIMEOUT => 10,
+    CURLOPT_RETURNTRANSFER => TRUE,
+    CURLOPT_HEADER         => TRUE,
+    CURLOPT_TIMEOUT        => 60,
+    CURLOPT_USERAGENT      => 'oauth2-draft-v10',
+    CURLOPT_HTTPHEADER     => array("Accept: application/json"),
+  );
+
+  /**
+   * Set the Session.
+   *
+   * @param $session
+   *   (optional) The session object to be set. NULL if hope to frush existing
+   *   session object.
+   * @param $write_cookie
+   *   (optional) TRUE if a cookie should be written. This value is ignored
+   *   if cookie support has been disabled.
+   *
+   * @return
+   *   The current OAuth2.0 client-side instance.
+   */
+  public function setSession($session = NULL, $write_cookie = TRUE) {
+    $this->setVariable('_session', $this->validateSessionObject($session));
+    $this->setVariable('_session_loaded', TRUE);
+    if ($write_cookie) {
+      $this->setCookieFromSession($this->getVariable('_session'));
+    }
+    return $this;
+  }
+
+  /**
+   * Get the session object.
+   *
+   * This will automatically look for a signed session via custom method,
+   * OAuth2.0 grant type with authorization_code, OAuth2.0 grant type with
+   * password, or cookie that we had already setup.
+   *
+   * @return
+   *   The valid session object with OAuth2.0 infomration, and NULL if not
+   *   able to discover any cases.
+   */
+  public function getSession() {
+    if (!$this->getVariable('_session_loaded')) {
+      $session = NULL;
+      $write_cookie = TRUE;
+
+      // Try obtain login session by custom method.
+      $session = $this->getSessionObject(NULL);
+      $session = $this->validateSessionObject($session);
+
+      // grant_type == authorization_code.
+      if (!$session && $this->getVariable('code')) {
+        $access_token = $this->getAccessTokenFromAuthorizationCode($this->getVariable('code'));
+        $session = $this->getSessionObject($access_token);
+        $session = $this->validateSessionObject($session);
+      }
+
+      // grant_type == password.
+      if (!$session && $this->getVariable('username') && $this->getVariable('password')) {
+        $access_token = $this->getAccessTokenFromPassword($this->getVariable('username'), $this->getVariable('password'));
+        $session = $this->getSessionObject($access_token);
+        $session = $this->validateSessionObject($session);
+      }
+
+      // Try loading session from cookie if necessary.
+      if (!$session && $this->getVariable('cookie_support')) {
+        $cookie_name = $this->getSessionCookieName();
+        if (isset($_COOKIE[$cookie_name])) {
+          $session = array();
+          parse_str(trim(
+            get_magic_quotes_gpc()
+              ? stripslashes($_COOKIE[$cookie_name])
+              : $_COOKIE[$cookie_name],
+            '"'
+          ), $session);
+          $session = $this->validateSessionObject($session);
+          // Write only if we need to delete a invalid session cookie.
+          $write_cookie = empty($session);
+        }
+      }
+
+      $this->setSession($session, $write_cookie);
+    }
+
+    return $this->getVariable('_session');
+  }
+
+  /**
+   * Gets an OAuth2.0 access token from session.
+   *
+   * This will trigger getSession() and so we MUST initialize with required
+   * configuration.
+   *
+   * @return
+   *   The valid OAuth2.0 access token, and NULL if not exists in session.
+   */
+  public function getAccessToken() {
+    $session = $this->getSession();
+    return isset($session['access_token']) ? $session['access_token'] : NULL;
+  }
+
+  /**
+   * Get access token from OAuth2.0 token endpoint with authorization code.
+   *
+   * This function will only be activated if both access token URI, client
+   * identifier and client secret are setup correctly.
+   *
+   * @param $code
+   *   Authorization code issued by authorization server's authorization
+   *   endpoint.
+   *
+   * @return
+   *   A valid OAuth2.0 JSON decoded access token in associative array, and
+   *   NULL if not enough parameters or JSON decode failed.
+   */
+  private function getAccessTokenFromAuthorizationCode($code) {
+    if ($this->getVariable('access_token_uri') && $this->getVariable('client_id') && $this->getVariable('client_secret')) {
+      return json_decode($this->makeRequest(
+        $this->getVariable('access_token_uri'),
+        'POST',
+        array(
+          'grant_type' => 'authorization_code',
+          'client_id' => $this->getVariable('client_id'),
+          'client_secret' => $this->getVariable('client_secret'),
+          'code' => $code,
+          'redirect_uri' => $this->getCurrentUri(),
+        )
+      ), TRUE);
+    }
+    return NULL;
+  }
+
+  /**
+   * Get access token from OAuth2.0 token endpoint with basic user
+   * credentials.
+   *
+   * This function will only be activated if both username and password
+   * are setup correctly.
+   *
+   * @param $username
+   *   Username to be check with.
+   * @param $password
+   *   Password to be check with.
+   *
+   * @return
+   *   A valid OAuth2.0 JSON decoded access token in associative array, and
+   *   NULL if not enough parameters or JSON decode failed.
+   */
+  private function getAccessTokenFromPassword($username, $password) {
+    if ($this->getVariable('access_token_uri') && $this->getVariable('client_id') && $this->getVariable('client_secret')) {
+      return json_decode($this->makeRequest(
+        $this->getVariable('access_token_uri'),
+        'POST',
+        array(
+          'grant_type' => 'password',
+          'client_id' => $this->getVariable('client_id'),
+          'client_secret' => $this->getVariable('client_secret'),
+          'username' => $username,
+          'password' => $password,
+        )
+      ), TRUE);
+    }
+    return NULL;
+  }
+
+  /**
+   * Make an OAuth2.0 Request.
+   *
+   * Automatically append "oauth_token" in query parameters if not yet
+   * exists and able to discover a valid access token from session. Otherwise
+   * just ignore setup with "oauth_token" and handle the API call AS-IS, and
+   * so may issue a plain API call without OAuth2.0 protection.
+   *
+   * @param $path
+   *   The target path, relative to base_path/service_uri or an absolute URI.
+   * @param $method
+   *   (optional) The HTTP method (default 'GET').
+   * @param $params
+   *   (optional The GET/POST parameters.
+   *
+   * @return
+   *   The JSON decoded response object.
+   *
+   * @throws OAuth2Exception
+   */
+  protected function makeOAuth2Request($path, $method = 'GET', $params = array()) {
+    if ((!isset($params['oauth_token']) || empty($params['oauth_token'])) && $oauth_token = $this->getAccessToken()) {
+      $params['oauth_token'] = $oauth_token;
+    }
+    return $this->makeRequest($path, $method, $params);
+  }
+
+  /**
+   * Makes an HTTP request.
+   *
+   * This method can be overriden by subclasses if developers want to do
+   * fancier things or use something other than cURL to make the request.
+   *
+   * @param $path
+   *   The target path, relative to base_path/service_uri or an absolute URI.
+   * @param $method
+   *   (optional) The HTTP method (default 'GET').
+   * @param $params
+   *   (optional The GET/POST parameters.
+   * @param $ch
+   *   (optional) An initialized curl handle
+   *
+   * @return
+   *   The JSON decoded response object.
+   */
+  protected function makeRequest($path, $method = 'GET', $params = array(), $ch = NULL) {
+    if (!$ch)
+      $ch = curl_init();
+
+    $opts = self::$CURL_OPTS;
+    if ($params) {
+      switch ($method) {
+        case 'GET':
+          $path .= '?' . http_build_query($params, NULL, '&');
+          break;
+        // Method override as we always do a POST.
+        default:
+          if ($this->getVariable('file_upload_support')) {
+            $opts[CURLOPT_POSTFIELDS] = $params;
+          }
+          else {
+            $opts[CURLOPT_POSTFIELDS] = http_build_query($params, NULL, '&');
+          }
+      }
+    }
+    $opts[CURLOPT_URL] = $path;
+
+    // Disable the 'Expect: 100-continue' behaviour. This causes CURL to wait
+    // for 2 seconds if the server does not support this header.
+    if (isset($opts[CURLOPT_HTTPHEADER])) {
+      $existing_headers = $opts[CURLOPT_HTTPHEADER];
+      $existing_headers[] = 'Expect:';
+      $opts[CURLOPT_HTTPHEADER] = $existing_headers;
+    }
+    else {
+      $opts[CURLOPT_HTTPHEADER] = array('Expect:');
+    }
+
+    curl_setopt_array($ch, $opts);
+    $result = curl_exec($ch);
+
+    if (curl_errno($ch) == 60) { // CURLE_SSL_CACERT
+      error_log('Invalid or no certificate authority found, using bundled information');
+      curl_setopt($ch, CURLOPT_CAINFO,
+                  dirname(__FILE__) . '/fb_ca_chain_bundle.crt');
+      $result = curl_exec($ch);
+    }
+
+    if ($result === FALSE) {
+      $e = new OAuth2Exception(array(
+        'code' => curl_errno($ch),
+        'message' => curl_error($ch),
+      ));
+      curl_close($ch);
+      throw $e;
+    }
+    curl_close($ch);
+
+    // Split the HTTP response into header and body.
+    list($headers, $body) = explode("\r\n\r\n", $result);
+    $headers = explode("\r\n", $headers);
+
+    // We catch HTTP/1.1 4xx or HTTP/1.1 5xx error response.
+    if (strpos($headers[0], 'HTTP/1.1 4') !== FALSE || strpos($headers[0], 'HTTP/1.1 5') !== FALSE) {
+      $result = array(
+        'code' => 0,
+        'message' => '',
+      );
+
+      if (preg_match('/^HTTP\/1.1 ([0-9]{3,3}) (.*)$/', $headers[0], $matches)) {
+        $result['code'] = $matches[1];
+        $result['message'] = $matches[2];
+      }
+
+      // In case retrun with WWW-Authenticate replace the description.
+      foreach ($headers as $header) {
+        if (preg_match("/^WWW-Authenticate:.*error='(.*)'/", $header, $matches)) {
+          $result['error'] = $matches[1];
+        }
+      }
+
+      return json_encode($result);
+    }
+
+    return $body;
+  }
+
+  /**
+   * The name of the cookie that contains the session object.
+   *
+   * @return
+   *   The cookie name.
+   */
+  private function getSessionCookieName() {
+    return 'oauth2_' . $this->getVariable('client_id');
+  }
+
+  /**
+   * Set a JS Cookie based on the _passed in_ session.
+   *
+   * It does not use the currently stored session - you need to explicitly
+   * pass it in.
+   *
+   * @param $session
+   *   The session to use for setting the cookie.
+   */
+  protected function setCookieFromSession($session = NULL) {
+    if (!$this->getVariable('cookie_support'))
+      return;
+
+    $cookie_name = $this->getSessionCookieName();
+    $value = 'deleted';
+    $expires = time() - 3600;
+    $base_domain = $this->getVariable('base_domain', OAUTH2_DEFAULT_BASE_DOMAIN);
+    if ($session) {
+      $value = '"' . http_build_query($session, NULL, '&') . '"';
+      $base_domain = isset($session['base_domain']) ? $session['base_domain'] : $base_domain;
+      $expires = isset($session['expires']) ? $session['expires'] : time() + $this->getVariable('expires_in', OAUTH2_DEFAULT_EXPIRES_IN);
+    }
+
+    // Prepend dot if a domain is found.
+    if ($base_domain)
+      $base_domain = '.' . $base_domain;
+
+    // If an existing cookie is not set, we dont need to delete it.
+    if ($value == 'deleted' && empty($_COOKIE[$cookie_name]))
+      return;
+
+    if (headers_sent())
+      error_log('Could not set cookie. Headers already sent.');
+    else
+      setcookie($cookie_name, $value, $expires, '/', $base_domain);
+  }
+
+  /**
+   * Validates a session_version = 3 style session object.
+   *
+   * @param $session
+   *   The session object.
+   *
+   * @return
+   *   The session object if it validates, NULL otherwise.
+   */
+  protected function validateSessionObject($session) {
+    // Make sure some essential fields exist.
+    if (is_array($session) && isset($session['access_token']) && isset($session['sig'])) {
+      // Validate the signature.
+      $session_without_sig = $session;
+      unset($session_without_sig['sig']);
+
+      $expected_sig = self::generateSignature(
+        $session_without_sig,
+        $this->getVariable('client_secret')
+      );
+
+      if ($session['sig'] != $expected_sig) {
+        error_log('Got invalid session signature in cookie.');
+        $session = NULL;
+      }
+    }
+    else {
+      $session = NULL;
+    }
+    return $session;
+  }
+
+  /**
+   * Since $_SERVER['REQUEST_URI'] is only available on Apache, we
+   * generate an equivalent using other environment variables.
+   */
+  function getRequestUri() {
+    if (isset($_SERVER['REQUEST_URI'])) {
+      $uri = $_SERVER['REQUEST_URI'];
+    }
+    else {
+      if (isset($_SERVER['argv'])) {
+        $uri = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['argv'][0];
+      }
+      elseif (isset($_SERVER['QUERY_STRING'])) {
+        $uri = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
+      }
+      else {
+        $uri = $_SERVER['SCRIPT_NAME'];
+      }
+    }
+    // Prevent multiple slashes to avoid cross site requests via the Form API.
+    $uri = '/' . ltrim($uri, '/');
+
+    return $uri;
+  }
+
+  /**
+   * Returns the Current URL.
+   *
+   * @return
+   *   The current URL.
+   */
+  protected function getCurrentUri() {
+    $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on'
+      ? 'https://'
+      : 'http://';
+    $current_uri = $protocol . $_SERVER['HTTP_HOST'] . $this->getRequestUri();
+    $parts = parse_url($current_uri);
+
+    $query = '';
+    if (!empty($parts['query'])) {
+      $params = array();
+      parse_str($parts['query'], $params);
+      $params = array_filter($params);
+      if (!empty($params)) {
+        $query = '?' . http_build_query($params, NULL, '&');
+      }
+    }
+
+    // Use port if non default.
+    $port = isset($parts['port']) &&
+      (($protocol === 'http://' && $parts['port'] !== 80) || ($protocol === 'https://' && $parts['port'] !== 443))
+      ? ':' . $parts['port'] : '';
+
+    // Rebuild.
+    return $protocol . $parts['host'] . $port . $parts['path'] . $query;
+  }
+
+  /**
+   * Build the URL for given path and parameters.
+   *
+   * @param $path
+   *   (optional) The path.
+   * @param $params
+   *   (optional) The query parameters in associative array.
+   *
+   * @return
+   *   The URL for the given parameters.
+   */
+  protected function getUri($path = '', $params = array()) {
+    $url = $this->getVariable('services_uri') ? $this->getVariable('services_uri') : $this->getVariable('base_uri');
+
+    if (!empty($path))
+      if (substr($path, 0, 4) == "http")
+        $url = $path;
+      else
+        $url = rtrim($url, '/') . '/' . ltrim($path, '/');
+
+    if (!empty($params))
+      $url .= '?' . http_build_query($params, NULL, '&');
+
+    return $url;
+  }
+
+  /**
+   * Generate a signature for the given params and secret.
+   *
+   * @param $params
+   *   The parameters to sign.
+   * @param $secret
+   *   The secret to sign with.
+   *
+   * @return
+   *   The generated signature
+   */
+  protected function generateSignature($params, $secret) {
+    // Work with sorted data.
+    ksort($params);
+
+    // Generate the base string.
+    $base_string = '';
+    foreach ($params as $key => $value) {
+      $base_string .= $key . '=' . $value;
+    }
+    $base_string .= $secret;
+
+    return md5($base_string);
+  }
+}
diff --git a/library/oauth2-php/lib/OAuth2Exception.inc b/library/oauth2-php/lib/OAuth2Exception.inc
new file mode 100644
index 000000000..8dc046974
--- /dev/null
+++ b/library/oauth2-php/lib/OAuth2Exception.inc
@@ -0,0 +1,85 @@
+.
+ * @author Update to draft v10 by Edison Wong .
+ *
+ * @sa Facebook PHP SDK.
+ */
+class OAuth2Exception extends Exception {
+
+  /**
+   * The result from the API server that represents the exception information.
+   */
+  protected $result;
+
+  /**
+   * Make a new API Exception with the given result.
+   *
+   * @param $result
+   *   The result from the API server.
+   */
+  public function __construct($result) {
+    $this->result = $result;
+
+    $code = isset($result['code']) ? $result['code'] : 0;
+
+    if (isset($result['error'])) {
+      // OAuth 2.0 Draft 10 style
+      $message = $result['error'];
+    }
+    elseif (isset($result['message'])) {
+      // cURL style
+      $message = $result['message'];
+    }
+    else {
+      $message = 'Unknown Error. Check getResult()';
+    }
+
+    parent::__construct($message, $code);
+  }
+
+  /**
+   * Return the associated result object returned by the API server.
+   *
+   * @returns
+   *   The result from the API server.
+   */
+  public function getResult() {
+    return $this->result;
+  }
+
+  /**
+   * Returns the associated type for the error. This will default to
+   * 'Exception' when a type is not available.
+   *
+   * @return
+   *   The type for the error.
+   */
+  public function getType() {
+    if (isset($this->result['error'])) {
+      $message = $this->result['error'];
+      if (is_string($message)) {
+        // OAuth 2.0 Draft 10 style
+        return $message;
+      }
+    }
+    return 'Exception';
+  }
+
+  /**
+   * To make debugging easier.
+   *
+   * @returns
+   *   The string representation of the error.
+   */
+  public function __toString() {
+    $str = $this->getType() . ': ';
+    if ($this->code != 0) {
+      $str .= $this->code . ': ';
+    }
+    return $str . $this->message;
+  }
+}
diff --git a/library/stanlemon-jgrowl-tip.tar.gz b/library/stanlemon-jgrowl-tip.tar.gz
deleted file mode 100644
index 07a5fb09737a36714d8938fa8d4350038b1af3f1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 213973
zcmb4~Q*b3rw6BBJ@30nV-XfIu;wXIibbRl`Dx@y0DfX7A9B>BR~;R5002FM@Zs=H#R8?ZH`DwkiJ7n
z7GXN2F-U5_)IAV|muNbO@sR&lszrF`TABLF=6dt_+&Mn4f&T)`
z|1RZAk!#>=Rh)9*`GS-dzF16zY@sCl6yX0H=Y8S}
ziiayDaz7t~*hr4wNyrO0Dj_{xNDO(TObS>oC55(<>RK}WYvk9k;A`>MsHkC~{@2%%sJX%QFQy}!=WuT@Bj^-=aJMUEAvCj~^3Og7V9JF0B*9;4J)nc~a
zB%`fKHo#Cb#87jOPT#x>7Q>2`wStG&A{q)W33Hd^NxIx>AoGRSLqQX5g59L37}3PP
zLWB&(F)$#qxClLe5N1%j0gGx3RMotL!RaohInfJHeaC6OYsg&o`i_!9lSzRp4;>SM
z-6}AS_k)&8K7z<&p~4Sjc9kNc5LBGUxfip5lIf6e3Vrj2I;oWGHUW)T<_?du>$SF{
zdcmlY-V^Em1V1{tefK4})ThL!YqZ9iXVTwbE1TELYf>olb+GW-SFDlUJL@`lwLRDJ
zkRkL<`x%Vh63DZqX<&d48#!|W@n^Gt68k-}ny&c@{NLWb{wv`iCc0k!lvBd^}7`D^;B?G7xX$Hx9hyVJ>Z@^!G2B>EeQQ~(I*4`g?2+2PW1J)U|kpmDX;5GZ16|M
zC)jaQc+;dL0Qq$ar|UCQ1eXMkRgsyFC`NhHMItfqup-P@sEN?jMH256+u-xiVE6J_
z@4OR!#Hfy6&4k*c@HQgURdhy%#1CoDKj%);<{Z>PU)bv6Qi+3B^8oyEtD13r9i$F?
zbXECPru<>4@05x$#r@HKy$cyhizP~e;Mu~AVuvg?I1cB43_o`U_h+p?h7Fr*vl^)>zUobkFuhPcgCyV`x&n7dp*?W<&7kl>HIcXeU7t#V=@VvUt3gQqt@
z)G30J95eK&XRq!l-@Cof>k9iPv2JmlANHceZ-}i}(m=wDD3IXs
z(Z)$=y-RKx7aR8`hZs!B;DE9{b*+9J^daCUFehBr)KCt#j01mXOJ)0lna3N_hs$}p
zN|`Aw$D8IV*w$O*-OyUsE9YHK#{SlMocoQBeqDO8j6#=x%0unn+sVWC8Kg|e5ue^v
zINGN!6h%qAZRBSo|2a6%8=pq$4Bv43XBnJGsg=3Z`UGl01G6kwMX1XwX^u^amdcoj
z+%a!H8eeo+X2EA>*t#mGZKk`Mjgw8*p;AxlS9}kC)Xu;6MC=ECq>p|Ao^9WrT#x>O
z@`4?OkC|}}w{BK*gzcGh30-|G4F=yW4S1r9d%JVleU#`Om@|}KI{Vi_3FQmHvp1+X
zsuMe`1*E`$6?&HJ5MMVgu98O?%c8Z6KPB&pD>?aGvW|AsvxHr{8*F|D-HY~XFMfVC{)dfD|Tq8IjpT9T4_cDnU{Bp>=;*c2S{BT{bCx@E;2Gv%@D
zQCC0`4{G6>iP$4ocmUckcy7N3e77@RgYP-Lch)J*b7v>b{~~Jq=UsoQ;=>g%r1P~gN~q!7Gh_?0vC$>rhJuKTEzlY=XBWlTxgXdRkQ|ZnQE$nSo44f;)WMuH3G(TL#`<4{?1cVBSov>z39c7D&j1lcqt-&wQ-7P
zG0P*DInJ94zb!D7#{=JTY{%E)$ceZkwq=l_trm0FA(lty-xeox
zoFdo|d^hZ!JnUKh6k1X=vfwKZ5{jL6xmeuwRPEN(SBGd>jRv=Nc)Dtmx7BQZd4WMq
z^P)=SEkhNMb~-nI1>?VFKr!~h+f1>J>yZ$ZJFAU-USI-%73@-`I*Fxf#Y&WRDRUG4D~>gzUoJl^w`Z
z@)0x(Pk4|W373Z+BA1)LUlWbX1@I-!Thb{BPZJ@k^f^%{vLJi(+uKlx%yn<$Vs*`J
zN@10jFmO>9PNv0Lin-{;27+ggIs?-JB}e`!bSw}~U9UIlwXX@TrX2%%Seq3l>f9xKLlWfCw<%&uaF>)|E>h`=Sx|Jg#{v_kuo%U?k>F9DNkxm
zZZ;J4Zbf#uSw^p5u=Rf&dA?eX_4u{*Fm?h9j$FSCC!7R&_D`r!W5!55$NUH?8I)tV
z{qE1q+$k*|82cM%#U7dp3`JJ+ji5V-4#;BFtpzXf>2|ZcgziJuk#qb9jta=8007^1
z!quvp<~Td8ji!gOS}U#&Tvd+%Oo)Na!Bf2=EZg#^j1jG{?Oi%j5-q#3
zxBEW)2CliTYTHZ08xE-@&de>pceu$J7H_XJ>|KD)6!P~6qf_BEE5f@}=t4h{>zHgU
z%VJXx3g4JE4<3=NOBHFoxTVlHw7HR>uq9T*9xsNQMO@kxu&a{m_LEN&!wvLtP7Vb`
zWs!&C2sDnC$DO6;3d=HhR_78}yFHam2K<0iC-n(X`b|v12Ms`3RKbE%1ZM4=ouRG9FRH^j@
zwRrO88(q|>SqKJe+6w#AFpXl*iWs$
z?N|9FKPU@>(e}E(6SlUY|C{@1yAHui%5eXi6ZY=O2q=S$0v0ikqSLLD*s^TnNyD3aCR~vcWBz!zQzJg*fD*p`lp6;W+T9kkQB0s%`kud&8EETQO!+X0_5!K;-?xb%>rM<)U>Ye#&$^(
zf4*x*5C>45|4AVptv1SxEA-roGBV-1%2o%`4?Aah&7{e7(MFIAn#lN&mQ<
zrk5;j`EhVURWRRQo!<1Pd{MyTT~MzIb5hBJ^@6
zkgBk}xPWQ|uaaM4IC3ec#qc8ucbfo=#$&pM@TkXrPj0}0q`e!(yZAR&!Hdmzjsw%;+;c#QR4pOS
zP&}&d@lBc#;ip|HYAW|m0I&}|%aHKwW{3Qh3>ec!Oqf!$K~(tsh1ztb$-=CwXpipr
ziqEh^GQxDqxFbd
zfEDFHfebU@6Mu;a4yC>-3-r=t?WByCuRqWS;=~qXR9&!jWhu=`-(V$;s^cy
z=VRBw$KRBA#w7#VUPX8U287M08%*6AT3)Q%lq92o7Y%1i<1vZk8RR9a$-<>gxsrBu
zQo?Vz;Y~hmZ2_rpG@p{1`Yv12W_FnS$>I~Kg9;ao@GO0ESIfxFoSOzLUkAP%T}Q(*
zJm`M%8>dx2Cts4^o<=vF4V4T2;jz|`M+iIk#rhbc5Ok{{xxZQc*46)NX|DU4xlaXw
z4%!{U{*5udW3!4q?Xb;uX1i!!%52RAH>dy86VxlP_e_~d_8nA;;koN
zk1A_L^1wn-?l{+bfEu4xkNUNHhC#HCx<>mi3a>NK`fS@|z{1iT{A5_SQoQ!ld#T?3
z5PV&R4(i}e!qO`nOd_ZPk-&LRVDs+>;M_SUCPu7DKRKeUSMgWs(zd1et&2vW?Tyjh
zYpPt>WI=SEQ@47r=XR%5QCTPEh-MQ5*|mNi
zQ*|opRESYLHge=n?bP}1E5mu|aF7>P<{xo!zZhS|%#T&2Vx_z`>zZ+e54-o8#xKo+
zZf=|K%(f+jD~ZU3zjkcs^>&Sv-poW?!omWRGmqU1FD)N#KcIS(pjiV2+$4+-Zs=zV*p^Rsw9N^hHCs**(o&!u62BZRydxWMPU{Pfu~;GTwPu92kE-7U)N`<7}S3irr1>hhXXh%+|m7&
zH$Fn(-rZ!2L#v!z{XNEc+klv^1=yu`eFj|>ZvbIpopC}W~tjixPnGDQ`h#>P|???K^J&9?SjP
z39yRVYVa}3$A{}c^dDt`I!{!;LTsy#!aJDVcxm_==S@Oy8?lIu5L@NVRg0E;)R+%d
zDp8;o)cF103C#n#ga{_gud6$gvR|+;+OFz7h^N^b8bQy>DkX|-Z(V~i?1!bJcEQsd
zh2g2w_sg2uV!T7p4odw!jNAYm&1@=sF6G?KOgZ6){rH#Y@7*z?u?KZ}u$^Mz{mLB#
zX&+-6g2$b!p6AIP4y-D)qwCKtEi(dfxdB#T-}04kC)|-3t!kfz2qu~XoUPgBFb4~W
z+BKtuq0pcfxyNWUTAZm`i>^Xk#u=CC0S%7uK-JGSu;IpY?2*SOF`_n}9c;3PHLPxm%ygMq|{(Te+w@>g8Ev9`ZCphELqSN2es(fTfQXF_1D|xPIH0&A-hTXQ%8~W9u1I%-}Jn?X2Ct;#@e4)Ha<*l>UQuvB>FLM
zJx__em;wLmKqG+j;GA~J&Ose*V1(JQJU5BO!{+=>-k%6FC0&NTRMANH`RXLYcHJ7MW&g9Q9M(G`lzWK-T
zJy9XD{^JXB}X`S
zKfHSh>0|lW9?
z3we)!jkX%k)m0njzMDciXI+M<94!*x)M2>0@wWQs3^%)PXBbW+s?MbJL>(!Vs|*wv
z@Q?(cO-&QbgjGzy*p(Am>sS@oYKy-A;m5+fXI!Y$wr!wKrcmRtJe}>%r3Vs)f8UVX
zMBzwLtp5veF-AcB)q09wMZx^X)40
zT8W_^MdS)aQNy1hMb>g^N707Wmr#9;{$w&lm+0xAruXAJyGi;xiD!TNN!Gc4&<*tJ
z4~&Sjot2fw-d7d}z!qgXK879p)M9p8BxIrH6KH2rvG7nJ~@TTTt{zBHY)yXC#Q81Ym
z>aDrq!j$CmUG*EMAzz=jHHA|P;T@Fi-{e6oaaE5&qsr_z!fODg{3pQ8YA
zEp8J(u}jON%?5*%X$TGO?FlelkLEP^?ib~J#&4*xNFyJ&ZKWD^
zw%4kskbO;vho6ZsEnV3mES9YE#!7pQKXf;`{%9?0t2XnCxqCZF9+PxuxX741)4rWT
z3CY2mMOq76r$6kqc;zo&bZHP_+!@1a8~>(m{{tkz0&maa)q4AqkHxNL-vB9`Y81j9
zVkdiFZ*NpzJ$DX}N)$A0S4l)-yZuN?t2#AD*&`Dan~5ymSnV7dxakgOYw?=
zVhd?$GgWm6D987&2a4{kd)2j>Shdbd8|o7I+r!rd9jrg`buI(w`jfxkQjRHUpLBud
zHT7}$j)U}udU8jGH`O%BppN~9kC`c4a0QMLz6*dSr@@~CN|&$W8uu=kA2gOu+n6+B
zvAo2|^bsZDV=GzXwjq9mvPwFslPq;;QS#l5AcCxn_w&DlF2dEHs;dstt+mnkVg1Jr
z3}LyuyWXkVV>EasqZ%e!=GmTg-1-I;kz$i-oznWR*P@NuPjHol!kvb~lccqEou;jg
z6h~Ha`!Ub4p3Fk`nxsVm|FgyGxyar=*@Th{#EJ78ug^Aohf%IhfN+f
z5@*@jkC4f~L*)+CLWITEO61z>4KC+2w$+PWQMK|lQ=C)+X6!@e#`|DWn};}+zL6qt
zz0?UXO&R6qS$OV-U5`zuLB_~DFjoCd+}(pgL*cgEn*B}~;P>-L?s{nc0o0{u26_;R
zWQm_Y_ucq;a8Jn&N;v&9wrFMsX#;2A-ru42sCD#e?{97xQ{8UtY#ivKn5X%O$rBFw
zMMRocoqN9w+sWwIW#<)1A3wD1jw{}=BE%F`KAQF0Cf!-~MO6=hc4RbS
z_E18mWMkhaWe)Mg2hOy!j9VIvWNfGk9ihaICFG13F04Z;5E`nTGSkFrZF
zhg=d*bN8KnJwK0F`TEnTwuZdZZNk6A`Tc!>otivqUC;+q8r8mfD@a>o=Wa
zIlL){LdWf6Qud6Zuhn@N9{wC{iV~;JmAaLM6FMY=n7niOWf2t4BjO2W>G#Gslp;n!
zW^S=2y)(*-gIxn|>yxtk-DUAQIz5bzD0_=Dq0y8DVMs&;oF7Loid0R2KP{k+s`Sm;
zJdi%bR&`6l;pZ8EzdgErlSKX9V_FUS;H56dxj)29o0Ii5-&!KfoDuXkI0ykFKtbxP
zi@nG4Tk%5dj?0N$
z>cB{w;4fpzk09(830?fu=bgMFNV1x&C(;?}*skqjgv}iH=0ev|!BW^%*UyI8xgoCl
z*vO{TFkSd02c<46i-dRpw6gKSHDOwOs$>FsXL;a^UA9qT`kF>`;SNpV3}<3e=J#*Q
zOb4}S+!+s8XAj%Ly56wv_c8i;pH_(dR$kL9c<8#I_~h*Qgq83>fX-S1wU%7xpdHv2
z^786pEl5@C*SYTmKR(=ad)S2s{Nw%jq0l51qxFR?+-+ouUctt
z2~Cb7@7sJS2Gg_t!iJ}7KRp`m&UsBJ1e+s!1GUfuc8n~YuP*WxgVI|}b%BlEY_v^s
z(EY%>y0z^a{Gmv1&6RE&^e>qS-F6As-Qt6~)R0_1)osqFY{*WyhJ(K(`;a7{nGb6F
z(l^uEZ?G`0)n)>~C!Bos4OU{-o(huzStgUO&xJ>C6MSA%BO-&qKG&x056Xsw7^5X-p
zs1@M}cjW51J^nLW+j@5d(mnD&QO#vd@o0=Hey?v?EOm`Lo&9DBd07a7;cX=rw6yxZ
z=0QD&4pGb|fM!$LwG68~6G+!l5Otqa0WxB{^6y$Jl_~3U4X;1{UB49jSuE^vw~ETQ
z+He;g*4loq4XjvHuej?+LTJ%vWEJ2j;2+p!GgZi0JAr8~!^#nC1rRDkp#Mik~vQ0~JtkI}eoSn6FRF~wQ&;tn0d0W{n|
zdS2PK1$2Bf>3AW*%wwclF0Axcs@^fV6yXv5?D@3qQ^yS$*}?qXEc~
zeCN>wbes8mI3z`v%6xhbs?`6UQq_Q5)x+IkV6C?H&@K1AE>eAlGs;6{JQ}}rtfhCl
z4QSm}b_yLn0;{YVs1
zy%2$g6ZGiK%Wo>*yw1yJ4eML=nyB6U3i^&#l!f>8Kl^y-UmCZ1*9yA+$Zq@dFNfwO
z3fc?let!~8(+tZel}Dbv$2=oGd|9S%B)Cm)=HOUv2hmRc*t^tjx1Ah=USwSTivs)2
z(8>rOU-psn0`<1?PD|j=@oS^&h@pudnVS&G&&dAEb=nvH#%G{}z5;J_Op(X>k5Cy8R%<
zhAZd-qZ1)P|Ca&0`6}G@{hQ;5*B9#=`~B_%Fhipfw3`L~)_02+Xm+G3w*=
z)0rOpO#QXK#3{r_P-xKbZ**vEhVnONL;bs&Eu^JT;D+Di?r9jDAoo*eV!yngmF?Ho5k*QyW1@Y>aAS$k6V{?@_
z*{_X^5Zdpl4e(M9ei=F#zK4Z8+I;(Y*rFD_tqo5ZrJn7iTmfyKuHVN@c^6LgSei=v
z4w1evF72IPD|d2El@16$M|+gXkP&|~b;>yqg&9V9287*ctGn7;k&BJ`zsxy!zr>{U5sR-ynXb+V^WRLLpTh7HKRLa+89l_?SgM
zh{_ox0l0@)X@sxVr+Wj_@hmg~qv&zB8_i6l7x=ZUDZ3XuFbc}
z8FJorLdqQs{X!%6(o?j+1>Ggjh}DE^FJ8x=nY!0wYE40T0rkfcwk7?#QjG0cdSo>#
zTG^~EZ)wpxr=$KVR>1PaQ*LJ4scnY6LbGna{S_(!AC2|w$bjP6fnnSJdrWwRIa09M
ze{vBa_RDmCnK(N}Tk%RWd~*e8OF*N3Gwg6mSPs9Z=S#tm_`F5KEYUP^<14Q`qo`y$
zh3{%M4noy*@{Q!n>DSfTr5i}Pez{?hiJ#Stk((#Y=T^CiPO)Sh*@n1{K<5!jA@NnH=S!+9Z?UEAARmSbS
z{%Bkvx>apB_!pe>W*c_+Y-f$bVJnnH+&L~Rm~W&cK2W^b!=fc|YE%7JiT!;%=k#KZ
z?d4swcm1X&OrNk$^hAp-oLeAT@NBsAw8+rH-(X;fw
z0I0ZwBNU}l$N8Ae`9?s$@`h51uZf$;F<*v;_baLeP5>5BSl)!=NEieK>2fc|F)aGa
z4dJfPKprW}lzq=7Vt;tm!nL<&&S*wS-x)h0uHyB222;m1;2f}9oIa2)=ZHSunS<_6
zu7khhZ{I*(3w0}~5=~fjr}9`#S-Ji4%PDyFo}%?Qd!xgBQvD2<@y)*~gjz=}n!LWVP^TqpCwzr*vY)eqv3v_yF-(kFSJB_%z1wPNq
zJk2j0L^N6I+^}HrXe@#hwcac?zTPt#-B3q7CGMxq4nlSLni&wdK~463^(&|d6CV{
zJk|)u7x4fc^As<#zNle7_rEJ#dsEVibSbv89{L}i>Ua|;iU^;ySYpT&rIy+osV&O&dzh~z+5a4HB*nP&9BU%|_>
z%CQb}Id3zvT7EyMb*G7+H?Ndo%V$j9!-D#3EJ59SEUlNXgQ~YSVxV`j>7PC~lZJ(%
zx&bH{A@3CP)NSyTBj0GQ9vLawuVf-!^FMB(`~WbvS6FB!z4__ac%8)=WAkwP-P#fH
z!P}y&HVZisshKc>AmC8|u+eAX3E94}YFs$>hu*WiV;ZEpDf^cwAs5HluT-Y+ov%O=
z`X5Z^Gq_{_?gt%Zi50D75oV@~Q)hV3#Jz!K3-77tZ;xUKsj7%hTlFTAG^D`0r^dnO
z)?63YuDj%F8-H=_(-S4ksYqduEw0_()tucwa)UFsfLn^i%PVHXgh&|QFn9cC&_`_M^=g8ZkYTY&P?xjD&&SUMZoH`!KZYlY-?#76@(Dyo@gH|b
zach{)3CN_BZ4WG`4mvgg4AeoFK1?DqPD*S_b)^zk{{jMn?4vP3Bk1lImH$wy?FF#z
zAq}EZj=ej{leYL=E(JyYZTqg^t<>AWX}%IKM}
zkyF7%->~X9Gg&kIc{7I0Bbz|dvn=?y!!Zhz`bb4TGXx;~IS%Oa`+A3vGf<;0O)JfV
zJrRBY{dw0qftT|3D%0*zPb0rB7S*%KJf>qKw3C-tZi+|(!)*u7uZ`r?m8R_~9&
zk@iK@UgIS7m9F^x?#;gD1Mx7BMj6u0hHexn#VxLcQg6@6VN^4_8%{{j`JX>h6(-f$
z({>lM$0QX`2Vf5(ynU<a`L2U8(zJgpsp2)DBinO+*7}u_byXCzh>ZEuWn*@
z1gT=+`D4*cW^X@tr>Kn$Ex4fr9=Lt%N+Oa$)Y_%1T_C-tpWLlz`~Gw}J9p_}4G7R5
z-DVhemO;1Zxst!wo}7{39A&hDmZq-IKr6f%XyNN_)F*WsvzTdb%J?h5ZsD4
z`ok72AHkZVu7b*-Gh+&R+!+*J(mEu3cS?jH@5@T8iAl<20L^@6HB4Ay=mNK*;lAc0
zv_*W|jP$C%;t~gK@`BPfD=}~z1n>FXR1_Q^%SeUu3;L6V7SHS(q+XYPt1h4K<8^H4
z7O+Z8akN{SQh246#jcw8=lNtCu3Bo1H2@`v=)?5R#=JuGhvRhdiUk)SHjzDKkb9`*
z{v=S*74Pcy$EO?n@r$xnP9>Tt&lMYg*!b6BQimlR_9S2@@m2`UJ^jr_SH)ArGjgOF
zZR+9x@@2Ld(WyA=*9xoM9b~CUHy1~HD
zs)gUDu=9R4|D8HZ4iv!O8caLp&O8-mdox@Dspa$Q&L(#YBvhGJw^TSH-P(AU!UWgND
zq}e-lwty)8yQaa
z6t-`UyM|l9I=g-HQvhfsBBa
z$o78k;efSAYcOTM*iS}Y?v@AUfY~RiI8u2mJ%jx7Z&U-^K;?~FHn54%u*BYykbX#n
zcUp0iY5$Q9QA;y6LrQwG!d7J9UN$ci*Q561Fobp}froeL@P?Ix1!l!KYw
zdUa3f%B!t~h9KQV{PZG54nOm}(ekQ=Pe2x72o)yvlL1uEAvoeFAL1T!t7|HD-Wtbi
ziNuJ0-Ajbmd>R_I{hK2g`auc%jl{=qqzyfi88pso*!#qr
z4%TqBuZTQYmk5fO*NgO5H!@l0;_80wyY}i_hxK4?{ptS_$%6OeAMv)@F6Dd^&x#O!
z(8a=C#Wq(5-EERqnZ|X>l~^K#*hR`F1-y4%;(DFBucksW60x9;92kax1+RQE#ftr#MPTY
zP&prS%-pFV%zYAHOwszMHx*h<9<1+|H%+l<)rL{}eOTag)yX0>5=Z3i|0Fx$;NTX8
zYsJj47I!$npZNsZlk81&I5EL9e~?7c(I(lQAWeP
z-I54$G!P@C%I5ft@-4bIqlN%5cCt6lk2_t@g)5;YU@bvquOs@D!-*BGzIoe&^t6EvqRyHH@9}!lPS(7OnUs{+Q~b2^N{nI~t6Khc
z^$YR^byqcXwcxerwDB;#5VlbDdU-T*f_1J759gpXnxz}hzUQQs?}68tV?*WRNCKGc
zbNne|fp~q&*}Jtzz{lsG+m#DqT4jjnem_K`U_Dq<*I?AEyPjbMn*dS-z)#_uo5XL1
zCmTT-Z}o^_S{qz-@L{AYuL}_CKQKI=2a6Bi+B;O4*Bn3h>an=2Z8`Uuk>|GhU&FB8
z{R#+u(KFT)Ytm$=ZXv(M@A%tVIsXF^!{3ysG3HLPhilWikxe7bclCD?y4&Vt8*O*4JG7wv};abWNEC
z^0{lIhEy@0zeFIh3Li-jI*c)Wwg)D(xogW^KoQC*lCCk}bbm?vrlt5oW`a~F!r`g=
zby({Noa41=zcA^TH9*m{XUq_R^zWwL|
zt8C(sfRiQjnlI8WfssCg<{#%}ru9P<@0$cm&CLHoc&f@V@KVGn-F?;Kc`3(mi
z4o>`^RUl!5i<9+l35QTUkC9TGD|)DFJ0we{^v7@e+pD3bJ8kq#9c>)d1|rUDd*_gC
zCAvcc;R8jd-j0lN1U$1;qYoQb03rsMZkO6heqhH1qvu!-M&5Li`bUvmRe;x)9!w5n
zJJb#JpvM?MSKK?GZ-3PL!9&=GWbc~Ch3{uZZ&~8CRcKFgZF9hMUDeBt_q7;A=uI)+
zsiZF`%U8=|RBEVD*@1uYy((gJtWLt;X8DZtLI5it*lc!(&}|HwTITy(S_x-=brg(p
zp73hNGlSP5FDBsgdZY9tK?wpGzE2|W5#lZ@zT^-3Lx$@WlNGUmdZjd4+iQ`mWQmU~kr7IDT-$6JTM?TA>RJM*EFI052p4
z_;^x+*ravHuu(MOFRmNbtZXdmr0=P;_)?_n2xQ#=PQwfoceAnxzCDC887PLphyh4v
zZK{p%C`rg|ePt`Cq@yS}hix;+G;%N`z9ZY3v1woMFIn6uCsD}wHhgIF@xTCKF;9xaaGad=bRaUO}Loka*TDJGSQg)?SVv7B9RO
znt4wjN(`uI@o&-EzC_tuJ2*=JQX0JQP|1e!qsBUu$H|BY#13+swonF`bl58+!Efs%N@TI&Z^;5wL@TfgpYpFFWg^Kva2Ul1OE4+(`BWH4
z@&CSIaNt@A{Jv$O!oa*#h!7nxwnqBz0?54g=h@Maqs1r@zSoq)L5Wc)MWSQK&;)sq
zgPLTW(@$8V*A8!`X%+T(kj*kGr0)?0CRDziB~VYn#15y7D_EzP&d-_A|2C)?E>3+e
zou-29-9?onvxV1j&YiGJ8WV$1G?wuqlR%#kDWuP$gX+i;NOlpCN?}LiaW!%aAYYtb
z&zgqIuJQe*5TJ$YNH7T!2>qingl5AdI
z6zS?NKK^G>(JI)SzDF70`^{St0f8zUW_|$m6CO$N*_?_aO5hiaj)_Xzx;rJt-I0!1
z(N6?!BE$}?%c~gLB!8iEEyuJRUf0Wz#oP_pWSiO+!e58?#ar0f0-J8Hs!zCbZT^{v
z>_uw`JH!eDd$%P0%VQ+LZWOGdX56A}_*xtx;tNJ^V~7^*rqR+d_sN1&q_=jmH*wQT
zFx5vBZX&57Ub>vn!}(mb%@q*g{C(ixb=X$Hv~pP2qW0HuQYJqQ%~G@}!t2;|gKZAX
zNco|)mf>Io&?0H*&W(RuT6dM2Uq$>Y##mHtzzmkhsulU-P%%$%B3EU2M9_vwxDS@D
zgTP#XVX{CS{hb>kND`?VN}doHPWNkm)^?m^4p!lZSYd;MI5Upc9Op9{oEK4k17K8ra2!fiu>bY)EzGhej9!u}>%kM{OSe3Ubo?!E
zWDkZ@ISf}>>TF#MVRm;T8uW0X4jSMjpSnGsX`DtqSQKmDMbYv6q&9QO+}*O{huL<_%A)Y%1(WX-0>T?bC5i{!{5+{EEGh
zdEn~In2jY_U+DVVy7#@KYqCV=uNM1h#E$YSw_vfBqCDZ}`?5~XfNB6u82e5E?tcxD
zSyYA5?8Z^daFKsRIleLP^ZQ^3g^zY)mO}sWeavvYy;mwImgp*R4d0K9v}cB$RwC1lLQ;hxkmZ^rv@n
zmOlUbdA#Srg-m=PJ#sc=eotJt@&UE%O9YveMj#g4Qikw-lN2h+PXtS*gdW2sKhC6^
zp0R#aV(z4qw&4EUXJ9bxh*BcFzT1H|o)&isl#?ndX1o|>V14mFI0PtyJH66g!f5e$
zsxO9{vU|AV$etsX(Z7yS)wD@HH@{Ux=(8sj(WE$nR5>!y+$i_V0t8`y14SNA$zp`t
z!-MUuYwh-p8)(;gRnjDI5#Z(2C=kh*6Cjf*NvR~Z$2qK#=7Kn3IN1tHizwY;v%L{o
z0Jawx6_-bk5zxLZ>M@M;YDA~1rVxw1kZkAn&TH_ZD&Pta-Nii{|O{|
zTGY&*=;9!swXU_mC9>ztq2SS_RvSzXHJ>prqbTJ8|HvOO(99-LTp>~B`$&Z18z
zF#EGKZCSBEbe&=>>xja_WN9*#+!Vu>{7}Nxf`meHE@=i;+-CBFb2;39a(NyqidO-(
z_B>F4vn46GQ$3*IyH7gY^%;BoMnNozDC+k=QOPT3=v#!$&n65~<{iwn$AL_v&N-HR
zL%YX3hTIDMw2Jatj&KG)F*<=pF8hMytQMm`chJt*hp`tZTIkipkzvb~FsYdu!-wsy
zPwmqOUGFwpf*fPs6mP@+u!B;!U*$O#(!M7ka@yqJAB!Mkl#d5%PH3aGJh-L}0~s&P
z0x(<;vhNrKD{-QVU0lhf?8n0nylf)Z89D08(Q)V&dlRA%c3gpRLTDW
zPfgCY93(8|;o5!NDO*k5GZ8Ol<_MR{b@vq5lYJw3Qj%d$$DC1_q53N$bgJZ=*Y}Wk
z)gcjYsoKbbmKqNoCZ2?+j{(DB{uW4WIGBcA4Mc(9poEDs)j?5?6a7IahLQYJRww>v
z47s#K*3a=!a#_@AjFImpv)b4!|BtbA3bL$;+H`f|vcV_jsdo%hdTxWvcT
z*eXPkjT_E{#W<=^`dT8hjhIH812o`6Xik
zk`@LvYHbTy5c5}6-V~FZ?Oy@G%v7Y66dQ**r8DKq6!`R1xm6TflO3h0mF-s3{)zd%
zJoMDalob^VlwMIme?EL5CaPPD?=g9HuAm#L{8bST3_#J?5*3_%B4KY(ooRr*$vD!>
zLB~SoAAGNW}wUX?@R!qz{DcOv|yRT9o7*itvF$<@7O>
zJ8t~J3~7Zq)?8(ejGP8;<+4HG69f~r+Ci7@VZB$eixq8W>37h^qD9s%1G8^tmv_IYeMr+>q;DQ>q
zjGPfs%{3kPxNCbr2{n@A3@gOLxEb!$bOcN?p_4q=#^Igf_t^=piQ4S#*7DB&q23gC
z6y+wqkYN@)$Co8^faS4hQA8RXQK3U&fWCtrELqqzQ#}`w^g;kN&MZ?YcL&R&H=80A
zP@=3|iq-_bAb&61xsOcFA7b-mjk|)E)fun>!9bMK<*-vl5jvy^g1}!aRIm$^O
zWw>vUEI;kQJM%*zu5_-(fp-!`An(_lgG1y%isf0nqxGUnlO&kCTAs~{L9+Fh{R(6O
z?qk=%R`gW0gCw$tf~BS7VzT*&s~KhjoAC4w$@Vcor0NeITV5UxhhNk=y!m1Hlc}xi
zqVQ6l%9A6vA3&1}K~~%}Mw~xneCg5>n|x)NFp0Q0TX)BudS^MVYI{1^m4qaj901@#
zknSNGU3vfvY&B4`7gk+O6RUu(WDGC80rtn`kjBkWzbJm1%YSZ6ZUzIDzkS%d^nQX@Ry)a)JGJd`t8;V!nGSx&OldtI!i
