function isxwpe_xero_settings_menu()
{
//Function to collect api credentials and authenticate
global $wpdb;
echo '<h3>Xero Authentication</h3>';
$useragent = "XeroOAuth-PHP Private App Test";
$application_key = $secret_key = '';
$redirect_url = admin_url() . 'admin.php?page=invoice-sync-for-xero-and-wpecommerce/xero-invoice.php';
$target_directorys = wp_upload_dir();
$target_directory = $target_directorys['basedir'];
if (isset($_POST['save_data'])) {
$application_key = $_POST['application_key'];
$secret_key = $_POST['secret_key'];
//$redirect_url = $_POST['redirect_url'];
//print_r($target_directory);
if (!file_exists($target_directory . '/xero_invoice/private_keys')) {
mkdir($target_directory . '/xero_invoice/', 0777, true);
mkdir($target_directory . '/xero_invoice/private_keys', 0777, true);
}
copy(plugin_dir_path(__FILE__) . 'xero_library/certs/publickey.cer', $target_directory . '/xero_invoice/private_keys/publickey.cer');
$target_dir = $target_directory . '/xero_invoice/private_keys/';
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file);
$results = $wpdb->get_results("SELECT * FROM {$wpdb->prefix}" . "xero_auth");
if (!empty($results)) {
// delete old auth details from DB
$wpdb->delete("{$wpdb->prefix}" . "xero_auth", array('credential' => 'application_key'));
$wpdb->delete("{$wpdb->prefix}" . "xero_auth", array('credential' => 'secret_key'));
}
// Save new auth credentials to db
$wpdb->insert("{$wpdb->prefix}" . "xero_auth", array('credential' => 'application_key', 'value' => $application_key), array('%s', '%s'));
$wpdb->insert("{$wpdb->prefix}" . "xero_auth", array('credential' => 'secret_key', 'value' => $secret_key), array('%s', '%s'));
?>
<style>
.xero_input_form {
display:none;
}
</style>
<?php
$_SESSION['auth_button_clicked'] = 1;
}
$results = $wpdb->get_results("SELECT * FROM {$wpdb->prefix}" . "xero_auth");
if (!empty($results)) {
foreach ($results as $result) {
if ($result->credential == 'application_key') {
$application_key = $result->value;
}
if ($result->credential == 'secret_key') {
$secret_key = $result->value;
}
if ($result->credential == 'redirect_url') {
$redirect_url = $result->value;
}
}
}
if ($application_key != '' && $secret_key != '' && $redirect_url != '' && isset($_SESSION['auth_button_clicked']) && $_SESSION['auth_button_clicked'] == 1) {
//include WP_PLUGIN_DIR."/invoice-sync-for-xero-and-wpecommerce/xero_library/tests/testRunner.php";
//echo plugin_dir_path( __FILE__ ).'xero_library/lib/XeroOAuth.php';
//exit;
require plugin_dir_path(__FILE__) . 'xero_library/lib/XeroOAuth.php';
$signatures = array('consumer_key' => $application_key, 'shared_secret' => $secret_key, 'core_version' => '2.0', 'payroll_version' => '1.0', 'file_version' => '1.0');
if (XRO_APP_TYPE == "Private" || XRO_APP_TYPE == "Partner") {
$signatures['rsa_private_key'] = $target_directory . '/xero_invoice/private_keys/privatekey.pem';
$signatures['rsa_public_key'] = $target_directory . '/xero_invoice/private_keys/publickey.cer';
}
$XeroOAuth = new XeroOAuth(array_merge(array('application_type' => XRO_APP_TYPE, 'oauth_callback' => OAUTH_CALLBACK, 'user_agent' => $useragent), $signatures));
include plugin_dir_path(__FILE__) . 'xero_library/tests/testRunner.php';
$suceess_message = '';
$initialCheck = $XeroOAuth->diagnostics();
$checkErrors = count($initialCheck);
if ($checkErrors > 0) {
echo '<div class="error_msg" style="color:red;">';
// you could handle any config errors here, or keep on truckin if you like to live dangerously
foreach ($initialCheck as $check) {
echo 'Error: ' . $check . PHP_EOL;
}
echo '</div>';
} else {
$session = persistSession(array('oauth_token' => $XeroOAuth->config['consumer_key'], 'oauth_token_secret' => $XeroOAuth->config['shared_secret'], 'oauth_session_handle' => ''));
$oauthSession = retrieveSession();
if (isset($oauthSession['oauth_token'])) {
$suceess_message = '<div class="success_message" style="color:green; font-size:15px;">Authenticated Successfully</div>';
$XeroOAuth->config['access_token'] = $oauthSession['oauth_token'];
$XeroOAuth->config['access_token_secret'] = $oauthSession['oauth_token_secret'];
include plugin_dir_path(__FILE__) . 'xero_library/tests/tests.php';
$wpdb->delete("{$wpdb->prefix}" . "xero_auth", array('credential' => 'oauth_token'));
// Delete and add new auth token and secret token to DB
$wpdb->insert("{$wpdb->prefix}" . "xero_auth", array('credential' => 'oauth_token', 'value' => $_SESSION['access_token']), array('%s', '%s'));
$wpdb->delete("{$wpdb->prefix}" . "xero_auth", array('credential' => 'oauth_token_secret'));
