Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.119
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
var /
www /
html /
bdc.bdcloud.fr /
core /
modules /
oauth /
Delete
Unzip
Name
Size
Permission
Date
Action
generic_oauthcallback.php
6.47
KB
-rwxr-x---
2023-04-04 15:50
github_oauthcallback.php
6.1
KB
-rwxr-x---
2023-04-04 15:50
microsoft_oauthcallback.php
7.32
KB
-rwxr-x---
2023-04-04 15:50
stripelive_oauthcallback.php
6.45
KB
-rwxr-x---
2023-04-04 15:50
stripetest_oauthcallback.php
6.46
KB
-rwxr-x---
2023-04-04 15:50
Save
Rename
<?php /* Copyright (C) 2022 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2019 Thibault FOUCART <support@ptibogxiv.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <https://www.gnu.org/licenses/>. */ /** * \file htdocs/core/modules/oauth/stripelive_oauthcallback.php * \ingroup oauth * \brief Page to get oauth callback */ // Load Dolibarr environment require '../../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php'; use OAuth\Common\Storage\DoliStorage; use OAuth\Common\Consumer\Credentials; use OAuth\OAuth2\Service\GitHub; // Define $urlwithroot $urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root)); $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current $action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); $keyforprovider = GETPOST('keyforprovider', 'aZ09'); if (empty($keyforprovider) && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) { $keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"]; } /** * Create a new instance of the URI class with the current URI, stripping the query string */ $uriFactory = new \OAuth\Common\Http\Uri\UriFactory(); //$currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER); //$currentUri->setQuery(''); $currentUri = $uriFactory->createFromAbsolute($urlwithroot.'/core/modules/oauth/stripelive_oauthcallback.php'); /** * Load the credential for the service */ /** @var $serviceFactory \OAuth\ServiceFactory An OAuth service factory. */ $serviceFactory = new \OAuth\ServiceFactory(); $httpClient = new \OAuth\Common\Http\Client\CurlClient(); // TODO Set options for proxy and timeout // $params=array('CURLXXX'=>value, ...) //$httpClient->setCurlParameters($params); $serviceFactory->setHttpClient($httpClient); // Dolibarr storage $storage = new DoliStorage($db, $conf, $keyforprovider); // Setup the credentials for the requests $keyforparamid = 'OAUTH_STRIPE_LIVE'.($keyforprovider ? '-'.$keyforprovider : '').'_ID'; $keyforparamsecret = 'OAUTH_STRIPE_LIVE'.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET'; $credentials = new Credentials( getDolGlobalString($keyforparamid), getDolGlobalString($keyforparamsecret), $currentUri->getAbsoluteUri() ); $requestedpermissionsarray = array(); if (GETPOST('state')) { $requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'userinfo_email,userinfo_profile,cloud_print'. 'state' parameter is standard to retrieve some parameters back } /*if ($action != 'delete' && empty($requestedpermissionsarray)) { print 'Error, parameter state is not defined'; exit; }*/ //var_dump($requestedpermissionsarray);exit; // Instantiate the Api service using the credentials, http client and storage mechanism for the token //$apiService = $serviceFactory->createService('StripeTest', $credentials, $storage, $requestedpermissionsarray); $servicesuffix = ($keyforprovider ? '-'.$keyforprovider : ''); $sql = "INSERT INTO ".MAIN_DB_PREFIX."oauth_token SET service = 'StripeLive".$db->escape($servicesuffix)."', entity = ".((int) $conf->entity); $db->query($sql); // access type needed to have oauth provider refreshing token //$apiService->setAccessType('offline'); $langs->load("oauth"); if (!getDolGlobalString($keyforparamid)) { accessforbidden('Setup of service is not complete. Customer ID is missing'); } if (!getDolGlobalString($keyforparamsecret)) { accessforbidden('Setup of service is not complete. Secret key is missing'); } /* * Actions */ if ($action == 'delete') { $storage->clearToken('StripeLive'); setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); header('Location: '.$backtourl); exit(); } if (GETPOST('code')) { // We are coming from oauth provider page // We should have //$_GET=array('code' => string 'aaaaaaaaaaaaaa' (length=20), 'state' => string 'user,public_repo' (length=16)) dol_syslog("We are coming from the oauth provider page code=".dol_trunc(GETPOST('code'), 5)); // This was a callback request from service, get the token try { //var_dump($state); //var_dump($apiService); // OAuth\OAuth2\Service\Stripe //$token = $apiService->requestAccessToken(GETPOST('code'), $state); $token = $apiService->requestAccessToken(GETPOST('code')); // Stripe is a service that does not need state to be stored as second paramater of requestAccessToken setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token $backtourl = $_SESSION["backtourlsavedbeforeoauthjump"]; unset($_SESSION["backtourlsavedbeforeoauthjump"]); header('Location: '.$backtourl); exit(); } catch (Exception $e) { print $e->getMessage(); } } else // If entry on page with no parameter, we arrive here { $_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl; $_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider; $_SESSION['oauthstateanticsrf'] = $state; // This may create record into oauth_state before the header redirect. // Creation of record with state in this tables depend on the Provider used (see its constructor). if (GETPOST('state')) { $url = $apiService->getAuthorizationUri(array('state'=>GETPOST('state'))); } else { //$url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated //https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_AX27ut70tJ1j6eyFCV3ObEXhNOo2jY6V&scope=read_write $url = 'https://connect.stripe.com/oauth/authorize?response_type=code&client_id='.$conf->global->$keyforparamid.'&scope=read_write'; } // we go on oauth provider authorization page header('Location: '.$url); exit(); } /* * View */ // No view at all, just actions $db->close();