zJbN}!7H!a!szLcERl)}gPbY_siYLJbdq(I%Vb*JJ{MSi)&8z(OvQg-Z!4Jm`c8Gqz
zVwk3?`158s`sy$^P_8U`a58$fnjFX`sbuMNu8e`H=13CML3syk(vtrfj>>xgNK&*x
zQKJeu%t05m8giVQ#snXDOu!2T5=&;`$!>=Q3;@rwIjY9KSOqi?fVPG2VWzvWbVz2Y
zS+1XPs8yg+fG7XIyz{0*gX~ee_}i)4OLdLxL93pAwIT!mCMmQ-6MQiCd7O|TmL>sO
zgvh-P?7d6$W7CL58sz6L5@M$kP@h+2GP*lX9z7e}jO|^6gA~4xqql
zv`xT-^Sr5Ek!m*HPZ#=q75d`_g~epOLU-&J!k^Sf)+o$y6gOSf&Ow{VY4eo(>?yQ$(f^T!7q%SLLX}
z{F+IJWR#?TxA)T*%hSINO^ZMCo^ti5KpWcney!o!TA`C$Wa&zP7~PTDg#7ie{RQVS
zbSTtvYc>)maddkr>;AM;F-9S9H_ZYOOk%2jdU6S?kg8b>CDF6+0qPg@=c6EdS|DXl
z!+`e*8LY;eC5`i>CUx2fTrPSu%lXCXpEWdkvB106KSRoG#;*z79E?RakwFR!J)iB>
zC4D#iVa{ax99BEvu`q3YmTu?#%Ibasq2Zn*qy=-~9T%LoploLXq|3WjsIocYlSMI9
zr&J|@z_&k?l;96?f`{lQvT>=wY9KQ^k%c>Xrw)^Xyy_E4NOCF(thGj6dR3nb|aGFO{B3)Ujl(ez3k~WXQPNkOP#xDASz5eN>!I6?d4+6g
zd0HwSSsc|S&)FVW{)}5uN}@q3j96l`z=&)^-n0dLgT{QZ=V|;;FKCLm{dY=epcUcF
zv6E~Y{1Yzsyv09dUA&nk*#w6CD$+a`^Fp|77wGQN+V=C-v&W~cnh9J#<>79f9N)Ym
z&+g4%&R;JVB{z{GreJ(Wxu|T!N2eobS(&daI$aX``*&9sVm_xv$(mvaz5tSxLBpGM
z4tjxVr7)v=hjCaA=ao^meN1k&4^@?cxJJCza8JXaireAHQC~=F`L2ai@FAFC@}5x5
zaS%xKIy42_&gAs3u+ZFJ`m@6=Lrk=44mqGX%*wbYYOm#7xvDZbMyod6Qv@cck|Mr#qnz;DPdt1IHD#^VkXQI*k<+jm&VlkZ%O4KgCx=9ks|ZtY9RBc
zVZiuKHq3~@5+LGRUk;zctO6vh@I=oh+8lIcOk{Hpj}3vMy}a~_2^*Xl@%(g#YX*yf
zlL)wNB0>a3ams^qZg^f5A8Mk=xcD>i5_0sh0rt;#c=A&bbOgx?;Yv;~RCGr6K%^vV
z#!sPriNm(rc*&C_o?H_|oa!q1Ikf^>GKFj~6iUV$q?h+?p-&oT#Yh=Bbp`Diceh-Z
z3CpdMttpS%9#yZzwPMgMb8A4G2iTl*8i#UZxU*;%2n%>OoAUxMxJo$Ppd~X8xx&Ot
z@Dc0ZH#M2WZbsDZpLqL@8z59>R2-_QX==IA+?I|!YTdQuCzq0#on(Uq3Qm6&wo{kW
zT#d{Cix2)tKHJ2+6XP>Wp_q$mYD$Yr3w4m#`4wYH%FN!!{|-gI;t_tXu4;oL-rPd1
zt}H$ES+D?%;1|QldEJ7wrn%g7XRTTusGPN>abOHK&^aG9ZRT@g
z`yCnRCA_xej$7qq!&aLf&;>Bh1dwB%{mx}qoSVTO4^VOuUP{b4g>G#EA$Zg2Z`V+T
z&)|eKr&wz~@O7ZoTXT|nQagU!SWJAP3Lhm2fuUwOrC`!heXJ0ekZrM%bY)N-&1apS
zFKyt#A6!gB7hoIZZL!(W4kEWWxozRDrcxFnq-G9?I${%HZ?NLoZcg#6udK+vCpb?M
ze*bY*7)-CwMWaH@0$EOL^JbcOkK8XD~t+tQzE(!|;qSFATNpP5`>L;iU9>qfaCCOXaXw3tN!
zxAw)xxgwWJZ&Vt0blhbW-O!g^Q|VY-u|g>n(%w{&Yk)I2(g8%QHC^Sat^L5JVq`H!
zE-=(MAL7a%L@`c>TMS__Hoh`#Jvg&vULZ#7fKuVf$j$Z1D2{!T)Dukimk!-fEzZ?aKy4eLUycnN9bQ
z@U68*M^j?4X=QyCM2u~us&iJNzfArWu9~TJO6C^HN(`7u$|hgN8NQh6NDQK=OGqv>
zu3!#U#C5^ux_Q=C^Tf2!^q%}GSfoV&4=WdoWiC7-kfG^K|B1UYnQtukg=WzLDS;5G
z(-tu=fMwDjPaql?9IB5TM@G0OHiNsLBJIQvF6X{34T{|UqbV+iEf`u`wfRQUUvzbO
z*6m=8C_D*?H+qeK1CTO_dIKTqgB*omjJuC0QhGNI!bFZ(Ra=W#5;5O?In0CLdp-@B
zZUc2l5(+3ftMrd=mV*_j6wgs}ynk`x1tLJJ@dvL*j+XPq{N#!T9To0AbYD=AI3gga
z4EVx>2f+9j`hVpW)?QD&IsvKb#Oxdxj-lzvb&v4r&idPpwGO>((ZpbrXBtx
zKsc~FxxKH$IM&eROKQ6-zuEX9H+BLOq7f_T>xN~z8tQXG0W*ccY(W3l@fTTzai{8e
z_ZehW^rI3HhB%awEuXt^?%`Nt2NLW#|EG8ph0h7O%ajI30hLBYc7vpw8Ia`Wa5Y6o
zGm(iC%;<^$$&V=M&(cg|rw{AG`^)y!sz$7q(xb;%;XAx)?WLiNH`+Geq5l`+2i_^S
zpLctg4Ji=*%frN1?XIqpBMb=S{u&qxgNh2_(u4gnGn%CdpW6u9t3<7~&(IT7giw;vMz({v!@uK@zCn3R2Rx5f@W-K>E|tYEc2$e1i78BdgYn>QilG!J~eF9MQasYl+&J3=krY
zz;jjOr*&PQj<0{jXX0$tjO%;qQ$G9$W*>&Wn~R-WR&aa=Kyv_SL98RZAh^zC7W};LCs2Ed|OgMT~j7bhWCWyQrniH{`
z_mVF>5GP)(<2|Y!S)V|Z!c(P#U9^P$Lz$DrcHh(Xq5OT2)5^%t#Ze)BB|F$Jj|byU
zwih7MJ`w!Kdl>tdSpm3h2p1da*JIg+(EtSL3am?S;yZJz)~Nmhm&0nQuyVX-bFL_g
zA|R9Q%=|gCjstJ{Nc>CsV6s_*+wSgM^1WYhcA0h!iLc=Wh6p9Q==Ck>TVpyL?@?V!328OD6CF#KM
zb7HV%J<4r$zUXOPQ$9=R%N1$1c=`JiccT~v-s0a(dgLoe6V<10LAea(7sl&AWOQA%
z%#7YMA(D7^qdv8^Tcv~d`22O82FzfEP+C1I66!P$&ukN~_rTeH-s^0y)dB<#axM@I
zYd0|e*^jDxWbGBXv*u@JHereqAufKYy;KqbAK5*uZh=H&LgS(iO>iC`M$YF3?Ea46
z@;`4!>woT5GW5OapRE2QDp24)(sk9Yu71Rne!dM|uG%Q2yT)}O)IG7KYVqw-+CUhY
zPa+uU&7Vu6d#b8LjF{&S68QLq6Y9XYdZ+~U&hiPHqk6UnjOloo&-yB}q`=
zSG>9H83a>uHPDusY>azBNWe~zuWjU9=2amq;Kh6m&}L}=`@>fb1NY58Dig+lh;_LO
znO9mTy6*M!?tNF;@&-4yK5n8)s;Q`L~;pS(RgkiJZMQ+Czk4c{~9d=
zDkDePEg@X1VYia~e?8v6;>_M94G6)8NhKE5PTO7!F?`q!R_+;T>A67yf!H5>D#ySe
zdaP*Xg6XPeLE|H5_h)Uf*A%+$f8lP=lt$t-eKZ+#(vPC!wW57$QGt6Z-bd61dSAZA
ztFsDHZClgyXcvZW6)kkS=54mecpXX%Rp=;ShI%Vik^b|5aNI+2+`#4>3
z?#65Mu2Lcv97V=E@~H00+es3b!D6WupQRP?_q)B-o^+}THrwVD=UOw3
zdQ8*M{bX_DVh#Pvq3Ka|w(#(@AS1iEY3{cZv}Q)YqggLMiheI8^7y2D#KsRVJ2S)x
zqEXf)co8ZkfuN`AST%cx&EtSOEMX1r!so;@6vMdTnc!6@fi*a^qXT^(BuvYkGSI91
z-4_o*la-lh&&#zayA{Dus*d5-$&IWY*-&x!pK`DTx<2AbOgu(=)ycA#_8L+{20eBu
zk44AX5Id+USC|@Xs?a+{lXi@nkI7zj%6umfI8}JbB+B#W@!cDUGqIQFP{kiTI{OD2
zkV2xwRA$n3@duZTaz&;_B?$nf&cEy#-u(soF)gKyp`!VgV$*u67^$Sh0K|kFc@Gt6EF&a8YaBoJd^Gs7A5mT`eRgB2MqKI@^oM3*_@=X#pyuG%?U
z5_lBA@wEa;=AhM(ki3-~2g=*FU?|wL|F`Y8Fwe*QpvOT}Tb?B6qjk(O_GkNTK<}2|
zYQroqt0LVnxq{Z8(P5%LhAw*>BPGyLH(Y$&53WN|?uX;B_Z~CY)BeBJxZi(O;U@M`
zcO0E_{42bmZNum85=Fb5xj|$5BsI2z!wAHB_Ad`Fy11WRIxPCawmG@l31xBk-3WC;
zImYuCtK;KFSjATgFX;Ykc27I*wwOkVQy^LIn?f!~B$SuU7Foy&i$SE|@#p&L3Il7+
zZhGRP@%9zE(#7WsEV>Ho$Y3(dh;*e?G!X@R--lGfHCoPfwaf~E5mWSATc`o`PNX^)
zeYsWN^V~CM59hLDB{$H0&v?fuGe&|E*yY5HTwMn%w|rxpPRpy>&Qs;6EHz2O1)Mv0
z=G%M&g>$5o%;G2O{pA^Gz1f-})#6~_5i-@mV~YWm=&aS8d({W15%@hiGx26Y{k&hi
zZBgjwN(jT?f@$EU;v;y%-1)IT8Q$UP7exv|+(dv8Nw8%aEsY&2+Qxaq>7Zo3U-F|3vw&vl98W-gCpc3yet!bbg;aD)bu?j328V
z-Z^3j_mAq4MkG+z8Ykt}){$22uJ*Io!=T`&VRK{4PH+OQxA^lzc
zu5@nFpsOc%v_4)QAdl-NYVhO_rhFT}A!3fhfytD3U&rVFKr3zQ=Qu+?
zjJChxbbcvB>xcrRR9Ev)UwV-@?CooFIK&p9@xWBR}2#~$_B
zK(TnELCKZ+Hf<*pb(d|jTHBYM=BJz)BL>?}6mvO$PYq@2ZG4R29N7sq5SowG7tdh36sM$=5
zbxoSc<)^$mrx(%&V#N-;w(8YqopLke+I+k=eGQJjT3Ul>wzV|1=Y)=r4*0<9wZ#)(
zLnmFonZK5sNl!~jUtLB4V^aQf+Z4a>iTJxA4U(pi9{(KEVZ6668bLNFanPH@h?$<{
z%g;oYpgms=6(P3rO}nP)mF9A9J|Vd~m0s0jXJzSq(GG5b{jtx&79Gm{oyd#wONmCj
z9Fx*P2_rnL@UPhX8F;NQ~RaSE?Uh6D3}Jr+)p)SuLA
z&S4>4@0F(wxJy7XqB)
z;;=s5IJMZZz-@kv&;7%#HMA_hO?Cg*8|xV*_Sc+sj?jta#&~CjEP4XxGibD5p&#)I
ze*C|#U42Egh?3lolpp?b674G7nvh2|UEFqI5d;c7LQ18`*&99a)SYAP7HL#&nG&86
zcb;TzY>f{3=5?6lb8^D8?~B~D@Jd}rSq{TNaS|#1jUe*aCfKab1&XA^Xc0N6hJ8{f=DkzDuchWS{xs
z(Fp$+1rc4OUYsjo;)Z?A8sC_%&i92SEXwz(LlLHvDm&^;H<5mcVaBfvS-cl;;FJ4d
zxRzaL-@mM9ruk!E+Pj+JsR@Hm?fu-nd8{ucq*hnK?)PI2tCh!=jO+ckDDeQtc!oue
z4xI`k3Uj<6I`&fBwbg|WMcL0ECt};V)CO>Kv(W3!tr|w0NGB4US9GdXztMWkpL@!~
zgH#rXJFNrI1CJ7%J65lbJ!k5?`P=7Pn`Wi@MkQiy5{avg%y3Q?=bNz9ZfOX#@CG|y
zmLhoiaxsmnMsDWm{Jhs|Ip^=7l3wSO!9}U=Fb=Z8$BpjAZdyn2W7q=33Y>cOUBLDz
zJn|W0Fm#J&BgjOiI}2K50{o>=;}!5e+>MP>H1|VWI9?i%B=)2Wwy}8jC6)9f;u-(F
z#p?(EloV|BJmR5Harqp&{^_NF;-LWMfwYBgZ$aT``%jVviRbSg``^ERw~L#)baS1k
zHlm-qs~Ee~9Q0>%HXFEH^xm9j^}qY7;Sevwd`VpUar*?1-Gud`Lq@Wq6Q}$W+=+I0&*v%FYWDGPRaU;A7v0
zc1$g5o-}6v_Nj7tFSbqW_pdu_7bnCm!@VQj(h&KowA@^@?rqc*gv^5yw*7wp+iK#Z
zLHin$9@HDiRp{((B^}bYf3G?B2SfMf8H!vST)zP+%Oew*v;QEhZ0*_Oy7#vTLyFxW
z%PJ<89mz3$s?futIr>K5rRoTZspyG{ub}2_Krsp`E<>Lw3*N??d%BKjx;gV&YC9#3
zsyFwkPR}GQj+T48M&@OQzp{blphNK?fgTT8J{T$A<8Y!o)8nVF+%;NmqzDEggXdbo
zKLk1^dh0xcg1-w|+`EN`_JA5I>Dz*0{X~gkZM(#N`Cho3!RKBVzqTCuEOp3tq;mV8
zYaS1pIb3ZDA&qg=nr0{fzxd|^1}BlqAr$3eo1tQ}JD~wR!kO6Mb}T4yTnyt}Qt4Zw
zMBM%^DCr=WqG!67H9z^d`z*&C=B_-Ev0=}Op6i@#_M>fROk|Nk*Sc25wO;>ufTu$%aJPIH83+YQ*83T0Q>D*E~!gx<{J4!$OEZ-!fR9#Ly9wVhTpTnq|n>3Nnd=)qC>i9nV#)I?cjF(w{@7Rz5LSi{z4x2E9n(
z%49{s-^aLj-R0_(Oup6{+Yy)dQik_xEg}$L{
zqHDy5Z=VO@JUDksAXgeNZvr@d1hl*lVteh&`Ph~Ja{9lAZ*~iTZf;Q|#?gILz)G<6
zq6y$<*?kZb1o)Q#Q1@ZxBlrJvqW?Yrd)o<+U%IZ323T2D_MOIm<`$!03UyC%2@U^`
zO#Y7qfvq3Ah(jL_#%p@YkhOB~DFAGhGuZM@3nyj3j6uR;a{0xwISeJu~hY$rjV
zMcwS`5b7j+D=1x@$l)d
zE?0k}fri8xf``tkBE&kplq_x6@8CjfRTGIo5OY3@6_Z$}*j0_JTO6fDAN;F)W45|-$C;zt;Yd;~Sz
zM0ZUzlnvQdG(9ohM{=LZo|+<35qH5R!CAW1^vWSNP{uP3v_1(Z3I>I2c&JNYZY>z*UkNULuSznM`&;EKEkPSRR5~x69~l!B#k1ZTZ~w8Sd>uWK%M6F#k6H!kkK5Nw7&3sy
zL_b!7Y<&R5@BAZH>Oh$=mhguG5`r~8txiiX$fgaBgw{Y>L3uc1*nX~wjlFZN{>%S$2
z6gO?4(BeJJ8l^N4G^8pTGJ-`WqU7fuPr9XVs8{b5C4_pE%+DbMV;(Lw&Ew2EEQtqQV_Z~^V4AM#0{>3-4v$uFx9Do8D{9QdC
zuL(6o3#E)$2ltLm`i@@f8%R6Vw%ai^#9s6v($45hi^CjGUP{bx;l|oC_8q{?yzFv83JW
zTr1TsDw%-Ke6U6dQ6VNUA2(GcyNp>d5S#;g8iOA-!9CAE23vsGS$eoUt~L-HlxF4S
zcX=KyUOFl|n1=G9Te}i5cr?87HL?#Yzy>U{0@J
z9IjBS-OOj^g2QEJt1X`>8pOv;i6qfH%3iD3sTz+VMR*OMPULTG)W8o@OU0&fOf4NJ
zLFwTfql#;G`?eBL6K4B+pc-sXb!a4wLgcf-T)|11ri3Z#jRK|184I8h>)i|S_&3x<
zLYiT+#dXvWWV@RT$=n(+v#kH)+f~0iI(yYy6`yEJ5XY2zu$lg$ciQSZXMf6__wtdFjkX
zy|6at-RA74
z{Nze9IzLXCAU8TDR60fAt>j*4_KHvoF~?6cbgKBQ5wP~*cBQy0?|B)8MY9D~0aMh(
z5-ZquK2?jQ@Ki!kDBW@zG3bW)~x+I>?%_pc`|5?D$t~0L$w{MRv4|QCvBM){_jq{Cg(QC_N
zJznb6M+o|1+TYC}xgb<~*Dq15
zbJdfK)!!l5kEht@gWobyb#0K%%Cd@U3U_65v4MAO{cDvpDk7#u~0+a}eO{{FxmBOE5Q^
zayJLZ2Mv1`KG5#;1~bTPHpg$mC)E}e%a;-?Y$Q!R$zj+5S4U2?Rj`)(YMP?JRf^FV3BC(__(txFa-s
zYP6kUe$%$QAD@+Ds3(6esM0o6cKw8DJgN?c-Kdk&zw2Tj$Ei$ZMh+A_xg`geD1MEaC(paYsu0q3!3T
zq@dtMrU<~}7f{kRBkuYe!M^WKK|U+lTB|LcOF=0bHG$&iCFNow_nVqm`4Jf}iMke&
zm?rz
zBO97<0qM@3mP6^PX$8y76-%a8yzc3a)cJV06RhT;Dv~Uc?$u^QvPH~fmIPzUzL7Y0
zFS(4Hk8Z8_-!I+tx8IYdfC0)=1`2>bPQ%;U0mb=nxw@pY*kq(`rI2KTSI1Ij#nrU9
zXdyS_8fw+A8&F*aV~af&p8H^r%y*gM%}h~<2%_VbjR#cV52BK*@FQeQTC$Ws!)6
zwuoupWk-^y8=8zqRI8jT%vWQU&j&3d)^clp=)@>h1v|ivms}cEy!6RUADvu&*=hi5VkvI0
zkwIVKJnq{j<(6i5?O=j1s6l4Ol$9y#Y&l7KRz!I<9QZ?XyHUCLge2#??4zlurP?|V_#0Ot`M2H$#F%x|Li80s#Du+
zB6F+Yns&qZmwSRX>CRD84+Xfc&8Jl4z2Os$yv2x29rYLj=9R(2uJizclmdrSS4p&_F
zwPHK!oa^T@@gl8UZCEUg0~n-7y)}=SrMX42LcB;E4D`a2Z`#vpDUR0?f;B(qqvp>F
zH(a%0ajWs;VMd{BxB
z@_}-#G1G>WIP>ksyh{UdTaOPV8%HLJSqqQlN=qeS{KiR0d*#yz^W#D!$LYI2Oq`Ff
z!&eBBPY{1l_fz+L&Vi#dGlVKTf#4R&$~))8T98g~3s0mfWu&QEPfC~q-{vM*17u<4
zX*lps=>Z~yDu|SOWKH3=tY}eFir)ugnkq~?RR#tRhU4Ll>KG0WOkgHvu{C&MKRb14
z2x$5g(Uad+kIMD6_0jG?5bD;1pARd`57X2gj41I-d?x9ge`)&rFOgBf2%CIs!nc8f
z!#a>X+oCSz=J|ZEQSN2p3*hW!=g`)aBxoaH$)d!KUM8m3@Y>3u)T}r$U=f=SI>;5;
zygdA*T@ONJe->o+adKvz|<%8%qU79DK3In3nhUhN!2L+m4U-lyb6Mp1Yxe&dXIKdt`7p&S+d-O`lpwA0`dZNE?OOzya&Hp+St^
zU_m1o@Wd<@6N1BTlZ`D|7!9rl&(qYeQ?P)0zZwsm>^Ah^uwvfF&OdR;N%fnsVu3^(-(+gA?gN#`dz@yjd)V
zF+LanF$P7vpm^wxx1sb`p!Xj}8SOGap8_`#YmxxQgp_C~{zjY!UO~xhd^H6vvRo=}
zB7aSb@E043%K|(BJ3wX#LkOW({h#?CY?&c!o|)`HxuntaiTv@Z2bsBGg{d>jHORSo
z1mp2c)=40y7Jp5%H?PY?5^j7`aRE}l4GWyrPZQmgJ9k#Rxkk?Hjo^uM02_?%O7^a~
zf*Fy!zs+)pNaKmzZbo^McyOH*7$p!-5n73MmYmk~IEq>vjYy|7kaTLPeB#Saapucz
z0T4#r70XhG7}f9HSc4$Q!z80CnS<*(2Y)RruCz(Kq37|_bfH#dF3YSO(e)%bta?Jm
z^}d}8!EmWnRjUtMBu)T~`qi-eu6g(23^@c1&6byAehWk5Y@Oy0Z!^k+I<6#anQfGz
z8FOa@za+2uaQ-imQ7bX|r2JB$&T48u-qf$31ybQZ!Hj<|LQ(&q7O)8w5uHpgPF0V7
z`w=UWoLPUGm}$aym(y4)J&TcGdO$-ttx37NE~4^ugmE1cL7Av&LM-iVY{Ps=+3MEf!lU-HkU|NJ4>7f3HJlPhBG&>>AUc@lT
z^71lCGc#^h0e7W{QqOuY>yfdaSLJy9stP*$=$-
z=kMP&^wMX(#Wej7Kc;K!fk$Kvh7Q?-cpZD>q(Lssn8i4$T{-U{u{)j8V><5dF?o$_
z`S-QKbvLL#Q|jGjM+-b4!vzkV2(gX{+3>lP=k*HWLG>d7b#r;$U!sOAZ-GUlLf%Pv
zI(WB#`5}NA&LIK-)8bXDop5dw1JfPYSQ{6N)U3~#1dQST|8D1-?#Y2IABR*Y5
z{z+SJ^#GQ_G3ygT!gY&~u&sK7Ld){i!w(&k>5nu+f=N{~ni#^85vLc&kDZ{BJzOT3
z(4JY=UL2^qpqQY0A5dT3nQP|q#Hg8JAJ8C3ptHc+osr!)^hfg%77`ScJQ`G;Cd_c#
z8X6t+`SVFD?pQJ#w#HikleHCmjHYFCE
z?Z(FjwF`sGkAJkl1YQnTm{mUQL`>vBFg2dxteK{{jJ@z!&l@_0H8xe95L!`Gdo}b<
zYb+!CJ57l%O-*2ZK(N6*1h{Vka9)5+`$gWqhznqeAHb2m+8yc0+8}5GU`6kbZrWgkw$vE$6Y9LR1Gi{(NVnr7Kphgj;!2>R0gW@W({3oe{bz
zPtMPq@mXcBzZ&S$>et88zqB#kfzgHf|g@QTAK;lpn1Ax?7vz7Y
z9!bxfXhU+I3Ob}@B&%GBkOtc?EnQ1*W>Zf-Qhr`V?7iJ7?^d7m`Zezvq8va{zPBxm@6;ydY{CW7fmO>_1QcSk_0hgI#wI4|NII!
zi)*6~a{O=?+cJ)-o)Ne}SpG$aG1stqy~!JA6fFUXt7e{ttSgG5
z@34&vzcbu6Djhrki6(I8LzRso@CBo>Bz4IB?rAu|113r@RtybesMpi!k=_5M*WUbn
zv}B=yq1O;6^D`t5!=iSRnqSZC-!VEb
zO>xCPs_kUm_q{~F3?om7$iQ}TOaq=bx_4+#tfGYecPM_RE++NbH0kQw&95V2;oOtG
zCMt!n1uY|Qht#O9Jo|~ss|1)px#Za`#*8^fwScgCOO4qW_IV0BL%32Ub^XZ{A?-8|
znI;4Jinlp8{lIAg`wuFPwCtO_M1J0C@=no1LegGSjjMAk1SiSWh?ZCx^DVmGO6ok5
z;@7fO?RHz2-Gsj|I17@S<-KbJNv$-Q&Y4LWaZQ5eJbng={=Wlny-MK2_Wl=b=MW2D;2CX5?iB(U5X2Gx5r%Y8wUPxjk-`+e9UlL!b@#e&%EUUVU*)|yq{Fe8
zgPj5gvX+~p_TBvTuHGS%X;Q`GlGCK!tssO={^TvHv1==v0F#tSj(%}~^wP0lmpO0P9v9shsoI?q^z9a}Tiwu<&{8p#r(`;gL);C)2QUIao
z>YT-$VfjmnTCJ?WEI#L(xUH|Pl~%2%sr+v*G~}yhqIqd{={(@o2QfeI&%Spf95nA=
zLJ4`f7L;Ng0}6KN{OsNq^aPC`QQM~Da=DlU<+$a5U7{rB18ESTDa5F~gs5#Zsa<8{
zGnUyp-VP-nE>)2N2A~Z&U=dj@R(rj3gbk{x<=&ND#K6@|Xbonq&Yzxcip#}qWP2?Q
zPOxbvouH7=!ziiq+45%0oK~!&_r&Qca`UxlN;z;FZ*jNMZtJeS!Qtd_g>m)7BlqyJ
z3;vI4;ad8=y!|qc=N`l1JpmLnN8R(|Q;k`ZrGf{?&es<#6sz
z&Z1c{TjgPS2VmP8I`egXqpD{Ul05@13U2~$`>mx9<+^BRTaQL9Y-0RMs*r*
zvQ>*IdV94ybNUi|NW#36VH{)jMqX@M&5kEW3U5Y-9=Bu(oi3YL3s0X?cu+?y|UOu
ztBdLTHk>jZ5+fA;fdfd{t?)%xJ3oYnj+)kAjzu8FjP*B#MALqdhD<&Grpb8Aiusp!
zLF&z1v%!k_cVoejP=o4zW@z62uw;DZBBx)WC3~D^o(f>8z%FAFwdv#GJ1Q=qM-s46
zPfNDF(OgPd&6HP_?tHXe7fif5+(^~lghhA};p&pBm+_={+df`ga@TPW+*r$l=%t4)
zZIaL+q<>EHkR))YZ!>3qoP|z&56>lwgKE1jSnBNuKpKWFOeuioCulaHI;JM)TW=^#
zt0TSwd@bX!;yw`>@ozq|MvhVVTL`DSmj;jeUA(HjnJBI+!4!yp*hFeZdK@8Rkn&)qH`Ihqex1kxXZ2_;PO<^i(G%ENk>$>yaR8q_m
zPvN63qT=XsWd6YJV*-;js9(HyZG+pPQhf1UJ2^?;_W3qICs=VSej4FV1diyd^q=6I(vE6CgFfy}{Fo%a6H{`)8jiR+3o>rTqeCG`&~%AAiC;i{g#
zIs}cu13C<@2WH2iznuZlVXk)$8lCT!ZmYnI!urCU=Nyya9Sn8B<#NjKo$=9kSiKw!
zD`014eX18{t8`Z*tBw^r1Rc7K3+NKvMbflg!MMGKt%ztwou^$QCcPCw_iRmtSBQ82
zr>i1P*7fE|&hH(Zi=8lM{Nu)-j@@#@G5A
zb=S0;T83g`(f(o$_w{lNSB|rf)Unf@QT!OvF0_2HtS*&M4Y@+eQI<_KzLa&qkkQCWi3N^(DV#
zWv>4AZ&wOi!5xLbHr5vhh#qOGbKB%XJcTGS2#y#U+1Fj!@L~p#NV1MvV&Mh1jK`%Jq%Cy@2l&%xf#6z9Q<6xb=pQytGGk*-b{T;f+_gnSpET;KE?9X{l
z0NWPE#hqXJ!>bQ>R{W6szl79_YU`x~&o+@z*`>++368mqe-jm-$P1b?;WzC8nmp
ziP&MU?c$6K_nK^FHeXJaHRL+fn1O(6uVH$zASDn=`GO5(e;A
z@``R;daXV7)-$_2!acD*4LKfXUC-yWUWhMpbP~_rwaJ6&@#2Oj&vdtJqtdi^j(QdCBG*iqyP4!YE`qhA2R`Yvl_jR^doQ|xijHF=FXS(AzZBoYt
zAwdHtn@PU_1U6hQ_xoFDu$tb>yf~b__pf6u;o~pV2SxAVug0^nwCeKpv09fatt2?h
zDTP&?w7cSm$i0^Y-qhzEB^}xPK#`?D_@>A#R?XsnTak)wi;(&F3KFlOyc3`P>7V**s=#ye3H?OX8V
zTRYuS+@#Tx&ptMP5~t0}?Ai)4frhIzQ^haxBW1^p*jzTzs9?dSD=Aa_kui+*#oHCe
z9?(W1@9XXOsV$y%75wSJkGsh$Bxj}z_dhGJ+H_DA=gi_W_ueO`K;I#-;0_Epcr
zi=xS?)I+@_N#JH>3v=l~_$&U=*X_krU}1m(BgFLsLP!2a$lkr{gvb8Qki^@r{U7u2
z2KNk|m6We)Yu1$jY|b;BAZ7$=hd;H)o=dm;!v`t`1xhdJclnaIb<@b|n@{((8L`%~
z*!sO`*57}br0U6q&_x9uBJdoEdf^&P^A)jN`u)uRm!J|3}RBIal9
z|EOvDtAdR@$lfOWC3o>$1NVesJo{<*2^rLbGUY4sLp7vNcM_iy{}mr%(st0ruX^I^
zw7c-o$7IpxEAK^T^g{>TJYCC|4Nm{lq=%}>FQ?FECybk$`whuLH!Y2Ss7E)A;hBQ5
zsbi60c~5(yMf8T!0&(~NU4>P9`DI9|_sNI#iwo_`8vh&H?1TNK&hYwPwFvn9qIym)
z*zGzpfyDaiMX#2nh`m&(^T`+U75Is)`Qil5(qw%7dDYElcg5RYN3J=w0C!kkl7~}V
zGVy+B)A(H-s%I&x{5t+Yr~6$?$ax^xJ&@tu1uGgge;~YG>|7kwJIIak|EAM!wo!x%
zH2$xeAZzm*fujwqk|{;~x8F|0p&X*(#)(Bq9*?Lz7iIm~$=_9-M5;=U3(+sPLbfky
z{Dd^jXy%aX6_FgM-*pylCa_HIhxe5_YMGh_tMsPE>LZPdtG{|
zm~e*!9@P}1D42Q&@4cm$Ks7Fs)fxkWO0_qrtbOD)Y73o5YG~w{96BmT^8+NF&V5h6
zy5H0_bxL?}E)SK$i#}-v=&q7N4H|zY#E4vdsH<937X&vueqUr@80K5^2lES;G2fbV
zvD4I+5%}Id83%={V7){6Wke8lFoo5%(Rzh>1+k{_o+Qov+5PEaPqr8~3Ik)82FGF}
zt|S)bo5K04Q*finv*_j}&%&v+C+706@W_sgbW$hXAq_ox*=n+%jA;JE&iCd^GoiV;
zRU{v}{mNg@?P+aNlyB2Bp>3LF9_$jmSY+h$#!=&w)@8KJ%9`fMRJ_G`x~eUAhSNW0
z^EjyEJ>*==%^_bZQT869x
z`8+aZgZsVSrx*J-%^}{iVfG5d_+MH;926f~j{!dmj1Xen&aLz9=`lEh*+>$a;Ux}(
zUw0KUJLhGE=Io!j`*CGU;~te|>-O8{Fw)grU9#i%;l7!`KhIk0cd^Lcm1BI0(LS#R
z`I$`~u!Hp#qxc!=xJUCe#s?E_`In(g&(j;xBV~kB(z0oWj@Uh?!g0@@@0R+LnC_#L
ze>{IJ0Na|HR5W#~SSYH-dXGpl1`l2k2n)4iT&Q%s|Eh+=aERyz9{oifA)*`6iq2wb
zR)y-&nEiuy?jt5ZQtQz7xcT(E4%qLO4Fta%ZR>9%#S0O7zUbWHukNI#Rq85}FFh99
zIm~Yrz@rLTe-{kjy0ScjrEN~d)Vhs$E?s@ev078cUubk%0B1TnELOs0@70YK6uIKJH8E}K{;H#zzak59e4hN>Fk@%@$ldm
z9iTrWKnxkx?_fa$@wZ-dvWps~n`T-Z?
z;n*G~JK27K)qkO`@nVV8JutqH7ZpQXcZ`}|&xB92sv$&YlHp)McJs*Y_tTm-pFP|g
zAu|1vZMcpYL!&xbzY-Do)vTxOsp5*PH2TlqKb;Vwk#!JqTV>g}_xN$yb*`vYwn}EV
zZU%eikIp-lCdD!;r_H}^X;j#GAE&%Xk2W;3oekjb<#XG#Wy3E=Zo5P8?>p$NPwd;p
zS@zu*8)Zp4YQKcmKS|{FGr~r;ys?=&^^o?`uyA)5?NAkx-zGBJC$4RRFSwC}@
zdtY88uLWSFk+OTHpl2Z=^p$v*H*Mi`z}vH;Qi%92HW=AShwJ1J4QM>rSCI0&?l*kX
zY$x*$a!bAJWVEvXjD>MHxuR3yj|Y6Ie=+jHnl3`TRU|;@V5HO
z{!S4Loin1zu^VH8Qn`asLnTtv(5cpyYXckY`%Cjp?qKqBT79^!LCY34D`1LNb
zJYd`6CLr^0U4^junow&6oMI|7V%9TaIiIQlS^;}J4b?*tF
z$wUHbzuMH~5jWYA>)vp%IE0}uqqAY*Ud%FCpqIp~2RT)iLejLLUi$aUI&`HaNtQnC0i
zh>#V?<)a>6P>zg8hS_*HJFO+Vhi9$muVprP$6U{G?yt)Y5M7P8(koHmqCoYvj*t=1
zFkSR%1#foZ^J*j+X%t{8uh|TC?S%LHvmaQm*J^K>#6}4;+gq>OD=oaYmO2tm>dMM&
zupQnWF+H~!$Y!6pb(mdnB&S>Ptt#@pUU@&@5!_TbCKua#USDH7@-Xqu)2CPcIbUk^
z#Omi=s1789|6Aa|#6c1)v)+W@!?}FOI!GAIWG+Bz+L
zC^(Bs&Qqac-U7r}^_2P#?(VU#H(
z-1cVk%s2&h7eUE_5jRI^J)_4GvM{RVm{`1(M#kL8R0L}na<7HY0;aY@;hZrvjq4^7
zQIh#P;|11yJgHrOz^6G-h6?}9>F&>cNVJ22tmdVa;>|%<9tYpdzKQV?6uHV6Q*VQ2
ztz&lqiBvJnEi>!IO>yhk3AmOQ_iU`-O!AtiCtFWQEbe4w-<7uG^T#|6t}tDV*UC|Q
zsg9?Qa;AN_TYkWCmX5gt4(yrLVX)omGU;|OWXIAeZVN#g5_q^5C^$vgN
zi~SO5T!mO0?tVwTNU92Vo-qBBOv{DDU6j_?d($nw@)_QtDSO$^O&8XhX_J3))rza1
z>9$_aboh}M;0pv2({691jJ(ngyOIx3WN|Y`S-t3!PUr_ClWlYW50!QXaA4^Kha@?*
z-LYC3^OUNOecc(Fz;b&W3(gqbMRC%@rL~zA-Bd9pM-pWaI@ACWM_RK(7wZJa`*~|j
zIM)57Uqq|?m)mLaVNaF(36fK2E!g3z&s?Lazt
z59ieR5Ih9un>=sVNUCh=$BPjK#&YJoNd9nxC(giXbv@_jC#)U>ySTVL#Ea@j;^eHe
zABe+ag~r%Ae#UJ7GZ*`1c{TPZL1^Fsp)GHdMR=YCZl1?hu{traxnu&TfO|h7U@jp!
z*(G4|(%h^w)0AZMuCVo7rooQK#CmA6-|D1~$HB>b9tC|H<%)YVkUrRD{?5G{2F`~H
zI#D}y$U*#myik7XDrAZWo4&Mg*=q=u
ze;Bc|0Do>M45qtiSgx+9yCOqAKPhQUp!R}=VAwJul3a~~P(Jkn1hKRbKYtjZKgg`W
ztBZm!KeGRn$JHC}*A;oPMH~-TU0oe>U0s)h^PN4~y_eHbpVQBVt3f``a$)K&yzAFM
zq*a$f^OarE20>ZebimXG_hO$uG4YN2_Ij=r1`KcZi}!fPp=q)OA_j4dx$Yd}_}plP
z3=N-WxH$aK+lt#hd)cL>0o80=1^XHD&e^TlmgumAD?`t(Op}+{R;x+`NIvZZM^tgO
zhFYiLKt8LHyql)*-dmWLu4PWg_L{m?wr=xNwuGjISG~__(q2cajpsU0f6(E4>E1w<
zIW?Y&0IcDRJ6xt`f{JxGxX!DC0DVRHS}{AIzVu(Oy2B#;T5I|tG%Tg2=wLo4MrR8p
znycGJ`U(k-%`f)~-n9vn5G(HW_;sdb*4jW^T?enmA-IQKEr_)eVd
z@@Gp#vw6{G%uT^hglL>4O||3N3@5_Ed0AK6@sH5LO}NXxQ>Hi+1AK%ieIZcD%G&yx
zO175^f(_?~xj(GCaZ~cJLYG83c>3FecfqL;CA=<(mvBgOhpt|SqJF)jPng_N0S>HvkxY5bTHN%>p$(CvopN!P4gt*u{}=fUny-zVKG$HZR90pHab
zmhGDRKYqEsvlRy!v;)}3hZeNdpR)b<@lkQ&i5)QcJEnd}=w{3OqJy
zbeMN{JNN4JztSu+O>;;_yJ}jMC^F}*`J#MIvF5CmMxrKhEz0(6ZKh=IXAR46
zs?7Aah73ky!|?&IGNvyTv0r!;g!O$V!(Euo?*!XEwq$Bxy9B*o`Kd>I@5wtp$VC*N
zJU+w}ur>@geB_@){a-211SnqyyFOCy(SN@f|6h$CYd3rx;6@gh=LCIUDMwxJE;~M}
zdJSJ$T_0O?y!!vYuK$P<|e|7buAWX;6CAHRjZbv|{1zr3tZ
zKAzrzJH~Um|B()qkwr?v{g&_7$nfYG)6>@{#;#BKO~?jg{PUI^`B~SIEaQ3GKHuN3
zirTdPuO$Az&s*MiqHLE@o7+uxbZgoVmf<16Fw4JLKZb@VtPD_MYa^pLbkyj)sMoHl
zJU%ARv_rtVRFml0``UgGv{+bbxxVV_(1Sax9Ken=7eG8NHEbrPcS>4lZ*7p;HryBt
zuzldsD4*P*@y&d~&oUenK)Y|bSEp8s->&H(y=M!f5f
zm&f+**D@}CE2~8cQ44D&RMrb5j`!SV)~)U~g+hO}m7f6w<`ii^`R
z>F$%7!{`L(imkUC_3o`JhtOx^tI35KH%9v9{+%a~R(-dSgnYQ=}`)$gsqB@r%1zuZ`m-Ty`qJ3F~
zS|hhnNB*Uz;-04PjOIZ?>lQtc-%Mo1^%~sDW*!nj>zlsQ=$D79J(}l;MOs*D9}?Z#
z%SA!kW7}Be$JI`k$uJikE-d%ZP$LQ|1h4f!vl&+JDjunC&ng>it4)(wJUaDhf+rRw
zU6kReF2U?N0b+S(8Jb0YME!;?-$`ikwJz5vG8s$Cs!563D?@8)j-f*$v*sVQf~lC#
zg{8omP0z=Fa~e1;wtcNClgX)?%IBcj;`e67e|SjRcFHXH^bfiZgu|@mm+#K_pe=Y1
zzQ`*94P5n?DMDRwd8vH#QmTA)Z_fpcN$1a{J;&%=p|J%U0bLM*qGZvgp&UFb8E1I)
z$72iW5|P^rK@L@Wr80ADh*~D%G2_cOEQV-6cei2wICQ_*pT@Yb@uro=;+&
zT@xH$gHa#45;-Dh6q2YS(rC&jVY^?n!;^L7CbBg{rRQ5*O1}t`;YSQ@7VWs(B;V66
zs23g7aZjHmZE3WW3zDI=II6dPM(1lr{Zn|<@+A{g
zjo5llfybXx=3m2}pmMcdppdt@~_
zn|bC6cmt$`q5iV|tbH&w!0|}U&q!%Ooe4gb0+ZTT&8Ou3rNJGB}iO>YI)sq_m-bA>GYNZu`-0B$=?
zs7*Qg;V70d_kk{dqYV!uHnE40A(_9GUp2Pfx-HqT0vSM4<$LzTMV!^lMo)Ms1jqd0r)(~2q+p%%RwO{?E0k)@rncfx18
zIn!rjdSQE8v1E+(LgB8$XacZNJ<)WRsCIg675%2eiYN0VMP{v?B=@G<}jmGYh#bue4
z-AJSNedDk5bYO(Vh6|@UBRzr!?pL3EBQVVD^e$pvEUdkp%1Moksy%;%UW`&XanDIH
zdk<>?qfZBC6h$LruLZevlSPaY*h?t14i1NYa`x%obbe0FdVzSMpz@`or4i-5{l^^e
zqebf2{t?RZ?Q@}2xhST?R*-4wNa~s-ver)L^8hyr*rb*FaqB-if$llK69Ze!iptl%
zxf}QDPv!;1j5(&`l$QYq^AgQh^}2hY7lmv2p_e;|E!`v)?bN3Z_TF)omi&^rVh`f&(V!v{qIT=RyJK9%?Q!eAC01$u
zt|xRjH@*}Me;K0}Rrw%k?-j}7L`GJ(^ytZOOvz!qt*C*FxVM{T6+*q~wTj=E~mm<(=qw7$TB%6Hg#cu1pUa
z)-VxSlm?wqFfYpx!I7l{6o<5US
zS9!UewvO|6aD-bO>f(ftg@b&jPA0cocV<;odRFRs&n;<ULFb2d)PO5i5KLZfJZOYN)k6;xGuExTGpvM~apv$J(?U$1V-C2~IBN7kndv
zH+16%YZ@|;Z71SmcaC4-?D**S2-k}>=Jrd>44;Wvxar$HcAtxT=z9doMAhn&D2Y$C
zUmt5fZ_?sE^qcJzae|
zy<6YOlw?^EF4d2jtgGZ(J*R!8UCg&-VsL-1USg!`053iImb5aG&sbxI={Y)e{{{Cs
zEx<21fh`xYR9&j~soujs7{R0K(fDIrxcaSd4mLpSo(GBX+HWtm(1f$xY-w*f31_(G
zIeN6Pr3V*Xn1qm&e{yJ?u^Sp1vKHs7axRT!@Ls+T7@XbAvA_R0pxP{eWa7!gXueRZR)jPh+Wo{u`omjZ5@G;1KoGlvteb!miNj7L#wEB)9@DVorSSbj|!G%m7uF2rc_D&=N
zDQF8+x|NK0NI!Ove51Eye&~qluN`q72K|H8
zd~V?$)Vge)-k=tlTZC~ZD&yEBmZ_nber+_6I;B6wAoJE#Lgrn@dB4|sz!Wpf3vUp!
z^vK??LtEq>U6&~zjj}ZySKxh{HYhDKy@HV@o~q*ACn|gXie9TxV&dr+U=7_5aY$uL
zI(7ZmK(
TovBubmK|Y+rgtVcmEB(Mf&tEQ(H^v6P{+#I|yPGV<(rjbO+F6|Kvg z&zkn5IrXFJlTB^{JhTg5GHWt=a!f=hFk{Ph|HEw0K);dg%6nApHTS|IG+gLfB55(E zt%wIzhfwXQk;ARy)Vq@a=s|Ndv^Ik-4KEkN+}_oaUF7BD?}QFpuG4pL7Q2&Z^3ADY zerYY-{zE%9)@1Y4zCGNdOt$59-bgP&ZIc<<|UTO=y7su{%j^MBhh7 zNHT15eH7dG*U@0GG8ezsywquBxtxiyOD5gq=@DLhO3#I6Mjh(oxw1@c z;Ayz@()6JGK2@1&Xb=p9{6Yp(p>&{Fd4gEFgM$czc_sMapzNLqU-*{ZDN^DJ6hFo7 zzrMRFHDgua>7U7)Zz#NdXzk10gNRfPN$%%kAH>3V+_xe^Px7f~zPnjEiwg;u8d$pD z_A)Z)ZK=3*F|v;&T}x4^rhh)I+^pRW^4@xjehMm|wbRQRS{$jd8Exrq?8T@%(va!C zlmv2VMQGEq8I~yBZsBA;a4)yKlZb$Y@V44t0h=bS;#3FsEWzot9c)aK9LDEm&suX& z4@s+Xa~PZX9eM=!Dv*&Td5hzxEhv?R2UZ_7lE@Z-7+ z#nU0{q|iBRV8yIQaIZf>6?fMeooE!%+D1}=QyIL=Cue&z^={_gCv2RhB)7FjR(UP{ z8s$6Z6zIIdvDf8vm1DF`g{&4?59||L#;0&|Tepw;{Q(@$dW#@h_-eGNu7^VIF%PL;y2**-SB~PmI88xr#*jt!X zwj%q#Q?Ui}dIDI`EJZgnF3wreX2Cv+0r%Xb8P#u9m6+m32)LIPK}ngYug0yd*5gF> zA^cQgLd_+XdOJstY|6w9=Q#83-un`RR6c8kBV`3{g?e_AI>sTpbLWU0z1clwH9=`r z4ZWK~JqhSquMjhOTutiCoJ&4KR!K%W?A{ii#ga?&lRTL&s~Vt6N`bFwE|1}cmMO5* z%P|#Sdu0Jji?=@GTxHoomy>go&FSs~hM5mfubIRcc~$q9IQ1o-?@Irkhswr1=n1SZ zVwD!@Yu`Cs#j+a~*mH_@C&81-!*KJciwNY^*R}Yz!c=_dlUpM_iyp5tQ-2Z==HNEk~W#^YJ;Xq=Bv zQ)BaYRT>g2&XZ>q(bF|bqdXJrx0h!f2b>j2OrFLFBV7bIQWTfaIv9&p5S1Y(FN%*; zY4Xx_h!)7mRy{C)oY?96XVzTkDOuf%48!h?N}5BX-YV_FS`u5il}P9nowxI2d!Q76 zbqf!L%dyd6Tl}G;#RiegHZ;XY!GkBUDIFv-d<*618sL>j)?9uat7us~-0^VeVc<{} zeqDM0< zgaxGLOfP%0UMy>)>ojXIrI?6>1Xlgrux(XkrytlR8fE>!9^N0)k;a|C1YiAgGNMIH zigrr=_BCjKkenDfcI@xWk&I~ucJ#oepaA#_W-u$z&z}VAMGZ&QJ@_Cr@`zw?peMK- zP^%E{%y%%U;4=P_QgPvu3IIpMU5H;lYlHG|w^ea5Qg&ef#s2^#3;k#m?$x#ZH4F+S zxQi=?$cBc99S~gR-(F1PMf*NwH<#rJjG-5}Im* zlLCp#V0!zsZgeqm!+L&;5yu#c=uW#bz@Na!h)at9MWnRj|G5bVUbF(Fgn{oNj;Z{H z-Qi=xBOs#c{tyMNu#8*I=d3`oK!q?bf=NUDiTGCxTC;oGN=aZ+jGsab6&c|VnOT?& zSAx1o?%xgKx<}#&QuNE?KrmteVQ>czA;dHRt!Wr~^iQO7L_)9=5GkU6dENYBewH_n zl!zCN!?zOQ4Co;W0CrsuMI~eGaIU|j;Lv?*GN-QQx}jUwn2@t6NI*Y^&R^qTdq4b; z8^AS13FUn+m7H^NEs53~#WCjdg`jH@Cp-ukh*hByx}z`j61A@#BF;UV0iege=% zFtsRX;Xxy?0a3o}IoJOp#XKMZ=%FvqCyP)n4o6F1Ih-}nxHB5!E`bye!p$^N9IJ*O z$QS6)&%ExV(onqqcEJWnlo4a~FRFt7oV!uM0-?K2aJLb;d%Q;oiUN58`vsr}A%&9o zV$?890WoG0e{>nFwp|&5|40qhlmt7$qY#P>J$$KBf@A6bknYtAZMa}$Ank?I{o9Z9 zyxP}Z33qdLRK1`8CxMFbF18!`R(U}J zdet5~i2ShTw{k|5s4%G5Ai;-$LGj@QM&*`rn7EUp;JW|{?u;Mv%O*C0kB#E$FTng~ z$q_jj5jCX3X7Hb6KB9;^8c>JQYLWFHW(t@<1=Mf;Arb?arFzc3H2EdJaP5UgDb_52b0Sy?8T(O)GZm>^N#^jXtd&9HyOQ1GH; zlZN00Sf{D9L8E=;J97MK-yNDkG_iPr6NVfozRx8)#IEVsQZRJUF-4d_eJU++v1Bw8 zc$5;U6?G&TT(Vsivy}GQIN||9BuS%uw2B;sc;s_1;!A7&e%K&#MRCYMGKH05;u=J9h};e8h34b6 z+h$paDH(u_e_18OYT&&-sMKk##Gop1;ItXE%lNeDpsGB$L~un6*a}n|e#BbJSwwIp z5sp%rgd-7EiVEYDWRm>wOXi5*GY~vt?{1#j+6m5F$L~A}0k9-uh=4^iv1jBNj8CR` ziR%Kj^z(&o5Cp{{ZV`hHmBj=DsU{JO0Br$qYq=t(NK#5t8La(+)K8O4X{u-Fwu~gt z7Y?L_10j|5iMxn1=FoK}IShpg-czOE((q&C8(KO$Ojy}V|or{=ejO~k{L@DFw^3#Sc5QIi?3|vg1!4nxn0un?^?;%%7j5s0$v1(S&D9C-94dRAc=V6D>X(YXt?7Q z+SD4k$WRP7XB7vn)VX&84I_WD>Eorj6Oy^rJ@Ah+pSZO!{e#jEYU%J)I2=JQHZ(2< zwFicM&K-c0r>uJ}BhfHzvqLX1q)iqgWl|A}|5na|PavhC=LD4@qINE{;na=Aq?Jp) z?!otW%3J$94~vJ!sUX!YrGvi~{bi|bSyVcCoJO3PMTIO^i*=F5sOkY_KDzUzO>2RC zBTq=EtQd-LgVW${lEz>b4Q3`F(<1siK?a|F<8*5vH6#3k%HY&MOUTTG3e`Q0z~q!5 z0;PauL*}+%l>W1sCja0I7cQ%2N8;#*AW?T9Y!bv2_NN)4QrM4F_ZdRpxx61J+~M$OUc_oxtwQXtf9xgh zOOBDLhG!`3b0iB$g_Fa0W0|~^{+%d_OU@|<12B0+hw_aQj%Rz0VieS))Ja@*6Qddh zdX5_57^uQ#a}0Ee9gvx;6FAJUu*TQ>9o8n+>jC2?GWrn8znV(1u;y^*?`ldoMzGS+ zSvbH#?dbrP;SAIDe=)JpwIoE8g_C1)#Ak{Ob!G3Nv9M6So05cdY5)_V@F(q-p}auP z%E>tCP`ZbV!y-Z!3LreMNjBP%90q)}UCNkm&+I4@pyWg&F(Lt3(EJrUIX2cnOuB1} z|CT>H4JwiOTGL;0Twr9_>xkTBzt2ID+0hVUAJCrqlZ7NXD?KAthgptG@F*+XTN{7U zx5snc(;EHm`k@7Dd~D}Pmralze4y%27muHB7_QfFLKsd_^!@7|99y$Z0GQ$9HE_MRB zSeR^RXlnF;h_o<($yp%(zimK7Y8W6o=${=FyYnPsRXGC%a3uODgCyU~0?JRI2Pzul zdqE5Zje?q<#gQ`tU#-W4WY1$45r*mG&paP_YCOV}YjxDMfC!Kf{yVt60}x3F8^re) z^2?zd$8{%)rnZ{pV9ArxU}mQv#fM2HQ6q^aMcdg2Ee7}_q2cX78v^1p8*V$;EQyU?Ilc!BPLV01Qsz`!^UQ7|FTVL=B6`&=i|m zGCp3n*pi>Dgd>54>AmNZ`~Q}+?X`jt*+z!@O`C;OEF=uJ%!B$@KafJcNf?t}gdZ6V z4e+|^?gAL}j#4v1X3rHDbv@5UG87UH4G^rB(-4^yk%k<< zHl-AF$t$e$o6@5+w8<;14Vp5dHq^SB zV+t_iVEhb=7VPCJju`eR7CvvK_rYHn)>mZgdrj$It*&~K1MFsMZS0# zYRw3f10M}(9({88sJQrtph(Y6L`GB?0M?I)Q5OKxGkkO`pNqwbk5&MRJmKmmnI2Iy zBp)B^TsPfy#Om>~`@^o6v2#VFK_Q^;!nYxZCTpjHH7x;NwVAo^&GHu&^jbaUhGCv~ zD8IfP04_KUHQG+s)h5!s#0!L11uCvE56c7qqnbKlmZ|76e>{_mwI!X$^dkZmmn(UM zQUO>U!)gj;&Pxf#qb{N>C~OSZvj?paU4W?urzK$~Vl0@f5FEQOU65d8$oVHhjubu2 ze=3zpJl2F!-O=HQcb_pwl-mVg5Fg9EU-8KiYm?7p*l$P6F&GzfQ{wv(>6kwm6gt-+ zl!xJ;iKncW^>@bb!cn0p^Z3&7472(Q6*U8Cwu4_0chl?PBsuvUJLf#R2NcY}@KY%F zG4j;V&!a;I0{Z+zUk68j-J_YGwJ4Jlx|cFB8MfB&cWTJ;4%I*7^ceu4{W6%#SYnQ` za>JT5()!NQ$$mhHa7T)A2)T&h09Kq`lrg|S3U18z*Di>BTRgr0dzMnKb^y^>3zr0t zl%;;yX~a3aS)ddy&?IcCPLFD|z< zPZ4pZ@{pW}Q=M<+UHgc19vAFf@z*l!-$R~-RvECWLqcX zCNs}inMX$%P~y|a1BIwa)b_7wlfNXSfYd}h!N#f}a7Cm9jAk`F(TCmd};sa`Ne z(nhbX>0Q@TB1=!pIUQk$N2<(VPRz?`jqvo)lIu_ET4v@+G7u*`MwRxVP7I`-9?jX~ zKrrpy5Io!g3AKY`=WpAvDH@7>M2a&ygny=< z(PKP>c&y!wbFC=m9SLQMh&}m)lL~0^)09F9DU5_1O`pfxQqBVsiiChCOK+rU>?@@> z9ghZc7{z{g%479tI}=cyrtbjdv?kygVS1*(WPQ@zdOr8Ckq$lqB!Sc1IZ0wN=`KW- zNs%_wO-dvMnlYD7oliEInN6M8H#;-=BiW|UXPIF{Q-aA)PF|#;r%u&oPIC(6p(lQt zoH|Go_S6JUJX8<`{}05RbsZ1}OUgkg!vSfr;DQ8<(%uP$M*=G#(ByMHQ)`E5F0*}^ zKr-c^B*|yXNv<@jkTAXuRI<#UlI*7BmX+m2C_IlK2OZ}lu>{M|6Nki3UP^>6sqEaO zva%Ag^oix>CYF&G`6DfWQ4k!SZc;?y3Sbg{sXyaxkA%Tc@PC5;40k7;p-IOC2-v$d z77nqSsz^F(lhokUL4$w|>l+>f;hY=@s|;$p1!IXA8w`nsL&=#m9!0A;Jc>@rM2;ZD z6o?dE=$JbV7UU#~L`LL5<~Dy81SwQzrbncZ{-4OAG9x`B@%dwkXpAA9Ih6tR?4U}| z66V2#LCE_9`DVtaKP8-(W0HWXDbJyHCz?|>{Wj<4uJdh`cyh!Z1<*ci{hf#QfVB6S zg0|ryc5pNZfyLN^DCQw)33&-w8ZHMV85tJ{c+FaWN{RvVBG!#~uFOx}=!B6QFckh%=mA%bj?{sw?5X2Cd6vya$*!aCX~7Y1JU*^hE5R`XYHX zK<6qsf0U7uqJ4cb$){O?xV}b0P#Bv(SX&e8&pF;7sg7)WDJ4nUIwGd&OtR{`?WtAHu1BpWJa4mg)!^UCYxCfQ2; zab`bjT`xE9Y=2s4EF4&X5|Uoh?aE1g$<44*If|KFmWY^>mpQT&Hiw1S*buX4+P*&7 zHG7ORoO}}a5iG_AXdeeun14WWm?oM&gPdyFNIBV4Qq1}ec7~vwfPPQAEJeS`Ss)I5hzgPxz)fNPaf&sRONOHMxCODZy}T zkuW%jj(ju`-|2d2ijhW>%Hh+7q)3TmPM_xvmY>czDW(nz)1=^vn+MlP^JK^vPQe&H z#hA=Xk;3XpoJdgm4A+pFUeispb)jJELX$0dmj5HJI7(@8RN|6$5KOV4Tn|W7`m8if z4O5DYqmo&flC|>e4$M?Hl}S*tM*kse3j3hqOQ{YtoH1YOp(K7JIJf}{F!?_SLO5c5 zI$06DI7B9z{y3-CPp6qO6zIRqO!Qxd5)L9C7Dm50ECg-Cur=wKxFqp5%IuVbVsZyE zdddz_K7lhSCgnW}>Uy-)K^h!Vk~I?~C(V2F;5FIT$-7^)T#GRSFzFGyDcEoRbP(6+ z1vQnLC?0kqkL;}5I+PjoY#Le$o74`q#-ylj2lVI}g73$2KrVNnT>mxd#I*ojtKG&(QqQqeEyL(ut(xSV~aM+{&D0K6QzFw+1IH24J z-J|Rpu`c0RAS8k?Z2-#%7zmES!Ch?OSh$3Q1c=g&rer6qX;8BtHXtuMXipIo<4nEe zqorM9>NzXRob`~$|DS*Vjj+KKFG=%|V$x4uQ9O9`pZxxtl$4Bu+^pY!lb4p0Xa4@% z|HkXWk;6LNTdVY?Tr;uwOUxW+K|I&r_qr$fA8D69c=8EA3qDRXa11mf1Cd+%2Pjh z__z7Lyo@5#|Nnda|FWXl|C0Z|&R~BV4viLN`u~5C|C0{qmy@@Wl2TNHz^4!A{}26N zT57ic%gQq6|NkrhX9fN)5&a)y%2flr=@R^3DWIc7dWEmla*oo>%*|;##m`Eee$-b+x+UWx7KkUm)#O2;>;d$T}j5_p3=?47bn%iFUn;(JlN)^ zxZw?W(aWpXs%|iS`u}PFC;Uo@5)2~uKlgtrS*rP8iaG!P*ZBYbN&mmI!uQD11*Jtj zT6x)~+l_p=I0ZPQ4i<*VZwH7cg`#-P%P*jF0Q~o&5f13YG&-Q;g=KBBt-v3#7tyB&H z1+HZO|CGRWT66hdU#on|uPix#Nv=Y{&AxvBUsv5&xbNxhjo9S!>i$r5738>lQQN|O z?_Xy8vTi>iy<1n{No-MMr`DGd?FFfKZ`w3>tGtm1q2n&9JDiPKd8F%m^D|Vst<(zf zRUz+p$F3+nl!Sh@Z_I0a^s=PrH9@uE9p0Ci(c-_&|EGRR5?BPlrR5OPGk!|)&-`Ce zT57icE6B@9GyVVn#{XISrq=%sd9S=!Se7j!_`mC|j_{hxZAxo2@8f^-MEjPUynD7F zQj^t3HKWk5J4Y37zN1gN>CvFkbyZ}Mxq-pfgn?sij_s@NYmw_M^E~)LOP&dggU*D!@)O%6@;I=cJF^y zdegoC3bwR;pG<}8rN(Z2Y_(fAGPw*}+W73mgZ@LXLfCnKR^3#M@BNt~5A)p}{R0h( zw72kd)W6Fp!@H~Pv%JFhL-9~<%L@x@W)}zJ&O=nqcXuWV<$fp{V=9<@x3#Q6s@?ucSUPP5$)#jQd#8 zE_yY>P8WyIw-)i%RNaJ)NZYxrKIAj79$R7Fl3#qI<+A0Qy7sJyJF4Ope0J66B|A(% zeAnf7A81!`*H&-x+kGOW9ad~ylJ-8qy4JJbJ2Np+ws=(7WVctw$ccR$D?z0)VQ<`oRm7G$sM$}TcWW?f^uuVWj@%b_TLy`|l zWmC*9o^pB693EbzR8#N{R=hOIQQJ zU)X8ZTama%&>~b?Fu3RmcU9I7m3p1;U3=zf;k-Tq$O3nAIN@_b?8b5Ji})Mx`ICw)oJx?>)Y1m^~o_+S5S7( z-JFtservv6m3j$#q0gzavaHe*Ib5A~DbP*X+`THR_gm&*RX22~4}1R2_n{D2#&bwj zd1KNj;`@_6AEAd^;;TM*T8zi8cYRUe-qde*PbfBHvqyvm`1?B#aKv79WB-cLuAZL0 zWZq=YO}$D6VV0@mT_N?@0>C#KF1{v7d0cBDL9rw01gB~^&{cNUvTZE280FJYAyiX< zadp4x^#is`RRU7=sVCTa0PpeK(#PjuL49IO)%8AiM zoA_0|chXv4qVHerTHj_4-Eu<9?{P_`Dq`qq?jyPE%%k^RH){{8yjq&B(-NzAc9U(B z^6R~kZV7$vp_P|?9&1-v-Yws(VwvH!H8G{HXN88|P~G_1)N!XTJ|P~MM>akO#gF&7 z8f)0e{*=7iR;7HGA32Cs)|YK_t>_%EjLEZ&+^cX;p(N7j%a!obc-dT|zR!CFgppefJ5m9db$^2*Yw;L=h8*-c~Ua4If7%+Yx zmf)CKyMOa9=k&M5u9*0Qv{TrwRV9iq8b7UT_DrqNPr7o-U9^9XTSZdVyRAYY2Oh7B z(B<%jo)^FVVnvGa{wwk7{Y8n7`4Q>0`@b#O%Ccdn$5^Mmy+mU;BJ4E3+b~gGK7v zz_7cI-sr$^f>+6t%;do!_xKCCLaYrj*mNf$AN<9)K8+8|MVqmyFI|LodZu|Csn+qw6}*BSaz`9+;!VBmdl?u9R*(<3EH~M>yokL{iEsm%Q2KG0PmG-ZAqF!Gogvh$WofaWjUm}nt zx{M{KX|0FmGmd7KVqc!8EQEM3jwcv1d8T{fnXm+y_$u>U-+N7*ZyfOT5+9Db7_75? z(0O}k`#xgwlupstuog-2@$F+T-BGGq>vRD+f>w=Jgr;z!on*biPPf=6YaHf8y&DVf9SjP5r&qcTI$0&UrT}YHh~JKp5`y|WK=jWHSBCI|zKymev20_nm_qPF5TXP4A{(&p5cwZc)wzK6!%sd$ZHaYBG}>N#4DL|G%_C?zN9;pl$R`%b#K$(V_K z_G*^taI2m>f;9ye*kA#7i<|yyac@%AX0OEh zS*jb@J>`^(wwX_tp<3ra46%g&V^ z9ZcA8p~xeWPbVt*dY}A6@OT9*N!fmA@S9w%tq&sii1P-dy`|tL=gkvULmOVcf9ZGV znY2e8!n)OIhpLxQK!t*NxDxg~P4e7MQygr)h@+E?)fMlXjy8^^f3Xn1|4YBV4l~%6S~&t$3(Km^ z3JLZcP#DM?aO`uwHxOZ|{ju_!dsya^)iK{pdbgJEJCTU}&^P?q-R&_ZdA(i7`s=q0 zSBV=x4vOVX>K19fAK+;B#oRmYg(>vNMXR2NKXwnlSzpG-*Ky-vqTpb~TJgMA-mBKv zzQ0%#dDQ|TVcwg6)56#*L&el6NPD^uy2-C?{> znP-ymPmPJ+F*zt;xO{ECoA2@wGCgomV*eY#JxwYyiW*@D zcZ51BLe*}V#l+V7k9v$G?@{+5WFimG3fTb8VCp-_U7NmNDATXA-#lHTBD)f=`22iq zv!rmMU`^_vv{_bWTBhgbWAPE@JG^4`(V0&|LRQD@NeYsIf>$-I7||IndDao2){(i+ zLSgMbOS|4izc={5+6AswM>&OjlaI6nZ-UCJ7VpTm3@jbq1K%XQr(ZbvsilV-qPKM5 zN#Pg&*o8O2ZJ&#+#>UgFB9uk|4K~Q8U9V}2f)bQ@dX&c)y%`M5y*WeDD8ldzrEDIfZLK_qG>RL;E{|J~h~eYujIw z*Q{kR6x<_uu{7#tNg{vR37>nC*9*6Y2TK=y6C2OM8U$7M^=33vsKBB2VV2h-;8Q(o zJT)lR@S-!$zGmcPziX$uwNH|UYmx>`*y6fnd|3VlBA^uO3iep*bugmy=g>B1aUM&J z40TsWSFg4Xx2E`SpW4Ej9|pbcsV(qu>prpN=f$mUZ#AOrR`gf(K#REJw`3}}G^?$b zEzmi;&MxJN>)6xApcBH+kl};vhS0+AiOqJK55LVyMT^TfC402#3qkMU`o2~r4d3lM zP{saC{^iA9-k=cO0-F>K_{fbl9x3sbBbu3crO%s&{J^@3H4Y;Kt)^8O*KWvo{B#qk z*dDUN@90$<_-M43QLbh8ie`9{WYoCfv5Ub1B|mKt@#cfk9Vf;f4aIzpy(JW&7guy* z$C{D--o<@UjkEAXRRUxa<)s+0@yYJ%bwp-o?_I)rS-RB}V}1N%1m zNj_87zqsEjdMLp#_2ag5 z{`8i!lROc}9d}3e#GPjqLeI4W{7&wDpyCic>MwMaFQNNG0$!)YsPR#&c|x%OPYJr* z>T21EgMP)K2?q8--wyTPX)SuxapG`vlWDT5-$M-#Znp~a5CUd(J;E9@U|RAad`+9b zy#1RHm&3_JEoaBmI{e)iUTD9*Kl4jd_v;XA)f1`hyHf|A!JTNtf{I%Bl#68PTLs7r=pu9gG`nivQlQ+0O zuZxh0)Xqnnv}da$k>$?02;&1$POAiU+=L#- zm%8h<9qBeGGPoZpwjZtCwllOo@w+|ZKwRAZL*mcMlkccpw`m!9C$J$OZoH)YIVNBG zIlq~Pm^bIht3AZENdvldq*LR*SLb-3%!u@1SA9>nTV#Tm_f_@& zf!MSRPq?Faq>iX^4_2@$1q-k0vwq+6vpM%l@9_Gnr^8=|^4ra%P1=gfE{s}q+w^Yn z+Zxjx8?Pr20gkDSIlX1d`r~b zmi$8A-bWK==uJW=BChg^4~Si~z0YY=r5s~dmH+cVTzBxTz$c>DcsB`^yE&(1Z5nwm zpkI0Ak(Eu0>355AzI^!Fk`^97B2D)4MqEp<%x-V|vj zboH~$#Px#;iks3cZw1%C|B^i3@95qW!Cm6=t>mI!X+T97>gYAc^TY6}f>AeV@jS~N z`+e^6Mhyk`ir_YFrCLUkqLCt{pr^v}aH7dIWc{SJLEs?|*zVISqZCff!D$DY_; z_07mhJNJ{ylL4ddm_F&m`|rehg!A6B@rTEx1ob^ukrYl3?JT{eBV!hKt9wPhNuPM{ z#>8Wfc|;!UKPnq2?g+En5BE0gjeUb3xMdYKGrESm2@&ST-y6n%SKsVmUtYn(Vk$GH zT$1IKKOQOsK99cZ96KDKIr9>hzkySqFcr>Eqy;phGrkKy65Mfn~o3d~c2&Y?Q0_QHMSSw;IpH-SHn#ez1z25(6>d4r@ z>VniUlbY-X*~^)=4~CwjO27%J1^s1-)#vSNs#7x6q&Knnc7ClsyhGS??T9yKaO_t~ zy^HS{YDt~9>r$lk1MdRnnF|6R&+T|y;fzN}PwJ)}=ve9_+94~YzNk? zc4$=k&HZi(wo!p!BP}jZ2FL20o0`7Xc-xKTRi)2_p_{U~|J#^Nag6cw2s z!4$cD?BcMCf6?70bO;saytBu~?QLbP8;5dn)8g_LljukZSY1lRWxIQ^CYe&j*Dii! zVX&m}I^9%`yYY@pk2N*SrJb7L_x_Tku&16vQP172`noe>4!P;!BUfSL6 z)8Ts`xZkl9vWuTkQna=RkoDVmu_RGh_=(@d!HUG%n`oECjEFCS#MT%rn>O z{4@!*vuQV#-lHCQY*1$+h&NjKQLdu`TCy&$dug_1tw-{s@3AsA+r!KbdGtFW1Wm|5 z8J9MCv{OwWz#~Y_?d^BI(7kydeQt$4*Bnf_%X@VcZXe}nG-~rK)c$Rjm_eygZmPg`@=E$-3%twGhIx6T zV#y)RVr})_zxk7c-`a-96gHdeEDBI@4vj}W2`{n|dgyetoBszQ@A^b^U1HC-p_ppp z;mbb^@sVfB2T$zqsHsVgE__h@AYv#K?t_;tD)xE%0LW9yAE=)gR1Hl~_eZgn9Q~~G zy)IFqU)Ft1nCx)_jnu=v$?`-*_O22!*!K(z03x@%CWDT@Jngv&UFaQI)YTVeW+ni`|h3d5L#&!pElgjU~1r*IsN)-NYX*6d+O-^JHVP`FI!Ku#4wH$#l1q zSm=TSm`^tG@pZAn!xA0u22nBf*ZKq1R4ucM>x7P1aIYNx{cIebV3hl`C;ZDJ^%y5} zL9Msi+E;B#vSsQb{1qPxPlVoj7!zo7|7>*cJG+9O+n*CgO z{lBwVXY;)8`~2SD@Bhp^J!a;9?>YC}bI&>V+|T!W@01pHcvzf|sV?s5h0BIpK-De; zys3&4v|G>Ln{xBW=)->L8&|R~?dfc!an#96y#p9>kJAGYAMnmDQaoSi1PQT^0}6L zyk9Qxd!Tc#>!bdtqlFa%L?m%dd~0=&U2E~Ni^HFO_9gdqSJikb^w+6uQrN!D=uy== zZ7KIYL|sw!`E$rS z{!M|ssy1$WiD9U}y_iW>?aid&nvw2NZTP-J7e&4MzZ|H_YjWe!ad~SrAYWe8)UT$d z*~O+Lu)V9%F1X}a&~ei*Kgzc|+qxcz2sKy@w@q2;^;IH8X~e9rJ?#K4?$y2r5(t4y z!*7oR3ye#pKa_8LR*T45BY14tE}uI^ha%SMyCf)OnVMkbtq(?y+-XPmKKqheC-+6? zi0`iM_+Oa!9=}LI7&R*jkz$e)vU5~h^di~4L>%y%mVSUc8?yYHAKVnxX@g%bH=;{<>-(zB-+0~&1v9IuF z+xSxJDzh!RYZva0+8b*c?