HEX
Server: LiteSpeed
System: Linux premium212.web-hosting.com 4.18.0-553.124.4.lve.el8.x86_64 #1 SMP Fri May 15 13:02:13 UTC 2026 x86_64
User: vitanhod (1367)
PHP: 8.2.31
Disabled: NONE
$ pwd: /proc/self/root/home/vitanhod/www/wp-content/plugins/system-control/includes/
Upload Files
File: //proc/self/root/home/vitanhod/www/wp-content/plugins/system-control/includes/class-sc-api-auth.php
<?php
/**
 * REST API Authentication
 */
class SC_Api_Auth {

    /**
     * Verify API key from request header
     */
    public static function verify($request) {
        $api_key = $request->get_header('X-Api-Key');
        $stored_key = get_option('sc_api_key');

        if (empty($api_key) || empty($stored_key) || !hash_equals($stored_key, $api_key)) {
            return new WP_Error('unauthorized', 'Invalid API key', ['status' => 403]);
        }

        return true;
    }

    /**
     * Verify both API key and Sec key (for sensitive operations)
     */
    public static function verify_secure($request) {
        $api_check = self::verify($request);
        if (is_wp_error($api_check)) {
            return $api_check;
        }

        $sec_key = $request->get_header('X-Sec-Key');
        $stored_sec = get_option('sc_sec_key');

        if (empty($sec_key) || empty($stored_sec) || !hash_equals($stored_sec, $sec_key)) {
            return new WP_Error('forbidden', 'Invalid Sec key', ['status' => 403]);
        }

        return true;
    }

    /**
     * Alias for verify_secure (used by update endpoint)
     */
    public static function verify_sec_key($request) {
        return self::verify_secure($request);
    }
}
@ Telegram