TrxShell [ woocommerce.addifypro.com ]

Name	Size	Permission
.pkexec	[ DIR ]	drwxr-xr-x
GCONV_PATH=.	[ DIR ]	drwxr-xr-x
inc	[ DIR ]	drwxr-xr-x
.htaccess	420 B	-rw-r--r--
.mad-root	0 B	-rw-r--r--
error_log	525 B	-rw-r--r--
generate_token.php	1.55 KB	-rw-r--r--
install.php	476 B	-rw-r--r--
phptestapp_function.php	5.59 KB	-rw-r--r--
pwnkit	10.99 KB	-rwxr-xr-x

Code Editor : generate_token.php

<?php
// Get our helper functions
require_once("inc/functions.php");

// Set variables for our request
$api_key = "8b5c6cf9639b8697b7979757e6bb9da2";
$shared_secret = "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";

$params = $_GET; // Retrieve all request parameters
$hmac = $_GET['hmac']; // Retrieve HMAC request parameter

$params = array_diff_key($params, array('hmac' => '')); // Remove hmac from params
ksort($params); // Sort params lexographically
$computed_hmac = hash_hmac('sha256', http_build_query($params), $shared_secret);

// Use hmac data to check that the response is from Shopify or not
if (hash_equals($hmac, $computed_hmac)) {
	// Set variables for our request
	$query = array(
		"client_id" => $api_key, // Your API key
		"client_secret" => $shared_secret, // Your app credentials (secret key)
		"code" => $params['code'] // Grab the access key from the URL
	);
	// Generate access token URL
	$access_token_url = "https://" . $params['shop'] . "/admin/oauth/access_token";
	// Configure curl client and execute request
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_URL, $access_token_url);
	curl_setopt($ch, CURLOPT_POST, count($query));
	curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($query));
	$result = curl_exec($ch);
	curl_close($ch);
	// Store the access token
	$result = json_decode($result, true);
	$access_token = $result['access_token'];
	// Show the access token (don't do this in production!)
	echo $access_token;
} else {
	// Someone is trying to be shady!
	die('This request is NOT from Shopify!');
}

${this.title}

Code Editor : generate_token.php