{crOqd0zOKjPYT6Yni+-?u!9t{gX$OW})$S{LyBbax%# zIo$eqo$0zGNhXaQ$E)rQU%2q)&FTAXWp$vB=VM;oeSNUwt(o$sh|T>vMVMWk2LZ%EBxiOJ1D zE!S5}c=7)Z{wEK$l$KJEf=m7z&wt6wQ#}7AE5&^N^S_S&v2f&dw}U`jd6W2`KKkqH z6=zS0rGIq$^HM$~C)#W2@s)77lqZRwPH+f}unR1;dS>xZR657rXt#F3cD>Nu)}w-8 z6Dh$JzPnThxes+bANliLL+>XB@+tH#dQ>tr^-k1T=aPoOY{$6I$_7uXoMg`Wj(+zg ze%Sv_!S{`FhhX`6-e}L7=#^X};_c`6*0l_$E;IC!4(`|5+NrmvZq@bFZ4$_!PZd$A zcU54;N*`0A?%!3>E8bJrbM4L2>)(cSy?nxNz(miq`E)7WesFw5Xj4VutHTEH$7=QW zOM5c)k5?*g8B6H=GwNZk!ms@HqE2c~LT{wg4^_)sf5bngeygrGJ^C^1-u`-Y#&4UD z%I-~$71r;J-8vVhCUY;F80{-n+%9-M>-n9Ln7AxW!vX&&Rjv``$KE>(dv_S%`L=l~ z8_Ft26-BBT*Pq(V@KkJXW>>YInvY;z=Ur=Fx=Z$uypmYuN)b#! zOj>|4f2o(o*~LIJMZXi9pEsH3?;ZT;)~oO$!B{I16XvX7vaClGersLhg?p=4Ezianwa=pmjnH8)3!7e1E4pp$TG`K|f&nF*q@tgK8 zV%|o%M{_)t6vdzAZh@EaD!rFY5WI^$I$W3Wq}TdJRe7J==&5CX3zo)myBHcORN|f+ z1V8WT&MwPN2>H`i?GoEH`k^8Qd8Ok|Dvye3#4)AOtkqn_PphiTFWQtJ)6ojEEj?zJ z@b*IFSIdX-wMo{WLV_-BL8qicVyk^(<&HUqe6dQ~um8bX$_aMWtTXGtHfy)@nEQmilCG;dcebi46e8iR$Cs9Q$aW7;bza5qYtGj`+$iWfxOfB) zaxJ^3Cf@s6!0+181wuK}T4G_nu#%Dd(u8Gh{$Z7wU5dkZzgD_{F0b>^8y(LXcpdf= zv2hfe8FP7I16QBM$BRFsYj2xKn0ejWr!zW`DNxgoycy-2guBW4Hm*GAdwXYtQ~uJL zOT#*~PsY{jy%wrTv#GQGE(Q8$wZl+B!jt9l;+uEaF8jf5o-=>!#nWA?Q-U&z3#rw) zm%{EwpyA;g6dQ79<8!(ull0PQ`S^Ij2TKgZeEw2dDSq%GFGkh zUaL~wu2TQI?@NLPgH!3_~ssC<=hqr;rvP*dnFua*9`5o48= z3BfAnu5a^>ZV1xlH!QtcQ2u1dH28?VrBW?K$&|mL9gxx~5cm^i8G*`4xq;DX`s0{$ zDpNdeg@>R*^}Vz+_2)ibsoRp{W#JHStAEi>_VHCibWz3E0_|g2JRHSgceN`LhC*e{ zoKsP|tnb$**29KckWGW>h39zW6D%D9nhvk~#@g^KEx|ji#35QBN=^UN*E_M^M!ezo zOf9a+d8n#HM7c`5Ey27ObZogg__QXh`;KZt>Xxx@m6-M0!;cWvdiW9>n5Bj|ZsQf* zw)dWAiIsn7>wNC@=fww$=0(uzM z<`t3QXLS#IWNc~KZY-g=>yeyZ3#PDrdwigr+Sx59F1P(o^;GK4seIa+SP+PizsmDI zrn2@SL?B^oO)@+Uh7`0wY<51D8rT>&%kt90Q6& z72m7&rD_*uL7yj#{~k8Ecp_B(!`M&%=%oD|R^LCp1B_)UqJ6s>$j`0F)~h#}J2Eb8 zZ3chQ`N4~agIcuCM5^%>=`Re@vs~ondmruacH@-~PCtJ9#$W&Q^PQSt>D!BoSG>1_v1HWOeqN-ep|W?? zpHo#uGHTspuCb#+e2wUZP4_tEV9Ezuexx?O=cr-lyTbx_O%6NYH5wy|I;^0>CshE? zSSMM|Qlmz6sXchWZT!tax}bi7r%W6L20dT)h(VvmXhw>DoAi}#h*oE1(WZoP3+U5p z-w_^SzjLv`b4n-EC`o}4@u z(C_5DoL@jo-wDkfY-G{R%k%YF4@y!?(gEDH(M@gqQU)R2Kknp|yA*g&VoM@C*a&h3 zxf0endCT*b6P^*TVW}a2FCZn55*~Q7;;WpdCz3SA-uRJFMEF*T$L6S1>{Yqqr#3njrDN{> zLT?jV4C3KKVZB~Gg%vFUh+-cTe_Q>M>cSIoxeGCmJpOdo)hb%1jRy{XEWFz*^7BK9 z#h)-dGIPk)-|nRGpJ7!S%M{8*Y|<*-wKnIzWjRlI4@!qeyY!%q zu~yyJy|?W>%Hz__Bpv|q_I7zfzgKedajllSl}}5wO40(u94<9isUB4f&H1y2zeV3V z6TcVv-fGA`($1kM4523Nf4lvB<>NHmn;!mz6rs?lerUUc4X;}UN%Qgqzzd{gbv^3W zh4$gV-7fxztKGD;)*@p?)mkb)bo5A@W}ZgucL=&$8(&)bXV@jYYFxM8-1=Zx%JE%L z-JdIRjYrem-TR<>8_xEMAk*s~L*p^u)G59K`-TvHK z4v-($Dfj&i&Y~u#ClbOm@W%bZMb0bRFSXV$*Z3kE^466P)Nv;8oNDsszR&M+6}f+A z{;GUo+`MAhfykJypMGp>LB>*}-R)r(4nWqw%jeVaP_7G@oy~6egZ#?9M|7ee-th;h za};ZSh%et~tMtsARh2XD0k@hRzkW=L)79-qT94b{26wCpmwW!TO_cx{LR(CJY_~jT z@brDRX~RMZHz3^X%LuF!I2BydyqH7pX7cI{@`u0L1vPw?U8A@+(ap@e`pUrSO602p zb&wZuK#WhnodOerxw?Mr=6uZ|V8KQ-?psF!f8O8ck(pPaa%8p0$DG~OB@Q25A4x~? z8*Wcji-RQdS0a(Wdy#Ta-&KCejpcXQu;NUoPHF1LfL@G4G)lqrScF!;azz{Dfy{{c zDO;Tio1yIfXNhCw8_ePF9>NpQd%Lo8&R9A&IKZVgq=ZgBTUkYXwzAmsNk|vZ-I^U? z4R_S6;zEMzjvUj8-&{G6D)C}?#q&_*(r+st_3Iqhs!#stle$O0QFkJ}zc_82Kg~u= zoIlqhEoRF%{VM+ic%z~~Slctx<4+H7-rVxMGS~FmhLPZNO~UV=i61gd@6P#X8^ba| z09-+;s;7E8b`au#DvvvA88M7ZzUQCgS0p<6`g9*zLS+!9JgN79H{p}J+NXOvNMT~~ zeJLpj?I4GV_@@btU&fz3_~G+iIjZaDrLPuJY z(*n0YXwK>Ps52jytgA9_-{9EfTDrr0gTsU8-_$Ca&DT2`Sd8aj%^U4~(=WwTdE9OF za6VUaW%Oy;z#>y#F~_R`3Ev$rvL7u<$se&tqVD`TU-KK~k~`7U+|-(w>&pM$>totA zNL|X)>!=rA7thDVmF33v5AZyN+^DarD-3;Z5#O1B68rPCwFXEKRDy8lV^-gOu(~ZP z?ECxgokQ5s(Hw)8H+?yynU}uyDC8clOK@>gGFJ5uyVB;+`fTsfgB8Oi61C%ZcO3cp zK6a}}XtqFgVX3}%e1TbMbyA6*w-qvE*j^wv6m#_8u`s#91n2F;kg(*6?pUdqpJAg& zmrdT%2E*4Mce*1|WfRM8{z`zD@>co?ckF*B`nE3vBjl~s{7n#Z5HDVaY!M1_gFLoA z{xI$Rg?weTXFNv-Zbv1T>2|g_9&goucdY-!3N8^>zQ-{~1+)9WPYMqyW&~D2w`KZ% zIKC%#-#}K^M4Lb^KDD!S+2($8Z*)R(2z0zzLuo*YD+THUX*?Psq~ZWi`nb!a6gu+L zTs1K^Bh9yYRkfLKI#@dTc4pO^w@>eB8KMSmX zmMKaHrs5L=ARLP=-jt@nB{PpATdN+i)jf|#pm$ZVy$ua99pQZ*wJm=c(HB@JI99D* z*X!q-Ms3&izl8rF(KrMiVh_XGSV~DsTH3;GZES&$v`ztHwEtI1hVuC@SxF}T^WWS5 zOMd=KN6g#`coQVxKkGu^gFORXzFXPZ+0U-fk^FKEVZ*od*PZn&Ah-1kavSsNl9;&d zKLP(G{DLHI^5h?BsGPgBESZs`S!_T`?sA->7PN!`|J!^*cy!OA=uy1NC; zw@Mm|ossoFk$d^OyHwFWSM2R8 zbjLs-t}|pv{YZdyefkRaV%>+Wr>{c1kR9gwigrC$Q4ZDUgmB1%4|u)mzNQIhcE1JA zYGAPT6QTM+8+}z)p(a(P4>gz1~J+e+q zaxGxfek$p$n;`=E&GYFS4}OV*Ungdw;i0}0*R=(!4+|QXmEQvUb&2zGhiG4vUlfze z8O|*dwp7$q$)|T8qUp;r4fmv#qTQ>+RD?Xw#&T$_u6fRJn!A(jwgBHF@Gz)gcXCdB z7hA=%+AL7+>2%+Q+j8{cK$ut1v7VyfMbttVP$^N=y50k*IMQDAX@u8HX;H>Bi_S zwRJ07SkBy5de{B&_lsX2K5x4HXSju>o3j=vc)9RM?h+gFt7Ccl!tvsFvL2&ptAe0h z;NGAOy^GHqTXSUasS97*5#F%6Uem_Ezu@7!#+XF026dAY>d5S|cPp$HoX0v#!cL%; zn{Dh}oz8J>IEnvOqSN_)M5fr{_GT4X>(vLr*V5tLs#L-Tuk5>5TQnSEzuQ=4xK`-GWyl1D|R7KfF8aXY%uL7pr`>@37nrl7gHq zlgFQYgyt`Ope}}8To6+n?i6hBwcwR&V7rG=QwAyiqb%ym&#}KA?@a-P;_l6Re-*c>A9}@_l?9t%_cp}` zEg9OvjXKGzF3#e5UP$7^?*m7BtGJiytmSyE$ilJND$?rKRj{AS$wwx5{Rb=fntVR- z6d75*0&RmK&ZPKEVlIYAQ5hBBf#0 z*T-^|#rihn!f`cq@JHL8N{wbS?5F-M+te#EcCsGM)Jy%Gv0Kdhte=Jk{BzG?c2mwj zCD?!$ad#Hk3s)S$>%Hzc`fz>EiWu*PqJs69vg&)7rO)@voLam|=}!3oN68KD%#Qaj zti2mnMs8|OTFlKARx9FVEp#R49uG@wq2QMm9XD>b#^;v^udIOX(B{{yF#nrP)|;As zi}ZJWFj033KeNjcftBOl?fUNieb&$Y%U^7A{Lz%~XfNbNw2gdEo7}Z`?tY1hr%RLM zSUWIh z_Rd%k`Ws{RpVg#7ddq{_N{D^LrIk@|U?lZk1|INzStyI&x#7vG+V z%3HL41uHk3)nWW63uW+vADV(le2nZ4uDl`HVhB4MHjia#V9@rw1#fIqYC5hYv!B$s z?5C*#UiaZW`(E7>i;=7Eo{nDE>j7HI;(h&Wy=q?ZTde!tKj$0AUafLE?m4KWk=Ifb zv_|Q(b+Sw1MJ(&3v1mB!ef<;Z(ZlOx@weCod3!zcu1N8p)$!rG^<=zxg;ikC*_!bD zA+|RCPsOW_FMe}Pb>VPMeaw?YL!rEyiQgSPKCGPSJ24^`?y$y6I(d3>=6HknknE{r z*Fhs6R#++R)XK}K9T{zK+<{hn0k>UVw{xXBPCoO+%HInGqOb1}Y#Yc70yTm8%x|$v zh>PcC-T&>^X20VjW_)E5R*hxtvbtpj>kNuo6fXUd(fF~lg4YLQS<}R_%_?sZ=nKm# zjPGf`UrvUQ>!r&SS)Xy3=I7G@CTU#t`?$rgG(t7$ zm#EtUlhmAFPJ8)4(GLV9xpW)ZdA+ydm)`4s`m5}y)VZo{hR!`$wrzRR`{LimJiN!V z{go%57+&w-wr$4|eCUtkL^D?@O0oOXZT!Y@)pZMl?)3db_yK*dh~bL!j!zm}Yl2Oq z@FQ|D#h)vl82efce|$d@UY2f9v(>x4Ut{rs*7fUd2zO(Zd!1jOF!jK`TZr8$Dw^9^ zlgQ2HX~!n_L2GkF^5TVIp%Fdr5ABPvdff4=GxoFV$?~5#zwd8+RtZOXj_gG>A##tq zJX`c;^{7#<0PKvYchq*1=r_xru=x!KXBzt!4t1I>fp6L_8okuuGO9P)U}W_IdwA|H z{BnO~gY8NX?;kan%<#1#LVmINw~pQfc)13i4G`^Y_Q~6(ooD$eaTxlNy{$qj*tt6f z*TNziZM?AFs>!hIYJZf%iaxf@?y{A9vM*2YCM*2de5-R|_M`Ig=1(^c>edIH?Whp= z9Wrb_*2pDtM3U>7m4MR=#J25ZV%xTD+r}@M*iI(K#I|kQwr%6d-1q)>w`yza*?re_s_W`g{i5sC>2rO) z%ZqZLLRKFkOZi7&-id}QibnM|=~umnjg}4R#jWqBW`t`^n?0UUxL&6ACJRO68Zj-l zfCOAr4NbK)JD08B2X6yXKD!)Jr|HO(8=61xux#jBm6#b`*-46b?ry8Mn>XPQj|NI+ zxo0eakqpf^G3JQc-ce)ZeSYlkG<5tbl=lodRP zn^+`|{eGWjH*D)!;~mrau$n4lgKDzKq}OnsWa_59^JF;kXRY9p}!% zY3cnK3Q~tFk-BCgMqlsI!_#dSDR&EO z;L!Fzkal5LmfzXKCNk+fB}Z3+L- zkbQ?58O?=tlP@z~`2ztW4ButjWSo5*^I`zVmU5K2*$gmwie7-?bZu(*a!=M)z`>XZ z+2xKFscxhm|6Hs+?>%$3rGgbN^>y59KEra@kNIl{G?+r>c2$>QL!{7R8}Z(Nj{-nZ(= zz2t1o>B4$yjyLg3HfBrBX0L7U{a29~@~ER_jFs!WJ+}7FHXgFemDQWV2zl1Pqjn`N zzbrWOHhIc)P1%As$&v6_>d&~rL6s*MUo>>OO?N8@m1@2pY>x&5TyKf^nbuqO?0@9I zy52He=QV7!5=Ti_=>CqYvg7$Y!ClHO1(;s(Mf9sx1C;1m^BA5elWJ z6SVRYf08b!ZXXwR$grT)W%=bcO%fC-t@TQfhIW`;v8g?G3py#ihF`;^`uAQ-C2J)-b9@B5aQbg?yy=o|7geQFHyRASbMv%^jt6g4hmkytyYkEk<*mM zsA9H}`@VjO{RX9Jizm)Hw!5plN^*|JChwro>ml`8n#30jcgw5g=-aNZAUuP;3FcKa zsRsAQ^Ml$HJvh8kV+a*qYB}wOIf`%Q=t`{6c2(NFA%kUhJt1nGt4SW~>u#u4F8f_F zM<8bQ={E@ndQCo`XG7rx#7ce}y}IT|UT^*c!d`ctGQdk`Xm-`PtkWCMXz`jH%vCq5 z1aGArTfpG8{8A2W!>4xlO=aZdLz5L(2M)O$Cph%LGD?KF*#@Dn~HM*m9lP19>7<^xQ*U=w7ME3`W{ z?<0ivMZ$HbnZ;Q39y!`%17cU({5TvlWfSXaiFhox86ly$AXNSB@|e>98C+R02XIa<$~(ifFp z!1wtPGy!as^)??>Nyj9g^d|-5uGI~L7-`uTc7C#UXM4K<0)H72^NGj9b_``n6N`mX z=TzRIRX*vX53GxVR`2)2(vA(+a<++Sm-T(z&RhGIyB?3Pbf&g}+E#4H)#LHCqad2q zAQ$Jp+r@-t9>`38YoRnX`Hj``+enq`6>r|+R&2A^bN5U=&iA%|4<1^N!k_dZ+={z3 znVG++E*rLSQt;`A^-y^Dw|1v`c`C1u{(dC_XKa@a@Lw(-w>iVn2j8(?d<|R_R2$wD z3Z)kng){_E<6YUXJ$+B<0MVa5%TZg2^1~*+)C6uF`&wGjH01A*f1dsnpqE~tK|El7 zc$OlQZpA>}BV+1jK^lfp@>M&#wQgUHEpb#Dx!YBTVV1&IC0hG*4vII|ab2CABCks- zECMiN7WLfDpg)x-Yxohr*B;B;@#zk_XU#zMqE&5MM(IA3U1?7VFs>p&chM6;DjYyD zB75;%3pUsbF}U&&_V>QCK8-}3#ylqtL=VC~{59xmUm$BCwmyW@$)GF-2Adz5tZna| z()XMPoqU}pd4DEoFU{ms>>{I#JYI@~E&#$9P4&jz8b7tx1)`|I>G zFGqn9qZQy`5<`1j)MYEv97Y#1&^%m@O6?08>4Rrl%lFOWXlS|MM3p4I_{vnD!F$Nc zt}9RQV6hvNp1i80JHy@)#u7{HVq1)$n!;V*V#KC#oc??m(H`^mRYjzWS0}iE8zb<1MPoG z{LjO_?BC_^z>?};-X6as#~5$AzEqyK_|I#<3(-0HM*h!j|NDZUJJ0y*qLQa}++T8% zSz%uvRlQ%LTUD<|?{6xUwmtvfL(!&szoI$X2&(ZA&`E?PwRN>MaW4J)jBp10pzZ<& z&G&pAg(N242Z4DzT~7OYfEhfe~8!?ecg51P$zKsz+GY z9p)4+Y40c*>i^Wu{hO@&5h4-!XT)A0y*H5a?(dU$2!cm(Y-|v$bI?YC-3)npcoBN6 z08t9R4oWHkeS7ww|3F~`egOG@LE&)ylz*Ub&o?L>NTZ7gqd?G=v3_*jLu3!Z&3^{b zw@L^kDM4C|JU$2()=2ErIH(WQfWY@tN04v^V%Mw}{5P<`UAR7_112dw-cEGLGQlfRO5Fwk;fdK@u+m>fR! zYZMwhV6tUGeh5~Ol-}+TKR*=EwLM$~{ZpH`gQV47^^8BW`nFOhe2Ho!?KLVww7N~8)~N+6~fXSWD&zOz`3V{KXbiFbIrm~9;2N0 zCz!Lch^C|f6fGo5+K|r>;x*v$;F~@2gZn(AtUTYGHp&4Uh zl4@*I+?FLYxvyBa_20%@El4!(I;<16NwT0B5>QE0t>%iTiivvWgoAj;KjQoi?owVD zi@|~!BbvWE#!<{`G04Ex_{D*dWYENs_2!6V8i**nfP+&KEfk}a3XD?=MhSpxG`BISJq`sRBW#NmN^*kEl)PAl)>Ao}L0 zC~6plpm#teFIhxb$gXq=u)Qlv&yI?c{Q{#3D5n<7oOGDmHsopQukWL3 zqY{@Xe{)Yp`!6^X;w_A7FuG3*jBN@`&BK%>^(68+>nehk!J6U%C6JVbUpdu;_7&sD zjTwdwG(bhYWuO@~Xemv;o8)#V15?`Jim{m5ghd_WpM1PhUJ ze=@-C==X!9$%=UGN(*)%=WCeDl8ZaxnvjR`LJ~gblkP0j7}7`;=kK5EB77E||FrNV zK3j{*X#PgAS?7Z?S4t!l?ZW#L6Tv?Z<`bD6#+lQ<>EQX?O4iwZW-*(5$k?>i-`kdy z&Gr4KZwaxp4ox}6A|eb2hV{B(JA9M zJ1CkzT$1`i>-c~l;(pCQnDyTqMt_P+z-);BNUA4UFhqg;)EOg#=97v^FhOzUaq(-^ zn6d~D9_{!dE;D!=AqkCBl3oP%QotlqJY;kmBs_Gfm&Sqmo_&tpZbB;|sh!ifnS$8$`@|IT9l?he=%nWGLvCv3Pq;Rs8<5b73Wy^I3!x@ z*+DjV$L18!;ndrvne;;w{h5UvH zQ>vE!p}`N|Xz=k@qy|0A&v^}fM0a%Rw7)u%@$3GGJZS>lDe&;33I@E~_Ar9LJb2D7 z65+5g!!t03z`%|m0o&cbafT?^r*oSIi0mJoz2xBFA~A9>gTO>#5F!PEiNV-K{rotA zL#c7!$RlxCkV0XROozHJDa{ctLC)9x{7RH!|03GjiZcW673L6~1^Fo`#qONzSlcK- zfDK9u1P}F2vulC;u?#V z#BrBH;3U9AKyrkQ61a#F89)qk)=e>%bB>q!4-Td} z{1*;J{VyCW@C^s!{09zh{4X2~ngok<)D0n!TL|9_4HZ13kGU&`QlEtpNu2o~I9O85 zJ@6kKED$QxU2X664F^m7gM-<>;o$r_p=kz`+9n0X72@MmsFkH+XE?bchT1#@#hD4P z;Yv}P`5AkV@T?|@sfpK2d0KYSP0^%Kc5)_1HYmyNYHbXYJ?7$LHt|OeD8=3T!QrD~ zr5QVUzhGM&1Uwj>X#Y@mrqNYUlZojw3ULSf?>45MU5r-TBw3=&at8WxSfQyrk^y!P z`g^Wl%I4fK(PqbC18LMEZEF=s>qY(p2gfH~CnDx~S)oW>7(sXviiZcAYBNyin}{xP7F`z4 z z*2(wfPh4|H0s&{38gQ`t$g7gMA~SELOkSQegHF+iteH_+-DpCN4bZHgfQOl>e{L|= zJi8dif8Aj7e{S%JQ%VfFqGLBlTX*%{@sAbA6Q-Ok$av)0Bl>JoL{e}r0?OcJ{ol(L zzz(2DIwUxvb_EjSl@^TEL;7)9feSyvXYA$8guLxj|6(Kn3&sp_lMu#0snC){A(3gp z7%UDj^y*ubnBc(-12c_mZ!L3HNUXPj4I(vF%J8y?uTFyXAm9IR=yw+shYuGLZy?|= z6z;_r`vw@ zhtkOVlV%T@M0Z`MjNR`{?y!Ey021rtG!IEAG$3cZlW=(=D`Y`#PoZ!ESi&d}URld* zRVoUSz*7yT$Yb%@iH&rzMi)U_#<%uF4`&q71Bk?yw~V53A)Ijgj2kgcZBI{Z<^WgI z^W_}CFGN487XoC8os{_0)1YzjRr3ax4sb6?;}Q#wB4U^u_e72HFb|Ff#4J2b#}5e| zsVQDmutWbL3I)ELFu(e_JPtP;h{6icKH`j6dvFlf&qf<25hf%2xcBq8L^2qnovC@` zd!}Mj-^|A_N>G_Iv-mx455ynr4D=tI#_o2d4IF0c2rPUnG&i_`J~G+d4MwX(C(sN| zN(=x6f&?zRA{zr<*dHLmWq-2Zfm+7$Ez~?aWuzrUt;H=nVP)dt($aln>}Bci+reVw z=ZZ1L(7F-2F-GNXX z&ej9Y-y?%aM^?bV(2XPb9LJD^`D=`rZ)&TN`cD#ua})a=#M2+(F64HoA?xd>3Bz60 zn$JoGkW}@P#CG)i z<8#78NG1p2#?&O1G0{7TOt>tjZ%VCU@;OBGn9qbPmR)fB?P!U7T~5!VrC-ZyamioA zXPu8M_d^0f*-bV+MYPHBQvNBQ`DrvnnTG$nBiJ#r|GLpcdoCC4$SX&R<~lrZc! zB^)R|hZNEe_p2p{tON$2h>7Wdx!V7&2^aj;`iw^-pum8WW1>vkfkHs?9qAg}K(sIl z5PZjdH*4WK;g-fC&r9Gm)?gEl=c&!2?}meG7yl>6*m@!Gq$}m6NnXbaP<_1I{6Bx4zHVK zLdx!d`Bbp7k)&Q?Y}E%D#pJ)jF4nog6_UzK?)h1fA)T#7WYL97ihsC zBbPAVF(xtNe&H|7{uGxis0ib@!^sgby@iJi`a4SiD0Bh~dsHK3(LL3rGfZwux30Cg!wH*>jIsFzHEi|1#W>SO6uOSD|8SzWSg9tABL2>X) zfArT#FeejuKKXL{t>=nFW4td%U3Oh%a;94&9}P1a5H&xf1l@`2L4K#PnMTQZWU6*B zMC!LC%*bR72VGZ3Y&ta$0MuGVW2k|=C|?28BXOsB;fm?Me(y8OFaxsK2WlM-jrkG` zC*4A+U=DuXd##$7-KS@OA~|+TkWT20Q+6oAXKvO}37i|4V{3{nPyL1@8G!sLE5qOK zg@_W;J9WV0l7renHgK4T1T%zZ5%6O!Hs;qZmkvCSQT|N6V}Cv2$doW+(UfTje-YCp zrqU41Tt*Kn8+>KL;YcilA(&A=iV-8-3#O{vuCV{CSxfN#eVT1r#Trbbt@28|*-KYH zDw~ofPEd0`E{GDfX(f2R>1#QP3hWdLrWj#euk<366BoVK1_~KN0?R91ZI%H(inm!Q zaFqUdvLi(pJ|tWxK4{9j-hVh@EDgkp|8TV?2Xgo zDI(2^!Sn|qk0BfA+e9|pA#X=cq5NEANaipx*HPo-IE*JPEK87#Wr(6tJPO-w@kuP! zodm4n7a-^*F5yAUFPyQE_|(qv8iLmH=kn=0E(-j7Rzo*|=V(TLyt>6LFbFL1W^eAZ z2U;+6HpdexWlL@>Gtof#!sz)C`|xNMAjIo+5Uxf7;^h&_#8g%VYNc(^P zNLpn=-|P;@m0sl+C=KmF^3e_n#M(iC5W~R`f>?pzj%@}ii#XXj>M;sk;mxQPT3Q{j zeI@tMmzAY}7kn~xjZ#m(rbd|k^B+$boBn5zQ1c3LHH3qM!?iS9T6|`8p}+)S`FHzy z4zI{KhS?}7KFbA?(iDfrVMYjdO4k?b$D7@6E+d0{7tS4xeBZsInf<@=SY2OakU>AQ z&AvX<^YbIW_kp)Q$#svOFpsJC*7>VnO*~sQ2fMl0cD_W;yY+gqATh2RmnEJM;6OA# z!>{?Ih93{w2@r}16_uQ}c)eio0_uj?{T`TEdicxhL~;=bV!d?seYg@n_&k)s(mYx2 zr(SgChA^r$Kv)->kDFdcRcE3iTHLbNFqGN`j|ZS^E>@tm@VeZ@N2gR*VKqs-H ztFZ0Bvs#@l1xJR>s<_}(R)DuQql;9^e0=ATQxzxUn#?VVDh^{Z2qD|+-)ZRYIc;HM4P+#Kzq5gSr5jC8!f0w;&IoIrvGH}H# zh4(oM_aWj_CUBbNhxNpN+NScc=1pu&pvA zGg(?`b@^1Rd`R~FRCS#8TE8qX+3aDMkBzxK=HDth(hHOo$LIK4r++;+#@69w_%d2W z%WJc7O(Sl0e-a<2@Cl!;d!k{M5>{!;pm~B*jOtS&#_2le5miP6s`ZP^x|2B~s=9<# zNI+spS);v@{}SJ??%~XCkG1azfce9(wT_;S7mCjCu8!}aW!)xM%0~KV5iK^mVpGKo z;kfuuY_o(!xaJHIg811Y*gwXz`WkEFkzKY+aAd)WSH~jIfTbaHF>O1_^XnXEG774)d z-nub*z5!V-Qkj=lW^TNhu50JMa!qP;WxJp^z};4)y|2(#zJ&z+?n9@YM@=WT)HKd` zGsXpnu}VIEH|PaxgsUG7yiY2DjYktpubFV<9#L!Yh1cDqcFjMDy#5YtjK+TMM<0mm zY1#z?Q}Ij({2_9@jzW{V55t;8Uh*0%=+=_lMp}#E@dBrn1*I>OPR)c0Re-95y;tU( zHz{5HZF}K;W8_%5=ZKrkFICm^Qhsc^Ps&FEK~=ZD!|h#8>=1GssHOhyHNET?tQVHA zvT?P|D(p5IcH)YK%qzIdFCuGgN9(6o)l1bCRo8x(lT7f-Ky0?n7zPa>SjHvsPzg3! z=G(3=$wgA_oeN4lo{#0gH9~yW<*EjJezMPQvr2OqM0yA>x9Z&cqRE(QeCrNdspL!@ zr_$q$%EszL9|C*Tb1@OP?t>+ubXnk2iBYlt=M z4r&s;$MyAQUtx$8+&vBj3#6yLbJx?J4!H4S6Sw+11M_Eh-!S0f&Esi}N51vyYxTk{6dC2Y4KDOm1OKXz#O1ut)?oYk!UE0PO1C4i$WaMczt%R*bJU7&dR^GvE z7lnhJ01Qx>)D1>(rAV*Jl~RX#Z8yC3FgEpf9d_FCp(DY$Q`$H>qV^}_Cu4C!I4*7& zSZJ1rr6{)WC5x#zuXRjx4>~cfv+3cm1Fi^HJFa$_A=+YVgZ-zEhBxdz_C5Ew z4jV7uAndD&W^zY4ilTCWAvj$f=XuP8@s7c7j$$K~qr5*J{y*BQwt&A=3w8!I>*aftkggEDg{JUv2kz2yvNHG4P)JzryOoK?VlrxH}onu5SzV&OB{M`dv6&r z-jC(S5s~6y?kgT$yf?|~bo+E)!N+X1Geim@#`agYdR9J+mVl~85>DaSzb|nye+zdY z+v=~*nMxTUaraHtGNpVJsZwBx`}G>vkZR-{UmS5FsGvh) zUG2JT&Zu_SetW2;G8sNFdwh8>_8bCw18YmUs&ih${9*#1Dh1`tWLmq{{RMOS*eQU# zRL)Y4TDpK@KyFeT3$X%=ssf zO;lAFkK=TC7&S4A3c-E?D_Uz<0o1wB00P|SS~;4 z8PF@y4%`hx*v-@59=*c^&AsOzn=Pt`3jwmj(1Yvd+Xr#j%sqdO@$UWlRw{sKmTCKs7D zFJKok#b72#;8==!f~Q1pODj2icWzE!8w{+xtpc&vwLCr;NL$#jDhqf+eUl87Y_$yD z?zE6eMh!iV`>O2>#%9JW&lHnc(hFT5AFP(70y|JEr#O=;Qys|FUNl&VDx1$M;?qWS z5_A&`kX!Unqb#aV1@7PU+I3exYH^bu&{lwrN(ZLS;Hz<#wJfy4FlMkNFy+0xKX;~j zrV)pTA;F?2GexXXt&MQflZ({Myvz5i?{4>)OSyU)+t8v5iyLYk`5-pu4PH zXK$Zho%9{6z*UzJgL~oWaV)_ z_-nJ7B*A-}UoudNE`D&o5H44?y(=1v=QqVX%Lk}@TsT)9}04^jr&zNDZ-ir{B6?gZJf@r)%uQFu`#dzu%5a+|}Yfk6@GP zEiR|;-GrFsmNH5T6fhJGAv4L-PcMzn9S3Z%s;Z``oHbsk2{sxunpAlnO=?bveo3-K z+ytjpf^8Xj*fx1?vK_-zXLG3V`V`QGN;w%!N9D}cjZHR+UC67*Kj#MHzHwj`Y1k@t zvRGa`U);~nfSoZxzoUUmMny3%88J@1 zW|rm~w+)L!#&=Jgb1H5FzQpyWFP(Mq>(}k=Fi`6yFVP*wSWkj2ZT%*vD_H~zj_c=8 z1^R1Tm?f4?=${_8Kz{GCe*8kn-EVRPPT=w9tW*f%H=GdlXif{Y`sngYf^t?xVP2UJ z#hTYdy$^zCf)P|>33Rov*;^R_x9o&f=*OEn@g(n(&T4-&Hq)Fm zMatzAD}}KzBK&Z50gpD~f7-oNJR#RgNmm1v4=@aV3=bm1FCxCIy> z=47&BSb?a=*xRjP(8ItV83r;!^p{FGwnu}pge-8qyni{nBm$7t)KS#xO+nW$M+-Z$ zbVoYgO#^rhp_3Y^C~wG$$Vf>mv}+ur!j^|XeFxiU4;B|6A#?y52Nl0kdy4Sk5UV#{ z4^zEc^n0cZQ)ThS7D*k>aG;ul>NR{QY`L1T-j)NuChvGEYr|J!{Vu2CE^GG$!I|SO z#qfevbmI5gcHu0YxzDbV7Cl>xn{wUS^JhaM4h$+j_sCqZ?-Sd9eRe0Kq}qo=@CPJs zmBQ-|Vp|!KY3+t)G!JpyYJYmx05dnsf7-I3tIndZIo`D)ABVKn-b6!9sx`j*E41R+ zTFom9tqV6xJ>Z>%aE;pX0@F>KDWPabOF%YrJ90RCEd(i7vbsw$Ti@kzs!Qr4rNEOk z+8QO_SGiRMM zMeu-2aCs0Ivzy$)Xh`hcdj?QsdUgJpUAvRcxUcBc(ff02{ccGV3eSBLv#46y47^xU zT!j~`w+B*%M5sGN)%Vt}=hU9$3H0Tx3ihx~1u@V?w6UNcO*HC69<6sc3rrq8$C) ziv9{z%D0ZQCkp+l8vhx&+Z9RTEc>1upA>I0`1NJ@&PG1y+p%iab%gzOF?`b{I$?ks zNp~f87iWabg+{}+$hh0)b=sS(H6|x&&WX*j(q!$1gtK)An{otj3p(akA*kh~mgM&-w{|>d>>j?ezA$el3YK zeay?1!Yh=v#YKd+?xXv!eBJ^Fz-^L+)m37|U20(f{}pSP!TcrO1Q9$19-=f5exGgE z4Qqf-qcGf$e!SUTSK16^D#9Y3J6nrFl#5rG+>-xiKvlHdfflLOJuteB568P>=01b6 zT~G24IJ5LH><+s5tS;BZ*su*xHMk&$RCyOPCAcniTfdjtYDSYvx@ zsG0bRJ)MZ0WgE&}oZ}b%Ly++?Xy4);3StMgy zvyxhct%|*umwM`$u)WtkPqht;kNxngptJ_vzD$l7W$m&B9CdqnZ6tf*UnwO&a*WtK zB`kIoen^}M%nzj3AoTzS&T?5ZD%7w_Tm!fO<4QHPtp$XmooGHzJni=8CJ;aG$7=yGF#|=+y!imCyf^`Za;iw|j#D?N%5c&F0p}#u}=+wUR6bCjH z&O6-XsY5${8&*;HD7mtw`#YY!eO^^f0i5f&oDRn=oJ)R>HxgBRhiEHVGijVwI#R|nsw6sICzjid3?m*cn9yA>-#RBe-^y-j-YMEYWp^HsEit@*qy^M=*R9{*DG`3t7($TU*ORURH%r=^)9 z(h!q{D)9Rgr6Sp<`?8~&y`0LrPWp*`654^pEsnD!>xPjr>DTT==Ej!4gBRZf$ z>8>8p0r3W%>(c(3wl>Y}?QNwoH8)@@x{K=bG56YKQ?29-7}o4|KI63^0DHWQS8SuY zF_lL*k@9n0n zD@`px@%i@Vr|Ve^i{%iyFXxhdxyN>~2r8AP^(l+(UTLXUbI70jbb4tMkF{UL0uxPo ztMFyi6>j~F%Ue}z$CGQiYSxX#OQRf_Nbcm(U3fD(@tr)K;){cBhq172OApU96Aasm zq61rMt|_hVf(_fWxtvY-Y{(@+YSxR&@6XnIdy%s1nt0!9GzSti9@Xce_nW^$^1em1 zVtkz)NZLgbrW^TecD88~%>+)CyBkM41+7L^S9XoX2TUUT4$?GLt81B}Yx`OSMPOS} z#k4%?laB+Z`_K!G^KOmY9YaE=DUNQt%Qs9=sFV(7;ZBok5M|k2ZRvVXZEbb%tRKH{ z?YjgMMAyO4=Ui>5zUbdQ$1a?bE8ng8?wrC_cExvs#3(bHy_%*7HZ$E1UCldN_pRqA z{N{4^VH=-h@GxH92PYCM@v*zO_a8@3&jy6vj(k@y)h0^9)7wI<_Npy}R3FEvzYc0j zcT4i|5Z?yJ#74^2EnEJY-_^IU+&Y~d@J@E@X;_GVE=>=psMS-2h01vVo~#NO$S>t8 z=bjv3D)mg0(r`wi~Je;>{FIhqK^n zt#HVPDv)0Hq_qNP)f64v|b#f!Cz$inINth0@UM|<4JUDEs&04vHyHe10jkc<^ z>esL@pYF%;0#|INx+HqSRqPREUntQsT7@wlIY?eFFD-dBAi2AhVPZ3Ljz@OwB)Lrh zICtt#xiWGEPjw+hLQS{p9Ydpn4}AHXwn zb7#9e%|+h$vuWX$J6rBS`G${k)CUm2X@kOr5FgFoG0Nrpn1( zlCt)XajY=VU782 zGf-?XW5gk(X$q&6yEKQ3&eC@bZ{u`n5vIMp`s(0ECk+F?l3keI{=w|$O4r^=CbpW9 zrgy6^jo;e&!G(ZpvXyjur}vXR)T^*Ts#)y*%%-OtJ*>;aib`WaqZTvqjePeW3@DRs^cWbqZsju6IYdX$;SBea-{!0 zLL|Gd%*Nc!(ov3FPtOpVZD8E9MT6gC>=xCk#a-_7{C1%|`e{GaDuA{^H`CQyWc60X zA~Q7gz#}0ogs&PiDV}JuNpVn2RM_Vp0vUnWkty9Pvopb6e&^)zv9I$Td(sGgi)OXX zEJkiW^Qx*6kJnLdos~)H{!{8eU|{S0CC-iM^`67mv}5p4;l*eq+sZk*(%bCb$nNS4 z_svUp+q0viqs?pPwHL~4N_&A<^Zj9!erY3!_>bB)4=qP~4{^8WM`F!ge6EjFi+5r8 ziXE!n$EMV-PN(5Oclj3M>$oI0i~D)Q7&2P}OICJhTX^w_Zo9`+a|nj2PXMC0k+q`MS{2-<`WoXZ6j&wNrK5(#7#PyNgQM z5tcOJSY)MrwX*yznN;?V&{fw~`yP?0t5Wc$){3o5)K{Cz)aG27kZ!W{blqchnzts; zh=WhDh(g{f44jVEyOD68I5iq9&vMH-c~-tFo8^A=9Xd<=$EtaDuGJym`}L-T)l4UA z1s~g@<_D_t?5d77GXw{l+VQMr&!wB^lCh8tyS6BAmx`yJ_kbX=$@z(jWMul6m(_8& z%(Gv-a^-9v99sw>(d?vqZ1KS{=6Dvg1Etj>R>(do3i z^Ay#%8dfcr^k}6?dO7RLGCMk|8?01V485%T&)m@=fP&kC$fY|GSe1E1y~niVh3$QG zC7|x^qG>_k!KN+b2_$#6TaahIpE`V`(MntF*XyFpi7~(U)aA9cBA2nuWe<^6>A7C@ z{JmGvDY`$&cI%uoDASE&_0WOm8`)rdIyr1*!}Ej?(PAN19c#TxRE?KO%yNS|<)N=~ zsY=jnvglc(K7)nCwx9lWTqBoVQnbk~1M#qqr|(l%THd(OG1E{W7v>X>4E^Rh$*x`@ zvs{~@ya4@V$yEtgM(0#U-NtLWx+%nCsZ-{;SD$KPqcMklz~+l~@Hou=VSf`E*Wka! z4v$wmyJ46ng)Ko6G+BRTiHWMD6SO{W*7lyi@H@ z0XqvXS|hi~P<^_Q9$m^}x-->Qp{Qs4KF!S6X!T|?RfD=BsoB;$je}Bq@1m@)otpr2 zU9C#6%-TpMnPpl=>#WaBSm8`diO?+{v)uAT+1IhL>pt(mbgvap+6IO>`2{@RyKT^kR%c6eRF(T!MWv|Yf^-(=zQFcL3!7;} z-SalW?3?ogZ&c-!rlY6Ao6YLEdzX%rrZPv(Lf+B~>dOLg=bGCmAfJT(;6?fJkW)BM zt%&Gbw_Q9_62WR4t-Boq-HLHZK7iG}rOm4<-g>1ud)q%uG`6k5Z6$9Qi@uVGM$hXi zBl+%Uzv3n@ef%8lNH2WoG126Ssl;xYGra1)`HLN6{Zj>dDO5|*Md0C~q2g%1O+o#* z!DDO9e-4y#q&69xcM0p>gl}gr6p#qiFmEaywmBC6dlK| zZECmgEVMsOiAR}~3g4z`#<+VI8u#w(#e(Dw9KN%burQ^%ZCT`V#p!C&Vg?=jNS)W5 z`)d0`WDp$74T%>ma z2F04o{d=WUZPU@3@)}l(TmJsqy~399d(=y~jxMww%z9^yw&S4}`b%i*L04DGiS|j0 zNW9~H$k4{C?}RdikCzLt;nfj~>68#~;p1bOhH|}rcTN(p_rO8fi)sZ@o5%BqOJ@VB z(Bp(R=VsGlp3)H2JfGvTntF??%uTq)9+vVIn@x4Z-T|0Pp@$sycJGzRL&Ir_%|J{; zc3p4%4FIl@rV)F?dE-3H)@v%v4R^iXV`C&TS`P#r&BirLwCoi}_z1Q>E{dGFHhfyw`t?l044VBDu~z+THT}NU@DJAdcD( zvhkcVSalM<13ZiXMW#`kUI32|Zl|gRKSZ~SNA&2bY>mX{&uKh50rRamgEzLQk>gX3 z+jVT)`_WYLgT5AQuJRUzZN|&{{-X;z*!#_eY6ZbL*&DGlP>F2MiI$a|(y>yy%vyP~>aosnbEBeXbHx_+BciD!HM0;On<}-GZbikc-DN5;I&~#c1RP=B&&1`kc zN0PB_yT%OK>bg&F2^~%*%-{)VIsHwF91|P ztH1iczFc?TM*raDO^-J@*5^X`8Ek>z)vX}e~1ZJeEVD#~f) z#jzp_t^f2KC?P(k#f zc0FSJoiDqto3!fGp@Uuj=$Soh=J$r$>j$$op6z=n{_wb09o!16I#dWI!f$r68Ed)5 z*SVj6VdYEj3p+HdUVCtj^HBxgCv=UewnA}b>H;z@??TR$oTr~N8mB(*cx|f4|5kzL ziQ#A6%WHys&%8fBdqB&XiX|@cfn=TOxdTSr|JWga;Zkq=I(1ujdDF-;ZQCZdV9tuj zm;mQS8DWj%Mq2DhZ(LdPA!$SV1-mcYo%*=LB0n>^b6Ov}OJki} zw6lkrJsd_ZA8;#0M$SCf@y73)!{%K0xTCOVXxkUH_ZH1ql&P@oTBF&p-GRMEI?kCX zGYcTOt$XzfIyQNB_S<38BRa&dt4i$a!I4{ON^`16SI=m8Fl_HKFO|=(d-xDAR6szq%mdLcQ%J zFA5i|J1m&Yu@J@;=9}-^zxHj{Z<*2OxZ1`pyI(xD33?*y<(Bopui$oNhrAy0@skyY zE)T3b{$;R9gJ}uqq`c%C6`EetcuSI?5@Ab(HcH=gFclyJLBdM2L zI(0nrbQQUf)O_0RlO6Zke(NL24zDA-^Y{9ub@8_ic~)`9PV=a$E42M*G_7itIzroX z{$;;PORL<;zti%nnA^Bv(>A>ZuM`jH-{JOe_gsl}iWb>>&v)y&?#tKf%D}e$+MRRG zn#Xz6P`*PN6yKZMduc$D*Osbj-M*A;drMqPy-cPDrjnZ8)-s8vN8Y7XilCMC3&ZxM z_II=xKl5Jr>E;0?D_U}%XLt{^&}QyyvEbXt>J46HtV(ozC_ePDOVvx|cZ@T$x9-rb z>ZMxj$9KsVI~<)lwSB&Pr({Q9CjM}Hdxwx}+bn#Vl{6o_{3l@{^C}p^+ndwLP>e;K8<9K8^zWlZQaef2UZ>Qcx%@#%SRWGH}Zrt+zQZ!3;t(z>trpW5hyO=3M>JNMWy>{CE?Nhd{T6=%k zk^;AL7oK03ezvG`!+Pf%oU@o@H=^(h(bZ*0_?XwDUq#r2cds+8QO8TCs!jMbBV+yVKZrjfud4A#c=iS=p1)B;y`)IS2`Dd-p-u>+J z^7gIJygqrM2VH;9b0(E{kKMj~`&d!l-ZeFczPTH+X+mSK*BK!Kw^tK3_jr+dv!~MK z$t!7tjlWCwZ`k?$)x@z@fp}IWqISoO{?wgH`BMic<#~k z{X-u*cl^#b^8Wy)|;1FAWV1K3Oj;FtRwgWzu+uh?TX^ z@)}swUb4DDh0fOYHCk<4^t|G#LAQ4`IIikf`I4&gb(a<$Hb?bYw&+Oxr{=z6tui{< zHnqHeUn_QuUa%~${ZsFm*ZSp{t+Z^?Zk2eb+pN)`Yd@EGL|@OIet&nhDQkKN-M@XRKl1aGWgc%{9j&qK*^8SyW1hSS zD}F4WXcd|`|ApXWkEKD?x<#(*@~Pvn2C>}iOX105zok0W**&bQlf>+!)-SMJ2eI5*fG z{@$swCTOhNqxaJ+wU2LiowfJC^ZNs|L%!dcBHZ(-g4fMJw-JkdlB?YQJWZMWC2K~~ zyAg?1W|TyF@87cT$d{v+F4Z?{UzlswZq?l_^IW&h8+FbxdGFV>^4ZVdboeY)dSo}~ zeKgU0`A6@#6@9aFM$f8W>-vJ}DGp0lPaphgedf{6Lm%1MooI4ysyJiTv$d8NoUWM> z56(>Jdu!axO2?yPo-MEJC5r0f{>Ex@;*b?X>(oBuurR|z-cp<~CopwbrNAE9T|2cq zHem=adVZzEHkrBC&;8CV_;x4RYhTk5C5M#DPH%kQc*c`WAH1e73p^d-UuS7_)6;*{ zb3W^oP;W@nyZ&|!1{PH1OYT-nyC#dhUAgt8avg&o%-OYd@rT^aRr8dtYll{-Q*lXH z>#!Q<-wlml;%&J#J2b7?@t{oafIOvNcPA(90?}{o>36Fn`4criHtr+IXg@!(_CRPuPGVvI{Lfy*+kj?T|w$OV)hbs9YR8|M`uLCB@HE zR^NH|?%m?NSMT0-TX*olEGy5z54+REm5MSgZY!e-yU6Day!z%)gYM;t}o-wUu;K{is>ouK~IeV4o zhVTMWQGDp{kr`v_v~?OAmOWvGR|CIJt0ym?cHZ*kbf1gLr<>&u18Za-TD4^3({&Rv zv$vi-Pad>(O6F&0Sr=~lLUXGSb)vo;{+Lt~fhlj(Bq##)IFo(lW+4cxq8Q--(IPHF7H)=lTGeF>_` zZz%H`6z?Pt`g~lJWfgEkc~>00_VuM5!3B5k^>;|CSQLM+WL#i{(<3IPINe>=V@HQP zNk+Nm;Vb4J9J8VQ;)&fGYOB?KGVM!)p7A@f-LnHOjvSp_Pj>s;5tm~5+SPr3%kG>8 z{z~mAzqu`cg7#o=wTqI2&xZ7EyQ)R{<2^Q zuw`hgIYVLs{?Ja$nk*e{ZaF)((Tdb8`(BkFgcLk%ubue(Bey92k8jsPBpK&tK97(8 zxai`D;C4rzWUm}paO&IiTIA5~a(nq(b@bJl+{RT3(tQ{3ihm2gZ=ZeRWu53g1ES~d z&TmwZ)vDY6eOLO;i@I6Pao97?`4RQ&ugUqQn4BT%+&%BojnN&N+Pv!gwOUq-^a%wE zC3SY4^9q`jHo>K_Wq@PrSB_c>?a{Ng3od?~HElpWjm!PMs~!|>Nljjr+GygqV=WtX zsPbsatKY*nAM9{JprftgwPHTUE<$=z#RkK5Hzno>SUD8@HrcvF|H+OjF-5(*IQry(VVOw^tEMwNbUX_mpjXk@w z#k_^%UAJZPvvbXMb`=*K+P3g+-4+GQKb43t&2&%W6}aSlnm)eYi_Mo$q<{0Aly)KB zv*c@rQ@`3;#g--ZFNfYaZg;J)R?=QcoY|!TuN$Yv1*dDv^}S|SWvpt{t2>guV>=Q2 z6Db?UHH-O}mJ`%Gp~tkz%{I4BSHvH@mG)uATCH=oe4gv@=@-LK4vfB9GdS#!?*i|Z z>CFxYomBP(0{dHI`_@6-&S&N4=6(BcZS$7Y^hdM$R&Bj|uk>4pX6x>W=WDl%O>s+{ z@ik=O=Yg#o4B3-B`hwqiK29z1y$l@7g|le3eBNc1z25n^rP@o<;PA zZTa<@U0uj6Y!ux1N&9l&XLnt-G|Q~xo0ik}N0lrt@E!1CN1e74)CZ;Ih1b|jIH_L{;frYL5)H|7dEjVSlz`g$O)%*f&g{K>w2r9nRdQ{d9?v~?$ zV%xP_F9+5Cm^!-A#ui6v7OZF^uC+EGd#guw>Z0{mg5CyRP0iXe!85(tj*#d(-xRyD zbIh(Z2o7uTKKuKunP1z~_%^8ehEwmpoeAoDpszgRw+cPUtJ*VL?X}%j$chIPC>-B^ zD#`?Nqx>sx0>g%E5v+Q6F?5n|`JJ6@YOVF-%<5oYE2U!etj;!pQ%Zk1{QdeWW{o6W zU1mkyI{V!|aceeb*6w`Htj=lmQhYZL>OO7KhZ^0h-sW6xGynU8n&r25wkgW|Gw{p) z@}^+6G~Rc`^+}SOO=msbSu`Td*b!&dmKSWmkq` z*!Sh(6Q(~>+b#N%a`O9!Nudc>C*En%&)??egl&UAoU9QRl2mea+3(3gBa83sed)G! z_pmST6F;s^^c=bUjFb6xzZEZ5ED4@dP!ysJ+8f^^V`Q_C{s%uU-Fslp61TlcpM7e0 z#y&jb^D-fSZohLElip;-ulFvR?xp>jK<23)IYoPqS-k4(=n++dYONbtkbHP#m8@-_ zs_sbACIxDHeQbE-LBIFKImhEV-+H`j`K|OW$!)fqS!%1is6;%epW}U|V^Y!K2bG90 z>r)D|6NNkM#vd+eHGEJx`&+3UmyEx?b<3BD+2dO&R&b7IRh`hL?#c>2q2-+1_MAUn zW2ACs()2Sq%VxRVTRUW8W%2N*S?=59a?fVhJ|3OB=#FEC;&ZO({i8+7-o+7-*~*ev z^GmKDd~?GsVC3fkdyDTS-Iy=joB!_d`Wkn>jCb?=_+h!I$0#TD*qTU@2TD{Ej zZ&IV6<l@ek-fwTrhQ3vn1dYE$G_0QXwXf{M*anqHE%>_k z<+l&pH`$%KH7+o7fA0CXh29ApM#rQ#%T>3UQB4us>VxyU?I{Hx@h%52!SBWS-%g(%={0ZS<=u;4?w8bv4>+(-5cXmBvc1nc%zU}?!T#U(m8`1~ zHu9+3<0nsqdCqQbJJrKo&kk?+hip%e^&%VRnpqzYee{TWIqOop#Xeu2k#noHJ(4@G zMpl!Ouhk~Xk8GVjKF@Aa*So_WZILRQ?5Q3X=M$@*_&UCP0d*Qa;ReN_ML`IyftLD=&r&Y$0mdC}vom1OU^{%!M; zmu_<$cA)zoalQ$)tA^xS`f+~qYL!s`v|y3d;}Hio>?Uv6MonW`6V92hst3vqM z9-{}^WTg#BTw7)Ob#3_%twtx-T}&3WU*AMn`&dw?0KV_Vy+EckUg~op2O55WQ6*1N~4K&6$<0y;|1}~0;MWa*gHr# z48n4Rm8nO24XdU=qLFYsE!1BswGtk0;~xFv0BX`GzqaJXpbDG5yIa>1ctf^ob@eQ6eq%O zIfPmzWUXpurBC)I=p5yFuv zBRPD6gIEI};O*t`-*}Nq0skdcDy0fOh}3FQr9ow-D(WA=b@+s`5-|^c3JHAHNaZB` zFZD{S)G81JAY@|nkxE3udW1zo-5{O@9r7R&lhJ#ashJBqAqDRo+`vEXxIY3JsfdKR z+wJV6JVL*E2r3aG4GjgABD4yWq@By7U?xLibD7sRyhQlI+=eSrinVf5q2UQsFoITB zgoj88{|}keJ4&i1)Ul*k8X*OAjZ(%Fa*-l|08Ogl)nR~z3L=~&pm`=G1iWrl1pWgh zBBgPpf`Bv<(7?Jx5E__$i4cMR%a!0S_OTu{p%O{eFwavItQduX^3jtL)>FfJG^|(| zAhd*#Dl|$02%{DNRY-siDI_G!6(x$$p!-6os#vsO+N@X-0FhvnYy?;_1you=wE(sV z$k^JAp#jYfM>pnY0{)49t4U24nAa*!B;)E)AALpgi`eMYnqXcs?Q%H*n2ZF6up^{= zrhvIxBNfLaxPm9HlxRUX6COYyc!U=LEezpGM2KW+l24bGNh3&C0z5c60kf}rt&Bu( zjnM*sXbl2|xEvoK0~%IB!f#o&$z4d9X7_NVBmo(# zD92LlGx&hofQ4c`yMzA932CfaD+lIE22>RcCIrwu4WEF0g(=T8T6q1ML>enqiy^MYNfja$A3UkRZ!(h9 zfMQa$TnR*79!shuQrO;5Er3VD3~EZ5Oe&UYv=XU;P)OB4U7!ZVX=SlmnEQ>;suUui zv60~KI8sKaq-w2NKzPff7=#KaE4=Pq6DtCU_R$auh$|rnvIw{&1^B9A8aRLla8cBR z7PKwWqLgiMQjLh@8q%2i};{z0L09*_dQiCM}QC_Esaw(Eliuq8A;ZG6hqJZeD<2B|Q z)iXYU^jWM_f$jq2fJ|!9XG*9Tt^aE`3baN}0fz+r-tjow?iL{ZBH~1?hQ%VIX z284=a!3hVRxdfmN#%h&R47?8{3oQO)U80NWTOW~}1`4GK;2@Sly#a2J8u&0sz12#I z2rv%{0iUv0pad<_EDZuYQ9w(9nS{)%PF-1wLm3og<}q$ym=#MUz*}T-TBTGo`iQ#* zeJw*B)D1VZbwp?~oL8#CrGOz&lYycFu3*~fv=0wcpaY=oK$VD8!)pv6J+O$tCp28Z zESgXluq`l@52QHQfH4Cd-8#(|HcNa|B6=W0qam^tjCRrrfvqj|6$>C1GKOB1ePKj} z(SIURC5n?uM3mZMGV91l+iyz!VLi~eR3R1dF)WOnSSbg}prnR3K5b>8fKtT)rQs;0 zB~(#L1-vf;4!~G5*^&y8284!yX+9zLQxZ%KNz4eZVT6uRYCfVAZAa;WfwG1GY27OT z7*miM9+gn)3)>+&!e<2rC1n!k_y}<3w_;T4!e%F9$VE52hllv(TER0cmq@Mj-9(yAhyeOu3_MiYUQ%+*$6N$M2|ch=y2XboqQ!ok&Tm9s2ohIX zE}*#T%qBFzbPHJWpko588=NOdp|T*Gth1|9%afnx-YD3_z4Yy z<`QWfwb(?!N4ZFWEGu57VcioYhV~Gy7B%TZ_V5J2?D|s7Mm2b-+a9mKlbz#jm*o1J|_p=|I!>Hkx9cj%B)xf=0|TiOo;? zL*1zN<2IQr_GN2Qj{wMg#fspqoIm0geSd}?94rM0jAL7-Kc?x3^Q}-lLD%F&h~!ck z7CugAQWi(T3r&a~q!#UNFmE_+x+?f)9n_u^jf4rR=yJRKn+hXn@9=Y#X>U?voLigH z7)R%}e^WX1MLQxQqI40X_(8q0XUiFV35kk9&B@_M(n^6URsHPIWi)JQGQ8%*+`O&f zCwzAfq)KbUPddCDTbE7hjMP_8$p2>BMxxoajKpHooVm6GjfwD*55sOX2Z}0D%Bk{f zae^Ba#@e705fv%HAN4Lh1i#zpvDICO2K@hY%a`^=v{C_>mj3VGHs(Sg$_RqlWA*SL zIDpvrA{Y+dsDii2vNmA}v|+~H%p#JBzqO0X?4aU17^%Hd=q2*;79IiDL6|1t4L9Js z7OjY?!3Qy*H53#gp578gqNpMONU=;TjUgqaY-Cd9JWT9K>hJu4a%eFJ*s%mn6nM1e zz%5s)nlguYXPVg$_SWG9cdG%6NLXEOAGfs4Rd^pK3n7v(=PMbkY`C_~K>@WbPaukg zOITcvJ5VN1;M}T|ib&7qaKq4sOM=fDjf!h4mDuv&_90XTRDf_N<({w*S3$-Tz9J3D zTRuVUA>%D$W57Oec}7m4zVp%Mxd@0ERE2QBp(p|>55;OV z+@pofU{;|jt^{FA%_eNAU14=BNlM^*H5d@-m+Xz=QdqAqkzEM5MyG^Qh1Ed`>XH%z zv1GQQm45~@vJ~MY(4`*(#Yp?0yMg~A)<^+MZ9x2|K* zL~bLi7i?Ll+GbP&m!>;G_ZJWEw)(A_(q!6GLP`wO5Qz@phFApbG!ai??yzjNCQ1Y^ zEz@XK3N^O!2-6>^Ln(~!M2iz@QKV-B@YQG#9We07WC`pjic(ZV*9t}sVcixDBk0mK5yo6MQeks%%LWLBA*dvdU>st)54Skb z<#}SPPw)zG5%42a1Q)6y0sTa{QjdfX+fqa&fIG4Uv2bDod=CkaMF5PbekhNg7*nDh z2|NcNub5s2>d6ZCAw_EBC)gd+G2V%4z+}D*Yok2DZusy}cDU zX3L1$$a=A~{;!i}Sgi7YEnSRc(TOdKsst>Gy7>cv?szw4)6uG%E#HK^m9a4>+!9i* z)OSCCx~p-cK&@5ShamcNA@E`dcBX*U62qV}l2A+KQW@NVQi*t zPX!g?NZCzbplv}>Pajy2Kv9r78i^R|3O4{rIkX^B?C>|IFw$uO^#RP)@gx^~Qo;91 z6kSOGJ&rUV%CgO#L7z#NadlA&P35#uLud|9v!( zC{RR(Lle6EQ$ZnS*b*@OgjC|e!IO24r?-Lt6HXvw@o=P2C?&uE$BQ(;5rzRw0AWKu zKzlDrAY#EVO!X9ZP;Jmd0Ul&5*p0%84w(B!IeT^oQ%)df&Yn~$j9iq85dMli{1ton zEB5eL?BTE2!(Xw7zhV!6#UB2OJ^U4W_$&7CSM1?G8hfZW6+-hQ4k4BSlMH@Q^EQrd zYNA)ti7AOUhYbql97?X^-*Ya8fEV&Xe)3M;B{6E7-132!a`Vw}z@A#4x8(_&kcqw`{G8K$$qWtdz_KppE6084c4Alv>SS0>N6`)U9Tg zF$AL&&da5WzZcQ*E1AImUy}*IsE}5z;6FqwqJsv`V!S01yzq++9RZjHhBr9N1h0Ti z0WMn{bYS4K04Rbggzi)r+EfVBs$`r{J&^uV9G)ObK#S%g8Fa%mcr#c69@NloiJ*$e z67(v%5&_WBm@z@)7fK4X2F`|M5B)~jFsS(MTBmXuq4y9{w&mLTQ9HEE<=q?vR71yeT zuyz;}0~q}!gpnx>Ja|k#TCG%gA<^)F-*5xqLrZ$U)x!(O2ZM}?RL8=}6OY+ou@R7< z8_Wk*St%cL!$gJxf{XbC^$yr3G7bgh33Hkr&vP7$S_(6jsShfu{W4F7C(*v!#$)0 zg=>q=oGqVdP3=tmbVo|(Z>uC^oJOgXg;CoNjPDIhdAw8tr!>ryJuCxfg5V9_lCTF7 z!eJbE!-NN<1~=n8yE zCr;4K1gQOw(xwDu^#7gyUH`w$FaQ6S|Nnp4|Cf>W5h`WmFZchK`~S=R|KplhJGXUlHuV1;+y2V`^`HC^wz9MUCR-WYexhEXOieBiVbjA;;K_%cY+K4()&t-Q41J^C>st`U(IS+*ryBpDzvn4 zV~>$UqNRnUg$sRj!n1Wxz5kWAPDRHL}T;v^xTZNih6* z5D-`hE*mO9FQIefW=ReE)Tj>wn|1ZgQ8@u_9FFh+j?pXN4TXfdnJzDg)vBYoAuQCO zo4~`Rli}aVeE2sUj#ym+m4SAP;b|Qa$}^yfRI~e}Mq?;lifIoPrZAC4aIJAisI$aw z1ZvLQvNSgblxCb9shu4|0_XrTE#Z!+LvTkz96(>_a^}=K$55DxLYAPbL;^DfOe@t5 zic-le5d31Gi9@>nPmTw4R< z9!V-Vp0=zh4Qdm@;U>l^@jTeoRury=vCE__bXj6uZS7m56g9Rmv_C?_{!Qn-u??3g z#WA+YbefLdO0F%m>$aF2mS_M)uC|RJ99VPU!wA%(2$4$4Lv#YZk3816E}^U36AUOK zq>#a=9+DAsVivu`Cu*T12oOV(1I91tw~4eGC5AxNqmQ1eBEv;o2R`~A52sQIk3>m# z2%M<{wg79IpfsSZwKW%E&b8(WVH-)*WLC%%z&Kbg><=WXEj+uR1QSjkR3xr&aEPOQ z`%t4&82_J@Lj9!*q1Hj;Fx!w(LESmvF3@|Xs({k0d|^qD0)qev2LLtN4g6=HWftjpENo5iQ2*2jJnI{9+Sp%F+l9z}C^#_tnD-67w19;=X zBn%*jvdK!0L8%HU&;mmYzazihgWxC?95?($NqvDMsm5UPLg?iZAd=l^y(0x^y#*Gb z9t8o);eCL}Vl-eAkmww&ZwOCP@fXmHi1;&jLYMW=qRB=vN~8`JtCV_n7@A%RKV){% zcTiCX)Lw{1L6npPgT6WNnh{%EptmyCmT;wibq6K^SONeZB94g3pcsOSgc6?co)W!| z=)S>gQ(z4YL9dR%)h7D29Nbt!1S%t;v9y2`g8u_EP}+GAqZ8Lk3F}fBl-Wiik>X#i z-~erD0cjA1#TN~z5eiC}-QZZw{4!t=Xx4_yX+>vWfwq-ew$T6wC6ZKeIk+ANsSSlN z)ebe5!18GPK+^^_0ZZbJ2!#L<%9}@XRxshvC{+opbK+DlsZkPD(THN;ffzJ-4OfC$ zv5BoS}-}P0D53DgoYDfUf{@%L8AkQQA!D>6C^PH4Owjy!W0h;!No%b7?95C&=seX zcQJ2(fU7m|Xa)z!3H4S0#v`eQE983(Qrii6Kys)LY}$jNRjTk-sYD4}{FTp?BCI_K zdq+fm?4ePl_s}1v`2^!(>3YWW29$=+6fPVAhX*_f*gl%K8-H{}AHjbN2WZA%w4j6m z@ngmw1{KO(VX3fG9e}F%h>#-FG@}Yan%QES+47KMW)6K8P!Lf==Qaw|(7_czw~fn4 zC7*EA4d=*hVmH>Zr3oRxw4%{uyLhzsgcJ>~s~{Z!bi$P=H;QH$Q`(EENI9KqLwAgF z!>||TN-){oFvMgUf7%#*&4=r22DA$@G zVV*eTQL!6mpc!Ec{wCw~RSt<0RfJ&?+jU1jl8t1OQVF;^2&^--Mo>VFAnRpyqg`ZU zi3KBH1Sks8V1x^C1vk?}r!sB^pE`=vcuk!8j&;wDu(gMaLre{(7NZ1!C*&{<%q9oi zaK^kc*@E~c$i(_ccR_~^)jQ;IQ_oob1mRN9h%Im=eE~NFG+KPU5jciS;Nw()4EHGE zgrpHrmAR~96p!@Ui2PX_CV@xlfSZJh2Ps=VVWb^;U?e0=x0k?WVCZNgRRAkzC`e$4 zq@{>4IVNRDXOT+f8dHL8lbPYuxEM9zhIr|xn8FSx?un~WhuMs#`~Y8C!&suqV_aA8 zA4OdjFdZM*_J^Kzg0DK)S8b}YzMvRY27N={^{h1bfb2fyOT!F_n1$>vh2UJ2z{jJf zhRDTZZ9LhA;t7vw4TM^!Yk)DeG$pWqTnbfb3D;pr<-z0`&IA4g0O&XJ^jtzCJ*Omr zu0%PR`W|Ee+?7LzVpSsS=>+1DnQ|G?+#o8H37FIiEJ5pe4XCPpF z}xQJ!uI;;QQ#$ zWb`_K^Ki1~I+Qq=|Ew6FuvIE-4TfpVUpOrSUMXvSK?@d4rP|ZCrz=VVMX0sF(Wg`x z`oAaz8$A|7*AX#Fq9oODGZ1E1LQD4;4o)vd7gsaoX{P#?$uwvcn1#li)8j)B00w6z zrSZXl35bBenfN&kOJNgF&oD7UVq&5Skc$ViB~b$2ES1B9`x1iM-zK=!L$T+s!%Qld}nZ;lArVU`g766<9i+I3K_zqi3HyW?pNpLk7%KSS`af7G1x6 zM6p0GN!WRPMMX1UV=<>_Ldrx50cgr$t%r^Te$e4yqKXMsMW0}#>tWIK4MELw;#G18RM8)E?4*q>C_ zVXw0Tdh2h7#tF7(+BkLbV~mkFiWJ8X_RQ}nw15magI05~v5yz22|b%-dX$6GX-x{k zwHl35VW_V9maG(!Hz|88fmewlxdzi(-D=str$JcKjnv4L5#|#nl*^QL_acn?1&pLg zgKs$BHle3Ryzdihg7Zf5OAoYvLxS}{{3RJK1NRLrnvUt_Y^ErUMeBzO!V(P=)S}l- z0z{f9fm}3b#7F|T)Km%gM zvA`*f!KOOwO(b*>%eb-r?{1_MKi)|fGT5pabbV10Wwk5(VGcKvfLASuR#ThqruN*i zdUH9Tu!M%k;pAfmYzLK~V~#NEwWufwOic;DuBnlG&mWiYw&OL2XI&E^ShTbQrKX%-$V)ihwrp z=#5=^_s;wWMfh;ej~hT!F{Am7UN9^}KWf?rP^V|pgwbrpWJT7Zfx!%cnMiY)4{SX% zR?#02+`w2<lv9t_I>B?69ZoK_s30DKMxjv<#<%1Sr97zKtm0(oNypzDinw!)eL z;jg8T0>DE`B$3EP3NR|Dc!d6Mfmo|j;c1`Vy01{^L!~~3+jA%y0BJ{@R4s*T4VZC^ zh|p@Hzs63h4-ZZ6=wGajHfGHWZZ?FFa1GwoK1Jb zHHY`u)y(EN<|&V0mto=^K;!f?Y93cMY#-oDf$age@mvXAEgpje3qB|hx3dgD&~^k_ z4aSJ*n-2;z4WL4}z~3UMQUD~)dmXE&fem_v z#%-A70Yp|Cu7&~b8a5+z>Eunche7J7&1y#gUI0m9vmd_Vvlz=Rjna`D6o>D0b7+Hp z2vFAXQhFm4_QUDi(e+FyyE`>IYT`Ii-XQZ zFr77wD`5+zu{O)43N5y`KsllN&wQZ|ULbo8v>q@5T~!8SFd3M1X;MO2A+;fwn4%Q+ zdiKtP;LzXUqHQ9JE0mHO(2#8!HTu>So*OVBh5{zGNsmdiRrmpXnSts5aRc3Hi$b`X zlxBUcrJR35%TEuI^n18;pwHJ%R0*u06c}TpkNXj*Qo=;5)aH01L0v?mXC#0$sF3t= zd3=Jtzr?6SXY>KMNXc&O5tZ_+;3bPJA5kg5v60>ymLsZriAfI}7+nYlVPt)AArHc^ znw_y7cQerhp6Hgb4bv18;2>0c!U${`aexB+GYnuEy-s3NWH_{$0*~{sma&CWx=2OW z>h+O=TM81)B35Z$AdVgpfyp)S?`S`;GaNDF@zqFZCC6lGbmLc~N-DvF4LE5%QZXRLqiO_ecSuVI+>A>g_%@)rx4L{?hXj_UA`pt#lWj65=M?^L(dQO^@-VIgPsQtlQSqmMLyC+lqQPk+)7-K6=q^mGt9*%Tqhf@ zm^#StBX{X<=@e|&&;>MV)|A`#H*}His~xkFFQ(-THN%I8R#08^lcy&R|0YfTYo(=# zZ-Ne3-*kk~>ED0ArvF%DX_YnHs78UOQ~)?N1*0x$Wn8^jfSU;JUU4}no`wUr`}Ez- zf7KfdBE_ZogUo3sW`PhbQYi%zfJ#R)N)#tmYK<2WDKDWX;)$9HWHsF<-Rd((fAtwY z!B7xZ#G>AIEg=;84I{-``dm494X+y`DZUcunoBjiQ}E;v-fW^*E%8l+C^{OtFL0_U zR;pC+j0W2wH;6{S2gH<$I8vpdy{6tu)|$5jT?fD%7~@)_U*Ip=Wubw)(NjZsXBU`k zqxlrGSO>;CM=;RYJF<^cux41))*%1}h1bLc8ZU9s$L}S^lRgZa1KAT! zBTJh>!o3o;D-lG0qE?mADiIxu3-3q8ud%M0!hxm51{hHLiFzv=wrUz83>kwV1=y0P z2`=^Cj(S6>sy(&aU^tUS3$Gk>&dcO?9cSn*l%K7bz?E(X!u2QfS{~I)(|x1P{?KIR zBRQ5vu-B*HIsrnSCgubwoxS7V!)3~ftS@3fz1wRw;oXdcpbEsiN zF;^*oOkkgDWz{v5D{6@gt+Sxa4_tk;>`Sl4BZLHQ3sJI_?g#GSPf!Qy!L{a=${J`G zen1y5^wIT)Am~!|I?SMTKpoa0&cp9mi=%Pq3PT-a4A8iY&4@u*v3N zNVZZW2-B@}9f5@Vk%W5TudY9a!j!Yu;RotaJ=fvSqh6YfWo9o){4k`JwX~&_$I{C$ z)ZVf2K4xqgHb{*Mdxxu8)YM;R;hKzQ`oTII`UM>Yh^LBFYh@a}$R#jrz-$aSo(bNP zjR-CE7EU6<7BW4_ zv$KsIX6yDBni^JGQ!F#UHVt|W{UneO62^Gt&t&9$X#v`-XkKQ})T$wy;PPWE3Mqq^ zzJqa6PEEe>8l@;4Iy-n-5C`3qvXH4C39q-NX^GPT8uSS`uX=ql*NdN_0Kqd&Dvf^H zEd8VObet#^4=E5Sq;e=uCQT8aFbG4@Ylcry3(>6|988@CM+cAemY9{Xx)o;XyI4kw zR0fB{sZ0i}0~4h~!K%sv^5dftsAMU}HK}D`c4FNht_&LzpIYp-Hj2>3IHC~!&ZtZf zY(gZ{kDbKrQoVqgvC1AW3&Z~1j6-1cUz05MaIGwcP;0ai5%5qI zF#TYjp$pfc%pRS)Oe^gyQb(13Vgqv&SJ&Gc;Oh-)uKM~iRW6T8Y^Rqxgxb2HQvGyBVbLls z_WF_42E(QT42k%Mok_6zCo4k~p{#@Nr5!qEY%q<11fPJ{MdZ^H1h*fhFW~5oK=A1E zP#gjKrD5)A!-+)E1Hw*!hYlX#-8~8tU=C=HHYQ>CEi~Qwr7(f@-tpNL@jIQgs0~Ip7G@9! z<0g5m^lhcK62@+(j1(K*MIj-F{V9q8aMVD>SX_(~1VOuNY_E)Oi*< zED7WWdvJ7F7F~(v5fKq?^o8lR)In90pA$P$?A>@);D;S27WP_iE1n$=fxk1mT-2zl zo8-W>Mu_0xrGvo1!4bT{0t^hOgM))!ZXk#beKi3cyF-0qj~UaHzFDB-Us27eFzxs%$WZPnZk>7WzmQwu^~W zgh}W0z6vy=NR&GbPEp`JIkr4@iJtUH9M(JiI6S@f`v0)K{y%N6zlrwx>$k^vyatOw zEEW6PYW5G&ky)VT8c~#5JvD$~7??(%+;KOh;?ypQ0SIPWOP^=@pX~H)0JE;FJ1Jxu z;eQ$rdsBGOgQMPzUk|y`w()+1p6NQJK{7y$Ngx9%7)AQp6F*1opTy116mH2T#rChM zqbaea6q8=SHUMG}SxTQuE1S6V*WYB**L{O;KNj5ndV;Hm@;{G?DcLnGvi(iU1+|~| z=i~xaDiu~4q*fPzUk2pI>mKORrcgH{ z?;jRnJO1e0ziydB-~We&c|XV)Ys10|pQW@xG4C3KD0lkIy*0k)fOSBdM;IZFuUViI z#cD{oD=RY^Jtcrmn2gJ%KhWX0R5j#@+n}gw`T&}Zk~#6ptk3@G(YZ{#fdwUc!#L`2 zZ>5Y>p=^CR_Z1c$=7`H0E)3%Ed}5dr_zcR}VbYZnlaBkHP#P#ihXe>I;Rlc~Q5kPS z@1_Z3zEPPR>gf4dVZJDdOn zy-z^z6X5%BI|+8Ke^SE<)o?OV1AQ6h^e5UVt%iOZz$n7~PN{;<1xI(!Ktcmx>IFEc zN)-xtk0AR146-n~bV-2i2~NP)deD-LONHx|3Wuc}jZ4Y&O36T}VJ2Xy^h&8+mLQTlJ5%trnfQ}z@}cB_Tp$q;V<}b6zI|%I3pZ>kmyJ+F}^Jg z*;fA~BmLSi?LVu$n=Wg=4nI9VjmhZm%D|(~vZ{+(pM5vJLq&N z6&ax-)lpr58>ogk9fU$(7;dLjkoNGRNP_xKz{@MqeKHy)^A0D>L18_l3Z2h4H-OIC zeMk4piqPUP$w%xmx*ed@WnDe5kR4f})<|VCl!p%?!%zl(kAOLx(Oam@I8ilqQHicx zxK=}mWNO$aw6d$q2~}pH!rQ(`MD+P*BC>(r_-AhWlB#>g!43LE)-hFskIdyXlzf=p zjmHW9AopM_Ce<6(K{6_+l0lwHO>L^-A8q*SR>7qj8Y&~^UB=yY!a7(ZzEd8hR+5ea{dzg9sFlQV1S~zw2EWVp3$;QD)?iRK6^;K}zk*s*QY; zw|}66;xIHh5S?Yz-FCw$o!-PrX)sGtvS)kdI5~*k^hc?i>*!rFBLhIR^IMw65+C)rGPCy9s#3WWktC=}{~ z29qgpnaPCqDKSr&*PQk(T2$hr0W>Qp0S@f@Vv268@3Iw4WJ#7vr`e>Wl-_*~K2%r^ zX-#D6cy}H1UbkBh@P1KT1ZNYTsV3kYauU=5M0sk*0y(})FnA!=#+rj1_5~&UPEecE zkywZ99cIp`_Mv5qWqlYQyEk=@#Qi}2~LAMMq z#g6f7aWOQ95}p!(g-M|x8G%wtE(8)tJ4#rED{%wd^lcMO(LEVQS+L<62ImzdSVQIa zsOOMB&S8Z&5UarQTqp+h z-dv@OANt2FxHGU1{mLJLfDcfbHV0>hsk^HP2jw|0OI=cza%e!anxBP zFTj$vLcc+-0O_MqpBA7#T0WbA8VEW+Vp$kgoS1^?#3n_SQ~?qXkpn7|sIEMAW04ww zKlOUqh;P6ACmRjwJc>m})+1Ngv{mtjY5wl2JfG;*VB)MN4_$Q~l_*RQc^8T>nm$*p z<`yrt<0g@^lTBuLLb!sl#rMaMq zZ;o{$@jbXkN+ax9^07}!=uD$X*o!&R*af=@`_H>k0aNPP+fv8#y6M%p-1O%9+w>N6 zwlT@qsCS>jz7tNZBMVsqj0-*jYN)tnpV|}i){YP9$v4!}u(u>%UQXIJB^Z4>%qc1W zJzmS@l$v1n(eCy}{DD4v|#o5I!ae8wDe1xh{h>&&*hsD1RDv$j4T^Z}1O z9fL}zI`gQ{iD|mNMARJ?6H{3A!JU($z4A`$WC&+&$7&Us!P9Y;nN$Nnd3&92DfdJx zC$Xygy@ZGHA9Ji(Uvk~ck7AWvI-ZzB3ixX4`V>6B!bU{0fBH^b zcpGA6--)7{Sv5u-+O6iP>(kkB9W_i3^C$vy<;s$|AR2;T0p&rbo@$1T&q zd#PM-v1C;`C~b!CqAc7a>Y^Ov3nvNKZuLzx43yp3tSU^LYEiutD3+sowjj~$%UaIJ zVIZ}H`BZrT{Lh-rsvWK)pLjdmS{vDXP!-EsS9z9s?bRpr7#QHr>d+ahnpfbECc&ey z`#g%`J&A$vUX9}r93rUcy2vNJGZ2BQQ@7Mh%PeW0uu)GV4RqF=7 z-*O)8ahAT_auD5Wi^5&jlTl{}wwi3TQ3Rma+sV^(aAL6lq*fLN0q7$ba-;B|$XMne zBN4L=HXH)m2Xr+T9SsDimXH%@f=)>mP)Nd2K}3uYu=NRh#~&>{H;EIR*IGYEwUtf5 zuhVn509zlwl|Kp#Yu@l{^jp8lCdIUO7OW4^s<&WWW3pRge!dMrpr<8SbXort<2^!i zkYjC=4cBDDYa(kt-U^M|O`~t24e6@(;TT5G@vNWVGfR%g?-e&;N}A@Egy+B*+;1mi z(<$xOXqT58uFZzmhFL|t5#njud<#uNJkN@8{xe#NI7~yb%aOYo&z7w!UK8i#X9|j1 zNC~Y>@Fh$o_tu1`Ed4Bj{`IE(*MC7Ba1gvn67I63qcZN=R-4J;5r>%3q3D%B#Ywe2 znd*G5ri%=^uSO_zp+8dAr61fsu`@KnONpFheDbG_`|Dp-yir6$cCOW9Mu0bWqI2~8 zP&t}yD%2J&v^(B+eTSeA_6{)#?+z1nX9yiDsHusKzny4Es3&f0%C`ovZZzT1^%bmy zo^69roEYpuKhNo^K@{AazG~+F>3Q)gxuGy3*)?Y&XQ~Gv3FS zf|sKtd|Fbq+&w5ZF69N_1-lZm%(DKhSt_(mF@*V9`VK9{&R{pdI_zH!)APJX`9VAM z{hW@J$@q%3^-QU5vWFHC!@dstD7j%1GIyt@#$bXIriT|wWuHK1@aCDLoR?C>8~`_#*St^ILh+?&;xe+z zi$bJODr&tx{r$#jHEWKu{jpmrh@jfT#Mlb1*%M}+!pcSOTUy5Gb=#U*cTMV|YG2Mq zr|Y}Z^G9THU~8#8F`IDg#Tx-r%JT>rd6`pfYE6^m*;8h2X8+S#YdaT_6EZAdLoiMP zZLD&9Y@8NzWP()3RGDEjZ(`x{-J^VFhBBPpWz9G4xYk~tXchC*w4Bf`>f^+tJBcVr zN#$s%6yOV!;&o;R=GQwk-;We8id2DFKe7+sl~KZHW>|iCjCHY%MDNJ)!b6Malrp@j zg`;|2+fuFR4CZPW!>_@AU;w%4q;XVxCRFH&JQ)Pfn^SZ;nMqI|=UF7LBj`KS;?1S# zwWlt#f;O61SSe!{m1iY$FtVkH+6OuN33e^wcU3W`h$$nz;85&BU=1piy^8{-11ByB zQ9tp{1v;J)z3OJ*W*Jf`LY?6(X*z`u#0%2M!BKC`)5*sTCI;-|NfSa_&_d~TR^~td zudz_F*e+zDG~XI&Y~VH2I~6S@5`ku$CCJFz@3rd~Es8O3y>x~7qAn(cVfVhJt~ zwAFStWqwZSloC8X?TFyI}zbY?Hia<9$)0G&lqda6ATh zoY$U%U|=QnV~Ud7|Vv< zs%t)}^Y_g-9r+q;@$Hy)wvG!{5y3Ag~)pb~C`?hl9&hG@tO7gqSw5okN{nQC%h8uee666=+1nf!1g_ zilLc}szDg1F>o>@D;L{ai3a!_^}Uit(@bbBL|$TCo6o932+(ka7>j^^(a9CmfU<_6 zp-NL;sb`XxCpw9DrIyL2oKwA`^dEQVG$$)ixuXZXfTcVA?QMQp?K-3$QzTp;%A zoye6TSWfA?0?zxr-Q=g~`DpfpJK{IFpxLf~116WS#4$E+#SZ9?v9YwO!CCLXZH}*5 z?Zp0x3h%qD9j*vB9dF~bO{l^uU zf+z__wR(y5ht>K+tUs*Qhcj88I_b0$QiN_q`;#%8EZz%7;k?=GpKvwC@bmu5siH63 zQej$}KFyoM4$|-fsMsklI>W33I0cMtNWB>3&>dvbYIN|;Swnh%?JpJJH<>&Oqdhcm zoI#Fm(&)p?DSGLZYeKT^ph)|Y7*Y(CrLDPl8{v0}JKRi~ZeN(Y@0QyRxY4!}d(Ox) z(-gjhD~02Kjetk<0Rp7^v#o&eMU-e%$4@iBdv=t}V(kgr{bL7iZC zU@Va`ldKc?WCB|^K~?4u|G7vo2auZ|+y6smO;dKtN4v@p-(B_He)MIlDkr?6hLI5oyyk5pv%(D2v}}78Zr8r?h+i{_YqzT%n;XTQ8Em1+D}VK#rzyeg zGD$xz&$52=-l}YZB#>rU?qQ>g9bV7Qo{b{aSU+|fw}$^PrUumurQ^N%Fj1n?dmF#P zEz|s{PFRrX)KzJ->4H$MD$k0Gmd|dO^pkNqEcw3DjsRvc(qzS1t8lCx+-k`P*JTl2 zJdtN*XzB=`aD@_Au<1QpMg+%A4mWjJ#vDJrY&-nCwUCR6fppWPGsEIs(Fe>@1Slnd zjSNBj)G)3Yw8RvV{WmgH6+Fapg~w?4VuD=tiZR-p5sC03&I{3+FepICy@_=b5C2dK z2hVW{6T9&3=r&cM+>9%j9FV7cpF(PpMO`kES;0Kg@dmc;=yR;OLlD8ZRnr}(tBl)F zqt%4F7;Jo71rWz0$g9E^GGq_7+J9$vy()BvBL;$3y=Ec|z0oiiUKhOsZOx*KR(2t+ zS00F-r;s#rFEus*2wrOZ<2hqsnZzM~(VkX?U6qO74_L*o!x82hGu zTHNReCwB+~IE=l)R%v4J6|}`5L5cS?_8fN-g^9#{fycCuHb1kXEFOz8OH)PTQFk1- ztw|_&L9$%U@OMN`>2r!Q<4(+O*V=#rtxVPevyN(tS8ECW zqoCoXUb`GwZ(;gTzY!B}cLcFC{9qayNgGE)7m{yz{5Wa*fwA0qWzffTao!;VG>S@I zLPaw^mF>;HC*5tCnmU8yZ~OtEi}(k$V&TEk$&AXfC7oYA2=?XDfkv&9Yuwj84UGHb z-6H&a-2R1vawEkmpcEq^5lq<4w(H4vA1D59)Cjd`RwFOv!~9j%X3ESlI*UYhCZRo? zp6fmIPDK#4p~>FaRP1XYvp{dzUr0$~wD;#_p7~F1a6Y1KX7Ww)l?Y$v$kIawiAwT2 z?bBt1{9ZUmP&{FoO&U~}7|M&ObUZ!9o6w)uzxwj8k^QBzN=x!Z(SL@S7uCa}r#!}2 zCh_y@XFWJXOA2OT5~ML=QsDvvnIC5foX>nmLy-lBx=P-Y5~34al|y3*|lOmi<_!J#lFd0yA?D40os4HqK9Rq;{s38?b`9&%2k} zzTjx=O~(>^7WQ^aiAb6O19_kxhq#SaBNkqbmL^ID8(r6#V44N0A$e|YoXa~ap zVa&N0$Hm8fWgdFZ@obLZD7gX!N0aVSGwvO-a81a>m5&K!^NMlX#v4IS_o;H}k3i>l1{RbM~*`_v>+Xnq5|9b-6)B3n{?>ad`BX9OsbDhC?;>@3P9p$03SZ!X>sMg{e!-tuRMHmp2~cu zG0=bHnBIr!k&9j>RcfRtIJzIFgC3iL86eq(z;;QaCl@ok zI`uCRZ+yzSk#GcDxa{YKq;`J>Yff8%Bg@IU@%&2Y)KX`tG zUQJk#2o~3SwI)!=WMsiR=rMV+$fsmm`b>}$ zoYTrPv+%#m5zZ9|hz`VA+I?&5cu_b@wdJ`&pkET@im-OEMX4$++lyIhxTBh9gz{4m zojoEW9gX@LA2uzuF_{wSwTAtQ8$uYL$P#)jTM zUs68isu4@p!Y?;8OWL?_G^Ud|HYKntOIrA&G0Vs1xneaJv3E2U4TLqCRFB&w%Q0sd z&mZ9!kMFazWYN_%?<68%C9C(6gO^WU!a<29L$VZ;d#i9Zt-*OjI!CkLP5L+cnl3$F zm>y$oXsHJ#CSK@(maQ+_VkI$f)yb}E368efS=(5yE{R0x!c}XXsTM4G{+0!-zjar5 z1fc-Kte+;GJWOt(htY(OJ$mt8>{o!$9y9=G`t-DM+@+OVlTH}P$ZI0+sUIUlwY``vFr0e7kgj?_2FENpe&4DIUKAq`aWTHA)D#>#OdE$oKXv=Y}Y zk5(?4L7b8Hlz*I6af2kmmlLPpu93egLv+}YGk599#=ghd7N6rKh57IXtspum4D?P6x>^?XjK>9qAJ z=!MZC@w;0KN))SI3pbM6&0T4h@EEKQ!*}!YJiWZ|7A*@yQ2ZwH>l;-O4_f$e=5G?) z;A!;dH@dDl0|8DxjAD@w-$Z_W8)A_U<5=Xwr_rC^R<^ZSJB&)OOjQv}RS|x%HDTGhM{yWLAp`&Do9{WnYr; zvhlbWCzQrZ)VeFEg2qr;_t$KC!tzBixj-7-@fY@;*r8%-+wTMxez^lJ#`P?JuC&LB zra7OWnwSyPw!6vhryk zdCn4+7?K2M)H+r%e&7z4dxpu!#ywkI(?IAZWsR|TQXeq`f_&fd@^T2AWz$Fuj2vT9+s=CZ3-ePs_Aud&cYtl}Y7bx1+YmGVU)c6Bpl7F4$)e2W$1912LRGcK>( zXHlGQ!1tB)M5CjHe`Vn+M9}ZrH7aaaV5TS8XSHhVYSrjVle+}_<|r>+;9tyqZim0z zM8{2gkBv6s8*02w)q1?@x#f|`B(!YcO|VhDea21Kmg1&q8ZxUj6hJSXoxc>b0q+;XLKiAzCgpPo8cy_N=m8fxE~8@RM81 z0_v8Y!aW_I(z|il?syLX-KzU0le))5gy`Il~TR$4lfouRW1v~O-B0Bp?^ zJe9>SC0>*s*D_?RsxM!Ur#={?RSn0B%0tCo&?<>jW#c_96dO%Pb80C25sCQ~O`@21 zSriK|1)x>c`IE9oRb#i}I;A*E6h_Y)Cdu~k!CFzz zoFQxS4!&kW_4@TA@8^{kt{IQ{3BU1)n#-BdDx;}R2+QbxTg3=^iqTynx-#^ zw_HnOuI$X_V%5b2446KnhK_07lxPV-cBmdpj8}#cMQcH!Y8PiqprT|^;kl$ zkV_0GBV>x;XvOXsgyK6VLvEWFW&L#~VXAWze^OKbhvU-~YAFP&2Oo^+Vmk}%0es7anALObxnbzYrq5!QeO82Q+t_oT6+WMG zLVywglIytHLIlml4!0PRhJhect;H8B$>Z@&F`p5V*}I>ej`O~|n0*HMCX`YN``cGM zxfL8Lp7=4@dV7MXzJNF*ULZI;RA?EqUjDtEG}xXOW1$~%X-B>uQJ`7;%UvPSqV#z> zIqOpB##T#d;)>F+)Ky$5*bby1wC-&K>+?&Xi>oRm%c6?X@;3)-y#k9%{A=TXlN0TS ztbNzMi`MgagEB0u;&Q8wlUi)B+LdG5_5~0+9e(Bx;|Kjnc0wIi<;5?Gm66LvW)llE zhu5z|mm8odd8ZcP7sCCtE~hqB`o}N~??n3NwY#)|&GD`6b6H;g8m5=OobhGiso!iM z8eYFG$^2{VEs@N0=;BJCVLhz1z~qom9jkEYPw7Cy=zIqJ6DdMu8s(t4Kx4?X%!j9{ z(k>Nnl?zM^ZD>?ZvQhO7*pF}`=JxMBRm^5GgQ^$Ccwl|aI?&qJ%NgysO4yJ{v(Oyc zCQQS{)|#}r-m1n88I9Yp=|z~5VQT{|GbC-` zNjd2-`bNUjhO>$jB!FlXHFo%x2Rp-9$3C+FC6&v@WR6&rCsREBIX$%lOb&o_?2 zxuQ>;GQd~ScYA|kXbgYpp!BNZ9IFa;C)0PDexlg>#6&epx*HFw@isd(4w04D%E~)y z$41>;>r^%5G*S4ky4Y5Pr;eoMgiszK+NM${s3tj;aVbULiVfJl!|S`5m%*%Fe*ZjE z?@hJCRL}TKmsB$Y;aO!TB0TD@E91TGyZ5}&`Xj}&LeGZ&VPp@96M?}gR7-99a1-Hc zP!_L^L(XU0?KYAG2Rfb^2Ez|aR0&rTKwrTDjP(FwN0(`ApNH@eNh&9msdi>xM$};w zoHhCeu8$en&hdKg2s1GywmhRUZ~gP;#?U}^j@q=vi{qa#pS2FBq${~BYKbo9kVf_= zTp+h(KKw2ulZ@Om5=pnGt8~2S19pvF2`HRG3Kb>6-`$f}v@f>N`K;{b=Gp<@PB|Os zx1d?#u)1xdOIT-yfbH)1RMYtwMrBjJhZ(4%l8VaBMu$vQozVpCJ#Q&gXK;Z%$kzv8 z4)qk*`w@t5FB|ygLvcfUWVGy}IrrdvIuuC~?nNRRb|_|T(_EB}yx4-WBoQ7AbADsB zUUT*mcJeO`iCq0!G_phdeDvW1UleHaUD1}38L<&EYxvK%+ldt~Iodrp!Syvg_g%N_ zmiJV6)aW*N!NR-MeK(~xz?`zgS<)K!FYpi8`KRq)H}9Dn!7U{|D=omAWqFKdMZ-MI`1+4M1 zA6p+{xY8utFv}7XWXq+0J;?_Xj)N)qP(@{lELmzb7gIVpuI=6&jPEal^~EU3Y3VL8=A(V$4 zfXUsb~lLN%>VYeqPDZ z=b(WGt|Ce|3=}AA7{>_luwg4Q4Cd1tuqBn zbxkVU=>)_iVlSQ(jAl8sx2h8_lg%OD9LuaZll1ZEa%0yVG{HI7^*FhXbH{2npu=Q5 zz@RPWfU+&kndEJCpT}nLY1OSQ3=lbcJ+=J~U1&%@9+c*gZ?mi80wwW>$sN^rbMdHAF`gZWn--B)%gLSZ=oJu#wbV>g{QjQ*y6UA>s!**`AAeL z*ysuyT?LJR(1&yx!MirLHlH=vNsHv{jt(M|)V+D(ig5zpqvwZ^_X3pzkfme=$cEC$-bhyktU9KZN zYfgHD&SNK0-BDD7!kqx!IT&~c;jGSUPQg$vtT_Z1Jq7E|z(o$hr3KEwnnTc+C4)22 zyl?7D3=Z2I`LzqrBR$30HNuX!);$TS9S(W^TJ`2DK4E&TEVv5v4v206y$F2Td`8rL zD%TM1W8}SsL_WLG7MK2RLH=88@h>I=)^30~a-bdg^+Igc7wyUV^wyU9+=Z$2fFHdY z7Fi7c+-o4b8r(Q);!M3rRjsQcz0VS!C5erm)v8Y8b6j+9a;VQg(rfR}ew~}Fs;uuX zs`)F*wX9uD(WMkyM>b7CdrM8zZ)TFz6wN*j=N(eBkIDtqA~%whZa$}G+8bUdAD41F7R=|t#>SQapzw*tDXC-$hvB(S@c(3`xvH(>wt;aSz&b~@*%NuZ zF-9WoDzH0u>Z=3z^Jp<$MTZOM51%NZo7a+yrYF7$cTs&7?=83MMdK`>?^~4LNQ`gS3~O6@z}P zs`}VC;<#dmN9{1lTBVhFBa$x6oV=RbV&}MQ9L>$hHX|h*F0Cr~-gJx$XAcFWBa^~l zNF%12lx2Bh^_rVxR>bexY6{}n+B(>@lMIVj#zq}k*bOqc(e&9YZml~3q*-#tklf>N z_oH*%5D@1d%h4`oWOD-qFU;PZxbvgo5|fs z`ylZvIs{Ebauz1H!s{0{W3syXayYnB{7Nz?nW|8VB9?Q|L34q_qb*{-P0cg#<&sn4}D>LWMEZ}UwC_klmm;kTpF1HU?wtqar zKUQ4~0^nglJ;1R$ngWN$6wTQcHi7cP^`rK3^YCc9xh&-rwpM|DDAjhhezg(IX?4PjpxFfbNrW`Y-ijj)E#FN zkEW~ll1G>(0}fu0H7{~FA`!8ZVlXJskqDC&XO`e4Nq0+hGL#^Pmv3@>L2|4fFb(Fz zy_+c}Dj`(l#mfZnWqQ4`2J^;u0zq9x!H_?dJb~3i31R|ccqcmIC0Gyq96)0#QUMnx zrW$pE;@ZU2vH)YoH{P=hoE$`~2JNjG^-ia-Q5v{y;)6K!MVp6-7{8*EhgiQJCEpTy zi&Sj~ano9keiBTg2N#65@)kti2{USZ1LT1km+>0%_%xVT<(p(&wNCPo9Pk6$a?+Z$ zUXs-WWd7CFgaXkfPgCAlOH0`QMzXR^_#g_VbrOWk|ffD(saW zhyFR4Yp}dSR=dDb-%u+W7Ot9A0QPuXlqJaJw8*mlX{J{%l7XrAt+)JCJJtu zq1GO(u{ac54qoR}nK%RiIF2JNCLgZ%@bFoRC9R_qX>4?-QL|zBir3vzXWf)?a}6(* zJ+E$3g=!%f;s5X`qOPJ3Sah@%UKU*At-6OWEJK}WPS>o%!&|yubR?p|`y{SVNLXXQ zBXMd1km?t^m+;S{Bcpf=&qkom5F`f_9L%yt-H#-b_EmtoveBol;8M%U6AJ#jveH&w z6M(PvnTWx_l+(idY@a`&r`UAtf&WRs|Kz~)>^IYg|w% zOq!HxvTggWD|5^jD}R=~rgoOAr98`8Wy6zIt=aJuJ8k}XXer z=jkxTB$&dVh=ep!YrQ~wKyJA<_0G^d^>|$ddE(ccVdI+bL}UH$YduB+=41JiVn8RU z=r&oMdVp?1XK5+fC&yX87-sNSFU4{8rd*(((jrv|YyYQK2*LXdsWse?@Kp#!bo3=o6{U zQBZ1EZB>6?UAS^ci&5ztpzY}pbrwCzoQgCy^diMeiX>w$1cX<|!^K$!6wR8LK)RSD zn3MvEf9?qZ{7R4?bfZqF*!6F@m91?eQ%$_A7hAEaHa^wF&wHUv-raCVT(7!h zEjS59q{5g66*z3r$Y#@9^8IeBOHi@k*$h+=3>smdktdicgU5>g^IGj-W;Ut}aDEe- zuBFO&J=81nI3KK=+BtB&IluO#$xm@YGYVF%m!0W=W}hlU_cQMev(EXi6e&ely|Ll^!C}bX8pl3yO}8YclPYo{r|g4SBuud0TTZy^kBITYTye9^n#QcdsKU63o?e%b$WHMsaw`%9bL(+A7T`_rgHu$YOabS4i^}XQ6 z#pva5_k1+DLJituyosSnjVe#z3d7FgecN}1rfQAD${dshEJYBe;r^0c@^yp_VjSa8 z$nrWvmH+s`$hUEcs^pEZR@U-+II#eAemO|9b#@VW!jyTtdF%37m=0#lW<}z0_o`kP{RnlNsDsaqTU2eE5tCbM9*b7hCymU zLs~jP^P%FmHfyj_v~J7ZQTpHx^})d!VlLJdz1dRKvpP_nwT-{3T{1oze(ag*tDJWK za9tVvW_1_#W5?vK0e7?rT741>*U1^JBMx#OSz1ixcj+MSbFpu+uL9i%5IY*zcK3v? zX7?I1z1kB&4##Up7Ie5lpy8L!)56~+9vM$vPK$3CpCYDScja6961+ktQI zobBEMM!NCyNAJV}O_I#9jl4Dq6`dWcy2K5p_aWCuP3Lh2GA`>d0gPrbv)^?XjmLBx zYuOfidY6|uUfTHqZz&d3#|A((CFlYzBy5txt58`-C8?h$KUxDsHD5< z)CU(R<)){n0@_#6wpt(E3ld80rB`Bi}`&nH)sEXni&nS%< zCY`1*jcpzNaUlQ)#YneTCcrg@-x`k9Jca{1fFa4w0D_rma}>p7@nqe8npL}r5(|Lt zPmjw9nvZLWagc{eyg!xH*(D?PQXA=ca&`}tw*_Rk0K_&Q9i}5S-FrzoK{uIu$^SJN;u$iA-d+=EH0+)r&^-73+|RtLr=vafELaQfXdS9~o~@M29Myr-0s zDc+55vDYy*k_BJLEYc3|AabplCc_%7_fh6A16&1MgO`GU@g|<#eT#E1t0x9)iJXjB z+-lQ#YEsfx>&SY<2d?X_B+;Doq!^#Wae&8`MnRlYPJA6QO79?Ez_#m&*gzUJ;}((f z@;-&_IMgqsqE3?|$2`obtq3?a znpzOvOl!53Bm^7l54Zfh-b`LW-6#f2Y_1jqH`~a~L!RO4clMar#m_r%UqFG%2wqR| z?7PU21K>_}JIkv*$lt=&!;Dz8LS2SrBWW%93&K_K*Muu4kzNGkb`pHjWA~-wt$JW4 z3}=(_AXh$Lz-_X)Xtq5ynRIu^x9+vzgywE_EY_MDE->renTS1f2~RPbEFxrs*Vp%L zzSOVdiYSCelKwHO-3vwBBpc7_DZJGBh(X*q2XniYlJOFxtp7aA^`lZMj5l5xWk zU(Wxw;aorP*gi03?YqXA(_h|RAYoGQ2h>yVmNwOLSS5@ttgI-a3w5byC5x8INPuac z=SfI&m-tf8h&eMr$7Hy9Tf-o|Oz$P<>1E4L_uPS>-1ZHJ&|kU5!QILps=2n+?IWRN zWW2lu+<@JdxGkFB$|kBAZ_P$pI?|d-qXODD*AgR(8hMViK=~k_T;c8NEbsS0u7khI z2|t>`zfk>)Z7p!n^mx#J@=Oa(%yJcp8`W1 z_}=38sol%0HlHB8-o(47 zXw@#FqiiGIWn&uy0;7vq{cfMKNV&+}cjy;Ko%UYft=ai`fdOea*QkwY45#cm9Iq?u zTNTH8zH3Xqc8=>FxzzHdNQ@-2zEfrB0WK{q*YS^gh?fuXplYcqdLq1q;buJ+wLnYC zm!(7)gz?shrED>i8W(E+4(#Jdh|;kwy)f9^M(btJ8yJq{kA9W8D+8g)R~J8^m9y| zRn5@857jRblcPo-_er!8zet8~9+Qewrnyz4;B3c0 zI_9u+%gbx|R{6qW>#9S?f;=u8nFNjx3fxk=Z$;gEYZDamfZLd$2+ZHm3=spkwJ8cS zD#_zrs6VxDy!Pqx1xPA>0agyV!e@0f;v)t^UM(ceshDUt(zHA_h5X!N>cYgP z$$5T>FIb#iJfdFFVsBiz;%5x|rlRFQ>$xOM@f@kNRRJgtu3^=64NqyT{5o54{JyQ$ z-B<*_jT-zS@a`{w-~A)sn3wcQI0@R2LA8zL5r(az)3gUE-fEj+=60K=9Zy92W6O(g zRD(K3y1LVsi(_B`nWk0gsHXSFiR-KF(wzch_|_H%Xi|?(-+P5Tt_s0Rgb5M zc4S-AWLpc#R=Qr6>r3rEPdGD;D-kh#=PhOE zqnn4u!!?dyGo7{I_Ss8^bS@dl{08Mh{GgwDMelIvk7FBdcMp@sFuR;IFm4t;v^9?S z5$(=)jr-W@>af5UGPu8&Nh%S0$N*SCr@t12tnSEEM?4bodTVhBZLYlmb>f}1xi{`b zN97Y^puAKe@l3oU`c4O>F)se%i!ca>wIs~W^OgS9Fg?$Es8bG*tT6@G2y*C75!8(q zR%uTA`PeR-DE0fr#gM2!9W}J$nrB)YTUeiJKYI*4y!Dl3p5n=An|vjc<22ea!|YcQ z6>j{VSh(jzUxYGQk1q4FVh>7%sIRzew8OU=%6aLrUymm*H%FJvt&iyHs;(<_KQ%mvxRHF?{UPeXbFgKZvFAt{3VEgk1@q9kNsRWj#bOPC_b&tZ+c6D$90jPLm5 zj4jE$*1ISe+h=-^;Scij4DJyf=0~{X%8I?AG~VbMlOy9}OJX+hu#_+68JdrdbB+T{ z5Kk!{=UILV7$!72whj}!LIHi>f*urr16(MI5krSRuEba@gim{fJtes9#Ed0BVIwnE zNmE3(^gNTkzU;ETagf1QElm8k0Xp@h{l1m$6+q0f3%yLvK$LZB28F0XsijihZOL1aiI;Qa?i0bae zKvAAlp{HONS{8L}=oXX?^K)Zu3rK z80jlyvJ=+8zZ^k<_j7se_?7K@`Wow=NGjC0Z$voU_uW51Mu7Qku`I0$dT zb**$~WOQw7M;81noA#}z$80e>2u*=6k*lj{ypdc0EE~+kNc`r7P#eaEgJNgD8H1_` zOSEuQ20p-U;8t24N`1e<=PA%!b3Sl0lvUvNQ;II0iH-0=tifS{=TMski_*Zek-^dUd* zVfJE5Ud+vu6SnHwB`9g|(a`X+j7VY;lc6KoMN*c0n-T{X9p@cx9xBL5Cuy*WsHCGW ztG;N{TxEx%aBIfZ$(nnJ5uHE+ZVBBPDd0ygrI8B6VBL5Ql1) zZHH-nFF)#TEKO$;jHm4e1Or&SF6|Cwd<0NHFD`ZTGPM-Fnq1cOM#5za(yLYN5y@pS zZP)knqwZ)iiix0p3nVj;0-8y&Bbu$JsV0T~aHQ~K=w_Nm2p8?@N3XBNNXOh|LCO_O zxzL~>ch1A?6WplgW69|_JQ)-h|G?wU_FxaSe!-r!tC$+;1EaOd=C0X51}zXUUkYUs z&{f;J)G1Ia4=f!nOMc!)IkdHaTk}nt%^UxN-`g{+r(`- zhTC;?wSL?tjICDLjz*~!011rpjmzs|tK{##j?3Ti!MEA#_3z$#^-#WjR2E;de~+#U z1ajjwOO0w_EwE~xE71bT-7a=B*X^QN6L(Ke@Krxq?>^|R&q|%Rla7mFvYVIL@HiWz zI;@pqQSU7Ox6|`9A7H+|_OF{&Q3kUr7qzWw)Nb|SawlP-h8|=Ox$MX-0eKL`R=1Cx$YKVO`N*~d#Gv#!h+zR@=ajV3UO@3D zy|zw@(^CvSo^T0vpMxa0X`D##A+|gN@i8$k7ZfBL-C!t2HZ@mDlXG!u6a(YQqqNKh z`Or&+Mut!w>q5gy+2mlH4$A=r%1Dz#^s_=;0~vw5Qla}GQiYverOLWjLG(rZ$@Y&X zV?sKeo8~%(?RtPMMG4$YE^E;3QTRtwA&M?>E~!z2?WMzZ-NTmnxkA?Xfm}kHPI3j~ zybc1zz8RxJ$$JVJsAa5fB%Dr+bH-74ol9veo>T5JV@=n`#fW^%#kCxODUb5^{1UZ^ znyqW)UT$iMS9w@Xl5lRCeQc6)@_?c60s^bYC&MehF&KZPod$s9VZVNBEdHEuJfkvK~W|Ueq@jlz! z3T-tjfN14cAdwAb+ceU!yuqrFLsd#iWPTM&o-;!kjj3tz^GZ$%Dh$EfMV{JPfLsiG zO(3sbD?vnKNNd?kohM&aP7+j>e}?_!T8uMN+f&?I0IRX#ZD-CWV)Yf56F8*?IcEPn zNik$|CvmS7@E1%E{@Z1lyvxDUsELl4d?~ASI?N}$+JQhnU=r9%D`O@t{EEEvTl6{w zz=xMdcE(BDVawlkTGC6+fYt_E?uhUEBk&utPc&1(iLka5Q73O+#n z^RNMveSl`DM^Su>yZ9{) zu8Q%j@dc!CgOjNxf1q>pj;B;6HCy1I~oTzvmMEa2YgSKp0X|@2`HxIjXO1(U3HJ%qgH;DPKtS9~#zRK8- z+{JnEb3PcrN*-lD=O=kD8BVh(5pe5RBn{YAy5F<7CgYF>csb+|% zduR2xoHgKgs>PIQi39>GHz@QlFaYYq4O(JhDyE@BymL@9iYbYv*{A5J zP+)KjfbUVaWrpe87I5-d&f+AG)f(HX24ZUQr_}HuAAI0Dgvk=msJ@UW*GM9lQHHX{ z^s{t;OrOk#8M3Nk&}|Dh!Wr4t)8*yoTjK2?R%qP9Kkm#-B=g4d z(i7Vw$~%DG$1ADB2ME?^Y%NkvpI-Q?LSk{OUB|21c4-(DBeU%mV$`Pg99~WKNXKmu zPgHQy4(!2GV#lR6gmY4odh=hUSAKD2W`ATfxMDpSDt}Ifmj7dt=hb~Ow1nHd)P}+z zQDELos4o7ALf4O|kB~C_lgfVNV^)g!2YoO!kuT;aeNz;W&#HuKFd$t+l~8Kx)#L?+ zck3ynS(l{~a9wtaPKgS|jwb=S=Q5-JIy?b^^r8P-r@epAy#Q>uIoo7>l7-#vzs-bu zvm)ZA6Ba2cpRtu;(VS=;nmwYKotG^R+S-n?V<)FCuFhqO%!3Rpe zB+rw&JuobNrJzHb=6lw93$Bm&X69hB#~=!&#bFawQcc`ytjOA`^u;9hIy=<(0fANb zhZ{#6k<0No_wBxXGei!xhP+~b8x%%dZkxiaA^bHdY_`9n@h?T$9R8|+k&wXRnMmzYinO6|6ZI8lh;|9pVHUY8788tyo{PRQ18Wam8H`J zvkOQLgWxhr_j8QgM(zP+#y2`9F<`@JGA$3APE${Kqn$Hr={dk$P>Ao$K@kPs3(5|P zkuB+&KZ@xDAHn#8KVf)d;Q12dPA7ND5^JAWy6YxyJbPxYbCOZD7bH z8*GsO$cHVb+J_WF5wf8UCNRKJfK}ieSs)H!TJvyQeaP@tc_A_en z=qh964GxI42K$z6^9#V<#aHyp&1gJ7mTyvO6~|>%aIP{AsMzZt7Xia zhoJJs7yL&kw2}3``zlT+@Zr8B!Zf^$zB{Cz!C+~mxTJ^E^N#$}HvRG_V9~EajsI%> zS9z~>xVG}wqxb8b``2yw*;%OQzd#txF0-Cc$;au?t~2h97id_x5i7iZ)IO>o&7V8= zUvmev+2_4)!T5~oni>05Mws^Y~^e~ed-UtN227-fAuWe3RV~xVUQ+^+8 z1cI5IkH&tTFsFxN>&{9JqQP6JcNQV(&DpwNoM(C_$&K-%7{8@irYhgz8A|~>PSPF_ z;VRjmWG6thSJ}irR&!ISn_Xpa5_QJ~ouzgHO^%ZEf2Qf?;hH@)>7xBJrpi0q_|h*v z&hk?#h9dlDV~vXks15`W@c&XU&G@%%IW8`Sn}_RvdC>WC1O7*ay{mK>_S{d$Z(Z~C z`+v2irZ$v$<)`E93L!%&|D(TT++@vQhQ)8s(ziLZ_!??|eIGu4Wj~##r!Z+i4(!D5 zz8K{1GJ*K@18mj#(lsnNq6vu~>tE{LigE8O?*qgK_d5?@tZQG|Pvfj_dUEy46eJ|* zW8*%c1`XCXHte@|c`?W)(B{jpk+$pW^yOsQJ1g^)J9i{MEe3rq+gN`f9XN_?d@V(= z>GIQJ^YE(&G+-_i64CtMU&9emF-c`SJL_NF2e^O1&+ZdX(Z3RK2_;&wm zfcT~N4Q3FA(~*DNr%^t9D^&e@qqF|k`|i_KHW(Ban@-}}Fd)w}v#J<3JF7l{&eL&$ zlqOn8)nWSXN|xTn*Hl9D&XpX|yy^an=|>^^*A19yMs_qEgJ^2HF<|XfdZn}?7)u6O z<^vG4q1s6tY zyeEF=WN3u|2(a!|p6MJ)&}R=Wg6G+|8^r>8Qv@+sz##k6UbY}21eh*n3n5}md5u9x zY9?zH!#9W+AE^y|}YAQ!rk8CMM z;~W>+7}wB{S5sN~xF0;-+fVjies}O@=k;y^f4_SD@^5=jcAq4V{sA9%lgBS#{p0oC z_fHR!r!Sv9*?qmA?7Vmar7sR%?>+kA;3X6^cJ`rVgFfuM_y+^t{rjueyZf+dUnhId zUp?Cch|tCBofijtyZfDF@5SS1KRnrc@qH%&C=?dy+1~TL1E_ZJvO_&rn*j$P*w1%g zKYj{DJCF9B?H&AsI{t3&;05;g9dx*pyxMtvu=n_fXFIQxS3kUd^%B?yj_=9d{^Msm zd(U^DbO8hCHQD{!?u&zD|LM-NXV@vT20P@JZ(i)a#vyp)eY6X>?mT+7%bmf9pX|Nf zeSCnUa(_JrDguhnI?4X4-N$?IhtOpg#J*W|7)2U(mRLVlQ9+10f?p zXfis;w58ALwe(DNyr34VE|4?)T63zTbWEco%EDL`ZM;_IKMb ze|v!9_XrldezODp{y^i$#exR|{i&97hh{g~`!3me^0z&UzqEiwvA-t^h=}<3sZ0PL z6aV@zR@ckHk?2NV5&7Vr- zQ1s#!e31`yS1_O0(!s9@3+g=wh}cY;sK9Jf*vjVx|630Ny@FAXZ4ZtNZ$UsS zy~KcOO;$GA6>xjQ1p(r%lOU~bpugCpLYt*lH;=PTH(ioxUQ zao)QzW#Y8CA*|M9d$QVJSvT<3Ybdl3*m)$X5(z&*la=iagFtkOV1Bgg^TGtGT|Ns# z!}XK+RJu2*o5w|A&!^LjIiltcmcI$uB(MWFG8=mYiri}+V|Yd z<}V0(jp-F7Al1i7q2I6e06m1>i_!1~UDzIguf}_b5b{Pt;H6|oA;9lJU$s1H_i|J$ z2p{HudkxLpkCRO|m{D=j+CV27>>5Xf9kpYmx?xv+>T0z25z5ZT-R5 zTjV>qy+;2{w|iSP3oA+N*xK9M>)zVpZ+Av*0Mx(Ny>DTpKm!^>dR(@86t57wNEn0B z>X(uhjcmcF5PjWNTO0Re`?t+Jp*)wgdaJ1?`>nLndukD`uc1t{jVo4hD;UbX{z?h* zjsv?oN^17`KN|@>0>UP~H(7{y(IbT!*Dpgs*kIeR8|rD;>fXP%-hI&i{FEd_{oUSu zaPL-@X6-E90NB0mgPPfTL>AOF^VCU7#ndRuyGo0Uv@w$xm)u&dav8ZPhQf_*wa?PK zmh&tI%Zx$YQF}{>By+{W)`YNXmG`z=urxOwwA+qE?b)(oteK1}dfGlJrW9at!Q*hn zzejh?91#?1+h3W`YcjWv&F4ZrIu;1zX|1nrbiaCFW4yX~{HpulFB=c;P1I>@oUF}u zYi-PFjI=|7Ni`xE{#6gq)}0A*qr2h5{OkP))Y%aJ5`y^pOCLyel`c$P91E?#n1-aQ zmj}bRx1lEXUPA2RxK_mySsDOgrC){7yXQcKHj%N%lieLsqwW6Z4?C#i+rOpvllA0v zah#1O$*XKQ%*KDboBZ)^^2fW$AMYlAyqo;Qmlav~Z-73HQ{`c(1p$PZSFM z65{&$2EiryTJgJKyZ&fCmGAPE>o>r7Z;$PAwNGHY)6oo;8}K9zLka=J###V?KiQc0 zIZFAuF_&OoC9mP1=$e4vtb&tVOt%#$p#C2C9da#X=Et&J_#VHCZ0G|r0CCW!sF!V? zpzdf|p1EN6OuwCXMUIz_Y441U6*)9N+(Ix}5?YB+(2xU6^NB0{6-ZxjfxxIV6j91f z?5CemGft(O9zHO`NVZ5`MLLaeY2r~ti*w7ZLs>VA0OM$S2n?1y0UKtg(NitHf?9<4 zw&3z`c2vb=HMyV6j?aiyoNhTh18sbJo9JMz?G8jU@NF5)!(>GrW9HA`)bzTM!$*zU z{<)g8c=6v$HUb3ixRz99Wo4^!9%pq!de7Jt7nc7oMUHKobZ(sw@ahTPs*b+7yiGH@ zvfV`Wni-0XRTw$Ac|)!y8`X1LJU`>K+2D_Q_>8ER_zCkmVPa~m1%FcfTpT`+ysQp= zokW(7E7)){j3dGNEE=pZ4VGgxaA0qfitDqb*i;)XXbjVZmrV< zJj3ju3$4Gko2)-g`%hnhoiG##!H7wTwP+pt9ZCZ14H^O{ZZYIdjXGu9>k=NbVb|c{l`wi|ahIwI`N4u5kk`kqlF7 ziA>QPEzx^hQN-dd4wsch;TJQUjwdfrN~qh=D^br2DVKtF2Crz_wU~Glk+scWBQnPO zgxJ9*=e^W1_O#xL&!x@CNrf532iYVN|Lymq$--Uu3A(H&lu7*eaaeg{`NYEtb8Y_m zhn2ZL|He)!R%7TB>d9w0q5e?N%uvv5%vaEC{Gtk)g^nM4Kdqb>>xsRz#_p^^?Rht& z&3U)4%H^qgGQ}^x|73^K{2N#FO!|Z)Y4>t8AcjECJvJ!R$8RAl~7G=yI)@$RIB9m_ljFJrow*w7>MEK{^ zc6eZ^q*=J}O$=>Hnng*@2bo+3aLeHS79O`5Kr-0tQ&>))Sju#hkjpf)sW*`8szjq4 zKzn*zPR41E?c|sdm&pp6kR>PiB|dfF2iT#<82sicqcG@&OPRS+&7jj@FbBn`!Le>h z1}{|F!um!S>`=FoG0>$%hTskkJTUAq`6{F8$N^+3VI&nV(;BXY9Y+COfwjyEINV)sktB*HZ~dq%!)X$7L~q0W?im zKsUYc)vO%zk@E>FwL!yVX!vy%pKT zH^$rEyzQDaUnGx~!q|K<$+Hx`{zwZiVP`OGC}~A@p*?(mV!tXt3g(%bpod)mV^c+B zB>ELzMq8hj^Los6kJy4c^g!qit(-9fDBe)l%_Q2R{{5|y3E?k9s#_xy^|%13ZbT*$ z%!Evx;GOuv+M0?zP0T^=6e+zP0R!n!A_$D>iVV=k!iQZxE-t&A9)l9JkU6Urv`WrD za*_}8@+|918Y>3b3MD7}XT}Ijy00Y40XQuG+&V@MTTD?+cln60RF#$(d(4;G>{d91 z2yi;1b@BG4cBkOHg3PQ`MOAcuvW(3;Wp1cjKD6r*%XNZ9tDB{(O} zy47e)y|!66RuYvDlnQkJkI7w9y*@%oX~zu&;PbKN^B;*Y-wAo>72 zujL=Mp*3geQxlZ?_i~_C2eiPcIxAIq*TyaXsI%4Xft#JKE+Xw7hPi~}wURvGvuWFz zl||276Aak3;u2`qz=+W&fBkF2JA57SY!G8fTlrW(89hK4gSWkPtLLndmjlA0+8ZwO zaDoN>Z!*HyAEPv`fU?7_noBj1<22e1z@eL0vTXb9>3R*yj$O`Yla*oPOi{8z@r1=l z!X=yw=VeYAG+{e&E)nLcJ0_oBt9gvg{8^O1ucm{Nrsns-MZ@8I;>~2l z;6674{pI-JM;fqKxLM3_Qro&p%5Bme8~v^}?LA5RAj0Y#;ob|GUF(`J3PaQ^M4JIG zAciTMTudWG_-?qg<5h08kg={^b9K0_ErQ!8jcE~URz&j?k-UMy>F2Q${l&=}8S(GI zbaEeX{@w6=e=wiS@lQ@ZuP(|c5#zjGe(KEO_#o7w3$k6E?XAzCmvZ_Dt6@;@iAD)Q zda5-GK*F#lL^r8KT4HI3j2?L{jDgzhVP1HAtV_8G@T?r56j?cJPUu*;lWevvH6-^j z3a3WdfE>puS6Jr&WujiWb~3bS?C9;zF9d#)awa4@aMGceJw_oIqOJuNDWw6iNt)$V z@18)n7}^T_GHAYEtJUDi=9Yeph9I=1Ke_peAZb2s+A#%>zviJfDx&jZYBfvTT1}gV zH}qq*TyO!#q*f>bt?sdQC!kZ96sE}B;~tlW1tGhvZCQ_G9$%Z9HFQHC%vMcj3{8& zQ2S~iw*5x~ghS~L=dwLZU9%|o3(@0hQ>_Vd=R=)vF`T3WdM5T*CO+$}^GoMt*v?vU z$6I-F(4^3$tz)U(t9eYddwFfwDZn(;STYMuQ60`3S!S5rPZ$F=nvO=rn9nu2u18!I zWhT4EyOu5qG!j*`z9pVZQTeig~N5s49tlBfRz5*2J;)T-nOtq*DDC%wB^=@TjP;GTtW(HbfMOsQW( zxX*}C_UCJUnY(2*$jnpNF?!e1ltE+CLwbxgm^35As8?Jn@lVPp>e$U_03Ur;=0D3( z`HLMzre6K|Vwtv5Cl$3#H7l+tlemTOVz@2$rUTsC$7z{iLSQ)J^OK2lh_>Z=J)CBf zM^Y~EI_i`(3IyV|6Y@G}g=fr);ha){@e55?-76minJQ@*du1lXk| zbI@=|j$SeBrIQwOUSojdcALk<4lo}Yog~D{xJ@VV@aY)ZDp<7jZU6}f(qWnk6eXDG z-Y)&oU&`p8S{ZQR@t=Lf_|GEazx=52pH;?x85@6W5n&idlcIC(LgKogbs_aWf{?vi zTS&dd783tE^3rKe)`v3QO%bDR-!aL)CO8?)yg$$fJNWw7(d-jfgA&b_tmMUinAwDT zs4+PQ1o>|xUA4n0C&{tjH^%O(DB!IayRaoIgPlctU`b1Uh@4dc$-cZs42?0ca6hv! zibeKJ%!mC}CP9hn53jW=@a&W-yrwrn!MvH{g#t!)`R>nse%th8#Vy>W0ka$klY8ma+MqNNSsB zFavY((1gZbzh2k*Rl5FVUDU>sm(d@-`4!*% z#e$}EZfF($vBB0B3nHc+-4z6kDHpLXzabtL%A!V+w94u%fILg3^%_ehVsho&2xd2m zUN+k#>89PNKs6r|1kV~f*?st1^5Ay{Jimg)&miyrehzDIFrRu@Be37wVLihH^nXd< znOloj|9gu_Gdmj1+(f*^k04sbkCoA9%kub-Matej5ijP4aC9c9R7e~{@v$vL;je!o;y9@ z_kCJ&)nt=$%6--0v+m#jzyAj~`u|ChbB!hIAZVZ51EBHyw}Ja+*NM*(WcLX`|g` z56e~+%y;ym?W`RPEZEk=)5)3b#{U?=JIhj-rgo)`wZ2SY)bH?A6#(YFM!PW8*S3MJ z)F0#QUCTWqNj-bYG^C_qUxxVgB=l(OS$it!6Gn+X7?Mj8RWZ}jgibr5zz;lDZCc7D zWt92>g*<-)J4~#(LqCH0r8O*-${usy+x==~^-Vs+tgx5BCK6*(4CtplO2zsNt^p;6 zf1~(CG>3Ns$6Vnu70jEd7zQ+dE{b!sNnCHXeV0JWB<{65OG}vmkVo7WXh*wov*lM7 z=i^r68yLq>1e~U>vqBfk)o)>C=di!WlSkPJ-V_4rEdq)75`(frQXEWBT7&)ye@1YV z$+*>+q{l$b>=M{OW33Soki^aOlF!Jk%5H~UHrS`BH1xBT!^LJdhI!wQ;~bbCn4Raq zuDG~_-toPqUmp$Luh>Y{I<;528)lb?Q+=-v0!0jil9ns&SX6S%NvtFZQ*H)p(K97# zKnl@zn9$nouIZ$Z1~F29?C>lAJ-Vl2#TTV>{Yc!>iSQn3)CJDf3YZIqacH#VGoj0W zD>r|?gacSE-s;oToj=XUq+aC8rE3CJiG`u6T2S@kY zr+~u1a7~-+oA69MEd%W^>5RGhz=OcKjC<1(=0#G1MW2}~`GCkae~K1r3EnooOY zwd2-=NYaM3P8KJm`&l^|7gtpYAO^=QEQ+Gh&&$yuy+Z!ca5^l%f5#|bzP&Gzg*~@N zUU{m+Yt~4z0Qw}Iq*X#SLjLVdIk${5`|fl|3qntS+fRmWlew3@Vw4%7wPi%y4wv)r zL`e`**<_garDAFqMv_1o_uB8*=(YOL=dhOz7$__>m^2w(cl}Ni$U6GsLcic z7)CmQv-}iTDevf(BTnxu9iC>epbv-B!NAE>NXaAjldB=vYj65F^lyu?#$b|&YKNv+ z7*!^00Sb$YA&)k6r>vQ_*yM0ec*N5m{->w>D8ql~PqgH=2`w8XSr#r72Ybh?XihEf zq6kBiDO@CEat?Y4 z!Wl-F@d$32+TE_cb9G%1&%>~fBNJbhvD}oaYwPgH#3W^O4cb!Zblc`H`G7ONN%JlR zj^%Df>GYl~mb?CE5NG2@z`zH;%NjWYqQVA^aVmP?sn6rGdG~!H)nzSia?Vtb>pb!JX z7;M7PxHuiB=eQmah&fA=J2Z-}s9b@}G3p1rw_eKQX_zbMks8`?p#UmN5xkOw9m!Ia zigr!OY8z%3Pe}raY{O#EH{bkjT-(QNeI9RYKQgwwbUSJhk&{q(7r%=@M1&!NILWY+ z#EyW3E63&?CLJe+Y~OM5iF(p7XWkRkr=Cc~jQi6J*8>9J%(Q)&57GbN`vaV17a4~s z#$|JsK_9R(iebj>#YK)M+cEXLOp56kS03uxSOn~l8Vw~}XhO#8*d8MyU*xbD%L(F7 zVl+ZTZB`C#?SS-P%*bSsm7x*@V^M;fYMQiFbaxW zKGdFt8~BKtd5kK~rxcqqpt<&J7Nt3qKBMEziFp$q#cGu1enuC|R&@u!JbhbNS#2J( z$Eq4uZ_*z!`%COFvDsp5Fe(Wr5^W^d2f_79U90Uyn%7b>_HK2i5FHrsVE`JkUK2#l zt5F8r&ep(ygv06iaWbxT!nb z=J82)M92V`?s~1=us01GYsHrVS^XdpK43}G3iUP_+=a|Ga`(18K~Xxg~-nXKhTD$tZHXrT!!#HbtiGki*j*na4T`!meiHz}SK7uoo6TJo(S z85BJN5&0bGek_kS#PM#90t_*aj+VHXY0^5CQ_Riv^0Rh4o@3KGPcGq_t(}$ zct|4P)zirx|CVMhKccS!YUYpo~@S`137OIK}*W)Th?{(80Jrt#nC=&RhDaLm*4SMdGO#I-VdvK?C@e&)hNan zgVG~nn?~&j?cFVStdqS@C?0d(_xNu2G@De%@qzd8(bMVlFljK{VmfIg^$Z|rw7#~6 zy0Q(!7BrsF&n;ltKrs0b(W)TxRnV=cD#bfPHX3KWbi!|!DDuj2f(kLdYBoes-6jNe-O;Pld*4yI?`0u~H%h8k-_)6M`+I_4G zJF(prV}vA0LW=}6@IWp`Lhs5dEaA1CJ^Hs!!sEaRSlxF!e`obso{jL;(( zewWCogi;4uI3X?jes(-Xy{C(U^O%&zOc}hYkNL_D*o^VI4%JWDiI&>`h}V_9K8M4C z)-T{^viF4Ok!mW~@!FPHfOi{?cZ3i7I3uQ7$$JmTb$kT?Z7Vn~_P8OczHJB{bBb81 z=BSQxof)Op-f%RXl+|v1OsNiP4OkU%oWYgYKyV-}LGgrO^|2%40n#lObwx3njx6+& zq!6s%;re2up$PLNPX|RDo@t9~5*Jd^=u_oJ4KQ4HPx5y(MQAACuwLos@0yl?FlVA% z!4`?Dh9+4ckC4S3gJiP;lGm$1`J;o28`VJOZy1UI;nKFVKr!h?4M_YH2WYa=L?O!S zNexi>8iy+%<8YbYHDLK;94dc{109V)W|-6f<&QIga+Nsj>5%VKxO{7R&{g97=o*x) zGTxW$!PDdokM>Dn#Lrvr|}!6b3>z@Xot59}rUZo8gHa%|Zsi)uzA~lO7v0 zd*BY6l*!<|9|bG`$J(PT9UlOXgFC=u{JYtqHvFWWOpyCg&^G)A=kM^XZM8p1CsVlP zHFw9UoJnr9n3|BRt*KHyoTAKZ@9=kR@2GC~TG`&I9dQp3#u9!Ztm|7tLHji6`innZ z-tTR_f`Xd57!n%>>ReW5< zI4%)DGLM4FL4nJ=W@co@qwTA>c-3oWDGHH(p(%QaDX{)M9Zu6R;MDvsJ08oQD7;|+ z!ky7LAJA_s{rBn6WXXiT2UxT-J)M>qS!O>QO)}I#!QU@?lY;+x0oP(Fe3JF}&m%&W z`p2D3*szR*N#IxL+Ckd+Vhq>Yi3H_vNCN@J6Tut}^#E=B&vV*uh%x`7oU(v1|7Sqo zrlZ~){F^Ywnz_OTn)ip=?!0jc4ZmIEMQoR z(otpETceb1zIn?Hxq#ZxK?rpW55;zv8D@GuG|eq4Z-RPpEapIjD2Q)9Zbi(;Q={CP2y-lQk#L%<8{xnQ5? zLk5a_pn!iJ;9qYraPR@{kMD40@23LiF;RgOpjPhhW28@#k7?p22@^#+amyf^Bu}0s zX(@KML}AM+Vsn6}ppkU2vaF6mW?_;k*!Ts&carBxe-=a#b1PuJBfruq#u*>oJSYn-a(?^EddZDhm7@3((RHHI6l3F14-4H zxF=6@dOQH409n$6lrCQ%JQF8BEi2Q_du3Am|Lnc{cN@o*Ae>*BbM}8|!kPhKf*>h7 zcFc#gj%1IuW7%Fyp2SOYe40R$Y#T%)Xh0-l^MC*Dv+7oLH3-T|vh(fu%tSnH$2C}TN(pNlB~c|Qo1CsJx93;u0Vox>ztF)=ujfi=bE5V?TF`q${ua#4+z zH7`g0=68)41JoE`8KYgSa=u&ur^T(+C@&fYGoC#Y*l>`l>? z7Wf_xs9#=CC6`0Yllj$5KA6h*vW6D8GK}Il$co|R&@n<}$WBm7Vl~<&=@S5qyM68M zK(Lvfe3)WukUgVx_3f*VD<$xtB(4AJr$OCr2RwX5==oS1#PA3i&ucB_g~& zUA#tTB@R}v9RnZEx^Ys#L)$&EtYDqIb7(^SB#mPlTx+d!@;0JJ58mK>QO%nxz;-HX zdFE))f$z1PjwVZ}P|~hr-4_>MRY((lMSI`U9}-V{32Ls^X^Xo8nlqLoByt8^B`#h(pgfqdkJlJtFVil$bt#iSvxlq7=GDjUrWVB_89G zl{srNk)c7bd*AW*u(OGN`MrIcZn5RJ*faW8AM79Q9PBelQz2r46+s-VSt+wxz?#3NSTiSgJLMj zqs>&TnHby)6b>Oy)NXM`?H$H6mFcUx=9}dFcX(~|7L|4N$B*_8{!Gs(1-8491mNQ8 zlcLw$Q7$kL4B!`%ka9W&lzOwJh@fmsWFX?>xztE-A&5R(E&!pUGroco(P9h=lyA7k z7&Is`L{Vos4VV|q1F)R0+=QMqYC43VRWq$y0}6(#N@I8ui{!E0oo>JY(PVaf`eWR2 zB`aFaqh^ZY93vYn1TUI1A-^fCC)+`_0l)A&$>LK-gfW%rEo@OD^9E5~9g$%o72OTb zXRN2=1egHtKx)CISdjgIp4!;Fkc7j_Y4mO*4F-DwxDBJ@c%cnF*LYvuOFRV_E(P$e z^V>u}2wo5Ag`)RR!b(816M+?q=z}s=o;tl*OAcvpPHs-fAQ6UeWBZLnA*_P%I0j)r zk@eYnUkQ{KmKBn3z_*#?; z*a*>e<&(Y;BvyYgoK|>UQF{_D^S(7sh0bA;3)ZURyCowQ#NCvM*H!}&5u;=#Ic1XC z4E&tzOtRd04>;u*lY6q!D5w_H$sIlOk0C!?8}~?JWqK@Ol5|l~?LysY-$=(iuty`K zCM^#1K)o?i`}#uB`vH@}4%LY`!r5#gyMY0;_>vd14cb91%Er0}yMB|;Y1la~M>pGJ zoKKO6tsC4uZSkC62^_Rhsq~*6+al73OhjctioZ`zj9YT4O75o zvDtngknJBOR4vcTHzrg>IX>xh0qMu8j-9OQV?{KKlDsBt2uONSp{W&XtoPo}o;f6d zCNWGNS~I_LIxa_qhbHqPAFnVZ_(gdM_-xGYQlRx>E!-B1vY%;u2s9wcYd;MXxbf)E zNgX$-NXM4-096%JHpZ5o;FDLxXFcOy;MI9-r3Lc>vaA?F3-Jy@K!{v}24c_ne)cWw zJb*R6Pt)Qi$4a!TTgXZZuV^RdPQHMvo&R#s%$zB!92HPF(bO>981V>z|Ku*p&Pcg^Gb^vL#J|x``mHyaaamcXLCbG@U!W?d75a;9 zc2#Y%quoU}3bJzN_aRi~V=Vf4H9^oVCKoVIK=ID-A?xC#4!iDhO)>X}Ge{8qxCs~xzcbJZ zs-5ash#CqY@Xbgr?gHRsfUO?f$o?kXxE@-f`dZ5q^WgmG(qPeW+kJgx0(luXoh>OhIqiF0Zra@l z3bj32u;TgjxkCwd~z$;d9vS@S=bVi5$v#Q**H zK{i)S)STfMU1+UpK!bG+tyilN|3idbarbEc?xDx@UtV9fcFw_GH8XqnV2C2c(Q;lB zliR&B(H5FkdyfEKX1&x$7B9Ln0+o>dZaL zA+~u@o2Xo(bDetN8dVd4E@z91T%e^|p8g%UCfTL)sv?}a>m;i>2_sh(VTAx}S<9Un z-w(4Kd5cS|kCn$`LD>6!345P70oh~?hVP!s>{@nZ4Hz`UA-SB&LhxXlUtSXq0 z^$(B)Glncpie$WI=UcGGZ)bT)oCW`hI%U_H(7T+YJaw;s%P1>k*8Fch&rF*Uj?K3# zgJrKwD=t-8p$^|eH5j=*pJOn{k_6%+(h#8H>8)k4abbh(jp0No>xbctapj)(BXr~-iYZ@!Vszs+$VJY7@cJfYp6*h)JPee|=fF5^&c)s9yvyP?#0$ zM*=cfc_rf*%=3VAaz}$*^ui9`>U93ioDS-p^iJ?IK#xuE4BU5Qza7<^?Y9=n4U~ZO zP%YN1S_envB(C?IkChbPe;`Np@cPZO`5YK{(tz|F(IfF+_1&jISRyji=}~weeE$0( zn&&Vp8Sr$-vj1E-skdYQ%yNq6N z@=p%4Xh<}_G0@10wr3hM#=!J`=50O}mS%UY_HF zq9$U^rShDp0>4PG>;m1s%%UHEe7MP8Ixy;WNekZXuiM+A9_6#bjPgNaYjeuEK|o1+ z>$VIIeYBWQ0PZlG!vRJ)vx7SgCdQJ^g38_RDW}5A^xQ(btUc1xlEEk3;pJ=(*ly^^ zPWi*PoAM4$dFP!>*&E}B(?tnQV#0qoB*}&AzaPz?Z0g+fQv>B>-O3u}k^HJ zpCn_k*{P27$wNolXK3+Fguqp&PuSRfkGKZp(u>9a76w908 z5m%{6Pb67r06~O$12Lt~1mPbo4q(9u4R{YAoza~YJyLhQUeu`YgEx%?mG9(HBVqJa zKCc^1W>rm*4xZuHp1}y-DqZhAcY<=#S45gq3RG?YDKdQ19nCw+OdHkrhys?!HsUrp-~j?=Z#vYt|HG2%s&pYr;0kCMM=pstimk)o9U zlGXFkp`8`F(Jv0oss?PwXNxk-x#frB53o1#$9*G{p2Tj%_6eFw=?bDX_-Qs~*_>oF zM>A(7i|)T;GFjzP`PY!(CK2p=15N~AvakxOT3#@Iilk~=Ybj`bT?-92b>CZOFdxSa zQJ$1VF9iSLSvB-bqQ~pSTD+m^?RpKZ9gDU(x-)Z`xtV3h4Jrf zqY48wO`Ukrj|LsPRA3Spg|rHzIa)}!X)-biK`U0Rw|lE#i1ude_d|9H469=L*^>d$ zi)CJHXoD%?M3U%};Ah~VW8ltoU}9Xr%G(5|+%+;~bi*i~5k|Byp?FyFW-jekOAqbV zSZKP&Mq*a}tt}PP1LZ@1qoU=cgWfBh48sYYbPnJT461+9@hRZcrR*r9lx@2Q`}?!o zqt2eAP#c4^zUP`Ur;7;!UFN`Eql31N+cE21!#uW4Z)444n=?m?Mt2uEzNkipsmP8H z|9MLPsIkjax*&(yDVCwc>n{Wd^yl|yfehOuHTu!R3KQ)d)sOPO!8kzE!47h68ZN{9 zx0+v3|M*N&U;yC=|7g9fAP=MccoYxk;x^jxr11U$6BW&fHk>1|f}?pgnfwK_2()#} zRWNB@vs3>q?(+NlyL?^E+Ioaf7TWljQ5=0$Ehl4%az{Sa^dRkV;KA&?m~b-Xt*z5u zaCm#!V@x9i*8~H=@}dV>FWhmh^ao$*`!j`PF-E2&e0){iopQF3ha{lI-c@(;c9HgNCSi9?5h6M>7J zoQZk$8PsBP0t(iE5r>4GCrGHeuV--3BI1-dsAjCx+V&a+R6b-C77f- z3tbhG$~lt2tre*9Tw{r<_bH47F0Nee&)OHNXS#W6`V^NTp+HXMUu;dU%P*RK`~gbF z){U}+*&I?{Y$Fzr$aVL-EjE38iw`t>FeL6hCy}H_N zpGBcqi8o2H)3!7{GRb)9j!KUt1d8JWlP;^8&&6I15!cuFN#luNLv-ZjS4hN`&8>o$ zVt1pbd(B?&Zt_qc1v@R#OHQ(1I5Ti+Vgsg3Q$yY*z@5Rxx#TdMvx_GM)->P9(hw;1 zYZSZyiH!Up&WPUPHqMtUDN`ww2g)@%xizabIOnFFwPcY8f({SMc&**D93;3gQBTGDH?DBQjJGgJwzH z-467a9r8nG9H9~BQ}s2LJvPu>rFTch*eSdMdJtzl+TnrSSK~P%CxY*xi04hco~fu{ zAZ#%5?nHh``1`&Ue!5z$`AR;2K6tP5@Qsb(fERS4Btw^uIK7C99%J;>E`S`D*JQQ% zkVDz{L|QMtII)CM=Sx|fRebb^Y@ALWLu)~cow^Nt;mUaK1DB}X7k15H_l6Y z2xrB72jHHK?$M*@y7lc%@>k>;xeM!~B1YR1BgwJs&c49EUC|Y3zGD8)FtK9S@U)fE z4Q4EIC(on2BLP#~;kytad2@kxDkFN=A|eX?;)oWD60fRx`8T+em_U!Bfh`xcMkA1Y zlKoMr?1jX@I$XG`+k$2;_81vfZAT^{b6p@eoZaE}bjetIEjnO|=F!)zZXVLH@f zk}qo~&*QCOQJ}v~4jadc5QAO$?n&DO?>RcnYyZ%LV`6RXv!n<2y*W6^w{7Q-J>7S3 z-`j&jPO7=u@7+N~;y3PR-Av!jG2snrKP6mc>X5$oha_AsH;7`Qe2$_e=Ye9iOqJCz zDY6x$XcMKJ|3qk2#b}&U8H;hT_%FW&C;lx!e1PRB{CX|##6dskMci;u0E!hciZy%N zg?147r(krRII{mZD`AuPalu-$52sp_Abj8&;#QtTCh;!xi4{?zAnr|B+`L1fWTbv1 z;x$y1a#_B>4My`j%{Us*j?XESQZ@B$)LWZQO-R^~RZ3dbnRrkk_hUX7gEU(mfI|e( zi+qL2&-zANpeFauM3uW{B`_6RvRrh;&oKmRP!ibYOBtHx_X7dAj2{S{j5l4wIYIrU zgy$1hW1Gbrc>n14VY{{bCR}Da1Jv_PPb4`UDgn_5i+_DL>#B)YSob0y19wOj@z1Z9 z3u3boR$y+9p}LPXU6kV$qd;rpeYckR5?iulOA<$MbhL0cq_AsxmLlm@eu*Hr{mI2A zS=5EflAcB`F)H{y%8*G`(>)0Tr2*Qk_OvxKim7A;z>a8)l|7QyBB*f@KQ`_t(h8_w zvb0=`_Np)RVbD7m;*M#EC%w3X|R>?ad=&HJBX&{J@yx!sXe;*Zu}I zDgn3i*)3Z+Ji}Utk!h9nHcpBrl9=4aN@*lEW&*7dyyHDwd^m)QPZ!3l0Bp}-v8|mr z`?sKdY|^%AyUYi1o zjTSuc$ZtaXp~Kr&JT=d6=*4%hNZ_Mqn$qt^TcivcO{Gv^)@i##&(^Dln};`;eP2we@XO%-)tfw z-2P#XA#okYUWbxY;Z%O=uD(DYlQYp-?q>VHeKWr;II^eE+oZGS*8)QvlSe(JmuqY+ zVcPV*ZoH3e(y+wVBFYH`_g0pd6fmzjrtP+G?YCEV!uwxql8#{ze!#~x4p_f#rAm35v%iG*kMGHzzV7N>sedd^CszvW^)vwou8tbQBVGD}m`l zG;X;$D5MijGz##y;r5_xC0An2c5yQbbKoZqKf|d&fpqDp_0SVCagfQL{gxbsmD-mc zRcu>sOjlc8dfdiI|29VYzFiHC0F(x3^tQpEFtvw-pxEGC?uFNQ2@&n_5Xen+WoePk z0Xo%FM4PNNzzE(f(tum`a^t`rKF?ni(%q+4NjOzF7xdrw+7do>30}HQOubIP^T6xA zZZlhCRt;Xj#8I-_rx$D6zhD43d zhK|6D)!4VE%^~7C&O^~HaVPPDO4Rr+ewB(TYOFzCIa_q>xj}|}sv+GC%(H+h^_Xj^ zdC9d%R1xy)K_aT`RHnDFP|BgXwF{RHdR)n79AOBw3wHmvirn&ccDH-?l?vQOJyHeO-EPr zYFbKuQlE@CaG8%lvEA}RGay7h?NVyp)ul-67R8yVIm60_$<|y5&AugQftTJ2cOQvV zj~ck3{uDEr(B(s~=iWB{g^-V25&eB|hTNr-Uk4HwgE8DJ7!8uGq8pvRJfoZisDsl%=;x*$#w^SumH;m=G+Ep_H&OjXuJ=qGk6fffg%;X<`5W@2|y=sgSebdcR(>KOQf zfvQ~!o2PtJd0yN@**?EwtL!-YsE?2LS)?hIEeo<&k;kGl zWKHH2bwNn5l&soNlu;0-d@>UDWt{H>Z6Vu{+%_OjiN_DysYk|A(% zO*f>QM?CHUIsy%{4;iU{?qwbMg_qF{=A_b zve`a03FyZzbtrbAvGl?oDHPid%~MC^xqdS*Mg=Bc%{b$%VsSUOW0*65t3QHcH(9~( zB6ns9&*Exc6r95qV1SboUBC{aEo9DtUbp-<>STkBmD%oQAMg~N6=RUQTJ!npy<3ILg;cPob0kNCQ7DGgL!uJh;r(*yq0t82NxE`PIxx`zi zE&6&+SQoc4IIG5yYeF>Q!Er>J|T7 z`=a=?l$TLHJhvYv6*)3M`876>jBAolv}N?`>t@Y(_?N!7cmgk9hM)WtR@f-r-)iMP zT~y0?@Qsr8!skf|ltVtzJcsxNi))zvq{#ldtniwI;45e3|9fR^go@i43lKD=wbwYN z0~V*d;n)aFEO3-!mwY%GBjIa}k&tT=om!LU9<~J-h!SsRnuAUQtx_TFABP`c8cP)y zl0?%)$ZZ=Z$gJ*HdipUEo%#7WzFawO86_R^I|gqC*?DoE^9KwRZ7C1*TRSJ{v+Iz~ z4<4^whGg@5NdMvFx&KZ2bjZ?>t^n2)j88%vOY~7ms|l~2;3Ubp%?Q+`UbiXWE`&#- z295ku^a2a3DiSStY+b~AlBoz6Kd)}G?u#jWE5|-hTvzBzcA(Ta*{%Z>8~|rZWy3|q z+e0?ITy4j>fZ}X?({2#yJun=PZva}7`5Z=0Z5CG(ArUSy%yAXhJTeTB0iBj%!b?KJHqzn zs-R5GxqGfP;w4_BakV@bS5xY#s($|T3LZr3aCVJZ#H_;`74YIq5&0lfa;y{H+F^h{6jeB$EF%ggEBHufmk?GQ;{2#oKWsq5QN(?F`VO4 z-8RV|_v8c(^RRXD^D%t>#0BTy;u+xozMmanaEo4|6=s9jRjco>NMAc~kc;9mh{_0DkMO z^8x~P)_2pNr`63=^3cYRg^LdXiTIrPHA}8?hb2A!Q#{s&Cx~hN z(j(VK{D6z(r6T1)67xlu<-4h)zjbo!E{vXnStXr;=BC__Qo=ZCJf4vJh;X#~5T=EZ z+4Q}|Z+ba+q@8Yur1Ac`K#4ANEA=!5Aua75s|LV-)`yc9uy8jTFC!g+u610Oy6%amFx9WdFfYS8`F$lb_X$;V+$mg zLrcdi-?7jcW>TxQlY%34Z3#e1$t8lUN=&}I=2R(#A3ZE66vbx*?F;6`UzbI_@Mj{EO!L1g5naayx6a&fz^ByF zS-=QOSwCV>s^x-Bpv)al@dZi|^+V?QE%}%PBlDX$nHE+iplxNPJ8kS=ll|G0!D(_h zjln#p6B|qzwjd<46U(?&D(*5HQwy9Wo2D&oJv zH9p)W##`;8goHMJ!{H2=%ZGbklk0*+{d5sqd~-L5-vetWj(ws?#RY&d?jNQFrJ*^I z4dq6Xhg>3f$|sYJd|4NgL48)uDCJ-xCIb@c+tPg;s` zfpriMI?hnQIWFNEp`|PNI5_VH*AY=#&XMLh5AOY8D46`CArI4QUJnfFv8d3HU_kdm zavINzeG{hO-dfl(!CvJ2TWFqqx$Oh^5>K#S#b*& z7$++J4P#B+Qr1Z)uQp18(DG{W>)L9pg!BkrxdqK5{^VQof zYyaM5-2uVEIjGaIkT8;wTFh=Wk2*G`O}%-EooYTy=~pkceT_FM`5LYbXAyY6_H?TZ z+vAdm?oNn3u&Hd0`}h5&M^1q2d{RT4n{> z6dHVMZscJ@MQkp#O5eoygC@{5M-QB-*GG921$AQ_@Uon~%x}2^_>8Xc@amf;{IRu3 zu1Q2>W<4E4yfT4l(UPa`uS5D2wUdFg-4i$TQ}>r`*Q#v#l-pke0G(6dx>0$7#A{xo zWk+#~%$_p_%$bNS-(b#g=k*$FZ1e^W>=iR7!x3)2T3#3Pa%5#?{J~<;bT}H?31@0Q zj;-van?M|?i?{MIswP7B#w-RIi(Kj#Q@RZs%*t4jwV^_5T9!nrDMzSqgc%U0#T;E% z_Ijr~yJt^N_jf-z+v)#Mzuz1G`ux|MU;q5;^{+2~UH$rf|LNZ4Q9>FlT>x2BjC#Rt ziQS3{coml_Ln`H%0}X?#kGoA?G*jO3xpNL=vw)ow-<|?^0(!_2+~;dqPOUxNESw)m`!(oJoDTm=wv_s;({te_r@)>`78YA_# zx8N@yKcpF4z#1}zJJKLJ<@5b?r>VG}^fVP4)F->FrDqZ!Oxr}7Ti!B}#%88T%M>+~ zB8FNZ@v>M$_>c@lC=vDTx2KDVhsI>OjHWYNv`V~xaH~o2h)w`E0qQjV`zTU9M6oSqn(Qz_NYBe#22q$e(Caos^1!V zq=i8RLk7H=iXnZji)tMDLdqqNi>V;?zjTF8{o+cTvWmnlPaF5)vBH^%gMMQO2U0}^8bmj7p4;vJI00`VDVQ{kVU<8o*d^utWxB-lg>~7 zds)m^VW3S7aMO$BWBnr%sqyP#_CUoH`FPAFcAC_kZVFLI|N7o-zJJv1J55seNmmTq z;&z-MOkR?%laY z()5n5>jAq31HIL5LA&H`*)=m5aYtN@s<{1h(R@wMTxK^Nhx&B!ngZ0vQ=oEF8Moxc z#aGog^Wx1{=yn=3iNBhL)BH_&Nfvvb*3VnyXz4oLbY2zLE}2(_--u$?tPZ!@l?S)_ zCCWaXz+l6qEdLN*nrP7m#pFtYI>8gI1@1|bAw&C_+viZtB3G#up;x80ZzF02Ex_!) zke9ltW~B~Wel#l?(9*PUK)#0Dn-B6JYaIA38lZIXiEHO1a{66809Y>RHul&HH%(;> zrf_g%N^vmP!(BxAP#Qi#VknlzxU{vuj>VhTjZ34Ya@eL)Z@cBzJoQ~2t`8QY^^5>0 zv0-S~=`IEC-k?pMYotfm^?F2&H3UlwnUqgCya0pF?!h2S%m$x7LE!80vmr3!r)`jt zHprj=D*U1Q@`vu*;Bj2a258)$iy&=%#d{6JDKA#{c#@wNlSE@F@Ap%f9Rn&fK}kym zluV^HpyX=Z14>%&9#GnO3s9Q!B-elv)>sEhJFTGf+aYP^ok9|&57_{c+_Ah3B!!LF zLXuGMO<*z~1fIgGYe33Wya%XEO`+B|ffo$bN_pCuzIhr#PE$>6qT!QXSZ*6N_FJL{ zz}sxdA~cE#)Z$M)lDBQvz%RW65yd*?ONY1KjVi;`FQ(s8U}@Tte!RknnB_g}I6Cq^ zXm%qh`9L$@$c->zV`55>eGgrR=A_Uzva0$FBL&5PM29~Hg5 z=g;@Nx$!Cdan|>0jYj3Y$WoabIBkW$$cr&u)M%OT=SQ?ubie-t-QFa`;+E|e)A25X zeW#m1stCc`5kMgv!yTC#z07?NL)b%t6zYvVCqoe;?!r2j{`e*d%4jG1?L}#9(5Z7GRbF0AFr6gD8;xXt=2OrJ5yRK$_LUUIg&)HgGKg*(K9KekKLBmf1cMu`0qkOl zAeI5ULB=x8-h8{pyZ5bo_`X$|63>)>y9aPIFYs)vIsi|m`A)RZEO_cM$Hi!Y3ApbJnQ}I(_Bs1$!ah2C^PaYid!jo zuD2f`n-~Xf%tJ~WE7C-N_ZXpbW1Er%6N37_0BE+&8gXX7{_2)x#ho5=IDsd@oHcs# zb)4mspNJ(a)&LBW3kF`cHlRP&5FVcHfb({@-GyQHqnJHucIiL1^yl55sj4^>``&}| z!Wg}*$hG{3`Le+iYhW*)tlPz1$_byIut}7#^3x391h=6nm1t!5as7t_1YOx%6>K#M zDPl~kk|Cwr9Bh)9J{Uye_>;Ng`ppJdF%M$6*Qxr)f#re}KBYARi=hf+Qh%F+Xl|Fy z_w$gGXaN|f8g?^^PoHYYp)>2;jYnj?bPs5~ad~l3;QadLx^0K(AvzvORpC$NF~ysY zC}aDT=U~>3u*vmXA+Hy{**HKoy{?vZfiSIXfCOvjY>GXTYw3q>0wrKem42p<0Nr#9 zpNHqEV=fnML)uhO_l?S1a7ft$rVkjsx#HG^hIb#vZC|V3`^H{Ba7PVqceLr=_O=b@ zg|EnZq|kR*LH6N??t9^cm>Sx(FNfsxV8ewVpV7&};4b_OCWm-e-{raR)~{ z>be`a2~e$rrM81j0@6lDyD8)*PIm+7{U@F;pMlx_wbBEZ^sd*|^?-1iQ5E?TVu(q` zz)pD`qY8n2%4uWTh>TwI;R~?7^AWIuX_QMz0Bt04)6_N*2*Q0qk zTO6`Ccc;zN3OdJWapQnF6q7+b%*fXzFc%cJ)#;es23YDJn*~Oy2Wx%2krE;c)em(s z!c-M=%?|2~b9xP9OEf?6tXZJJvF0ejheOA<9lezaq3AEyD0q0AI&y6QUGO#r?@}XP zk2NNA+sksQ4pi36hyRRxs7_AY z$r=w3GK6w{c)mDko0RCoqa)t4HnV~o)}wVY_hxnBjidco^T;`PO~}acm$wfH`(0zC zX%qjh)5~tIn5Bi?tCo$z$zFTk^J}q+I(RI9M*(oqjav^IdgtoE9hzend5TYhjwsU~ zt!s6Bk~Iy>ToeU=mK;@#{k51wx>icUl7_u&<@fy)hK!G1;**a4)d}%A9@7)oErb2F z1Nq}U9zS@@?8C>s%4f9)BeWM>+zsv`rLT^zVqnc@t{f5*F6|RxHVq|6qF*620`IK| zTVT<*oP|&Pk-LZ8ro-31FY(R*``*QudR7%s@43~*GVCB)JAF${BES-YMX-bmV7rT-g4@SN?g}(#t{r;bg zdsmwn$s5#rlxZYb*-0)i7dA>`*Tx!21YTbC)^Z=d}^Rlw}j#nuQ za%7aaCLz}Ez1N}lfw$yC?B*9Xf7#Z2e6M0VsfG`HMU^!(<2`R5uQjBy@dyR@EvEHy z4i6C}e>CX}&#UEhTq9`y|Iw-b|Mn0ONEd`)1*kRvQ=2AuS}n?p)iZiuVvoeH=$mF8 z)=1EM2oHLTZ1c49S~cabA#tUp?u7~RGxImi&&EiIn`WQIp(>sS zIYhlJfrR!&OboA}anlSvaMF8|blvHR53@E6B?~>%#(7wuVhTiDy}CmOm5fg`R&?KZ zyW~gg5*@Br6;f~?%IhU-#DHEE1Td}0aS$Vr&j9gG7aZ6O5zDT|nDEh{ByAwkx$c40N=hX!f76vN~M+1JO$QJ&&9`&h!J-V?6(wE0Dy+@tvN<#ZguuIAm$CF>)> za^Pv~UK4XB_FW0chYudx5dXoe@xkMMh#nL3l4$dBieAo-3P1A3{308zP3D-M-a$V| zJe;@%6xHm8;?gW9V+@2@-N1}GXobB;E>rbPw4(v6B{ybnH7MED?>ED+q>TXYPcz&P5L;~I?;c!#8ZS6=j89SO z!lYA3%3{n&MKVwOzS0?zQ9`h!5HKtraMFkY#8GoU^Quh*Uh`@+`RM> z)zrOicc|asVQL!2t2>h&*8FnL{bmlwc9u!Z;lHQ6I8AGZk`kocTM%)I9(&u@egG!N zPP{n~ChpzVKDB}ull9|ATbU(#!pLK0IVabgFsLW{-{9{(lq`hdrmVkBOW1`*n!r%h zZ9mF#6PX3&<&M8>2hmX)sRl!6YDuf&X_qO1N zY0G@>FNz3#n3meRK7G+)n|%K+nO!A99~9A*5w@OqD!&4U;*qz4JX1y!h|g0nTQ z?NPJl8vYQNBzpIb6f*_1|p>kbCkfx5SUs#1?H%aE%bY zELo5sqd=eDWaZ_wn!_`WNVwh(gXadZNC6REk_cd4%_I(%3nLnSJK}U4tRkR9Gw>Yo zC&!23FA3;rGM`4pE*7XTW;BX^wv};2eJ-gI20GO>dy3s9l$g3aLKN36pU)N0-P+6g zQ!MS}yi~=*IpJEPPp$Kdd|uM4!l0A~fCS~a%WTIMp1phsI2Ul&a_sT}%!sEB)W&OOY z(R5)<@&x-y2z$}YByRX=_eYfFX&d3n_*?f(7<=1b!0~^8qd!BC8Rd(fTPELjOEea+ z;l21_Ub8edZG9ILOwCU4WoV|!P+`KRuuNXhlJJ*@_ebH;E9!L-S5S7$Ij0tQgC(Ld zQ9X23T+rWS+@VLkaWx`XKqIYuyo&eER~VwrN*~vc*l$f(>i&={3Q)2;u5PALRbqKR zyTvec`Q#ZY7HF-Et?&9hhJXBtInpwRzQ22sJ%^Q4msm(2o>jBeob1ASqki^yfB%o! zw_GcguuCm^Ie1m@stNCT0T0LLFjmE1m#aP^kZCO(O^2O_{2miDC<%?&Z zef8?I;o^3|Es)0lw{O18dhkENSM7!(xxb&$|6DB=v%|eT*tB~1(_cxG0+?p+yBB-W z?4K97kM$w`*jkoQYhDb0s`cl1o?l+#6*Fb;{1wM* zJfVZc4vDZo%sRxY_#rw2`3|4(pTw6}i)uyY(ZAz5 z`R$*}G4jJ5{j=GNt08|zHRx9nt}<0a*O_kZSL(m}+jvusktFHh8PSP$IA%CnMzyd6 z#YFi4CU6}dVw5F62NGrsC-DWq+=MMw0@USaWRVyPIG;8v@rT2#I~^2*dT=wS;h&qq zv=~fpx;!5J&$49T1R83Al0BIi(35!axfgGqOZJ;op8`!m4G|)54R7Z8jKk6IJ!vUy z88!!6#mDTtuAm${{la+1Yr61UEfZe z?8(u$MK+v&!%G;?5%cWzy7XDJoU-j&@il%r&zmdvA0&=-uVD+tYg|ah4sNd73`WxI z-rCZJjr(}&JH{(C?jp~w=EcQH=eD-U^JX*W674eQ9HEKz?3VlO@W<<(u3CT{`{L zZ+a>8BmdT~DAvCK0vdX~BI&;C^KUQEwcNMk-(nr>cU03YEb?=zkX`3LONMBK{R=qM z+T%6Tpjs}-loK|4pJHOL-XS}$=J>u>Q*Mhq*~{v0 zHopM5V{JCKyx?AY{n(OOcW&rutwxq?iaT*JLWq_cT4}s+!KdtpbmfqNtAEq)hy=-LoU*-v?rsT1VC7bl5vHB zGHI*s{IMW-GYhJ8pLV62?!PF4xhf_zG*Wi>6DoW`WwLQsMBo6TNF1tSjhg8=zj{38 zd*OPkX9sl_%#A`}%_Rc)y78dE zpgMAPh!BY~P^Lt~eBTNe;RNXDE%{>rqB~|ufus`RZUV4!)M^8)+!qC_*}S@49fovn z5x|w_BD9j0_zGV{kC-dcDvr-^HKfE>X!M~)EwGz7I>W5k(=){nhZ<#X?uDCtxv0LS z%I=ZDA7;dU^FqyCgRtb`^W^JaA7%l&^Dxl=4NHh`j4%C%+!@cr**oK*z4gw}3(0{5 z_&N3zDnGTgF&QfBui>c;vJsLb*0s14e;3#Yx`?*G%}NWE`Utk422kB1CTHn|S~rnH zn8O4DM-%nZf%XDX#VLF~a~*nY0u>S!wIk7@NpcGKqQJsw2xVt98DU}%xf?k%lRtsm zdvS;DA%W^RN6OQzTTJQn&}`J5WLxh{L8rUsZ}&`3N%^1)Exf0#mv2a86$0~8A`x)n zP`YxFJ@9tJQ;C=4f&8s@iy7BLWr;g6_0Sn)Nh-2GL<`h=c7r&b^hwaCw&w17s&L2( z-5F{Ht+1fi;}UyUJWJ*-3lteK(#@3eH1=-FDNu!|2CGI?;3T+=KW7}L8cK)tXkJYw zL>&#X*_Xw|BKUv>8nzf7Fm8v>8L)fFf#j z=8uSUa8(^BqP9g(63x?%>^f`qL(UYYE0_w~;kdqN!_o7BDw~7?QbAD`e|JwDXN#e& z(CAODE9Yct)4Xs4-pxh}02={c3{jN=>wc=wFrO-qAe+({qPM{q7>em}oCQO7^5DLm zM9`FtJh*2g58{nPaB)+Xj@E3WKvUcTmnitSxkml4=|&1n#bfj~8YH=sV#6e&50RLV z*o*?joEIcksVWMVfM(7=qZ$01wL;2xNhhcu9${)r%+yTGq@Wb%HG{v&YX<%`6o;EC ziJFLt|LEyseSO7t?4Z~^)H}?zkK~^1h z#dp>BBsp*V$mgNY!TW3p>rQ@b$3=ljGDurex zqKG-BL*kzF6g5jEsta|)4T#cU22Ohk$iw&mT#t4bwhRtO$Rc4trI9=<6FDR=v6JBKY9#35?@JundwL^eq{e#Aluo&vHNYWL$js@4U$eaG0XZ%j0+$js#PyJCaHdc zy~h$ZI*9Hd4IZR^Y2HFAe&97+f4^9P1{X|59OxMF6{BKa;=K}xHL?KRYT31Szu8U9 z!eZ&=^t?p9;xN#;iMaeZF_oz=_o%mI%r)5Gu%Kkx7XqA>2bjH3smdB<{#9N}JKf$v zyGo@+qhcQeo?ezuS3ZZgOap5)8xM=?*#b_&ZaYH<;RtCv2o6|KRJPpc4d-0L25HE%1h#e6ztk<^l=9s_#0UrvY1&@LKECqMaq zpzpW~Y)74`r@3fs?4kMB4|y>v3p=D89B9$EB8_#0Doi^xfO4)t_X`V00}Y~S>*P$P zOx3ZE_xA@9#YF|v2fj#z*$01+5`3rZ4CGF`85rfTWx$>2#!P^oLi1a6#~;Yxs`iD+ z>|44~2lO`8tO_)#GvP_0+~7?N$9Gkm9Nl|j+EC4O*gy_8{PYax!@6Qj!f}meDnu3y zobHYPTFwTd0mgrU$*SuCfn`^NK@7yO#Y?TtEhGC1na!@uri<`7{HZFZy>7;hd0}n4 z;>l`VfyR+IIWdA3!vvz^3fksQM_1LHlP!^NWUUo%3aXQ%8XaRi0+T=iCv&kDROAl~ zAT4e7%{^S0Kd?)>Y2?Zq}hJ276 z(p-Vkq30q62z+vbl#&IlGsr7T_5fESXaaq=U<=U`Bv&38w#GL^zPo^>IJtj(ffI_R#Yz^9*x!b9?9m_4VAjWrH`RYooW4Mcb2O46sD`6pfO#~TfSPFj@{b&O~kAj>CXJEyX?Cd zCn!>(hspE%|G36sgc8%4vNb`7IsI1<0M&JN7xLmbpSmr*P243u0QBguGQu=;p%8xQ zMaTdF@k47YcbTFR6cr;Hb3uwA7fWQ1(klXEl!Psc?v`4kWPy51SHUWQjK$QV;FB4P z=vwA0%EQKV+sWEU9Yz4n?}WEUS!)B9wDfS0PjKL#5ZNg&jC}C|%?%svMOkoIa^AM`1?yMHz0Md*73Ny{N`oH6Jo=v4+nx z4ep_tE$gcu)D7KsiphFL0vnhY-FJs?=BO}=h4A|TyY?=p4|x2dmjjNccdAe@5QseM z$1F&M`n);^HYdd_==r1sU(IlYjVOc|gwUp!WL*r?Z5G{$_*j8h|M*PUNZV`>)kT00 zDzIIV4^G7{ybm7JHcO6aE7&nz0IXoK$H6=tZc_Mi=)ws!fsC5nc2gmvG&{5HKB(Q$ z8MskA8cmIJXAWMj>^nVoLM#tHc5982I(7P1<)u{VOsC4K?Wos@0%vc`xwv%Dsq47ShS&)8|D z7+*Ttlvh6BZe@l*LXRp8TL}||&gu$?O6g!)04a`9Mi#KH(Um3EhdMi&0sJwQY53t~ z-sdRAWN9irP0{E#b+L3>D5w4}q`0~lp*zM#U6 z77<~ptqKN}iI2uz@8I=nQc}pXb_cI-^5rD^Q~qXe!@i|yvMlg4G`>wWtxtTL zW|Jk*yiP{7EDxJJg~kkMmxrsolr4YR4vSsFSr$H!muj*s!iK~A7LdjEN!Gz2&>bHt zC-^SW80Q#ojKPn(>Y?C%(5w!0V+UY%QI7IS2O4))o$N5{+;%8hqr5Y>hwD0}%JL|# z*4F@EK%l=|b^1!e^LxahNT?ocIY&9^JB>C}YAYDE)iJ%APKqel?~T;~4T6=Se*r>P<6 z2z2%Xl|n~>*76N}6vC6L7K49AA`SCJd=>ac_By%rXsfgdF7y(Td0dC2hn+s#@;_Id zNkio9w@AZ%kKJ5dNx+M2>8`Ieu~bNT3$rw$-S)1_>90T|{))Ms>%HLuRzL=p!JeV# zev^u&wFt`ShO8w#uIl){yGoo@L4{C))A}d2sRWCYjt^e&a4hF_H9r)cC*|O9e!a05HVf7W_+r6x z7Qy9^g84nWDko#3td$-R#M2!R@ZZ~BWZ{i2;96}5sBc>Rd$BsN^7**W{i~~|6M)O{ zCq}cF|4$mZko1DepbAk_F0kvyL&H;bctFUPq`+RB_MmH{`9|VQGdDKTK}3QG?DY!U zfEM*1Z0w)KB|F&xMi)_LodViSZjk+zzLZ;+n6UK5MQ{r{^AgP&eDFqjL3D!{Ziv>7_KEineyENJAc2%bDj=b7g>oLAhz;rA zBzfhWk~pAhljL#)en|MV6IcE*jqv6mt5POzQ~(4Ku=1~vayo%~YPBPJUC4&@&my(+ z0UDZhoSp04(Uw7<`lMC*WFa4Tm{rUVqMcvSlzC>yS&@)_qvMKlkL0>?Rn5!4q2cVr zg|W+ldlb-e8pjGnt^-t2LJz-WP$T+;y2nAbN|tAL7}b|rQ6ago;UB|WoIaX-V9V&+ zO1@=x-qj;Hv2xlvG5D06n3RVTE2lCzaHcddH!b^xrnN7a^iIQwe={%eMIkT-Ae^8Q z)}e}RyBgqbKvjFa4?h0&gFpWI!6(0dxZn5eCe{vFPQk-oO2bV*i5p?G zL!-z3;A6bEyL4f9ILE|^ODs@Lfz~X5-M{V7V!U7nI{#y0MseqV+@$jrcdqK(D?_&>;Z=_S_X!~nJw!@I+lyD_u$OWSOClqI*0jC(ULdZYI>A>;&dhRC7o zVsTZCkt(XDlNIV(;K#+GRM~|}ssbv<)9ylu!rZ*fuG%Xh5$kMPEix5)*(zv9guzT? z((sDTJ(=Lb5evP*(dTY3;M)!S9|ow#3H*#F8)}yr)W4CwSX6b(Mm>e;lT`}aSl|r}2y*jfRL#KsxH0ZF8(ZgFu;^7n| zX@d| zx|7!6gSNns#3>5^K0BhJMRDHG97xIj*{|MaNi$le43q>}&N=azgmpn3VV1HqQXbfg z+?rxTmgLXI3G&{ERGTYoEFhFdr`D$q6Ra}wLnfkP5c-*ukKqQ28h|HK)!?yrym>>- zyu$_^h|fLt!9L$ck{7HI_ZsIl$a<04q2bdnT?!z|Mcn=Dp%G)63>g!f0 z&l`yodP$7q_e@loF&&rT>>|w3V9*cxX-dV^R-$Q}`{Ok~WFG{%)1$teH|R*zxVmW6 z_=dS+mutp?5dU+AfFl)CO5Q*>=SGcWRgCxk!|1T|47_{n{Y_7C^=AV$JWkmIx$b(s zM9&D3ZU=8^>j>xI?jaK5i?Syw3@^brjT$kWVk-gOGkvWLeh}cGvjk@6{YW~)d=@Xs zp%)WftriaYGGA5w zv55G-Rx<6~km;pDL3>9JoArU2_3^#q@4wZo_hr^Q_sse(IE+X>ZAqD{09i*BPtEe^ zz3KJO{HDlClT(&A0)=k8O0Sr0UuWE?ku_EzVr}F6_AN%#MscVLxti2P^EP~0UYCpd zzUvTz@w>a7#xUVs_k9%3{rE)FC+TqeN3FZ#J8V)DO{Di5-|ytB4OjED!>m+iCw>(F z>~?|~xeh?IGfRB-=DK*9N5_$ddmiYa8!8xZ;1gEAYSH$&EFx)8{ zpO7Che_bP-c!(4tGtz*2qBIcj5d3HK=(RqGdSAORq~n*d1gx4Je9L3^WG$%#4$mv)pPLHl#ri1}$gP4R!%EQ?j5K2j! zOhYWcbNpE1l4ToSFt2WZr>A1wx_J@t+s*H8FQ~-QvZJ8!!b@pd+tN0oBrovavWhZG zEd|eQC@g51jC(ST#jP?Y;VAD1zmGJ;+nRmgk(ub=5w`-`&nnj*xQcLFHeAFiTEr?^ zMCv@kHLQX)+z$yX7kn!~h??33yVuv*ayyYkO41=>P6-?q%-1OdY-e8mzOFkCNoH3N zn5w*5RPyYLB~H!9n%20r3m&YpI5rBu55QUQ<}|yTHFq1$twU43H2dfuiH0<|`2^w8 z{L_)d+b-ZzgLKbS>@}@SwDSA#`9GN!$)cQ1)HJ6a1f-`|#WLR*k?rd=N}=3v8|8*pzQt#hc@T#ck=6(` zL5WFowo`Vqdf1Hm#<{~WGf_9&&FprqBF=lPrW(RV#xa5z2=Iot#OVYR=MSs!gGJ+L zS|Y6n*~G$Mv4g;>xk;_A;S*Sp`o&d=+1=i845?1KC6lYCicU%>uNvR=I?C+E<qO~txf6|h$}e+*3L=RrG{Nf$cX{$>KVKk-Y8xOTDBv>3|C%Q0zb-&m5&R%sbe2S zFx~r4H38e}8wWiPjQrUKuQ!iW;LSd((#jIB60 zY?w(&jL{H&U^F%`i=j@H2IuVw*ZRL&HNnUx~(#JsfgJp?fcH>!I~%C>M?` z;{BVH5~yoZ9s>W-%TLi;=d9mNxdi$x*Cz$rH=Ox0rzYs;(hrLFUD!u%NfWkF6H);% z+ZZ=<_@NzOImmJosji%I*0%iIDZp}|@aro+ef-NEboV_bxB7U$UU35I$FP=JH3x(U zU)e!rno&4R4nj{sC8UmPAnw~tf@jEh@pqV7$q ze5{TbC_)tHAM65~A-na{vR-7J_d4P+EN}>`!wQT=2Dp6q#rb{b#b1}@9K-Ly66bKo z@sX~knYdgx`oTG*`ng^%eEK{*%yO(dLbp;b1G+{~tBe*1ccmO3`9{2X443lN`g3mc z_eQ`t)2tfO->>1Qkl@j6Eypll=*;9_g}sHI>Chb@akpLt#gVm2bhR>GNs8M8 zgg^n}D06f+EigKN4v)5`on*1_iefF67i39{vE$U)KJDII4X61V-dcn0b$u z!>a)&WX~S4L?(H3#sO8=@=6Vt^`b!;3LiT9oOL7~HJUpw<`h!~FxR|x`L)vGIth4?61I>x@kPcO*lod5QB-9%>GYJ4PIZz`;f z7~0l_j;>gg5obB}t?mZdANFlz$~*U$CeK03Od)+E0hsJ{_DmRRWTB zpUzjAFj*c`y~boIjIkv-EilDp-oO=vNxpdf@=N~=pu^^91bpm*xEyA?6|W(eSj;D@ zq1OM@&jTkl%BP6PB?gy!GGsHHy8}f@o|eE28QTWrnBgY&lr%sh(36DG#%m+qc+J^s zV$Nh`>?Cgvbc+7a8J~T>KdgZs>lrgIALY@Xz#y|$7(hntirCsdjg2UgE$y3eR58cR zgjm-)eq@3t&b(C^JH7c7PF$oBtrx=RQR-b#^BQ--!)Nucrfy$Cr$>XB$z<{>Vm$&O z2@lV(N5R+N13YyYFP;K7W60v1h9+qeP6mT2P}Di}CP#YKlN8ldo{(fl-2mam;fpYPbB+DGY|~q( zEXSp0%d%$>pOQ=EJ^6~)Bwybrp{i?^{#gw6GpBU;;L-|$4_ol_DD zDsVy-q=tL+s-h-pkWI=X_fJOA)e>(`tU5Pr65b;uqqhesLQof8&gNtWcy0(1U+*izER&@;nKhlzuxf-<*^y z>?3Fp)DF&}#^;t|pKuN$xCnF^X7duGOyURVswft9RxCzC-79MR?A0sU9XRP3r8wxq zy};Or7nACSf2jt#+s*EL2#SylCm{!(HVg~*4rZYw{WG|u^Vh2xCQd?rr>cn}c_dl6i zYCTrBU-VGIEpo(O9^maDSJ8(15r9@8T-Nt$Lm~1YO9BBxzjSCok#NndqWsXSY`&aM znewvCW6MdnE)bhykV>oiWunR)siRhuMr2ag18o+qP)P>wpf}%-mg(OBOysuTo;ogRZ*80d&XDwQedsG~aru91A#+^}G5IN#y zZP6{b{}R}{mOag4`LLOzC*ATC(dGa>J6zMr+WWP^EfVx>$=z3l1s)We=5GMUId`F5 zm&^iri-qLEgT-6{a2f79 z)~A2LMCw5oCiRPc+cz3}{_=e|mG9rlR4_Aq%S`0czJs%M;O(?+vTXyMv;$%SXa~vs z7U%;E$C7nJL$<^0WmyA8QbAfnK|Jglg!GLZ@Qcrw0{*!uD4ZU}QpzTn-$VmHWjB~q zW$E&=5z65#o=#8i1@+@M&s{EXu?HA^`xCKu+D*wN{p`T%M$D>mVy1{;0et4X`4{CSvKNFLDva-jJ5U(!jP2gue^N`evlDiw-w?SnYsArd z#keG8fF&Aaogo>8!OZ_MrXrD48b6Ys%i>mYCF65NNtW}yw(5v|+z~d}YpNjkBh91NTa#^|!P`U! zYG`e;8w_PiR&Ka1rwlRKur84p3YV>UWX#m~nB-G*cEo){C)hg0@eg{1DAFbnS_o^k{eqxY%B(to<@=tKpFg zOTE#>+ub!6ukF@76i#`+)1Zp`d_nJd-tE&xVz6-1A#NOkD07q#0MR3#N75;w`4U=1 z^oci=F|j4L!e_c2%F_b2qh<=rnyjlua*oFG*aEP5J{OT6BDH+MVQ*F42t%O=8EZIO zseVRz$C$$=+tjHu-4>ZLA;4Ha#CGAkswUbXWq6{KptWa*?~?HQmXQ0F0LSq0+i@fJ zqp;^fXz(J|fZu&K{FV^dw#Ie>6JnXB^mIe!9a>w3uxK8;q&Y;>I-1%Y#owHrnX_uK zDy@5uK>AUQ)^9ij>B%HNz4JaixFIbELA1eYR#X?6qvg9mzQH{a=amE{FE*5>L{%2# z8S;oCjw>qfo^_2Gr8Pfxr=eLvnl4Qqn;}hb*hsvg+wDNY*mh}_t7$$#-tv+|6}Ked z8l)cVJY2S$@PMROk8;GslAn8p{`k+>3dT<(;2MAZ)qW5uKJhBlnGnw*frP#LM!vnx z&j@S3vvxGoN^Qcbxv|~JcG-9fCR5f|%uZWqB^CiEgORK4dMJ&s^XjnHJBs<`Vkiq!y;edq_m-YmB;e^L!@ZB!K|dN zk`%Z&Zj3q`Zf&wqaj0=%^p~@gS)h?sM%Ju>QYd=*5(=aCBud`2b4K&*d$V!+9jF+4 z{o&Q(deXCB1gwzj)njww%R8Hf=k{uD^(}XC+#DI-oCS4C#@jetE`uv!uZ5W7=>`4h z9v9b7j`!eyy2>%~K^52C#6*=>=WhKBEMSo+`KSE$YnS`XWmx&;jwpBkQ8TUpkRRf; zvS`e<>t zld7E;Y-mH)yKJg~mc%6T{<-j~8I-*UnWsu&tT(EzXOjZcR%XwjduDJ-bmk$4;3{)H zpd~PGxh6BRw!%s#HZa{?lpKIw3%E$ey%6SfT~5*B9wiYtGhAI!FGNnt!d)^rWr;28 zP>{eS@b{Di^gGPYjb(cXgDhRiEo~EE8miPnz#ULJM2>Q48)!*-cFJC*BB<#q&gup^&jzT8 z0*=h%NRthfmONAU=5Ua^AnBQ>%QbnqqMUwf;*P+y9cCAZ8r7ElQ8UGKV4NO)=d(MF zq!)0$fWK=vE})W6&p6~Z>dX%%!vyqM3@?Xp)r;F1+-i96K1SDa^q%kT z!AXxRG!KLyKB57tcZ(5al_V3WJD%I?ub+RdHd1~@{Owb?@W^xUQw_a+$tdVw-}~d^ z5B85}q6AWADe4XnwZ%eUm+BehAxXb^j6lhMaob#>Gj3i~mzT(1seHf|c~kMnn3haC zUx@U(X6JYnhC@qq!E~7_-y?0qUFXSh4afiFJ=QSX9q-Xk%uRW`2lZ(kfm9tkG6^@_ zqR?hr9BH9I5sBFnDC&B4PQcH6*K(>9fUc>e%7a~vQe;`-pEMt;P<|2;At*7Ricmq@n4ij=3I%hJ~ zTD(B!_Dw!XFbz1&&dwq`wkBOph`J!(Lt}R#QrLwTQ(f164%l{=m{&FH1!mXVaO>GLaX=%@lC&b`~UXgzmNa$2l^NOi~s%L!;e4y z-NC^hK0f&H!-J0>L;1nSA3Xl(ciH~${sI3j@wl?=H}?}S?!U-?$J@`pe)jtNZ$8WL zkh5>T`_q>%o@Jfgy}dtw@N94I`RnJ|U(gphI~eX~uQ9Y($qpWSd!K#P$vP59>E`BU zc=N%qnqTg{{&w#c`#QkJ^5^ctv>c8X4=qW(Pj>E95pvugn4>@_f;aP^M&_!Cwl zo1A$uIq9&g7CK~gghUt)_k@(<%YnLqPKGZK3vJxJ^14{G*&+R2^bJ=a{CxQ_Sbp9REOSX}+MkI=AKBA96CtQ>h`zKaCJHmNJ3pzo`D`^b_U(X}> z=a|>yj9zwj%6=9$KcyO{<=I&zTBJVjaILo9)29R)C-{vAfDiww@}HBZ9rM@&H#LJZr5vCt^dk;dKZM*forX@AmPbgYm-YCZ z@ZOowVjNlQZ0GQYy&v?~{_ZEcKc4OUFtoo9|K(qQc>2TM@Z@Y~&y0BOhf*2%^$-yk zd^vK0U`iF6ol>q?nnhhL=c9rZIIzjcRpn!3>G(5;kQ@I9XNi;q5Opi%5;N`gPX3U8 z8LmBX!RTb`6*9R<9tsQ-eRF{VJW=pW(I2C&DB-@V1B>lzkM7|EwVpls6pgZoxq}`vbCo7|aYP3!*Kl~eH=|K` zH0To^pC`Zjum0b9`cLCc?;;JJ!$q6dZ$S(qJ@nCsAGXnd2OsVqg!JFz$N2fb>A(N` z>A&A+_}_1(0-r!PLbhRdO2ceGHMLhy6G&7)P4Y!#-8vF*PdeJuISUG+LKF(|U*&YR zR7#8uyE~{KLiYKjwE2W->arYx9@uYQw3G7 zvv0{}tYrvWXY+9uH&t^SavNAb3|7HWSbpX+yeGjtd|o>)$2;Sdae?_CNe!Kj!~G`ryO=#{d7# z|Gz{2A9Fn!#4h+{W z$En}?Xm-nFw~)R#)IU_(pu4avhrl-d(tXiIRbIn}F6(TzoV+Qg`FsF>&Ea=}o|(n6 ztgowaR$kAF`MAXK{7?W?=D>o#sV2+CEQg7Hw;+WUG$^5;{1O;a6u=B{9`IPz*%HRiIm*?W za*-FD6(ApGuP{>n0+`ijuuN;?yF@@)+{wZ-$j9u)2eY< z4bW2wP89`611Mi!mN2(`z%2b3HXS!(kWKIy{0e~AFQJRFmTk_aXdsgn0OEt}ygY~g zps7q2UGo5&l(iPj=Eb6f?=<3sJDHAPrqFYp&&mRAr}NPgn^4B2H?R-o`Emkn$|mMX9)j?E1DM5d_fh> zhA>c%OGI?=dx}wna8q&Sivk1q(H0VX4YTJ<+8~_pK*xm{DcHbug>CpNW*MRh@FjXv zzA5JOTvtG_jv90f&H)EEuk@ajV*>4A_W2UviPjGX1^v7MT)7na2wzfjl~4kP;0>LR z;6g4KGHB=hO}s7%TIKK&it%R-OB`nZ;m?{+O;$F@=su6C`3xma02PxZeHNf{rw#x? z7eXfvCqV}YS5+2xQOsq7^|lSO|GnhvLi+*pL#SbF;K6rXUc!#lcpSJ7ut5q}FY{sq z=UF@C1e31oJfjeaILRxx5p%eb4zC3G2R0_xL%>_viYny7)2CeUpw^J_! zV_W&k0LVb*_Dk@K0~L4wv&(t@rX1&TZF!shHY)y>>yPbV@N!z_1MZ6_H>$3$Q4_(> z+d#1_0;p7noyJ#cna!`NDLTgC1I#zmLMl!gHX1wDbE4xH2$mYMbna3QXr~m9 z>cb$|5d8;S5p>KuC~tiDxGr^i4j1rq>oB4|BE#(Mi5r6@XIDAKx6k$FSfq`}gmJ(? z@k{QX8vgR!7+-WnO$PKFGK51DQVjM=z=c2&er6d3kidX;#st`v2H__ZZ2p^gfKM$g;WuAp&eib}T5ji_}it>FTQP z8Ins@Pfu$&4{}yB9Ev?$?y9?nx?Od<`*N!57VB0`PcOSyiX_Jm*#9WrDDXmolsJZv zKV-=3B!Cr1aRS(~EXjZsDOfv7WF)rWwPYs-sDr~2M= z&-;Amd;UIp{kiN(ax^a-ov~aFHZ7NFLT47}3QfPG_3mbH=MXt8+zwUTqg+?OU*fUy z*+f|;oB;n#z@ZAg7aBl)+&^n(XLmh71_pEXb`KWx)nf#KImbAp2e+JlQzQn*7`C&YKs0PV!<7fhN!v zRYZqa2!inOmbWkrwArIfq1?jE-StP*j`_rYH4QtTjQ;N^f1GwEzphXI^~i_w;|i8~^*0Z@u~Yw>17OP=kNV-8XK%{oHe(x@>;m{pN2n|NT>|k8|_S zADP|${A@elpB)8(7b%`H`8m+J@*Y;cW>Qz`1J4o=HL5kpM97- z_wWAw;t&2uf9%&k`^`W68ro-r+@k7t=`IXUg|NIxe^xN0}@%|tE+V}qIt6%@ozxVv3tuJr> z+&}r|KQOuX_rLcS|H;97U%K?L_}W)TKmWB){f$xgXMXIje*2gHxBvB5{?4!c=G`a% z&B><*Z~fh`{>X0)^E>_TSsniEU;Fx}zWhHl{>NYV)jxjoo$vT_-~V%e;m7`sxBld> z{pQ=h`bTy*H-F)$Uj4QoZ(jP!4;}o2?$7_BU-?JB`PH54KmK=i{_C&)fq(XwUU>Vv z{*%vs<=_A8PmW*t*MEHPzyI!^{H2ZG|Koe#_P4J7r+@L!{EM%A!`FXhdnt(Qx`&40q*=0Bz1{E_}$U)it!?6VvQS+2T`|fBHxJKiB)AfAJrGefYP2>G%EQ&rN^!{?@f0z5GxA z`EL!2U;6!j_^Tg&?SKAjpZTpn@!scu?mzr1-|~%refBf&{?woU)j$5;xBnk+{!jZq zJN)IZ{e!>$H%343{eSVl{F(o=^)p}otDFD#fBW0t_Wirx@t3-|h`)034d4Gaf94&ns)|YwhT>`QbQvJ1w$<^AdR)9v3opevZ;ZL|0s<&T@lb_Tksu?%nZVG#?uF zay$Ft7e|noQ+-w7v-b<>XsMSEO&@OM@8{7S$PbIka125)qCryXX*+st`&Qeg7`>;u ziDSgDgKZ;Z-bweO^{dg9E4`~%doR9%ZAGiF%OR{mr3__P!nO)82YW-K+l_AF-=I3k z2WIXDrsLqOL~GOlCq-T^?M+8s=)g^buTJ`O#^wtQ&P?TteD8fz3LW||<^AY{^MOFd zh;fEm6PrTeQaV0_#INYeC%6^qG1t}EA9vuB%BD9UV6TB;G53=RW-gE}sDJ`^d_2u& zX=CX*9gaL58AxR*bT8%y>hTfIEtR&GRQI~dVw6iw58BdS0QuweD%`HV;IOjZ!7lFz&m-Y~Kc zdZmfiCc-X*S1MXx3D2Q`19SJ5{DmL3_HxsEGZTczcT8!ajz7BcEE#=!Cn9p}YwQ)~lwQGtOx{FcPWRh6Kx>&CINf^BKN} zs&}`$ZV@SErK#)a2&!|Hn2+Eo_NBF3obJxo)^4oDE2sL87rF;_BN0|STzf_|MSE6q zU@8Gez)|`zIl!8(wRVqJ;@#r%Zg=Z?YpZu{x4XN3J>Ie-{O&Xbhey-1>5T(~l%;V( zFCp5Q{2u9?uvM|KG`FQUqjB;iJ4ir>XPR4n#~9PUavGE11Y>4+!5DAYqwDufZQ;7nM4IatMh*mt;othJ1#% z9^9w8xq^FH0R!9V^Ee**Z3}XEW66AY6X?Wvb`N9bx%@VGpeOzbLLXyDx(t&0VLmil zewJ_3RBuKPkeIo!u#UWILr&}B!SVPlOpS&~OiG3Q66O;?iHSICj4B6@&D#R*o{HD_ zyxmx0Siy=C{AQ!ku!Pf;;@`FynSg^t(X~_^E&<#mXs|nK1FR4PfDYItHzMqS=!I6Z z3FsOv%p}$Z`td@`Aw4$4_ATv*&0A$(wyx~DRl>B5Kr1lsEl}53Tty63L$t*LAsE_<3T70u4+O^VDPp)Zp`Io} zi273;_FJg8?JW($L#*8hV9|1ngv1suK1gq>HT9SNGun?o3@X!<&cl^rj*YnvhG~MB zSxAypbrGdGzI$t{fsQ9Y7&jw(TXf*4tGOcEJ=ANswQT=rX~H^lAd+)<8eB@B{w=C`f!n+T}mFR0Q12W2$zG*8(0GpMDWFYdFG$l zrNWiM`$Xqj19JxFYZp9Z_^NoEO_)FzGmFh`I_>VFnl<1-LunTnfRC7{WW`&fBpVaS zYbny9;t13R-Eo`P>n1iqv)Y$1gC)oO0k&ud!YL}q6oI3-4qI@}y5`SsncZK)nrP1U z=Gka?hryX!rb@db`fX|;>f4|O-FRyXkq{8Dg263Y&~Qgkp21saoC3mV3$b3z9?`Gk z4kE$A`$FO+=pPSipJ(hSogSnujw04e>b~%{d()hlX51(b8EBp+JO`;@X}@*?NVPQd zEB#=*;Ad_FI1+>WF|gCei05?oHg3-ckh53N>I}DaRJafKPB1pg?EhkBZg|Y zXseS^4olaaQV@&df(b>aJS}$Bq1gxEy>y&GFwQYFj-m{5NPMh@88G=6w9M?cC-!hn zRYce$=}?_rPnAfa<}N5xeD7i_QFy7So*(uzWWN2mgk>N>S=n`hMnkhT4 zi+izf1nR4bZB@K>Vu;b3X2r`ZbiqAd8gFW@7~o4folaaoY)76uqy?~p<#t=Dq}xq# z#dfOcf!sO#xy`7PbIkY++1VH5F9P~nE8pkp27pk(Y+<-`E7ca0E~{Q>ylI^h`uy< zGvr?Ig;jgGyMfxghKTUAp)qr`c^L1QhkZtb-@#&iZsCi{{2Ee$H4C*Wu$S@pca-G+e2YqnccbvVP%x91gk*VeNOTefxV7SI%ZKJ{#tK# z>0KM^@o58ZEezRaG8Pu65ihZ}N>{u;c1Pw0Cp!e3^vrO#5c1lvTNi*>(CFQg*k?@H z2bP2f_jSHKxt{$Kgr6!2U1ol!)NE09WY#S+vJeI58$pYRv(-7vQMO%BeDTz*7G5h} zm9U(E05Are2bZmRqC} zu*E7yu+AgcU>Ge?o^e&IgiN^-puFbuE3nJFj*6aREd4>W6Q>Y$DVtiHnGm*u8(myE zD3FMnv;?F{E=yumQn)5NKpYTvk(XV}q%(w_Gp*tM2$m{qo3t88?v2d{vuV$>Z9%jS ztE(9|g-|yULEH$qO}4V)?!X7oAgGP$1_!GhoY}6kRAWH5)kn8-3*GD%%v9fx0remG zb$#dIC@JGvq1kWh7b})z<5_{<>^!?icBmAq265MI$_MV9sMI7U+ZZ^SRYvd~<@vnU^f4GZF+o~GzactOF^Mh4lz3NuC4Bd=+xOc6l z`%ReK2vgPN)67hT89dDeuwrCrJxq^SU*@f%qkW9{h;zeVwRu6@a^6C`s=X=a0jb!O zK9hsrdpZj@X{C-3X|tN#GqO7I0aZNqQ9dNohHPKC^_Yg8g#^B3S{&y$^D$(i_vBpM z2-G8SUN9Yb?*%8Gs1i$_cLbE9U)8D;dry-&U-(pFQO)JCmm=T2g?TOEG69`EBAA1) z3VE`N4%qwOW{z2#hMAxeEp-gAwg{J412n*!+q#$oJT{n&)R&l!TcxW8>c-Z|S_azH zM%F+y02*csG%^VU5s0VA-P_RtAOb-+&TIzYKW4jr(U7=&UKl|R5-HB2=U;m9#jA10 znyHpO+g_-8R5;v`)}*z;|3~TeXy;hA+#j^a2}{8cH*qbj){=ybDO>^CAdd$8wzA7N zoNXxJ>^(ux5M=ToII^id_s4C9KEp@HhnblqL)y_+ZEM@Xi=wZ{&O-4dq?rY4g+Ppe z9@vraygDxe%wgb7;X}g2Hy8a0joWiUpSaZ`ZBGCZc z_*MWc?QJ*hgb0x~8;gJkJ5Ki=LzE{t+KnLa zi&dKx4I6qo}tHy5xYuG zD4fZj)?8#^ct}!~Ib%$E4LfGOXwy+XHsd!_4Hzj9i2qoT=!$;8hs}0CEo{41pJ0d; zjSsT7j$qMA5A9uRZoH_mz^2r6rDG(EMlgnZk~1Q3*SW}1aBH2$VA1tN^ z*q;Knp+B>(rB*W^WB&n-FCCagIY=vJ^%I;;)wbca#}!kltUNS{upjYOiEuEI--%c{ z^nD~RJ8(2gaas`}Q3!)3&nQ>r=6F28bSVlv0y2KG{ms4SPGhrT^WW4|&1_wB-VubE zD4f5hVUFZszD=2;At9eMBNRv z$;@K4p1<us>zK&c4zu7=Nxvz&2IgWvR;^fru2ON< z)fEGs1Y5%%YB1OhjrH@K8wKp=x6!DL=MS-1tq&;d$;lKV8V9L3{%J4W345@0Dj6(T zDR9W5bz&!1X3QD-6-3Dha$nC6z?;V$y>v9PycZ0_2n!YSvaIKY#?@~^S@Xy_f$`r8 z?L4?%_$+Dnt~br0&5y^G!;Fr2G9QTGi2Z~%RB@;u1aaTV&vqVRV{KuwyDuoNYt|_A zO|$&+*Mt3LeE!Hx?J^P!E{Cwju{r8fK;n#0jX64LBgSeD4piWWK528F&wU5N0&pG2 zV<4M`{RVz6sMNgd0KbBS>v4+m0m;|q4-~Iye{#>b!|-l1%y?EcClSse6p!6WxD7Vf zMJE7KK&`)lIv_~Fsuy*0CT9})BvCm6bg-`fs5lUv2j*`#f7`;7#0cqtB=4u(LxF6}McFJ#j|p0Odk=HZ?TW_fw|Zgz~Yr47nR5gu0AEREGWs z*p!up!K+#Nx?%T^KHV^bhG)Y}nNZ9+^+zybDt|9O$Oe!#-pmYaFwEM(RO#Ywbk2c?(Xh(_x8urS^sptv$pzbvbuj` z^-ll87tdnI)7|_oI$7?!=FTJdXuLb^Uv8elx}M^KpTeA;u5RrPS4_pbo!#N(cng|H zZ})drc31oGCf>qI`(dS~+@sUpX*-5bi_5z^@d_4f#?F%v1qhURB^T8g0g!R3BHSiZ zI(}-Q`4-0_hB~M}JNO0JE0#*n?G{7R#Zn8*uT~M*$lTIkd4ve?##_#|8g3 z(_x+U-3Eyj1A2E{Oeg`EVYAF-0RP?q(32#3Jxh*`lIh?u@3A+^ z4~j`X!vLNuYipnBuD#NwF0K{>LycBb7#OOWSIs$E9p*=fQ)rVgfos}%4oyuc)r?s~ zUdMp7Nd-xBw^`>d*<{Qz=0oYP4y*o4$YvXjP-tZ?sY3;BtE*D#qFm@V!RxRU_Tr(b zA6*q?#h4S+u1V4*_5m~Hd?6czES(Bnd-$ogkvYkxruir2&1%?}mm@%qZ>V%|$uwhW z7B(9ydx0wuc?LMX&#b*l`W9FPKM6bU)HW_-2ahJTO~b;coc@WXgI6aw6vGsjxmU7# zDLXtLNc35h4`73P4?45_9Ww#bn`Rg-;t9v4$I7UMHs|^rre*6k@low+E4SR4tfRs0 zXiYfurPyz9Qx)bKHgA+&z`N4R<_W4pd3~tH=>gR#`!Uef6Ax&WLZo*UOCsArsgUSe z?eJ_KRplRQ$UySg^Qb*5ZRIK}#>F~-Dy)yxzIdpRYkM*R;l02$E65y3s^NlhY{n5Y z_psIhh5wjyYPm3PN@SocN z)3)EcbIMNq{M__nr>~C{xWbgJV&D)c0ihD>*YYImSjmQ$XwEOGkIjguiLkQPZcP$o zhM`*%HiHeONpVP;9S|y9CiSSbof=B{{MEIquf}$dVvnu6GC9?WdcJH z8}P2>eTfXW^cRh%)S!|VowgZ$&1iF>_ZU@CanDtFnt5e|4W|5|vTB8Xe9Unyf zl&~*fMDX6VwDUy6lY@wwYiqol>^cLjY8{QNIQgD)zqr*@j&*h2I+Vcdcz#fD$zsC5 z+$yl8m-x>52)s|0f>J;deArR9PLrHmtw!06e1!hLs{Dqj)C|}B<3>t;JxsCf2Ro)@ z-;OPyt75p|qVM->On-GX!{7eA>5)UGt~>=S+8@XX7U&I>E#NTu*XQ z!mt}1(ib%T7s(TG5S2&_$a4t#9ai3?5lRRUP-=UyaHnDCF0|8@q1!Nt%Qkf`eT}=1 zJc!iJV~;Rb;`}p5?9w?Tc=6Q2_vNYOn`iM1BQ!On!vQcg@cm;Q8_qO)zhzTS%x)w( zy1808---n?upe`xBT~ zGB-p_eEprfw<64_1EMk@Q<4_ZZ2WmP>_zMF!DO004SXvBU(P%vm;DEts}V-ib3j76 zamCw#OkS{>%3#MORka~iW8zNGbm`vga0Se}aBYq>(Clgx3l*vM=i!%ebrpe+ucMMC+VtUCw4 zN9`maMNqaUR%*#mf&p}}4Oo-#m+7i1;dlo4b7jTrZqAd2);f5 zb5WkmLAf_ijKp{^KXwwM4(0~zffiX%)TZ;kdr`Hon}HvJFz@kZl}fn5v}J^)pJ8%4vQ61JVQ&ZVJMLqU;>E(>VA z^w6|OGNxuwg^m%E>*2?gxm;l*sRHJ^`O>r;?U{`2hPj8l(5E6Q4)ghF7)^3>rAK1- zHKe6T8!r6J#hmEyYw(Bwzs~tY*%n2@_JiQq5ZSnhCqZbRF4I@#9RYOh<9ZU5d?&y$ z>|$p8^ZWWc=m7PMo+3_fn)+t?3-}1|4OQi3;&#_V&vng#6$?S|$Jxy=C*{@5`2`q1LIfHxIHb|7|* z^TrAn!+dGy6}0Yz5!P~n0d{s#X$t1n^&iVhepeNjdHCb@eqWZCa@QmAMnAIL(F!0_XBG%BopMcW>s?vE7!Bb!D>?k2` z)%){VCXaelY*CU+@f}Aym@Q`OSI;`xS$kGjgeq?x} zt-xp3C>adWqOfw(NxnkO>8-cjyOUT$SVaFcJ?$JBW{r+*e`(lknNc+6uvXO zSdXnId}#H34AcmX#zZy3USdag9`|)8S#=m#gz*cUbH9J+B`@7;_@Yu-3jp?bJGCw} zMivLb($!?cZ`7rk`xSNt{Ar|OoJKGgz~AQIvaEphi4ixD6l+DoeGzkavOcdMwy;Ir zQ}H=eB7^w~K0)!MCo50ut^5&cCi8WkOyI5ETykNXg5EW@W*h5iDM!l`Mz@VmBb4+rL~iOx?6DA(0?quNVdV@(y})RxR=xsg?}0a9i%USg}% zUvy@qr|4=;pdNPNJlURh1Wmris>Y5WF0&3FHRkSFj8#rXuOxQbb-?Qsz zF12ie4iZDx_82+{gGCg?y%T|YfcD{lzA5jAy;9@wzR7-r-K1I51q)q92bp>IVD$Uh zNCFJaR%S#H&}TsW`$75?J!$jlV>1?XDo>(!)4lHoA+jg{{T>`YpMPon#h1*NLNTK5 zqcuY{UT||qbW1v7=Zt~AXw8uHP$$6?G3Y0jxr0TN%Ya!rd`Y4MR`^;Lxy~e zbH2Z`5Kk*i*I|tzCKo{d?rtxCi|8Fr(rmcm8iM7zR_ggp3sRLIHDRK8hqvZ&@^hIv54bkFdTH; zf-PFm-2r?(vW8qURx(Q%Tu_av>yM-%#A2AIg>ndIZS_8=TM0;zX#UI+d_0@TN6=L4 zz&!MQ>9WFa%IfKO7kFPgQ5aGTD))apHa6}TQoz&404PM;h^{M2AVW%L2w+DKdblb} z+6cSsT$6RcLbIX2hUEcyJJ^LCEZNnrae(3(!(*n@N=7(g?kCmZB0(_-?Z7P0O(hcH zgO>AGfP+CB0bROC(+3MnVAW43P>TywxR!?kTiD%zTOd{%AQ`+qeQNB~U#(|S{l$M7 zrC@`H7GU_f;kyq-2XFxypo*FI`0lCUIP**Be8YdhVqc=$DjhOoo(?r%E`WmN#s#R- zLK{K{EIgr4L_EgU9&x!p_~20}F83iq&75Kov$5?<5i;W)M>t_QY9JCze}l_9vD(}y z_v=n}0CXpx&m{2X-K#gvR(Z-%PegSfYt+*TUMu*OACZZn0LYR^gwt_~N|RxZ+e(Je z3KXX>=NDURCDvhLR+fzD$s`$qbb%?)%{Ew{JSC@2ual)k@)W~znK}RrD9;SmsvIZid`|Nz0okZW8oXm>! zNkgeO0VCn@ak_T}^_qrfL5+Xc#zu6_0j0ZQ70>-D4{H@J3bW>`Y_(V|#@YTp_{`Hu zz{1-SE#w<0;MJS#wi)p%()=u3L@4UMC4SA^r1p_1Abu`|Zn@OL#lZ z_l~mJYx6x2JweasO|{|s@ICJO(!mGSef^iL+Lt{vr3?zuk=c)g_YWc@>ua1&2KOIn zBoez5&&V6zfn!e!QUWy1@ox4Y-}uq!j`?XgvF5J*)+`dp(er%qP@r!)K56v%mXheFn zl$odI=Uw;-j}1SAzAH`h<9;%MM;H~jmrsXa%536aui;-!fDOQ1ZEyT0&4kr7wWB$i z(bw9{(%hn`kq;{o2N2k{hoJxvI>W3m|EsVF_w&&xKc;kotVEz-n)w*{6U4?%pAJ$6 z)mSrq`PHan0b#j-8=C z_%E5|aikyrBtMy(@Y6ZiEt~Hl^phxsgR2ui7~t%1A5{6e)r2kG%#S7n`^NqscW+q> ztL1K8^FrouBr7Yh4L#JpC%JiZ0A|vJMFi0C(g^2cLpU(=aw;J06e~{O9w&&esuVGX z6Ym7hg>KNkd0{D-RdCT8TC~xdJj2)zmK{R45t5z(90}U+f^is)R(*V4qkcmlI=`Em z-iU9SfYbo%Jk5p{4>AD|Kbl39vFb2*Z1h@b`EA1r=0qYtJiNBL&9xPktLW)nN(YnJ zk6X3J^IxHZS-pgJ0Sm}(W||I=lu2y`>4yh1mAr$`n2|VPH9ROv&-u+Zs*pV1rpi&H z>T0E4b8S}SEG?dc(!m~IdSacp@H(Dx9c>wc-&t&=QAV6s(Vs2bqyh@DCS}cCFLnBMOZ8psBHi}O%&|{OB;AIl-&YxcT#68w`c3Bdf5sq4bWk3vOC4- zL{B-MXgk~7M{nCPHqlwEQ;VqEKfEfP8Mq?+)mm>Y0l{lUgQZu(f(&sf1w6e>Jr^5? zeauBb?=1N{mfCTF$0FvR$!VS>(-|;~rT_x_86luUavZ(^Z?nzF{@h}SRr>(ITivDW zRJ_!-`D=U6}NZw2$$cr=U`;E z89N{vrua4JZx6&vVm_lhFQD<+7c5>v#D=7E`Q!P-_O~Jc{sW0>@_d*-sKAu-f`S+H zyIsb5=TA$a(I0StfsTN7Yy5$5BRuTtWf8mpnr}VbmM@@5vmM4i{VKrU0u$z#H=W`z z+n<#{f%l(sJ!W>fL<J+$d6Sgr$QiaLACh+?>ym@}@?jnT@503#F-OT(5_7#AZ<6 zq}+@S3-kJm${&Ql=L&pVw~WQ}&}Ws!Q|FaWy_=7ze|ix50u%%>n%i1(KuxyX3WSuP z{vIstgzBRyn4U0}<%%c+A^7G!$ro(w!EK|b{#;Sa-&B@*%L(?uFUnNQce`7(Ux|w8 z;i@~wUo>+g;736BmuvQ1xEQK_9pxkVz!hguoxY1w<=V#1bePI(n6oqA-xuC+GMXP` zV<3AsN8o?_MmpM0r$w8@s7X3K%8J5b9I;w+&lDXN*}*s&QQ}Zk>2xNC6F?w%wY&Bi z$&G9HvE-x+V;uR>g0l=X5t_q+7575r5f6C!m?qW=q=d zNKabYACu-F!(1HuG%u{Bj^nb#qNEI`+*6Jv!Tm!BzpUwogF(ZRKzEXNB0eEZ=*w}5 zBC>c9iJs?aNHlgbQ5pEUn~K#`JZ{H!RiO?9FE&+tW;wH)H(qp_M7xb&#R@!z`JUZm za^V+{>|Smn1~d@^m--aiI0Wa2_vfB8I%vPU z=S)y(D$bT7CUNZ%YSo`1hm=7VZyO(eQpZPk!kr>%vGx%8ow(R}P;*m5SW4eFo6mN1 zX8FOvsOIRj$*JOV7Q6|eLmeL{8`A9R;`cMK!pK9z{3i zSPwrup67D>fmjkod4sPRb`D|^vnSaQujzvTrlscOiC>9s^IFq^j9{MbAG zGz*m%tV7DK+~P$UF&iLgkrhO+0r%BGX5?_wQ>?v6CyWUxDR*2?dEacY_f8M9H}69} zYhE<(1W3Zu{T(j96*Yx-!E{xM^fse@#n)#g4Y*q(r7UJln92+vnh~s^U69aY2JSoV zUAE6DtEx4E&G+83W#4FFL z9pFX_`Hyq%X?=mN^_6=kp81BM%Av;@&(SQv7Ns9@7Z)qX0V(0gmeYC^;AGk8Y0*gB~x}vl#Lx7=e2#&&! zT=EwDOcMUcTlDs$0Xf2qRj*QTlS=`TQ|27Z{mqRl-h?{m^TdH`f=alH*roZz0=9@{ z()!7BKN|si0tW#4yv6N7&dum3c^W*1>|s5r!#gFWtk0#<)UwmQN;8vLOR7K+;~P8g zn*GrcFt}+3ysgFIg1(jF0tds_6}^mMd$n9fZQf6W;f%Y=rrJYvma$A$;mI)YTni<< z1P&&~%eqYH)uUOqN`V7~KzF;eoqA)jZeE*e9N#9D>K2RegjDCG&c@)!3djc#vmu?p zjDa=?0{!|j$iONQBj{)@XVe`krHT@l6FxCozF!)Bsp$`|`9G(^juPQe+;mK0RJ>a1gJZPisAE1sUf@(#@n08<-z zF;r}_GqR03N-T7*%`rwEy|krFCAKK0XhApRVYZJs+Em4z5YFg{aQXp88jfRS(=iQ= zrRq$q2#p6oyrun2Mp@d=o}x|szTNtcU1nvTB3dJJqYK1aRgP(QBQe`kzL6|$WZ{}~ z<~`^s-^7L(v;f4GB6TqgrCY#1VyMCSZZJ-EZtJ-><9d6`Zk} zW})Ba-+=M+j8wj|_s+P-Oy5WaD*=Bfe}M0+`wRFB_ZRtk$Y1EIu0Bj59gF*$oXM42 zC4_^A3TN$D=|zxBOfKC#n9JERNRZ3{gLmMp00=53UW5Dtz5!g&82s?t>c_7H;%%9F z5n30=;R}GOQcm9)R~q1ufW|xUL0<*wTY@;wXHSnt!u|y02|}3df&Bdad$;m|@SKuh z<=w*+NCM_{n8IyL=68UOV^e(0_86gCz6YOJlNq_(hNO1)v!~WO5aQHGI^ga)Z#s0J zwk~_7!(&v4>Lh=;WvrYFuyP6D@SYaH+%oDLno;7$`O08&EiO{MJ2=u<7+tdg(`3e; zrgUfUi_J)xahR%&l}-md90>2|C@WUYwUJQqQ8BDgwFm;OO+9{ zGeV7}U>dZ1N<3)M#;CXFU;512y5iEgff5FaYFr_qg#D-jOlE%w@a4`1U?FR>$%^h$ z>p}MSjb=B+I8U=pGt5`U z`X}ceus@n-Lk@Pr)ESVY06YU;>8`DJ*Iw;1Szl#Rk7)@|zXpFugvctf8W;+->Vky3 zjjC-Wp(MVbpXlik0#cqf{rQG3efc#2?6Q8KRU5oL{r9Zt5Ha3b&1*KkxqF<2{G7u9 z27BA;(wc2#$w$zX)mIzGOAD*`=8zr}pn*q7wAVWzM=T&Hq+AjFf`^n!p$TfV@|n}S z+WREzqHck5ls#eG5ZYoA$j{>WZjnlsU__&$}5 zhT2_#Y!pnJ4}0OypU~kgOLVvMqsps4v1JG7$;|*G($#~Cu3oW@sC8u&TkvK+US*Vu zncu!uHKA~AxhYHvBU`KCpAap_JMCi+-|6TVyqRqNozaO}@u<`3M1_Vw5fBfIl7U8$ zt+G)9C4>~rje2Yt8v&2(AOeUKLKRfW{eLyD@^yXojm@|_w#yaZCW>@q? zHJY>sd+*;Jx7{DkcFL35IrOu^s?SWl{Bpy+ncAmVrlU%nHEI(YThs*fpmi8>g!p2k z?W{yBokJvKuV+(1O|At;zB|rlK`abyN6J@c`qglDl3NwA0}_N|9hb+sD~piqb5eVa zfoe+fz1j2xw}@GIJYYHMmFetpM%rWyyMZFQEUW2h0dAFC%e^(Flg-=>l)71woVSe^9wo9)!&~=`iUpK?%}a9x zri{tReqN+T6vNxVkm!VL@ALs{h|J|3cVLURnn$_0d~(Wi55ML!07x0f;-_1%Cr2TX zM^V$kdy{uATW8&si|?%mf$|b5`3+bqB+ov%#Wok(M6XP+1?d;Rmtt&2}`zRSrh_YeCt_HTM}gAj^H;!e7!KATz3w7?KOHO9xDFxUE zK?hh;54~A-^eZOh5`VkFS*l`#^jQm7BLB>lb&hZgdEA)4D3{zO5*I7k=xoK-U6x9} zJ548$F~)3kbCM0^HlmH)lIB`M9TH)M!$IK9!Iv+GQ+X$rN~jYhPBU_uzGVsK{uz{XS2YL&kvmD<6!e@$vi3d`GI3o|S^97bkUa}4ibE)-Q z!_dbTZ#eUh#5)0cG+($0$o%?*+uv=M$`AYb5I?mm-$sEEA8Mwsnum7$r)E(_ucg>k z&3Q^GFemZ1wZa>58CuQY7LoG5fB{;EvlZe7ZOy?S`oayp(}IuB%E*-`U3h1V{61)I zWVh5nhEP2&Q5@GBpq5Z8gTrKcV`i>%df&0?H?K3|N$32naZK4b@+ZzeV6=I?NTwC8 zPwTzPv;DDH#`*YTGL08v3T1Ov@+OWBEG-etQkiSJ#>Vgxi{#jWMCF${k2m~yjGtcv z6iSbyx6^~$PbaNr>(S}%ZYPGT%9CG?l1Xa;V`wH@)L6nKnrbk44OF*9@zpK!`}BpF z5=+y5u+*T$_2|iQrDTdAnQ}I^evc)#D#-Q;G>ekyVfs5;pG%6TJ<;^q+M=8ePcaz` zxNT>J74B6mZ(L!3syH^53Pz>t7?J^6PcPShSa-;}`TpvvO+=xXiMqLZcD~l1N4SE_ z%L`5CxwGkMj)?2nRMJ<#s37v04e3U2Zp&c^k))?Eh>yQqWUkE%o0L;|^_{y8&cn}R z<#+(9CjU(>OIPjbXS=vu>f)jlyJ{*CP%0Y)>@@*HAAzTp6;4p+@0@>wmB*D^!=z)X zJ8(5u6DjK?G%URBu&*Va7{p;w8ym% z79;>Pf^}iiEyaNO^_V{Hl2tB#hc${e7yEhWY1R15b$mWm#;0(2JZ`Dt)uB`2 zE$p+?G6u{+4Gz(nf)xQJCSV?-lDn{ZDKP^vu=BkToKj>-tgm~y?LNQUb&T1jCTu1}{dtou4CuV!RwVrIFmO3_sFSx_%K4FwLqMeJg%D^;}wfCi4g zS#FZIpMz#{6S}D*vV>=7N2}|6-l%B$bTFD1pl#gLu?!7Q+nWSJUSp{W=>-KZl!$O~ zKq*wrjF`oT3Oy0Ho)#FA5KV8E8zMJ{jHHHvJY<-9>74m|^42t;BnJuUp`9WI^(&%p z&IIENO+KV?vSI_~Tb-4>IVwfd5XlR@GXsRQva_c0@8z)yt`So$sJ*XmoGP_-aKP|; zO-f1^P+X-E5dFNB#({q~|BRgU!X=+Yc>UOJjg@|l3LOmiS3vTSRBo8v!Ca6`vX_Km zgM{OyM58>7hEk+6trHgzZ@L$8)p17jlVC1+Y6DTmp#{4N*?{2nv3_1&HTu)DkDRj{%Vw`|Jz3#wb0XIn3NZ@VIIY zs@Ruc$2n+rAI48qRd;WbP6;7pIkOa{utU!Wa1^nwXlUo5NA?O3SH-I@UA>BEP>4wz z*~AB07&9DzqKeywNKVpWD`vnmr3}3QnV}B|Mxz4R&Ng_9TuvFn6Pr^!k~@3qC>oJ! zG$d7iR@?;7D7Sg7FP#*HluM#4;RK9?cmEMh0TlXYx!U){Wma*u^33CE<+`>z0(*s> zSe8+M;gLIzUB+Jv_Hj_4awn7GK+cI=DfnUecB-(+A4`-}G8kk-GX~V1P1DtxqCENd z&VvU`?P^9@HoaYv|V~kj(w@EC;~anF#)PgYYmdYR_U8K*4mb}dM1juem_9_ zC|mKTh1NJ>UJT6mr7c(JppC)SjgP4`0-$LKlY!Jwh5%xW+8`CnnAKK^#VngaSeSC@ zwDc5`Y+#-xQPi*$v84S;Jnt#b$ROpIy>x{HX*8%Q@O!Wk4{Y+OYDah(+E&Ve#Z#5S z$CaqrWiH1Q-OxlI+b#1(@*VFm<_#>#ULd~JtI&kexN9VjVP>YilEt}za?KCJ*8>!D zA;t{#49hW^eRoQ^UTz{0-$LR@HJW5W|>F4R6FF{O=c#0?