function isxwpe_xero_settings_menu() { //Function to collect api credentials and authenticate global $wpdb; echo '<h3>Xero Authentication</h3>'; $useragent = "XeroOAuth-PHP Private App Test"; $application_key = $secret_key = ''; $redirect_url = admin_url() . 'admin.php?page=invoice-sync-for-xero-and-wpecommerce/xero-invoice.php'; $target_directorys = wp_upload_dir(); $target_directory = $target_directorys['basedir']; if (isset($_POST['save_data'])) { $application_key = $_POST['application_key']; $secret_key = $_POST['secret_key']; //$redirect_url = $_POST['redirect_url']; //print_r($target_directory); if (!file_exists($target_directory . '/xero_invoice/private_keys')) { mkdir($target_directory . '/xero_invoice/', 0777, true); mkdir($target_directory . '/xero_invoice/private_keys', 0777, true); } copy(plugin_dir_path(__FILE__) . 'xero_library/certs/publickey.cer', $target_directory . '/xero_invoice/private_keys/publickey.cer'); $target_dir = $target_directory . '/xero_invoice/private_keys/'; $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]); move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file); $results = $wpdb->get_results("SELECT * FROM {$wpdb->prefix}" . "xero_auth"); if (!empty($results)) { // delete old auth details from DB $wpdb->delete("{$wpdb->prefix}" . "xero_auth", array('credential' => 'application_key')); $wpdb->delete("{$wpdb->prefix}" . "xero_auth", array('credential' => 'secret_key')); } // Save new auth credentials to db $wpdb->insert("{$wpdb->prefix}" . "xero_auth", array('credential' => 'application_key', 'value' => $application_key), array('%s', '%s')); $wpdb->insert("{$wpdb->prefix}" . "xero_auth", array('credential' => 'secret_key', 'value' => $secret_key), array('%s', '%s')); ?> <style> .xero_input_form { display:none; } </style> <?php $_SESSION['auth_button_clicked'] = 1; } $results = $wpdb->get_results("SELECT * FROM {$wpdb->prefix}" . "xero_auth"); if (!empty($results)) { foreach ($results as $result) { if ($result->credential == 'application_key') { $application_key = $result->value; } if ($result->credential == 'secret_key') { $secret_key = $result->value; } if ($result->credential == 'redirect_url') { $redirect_url = $result->value; } } } if ($application_key != '' && $secret_key != '' && $redirect_url != '' && isset($_SESSION['auth_button_clicked']) && $_SESSION['auth_button_clicked'] == 1) { //include WP_PLUGIN_DIR."/invoice-sync-for-xero-and-wpecommerce/xero_library/tests/testRunner.php"; //echo plugin_dir_path( __FILE__ ).'xero_library/lib/XeroOAuth.php'; //exit; require plugin_dir_path(__FILE__) . 'xero_library/lib/XeroOAuth.php'; $signatures = array('consumer_key' => $application_key, 'shared_secret' => $secret_key, 'core_version' => '2.0', 'payroll_version' => '1.0', 'file_version' => '1.0'); if (XRO_APP_TYPE == "Private" || XRO_APP_TYPE == "Partner") { $signatures['rsa_private_key'] = $target_directory . '/xero_invoice/private_keys/privatekey.pem'; $signatures['rsa_public_key'] = $target_directory . '/xero_invoice/private_keys/publickey.cer'; } $XeroOAuth = new XeroOAuth(array_merge(array('application_type' => XRO_APP_TYPE, 'oauth_callback' => OAUTH_CALLBACK, 'user_agent' => $useragent), $signatures)); include plugin_dir_path(__FILE__) . 'xero_library/tests/testRunner.php'; $suceess_message = ''; $initialCheck = $XeroOAuth->diagnostics(); $checkErrors = count($initialCheck); if ($checkErrors > 0) { echo '<div class="error_msg" style="color:red;">'; // you could handle any config errors here, or keep on truckin if you like to live dangerously foreach ($initialCheck as $check) { echo 'Error: ' . $check . PHP_EOL; } echo '</div>'; } else { $session = persistSession(array('oauth_token' => $XeroOAuth->config['consumer_key'], 'oauth_token_secret' => $XeroOAuth->config['shared_secret'], 'oauth_session_handle' => '')); $oauthSession = retrieveSession(); if (isset($oauthSession['oauth_token'])) { $suceess_message = '<div class="success_message" style="color:green; font-size:15px;">Authenticated Successfully</div>'; $XeroOAuth->config['access_token'] = $oauthSession['oauth_token']; $XeroOAuth->config['access_token_secret'] = $oauthSession['oauth_token_secret']; include plugin_dir_path(__FILE__) . 'xero_library/tests/tests.php'; $wpdb->delete("{$wpdb->prefix}" . "xero_auth", array('credential' => 'oauth_token')); // Delete and add new auth token and secret token to DB $wpdb->insert("{$wpdb->prefix}" . "xero_auth", array('credential' => 'oauth_token', 'value' => $_SESSION['access_token']), array('%s', '%s')); $wpdb->delete("{$wpdb->prefix}" . "xero_auth", array('credential' => 'oauth_token_secret')); $wpdb->insert("{$wpdb->prefix}" . "xero_auth", array('credential' => 'oauth_token_secret', 'value' => $_SESSION['oauth_token_secret']), array('%s', '%s')); testLinks(); } } } ?> <?php if (isset($suceess_message) && $suceess_message != '') { echo $suceess_message; } ?> <div class="xero_input_form"> <?php if (isset($_SESSION['oauth'])) { echo $_SESSION['oauth']; } ?> <form action="" method="post" enctype="multipart/form-data"> <div class="xero_credentials"> <div class="input_fields" style="clear:left;"> <div class="input_label">Consumer Key</div> <input type="text" name="application_key" value="<?php echo $application_key; ?> " style="width:350px;" required > <a style=" color: red; font-size: 20px; font-weight: bold; margin-left: 10px; padding-top: 7px; width: 20px;" title="Click here to find steps to create xero application" href="http://developer.xero.com/documentation/getting-started/private-applications/#title2" target="_blank">?</a> </div> <div class="input_fields" style="clear:left;"> <div class="input_label">Consumer Secret</div> <input type="text" name="secret_key" value="<?php echo $secret_key; ?> " style="width:350px;" required> </div> <div class="input_fields" style="clear:left;"> <div class="input_label">Private key</div> <input type="file" name="fileToUpload" id="fileToUpload" style="width: 351px;float: left;background-color: rgb(255, 255, 255);border: 1px solid rgb(221, 221, 221);" required> <a style=" color: red; float: left; font-size: 20px; font-weight: bold; margin-left: 10px; padding-top: 7px; width: 20px;" title="Click here to find steps to create private key" href="http://developer.xero.com/documentation/advanced-docs/public-private-keypair/" target="_blank">?</a> </div> <div class="input_fields" style="clear:left;margin-top: 46px;"> <input type="submit" name="save_data" value="Authenticate" style="background-color: #87CEEB;border-radius: 5px;height: 45px;font-size: 17px;margin-left: 233px;"> </div> </div> </form> </div> <?php }
$XeroOAuth->config['access_token'] = $_SESSION['oauth']['oauth_token']; $XeroOAuth->config['access_token_secret'] = $_SESSION['oauth']['oauth_token_secret']; $code = $XeroOAuth->request('GET', $XeroOAuth->url('AccessToken', ''), array('oauth_verifier' => $_REQUEST['oauth_verifier'], 'oauth_token' => $_REQUEST['oauth_token'])); if ($XeroOAuth->response['code'] == 200) { $response = $XeroOAuth->extract_params($XeroOAuth->response['response']); $session = persistSession($response); unset($_SESSION['oauth']); header("Location: {$here}"); } else { outputError($XeroOAuth); } // start the OAuth dance } elseif (isset($_REQUEST['authenticate']) || isset($_REQUEST['authorize'])) { $params = array('oauth_callback' => OAUTH_CALLBACK); $response = $XeroOAuth->request('GET', $XeroOAuth->url('RequestToken', ''), $params); if ($XeroOAuth->response['code'] == 200) { $scope = ""; // $scope = 'payroll.payrollcalendars,payroll.superfunds,payroll.payruns,payroll.payslip,payroll.employees,payroll.TaxDeclaration'; if ($_REQUEST['authenticate'] > 1) { $scope = 'payroll.employees,payroll.payruns'; } print_r($XeroOAuth->extract_params($XeroOAuth->response['response'])); $_SESSION['oauth'] = $XeroOAuth->extract_params($XeroOAuth->response['response']); $authurl = $XeroOAuth->url("Authorize", '') . "?oauth_token={$_SESSION['oauth']['oauth_token']}&scope=" . $scope; echo '<p>To complete the OAuth flow follow this URL: <a href="' . $authurl . '">' . $authurl . '</a></p>'; } else { outputError($XeroOAuth); } } testLinks(); }
if (isset($parsedOptions["omit-paths"])) { $omitPaths = explode(",", $parsedOptions["omit-paths"]); $crawler->addOmitPaths($omitPaths); } if (isset($parsedOptions["omit-pages"])) { $omitPages = explode(",", $parsedOptions["omit-pages"]); $crawler->addOmitPages($omitPages); } $crawler->crawl(); $links = $crawler->getLinks(TRUE); //Takes away all crawled links without any parameters (useless to us ... to this date) filterLinksWithoutParameters($links); $logger->setPrepend("[aidSQL]"); //Test crawled links testLinks($links, $httpAdapter, $cmdParser, $logger); $logger->setPrepend(""); } } else { //If urlvars was specified we will do whatever the user tells us to do $links = array($parsedOptions["url"] => $parsedOptions["urlvars"]); } } catch (Exception $e) { $logger->log($e->getMessage(), 1, "light_red"); usageShort($logger); } if (!sizeof($links)) { $logger->log("Not enough links / No valid links (i.e no parameters) to perform injection :("); exit(1); } testLinks($links, $httpAdapter, $cmdParser, $logger);