Changeset 3055025
- Timestamp:
- 03/20/2024 07:37:16 AM (2 years ago)
- File:
-
- 1 edited
-
atomchat/trunk/atomchat.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
atomchat/trunk/atomchat.php
r3050260 r3055025 149 149 $role = get_role($value); 150 150 $role->add_cap( 'enable_atomchat',true ); 151 $role->add_cap( 'manage_credit_balance', true ); 151 152 } 152 153 add_option('atomchat_show_friends','false','','no'); … … 200 201 if( !function_exists( 'atomchatDeductPointsCallback' ) ) { 201 202 function atomchatDeductPointsCallback() { 202 include_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'mycred'.DIRECTORY_SEPARATOR.'credits.php'); 203 $auth_key = get_option('atomchat_auth_key'); 204 $data = json_decode(file_get_contents('php://input')); 205 $server_secret = $data->secretkey; 206 $get_user_id = $data->UID; 207 $user = get_user_by( 'id', $get_user_id ); 208 $randomString = $data->randomString; 209 $client_secret = md5(implode(',', [$user->id,$user->user_login,$auth_key,$randomString])); 210 if($client_secret == $server_secret){ 211 include_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'mycred'.DIRECTORY_SEPARATOR.'credits.php'); 212 }else{ 213 wp_send_json_error(array( 214 'code' => 'NOT_AUTHORIZED', 215 'message' => 'You are not authorized' 216 ), 401); 217 } 203 218 } 204 219 } … … 224 239 225 240 function atomchatDeductPointsPermissionCheck(WP_REST_Request $request) { 226 $atomchat_auth_key = get_option('atomchat_auth_key'); 227 $encryption_key = $request->get_param('encryption_key'); 228 if (password_verify($atomchat_auth_key, $encryption_key)) { 229 return true; 230 } else { 231 return false; 232 } 241 $data = json_decode(file_get_contents('php://input')); 242 $user_id = $data->UID; 243 if( $user_id ){ 244 $user = get_user_by( 'id', $user_id ); 245 if( $user && user_can($user, 'manage_credit_balance')){ 246 return true; 247 } 248 } 249 return false; 233 250 } 234 251
Note: See TracChangeset
for help on using the changeset viewer.