&$X_ z@FX+j(+KqG=vF#114JWnQ`vW5n#~nccdfY<*8uar|17@N#wvo(NI3lxc}~dSJrg1O za2g4uiT;{RN`FPU)K?*IhDzPQ5zMO729fs~KxId3LZ2vKhKXdG5KrLckpF0d_}2DR-QLk7_bK34{nPtMzA{fR9&O zz|dhyL9-E2Yvy=7zy9i#mpFc16+VJcOz@o7DeKY<0tHov2_XhtV5n6TdO-z2@puKs zzQx{d=_poO=^hr1fxqx0&$JhxcN`YZn166YvEI>V+3Sg4ezT%Dbl>asmi%dtTCe<> zm*FBA4Je%i9{lbXU;qgFiHz}3$dq}JJTXKFXqZ2xL@+i3b3sSQTVU2eRPcPTC@XP< zd8;=4JXVTH;|7CvR-zWv3t2w$0i?OhM~CahVKb_$p1%tFE>{=E^^RBXCj%GJ(*oZ(xH55UZ{55^=~C{S zPw$07F-1F4ksf#LJw8@p-{qW953$pIl8PhvrXz%lqKdrpH?d@zRQd7gx-St5q*v zG%v0IUJNkICD1at^PCrzMB}t^B+5ZwVsaWw@Rymq+pjGC$XrQJPuy4dXU}^H-?M6_ z$Kf{#n1t96rMFE{!tq|H9US z&=q9_uJXPyrG*7|9J=!+Sm3wZjy|;R%FsOLRyd0zPNGIVt8h*$cZtLVlv6e>2!eA) zDfi3)sc4NtQ=C{Db!Lz%LAC?EC&c_J1Bnl)hWyUCz3>o}cvwmaTf*5=a)1YV5t{oe zJwWPLPc2J1jSDRgrDde}1>Qis3*CC1=Yad6LeD}5RT9ET ze0Yz1th?!ldQ^pTDrHr0c6=n|MZRZ9?NE=c z7xI=7ODc0%c;*t7;HJ_^`7rcPUOF>G_2O0Q%&xw3vT}(~$?j}^SO=mv9Z-dEn_hg zk9Nhh=UvNJrp$)CV-h8wZK&$WWk7{G1RuEW0RGVSEIFD)7$>@4^5WIF!5SY(z=Zep6!H`0V+J0 z^Zt!(%2;_X86V6cAPYSI!IRs;0vsP7caEqxw34?&EFhj?Jb@DKPyV*$eLyT!peRiZoX|LpC1C!d!ZL zZ^Ln8RbI$=@tI+pBEjk4q<+&m;wkVZ@%0Z@u&O>;OKGLX?2KB>B_WuNq^5q60w;_x z3ltybrXXU}BJd8lSKY^(8jW%(P|MX#a#{cOiB2=kanP4%o8<6gJIj@d$J%Ko?A52@65sNL)GG zU5FhrHb08_-l~d8TMzC%0MfiBS0d8Pl90aya1QL$G|vHZ!i)f ziJs0!ZY9~mj0Wb&Fs^MpFn8J6$@(jT2PmC0gzrE>K(KVp48snz4n#O@ZKy_zD95mC zXCNsLU>7qHo2JFA)8N|Ex+77$8qYY1LJlxdc~pOBS(&9}Ow$Wj9+Fr~XbEPwwx8NJ z^I6kOrWy{A>ozc9G^A>85hz5dYa2D9TBQSxlJiXi>^sC+i8~gsdMmQ?-1A8hg&6QQ zBXq;EOjX;uFRFf|4%oa~XB&jk2nQ51qN|;5q(b86dUn zBtx$D^XK=5)sTWU)IL{rs1CVY03K$dvt z10D8}K7lN^5!jta`iW~QA~LI?cuIk{ zMvCfGpHHgAKcBFUFsru_*KafGN;)sj^+gl|vUfF>=zH?ZC@`cpone}eARxA!@5Am0 z!9CU>(2Y{Q3&imaHi)DNQ(2&FMU3WKnR3?yYL^(ss!DvUON4RoFeNa+&O?T;9(IU! z#?=beF1rY=HpSbYBRNZP>or794d>iZgt~iz;ib$i<~*@K!={Q1w@=++uRQ5Qqp?0K z!`W?AkA25Fvt)>#`PK2g!zPKJz&erb*-Hrs z)HFKH(kGAY>08BQ13PRn&23z28=WK}?pa@AZLfC}?<}=maafWdeI@ zkF^Q^fK6*v*UYorGS5UqbRfb751G4B>;Tv)n8~i zO?GwMAWq>&;OkW)-b^oG1^4B9pbGwh$Dy2Sh-C}}%YV_{Fyr#7k-)4HMnV)`c%E!x zMYvCtMdU7u^X4;jgz2_FL)D=YOvgJ+!O?i&SOmEwT%0c67Ca32wX@a_kfN$?o2qCd zszG8FmL8b+$ucz<%MH+(|l>xjL zjX`Pqd+8_2z(&-9g%XfR8%i`>V_UUYLn?Rd#j9;B(T=bNNh!wE0jo}{Ljt%C%UYPH zwOj?Sa|OkPJxPnLS7)aQA`E0a1g}i(DgYTw#x`G?%@wS`zN<2ut2DkY^fC9sbc?FY z=U!Z}2OO=ku}7Bn3407%QrtVO90KXN|O>I-8h>-*OFsSb~<&6By|r8@CaThlc5O564m z*su^fgCQ{0M#l3uvaB)gW4nXZE%?dKvcB)sMAMos%tE?^x#v-rS(QQ1qH_hbK&Ng3 z<#;PB*H%dgZA);%F3^^3g+f$h=ld8OVUj>K=}{B9#3F7m*Sh#HbNwbj?^3@xhHR-4 zt-&3i^AnvfiWb$!kVwRam*SBNz9D{W3wmI=L5N4w=?yDg>}lI-AKj{GlSPpx7mTvU z-fV=C2QFsBhU!s%O+7??nzunk=fxX2vWS3@WV!=Zc9a(mv=|v96|6^yZtJ4!Fx=5& zm%v7%rO?OJL4hBkI6*s%k-#xh)qzrq%?}PMv>520%eMt`dxXUmRj0SbCR!K2XwVRP z01lksnZ*9L3b>Flq-9r(l4ACdGMa8it;#&4t_XNg8T!j;Mc_$o{`t-*+i29}R;~QB zts7k-D4|AWxGj#oK=*}38?>=xLs58i-ZE+=ew=RAe82XJh2dFw=`421R>4r_@6HEL z;3hNw&Sw==z?s^lthxW4m951eLUa7qrT4-WGKB1YG9k9O#CJEALdLuOQLK9#Aq$D* z)2yH&kROYM^zH*-rniN*b}vVF83+fn5THiW!rPRfj*q~!>pORvonQeKEy>>WTLImN zOT1=om=qsBUZk0|jueg;=Fk2}%%$M=wG=90{A~DrLEs3^5;(G`5L-AC z9-;SweFX;*2S%UAQ5D`XzQe@0%HesYor|NuyVw)?0~QsJkyB6*av`CmHr@91gN57t z3iq%7N;FUvKybWEtSnv889X~--f45Js{6+W(gFrl^+RI=t%NY$L7qP<+6t@X-o(N8 z{)9S#g!vukt(WZumoZ&Ky9trR^_%}vTABOHh0ktD(IhYADSz3(aJ&br|X zF@S~XafR^r8@d25Tu**PXI9TxWnnZ!=Bv4O(83%p9!|(JBLf+5%|xEJ7h81^a|l7?d}-yP1#ch3 zh=SlD@W5Fmrp5u5S%2OL9C}|~j~hC$4TcWyhc@a!Bhb2^Hh94gmie@f#8-$U-bKp( z$E5}>Qi9x*HozZCdGYonVJU=6EKx>t)M4UKWas^UnEazMzN1Y1bljm54(;lP;Lsf{ zb_6mD4W|Nu@rsH{_nP4JF3E-P&1|EP^`RO5WVQk)=sUudmwkbyUIO` z%pjw^g{ZdQ5fT&$gm`#tP=nBihlgewqS>)UtabQZ?jB5OiGNQG1V^l7TR23WeXnf*P$F^B(*@Yjb5dV{y0dVE>in4VG*afiFg6*^ie?_YjuaXr>GAIUz zqj_r9%!o=y5VZ1gcYUpURAlKY^=K7))Fm?$gCOao5}<08$Cb9H@;9w!K4vX-9owtcIOik8>kx)jXn*E(e=0BI=*D1a*KcI9U5U0$O==#c++O6H4-CcNmx?}$A z$F1Gsa@+iWyakPQPIsrLyW{wBY$#)6X$VkHaIt|ta+{K6ZZbBli>B(xyEY(<6}RS? zn0RJGfj~QBX7LUG6`fx=NN=RXfIEy1GtZw*o+KP8meTs6n+o&*!|VVk3qlYe%4Ral zjzMf7@}gLdua;neiF)7UW#!djmozC4+;Vs_*{WwN@q z;WS~q#T6BHq9u!X?T8f0gg!Uq+Z3N*cn|%;5bBMFg`~M@^+AKuFAd2e)LP`pAd$PF zW0h}S^=}Gn`V0&Tj0vuFRb-B`kCt_o3$GR)3yVe^A~O?_@(9L1Ytzo!hF_*vQ$V7e z&c`-(UAp`E`}fQvOg`V@M<~@7`JDvLq;v<-vJeMcB2FfGfsC`nK*%|srU&WM2_P<; zP7#nG!wy?@78fP;R1?}|n?X35$;fFZBoh#N9 zg7ct0F0pMAYvZg<*J*8Gr@ZxGoAqgmV^ek)?>k@_(JSlr)5(;Wdysml5ZFWdP9~gD z%7M2i*JaCd1HMW|GfzIaIA*Ed6cxI4CjKD*A+iIQ$Jil5gG6jPB*v(TiW6|Y_` z+UG6knEgb7ZQ5rmrFxuaIX4*2m7@YhIt$>}-6X+X4qA^SDh>@H8q5iV*~L!Ln3)Ps zb3;IFrvNl*Oo=v4H7)Qi0|HCn_vC4~pA<6!$tDOszzuEkvDDpg$oCJwI_eFc~9`|&TPoSTsvR>o> zr|Die^G<*_K>nkLo+@^TE8kcN9aVjkUAi5H+RHA<`zX~^FmXJ<$z4UcZxz#HJn$`@7fa8 zrX-TmSFye%?*^21 zTi8bcUiO?WF^@woJ=zJ?D|>z>8LNC6?iGo!bb)G34mh z(YE!nS4~FhM5%Kp>x-$&_kp4MRVg^5`ft=qgV&y!8udKv0Cz3P#zo7WM^`?MwffG@ z0^B~>PDx2t@7?nehqa*h&)7BZUQ|&0ZhH%-?Cl|9o%Ggg30tYS=zs;M)_JE=#_Da5 z14>PVd@U$PN}p-wpG$%qLAWU9{e$VyX2uF6vQXC8Xt?P@$;5siYlXk6qjHn3lcrN@ zvf9sZF}Z+jN&DyOdcVAUtm)5C(O;u}T`*sG+oRFeP8Qt~K-ryskpMkSH$xxeINHFa%f2KGe&LoFiWy{Ob8p_ukr8lP7nEEls1pM@7-#a1G*}QUDeBwmDoZL%+sxk)EoLk_19Ip{+!0b`A z^_OH)92@AiarsDG=uB*eXTta4@OU`8QkH;*q*LYPJ_`lV$&|x3%Bdc_NiLOhM~m85 z`-@t|eZ~ilw}}r9zATP45?ie&lK)j%8Z__3T@xYNMR= z&&oAL;XTz8tJ7YD0s{*aJnj(m&|;_iOHpc#R-c(InjTk0T~E$Jc=mAJWXzRV^0b{~ zhSYAbM9g{AD)9GbB=Wi~JB|`EfSfejO7*osN|U=sgr9?bNQ;6TGnucPkg;E70wKR| zJB7gp@C6^Der1W(b;owZT>}1v!_(*8FqG{?+x(6S&V+|aQKIJdiIEtdlC`mIR%@CL z@`Ev;)2dPSzI-^Ooui^U(o`>kGUcYA9Se`6(at8;lP-o1JXkGMuNYE$8( zs>*gR2ZMa$?md`~UJD?7PRFyuQ}FaX-Or}QEM6U$OL<7PB{0IB=ELFX&hBu$vT9o1 zjpHq>VXyYF_LUNe@WT;$DsR`n59 zr8sx0TIdV4kKOR2u`7dTmEa;{wAl#IiKQxdhl9b%he<0M9G$hM5(zKHba5Oly`7L!xkIIFkRoFmzZAoR%#~YQkv>$tk9%pGw(M>O`JuzXJhL7j^EunP#Kk(a%e@GW^AcvHSpM3D=$nr?=hGCmoQ zo+{h64Bx`GHNW)#pSki$`bU^Bx_tLB7FPH|J9m|Oq4>jaGRi8N*G}$|9MZIcNRuy5 z)GVoaIjYq0Km}H>6>sQZ%_Boxc8(LjP1*mtD@-r1e)j{7(=crJM!vGZ6Us0XzTB$o~l?-K#$yvzgg@7}-%gR*A+gl43b7S#FrEXPMR-(*jN>;4ujS5Cs zXN$fO2EEWKL!Qkfr60@_N~#FRw9zFH4KKB$OGY|`e_n$BT)`(-$17Lh-xtTL>+tXD zc;)3wmKMQPgN~1@MhXOha*VRz%IRvn1%Gx)$*VM#pw`8XL6b<5n^(r@iQvCBJ(0I7 z>rIRJWNx@ye8XuqF%(=Iueft{rLU`0Y2gPp9Tr0P&yV&n*$@fZ+bG*Jus12ewDKdJTg7}7kgZK&c`(Fq!gm|ybFCOLoj00i&*;9!m! zksx1C1P-?7KzUNk(j!YpC}S&e3?3ekB@1UxtMSok7BUXRot(4Bmt6X8B3I%(#$rC| zWcpR+qjIS*RM6iVU)l_{pk^9$1_b({aMRr-dVc~fYg_!fZds3 zJQ{+5CFsmLN}no48(5*iyDNhiky%tFXZwDIvX5f2wMDUZz%q}zk9LpwfViT*v4D0V zTTtbRZ$%ZdROPTz;bDccgsZ7Mdni^s!pYlMtPECk-uKc#KcRqWs7UdnMLTCdAuA7f zKx)!~AQNWJR1qYunG&2k%aM@Gl_^f7-wI%$+e>@uWkCBAEU2vo(QDOg^{ zD)8dD3Hn|8ZF)4BohdJrxNmxDZ?`f9Zw_ z_|*$Htwy*$wYb+*kL+fzSuGiwVcyXc8INN5-^qz9T{rUK@WNlY#zwP?(HT%ASe|25HG6R33a(dIVC0&M)u6w|QDkn) zKKNKw=&PCbL5ZEDN}XSUTGa~9x?SnyVqpc9LcsU7v1|}4bu0IhZ)FY;IK+Rn1iMOS z0L}-xNK&3>e1>5H4>`=}Af3U_)(+hw!kq@4^^RNS<+dP;Rn}$Um_(t3q z98v(bb()8CGMB)}e5t1%AOYhi&UVKY!arr(UA*KgZLn0?w>NSM95uaBl_N^d_l;R_T-w^R@L8gxGMHjaaz>=685Ebm+;5WcUhb7 zZb~f4{WLSeo-p3Mb%jSWV8f)S?>v>J4AtwEyC;@6o7^e)%skrC-PmO7e5v4NzocC) zEKS@>>6BG_VT(GhQ&Cr?oRrnMqs&Yi+MmfYa0!o7r5Ib@gpAzFO^BSnMk$7TZa3pDdRh zW}xN(Y-!f&BLRu6+M!;#K$o3e;nqu!qqoxo^RCJpwo~Nu=>Ya*x3#sr^JsSm935l& z-7>%9xGQC#%hfLWK{MUfBMmpP<*Hbz?}9cLw04Ip08-&rFCm>X3Fo2*0GE10a?N9u zxK=2R2!Tw`XgY1+m-cbR1+Z3e&PYIIu&e^VKy)>RrRUGq$az?sxoz0bg2+L&>J{h) zOAQC#YRcKvhi|1*02^^Cf7Jtblt0Oa5EySr#Awg7&cmemc84bdir$6;qk%M%7u-V1-VtDMSiov8K9%UtqTtlh zT=*Mn=4~p?;c4FyPY*(8pCWaq1aWlKSr3%uqw>?hAyX8;~eJ|1WG zwA<)LGv|K3kJ5%gn3(hyKYmLfKCmY)$WlATC+%p@iyBU9YXL!KZ*d#q{SVB_o}GZh zDioa{6GVNpTab>f$J)1sw2I1u z>rtp_0yU^xp=VqPRV~lHe)6$rTvxVmmUY3^$m_)?K9_dt2ABfpZG?_{wrR_c$LUnI z1W%m*>|;-zUtQ(oC2w;^xS+Hi7$7R_Nx8j6<)CV+5tz1Z0Ox6$p|1rmZjXoV@m^4V zulxea+sA6jsQ{m@*AQWBdh%ADjb}xR-fcg;@%F>_9zJ;Q_M5k45b-Co8}M#>XO@k! z*@;8I2Wktc3)Acg**?<-PlkeC!K^*V#nVAl{m34dW<5Vhv!ts4(-aNm^InJ>~`^(1=x_(hcm5#V-giO<<| zqB^U2YW_Kyq5BM+FNnw;q>~vqVBofuPE_XKv;hgP1dV$0sCX0))mE=5XS5O)4{-JZ z=8j6+G;#$brbKb%_%KDlvkw4l54pLMDDZM^!K6+sBLtjIGKCEr`(Sl2Gw-51%0Z6% zCpUx|*%RQN9s?6MncLL$;;VuQt_+tr#QwOPv8eL$&MEh))f{F|ny3WGAYiRoARruZ z^hTJtWs1h2H+YyG(Xoc=$ei%TLqzjxUQ4jG%}el=sl~{Gm%7)R3;=zXdYu7in;C?K zJW3^tHe=GwApJrzn->K8N5F;f*$4A%@EGj7gl-um`{OV#VfC5=v5$GrgEghKLQcCFnH>`09xfup3x&g(n?X-y_Y_g< zkTQzkj!MSpFeXsfc3^>TbA*X7XlL7q{LbB5`fmA`*8SS-m!a=$>;UL|r4$BARP>}= ziWHTOn)vmL%eRYb_1(Xb_9&}eFq74KJC5MvdQ&;eKnKUM`4OUM z+tHO+&mkSI3(*Asib5_&Ab@X3(0q{Vg8@-2qALApU+_p*EY2iCyUpgMhqt#M!U9c* z)u5bR=qE@Sdl^4@ZYaVO)m~<6&&SySDC*!anI;2FtcpAvr|bn@V`}dCBcQf6VYlf* zX{czQD?e{FJJ2mh6g;6qrvqQISXFuvu|9Q$Gw2l}34Z7U9@fCd;z%&V(cBEV)NdnL zK>7{1*5#{$KWdpf&>;j2bC^T)xXkDqTmk!0>>S7iVR8YQq>uROlHEAeYU{k?Fv7UH z(j4Q1xGgAQA#}Avu2zS^Zo!39yx}sfS~>{+rZ5F=6LatBuN^7?%6D5ro>}?&B1deA z&e&Oa^IrJ=tDMLP62S>3xRSf-Lf~e0k{5btC?0GI4`G*CJ%^N zh67PIK^yhYFkswCoLaiTVP5TAiD`bp1Au6@GcQAYOw*bpo}r`b<&G|~b%!v?EYcBZ zgqvsuZ(0Koav1pRd?`RBY+Mk{=qCJJX<$*9o*Qr}P;cYeE*z^3(UGk%#Z!!1xLD*W zb@?O4jMoQ@mm=_#ie<<2ki-qLe^Dr*Lb9^JUD~V7X*8UxigwK@p-9;t$wx&x>sKMC z1=W}33|U;2w`GC9jA|}o|H_(HYP>rDL9{d)=MGlU`O3*v;mtNg-wVd@vY|+L_V4YV zPk8@?m{FeA;M~nry_-s2hCs9Cl{oc&IBaQqx#4=~SZaI@S4yiE1MCIdE;v#BD6T>{ zuH498GiRU7h9)08asl?(f?A7|vzWG{J%!7;yxcm+Cbj-D@FY>Mwu%H-WDorclaB4y zR^VIqLS=$mENUnpdbL1=Wjn z0ro%>*%=4Rmog-XXh8#C@pFl)1OlbpRpq)Z3@MyR^{J27EiXXj=rRkSmZhh%S=3w~ zsIjZPIwa`Jtu>UVlaIWml5}Shhu2o@G0YeT)Rc968AsVqYlICqK=&goSQ!3a3EfU|tYQ ziR!lbc$UHZci({@F94F-l$?YM@SKM?;5)^SPT?7r#9u}PMeH>*lW*pbUH&12HImmA zWPF&9hHx%2fFXPWnVRw`#_bzpkZKVqkfr&kLIIUrZ!l&4Yi}kO`R_kt>azr zMMBboi6DmNS2jpSmPjOIkjyO_E7(=cIm9_I(=^VHJ=3)4ZQIcYMmz&@Yj)4$G@a0X ztV>923tIyPZ$~bBV9r>})$O+jS(kl@VtLtC$PP!=b&r`HxZ$B&lDNL%UEA(!OW8hw zUbQT5Ve3DyBh0k8>Der^E)FVJC23sTx1eJc{Fv*G;E`;j+ZqRbme(to8m1p=6G#`^ z(K3v;` z4KYn^Rvp>|9EFTpL4-Q62>`~Fbajka^zQl^YvX|XWXfg)7#NqFmJxqV zMLSc$tDo(R`#zY=OcWtwjZ!>*m9A>-Mk5HmjwFGt1ANB^h02^dvzcqXB+atZ zgWP~Mi%qpIa_RFD1_}qw*_HWoG@y9?dVchf8+$CnHDrIm&ep?G+nVl(7Pam67&544 zcVqOQdtuv>7|TznITRf5d_lF|38NMvzgcm9bIUIOnGse3GUcBjPr#F5agN-ohKhEO zG|0aznL0V%xg!4&1y}V3YOV= z5BZSeX`y)GKqU6w`TSxC^`Vw-%SP_W2`mXc=tls%$j!cmUsS2&O0u^|7Cdw2pFqN+ zhZMWvXM>XIbQ!nCc7@8CfYR_S0J%yK{63l_z)u4I#4wPSX`W(_j2yw^heu{N2^d#E zAvwviwA53xMTwVTKxdA04$ae9TGhj<$Vl3nFi|1m=UIiFcIJ5&8nN$!t6tb;50|`H zxaKbVwk9n{$)x4w;#F#)kFx_f%M&O$%zw{cFFS@Z&Bnx3ZklUnS$lKRSRHYvOo_K_ zBtn=iF&TSaV%ZqWLn&H&%1p;DEo2YGA@!;mPtLQ#n7qmxri#A}*gMOp35`?OOWDk9 zoIz@Y>H>^SlNH?72xRyz$w2iXX0s#S zmu@e)vXWsXKO5dwoJ_|#H#xGemy`mIs;*-uUCgGn)~De*A%!{1=6eTn*H}tDhuI(z24mzjh=ZfYkT)mDqGmQkGnLwr{UUI_20)?`V#W8--g^* z7n&6=+zJnk@+fON)K#cnuC$L(z3(wiwGp_?#X2iS4m%ZOhiM80CbxX5F|@GA^LI(7 zYssFb*y>uT^6)prSL>0+XzShQ_%Evjvf=VtABro~uGa$D4opNo-yiFBwOQeoN#V@Q zE`{B@gv?gL!a{y3S}n0Iyqi_b!)Co~YcUx`DdOv&5S3EcBYPE2U9wlFQ*4EwnHBRj z*(HGvabLBXy>dRLHWBSK#juc;*Ws$$AA>MyVO5-JGCg2Vwa)u_Hf}ZBO}@}M(YqB$ zocb@+TTl)+jF~|!QOyFoKPBf;6OCL5vJ4MaqGsF-`>xb>l031cT5&ABAs%INgMJH| z;8^bfR3AGXf@f8(kadEr@nF1Vn~0YT3No37rE#g3g$qQH3WOZ#R_q0CB6T@)u55WDEP%;Q$_cgT}D4#`sXU-d+ znahSxDQ;5xKptKtiAO+7D?DKE*` zLq||bRLjz0N3yYLC}jy|GwSjd-yN=OHUV9FxN-_yS={U%fSGNSqBZ{A!_1uiNrE=6 z?xWpe1&we|A#o68(do9XwRU!od;OJo=h5{(ye{q*x&yT>aVSah6=UrYBI1y7w`BSG%;8ujEFA(@_DD`qF7l+s+T>}x`5Jv3T zyd=LaT?gCAwJsI7PKn2sM(IHcwiy0;KTAhLBh+zO_a~K}0qm(QJOk7PF3G>S7$!Tr z;>ytCN>ThBeuC9rEq!urHkHq&*K58tTd}%5Ti%p7nC9~dS7rYUDuTUjM`ySVE{?yb z#CwdK3#GtOw296Oee$>Db?KND!RpNdsYhm!Hf#~u_V(|6@)eQ4rHA@af_3PRU^P^o zhx*-+P1m>Cx41~B83txV*Wip^M;kStqwBE6Bz9wTLeU4y!lce8lYBbsz`ozMmEgXX z#$;B2RN~|fvnSWk$rW(CDzTT`avZ{X}XBNLRi z*>^|#=o>*T6H`NMW`;~Dzl~#|)3MJxGQWu3Mh7FJO6bdLAC?k7dfoni+k5x+wvDS_ z^!-=-6foj#5f(*VVkfN>T03=|#(m?&J9e9#qo{o#5|Ut31WS;XTwC9L&$`X584O6; zPW!g!NKYF}z+mpPW?g>^ppCm32URiC$Ej%f*QRHbFzFe)se@AohP=rHW-UAskJVFP z!BPgYB2wX{%OFM8UkE+>eQuMg@ut0Xrg>VpI*uu|(ZTZy_dms1lM#_(O~nF)Z=InL z+U>PWaMmyW-rY5GJFX^0mwoD7geQNa^fod?Xd?)VwcS>(hgi&0oa@cXK8x_-p>IhE zMMVjGR54C%PNO>KoR5+nf_YlM${V{U?STme1igcvLQKTJd=Fu(>+PcU>Xn_)rxbip zSo=CbOEnS&`Maw(hCB>SgZ8<%>BVutLyy7Ag%U`qhMgJeX_@JjgY-w%?2>M0F$r3V zSe8YfA8pLLOq`B_)+mL0FjY48plj?k_;U&RGtzknxB@&aeV8q$MaJ1%+UZes`7EE5 zQzyQX0ldu%$R7K)<3*}z9Tlt6@%U?JWb*%^{`qvtSu#T9Q`qBE{G!oek0`6Vs!0}C z4Gmo#+Qzn_wi&A5+J@mDc;zByTMEvlGsy79vjr*fJ03?r?FMF)#}3UaQio-Jl8R7k zf*+(bgK5uoB~j4nX3L)WDv^KB3HC+akDlysikKMS95kmWz67xaYg>|94CT&@3tnp9 z8b7<-S!Q;tcnC+qVJ ztJkV$6ku`ZN8{Pf@7P|&0b(6*AbwEeBA>tqT^rRLkHxof<;@RWpIU-iB23dpL&NUD zE9k^#%HIqXzY$g>%oOtJOJX+6PlS^qHbV#80~%I%!eMo0B3?U4fMt{Zk#lbIVsVf1 z$y)$%$;$~GO2O`FWf-M(eBPMlmW!Zus*yeR^rvs=;9@J_E(&wal z3^hD?!xqXrf%7`CgI<;?Bl%WSz;Wa*og(VYn=*$`RKuxIT^yB;pAax4b`|$v^4M^b z@Mu)H4=TiTw0YB@aB@|S$4L(0k&LE;p%v6DVLe?Gh;?cRjP2hf!O&BXTAZZ9r0@!T zDH0oF+?TKZJTcpNzL*$!Z~T@oy-Txy>ZGnNA*VnAQY6V0;LVYa=dG_5ewKmfCTjz4-5#0Hu$1 z_ZTG;34rnRxR@r6sy0(cfD;~ks9CDtv7bSXr)01Lio=~pD1&U1t7MXc0*9(`xUz%p z@m~k&=A&QhldWHOGEnIzn}hW3UixS=3ko;2#n`ixU^y}l@bLu}&3XhA=dqGR5FS_4 zx2@-+gd2G7lMJGxR9F&9$&zCks1eVmFcK~!TI@Z!asxrdlI~BXFhT0dqvD>R_g37) z*(|Rnfdo9K7&r&{yi5xeuz10xab)>4cas~U#GzyOCIYiRT z=EKDtFSAz=L*|j5fVpF3mm89oXjzo>tlgHGASjk@K+~HR3NUyzx1wK})OLrpkH<+@ z%nKZ)CanS^vPRy}gtSN<1<6h@+;&36L}Hj`QT4O9?$9(oCeYyHxCt!_ECT^* zG8OX4YF=(bifU|&Hv}Qr@a-k{I=V7l`S}F^RiSegVhUmsN7zs3YUhIycRVx^Es2Es zP+n2T{^%VU(J9Fe;7X&~q@|kS9$<`!q6hXtS1XHy?)f-8?oiWyqR=X+~b_SCGj(4y&NE4SyY&&Ax&BjkUi+YV9xE4JN*Vx=1G=s?zRo(>`8+z1(+H}qkCK`6ae&`p^a|PVYIaLGo8{*O_eoPLSO3oi z8v-qdW{Wb?J;y+ar5n=Jny*g(yPS7ggfc9Nav4yPhT4Y!Yn?+?oM#XVeZVrTvS~t#bWM||Bvy6ssXT+XTY`f4M4XdfIpA~~#&vs@{zfHJ8y$b1o z&evQ53WeKXmRH2>W61p6aBkqK52+PKM9%@*mh(32NtPX?ZXN4(9CJV>$7l7%nE~`} z)4p=2a9I)h^2kpHE>Bwq;y60V zfu?G<-v&lJKL1-gRlhsoi#$T$cvPA zMYsjEufCM&8Id+0zra6Q{J*UA*M=3~T(CM`#aOlY0ka!0&S#oQYNjPRM)XQaLC80= z<&=b4J<i^Vdw4i2kL<5a-x^!!z`5B7 zU?b>B$rCZH!Cxv(x_dkO$$$SL<6yd4X;&HbI0Nkr`^k_du$cZO=XgWQ90lAVKbOzGN*?a*BPJ}Y z>cC-gky0qsKS{0V5#Md+UQzGl^P%?BO!P$VDscd3db6o`0AZ|;Z8Z*v&ill3an>*H z_)LJi{B zOq2dmo)iUDqWQJRQ9n@a-gwT1R<2374_x7_0GKBSxk*I0l41>WuPP3gSL}QNM8n8!8|jQ}fA8IhLRv zMp;~Xb?j#2B=nf`HC@;>&Fe;aPp`o!_bGmMuuZzeI36h@hA@B$NtPHPd#KqtSSZ(L z@lD_r;6arqSx@rH*lZ0Pc4Or2VeZn-97e#DmjvMO_&kUX27ZkP-QcMXBVB5RUmH2( zI8&>Uu+4pOM^NrOZZJ8^%dwaoDRat%vVWV4er`eI`3~5mD{8X^K-aH%5a8yDK`88O z^KR!Ctp9X>wR_k`a$k8NA+0_Ik_2dppGPCEKg?H$Z?*thFqGTwcrH9JkaA*^QnBp* zn6e>~v6b#sN)O`_A+`3zGwh%ZldeW?*6ZLPSSII;EWR6IZu?b$29$N-I!S*)yvA*e z=^#gSU{}Uto987&`CP|@L-~-(OT#2NizlX!xhm26g&AU#D+kV=*AQ(+0pd2N14e&@ z_9vd7rRFCVSlJ=jnzEomOxhB<)^qt$F|}^~E-^WoyrbttftJ&t|5$;26}JPJn^-Fb zoZ_@7#z}Q{#&GY@#8hTC1U$#~_f8-J54R^h*gtXYJVQ4KPD50lUl=YD`tJEM!@tn1Ej_VmeSo#cyoCDw(6V?Njxfn0%Q1eC)-zywkthFAj0NJ^*VDhInd z2bA=Z`5)UTPbInyo2GEkjJH|B0|LyaQ+sT-5#vae zNV9N@BE!`SldohkbZ~zkgcp0V;EBW70{U;tcmT%#yM&$1v9k<++(&R70m zmO~3}Fi#5_u?AnO#3WEX8Gd=hqNCek_$Sh3%;uLXY#dU3@#CIT%00QBnp?AS1?2#H zuUUNhH0E$5(d7!z3)?>NEeWM_=^T+>632B6FHY2^pp+R(dlSC|xi5Ou5za4^wZl*95qj(7NF?c0+a|OVV$v(`SeIeS zi=+zQcEf7*CZ-OGVmDZy8?7BTcT90T94|)fGE)}A-!9MdKy(`yP2mv08i z&Of$~kbQlBW-fv4qpJeAulJQ9_T~KT`+ro`B}8c#+ea7phQg%t@$>@r&JOb+iSb(AU`!hmR9t0KM8lx8u5gae=7H?<__bs9{d)YHZd5 zO!;M9o?@n0^ZcS5jfzPMcbg${`P+l^bX*NzrwM|r)b-Eh2-)i6B>lcP1FX&TCzuOVYFRLjO_(L_HSC?1Z$t()LUmmL)OP| z%Qd6k&EB3DfmZ}QGq>ZPVbSS!BxDd32|V->_gTTAoR%a5!Vtju#TcPV#UrD7&5G7_ z$CL|VF?;;tg|5xv)OBM1Je~lLVl$shV%#R${6t@XU_ZTf=q0i&FzeA_G?A5^iU+?s zSYsM6^#etPoBzXCsK7_f2}p%uB48hiaP73jzYC_-PPg{6Ezc+5E;cF75$Hd;!m|jy zAo@fduanRA9{&FK78M5<1E(9yr)adX&*;lEW8Gv;8(91~zH<1?;!M-*8M<=t$)vm~ z_y>=($AL`FjZ4+g5lLYIW*i3Ur~I@;KHL0hgwTSO%8rE}rk>WQF6Ke317_2mRSS@N zQPU=sm1l`I;h+R-NMN;?TP;g98=}GJ^et38mn_tG15-p3OA>pU>J#X^Jju<6 ze0rVY2KORt-*dG&=z_r|u({pwSrlxFwsYbx6Wcz&fq&dATJ`}HcXHz>pnbLdu}Wnz zvF^%RX7CEx(51R=qm^fHB5dA61x2+E)zRUOrZ+vjfiZ~&F)e@_St4k0qq?KSG9w3x zWjol!ukzLZ{GD>~9LH-SPmQxPGgnfhdZcS+p&bW{b(~^gQW}EjdWrzgrv(SpOB%j; za&f46ls<0{G-Zw-%PAxV2bJ)aI3R#Y1`p}(p{Jl}4B;}LotKj|Xmo3hM&-*TZTiy7 zx}%XfcP^G*E|WZ-m9N@@h~|7l9j-UqmZa-G>C%~n< z!Ol)GD_@(-wdhZZ`A$9?UI2jk&i?N1mpkTv`(N(t{jUG;L4WVz&SxyFZSU>w@Be%w&Q$(|f)c115BNU5t5+_%kre+hs#HwhOc&T@~eQ1li&+bmXeQ0|#9G zkPXa6d@z4ujn1TehtxWJ1PR|1me)M>o+(l0r{c2U##Klt$$*x<9~WnqeDvXuUNWn{ zr-!7Q1CY$i;)N~X#Fgg@@KvWUWpmzGx|ASnyZKqV5HTrUYixgTb54Tbf@%}O&IaY& zi}D`@3OIYkCCE6SOGhri^A(|5aAt9cTdXl~GlmO*fvT8Ed8DVy>x1iB>v(7$4_74h zL5OvV;=}vo?~8Ky8sf(dgE1u^gB>$e@}4x+DCxrSAWE8$#HxWL z!WHR)H{?gCo!+&7guj?>0PFNK-UZir-vwJ+TM%2c9EeUc-fed3i36kgwn?wpql@@ftv*oXoD5kdIQ{UcS8q#+0p6-zM)4Z;)jO6ov2BhhIUBG2#svcwY@A2!!Z2bPJ zC|+Yjuj(0^F$TXLb??2uOE!kT3+U~yM+6&NqXFU9qxbi+zYY5LRZ&wJVb%V6wRMo0 z(f+#AJ^t&jJ4c@h=Is716!>5JyI^@hTK3!@fK&Lu5|3|Cr#q_fiZ@eM&w)9bRDRIz zX#oV93!qbiW~A;!VyFWDOBXJ229a*23r<~?5U>VT1+O0sw6b-UXcTty9m0rrO+g$9 zH%qr4t)nYs#86YtgJ}4MVMoChmi+O_OBs}8mP0*slA1TE6&26euio%2BU%y2=YyUy zkk+Fd;f#pqYi=#cHk}Ok9ody#7L;s1SKQ6d7!qKF0gjo2+6eB0wnRrqMUjTo)InD^ z*EeuEm{1TBpS2#vPEZVWe#y>$Enat0mqsg=d*mo z35Uh(DU<*F#}_YCpPf)qk~YK%uRhwclpyi4ninccVna3CeaHLb0MAv2TRR||afc1z zFY!?do^Gjqcp$?dUr}=8(Fb*gfhO~OzNkF~`{oJtY1mdHdS~Ye@?v4=bSv1E(VHKl}(W9=IcyEC>D7phd zUYo_`Rm} z*`SENA90pxWN@;8_X6MChCJz=c)SSgCyc9S)2MjQmm*olFuuH4YPp<_l7@4US3sQc z381utOBKxss%uB?7aax>8L_Ovzj4GEG8Pyhh%7NEeQ_v3K0fMN^%dV++ zC@ip{K$(pZFad&WNI7l8V%I2t<3cA?dM*TD1J_j3r3;`O(l=7xqQ?(9y;PTmn@qm` z)7QUnaG@8>lcabJnWZwKJN{Np@t4O;+VPJk7;u2^iRjYr5aEM9Z*yc@^!xyfM;Me- z`SCbs5%`Bwpd6K{Xj%3X^!;e?hUBECa0;B~q?xb!qCA@`SWH7c(AP_z;8jpvmUG9v zL>Ll^!L*<_bU}+Vqclx%rj7%Fj}AM|xy&X-Y^wj=-AvapGG4vLT}}5e4j9EfT9X4e zc>e~6x;!jeGkp{`-I&CHpavPQ%`U`JFakZ*)=5z{@TV6){;*<=mNycvXZotHCa#HT zRsRR?fp<6S?f~Tee)}!J%;#e2IWh6xr?!_J@rXY^PEzIK|R>LQM_+~7Rn;Lps1BxxsWO*V2xO<|w^#jHQHc#*GbTp4h z{2+1UBq1Co&&uJfs;e`K>mvOxY4^r&*_j8(F78J7{+DOpe>a~`g|SC2?#rZ0I5bi@ zOzjvz8->K&@Y_lkv!`$XJh`x^a8H)4yOVDC|`>$kWT=pvU+1! z$P!dlr*Cn4!L8!&g~il-e|<4KfV|j{{VeD*rxujS;ja+~iMwtH*lm0OHm(8Q z(BH(EHv#w-r7{c)<=ghAHV?ISENlR*rO6LeHXt9brAHp zmqauUq7z~aRk*;PC(o^Z=P^%C?RU?*D&qY-O&g(^^b*K=fUFH_O3A#}M=hKZ2 zL%y-%^`vBo_c6z z(q+J-zQfkV-(;=fo31SE7U;*fwz5Nqo{ic9ykZ7`yJePYV*Wm@<`-fhB(*b#&E^x* zl0bi)BPJu8v`sj8b=Wi(T^NDk1qaj}=(Kr%cQ4h(blN2Y+AZsR=`8SKlf4u-5DU2o za3s7OMjqKn(3`=OrJ82%mvjnD;((#I_8do+!Q`BE2Hu~T~5Og z7W0TrsKgpd=)I`yySuM8C*2hn5|hf`jd~cv0{pDG&CD*~ zc;SLFHpxkV77dN+idP7oenZPV@@k)Y#5J{DLRzP()l(LrG$)CCiD{nRnC?Ii*kMW- zg1ULb#pgMG4aECNb?NT?3>y#ICKNsJc{P`2vlAqWppMHj63G3zU@|W<%TTlPb4VlM zlqacwhd!fxsQ}g>5jDx5fBK&6=ym>v!HGr{KpDCG;<%^4{>E|eeBbpt9N{%D$f7|} zmtFh~9F)mPpMD2spvh$$azQ2bgAx};j?R>Ahg@EGjtGIUX-WWOd!XgBx2Tz}$j%3} z45FhMl8s$u%zCbIVuSTZ4<>9?oj4>JD#|AwFbSmuflWpJ@Gtzqp|z%ojd#=n#->yo z!i@Lp*-#Gfp}NQD?c)pZQFOrt{LPRb55j`J7Z_g)Jca5;5S|H0tHxg$0s4}qXF}3h zJ;>-`q!MfZK5);f3EO4u-^h+4UKY8-XtiD7m^@UzVaj99Z$uoRLgT9Ans%k zVykd#$P?Y6NT9w6cmFc=3x9fjfnhCu^KVy0MBIVrabQC*5}P@u9#_NH1=GOid5t4M z7DMz#;1E73X89bmN{p*>v(Kj0bTNhaFjLJehxz^87mxv0D2IG2?VGOj4I??}QVcIr z8u$lwSv~au{4VOL2Fml&TD&>!y#Xz@GN(grPnB~F%*7OOsAT1LCr`T`5PJXxfLWWB&TB>fx&`GZK` z+U(fRY9K2x&`8^L4M-0}6)jn>Nk^G~5~ncKqq@YABbVv(BHP+=);giLM-0566F!T( zG6}os#~+Z6ev>_s=VSDOj^GY&M1)fEKl~(wvdmP;AFSWnAq7NTbNDL&KSj9!LUsYFIeKZiqHGdXoF%l1PjbiA}ns0zr@ zZ#G?F8uK()LZcvq{8Ad%8$Yy0okg=}nhevGnd7`-nVTV3(;bfo`dC~>3T~5rU@!E* zdpF6p*9`=Hb#!AGspk&9Kms-ApctrU9@F#VSvsPj?a>gJbYJQ5*Vp4K2fl9Pf{*CZ zrnA-zRN04tr_AJq4f4xDWFOaQ5_Zc-f1}A*XGjs@12l?u$BtuBTS)vdOVGToYRDEU zZvT^m)@42%OIwnmi>?dkrrXfI;%ugwRWu+*BDk5Eq@*i_jqQX_Gz6(GIc#t*6w^~J z6MVcf|24cX4i4~FjV8b0{AEXK_A%OI2sROjT=>nINLcay7)tmBv`0GZ46;+Mp@c+# z-uE`j996Ifj)%t;04n>l!lnY&8iyEZbq!U|B!~Wn?tJ4enljS^m4|i@-)FOBPuDna zf4iPBuSASX9u=gbk&L#hldFLq<+ z*=#n+W};DFsCnk-3{V>-{ttdFmQ4kn2hjw9>9E!`3hnMh#^EzSp5H&-D3LCa%|(&I z*w8p(RZrF>AL34|x0rszRl_m#*GY%kCH!iN`?PYo9V4<^Y-KH439lJW8R=OsiV&Zc zC3*$7$W3cR^qr3iUA>KrYg{1%^&gP*Y_dzXYS0@|r`Vo%70&cWyvI|&0WkF)Sph$= zVrD8ja|si<4+NWV{|K#U&oJ6?$pF7xgd+qC^EF-FVltwggl}P_cBo+V z31T(_<=lNk{!MseU>x>J1eC}6mUOjpY{+~bxF4oHbA(3FQ}_4xZ1p7$rbOYjFarJjfA7rPTgn4JxLx&O&&;Kj=4St`kXZG=(s-{I$Jnu)82os>0&^^q zSA2+pE_Q0CJRj|=mR#8w@SH8<2qSHJ6BKlKLo z>wUbi8uCAgJ_u4!m9Kt^73n=FCR5G{%q@LIH=F1DJjb_LZ{ z47&8-GrtKvO@V6gQZ|PX+)jxeCV}-$2~(F7FXgEp)HtxtnyO2q2ra^BPg+4OAq@H% z^MO3UAH6Y9e>05*=_#J5OU;0`_#$Oy#Si6F_5Unn&f5?+fk+PgLk%2f60?X;N~5$2 z)JUNMc3=kAFS!qF9GZFK4j~JGjMsJHwb-_|cnpor7J^%E`V8m7{d_fyxv;mj%ct-; z+JTko>RljGKOuz7@NSCpiAZqk4_?UX?pw+dC~BRaWp}mI;M!ZSq$Xs zU^+rX^B_j9<*S8Y^umqQETy~5)!|KCh}FD1@!8B8A^j2^A|;>!1)c1i)2n-E&%OvO zp=7XHLa6i5&FqkLFXNl&pVMz|M+u!HTgk!Uwdf+=C_z6Da21hGDrPy8b|W8#yftyk zVJJ|-?=sz`f|hBcUZfs@dhH{y^jF<^Zj%Wk%1WWI{)!rzu%#3+xecojHu(Jk-R`7K zb((8UIz8DFgS8iG&^H{_w7|Fk8&npQUF7R7N_+Z9{?>y)X$)kfyf ztK+=phE;yHZmcg)d*`6eICtcRJh)>a&_8v(q#SE*0gAkhy2tmbS!4UhF`!)v@2b%F z(a^zVusH2yqs$A*4liUAsd}c)WJ#Q~KX)T1P}38H#-{#;wklQFI4#~vZqzA9sinv7 zAoH@*?bH`Nm4~4gGoyA8$ntDra8EkEt-YBNAx46ajIZ&Pt#aM`iPUf2b}|Ag%o96|U6KHMoz z!~0wSWHdV7y1I?3!QlP775ACZBxfYxybnS!BmDXRl1i5{eKd6IC5L$I7xTPqWhAfjcJH zWaR>7OVweaehttLQrTr_;<9tadL5E2nFJC#tjKTysX~E}EPKz-rxaLAQeJc0G3xWYIM+R>XP zdKcrcS5wX3_yc&5fF5D~3Kh%XuO1oAkflEi-RoR&`GKVo+!T?F5bd!*4#lzfMb_gC zrDiPpX)iqwBd`A(fPM-nkd4X90ma8HVQzZ%Yg~6*H#`4kT(wJ@+s=@?!D%#??T|@A zh)HrKdlz2_dzX8tVw3A-X_`~#r6O>32$Y+uWF3RGN=5S8$~*f({3$Yh3*&_?&V2T# z)kh%Q+;-Kv>uYjEA;yoo;2(B=<+o|XM|F>GYhjF2FXbk|~3N|0K(bw%{qqyHv z4)5xf$t^r7#7W%rEGL?9G9L{oUtUG(=a76&*7LEoT)ZGJ@obp!l!&o$59Z2s8jlnu zRn6sjX+aVs@k|k9t!x)w2`6wA^C=M-b6{HEvD`g7@Hm--o(T0<`XR##8I>{1o=T(7 zlI&*h?vv{CGi6TI946iw&zXTWD5T+pOU_@Nt{B|O(4ZVB`cNTFJhHk?8X4H>tHGF$ zkKM*d+}Tb`?&l6p_F}0}H;?@UQ!y8VAu0(}lX`ODwH227P-Fr)E}`A@)su{>unE}q zR^qLNQbW0|oi8wO{j+DMa1cj_od^?9>;EGTv_;K1^{b!f?70`&cFbYia_B!m%uZGH zbdKA77abq+bW$3bUsrA?j$})#rF!hSezk2!k1>;gW+qE%7q)SrH`cl&?PY@Ro0ibO@O?d`71652KxNv|3@ zz?H?N#;?8>FM@JP^($g{uk+rmA^-C1gL zq(mc{`L`1Tg7bTE|Lpg?tci84caBm$6=YX3gL2d&!+J9XK^_R202Y&E*|X;5l4{^h_fj>ptrOPKlyO;=RSS7+E8tHp0=4)R> za*&^~LT@*nS-O6ql`3PSHF;G}IgJL8{KSJY_V1dq;?td=LQU68OBR;ag3N73PuqW& zbYuX)JX(12oZen$7X$gDV6q_M`P>K2pDbk4Ir(HtbI0y(<1^=ilBuK{B58@uykcV2#xxW zOC1t#-DUXW&n+|%@@AK_`{7Nf6WbBIgC40a!y&uPQ~_PN`aEIVm&jUKnwtJOz&S>o zIyOzQ_Gk%o#b&rE4PP}pOkJ+1hxdL9k9uf8HBhrU+A$XX7keF<^-6YzY(e;f`a!#F zV?OGcu(#epY0-Gc!P=?lHb~zqN9!72lL*5aDsq8%l;$2Kc(W#&1G{Q9DXCIe1*O8z zsk{C3)x516`onhR5g$D@ua=wZPm!d%`Hg~?CttrG{g7*Aty!s;xcBxAYY8xpinFT+ zzOVNW^X7W!q(|#7VvWt0#iU9hi-52PLV}@Gs;5gg$$Tg>?7i8)fpQL6#`(T6;B3CB+17cy4`KSPzqD$Jo27K6H)QN;@NPV*e zv5@8+7QPVl*@VCsn&5g1Z5hGJY0|Rea7|m8OP2bXrM$45JSK!GwmYhwq|AjPRFaZy zTt}le0`4(j#d9|Pf$7$pt3n3G+AC1>ojZJWw09u|n#pwg3TX7dW@F0LI(yXu0mj7o z{_tdH5Lw;M=tR&}X&Nyr_m_h0S4CV3EVmZT%#KxyBHr`ara^`>=$4)gZ?nL2xutu@ z@IBr)Nwfd_kas@0ox)9FTA;T!OBTi;RdjJ=^c<5SO$-PGlQU@-?czaqWb)4 zQrDqOUI?$;(c>IQ+IKi4zPeWHr_tzyKKS($>x*h0g9pZ0B`o3Das7p0!aLe{gkcZq#64>);-glg6a|=? zel$(>870C=N1@Z;5I>sqc6xK4tvY&Vml}Vz)S$9v@r)G`vD`s+tlTD5O!44A`@8SJ zUc>5a9H~k1ViL17-$Bp;N4mCv6wn<>5RKAWHjy+~XRfAMVkh(2ZqgsYsePTsD#<4s ztZjSQBzkg*t3&>PSY=&g3Y?EUjrwh|mxyvHF;1CA_0Fxk{J+UB71DGwA4@TV7YbT} zWf3i#i&TZg$_|4vlvr%Ik1x@fv8fEya?40RuLPVLvawjbPpWUJRil(52HU-f;%0wL zMKs{i_xwSNcwi+3)H+j~2bplz#D~_1c`N1&QM>m3%Z~z+svd1hWtP}|BC$+AAqQ)@5IetcQs_r|A?8FIw$<3h zjY(7SFEEFL=WoD8#1|6^s**~`X5VkHm_I$)^9$s#K~JOh zJm^M6BKT0zrVJHW*mm2N`Loch@z-r(^d>+50A^4eJ|U^digzgD&I2Ehtx8PilU$oE zmqH=))4LWUS8-WxEP-gN+}QEC!#|DId$OSNfVt?3keYZ-AVKi+ziK#_z|me0 zxe3!Y0fAC4Sc=m<&@1!DtBmOt0{65og2BaD*ainOaY|&UphCk zUyN;TZ;`DmthLM8fa7j3=A;+P0))ySnF#c3)ljdzcWwLH8CjeRx}5Ljoj!ROp3mPD zzWt~Frly$&DDVOPS))o_S#a5zft^UfB+Nlf-4*6>%Bm%bMF4kOt%}#dw0#A+mLqQ` z@Gyv(q)#)*)!DLNU?G_g#Ae;|%FQ@CI%iaGrs}H&yjQ(4#T4j(?k#%Jm6QLgbs}=Y z<7_@+DF->4h3O#QRly^tRgpkJqZ0bU?u>?Ww6QjGlcMa>9_;lJ9^4V%CSJXJO?cQMa~brshOZDj>jy5D z>)j_AjxpH5tKNMxdk6mqH8K*0kG{qcUE}@=@K61&T6=<(A{x%b&nzB8UGpF#P3Adq z)jbtvMPR&#_}^CM`xH;VY@TVXGnbr+V{3OM_#!E+$q zZl@6WuvI`pa4s6@sG|urVIj-e?OuV!TY}v@b0}g)V(s47D z!B1x_kXd^r^%0LvWl;|ce$m=hR4NhRj|G&F&M_ zFPLv8O3}5Ku%QRpe765?nJsH^O1GTcgXA<|6Z-s)|2rbQNgfr?Y9azxJRn&pt!P^) zD{ot=H`YF(lg_gf*t=#x)wn~Wki<^UqCUoXG8vXc>dc` zLpCG?!ZE-9gzj5gma!J`%bJsk=@&n}X5QE24*zVI_@Nn2N!CSMB6g06YXTmKfZ802 z;jwPk#W*!x*Nxzg8Ufs=Sckm)+-k#+4dRm=nLVhBqYiIl9PU%3EoTp6VCyyzYz2dr zCkKpgIOyANHaypO0N}Y3D&AORqY4!<1_7RDK!=-@7W>3C_uI|DjNOz~ll2;oIfeat zMQ|?Z7~?~@?|T;IIBBb+IP6u#i+49_L1L9=C;U%5g)3Ss2(#D8H}(2;FEu^)xbbhj ztGb{SZY{l-QX=?c0YJy^wqm_!C7D1{@o+FC=ayL9ZE}()Bk4tdSZq+v_GY(t(Po#phaq=1>}aICK+@g$5yF2$Nsq68GY$(WRtnB)6aN5*Wlm(F zqPITH$;+?-QR$07Cz7ihRN5?lGxF=_L(J9JN(;Cab@s_$^XmGA_TIHAcN_1UFXwPI zHwYa*U7w?!qpMXRNZ;K#kad^gC^Y)G-(Jl`dQh2509^>Z{LosGCgS1Wa>A;cQLN5RGFggI;{NjH&cnhP*H>J*=Dj?TnYW6lz z5Sng{&5x;)A$}@BT5jligMwdf2JU&%-j0SGvebXLSXd5FfonjRzrqaA>nK|oPV$_T z#kcB6utP^cxLd|EhYTb^zQb+bkMyrn-A{U9$1dvF`*f4U+r8ZNU|g4~B6p{%;>tO5 zX78gwW!Hu{sG6Oe3n+~Vb)r+3{D)^!+)l78liPmMnzn(ngucY`G?;@Y?s3iW`!pp#Y&klEugalp@Ug%`UBaEp-hjPCJhl`$*Xs~I|?uQPX{As{n*;jF8Y1F^-W$xVNoX4C*T2o z&h~NO%P}fYGWi(MJFE*qhFy6Uxe;&5DzjP>PNN~-V|bsU^6wJ*JLj0t{y+9RX?F;) zL{KJjd){&ySa_`6M(3dx>GtruW#Hd~LZPpm1dMsHi7?=Ovl(v@dt+a1mx2c%y1X=ljirR%g#%IUhH-;fE64l26op2_n~adT)bMxH}(yV zlaK`2a}rg1k|`)WgpSt2ZNcn;s$xr1@7QQj3&wx+gdJ*)dC!1( zK1l2_GsAGNp>2ym$8fB6Wtwo8!&EaTH&Q14XX;tmq`EF-ivEz1I|QyVX#NP5G+nCp ziP2j7$uDnU_@BcE=lCP;Wict9GPy6d$|4!=X$@>n5F8A7ZtmF~>C4Ip`$j=Cr7SU}d@ zRjw={L+T`pKiD-YmDXxrmit23N>?-8yz|ItSot~}D?cGT(h8knhCN>r2$8i%14P7@ zH#?0l-MP{&rO9xST*GV-#zt$*8Te?tY8eHz9?Yg4?kNva*L!zYJ`ngSS|_n-F6;WZ zBU*=EiAx;+O!3{?X*l>G%I&}JKp-BYB`dU^oG6Sn9UV?5+IzXh%Mja4WiiDXDm`~n$xbZ{wDocKNYBNfH+?S( zVL19}T(J7>;LLnQ>TdreR%UtI9;D%sii+C1SbGcO%!}|<>Y6wKykEA~|Go=pDcUO@ z4~ERT{WX5Z|F0LloO47qo_UybkZQd9+gnEWsPn)=a(zy^i+0F1yd~v~kU+Dt87ERs z32c3(pG8*myg4%(^0c?e`0m5R3W^3s0GV}kfxlTqu^Zy`pW>mb1m0Q~t+aO1{VqkP zrkT(#H9bFKw$l8$|7Jt?m9w%X(M`P#OSe|@;vKx?F=)aLuU1P|mfFeHd2td4<>WOm zv!B;8-vu;SqYPgQ(T#dPpG&Kd+M<|HGn+#^2wywdZY%X^b{f}KwUZ71OuCAdoaa;p zxi;C(#wQln;@qo_IGjOUGSrMW)6>cx)WjkWB<&|^0IPoMh5b-0V~bN@|9O;Z<#CIH0_A*Qz^zG>;+io zA%3oJ@5<}xV*P9PQ}K->q;F30V>_W{sqK76nis+*`+G%>>htizy;^~@IeUy3Yl{kw#n+~~kGhs}i*n8X)@`P-Ii~;`0BjxGz>v5Jv9F8d}8YaQg4AFhjq21FN zV3az>ydH5bg!1gst;R~MBg)MC2(sNXl zeWmk(e0UkAi0_-vz@_CZ^ej?j2;CWax1-G^u(yfX`KF0`)hxtioFnC6b3&t%7JH5! zq%ltQ!~tGlGvO^Pxqk*847ra!e&&ph7qs+BCsc$#}5aQ*~j<0fD1}l z!ZswC+uW!p9THzk@naU%KH`c;-~AKiqXxs0HYa^cd`XRne&`KXE~+)0Wl8qNL11_pq80r;ywdXd^LQ;y#~NZ5l$P zg(>-&tzTK$LbMHOLJVM@QdCxF#x+C$)svngylNHIb&g*;W1n{Gr-IPp!x zD{N{yOv2P|hdhPvu3bbN!3K@Pqw3kxj4=VJ*77tsAGinf{BiJ>d!Orq zHMCD?vr+kcRl7BuT9>_ZO$|eMY>JFxGApB;1Vio19P{n#=<*b^0etkK6M+qkieIdL z0Bq5DDq;OG#SyZfD&^%_{RUdh6}`!(N+dP{x?OuSPfZsDlU}u{^8rzv6u4}z*Sx~@ zY4ju}MVm3Rl(ez5IUwXeYQBnq?>`LE7)8;>J<#a6%@b<x zV^V`N6_aPTM)vY;x|klgPZdl!uoYhm95A(LHz6J zf~VQlqR4eXDqA<#~CblTFD3PrmoqeE|0ER+p$ zWu0J1DFt&IBRCE_T!O`#|IW^#y1fD@wr}lx$D;Oa@QG%Cg(fG0q_=#;)_0qjCnz?c zBtA+zcsF~(gx6y`S4n%@GywJ^?){|ZFsq2(nuOI;oJQ`g>d4ef+HLBe1gxT7olvzk z=~L`b1Vx@H9~??sektm7IDZkA{k5fIsLeY5r-2bmrXbd_mWGaV1!7P0eg!c2u%@~i zobk91jrO8Cx{if#$sxSSKkji$*wPc98RHlbcoz`5GzeFj2OY@l>Ld(Pnk>jvpf#>C!N#D{DLGi3+!Wa9?an9cwW$uCA8V&ih?e{E zpm;^Oan;tqwniP55=3XpzI$NH0E^9`CL2Ps2GTt))GH?v^(Qhz^dV;W44=cHyB#x0 zxWjk|?`HNfLuTMS^njuLb9uuxpux~OubpkRnHVXhA5I{qxp7&LW`JHqEypLkmf8LD z1A2r4muW_#Klq}fgu;MA7}!opMZ`)i=GxRw{bdCM^#_RjA`o^?PG4 z-F-na4!=xCM7YC6|KnVQPBk_(QUMvmi;sW7@&dCKl>kz~KUJ#YMXbIx5`~u# z4{^W|e$8L3W6ngnf=SB-BEpO0n1O373cy@h_}r|zAhS!&%nYgA(n?xdcrj^6J_}e9 znmR5h9kx=3c_pbq9~RTM^4=}26SR|*mU0wc>u&=mt*fayC(_}Go9(X`A4A+c-LkAn z#lzoIRJ8vXiRxRIbqxPw5ufZhGesPn)hU9HpyZ)oW~{^`$~%wyPlbh~e9f-NlU zw|H9wnj<>M4^)u7-myJBS2$^hQCgf&jA+Z{wcWbRtfs#&UlKLCWcu83tok2R@V@0( z4vOI6RKB}5bjBXDay65m(^);;`%hTlKdzSb1JPCq#xsYK@A8X64oM*QqScP|;ji2^ zss<6C#=r45Cp%HhQf1E-adAwyh*%CM9Ksq7D~sNsn6+H`ocf&$`yim-J5TAdy@$&W zbgI8mGY;Ej`4Gq=SA`QH%RO?Cap>Lk8fyN%Sfm0eqmA^Hn9Hxx8Rp{$%8PtIU;j$( zDr(ybbq;ik?pmjRaAml6PXu$}r6-Jx@ml8_?+G-1$gA0+WZ3}2*DSKB|7?s2d5 zm&i!1o#@@N9?<%GnNyzDL^}8awAX|*&mG0COz^a=?ma+zaeM5&=-J+`i63p0Z(NM; z>J<7V4qyBW>`Kl{)*77m$NGyPR8jW5lC=lcbw(llxuRn~BV?5hmFpf^G>_fpuKf*z z#}Q)a9S*g8*Fm&|;$zmeMdE4~Y+T2a&mb_=PtJNM{`TimlZI9; z-?6C|>!okGoo%^jLYsCeiDmm|o>){`G8+2*l}#TK?csEnfw}mU5%foT{AUE^pO7CA zl=HD=m=e?lmAufb27Sp3f_gHJFJb$ero}3iX|@0o3Nyi8U5d%#*Sy+G>I!`?A3Yg_ zHWCY)%@WvO{>OsQS#UG7%sd4(M1^IFjy&2jC548De5&q%o$cGqUwWL_vR7+jwK9T8 z_ny^J@^bIsMCi!(Ts!-RI*EQT)TyVa{8`Pgwb(L%sTR#Mi#6N~dq8M`LbJS;S-I3!}FR*bEA8|-d8e}H^1eRE8!R@F@ZsSgDGmAR~ zffYN^wY75irph-&*lSpSj09TiiORwhk{ii>I2sSVlv1)|k}uGSEv~-l&w_E_Cv*=m zno$brxT?geJwkfL0L!KVXt{cREmUe(K_-nC7zFrW2`%kZvMDU*Yi);+rmgpMbWp`z zOsf9sDw@5+w3zT~m;uBP$kLWD)^(BB-Hg%4hw?%d=V2!DZX6Ni#^Of-n9_tW!kMCH zBmTm}OUB!Qnt*(|hJPqLb85k*p%q0a`r=q zOk$B2G@K@VN3U@AN+{k-_V45M*WKyU#oUNqoO`>RoF;1ko3-)%u!++=9lE0(`yPwp zstAXvtfvdevzC=R+`HjiVQmKsyRA@N*uU8^le+7HrS=^K52`(Vv&*-%N~s$L)$m#q zP3dPFnl!Gjfe;t_`9bJ!QLSPhlG3$eACxZKIhM%Sv{U|lKrMv*VF4|_o>fuO4E(S3 z!S9cYj`Hc@0m=XnA>K_SB*MmB@5?K`&-v)@_3h0KUsv?+r|MUmVUp>s!%hb1r`;OY z^iHy=_TZM+i5qzrHe}#7jqc>~$>)4RIu}?xF8gQ-DK9NED3Xk4`lw?o8(M7O;=f+=l?Y*eTi?H(; z>+n5A8C#lnQsTBY9{6^`9#>dvfsw*Bmtc zzG8S;@90AAUi0Se$aC*Cl*rHWeKDEj>}{sXPf-`9gv6_oQC4R*ej>|K(4Yi52qDJU zSJ4yK`XB^Ich_b{_ev%O&eH0oRrX@dZKU*|TlNXp+Z^wd5;5}xoBQ39HDk@p^Fq=T z1I4AyRZW9>Z36)7?%eG^7%tDd6s({YkkWi`x1yUW`9YwpkN_QQHlWJvoK|%o#cE4g zChMo^X`+@5yY7xfbO?^?Y&y350)>KYqs@0~4MMJJ>yrG)m;ZE}8OEXAhx)TtTB|b> zE~b9XJDsVJQ$7{2<>rO+R8}*9hxnEXI`cmt5dXP%L7WHy&9l%OBHiJHnP-S}9Zu!b zi=PqK*+Q;^k%Ib1<;G$?0*)jwfqstnMjM{5S)_keTZWS;tJ|x&JUc^jv97v(dn-uL zwx%0MOGcBVVkr|=xGSPNnfi)W-W9<2`I)^#ts`x3D^Sye^-$Vce@6aX`_^|O?hY3v z#8?|zPkxqpUqJ<~-qg(-?9})bIqviXizBeW&=_a0Xcx7K{ZLGb<_OU6F4&S7ni&{zq`<+FXl&P!1i6-8AQX(Z zQWDv$S-TI%gxJ^Ecv|Y1J+RLTRjf0uw9ApsvRh?S<+~9mE~fA`;W}^|bG?kM$tN5Z zHlQS=T_JGus7{d81>Kq$zJ9(N0$d@)3maJfo?VCH7|d*5p~O!0N2-xd`6uyu-32Vf z|4p|7gOG_>V&SgvOx7D#LOInEn}E=|pZUPYeS{Rzd}BWP zmCE9o4f?H)>vtjxz=E)Kqow%8DLRan<$wNOOnSbm-R{0F|4frQF3O?nrg?8Q!hDc2 zi&39!KhbXUmUn1+7k9CRstc3-=2>GCI$PrH;mozMHTeX3m8)o#57|B@ej%Lw0>=gR zG4d{e)d~LozW?m#l>Pd;RsQ~}UjE*i+}^M@ogtcoc}bBRp&#|kc+|ISU+nOpnRy=h z@U?ZuK=T_|X$qOx!rzWq0kynNS^*)Nw3T4-3o6QWyM!$^Fn`T4!BmBDc2`D&_)MLL zW`M82{T)^aWy`h;Sqb~mVgaB%w-@Nu@*FKb!3ht!T0*!l$h7%y1AY3JKHh|4!LYKe z%jx-q!8nx_W5TeHI5g+?K}dOofP5ywfg|&++fdjsCi>^= zNwgK2QsngwqFefVW7T7>xhj9zFS+RL!fWP;RYRfPt(l1Ay^Y8=5vh&p5J4^P*;Ml6 zFT4azY@j&B?Q-!^=@ZO*`a?E)`z)%P%h%x=bqX5K2sh_w_k-W28!j=>yUlb1vnUaI z1e*EbO)E1q(?_}EY-x}3<_m4N2!^gz$H3V?3Y&deIWlo=3~3y76$TqPTB@^es-Uqc z4D~v=L{QZ!4oy-kg8z0LhgJteMDCIqNNd|!hE|wI4tD^X>2O^$>QxH$iPx^%^u0}E zAILQt>znj+kRxlKaJbi?5$@3-P#=uj9OxVAr&jEiFsWgv3%-qLvUUTAS~vxzYTlFy z^(}>iww+QS{lM>am9^%*TbH#KkRz6xQfO$QfHf^eEP}s`&FIdzv}bh|oB{g{;uV== zAqx4576}=Qium=l@Tnt`!?DS%m0klXH&rl^7SQ1lh!bjA$nm9UNRs+~3YR8P!ld_E zuzb#}1Lt)U#JSflv9@*=DIpm0vqQX%?e4cb+hyKlme6PwS;ZkkGs^Qk^_aMIt3yH_ z2F0rBRz}Ty++n84<0g*QiPNDFS6?QgnFukn&}`N;Mj&(>hwK^#XRH#)3ng1 za%9=!6r-KW0suDq&KX;PUHw#zBPQdOmxbAIhFFG-vrsyh8q)1uZH!CXcl-bAd7u4# O?_EWcZwH!#1^PcLlRx+X From ff7fc68382bf1359adc31bd65bb6786b7f63e31a Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Wed, 26 Oct 2011 17:15:36 +0200 Subject: [PATCH 02/14] oauthapi: authorize app --- include/api.php | 5 +-- include/oauth.php | 1 + library/OAuth1.php | 15 ++++++-- mod/api.php | 94 ++++++++++++++++++++++++++++++++++++++++++++++ mod/settings.php | 18 ++++++++- 5 files changed, 125 insertions(+), 8 deletions(-) diff --git a/include/api.php b/include/api.php index 252caeb8e..2de965681 100644 --- a/include/api.php +++ b/include/api.php @@ -1158,9 +1158,8 @@ echo "oauth_token=".$r->key."&oauth_secret=".$r->secret; killme(); } - function api_oauth_authorize(&$a, $type){ - } + api_register_func('api/oauth/request_token', 'api_oauth_request_token', false); api_register_func('api/oauth/access_token', 'api_oauth_access_token', false); - api_register_func('api/oauth/authorize', 'api_oauth_authorize', false); + diff --git a/include/oauth.php b/include/oauth.php index 63d5fcd92..506172491 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -101,6 +101,7 @@ class FKOAuth1 extends OAuthServer { function __construct() { parent::__construct(new FKOAuthDataStore()); $this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT()); + $this->add_signature_method(new OAuthSignatureMethod_HMAC_SHA1()); } } diff --git a/library/OAuth1.php b/library/OAuth1.php index 67a94c479..604945265 100644 --- a/library/OAuth1.php +++ b/library/OAuth1.php @@ -85,7 +85,8 @@ abstract class OAuthSignatureMethod { */ public function check_signature($request, $consumer, $token, $signature) { $built = $this->build_signature($request, $consumer, $token); - return $built == $signature; + //echo "
"; var_dump($signature, $built, ($built == $signature)); killme();
+    return ($built == $signature);
   }
 }
 
