Skip to content

Instantly share code, notes, and snippets.

@valdeir2000

valdeir2000/api_permission.ocmod.xml

Last active July 18, 2018 20:37
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save valdeir2000/885a069ec6f1a8d29672 to your computer and use it in GitHub Desktop.
Save valdeir2000/885a069ec6f1a8d29672 to your computer and use it in GitHub Desktop.
Download ZIP
Require vqmod; Search for "My-IP" and replace the temporary url or site IP.
Raw
api_permission.ocmod.xml
<?xml version="1.0" encoding="utf-8"?>
<modification>
<name>API Permission</name>
<code>valdeir_api_permission</code>
<version>1.1</version>
<author>Valdeir Santana</author>
<link>http://www.valdeirsantana.com.br</link>
<file path="admin/controller/sale/order.php">
<operation>
<search>
<![CDATA[$url = HTTPS_CATALOG;]]>
</search>
<add position="replace">
<![CDATA[ $url = "http://MY-IP/";]]>
</add>
</operation>
<operation>
<search>
<![CDATA[curl_setopt($curl, CURLOPT_HEADER, false);]]>
</search>
<add position="before">
<![CDATA[ $url_data['api_id'] = $this->db->query('SELECT `api_id` FROM `' . DB_PREFIX . 'api` WHERE `username` = "' . $this->db->escape($this->user->getUserName()) . '" AND `status` = 1')->row['api_id'];]]>
</add>
</operation>
<operation>
<search>
<![CDATA[if (isset($this->session->data['cookie']) && isset($this->request->get['api'])) {]]>
</search>
<add position="replace">
<![CDATA[ if (isset($this->request->get['api'])) {]]>
</add>
</operation>
<operation>
<search index="2">
<![CDATA[curl_setopt($curl, CURLOPT_COOKIE, session_name() . '=' . $this->session->data['cookie'] . ';');]]>
</search>
<add position="replace">
<![CDATA[
if (isset($this->request->get['order_id'])) {
$this->session->data['cookie'] = $this->request->get['order_id'];
} else {
$this->session->data['cookie'] = (string)uniqid();
}
$this->session->data['cookie'] = $this->session->data['token'];
curl_setopt($curl, CURLOPT_COOKIE, session_name() . '=' . $this->session->data['cookie'] . ';');
]]>
</add>
</operation>
<operation>
<search index="1">
<![CDATA[curl_setopt($curl, CURLOPT_URL, HTTPS_CATALOG . 'index.php?route=api/login');]]>
</search>
<add position="replace">
<![CDATA[curl_setopt($curl, CURLOPT_URL, 'http://MY-IP/index.php?route=api/order/add');]]>
</add>
</operation>
<operation>
<search index="2">
<![CDATA[curl_setopt($curl, CURLOPT_URL, HTTPS_CATALOG . 'index.php?route=api/login');]]>
</search>
<add position="replace">
<![CDATA[$url_data['order_id'] = $this->request->get['order_id'];
curl_setopt($curl, CURLOPT_URL, 'http://MY-IP/index.php?route=api/order/delete' . ($url_data ? '&' . http_build_query($url_data) : ''));]]>
</add>
</operation>
<operation>
<search index="3">
<![CDATA[curl_setopt($curl, CURLOPT_URL, HTTPS_CATALOG . 'index.php?route=api/order/delete&order_id=' . $this->request->get['order_id']);]]>
</search>
<add position="replace">
<![CDATA[curl_setopt($curl, CURLOPT_URL, 'http://MY-IP/index.php?route=api/order/delete&order_id=' . $this->request->get['order_id']);]]>
</add>
</operation>
<operation>
<search index="4">
<![CDATA[curl_setopt($curl, CURLOPT_URL, HTTPS_CATALOG . 'index.php?route=api/login');]]>
</search>
<add position="replace">
<![CDATA[curl_setopt($curl, CURLOPT_URL, 'http://MY-IP/index.php?route=api/login');]]>
</add>
</operation>
</file>
<file path="catalog/controller/api/*.php">
<operation error="skip">
<search>
<![CDATA[if (!isset($this->session->data['api_id'])) {]]>
</search>
<add position="replace">
<![CDATA[if (!isset($this->request->get['api_id'])) {
$psr_status = false;
}
else {
$psr_status = (bool)$this->db->query("SELECT * FROM `" . DB_PREFIX . "api` WHERE api_id = '" . (int)$this->request->get['api_id'] . "'")->num_rows;
}
if (!$psr_status) {]]>
</add>
</operation>
</file>
</modification>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment