HEX
Server: Apache/2.4.59 (Debian)
System: Linux keymana 4.19.0-21-cloud-amd64 #1 SMP Debian 4.19.249-2 (2022-06-30) x86_64
User: lijunjie (1003)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /var/www/html/wp-content/themes/ormedia/
Upload Files
File: /var/www/html/wp-content/themes/ormedia/page-api-alert-data.php
<?php
//Template Name: api-alert-data

// ini_set('display_errors',1);            //错误信息
// ini_set('display_startup_errors',1);    //php启动错误信息
// error_reporting(E_ALL);
get_header('app');
session_start();

require_once 'key_alert_functions.php';

$user = wp_get_current_user();

$allheader = getallheaders();
$token = $allheader['token'];

if (isset($_REQUEST['action'])) {
    $a = $_REQUEST['action'];
} else {
    $a = "";
}

$dir = get_template_directory_uri();
if (!isset($_REQUEST['page'])) {
    $first_separator = strpos($a, "_");
    $c = substr($a, $first_separator + 1);
} else {
    $c = "";
}
$rv->get_action = $_GET['action'];
$rv->post_action = $_POST['action'];

$rv = new stdClass();
if ($user->ID != 4 || $_REQUEST['debug'] != 1) {
    $has_token = has_token($token);
    if ($has_token) {
        $uid = $has_token->id;
        $varify_flag = JwtAuthClass::verifyToken($token);
        if ($varify_flag == 1) {
        } else if ($varify_flag == 0) {
            $payload_new =
                array(
                    'iss' => 'keylab',
                    'iat' => time(),
                    'exp' => time() + 3600*24*365*20,
                    'nbf' => time() + 3600*24*365*20,
                    // 'exp' => time() + 60*10,
                    // 'nbf' => time() + 60*10 + 3600 * 24 * 7,
                    'sub' => 'keylab.cc',
                    'jti' => md5(uniqid('JWT') . time())
                );
            $token_new = JwtAuthClass::getToken($payload_new);

            u_token($uid, $token_new);

            // 已刷新
            $rv->token = $token_new;
            insert_log($_REQUEST['uid'], $token_new, 1, get_request_string(), "token已刷新");
        } else {
            // 完全過期
            $rv->rc = -100;
            $rv->msg = 'token expired';
            insert_log($_REQUEST['uid'], $token, -1, get_request_string(), "token已過期");
            echo json_encode($rv);
            exit();
        }
    } else {
        $rv->rc = -100;
        $rv->msg = 'error token';
        insert_log($_REQUEST['uid'], $token, -2, get_request_string(), "token錯誤");
        echo json_encode($rv);
        exit();
    }
}
$file = $dir . '/keyAlertData/' . $c . '/' . $a . '.php?checking_api_file=true';

$file_headers = @get_headers($file); //检测是否存在此文件
if (strpos($file_headers[0], 'OK') > -1) {
    global $wpdb;
    include 'keyAlertData/' . $c . '/' . $a . '.php';
    exit();
} else {
    $rv = new stdClass();
    $rv->rc = -255;
    $rv->msg = $file_headers[0];
    $rv->file = $file;
    echo json_encode($rv);
}
@ Telegram