@@ -113,7 +114,9 @@ class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {
     $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
     $key = implode('&', $key_parts);
 
-    return base64_encode(hash_hmac('sha1', $base_string, $key, true));
+
+    $r = base64_encode(hash_hmac('sha1', $base_string, $key, true));
+    return $r;
   }
 }
 
@@ -282,7 +285,12 @@ class OAuthRequest {
       }
 
     }
-
+    // fix for friendika redirect system
+    
+    $http_url =  substr($http_url, 0, strpos($http_url,$parameters['q'])+strlen($parameters['q']));
+    unset( $parameters['q'] );
+    
+	//echo "
".__function__."\n"; var_dump($http_method, $http_url, $parameters, $_SERVER['REQUEST_URI']); killme();
     return new OAuthRequest($http_method, $http_url, $parameters);
   }
 
@@ -642,6 +650,7 @@ class OAuthServer {
       $token,
       $signature
     );
+	
 
     if (!$valid_sig) {
       throw new OAuthException("Invalid signature");
diff --git a/mod/api.php b/mod/api.php
index fa5e43de9..bc5de0340 100644
--- a/mod/api.php
+++ b/mod/api.php
@@ -2,7 +2,101 @@
 
 require_once('include/api.php');
 
+function oauth_get_client(){
+	// get consumer/client from request token
+	try {
+		$request = OAuthRequest::from_request();
+	} catch(Exception $e) {
+		echo "
"; var_dump($e); killme();
+	}
+	
+	$params = $request->get_parameters();
+	$token = $params['oauth_token'];
+	
+	$r = q("SELECT `clients`.* 
+			FROM `clients`, `tokens` 
+			WHERE `clients`.`client_id`=`tokens`.`client_id` 
+			AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'",
+			dbesc($token));
+
+	if (!count($r))
+		return null;
+	
+	return $r[0];
+}
+
+function api_post(&$a) {
+
+	if(! local_user()) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
+	if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != local_user()) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
+}
+
 function api_content(&$a) {
+	if ($a->cmd=='api/oauth/authorize'){
+		/* 
+		 * api/oauth/authorize interact with the user. return a standard page
+		 */
+		
+		
+		if (x($_POST,'oauth_yes')){
+		
+		
+			$app = oauth_get_client();
+			if (is_null($app)) return "Invalid request. Unknown token.";
+			$consumer = new OAuthConsumer($app['key'], $app['secret']);
+			
+			// Rev A change
+			$request = OAuthRequest::from_request();
+			$callback = $request->get_parameter('oauth_callback');
+			$datastore = new FKOAuthDataStore();
+			$new_token = $datastore->new_request_token($consumer, $callback);
+			
+			$tpl = get_markup_template("oauth_authorize_done.tpl");
+			$o = replace_macros($tpl, array(
+				'$title' => t('Authorize application connection'),
+				'$info' => t('Return to your app and insert this Securty Code:'),
+				'$code' => $new_token->key,
+			));
+		
+			return $o;
+		
+		
+		}
+	
+		
+		
+		if(! local_user()) {
+			//TODO: we need login form to redirect to this page
+			notice( t('Please login to continue.') . EOL );
+			return login(false);
+		}
+		
+		$app = oauth_get_client();
+		if (is_null($app)) return "Invalid request. Unknown token.";
+		
+		
+		$tpl = get_markup_template('oauth_authorize.tpl');
+		$o = replace_macros($tpl, array(
+			'$title' => t('Authorize application connection'),
+			'$app' => $app,
+			'$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
+			'$yes'	=> t('Yes'),
+			'$no'	=> t('No'),
+		));
+		
+		//echo "
"; var_dump($app); killme();
+		
+		return $o;
+	}
+	
 	echo api_call($a);
 	killme();
 }
diff --git a/mod/settings.php b/mod/settings.php
index 84f66d263..da2b57cd5 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -339,6 +339,11 @@ function settings_content(&$a) {
 			'url' 	=> $a->get_baseurl().'/settings/addon',
 			'sel'	=> (($a->argc > 1) && ($a->argv[1] === 'addon')?'active':''),
 		),
+		array(
+			'label' => t('Connections'),
+			'url' => $a->get_baseurl() . '/settings/oauth',
+			'sel' => (($a->argc > 1) && ($a->argv[1] === 'oauth')?'active':''),
+		),
 		array(
 			'label' => t('Export personal data'),
 			'url' => $a->get_baseurl() . '/uexport',
@@ -351,8 +356,17 @@ function settings_content(&$a) {
 		'$tabs' => $tabs,
 	));
 		
-	
-
+	if(($a->argc > 1) && ($a->argv[1] === 'oauth')) {
+		
+		$tpl = get_markup_template("settings_oauth.tpl");
+		$o .= replace_macros($tpl, array(
+			'$title'	=> t('Connected Apps'),
+			'$tabs'		=> $tabs,
+			'$settings_addons' => $settings_addons
+		));
+		return $o;
+		
+	}
 	if(($a->argc > 1) && ($a->argv[1] === 'addon')) {
 		$settings_addons = "";
 		

From 69e41f7703bff03dc88e7181961a717ae41330c4 Mon Sep 17 00:00:00 2001
From: Fabio Comuni 
Date: Wed, 2 Nov 2011 09:54:07 +0100
Subject: [PATCH 03/14] oauth: authorize view, wrong verifier.