$wpdb->insert("{$wpdb->prefix}" . "xero_auth", array('credential' => 'oauth_token_secret', 'value' => $_SESSION['oauth_token_secret']), array('%s', '%s'));
testLinks();
}
}
}
?>
<?php
if (isset($suceess_message) && $suceess_message != '') {
echo $suceess_message;
}
?>
<div class="xero_input_form">
<?php
if (isset($_SESSION['oauth'])) {
echo $_SESSION['oauth'];
}
?>
<form action="" method="post" enctype="multipart/form-data">
<div class="xero_credentials">
<div class="input_fields" style="clear:left;">
<div class="input_label">Consumer Key</div>
<input type="text" name="application_key" value="<?php
echo $application_key;
?>
" style="width:350px;" required >
<a style=" color: red; font-size: 20px; font-weight: bold; margin-left: 10px; padding-top: 7px; width: 20px;" title="Click here to find steps to create xero application" href="http://developer.xero.com/documentation/getting-started/private-applications/#title2" target="_blank">?</a>
</div>
<div class="input_fields" style="clear:left;">
<div class="input_label">Consumer Secret</div>
<input type="text" name="secret_key" value="<?php
echo $secret_key;
?>
" style="width:350px;" required>
</div>
<div class="input_fields" style="clear:left;">
<div class="input_label">Private key</div>
<input type="file" name="fileToUpload" id="fileToUpload" style="width: 351px;float: left;background-color: rgb(255, 255, 255);border: 1px solid rgb(221, 221, 221);" required>
<a style=" color: red; float: left; font-size: 20px; font-weight: bold; margin-left: 10px; padding-top: 7px; width: 20px;" title="Click here to find steps to create private key" href="http://developer.xero.com/documentation/advanced-docs/public-private-keypair/" target="_blank">?</a>
</div>
<div class="input_fields" style="clear:left;margin-top: 46px;">
<input type="submit" name="save_data" value="Authenticate" style="background-color: #87CEEB;border-radius: 5px;height: 45px;font-size: 17px;margin-left: 233px;">
</div>
</div>
</form>
</div>
<?php
}
$XeroOAuth->config['access_token'] = $_SESSION['oauth']['oauth_token'];
$XeroOAuth->config['access_token_secret'] = $_SESSION['oauth']['oauth_token_secret'];
$code = $XeroOAuth->request('GET', $XeroOAuth->url('AccessToken', ''), array('oauth_verifier' => $_REQUEST['oauth_verifier'], 'oauth_token' => $_REQUEST['oauth_token']));
if ($XeroOAuth->response['code'] == 200) {
$response = $XeroOAuth->extract_params($XeroOAuth->response['response']);
$session = persistSession($response);
unset($_SESSION['oauth']);
header("Location: {$here}");
} else {
outputError($XeroOAuth);
}
// start the OAuth dance
} elseif (isset($_REQUEST['authenticate']) || isset($_REQUEST['authorize'])) {
$params = array('oauth_callback' => OAUTH_CALLBACK);
$response = $XeroOAuth->request('GET', $XeroOAuth->url('RequestToken', ''), $params);
if ($XeroOAuth->response['code'] == 200) {
$scope = "";
// $scope = 'payroll.payrollcalendars,payroll.superfunds,payroll.payruns,payroll.payslip,payroll.employees,payroll.TaxDeclaration';
if ($_REQUEST['authenticate'] > 1) {
$scope = 'payroll.employees,payroll.payruns';
}
print_r($XeroOAuth->extract_params($XeroOAuth->response['response']));
$_SESSION['oauth'] = $XeroOAuth->extract_params($XeroOAuth->response['response']);
$authurl = $XeroOAuth->url("Authorize", '') . "?oauth_token={$_SESSION['oauth']['oauth_token']}&scope=" . $scope;
echo '<p>To complete the OAuth flow follow this URL: <a href="' . $authurl . '">' . $authurl . '</a></p>';
} else {
outputError($XeroOAuth);
}
}
testLinks();
}
if (isset($parsedOptions["omit-paths"])) {
$omitPaths = explode(",", $parsedOptions["omit-paths"]);
$crawler->addOmitPaths($omitPaths);
}
if (isset($parsedOptions["omit-pages"])) {
$omitPages = explode(",", $parsedOptions["omit-pages"]);
$crawler->addOmitPages($omitPages);
}
$crawler->crawl();
$links = $crawler->getLinks(TRUE);
//Takes away all crawled links without any parameters (useless to us ... to this date)
filterLinksWithoutParameters($links);
$logger->setPrepend("[aidSQL]");
//Test crawled links
testLinks($links, $httpAdapter, $cmdParser, $logger);
$logger->setPrepend("");
}
} else {
//If urlvars was specified we will do whatever the user tells us to do
$links = array($parsedOptions["url"] => $parsedOptions["urlvars"]);
}
} catch (Exception $e) {
$logger->log($e->getMessage(), 1, "light_red");
usageShort($logger);
}
if (!sizeof($links)) {
$logger->log("Not enough links / No valid links (i.e no parameters) to perform injection :(");
exit(1);
}
testLinks($links, $httpAdapter, $cmdParser, $logger);
