Changeset 3072086
- Timestamp:
- 04/17/2024 06:12:42 AM (2 years ago)
- File:
-
- 1 edited
-
atomchat/trunk/atomchat.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
atomchat/trunk/atomchat.php
r3055044 r3072086 201 201 if( !function_exists( 'atomchatDeductPointsCallback' ) ) { 202 202 function atomchatDeductPointsCallback() { 203 $auth_key = get_option('atomchat_auth_key'); 204 $data = json_decode(file_get_contents('php://input')); 205 $server_secret = $data->secretkey; 206 $randomString = $data->randomString; 207 $client_secret = md5($auth_key.$randomString."dcomdemaetand"); 208 if($client_secret == $server_secret){ 209 include_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'mycred'.DIRECTORY_SEPARATOR.'credits.php'); 210 }else{ 211 wp_send_json_error(array( 212 'code' => 'NOT_AUTHORIZED', 213 'message' => 'You are not authorized' 214 ), 401); 215 } 203 include_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'mycred'.DIRECTORY_SEPARATOR.'credits.php'); 216 204 } 217 205 } … … 239 227 $data = json_decode(file_get_contents('php://input')); 240 228 $user_id = $data->UID; 229 $server_secret = $data->secretkey; 230 $randomString = $data->randomString; 231 $auth_key = get_option('atomchat_auth_key'); 232 $client_secret = md5($auth_key.$randomString."dcomdemaetand"); 241 233 if( $user_id ){ 242 234 $user = get_user_by( 'id', $user_id ); 243 if( $user && user_can($user, 'manage_credit_balance') ){235 if( $user && user_can($user, 'manage_credit_balance') && ($server_secret == $client_secret)){ 244 236 return true; 245 237 }
Note: See TracChangeset
for help on using the changeset viewer.