---
 include/oauth.php             | 24 +++++++++++++++++++-----
 mod/api.php                   | 11 ++++-------
 mod/settings.php              |  1 -
 view/oauth_authorize.tpl      | 11 +++++++++++
 view/oauth_authorize_done.tpl |  4 ++++
 view/settings_oauth.tpl       | 10 ++++++++++
 6 files changed, 48 insertions(+), 13 deletions(-)
 create mode 100644 view/oauth_authorize.tpl
 create mode 100644 view/oauth_authorize_done.tpl
 create mode 100644 view/settings_oauth.tpl

diff --git a/include/oauth.php b/include/oauth.php
index 506172491..b84309207 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -5,7 +5,8 @@
  * 
  */
 
-define('TOKEN_DURATION', 300);
+define('REQUEST_TOKEN_DURATION', 300);
+define('ACCESS_TOKEN_DURATION', 31536000);
 
 require_once("library/OAuth1.php");
 require_once("library/oauth2-php/lib/OAuth2.inc");
@@ -62,7 +63,7 @@ class FKOAuthDataStore extends OAuthDataStore {
 				dbesc($sec),
 				dbesc($consumer->key),
 				'request',
-				intval(TOKEN_DURATION));
+				intval(REQUEST_TOKEN_DURATION));
 		if (!$r) return null;
 		return new OAuthToken($key,$sec);
   }
@@ -75,7 +76,11 @@ class FKOAuthDataStore extends OAuthDataStore {
     
     $ret=Null;
     
-    if (!is_null($token) && $token->expires > time()){
+    // get verifier for this user
+    $uverifier = get_pconfig(local_user(), "oauth", "verifier");
+    
+    
+    if (is_null($verifier) || ($verifier==$uverifier)){
 		
 		$key = $this->gen_token();
 		$sec = $this->gen_token();
@@ -84,13 +89,22 @@ class FKOAuthDataStore extends OAuthDataStore {
 				dbesc($sec),
 				dbesc($consumer->$key),
 				'access',
-				intval(TOKEN_DURATION));
+				intval(ACCESS_TOKEN_DURATION));
 		if ($r)
 			$ret = new OAuthToken($key,$sec);		
 	}
 		
 		
-	q("DELETE FROM tokens WHERE id='%s'", $token->key);
+	//q("DELETE FROM tokens WHERE id='%s'", $token->key);
+	
+	
+	if (!is_null($ret)){
+		//del_pconfig(local_user(), "oauth", "verifier");
+		$apps = get_pconfig(local_user(), "oauth", "apps");
+		if ($apps===false) $apps=array();
+		$apps[] = $consumer->key;
+		//set_pconfig(local_user(), "oauth", "apps", $apps);
+	}
 		
     return $ret;
     
diff --git a/mod/api.php b/mod/api.php
index bc5de0340..5903caee6 100644
--- a/mod/api.php
+++ b/mod/api.php
@@ -52,18 +52,15 @@ function api_content(&$a) {
 			$app = oauth_get_client();
 			if (is_null($app)) return "Invalid request. Unknown token.";
 			$consumer = new OAuthConsumer($app['key'], $app['secret']);
-			
-			// Rev A change
-			$request = OAuthRequest::from_request();
-			$callback = $request->get_parameter('oauth_callback');
-			$datastore = new FKOAuthDataStore();
-			$new_token = $datastore->new_request_token($consumer, $callback);
+
+			$verifier = md5($app['secret'].local_user());
+			set_pconfig(local_user(), "oauth", "verifier", $verifier);
 			
 			$tpl = get_markup_template("oauth_authorize_done.tpl");
 			$o = replace_macros($tpl, array(
 				'$title' => t('Authorize application connection'),
 				'$info' => t('Return to your app and insert this Securty Code:'),
-				'$code' => $new_token->key,
+				'$code' => $verifier,
 			));
 		
 			return $o;
diff --git a/mod/settings.php b/mod/settings.php
index da2b57cd5..ca9b4bd54 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -362,7 +362,6 @@ function settings_content(&$a) {
 		$o .= replace_macros($tpl, array(
 			'$title'	=> t('Connected Apps'),
 			'$tabs'		=> $tabs,
-			'$settings_addons' => $settings_addons
 		));
 		return $o;
 		
diff --git a/view/oauth_authorize.tpl b/view/oauth_authorize.tpl
new file mode 100644
index 000000000..6bcf9802a
--- /dev/null
+++ b/view/oauth_authorize.tpl
@@ -0,0 +1,11 @@
+

$title

+ +
+ +

$app.name

+

$app.client_id

+
+

$authorize

+
+
+
diff --git a/view/oauth_authorize_done.tpl b/view/oauth_authorize_done.tpl new file mode 100644 index 000000000..51eaea248 --- /dev/null +++ b/view/oauth_authorize_done.tpl @@ -0,0 +1,4 @@ +

$title

+ +

$info

+$code diff --git a/view/settings_oauth.tpl b/view/settings_oauth.tpl new file mode 100644 index 000000000..87fd6d1ee --- /dev/null +++ b/view/settings_oauth.tpl @@ -0,0 +1,10 @@ +$tabs + +

$title

+ + +
+ +$settings_addons + +
From 9b1a49806150f028ad2b33e96dd60ea33f7a86f3 Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Mon, 7 Nov 2011 17:34:29 +0100 Subject: [PATCH 04/14] allow hidden fields in login form --- boot.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/boot.php b/boot.php index b846bcd08..476f71a48 100644 --- a/boot.php +++ b/boot.php @@ -651,7 +651,7 @@ function get_guid($size=16) { // returns the complete html for inserting into the page if(! function_exists('login')) { -function login($register = false) { +function login($register = false, $hiddens=false) { $o = ""; $reg = false; if ($register) { @@ -682,6 +682,7 @@ function login($register = false) { '$openid' => !$noid, '$lopenid' => array('openid_url', t('OpenID: '),'',''), + '$hiddens' => $hiddens, '$register' => $reg, From 967f8b575e8ea3f9710dfb092ff993459edc2ab8 Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Mon, 7 Nov 2011 17:34:47 +0100 Subject: [PATCH 05/14] New icon 'plugin' --- images/icons/10/plugin.png | Bin 0 -> 471 bytes images/icons/16/plugin.png | Bin 0 -> 649 bytes images/icons/22/plugin.png | Bin 0 -> 844 bytes images/icons/48/plugin.png | Bin 0 -> 1663 bytes images/icons/Makefile | 3 ++- images/icons/plugin.png | Bin 0 -> 9448 bytes 6 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 images/icons/10/plugin.png create mode 100644 images/icons/16/plugin.png create mode 100644 images/icons/22/plugin.png create mode 100644 images/icons/48/plugin.png create mode 100644 images/icons/plugin.png diff --git a/images/icons/10/plugin.png b/images/icons/10/plugin.png new file mode 100644 index 0000000000000000000000000000000000000000..6cfc407864679d175916b9703ba1225884998380 GIT binary patch literal 471 zcmeAS@N?(olHy`uVBq!ia0vp^AT}2V3y@T|W;X*;Ea{HEjtmSN`)Ym%P6qNBi-X*q z7}lMWc?skwBzpw;GB8xBGB7kWGcf%852S(Or3MTPuM!v-tY$DUi04m=Kk5cl%ar8p z?!xfDz5mR9Adj=aBeIx*fm;}a85w5HkpK!_@N{tu;kd4QPTP+;P^97E|9jQ9&M7mi zsP5rvT{4q}U1y>7iX)Q}3L-u%5eg4%I{cACLM$M*)k#ozEIoF%a7hafBTrtz0=Dp)b41u>vZ$a+_6vdzP!a)*qtNJ@>{EqTlZ(K-+XaiIPV=H)}u|jvu0kbW%$Q?+%k%g79fwqAWP(!o-g(E->44$rjF6*2UngH)zrltS@ literal 0 HcmV?d00001 diff --git a/images/icons/16/plugin.png b/images/icons/16/plugin.png new file mode 100644 index 0000000000000000000000000000000000000000..b11d9208210b0cba5a0a3efe5a9a55fe76f10dc4 GIT binary patch literal 649 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!60wlNoGJgf6SkfJR9T^xl_SO6joDAeM76-XI zF|0c$^AgBWNcITwWnidMWngG%W?=aFA4mhmOAQzpUL`OvSj}Ky5YL|!f7A`AmMO{G z-G$+Qd;gjJKptm-M`SSr1Gg{;GcwGYBLOtJ$zBjlHWyC$(B0xaJv@K6z|^d%@7MUOJb9qcvK@Vx{ie{ll}4auGt@_Pu?sP@_Tt0hx_iy-fx9(vn&3Ks9nN|tZU|^|hV4-Vh8DeB)Wn^JxY@lsm W1k}*%f8hvF1B0ilpUXO@geCxE5CuX2 literal 0 HcmV?d00001 diff --git a/images/icons/22/plugin.png b/images/icons/22/plugin.png new file mode 100644 index 0000000000000000000000000000000000000000..cf4421125b50463be38b28572f2696db04dff091 GIT binary patch literal 844 zcmeAS@N?(olHy`uVBq!ia0vp^Vj#@H0wnYHF4+L2SkfJR9T^xl_SO6joDAeM76-XI zF|0c$^AgBWNcITwWnidMWngG%W?=aFA4mhmOAQzpUL`OvSj}Ky5YL|!f7A`AmMO{G z-G$+Qd;gjJKptm-M`SSr1Gg{;GcwGYBLP(5>gnPbqH%uf4xKD}(4QKsDXh`Hw?U#{v9-KO%eR-$@q^F;fDt|_;Rk53QX zRX0P&N#nM5$2R|Sb@43P1{`4vH>>xwGB}+m_u8Zt>=jdZbZSPye%^wfBUg@Yj}QO( zgF)h??CPrW#~U`s*BBhzXLWts)OkF2IO2EBme2b%t((zc*^;gLva5m%QysKxO}^z+ zFon47b$8fx z?E@NCug}+I%das@b2Q%j@!s5r{wsV;J>pibER{K4q~m_&+p@X4^V{7oZwrg6EW7u5 z)->JE8+)1zi{{J}4odtj#>J>TcSCen(4%L)PyL?M>g_Lm=Q(%d#)BKAmItgl!m|Fz z@*k;{pPpq%H~g6R#NA$QM$x3LlY93n|K!%#S2UUZcj_&l|5B$8zq0OG>f|UB zsooctu6ftKpYC(FNi#O)UDRg>o`jw?6~V>Z3-)nDviwgwHFc7B^;TsG&5F8b8<#uR z-xp!-(h*_%@FC*TclpQaT)WS%Tkf5F2AIlJOI#yLQW8s2t&)pUffR$0fuW%;5E+<< z7@AobTUr^JY8x0@85mre=&~C{LvDUbW?CgsgMp>4frYN2Wr&fHm63&&v4OUM5l}<3 S|Aiw!4Gf;HelF{r5}E*Jn_pJ| literal 0 HcmV?d00001 diff --git a/images/icons/48/plugin.png b/images/icons/48/plugin.png new file mode 100644 index 0000000000000000000000000000000000000000..c74c6bf467e545685de34ba34483ece97baa7481 GIT binary patch literal 1663 zcmV-_27vjAP)Px#AY({UO#lFTB>(_`g8%^e{{R4h=>PzAFaQARU;qF* zm;eA5Z<1fdMgRZ+0%A)?L;(MXkIcUS000SaNLh0L01FcU01FcV0GgZ_000GeNklXBR7^z(1p;kj2qHoth#CzaCWM3- z6Y<9Y35n6DDDe+k%A*xXDUYIn)k4dog_agdff;7ndEK-9n3>M&j&=xNhO<6yvhU1Z zXYalC+2;b!*8hG{T(d&MNN|LW-O~P42pELqnXZpXM;HSubS-V0yni<#0@cj;Dy9x? zdRKi#7}UQ5h6KOhDe2j_1ivOgAYx5B(1^BT6j;1gnG^=A)XBXfC;LQrSpT_{Skq06 z8vXDyHPgx#SfE3P4h3|9bKWim^-FEv0c5!-^1+0#9A~79E)KO9C;( z)Sw<$C-@fYut0|jrN0Ie1_;bD)mc&0_`2f>BbbRI>!UJ}sY?|qR45PuC{Uq6gD#C3 z&2!J-;FA!P;3Uo!8FMu0cO9u=^3$+l?JFOjwFOraC14bSAts4rl?4R+(hP#Z00b0h zl3o;JTkvw?HP{R&E6@F0Vx;<8II@%+h=Rn}OJCnEgk_X63ra*Q3TpoHObdS#k3a!v z=Z)*9&X@QdMr(xuFb%dXKQhDlp|*PsuZE=Xw}M)Bt#h{iOOfG2&zkBHx22GX1w(>q z{OL^%czmFM7paCOHL3SQ_0dcA72A~(bArHLoC~f@KLW3W5kp|W5JNgwR_UEHlN=Sw zFr6(3BG8cRDcLcpHeLh-00thcuN~RsHHpCh8wJOgHp0<5-xAUKBHjxInMXhXQiggK z3TtGa@~zAxZS={>&*$1kLB?xEK=aN&w#UAQz;ROa7IxCKmDmuTWd;cMz1?V7-CA?> z&}tSk&W%Bev6nurgWJz$qN49njpFg{CB!fy;KK-K`P?M*Y^-_ysuYY^NEl>wyj_{w z2A4k*CIsK2*z&N9vq%y`5D*~go%Qz|>V54-ai!KL$&`Zf&TcvjTQGYu1Y2<&XJ>fk z38^3w0)mm`D9caBqs^yt8e~)>G8l#!a&J{-N+-O*qbG*oFeVMRS0Gt%So4IQhHt{1 zci>I$SaE1@k0B(5!yw41HRYG#2vt9dU>h3IzQ{L47@|Kpeq99yP3-e4!g%gb)}R7&7M0Zq8O@aAbxqUI-p}iuK3x?Ypdh=3kfqHPAO8 zFeI`%7S^K+G7iCV>__S*$437-LoqT8j8K9t`mTa;>>P81g1fb>23n|z!sHah7l^SNe%J<<*N&$n^*vB3V@-=8MQxjGr=G?^+mu% z-srfaRU`|$N~$cqOz|kB$hy9z7S4fQ?xIJggzcmH+y?U|VlZj$H>ze`L*KyMn~h9Q zTF0u&lpe#B!l3MnTTkI(xK0uv2o%ck!5>pkn59V4U|Z>-F}L9!sC)C7>_zwc)fsI* zMG}WW64S)G%@^=Ekq-o6YVCdV>b%1#c5AOC9ImX^wN-i-JOkgq=`R@olG^f4Pxe{D z_DYNq-Sf`q?J%AO0bw{Yp+{E-UFc23ecZ2100LUfTLV6DBJQ890jz%j@}$LDA;TDO z0000bbVXQnWMOn=I%9HWVRU5xGB7bQEio}IFgH{&HaasoIx;mYFflqXFw&7ky8r+H zC3HntbYx+4WjbwdWNBu305UKzIV~_aEipM%GBP?cI65;hD=;!TFffBp(8K@$002ov JPDHLkV1i7n)+GP{ literal 0 HcmV?d00001 diff --git a/images/icons/Makefile b/images/icons/Makefile index 39428d154..a39db119a 100644 --- a/images/icons/Makefile +++ b/images/icons/Makefile @@ -1,7 +1,8 @@ IMAGES=add.png edit.png gear.png info.png menu.png \ notify_off.png star.png delete.png feed.png group.png \ - lock.png notice.png notify_on.png user.png link.png + lock.png notice.png notify_on.png user.png link.png \ + plugin.png DESTS=10/ 16/ 22/ 48/ \ $(addprefix 10/, $(IMAGES)) \ diff --git a/images/icons/plugin.png b/images/icons/plugin.png new file mode 100644 index 0000000000000000000000000000000000000000..943be0d93e488ad9518cff974d464b2d0b8f25cf GIT binary patch literal 9448 zcmZu$by!nhAHRe!X=QW`8PeUIqa+*+O2cSLMS7GVDltMrTInw7R=NeGMWh9kZrgQXo6;ArQE9ec4esF)`@36i9BOXoBzfznF7l z!t$b`2QF9q^PHz!PS=NT>Skm&N)Iz?M)5l!M9FGGND(wqks{;0A7Q;cUsrzd%7+lZ z-2pO4jV-g+H47GS79=gr^`Ha44ZwOiNeBTtw9-5H=_7ARw-r;LVxhyaI=th>A3@Mi zK;AD#F&~gu!9r)GJk$fSaRJLg8|zizF%MwL7Q8+Qpfk=={jq>2iOdvO+3^63+%8HP zaF7B@M-8J9fH6M+MLp_~0KW48{OU$1HK6h{&@njbMl{ z>5s!90LYG~0Pptj`sD~o`N)W9Og)JO&vrZB?E`D;)tj}^5_fq3Sn&=Tzv1Sqp+!sK zp(_UU9>phC14e;2_FWbo zM%OOqLDE;J$3NPB!b1ejLR4|jesm2TX?~&~#oP_IURaM+z4}aed&MyMphw-h(U=pu zioEX;qn!5kQ1H`(*NPa9FRT-{wm+A-FL7j-MSw~tSuFo}oT|mK?8}5 zJL!cLB(syfCFCxyLLY?Oig_*y%R1VaB?dy38ga(lsfK(14II`V1w}r16fdGCpc}0Z zGf-nVknzNphw0YEczP45>!Sd?Tt;YAh6^4Oht}9JBQnNQoua9j; zt9)?phafucisJex!mJn-)QmNawZE$s!sy|`_vY@3-NgwSaLox|0ty%G5G!0N`h>SaoFlrAN42hPpC{h(`DJ>E=m_xqh(3xpR;wY z#+OLshH>>p{L1*%{Y&T<-7n^YCj=SR@*W@0^nSAI4mfGhtdXq=ui@FH2r3xlrRgpf z=IGxOi8WO$%c<9`Kt>jl3qMbj7!IRUfApy=H))dAfy&|3v0~G^>E2=zqxSnTqlv*S z)y?;tI7dE2#IGpAdZX;wY0|0jsqJZes4G%5^JymE(Ddr_iwW$cY^0K=x)~UA)^i3> z#19Z8X(T;NqT}S#FDlM2UMeOuI5Zg4k1aCS3oKVL5Yk&My8A7;#Gp9i@s1vyo_ zVPvs=p_{(k#~_pI*LWt~n%z1|ACcKr7OO2^VT3j`H7~iDorz0cJr5D-c~~_(8}Nd& zIpvz6`Hf6*QI3R?kcN;^jqYJ0N)CTD#pCRQxAxr)_Ja3^LD5UleU6_Tbos)XjRJO0 zor{y-CmWZjl^{!0cUncucMCG|TM^ABmmwqyy&7y!*;MUgNA6^7=*{Xa77!FrYRO0* zm-7}of1=B2R`zLsRy}sgWR+y~ekDA08IIPgmiqu3ufh<~_uF$o%k; z*0$DOnyyx3K1aTkrj%yy@X&DX@N}w3x{Sb#;70mJ`b_%rXG_zUrrh;~^$m9F)xS*h zP4?=e1-uJS+>2zNg`&xf#cprP1t@uqG zXQbDpckLF=SL})IIqpR+WDN;tab%hZd5v}VDg8jMjmr^cCGk5imj>x5>4ezVZLsj! z@WmUI%~XE=*8DP)=4}O1Br# zk*MI&5aE<9=5>;u6KfJ~lKaYwG8vjO&M;PYc||MZ_2WMd%avT4Oj{QCy2AvF2jBWF}?W3z(~*jAW}o7$!c>L$R1y zE1}+g+kPGOVzAUMqWb2`vp1jl7?be(oonJs@0joq)GOw1>YK99aN<|n+ZmzShhGm! zB$s4z4et)s49v%geb~>s-M!y+e+5(j>D4169tPv})>0>lYH1JOd4g4nJ6x{}@k*r| zqU$+br*ukojoz0BwLbLIat<-?90={K!*bpsG$2@u2;5ni*)`KK<}+EYv$}YdK_^S` zI=UP>PxYQ6_&fW;%Qd=4w}JN5g~ZyTlAcD}QPc!#Yki3)^9f0E@%#1nB+rOv=W2+M*JsaPn^KUs3 z{yjDSq~-Klw!dxO0LwsY3N>YSseV~=Dp&rxc@yANM~vbZbz{@OadyL`$>EIIe$t$*nX{v^{2 z273lRC&jdbG?jF{w96;fPnvXwWXGqsm;A0&=b1=92uqvzY8>kKJI-x|PA1qNjK0lC z$_NbNJzub#&#m|0uo+o)B6ZtuBJ*CEK-|9BkZO?{d3w;`eNa8WMsCz#lvW{W;kxa; zEq#+Psngs1p*gL*@u_p;o?mO7Kk9UgE>mn|@u=1JFXip@RHlT?V(X!w+v%6n<7LXl zAWydIk-_F!AGW=+7M&K0Bl%s0S*69uDY+*%3*Yw_f}J{ivJb}>R8R3D!bWf6k7G%d z?!>0X4!$COwUa3>Dx%dD(1g-ePwLxe<>tjeq?yL+v&65!?2&XOsexM02a)C>u_FmtT$G0nLv|} zaEptRa(HDU#4``_OCmiV3(xCV=l@Hfp+B0N}?8^3pH>IKKtQEdY4V4*=Vi z03ewH090-mi!UkwK#QZUtf2pL?zfr0JJhaT?t0HRPF_B@l%UEO68C2BIbZk;BH_oY zq$!GI`(1>XbSPF>4=z7M-I!u#p+ooc%hlo;PKqJ~4s}$xX7y7t4y;Ah$NCU5o+!)v zf-QYksj72fs`Gs^1S4 zA@oy8#Fc3-2nkK%h{h}jo-Y2Lo11HkZ>f;GJs))?r9`*_xOo#36X)E6OF9^MiJi6& zH6sz^f+G|LF(eB|+S%C!M}3nqFf{C1>5g>efv*Em1CWwT>KGliEbx z$}F$KCw?i_xnCgDv1R*L+#iE?HMqUKU0J?h~HKKVVHu==8z6^gKHJrna>pblh; z!5s_ZG-et&^~{nD{1|w7B4cJ|CiBNo?B6wDfCHlKW^F@Z*eI4|Wo5ch<`mp9Ch($8 z59yA>t1+!~QJLo@=|M>R4m!6M0himG>%-O6RTCMTcWF01xC%|*j(Q`pb)G(@_y6;w zbJ=aa-t}9V%LRf0;Nju<^Yaa#tQO{%JQNY(PHolWJ@uKfnC6;q;V_4t^D%U)y|k3O zbgFB~>EGv@U+ktG4T~*ndWq8qv7o$B%8^QD@nmxgy+Aty>=i0g zQ&Tu{XFtMRKF{;OAP?v`?EKcL1=>sesc9JOy%`g>6kaqhUWMS`QyLf<-3}Grg5`O3 zwi@dSP{*@JSH9StE4ZUT9la`UFT6}AU@9nqLn#8wC_6g? z*QJ(oA7L%R9BQWi#&#~)p=h=7^F+tuXy5V4Gyq` zk4CiK0jdQb-~#A{g@v@}=;*3{jRgj_1N=thU`mBtEb_LR8z&Uj;XyB8+ZVT=%x4j# zf3E)6G%`%~_Uh0Arvr+skoIl)?H&)kBh_y|TN4zP<$!%w;E6L(xJj%5nh?@JCD5_x zyOA;D<>kfYn~86d9Iy8Mj8dBd((BPT@#zuQe&a^wKE?PbCqQPPGV|?Q!{FfH`xWsR zc1CR)1k&WMk8&-?HOt!C+9PKtr>9jUfC&zO2Lu2x+4ElsY;2k-e{{f&e?^;Q$R2_k z$TmOVCsK-GkgDh9;@S!C^5z51C}6c4ey(5}X@f!X1c+?jLHpg`mk%dbAD253bsMW= z_LdtwRuftkunYC%!QhZ~S58xK8Pa!oNW-EZIIUN1^*@Y$5DkNT2D@K36tSpJy|1^I z7kIS4*nHY{eR*m>EzOOg*D*dli2Rg)@-yb{UD$e(d{4v0{r~^ z7Ttm`=gDQWVucUS5R;r^S(6)w@ss&lmvAAWL#DLxQT9`2tXhQd`@}?U732{w6yeKq zIL=MS@gcqfKYmY68dv~vw7Q|LPUK_;TUa+c5YA)K*5cWL#+tzi0eIDQBk!@R-;c_L zVBjXx-)^Q3iz?`QSFSIPolUE(zgXFgoN~-8S{>~#GzuMC++NIhgV7F;*5CduYikd!EHO?!KMiaL){y1>-i_h(4Rv+( zBBPY@m>>m)>*M3&&Gq4QFGrBILmto~cp}KZ(`w)3&T>WPK8VhZsjjYGAf)2W2195- z;7-fY!Dmwa5!DlQkIFci)yC?^-X!_zd^9+SgN?1%Ci|>T>g9BW#cdCWn-4MYe(F03 zn}?*$leO1d3i^Jcz8HnV`F0^u0otLQhBKMdC7X~zYz+eA&Yxl?IZvOTAW&izFda%?v@=esr-nlEy!ssq3*PtP#Lu&q%m^%;#52aA6J2Td=|2viH$Bbg51OXySA}m1hN6X z(ZdvTftq5+Q5Fcc1{rQbR@NwBeDw_tQG-UG;l6_1h}vA2k~%)$?Yuzg%80w09#AQPVxsc1?-pEQT_ zP7BZ>b2ucVibqWAowO=0opv9+Dt;9swb#%VaDEUgOu|(*iw^)G%G`_|Zj8!lAQRh5 zn70f?)AIkNMC{)8s#Q4~2H+KHWh_Uj-K^GOT$QNX5(8&O5$*7HA1|L@2f1{H-ZAL! z?|&}>Sk|GI!49I5oRqXCnW2rXK-SM*DE$3W?Oi|(hsrz4hmcTq9-d(tuXQ4t9bn84 zGIeg)H!vWXiNPF*bn`1$Hnh2Ohr7ps*+eg3-SZ`akcyEIb<%n;z~xnL-kJt(a*0{K zXtX`iaa+wq_hu_H7y#hv)nd;U)B?9Yy7ZA7U=3Jm55*Uf~CG073+a$iIX64+6RfM^R0JU~@VqQHC4t#uAlb4hvJDCS@@;13 zwz#m+!O1NS09@}?)CyAca8%+7HPtNMf+YJKZV zkk9iZ_vh5R-q|8<$GR{wi1^~O)1o(2d?S1FpDV~>sQ1({(EPK+)6!g+DMQKT%*Z7G z{Qdh^(bRNq3tTT>QZBom*NB6%O4_;K8^znD&6+t}1^J1|Njc)k^C}pYehFYi9m|!s z%n1}u0;CKqfgV7|&i3|Rrl8%xNPd1kJUX|*ok7MBfYHB^=feWK;^py<&)?1Qyf>=v zXs5E%b#1iq$M`6#qK%&+6KmAO41U)%MdqS}BvfMPxA@rE&(L-z%1oUL6b})SQ6k^u ze~OcsGd7b5en#*%f$nA157S%HNXU-B2fzhi~Sqo2~9!sv%MC!w&q@KjQ zc{8a2yALb?aUIpa8Md~zBC>)mw%Qw?@=mK^8%vz}s8Efy`L&u~bmB8zMfR@F%1?T; z09V<(Esh0E#*l)fQ0!JH1`BXVTc0imb?w); zG)k=MU5}wjp~I(!1&wzm@90^fAmD zj_;q@6Vf%>VxhsJ7;G`Gs7J+>niLWM=ntu>CZ`~e%$fsRkrEh~w@Zlm1cA3IryIw9 zMJ6?$C@QJA1!!~>u9J*gStP4|TR4mp^)z=2v9B)r0{aN*tDmnG& z;RaspF9qIGSp*0qz##1pnMS;!J};~gw;Gs_w>uT>nN`j+2f-W14a!= zM6S|{yJv5l{aw{r@>ve7ju(UgcW27Y9u4*N^;J|Wc)I7V`KagaP@XsoeHVwyq0^=!qC8AI8EBuvqpsgl=j$mMW&dKXGMAiyr7uBK9vo; zs5IQQ|85ddUssouDeZfZ3RbAA0P~sE1 zS5_(_VYS*EOaK_N<8srwZGNrEAXjT=o#At*2V7c{HwGn!3@XTPCFUg|30$IBk4;P@ z8gg@gl2X6&$a!GdT>Z(Vq4zP=PG3lkskyJ<)2EDd8UGWHKx=2=e5|~iKv^aU|C8UV zj*gB_%7;4Ev^JE$Kl9;t%_wg?+%XRGcP_*ugJIXqaaU|Pc_sbqV35z*8E@;5x&jF3Mco7sZzBD+f9ht5Pq1r`TFkUH~xufU`ebv$L}XAacs24)*aAC1+%qiTs=WW1}oInKaJy zob?YVH2Od$d-J)f>aSH^6rGSziIhNy%4=r7NP^MB5s)X5GsfC4^~JLwGE6pghq`V+ z$$2d#D41DNQqnxS;_iO&X;$qSZIOAwTzgl5=dZqas^a3}fuF0ZZtT&^qy!N0%}_#_ z;`^41P0uIk=;+v-ad`cjut1llQ&?0q=1F_dwI)tYrHlt$R`w=xBh!B`jy)P98k@s4 zQamDF^G(?h3H|hM`f)(O73r8jk`|h`JWH7v5D^i%UIJADJyADk=-3KrwKgZqvlDhG z5A;D1>cQ7L7RO+iFByEXV@3W0QXF!6tlC#;eZR8vFN7iY3TlNrhlw)Bo?! zFU?FrXDdnX`7CZgSrqWGHFWzJ7aQy6lK=ko^y=T1w8X@3fZV!J;Z0DH)JBywqvhqv zZUV1aldx9F+4HZ<6*@`VF*si|B^^Q(K!yg|TOfS4rJaEJYP92xCDNLqt)bD>^lY)| zV8-0v^~2!W{Zj0*(T#2@ZsR{5y1Ekv!{@VmBiG1ypgtUV#qUv)gc}M2X>IQ;i)zdejnoTn8%xTQuzK5M*<5zXq+^_ts9t`};fyo$)%^_^ zcD!D)2Kv3Z-T=?$jhhuIV*E~qB- z6354DEhs`4^KqY(i_88~K|ydyJoa2-ecM>_kfI3$jqbWaIlOT>>6HeQk>Rh&*(fu> zJ|&<)w&bqdHub1`}iS~R@k z&cddC)%lOr5D|Iqgrz!+!vn+17~umx6LrorM_>jwXBIu`HDs$PR4)sFr@B!9|G5rS zRP9wS|NgvgLpADO>|#`MX%W@Nw9WG{vK zx+(Wq4hQ?_->Brj>$F#fBH(;{6`r6=mM;?K0^l-T%N5bof*X}U&Zd1;(1Zvm1r5Ys zDFQazo}Qke(?r!+WJ}O7b0J9Y-|4QdE+w$~;p)--*3B4r4(JX$PnX^`73#y2KVvK< z5eduJ&M*}N=g7GSF;)898m%NCPHs&W1Rs32iB0|YZDTTGs2}GWSrwXUY7OPX4ZDsQ zJDQi7y`Y_!ZvJv5BKzO6yv=ETS4wzmXbdF%{_PS=fL3!QSX|Wl=$qLKmd+1fu-3Ob zKmNPh@<$=y&mJ5cIAIbJ_z*zpD_bB}5P$Jtdb*nRUt(ig1~& zwlm=1;P@}N#`csi3TYA(61=2YS=XGC?e3O<(kK`V4JZq#K<_AaF$QI!gY$!pPT)&# zuULgy^NA8b2I~Fe=fMwV!4XT|v<9Vx0PR*SXS_vis1O)ot@PyUl}M%-BjsuXrB-+lUF3Y3Pky*5UOPhLuc3dne!=!dv=&}L3#8?A^_qT?`(4j9i%DWUO}!p>$B zdow*l^dOrj_xk|#<$qCEwqVxJP%0ysL_}#1XB$RYzA7U|@4XvHDWvgk#+d!fGEHfm zx@V-t=Pq9o^RN}FQ<|3~8Ae P0DPz;w3W*hEkpkY0k+gM literal 0 HcmV?d00001 From 10e5754e247e9adf7c576547c69d12ca09973c7a Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Mon, 7 Nov 2011 17:36:41 +0100 Subject: [PATCH 06/14] oauth: authorize --- include/oauth.php | 91 +++++++++++++++++++++++++------ library/OAuth1.php | 5 ++ mod/api.php | 45 ++++++++++----- view/oauth_authorize.tpl | 3 +- view/theme/duepuntozero/style.css | 22 ++++++++ 5 files changed, 133 insertions(+), 33 deletions(-) diff --git a/include/oauth.php b/include/oauth.php index b84309207..2724dcf7c 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -17,6 +17,7 @@ class FKOAuthDataStore extends OAuthDataStore { } function lookup_consumer($consumer_key) { + logger(__function__.":".$consumer_key); //echo "
"; var_dump($consumer_key); killme();
 	  
 		$r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
@@ -28,8 +29,8 @@ class FKOAuthDataStore extends OAuthDataStore {
   }
 
   function lookup_token($consumer, $token_type, $token) {
-		//echo __file__.":".__line__."
"; var_dump($consumer, $token_type, $token); killme();
-		$r = q("SELECT id, secret,scope, expires  FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
+		logger(__function__.":".$consumer.", ". $token_type.", ".$token);
+		$r = q("SELECT id, secret,scope, expires, uid  FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
 			dbesc($consumer->key),
 			dbesc($token_type),
 			dbesc($token)
@@ -38,6 +39,7 @@ class FKOAuthDataStore extends OAuthDataStore {
 			$ot=new OAuthToken($r[0]['id'],$r[0]['secret']);
 			$ot->scope=$r[0]['scope'];
 			$ot->expires = $r[0]['expires'];
+			$ot->uid = $r[0]['uid'];
 			return $ot;
 		}
 		return null;
@@ -56,12 +58,20 @@ class FKOAuthDataStore extends OAuthDataStore {
   }
 
   function new_request_token($consumer, $callback = null) {
+		logger(__function__.":".$consumer.", ". $callback);
 		$key = $this->gen_token();
 		$sec = $this->gen_token();
+		
+		if ($consumer->key){
+			$k = $consumer->key;
+		} else {
+			$k = $consumer;
+		}
+		
 		$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
 				dbesc($key),
 				dbesc($sec),
-				dbesc($consumer->key),
+				dbesc($k),
 				'request',
 				intval(REQUEST_TOKEN_DURATION));
 		if (!$r) return null;
@@ -69,6 +79,8 @@ class FKOAuthDataStore extends OAuthDataStore {
   }
 
   function new_access_token($token, $consumer, $verifier = null) {
+    logger(__function__.":".$token.", ". $consumer.", ". $verifier);
+    
     // return a new access token attached to this consumer
     // for the user associated with this token if the request token
     // is authorized
@@ -76,34 +88,34 @@ class FKOAuthDataStore extends OAuthDataStore {
     
     $ret=Null;
     
-    // get verifier for this user
-    $uverifier = get_pconfig(local_user(), "oauth", "verifier");
-    
-    
-    if (is_null($verifier) || ($verifier==$uverifier)){
+    // get user for this verifier
+    $uverifier = get_config("oauth", $verifier);
+    logger(__function__.":".$verifier.",".$uverifier);
+    if (is_null($verifier) || ($uverifier!==false)){
 		
 		$key = $this->gen_token();
 		$sec = $this->gen_token();
-		$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
+		$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d, %d)",
 				dbesc($key),
 				dbesc($sec),
-				dbesc($consumer->$key),
+				dbesc($consumer->key),
 				'access',
-				intval(ACCESS_TOKEN_DURATION));
+				intval(ACCESS_TOKEN_DURATION),
+				intval($uverifier));
 		if ($r)
 			$ret = new OAuthToken($key,$sec);		
 	}
 		
 		
-	//q("DELETE FROM tokens WHERE id='%s'", $token->key);
+	q("DELETE FROM tokens WHERE id='%s'", $token->key);
 	
 	
-	if (!is_null($ret)){
-		//del_pconfig(local_user(), "oauth", "verifier");
-		$apps = get_pconfig(local_user(), "oauth", "apps");
+	if (!is_null($ret) && $uverifier!==false){
+		del_config("oauth", $verifier);
+	/*	$apps = get_pconfig($uverifier, "oauth", "apps");
 		if ($apps===false) $apps=array();
 		$apps[] = $consumer->key;
-		//set_pconfig(local_user(), "oauth", "apps", $apps);
+		set_pconfig($uverifier, "oauth", "apps", $apps);*/
 	}
 		
     return $ret;
@@ -117,8 +129,52 @@ class FKOAuth1 extends OAuthServer {
 		$this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
 		$this->add_signature_method(new OAuthSignatureMethod_HMAC_SHA1());
 	}
-}
+	
+	function loginUser($uid){
+		logger("FKOAuth1::loginUser $uid");
+		$a = get_app();
+		$r = q("SELECT * FROM `user` WHERE uid=%d AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
+			intval($uid)
+		);
+		if(count($r)){
+			$record = $r[0];
+		} else {
+		   logger('FKOAuth1::loginUser failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+		    header('HTTP/1.0 401 Unauthorized');
+		    die('This api requires login');
+		}
+		$_SESSION['uid'] = $record['uid'];
+		$_SESSION['theme'] = $record['theme'];
+		$_SESSION['authenticated'] = 1;
+		$_SESSION['page_flags'] = $record['page-flags'];
+		$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $record['nickname'];
+		$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
 
+		//notice( t("Welcome back ") . $record['username'] . EOL);
+		$a->user = $record;
+
+		if(strlen($a->user['timezone'])) {
+			date_default_timezone_set($a->user['timezone']);
+			$a->timezone = $a->user['timezone'];
+		}
+
+		$r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
+			intval($_SESSION['uid']));
+		if(count($r)) {
+			$a->contact = $r[0];
+			$a->cid = $r[0]['id'];
+			$_SESSION['cid'] = $a->cid;
+		}
+		q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1",
+			dbesc(datetime_convert()),
+			intval($_SESSION['uid'])
+		);
+
+		call_hooks('logged_in', $a->user);		
+	}
+	
+}
+/*
 class FKOAuth2 extends OAuth2 {
 
 	private function db_secret($client_secret){
@@ -207,3 +263,4 @@ class FKOAuth2 extends OAuth2 {
 	}	
 	
 }
+*/
diff --git a/library/OAuth1.php b/library/OAuth1.php
index 604945265..3b211b146 100644
--- a/library/OAuth1.php
+++ b/library/OAuth1.php
@@ -27,6 +27,10 @@ class OAuthToken {
   public $key;
   public $secret;
 
+  public $expires;
+  public $scope;
+  public $uid;
+
   /**
    * key = the token
    * secret = the token secret
@@ -552,6 +556,7 @@ class OAuthServer {
   public function verify_request(&$request) {
     $this->get_version($request);
     $consumer = $this->get_consumer($request);
+    //echo __file__.__line__.__function__."
"; var_dump($consumer); die();
     $token = $this->get_token($request, $consumer, "access");
     $this->check_signature($request, $consumer, $token);
     return array($consumer, $token);
diff --git a/mod/api.php b/mod/api.php
index 5903caee6..ad75e6620 100644
--- a/mod/api.php
+++ b/mod/api.php
@@ -2,13 +2,8 @@
 
 require_once('include/api.php');
 
-function oauth_get_client(){
-	// get consumer/client from request token
-	try {
-		$request = OAuthRequest::from_request();
-	} catch(Exception $e) {
-		echo "
"; var_dump($e); killme();
-	}
+function oauth_get_client($request){
+
 	
 	$params = $request->get_parameters();
 	$token = $params['oauth_token'];
@@ -45,16 +40,36 @@ function api_content(&$a) {
 		 * api/oauth/authorize interact with the user. return a standard page
 		 */
 		
+		$a->page['template'] = "minimal";
+		
+		
+		// get consumer/client from request token
+		try {
+			$request = OAuthRequest::from_request();
+		} catch(Exception $e) {
+			echo "
"; var_dump($e); killme();
+		}
+		
 		
 		if (x($_POST,'oauth_yes')){
 		
-		
-			$app = oauth_get_client();
+			$app = oauth_get_client($request);
 			if (is_null($app)) return "Invalid request. Unknown token.";
-			$consumer = new OAuthConsumer($app['key'], $app['secret']);
+			$consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
 
 			$verifier = md5($app['secret'].local_user());
-			set_pconfig(local_user(), "oauth", "verifier", $verifier);
+			set_config("oauth", $verifier, local_user());
+			
+			
+			if ($consumer->callback_url!=null) {
+				$params = $request->get_parameters();
+				$glue="?";
+				if (strstr($consumer->callback_url,$glue)) $glue="?";
+				goaway($consumer->callback_url.$glue."oauth_token=".OAuthUtil::urlencode_rfc3986($params['oauth_token'])."&oauth_verifier=".OAuthUtil::urlencode_rfc3986($verifier));
+				killme();
+			}
+			
+			
 			
 			$tpl = get_markup_template("oauth_authorize_done.tpl");
 			$o = replace_macros($tpl, array(
@@ -67,19 +82,21 @@ function api_content(&$a) {
 		
 		
 		}
-	
 		
 		
 		if(! local_user()) {
 			//TODO: we need login form to redirect to this page
 			notice( t('Please login to continue.') . EOL );
-			return login(false);
+			return login(false,$request->get_parameters());
 		}
+		//FKOAuth1::loginUser(4);
 		
-		$app = oauth_get_client();
+		$app = oauth_get_client($request);
 		if (is_null($app)) return "Invalid request. Unknown token.";
 		
 		
+
+		
 		$tpl = get_markup_template('oauth_authorize.tpl');
 		$o = replace_macros($tpl, array(
 			'$title' => t('Authorize application connection'),
diff --git a/view/oauth_authorize.tpl b/view/oauth_authorize.tpl
index 6bcf9802a..31f02ac50 100644
--- a/view/oauth_authorize.tpl
+++ b/view/oauth_authorize.tpl
@@ -3,9 +3,8 @@
 

$app.name

-

$app.client_id

$authorize

-
+
diff --git a/view/theme/duepuntozero/style.css b/view/theme/duepuntozero/style.css index 6f452cebc..7e7adbadc 100644 --- a/view/theme/duepuntozero/style.css +++ b/view/theme/duepuntozero/style.css @@ -2750,6 +2750,28 @@ a.mail-list-link { .panel_text .progress { width: 50%; overflow: hidden; height: auto; border: 1px solid #cccccc; margin-bottom: 5px} .panel_text .progress span {float: right; display: block; width: 25%; background-color: #eeeeee; text-align: right;} +/** + * OAuth + */ +.oauthapp { + height: auto; overflow: auto; + border-bottom: 2px solid #cccccc; + padding-bottom: 1em; + margin-bottom: 1em; +} +.oauthapp img { + float: left; + width: 48px; height: 48px; + margin: 10px; +} +.oauthapp img.noicon { + background-image: url("../../../images/icons/48/plugin.png"); + background-position: center center; + background-repeat: no-repeat; +} +.oauthapp a { + float: left; +} /** * ICONS From 41cbd84a74eff278787daf3c23582c49cf814236 Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Mon, 7 Nov 2011 17:36:58 +0100 Subject: [PATCH 07/14] api: login with oauth --- include/api.php | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/include/api.php b/include/api.php index 2de965681..d8942bfff 100644 --- a/include/api.php +++ b/include/api.php @@ -27,6 +27,23 @@ * Simple HTTP Login */ function api_login(&$a){ + // login with oauth + try{ + $oauth = new FKOAuth1(); + list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); + if (!is_null($token)){ + $oauth->loginUser($token->uid); + call_hooks('logged_in', $a->user); + return; + } + echo __file__.__line__.__function__."
"; var_dump($consumer, $token); die();
+		}catch(Exception $e){
+			logger(__file__.__line__.__function__."\n".$e);
+			//die(__file__.__line__.__function__."
".$e); die();
+		}
+
+		
+		
 		// workaround for HTTP-auth in CGI mode
 		if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
 		 	$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
@@ -1145,7 +1162,7 @@
 		}catch(Exception $e){
 			echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme();
 		}
-		echo "oauth_token=".$r->key."&oauth_secret=".$r->secret;
+		echo $r;
 		killme();	
 	}
 	function api_oauth_access_token(&$a, $type){
@@ -1155,7 +1172,7 @@
 		}catch(Exception $e){
 			echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme();
 		}
-		echo "oauth_token=".$r->key."&oauth_secret=".$r->secret;
+		echo $r;
 		killme();			
 	}
 

From 955326accab18542a4f89a16f43cdb46c5bad599 Mon Sep 17 00:00:00 2001
From: Fabio Comuni 
Date: Mon, 7 Nov 2011 17:37:25 +0100
Subject: [PATCH 08/14] add hidden fields in login template

---
 view/login.tpl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/view/login.tpl b/view/login.tpl
index 5240bb9ad..5349fa3d8 100644
--- a/view/login.tpl
+++ b/view/login.tpl
@@ -22,6 +22,11 @@
 		
 	
 	
+	{{ for $hiddens as $k=>$v }}
+		
+	{{ endfor }}
+	
+	
 
 
 

From b464b819a15b5b9d62be810dd44a1111d35963d8 Mon Sep 17 00:00:00 2001
From: Fabio Comuni 
Date: Mon, 7 Nov 2011 17:37:49 +0100
Subject: [PATCH 09/14] minimal page layout for oauth authorize

---
 view/minimal.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 view/minimal.php

diff --git a/view/minimal.php b/view/minimal.php
new file mode 100644
index 000000000..a8c693985
--- /dev/null
+++ b/view/minimal.php
@@ -0,0 +1,14 @@
+
+
+
+  <?php if(x($page,'title')) echo $page['title'] ?>
+  
+  
+
+
+	
+ +
+ + + From 4407fc2c5d47ee1a7dfb8bfdfd47e73b22ec7e2a Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Mon, 7 Nov 2011 17:38:30 +0100 Subject: [PATCH 10/14] oauth apps/authorization management in settings page --- mod/settings.php | 119 +++++++++++++++++++++++++++++++++++ view/settings_oauth.tpl | 26 +++++++- view/settings_oauth_edit.tpl | 17 +++++ 3 files changed, 160 insertions(+), 2 deletions(-) create mode 100644 view/settings_oauth_edit.tpl diff --git a/mod/settings.php b/mod/settings.php index ca9b4bd54..2b9cde735 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -47,6 +47,58 @@ function settings_post(&$a) { return; } + if(($a->argc > 1) && ($a->argv[1] === 'oauth') && x($_POST,'remove')){ + $key = $_POST['remove']; + q("DELETE FROM tokens WHERE id='%s' AND uid=%d", + dbesc($key), + local_user()); + goaway($a->get_baseurl()."/settings/oauth/"); + return; + } + + if(($a->argc > 2) && ($a->argv[1] === 'oauth') && ($a->argv[2] === 'edit') && x($_POST,'submit')) { + + $name = ((x($_POST,'name')) ? $_POST['name'] : ''); + $key = ((x($_POST,'key')) ? $_POST['key'] : ''); + $secret = ((x($_POST,'secret')) ? $_POST['secret'] : ''); + $redirect = ((x($_POST,'redirect')) ? $_POST['redirect'] : ''); + $icon = ((x($_POST,'icon')) ? $_POST['icon'] : ''); + if ($name=="" || $key=="" || $secret==""){ + notice(t("Missing some important data!")); + + } else { + if ($_POST['submit']==t("Update")){ + $r = q("UPDATE clients SET + client_id='%s', + pw='%s', + name='%s', + redirect_uri='%s', + icon='%s', + uid=%d + WHERE client_id='%s'", + dbesc($key), + dbesc($secret), + dbesc($name), + dbesc($redirect), + dbesc($icon), + local_user(), + dbesc($key)); + } else { + $r = q("INSERT INTO clients + (client_id, pw, name, redirect_uri, icon, uid) + VALUES ('%s','%s','%s','%s','%s',%d)", + dbesc($key), + dbesc($secret), + dbesc($name), + dbesc($redirect), + dbesc($icon), + local_user()); + } + } + goaway($a->get_baseurl()."/settings/oauth/"); + return; + } + if(($a->argc > 1) && ($a->argv[1] == 'addon')) { call_hooks('plugin_settings_post', $_POST); return; @@ -358,10 +410,77 @@ function settings_content(&$a) { if(($a->argc > 1) && ($a->argv[1] === 'oauth')) { + if(($a->argc > 2) && ($a->argv[2] === 'add')) { + $tpl = get_markup_template("settings_oauth_edit.tpl"); + $o .= replace_macros($tpl, array( + '$tabs' => $tabs, + '$title' => t('Add application'), + '$submit' => t('Submit'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), '', ''), + '$key' => array('key', t('Consumer Key'), '', ''), + '$secret' => array('secret', t('Consumer Secret'), '', ''), + '$redirect' => array('redirect', t('Redirect'), '', ''), + '$icon' => array('icon', t('Icon url'), '', ''), + )); + return $o; + } + + if(($a->argc > 3) && ($a->argv[2] === 'edit')) { + $r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d", + dbesc($a->argv[3]), + local_user()); + + if (!count($r)){ + notice(t("You can't edit this application.")); + return; + } + $app = $r[0]; + + $tpl = get_markup_template("settings_oauth_edit.tpl"); + $o .= replace_macros($tpl, array( + '$tabs' => $tabs, + '$title' => t('Add application'), + '$submit' => t('Update'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), $app['name'] , ''), + '$key' => array('key', t('Consumer Key'), $app['client_id'], ''), + '$secret' => array('secret', t('Consumer Secret'), $app['pw'], ''), + '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], ''), + '$icon' => array('icon', t('Icon url'), $app['icon'], ''), + )); + return $o; + } + + if(($a->argc > 3) && ($a->argv[2] === 'delete')) { + $r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d", + dbesc($a->argv[3]), + local_user()); + goaway($a->get_baseurl()."/settings/oauth/"); + return; + } + + + $r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my + FROM clients + LEFT JOIN tokens ON clients.client_id=tokens.client_id + WHERE clients.uid IN (%d,0)", + local_user(), + local_user()); + + $tpl = get_markup_template("settings_oauth.tpl"); $o .= replace_macros($tpl, array( + '$baseurl' => $a->get_baseurl(), '$title' => t('Connected Apps'), + '$add' => t('Add application'), + '$edit' => t('Edit'), + '$delete' => t('Delete'), + '$consumerkey' => t('Client key starts with'), + '$noname' => t('No name'), + '$remove' => t('Remove authorization'), '$tabs' => $tabs, + '$apps' => $r, )); return $o; diff --git a/view/settings_oauth.tpl b/view/settings_oauth.tpl index 87fd6d1ee..bc5866bec 100644 --- a/view/settings_oauth.tpl +++ b/view/settings_oauth.tpl @@ -3,8 +3,30 @@ $tabs

$title

-
+ + + -$settings_addons + {{ for $apps as $app }} + + {{ endfor }}
diff --git a/view/settings_oauth_edit.tpl b/view/settings_oauth_edit.tpl new file mode 100644 index 000000000..98b7457aa --- /dev/null +++ b/view/settings_oauth_edit.tpl @@ -0,0 +1,17 @@ +$tabs + +

$title

+ +
+{{ inc field_input.tpl with $field=$name }}{{ endinc }} +{{ inc field_input.tpl with $field=$key }}{{ endinc }} +{{ inc field_input.tpl with $field=$secret }}{{ endinc }} +{{ inc field_input.tpl with $field=$redirect }}{{ endinc }} +{{ inc field_input.tpl with $field=$icon }}{{ endinc }} + +
+ + +
+ +
From b070666120fc6cbc0d90a0ad160274f8ecf7a027 Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Mon, 7 Nov 2011 17:39:00 +0100 Subject: [PATCH 11/14] statusnet-friendika post permalink compatibility --- mod/notice.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 mod/notice.php diff --git a/mod/notice.php b/mod/notice.php new file mode 100644 index 000000000..9d8aeed70 --- /dev/null +++ b/mod/notice.php @@ -0,0 +1,20 @@ + friendika items permanent-url compatibility */ + + function notice_init(&$a){ + $id = $a->argv[1]; + $r = q("SELECT user.nickname FROM user LEFT JOIN item ON item.uid=user.uid WHERE item.id=%d", + intval($id) + ); + if (count($r)){ + $nick = $r[0]['nickname']; + $url = $a->get_baseurl()."/display/$nick/$id"; + goaway($url); + } else { + $a->error = 404; + notice( t('Item not found.') . EOL); + + } + return; + + } From d7d889bcd09d4e92e0ded85b6c5f94ef18cc9a75 Mon Sep 17 00:00:00 2001 From: Fabio Comuni Date: Mon, 7 Nov 2011 17:48:14 +0100 Subject: [PATCH 12/14] oauth: db update --- boot.php | 4 ++-- database.sql | 5 +++++ update.php | 11 +++++++++-- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/boot.php b/boot.php index cde5c195c..57edcbeaa 100644 --- a/boot.php +++ b/boot.php @@ -9,9 +9,9 @@ require_once('include/nav.php'); require_once('include/cache.php'); define ( 'FRIENDIKA_PLATFORM', 'Friendica'); -define ( 'FRIENDIKA_VERSION', '2.3.1157' ); +define ( 'FRIENDIKA_VERSION', '2.3.1158' ); define ( 'DFRN_PROTOCOL_VERSION', '2.22' ); -define ( 'DB_UPDATE_VERSION', 1102 ); +define ( 'DB_UPDATE_VERSION', 1103 ); define ( 'EOL', "
\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); diff --git a/database.sql b/database.sql index 3d11ff4b7..58b81b0ac 100644 --- a/database.sql +++ b/database.sql @@ -460,14 +460,19 @@ CREATE TABLE IF NOT EXISTS `clients` ( `client_id` VARCHAR( 20 ) NOT NULL , `pw` VARCHAR( 20 ) NOT NULL , `redirect_uri` VARCHAR( 200 ) NOT NULL , +`name` VARCHAR( 128 ) NULL DEFAULT NULL, +`icon` VARCHAR( 255 ) NULL DEFAULT NULL, +`uid` INT NOT NULL DEFAULT 0, PRIMARY KEY ( `client_id` ) ) ENGINE = MyISAM DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `tokens` ( `id` VARCHAR( 40 ) NOT NULL , +`secret` VARCHAR( 40 ) NOT NULL , `client_id` VARCHAR( 20 ) NOT NULL , `expires` INT NOT NULL , `scope` VARCHAR( 200 ) NOT NULL , +`uid` INT NOT NULL , PRIMARY KEY ( `id` ) ) ENGINE = MyISAM DEFAULT CHARSET=utf8; diff --git a/update.php b/update.php index 67017fa03..511362a6d 100644 --- a/update.php +++ b/update.php @@ -1,6 +1,6 @@ Date: Mon, 7 Nov 2011 17:54:46 +0100 Subject: [PATCH 13/14] oauth: fix add new app --- mod/settings.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod/settings.php b/mod/settings.php index 938f6a0d5..6cc80e3a6 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -56,7 +56,7 @@ function settings_post(&$a) { return; } - if(($a->argc > 2) && ($a->argv[1] === 'oauth') && ($a->argv[2] === 'edit') && x($_POST,'submit')) { + if(($a->argc > 2) && ($a->argv[1] === 'oauth') && ($a->argv[2] === 'edit'||($a->argv[2] === 'add')) && x($_POST,'submit')) { $name = ((x($_POST,'name')) ? $_POST['name'] : ''); $key = ((x($_POST,'key')) ? $_POST['key'] : ''); From c90e6c6e0782e3e8ac9cf1be3acbc13f5448148d Mon Sep 17 00:00:00 2001 From: fabrixxm Date: Mon, 7 Nov 2011 18:41:22 +0100 Subject: [PATCH 14/14] fix db update --- update.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update.php b/update.php index 511362a6d..362935c38 100644 --- a/update.php +++ b/update.php @@ -875,7 +875,7 @@ function update_1101() { } function update_1102() { - q("ALTER TABLE `clients` ADD `name` TEXT NULL DEFAULT NULL AFTER `redirect` "); + q("ALTER TABLE `clients` ADD `name` TEXT NULL DEFAULT NULL AFTER `redirect_uri` "); q("ALTER TABLE `clients` ADD `icon` TEXT NULL DEFAULT NULL AFTER `name` "); q("ALTER TABLE `clients` ADD `uid` INT NOT NULL DEFAULT 0 AFTER `icon` ");