CVE-2023-3249: class-moweb3flowhandler.php in web3-authentication/tags/2.6.0/classes/common/Web3/controller – WordPress Plugin Repository

1<?php2/**3 * Core4 *5 * Create MoWeb3 Method Controller.6 *7 * @category Common, Core8 * @package MoWeb3\controller9 * @author miniOrange [email protected]10 * @license MIT/Expat11 * @link https://miniorange.com12 */1314namespace MoWeb3\controller;1516if ( ! defined( ‘ABSPATH’ ) ) {17 exit;18}19require_once realpath( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . ‘…’ . DIRECTORY_SEPARATOR . ‘lib’ . DIRECTORY_SEPARATOR . ‘Keccak’ . DIRECTORY_SEPARATOR . ‘Keccak.php’ );20require_once realpath( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . ‘…’ . DIRECTORY_SEPARATOR . ‘lib’ . DIRECTORY_SEPARATOR . ‘Elliptic’ . DIRECTORY_SEPARATOR . ‘EC.php’ );21require_once realpath( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . ‘…’ . DIRECTORY_SEPARATOR . ‘lib’ . DIRECTORY_SEPARATOR . ‘Elliptic’ . DIRECTORY_SEPARATOR . ‘Curves.php’ );22require_once realpath( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . ‘…’ . DIRECTORY_SEPARATOR . ‘lib’ . DIRECTORY_SEPARATOR . ‘Base32’ . DIRECTORY_SEPARATOR . ‘class-base32.php’ );2324use Elliptic\EC;25use kornrunner\Keccak;26use Base32\Base32;27use MoWeb3\MoWeb3Utils;2829if ( ! class_exists( ‘MoWeb3\controller\MoWeb3FlowHandler’ ) ) {30 /**31 * Class to Create MoWeb3 Controller32 *33 * @category Common, Core34 * @package MoWeb3\controller35 * @author miniOrange [email protected]36 * @license MIT/Expat37 * @link https://miniorange.com38 */39 class MoWeb3FlowHandler {40 /**41 * Instance of utils class42 *43 * @var $utils44 */45 private $utils;4647 /**48 * Testing wallet address for content restriction49 *50 * @var $is_testing_wallet_address51 */52 private $is_testing_wallet_address;53 /**54 * Contructor55 */56 public function __construct() {5758 $this->utils = new \MoWeb3\MoWeb3Utils();59 $this->is_testing_wallet_address = false;// "0x3D9B0A7ef1CcEAda457001A6d51F28FF61E39904";6061 add_action( 'wp_ajax_nopriv_type_of_request’, array( $this, ‘type_of_request’ ) );62 add_action( 'wp_ajax_type_of_request’, array( $this, ‘type_of_request’ ) );6364 add_action( 'init’, array( $this, ‘hidden_form_data’ ) );65 add_action( 'admin_init’, array( $this, ‘toggle_crypto_wallet_button_display’ ) );66 add_action( 'admin_init’, array( $this, ‘change_display_button_text’ ) );67 add_action( 'admin_init’, array( $this, ‘nft_save_setting’ ) );68 }69 /**70 * Save crypto wallet display settings71 */72 public function toggle_crypto_wallet_button_display() {7374 if ( isset( $_POST[‘mo_web3_multiple_button_display_nonce’] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST[‘mo_web3_multiple_button_display_nonce’] ) ), ‘mo_web3_multiple_button_display’ ) ) {7576 $mo_web3_display_multiple_button = array();7778 global $mo_web3_util;7980 $multiple_crypto_wallet = $mo_web3_util->get_multiple_crypto_wallet();8182 foreach ( $multiple_crypto_wallet as $key => $value ) {83 $name = $value[‘id’];84 $check = isset( $_POST[ $name ] ) ? sanitize_text_field( wp_unslash( $_POST[ $name ] ) ) : '’;85 $mo_web3_display_multiple_button[ $name ] = $check;86 }8788 $this->utils->mo_web3_update_option( 'mo_web3_display_multiple_button’, $mo_web3_display_multiple_button );8990 }91 }9293 /**94 * Save content restriction form settings95 */96 public function nft_save_setting() {9798 if ( isset( $_POST[‘mo_web3_content_restriction_nonce’] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST[‘mo_web3_content_restriction_nonce’] ) ), ‘mo_web3_content_restriction’ ) ) {99100 $page_url = isset( $_POST[‘pageUrl’] ) ? sanitize_text_field( wp_unslash( $_POST[‘pageUrl’] ) ) : '’;101 $contract_address = isset( $_POST[‘contractAddress’] ) ? sanitize_text_field( wp_unslash( $_POST[‘contractAddress’] ) ) : '’;102 $blockchain = isset( $_POST[‘blockchain’] ) ? sanitize_text_field( wp_unslash( $_POST[‘blockchain’] ) ) : '’;103104 $page_id = url_to_postid( $page_url );105106 if ( 0 === $page_id ) {107 global $mo_web3_util;108 $mo_web3_util->mo_web3_update_option( \MoWeb3Constants::PANEL_MESSAGE_OPTION, ‘Page URL: ' . $page_url . ' does not exists!!’ );109 $mo_web3_util->mo_web3_show_error_message();110 } else {111112 $this->utils->mo_web3_update_option(113 'mo_web3_nft_settings’,114 array(115116 ‘pageID’ => $page_id,117 ‘contractAddress’ => $contract_address,118 ‘blockchain’ => $blockchain,119120 )121 );122123 global $mo_web3_util;124 $mo_web3_util->mo_web3_update_option( \MoWeb3Constants::PANEL_MESSAGE_OPTION, ‘NFT setting saved’ );125 $mo_web3_util->mo_web3_show_success_message();126127 }128 }129 }130131132 /**133 * Save custom text of crypto login button134 */135 public function change_display_button_text() {136137 if ( isset( $_POST[‘mo_web3_button_custom_text_nonce’] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST[‘mo_web3_button_custom_text_nonce’] ) ), ‘mo_web3_button_custom_text’ ) ) {138139 $button_text = isset( $_POST[‘mo_web3_button_custom_text’] ) ? sanitize_text_field( wp_unslash( $_POST[‘mo_web3_button_custom_text’] ) ) : 'Login with CryptoWallet’;140141 $this->utils->mo_web3_update_option( 'mo_web3_button_custom_text’, $button_text );142 global $mo_web3_util;143 $mo_web3_util->mo_web3_update_option( \MoWeb3Constants::PANEL_MESSAGE_OPTION, ‘Login Button Text Changed!’ );144 $mo_web3_util->mo_web3_show_success_message();145146 }147148 }149150 /**151 * Save status of user’s NFTs152 */153 public function hidden_form_data() {154155 if ( isset( $_POST[‘mo_web3_hiddenform_nonce’] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST[‘mo_web3_hiddenform_nonce’] ) ), ‘mo_web3_wp_nonce’ ) ) {156157 $address = isset( $_POST[‘address’] ) ? sanitize_text_field( wp_unslash( $_POST[‘address’] ) ) : '’;158 $nonce = isset( $_POST[‘nonce’] ) ? sanitize_text_field( wp_unslash( $_POST[‘nonce’] ) ) : '’;159 $has_nft = isset( $_POST[‘checkNft’] ) ? sanitize_text_field( wp_unslash( $_POST[‘checkNft’] ) ) : '’;160161 $stored_nonce = $this->utils->mo_web3_get_transient( $address );162163 if ( $nonce === $stored_nonce ) {164165 $this->utils->mo_web3_user_check( $address );166 $wallet_address = $address;167168 $user = get_user_by( 'login’, $address );169170 clean_user_cache( $user->ID );171 wp_clear_auth_cookie();172 wp_set_current_user( $user->ID );173 wp_set_auth_cookie( $user->ID, true );174 update_user_caches( $user );175176 if ( $this->is_testing_wallet_address ) {// for testing purpose.177 $address = $this->is_testing_wallet_address;178 }179180 do_action( 'wp_login’, $user->data->user_login, $user );181182 $key = $user->ID . '_owned_nft’;183 update_user_meta( $user->ID, $key, $has_nft );184 update_user_meta( $user->ID, 'wallet_address’, $wallet_address );185186 $nonce = uniqid();187 $expiration = 24 * 60 * 60;188189 $this->utils->mo_web3_set_transient( $address, $nonce, $expiration );190191 if ( wp_safe_redirect( site_url() ) ) {192 exit;193 } else {194 wp_send_json( ‘NOT ABLE TO REDIRECT’ );195 }196 exit();197 }198 } elseif ( isset( $_POST[‘mo_web3_hiddenform_submission_nonce’] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST[‘mo_web3_hiddenform_submission_nonce’] ) ), ‘mo_web3_wp_nonce’ ) ) {199200 // special case handle for perawallet, phantom, as signature concept is not present in these wallet login201 // update: this no longer handles MyAlgo wallet.202 $address = isset( $_POST[‘address’] ) ? sanitize_text_field( wp_unslash( $_POST[‘address’] ) ) : '’;203 $this->utils->mo_web3_user_check( $address );204 $user = get_user_by( 'login’, $address );205 clean_user_cache( $user->ID );206 wp_clear_auth_cookie();207 wp_set_current_user( $user->ID );208 wp_set_auth_cookie( $user->ID, true );209 update_user_caches( $user );210211 if ( wp_safe_redirect( site_url() ) ) {212 exit;213 } else {214 wp_send_json( ‘NOT ABLE TO REDIRECT’ );215 }216 exit;217 }218 }219220 /**221 * Fetch balance through API for Eth & Poly222 *223 * @param string $contract_address NFT contract address.224 * @param string $wallet_address user’s wallet address.225 * @param string $chain contract deployed chain name.226 */227 public function get_ethereum_or_polygon_api_data( $contract_address, $wallet_address, $chain ) {228229 $url = null;230 $response = null;231 $args = array(232 ‘headers’ => array(233 ‘Content-Type’ => 'application/json’,234 ‘Authorization’ => \MoWeb3Constants::NFT_PORT_AUTHORIZATION_KEY,235 ),236 );237 $url = \MoWeb3Constants::NFT_PORT_API . ‘accounts/’ . $wallet_address . ‘?chain=’ . $chain . ‘&contract_address=’ . $contract_address;238 $response = wp_remote_get( $url, $args );239 return $response;240 }241 /**242 * Fetch balance through API for Solana243 *244 * @param string $wallet_address user’s wallet address.245 * @param string $solana_field_key solana field key can be hash, collection key or collection id.246 * @param string $solana_field_value solana field value.247 */248 public function get_solana_api_data( $wallet_address, $solana_field_key, $solana_field_value ) {249250 $url = null;251 $response = null;252 $args = array(253 ‘headers’ => array(254 ‘Content-Type’ => 'application/json’,255 ‘Authorization’ => \MoWeb3Constants::NFT_PORT_AUTHORIZATION_KEY,256 ),257 );258259 if ( ‘solanaMintAddress’ === $solana_field_key ) {260 $url = \MoWeb3Constants::NFT_PORT_API . "solana/nft/{$solana_field_value}";261 } elseif ( ‘solanaCollectionID’ === $solana_field_key || ‘solanaCollectionKey’ === $solana_field_key ) {262 $url = \MoWeb3Constants::NFT_PORT_API . "solana/nfts/{$solana_field_value}";263 }264 $response = wp_remote_get( $url, $args );265266 return $response;267 }268 /**269 * Fetch balance through API270 *271 * @param string $contract_address NFT contract address.272 * @param string $wallet_address user’s wallet address.273 * @param string $chain contract deployed chain name.274 * @param string $solana_field_key solana field key can be hash, collection key or collection id.275 * @param string $solana_field_value solana field value.276 */277 public function get_token_data_through_api( $contract_address, $wallet_address, $chain, $solana_field_key = null, $solana_field_value = null ) {278279 $url = null;280 $chain = strtolower( $chain );281 $response = null;282 switch ( $chain ) {283 case 'ethereum’:284 case 'polygon’:285 case 'goerli’:286 $response = $this->get_ethereum_or_polygon_api_data( $contract_address, $wallet_address, $chain );287 break;288 case 'solana’:289 $response = $this->get_solana_api_data( $wallet_address, $solana_field_key, $solana_field_value );290 break;291 default:292 $response = array( ‘error’ => ‘invalid case!!’ );293 wp_send_json_error( $response, 500 );294 }295296 if ( is_wp_error( $response ) ) {297 $error_message = $response->get_error_message();298 $error_message = 'Something went wrong: ' . esc_attr( $error_message );299 $response = array( ‘error’ => $error_message );300 wp_send_json_error( $response, 500 );301 }302 $response = wp_remote_retrieve_body( $response );303 wp_send_json( $response );304 }305306 /**307 * Fetch balance through API for Polygon testnet308 *309 * @param string $contract_address NFT contract address.310 * @param string $wallet_address user’s wallet address.311 * @param string $chain contract deployed chain name.312 */313 public function get_polygon_mumbai_testnet_balance( $contract_address, $wallet_address, $chain ) {314 $url = null;315 $response = null;316 $chain = strtolower( $chain );317 $contract_address = strtolower( $contract_address );318 $url = \MoWeb3Constants::ALCHEMY_MUMBAI_TESTNET_API . \MoWeb3Constants::ALCHEMY_API_KEY . ‘/getContractsForOwner?owner=’ . $wallet_address;319 $response = wp_remote_get( $url );320321 $response = json_decode( $response[‘body’] );322323 if ( is_wp_error( $response ) ) {324 $error_message = $response->get_error_message();325 $error_message = 'Something went wrong: ' . esc_attr( $error_message );326 $response = array( ‘error’ => $error_message );327 wp_send_json_error( $response, 500 );328 }329 $contracts = $response->contracts;330331 foreach ( $contracts as $key => $value ) {332 if ( $value->address === $contract_address ) {333 wp_send_json( $value->numDistinctTokensOwned ); //phpcs:ignore WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase – It is a response recieved from alchemy API 334 }335 }336 wp_send_json( ‘0’ );337 }338 /**339 * Handles form post340 */341 public function type_of_request() {342343 if ( isset( $_REQUEST[‘mo_web3_verify_nonce’] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST[‘mo_web3_verify_nonce’] ) ), ‘mo_web3_wp_nonce’ ) && isset( $_REQUEST[‘request’] ) ) {344345 $request = sanitize_text_field( wp_unslash( $_REQUEST[‘request’] ) );346 $address = isset( $_REQUEST[‘address’] ) ? sanitize_text_field( wp_unslash( $_REQUEST[‘address’] ) ) : '’;347 $signature = isset( $_REQUEST[‘signature’] ) ? sanitize_text_field( wp_unslash( $_REQUEST[‘signature’] ) ) : '’;348 switch ( $request ) {349 case 'login’:350 $this->handle_login_request( $address );351 break;352 case 'auth’:353 $this->handle_auth_request( $address, $signature );354 break;355 case 'getSolanaTokenDetails’:356 $wallet_address = isset( $_POST[‘walletAddress’] ) ? sanitize_text_field( wp_unslash( $_POST[‘walletAddress’] ) ) : null;357 $field_value = isset( $_POST[‘fieldValue’] ) ? sanitize_text_field( wp_unslash( $_POST[‘fieldValue’] ) ) : null;358 $field_key = isset( $_POST[‘fieldKey’] ) ? sanitize_text_field( wp_unslash( $_POST[‘fieldKey’] ) ) : null;359 $chain = 'solana’;360361 $this->get_token_data_through_api( null, $wallet_address, $chain, $field_key, $field_value );362 break;363 case 'getUserHoldNFTData’:364 $contract_address = isset( $_POST[‘contractAddresses’] ) ? sanitize_text_field( wp_unslash( $_POST[‘contractAddresses’] ) ) : null;365 $chain = isset( $_POST[‘blockchain’] ) ? sanitize_text_field( wp_unslash( $_POST[‘blockchain’] ) ) : null;366 $wallet_address = isset( $_POST[‘walletAddress’] ) ? sanitize_text_field( wp_unslash( $_POST[‘walletAddress’] ) ) : null;367 $this->get_token_data_through_api( $contract_address, $wallet_address, $chain, null );368 break;369 case 'auth_algorand’:370 $this->handle_auth_request_algorand( $address, $signature );371 break;372 case 'auth_phantom’:373 $this->handle_auth_request_phantom( $address, $signature );374 break;375 case 'getPolygonMumbaiTestnetBalance’:376 $contract_address = isset( $_POST[‘contractAddresses’] ) ? sanitize_text_field( wp_unslash( $_POST[‘contractAddresses’] ) ) : null;377 $chain = isset( $_POST[‘blockchain’] ) ? sanitize_text_field( wp_unslash( $_POST[‘blockchain’] ) ) : null;378 $wallet_address = isset( $_POST[‘wallet_address’] ) ? sanitize_text_field( wp_unslash( $_POST[‘wallet_address’] ) ) : null;379 $this->get_polygon_mumbai_testnet_balance( $contract_address, $wallet_address, $chain );380 break;381 }382 }383 }384385 /**386 * Phantom Wallet authentication387 *388 * @param string $address wallet address.389 * @param string $signature signatures signed by wallet.390 */391 public function handle_auth_request_phantom( $address, $signature ) {392 $nonce = $this->utils->mo_web3_get_transient( $address );393 $message = 'Sign this message to validate that you are the owner of the account. Random string: ' . $nonce;394 $verify_result = null;395396 if ( extension_loaded( ‘base58’ ) ) {397 $signature = base58_decode( $signature );398 $pubkey = base58_decode( $address );399 $verify_result = sodium_crypto_sign_verify_detached( $signature, $message, $pubkey );400 } else {401402 $url = \MoWeb3Constants::HASCOIN_SOLANA_SIGNATURE_VERIFICATION_API;403404 $headers = array(405 ‘Content-Type’ => 'application/json’,406 ‘authorization’ => \MoWeb3Constants::HASCOIN_AUTHORIZATION_KEY,407 );408409 $body = array(410 ‘message’ => $message,411 ‘publicKey’ => $address,412 ‘signature’ => $signature,413 );414415 $args = array(416 ‘method’ => 'POST’,417 ‘body’ => wp_json_encode( $body ),418 ‘headers’ => $headers,419 );420421 $response = wp_remote_post( $url, ( $args ) );422 if ( is_wp_error( $response ) ) {423 $error_message = $response->get_error_message();424 echo 'Something went wrong: ' . esc_attr( $error_message );425 exit();426 }427428 $response = wp_remote_retrieve_body( $response );429 $verify_result = json_decode( $response, true );430 $verify_result = $verify_result[‘status’];431 }432433 if ( true === $verify_result || 1 === $verify_result ) {434 $nonce = uniqid();435 $expiration = 24 * 60 * 60;436 $this->utils->mo_web3_set_transient( $address, $nonce, $expiration );437438 $admin_nft_setting = $this->utils->mo_web3_get_option( ‘mo_web3_nft_settings’ );439440 $response = array(441 ‘isSignatureVerified’ => 1,442 ‘nonce’ => $nonce,443444 );445 if ( $admin_nft_setting ) {446 $response[‘adminNftSetting’] = $admin_nft_setting;447 }448 wp_send_json( $response );449 } else {450 $response = array(451 ‘isSignatureVerified’ => 0,452 ‘nonce’ => null,453 );454 wp_send_json( $response );455 }456457 }458 /**459 * Algorand Wallet authentication460 *461 * @param string $address wallet address.462 * @param string $signature signatures signed by wallet.463 */464 public function handle_auth_request_algorand( $address, $signature ) {465 $signature = explode( ',’, $signature );466 $signature = pack( 'C*’, …$signature );467468 $nonce = $this->utils->mo_web3_get_transient( $address );469 $data = 'Sign this message to validate that you are the owner of the account. Random string: ' . $nonce;470 $data = ‘MX’ . $data;471472 try {473 $pk = $this->retrieve_public_key_algorand( $address );474475 $result = (int) sodium_crypto_sign_verify_detached( $signature, $data, $pk );476477 if ( 1 === $result ) {478 $nonce = uniqid();479 $expiration = 24 * 60 * 60;480 $this->utils->mo_web3_set_transient( $address, $nonce, $expiration );481482 $admin_nft_setting = $this->utils->mo_web3_get_option( ‘mo_web3_nft_settings’ );483484 $response = array(485 ‘isSignatureVerified’ => 1,486 ‘nonce’ => $nonce,487488 );489 if ( $admin_nft_setting ) {490 $response[‘adminNftSetting’] = $admin_nft_setting;491 }492 wp_send_json( $response );493 } else {494 $response = array(495 ‘isSignatureVerified’ => 0,496 ‘nonce’ => null,497 );498 wp_send_json( $response );499 }500 } catch ( \Exception $e ) {501 exit();502 }503 }504 /**505 * Alogrand Wallet authentication Continue506 *507 * @param string $address wallet address.508 */509 public function retrieve_public_key_algorand( $address ) {510 if ( \MoWeb3Constants::ALGORAND_ADDRESS_LENGTH !== strlen( $address ) ) {511 exit();512 }513 $decoded = Base32::decode( $address );514 $byte_array = unpack( 'C*’, $decoded );515 $pk_uint8_array = array_slice( $byte_array, 0, \MoWeb3Constants::ALGORAND_ADDRESS_BYTE_LENGTH - \MoWeb3Constants::ALGORAND_CHECKSUM_BYTE_LENGTH );516 $pk = pack( 'C*’, …$pk_uint8_array );517 return $pk;518 }519520 /**521 * Wallet Login522 *523 * @param string $address wallet address.524 */525 public function handle_login_request( $address ) {526 $nonce = $this->utils->mo_web3_get_transient( $address );527528 if ( $nonce ) {529 wp_send_json( 'Sign this message to validate that you are the owner of the account. Random string: ' . $nonce );530 } else {531 $nonce = uniqid();532 $expiration = 24 * 60 * 60;533 $this->utils->mo_web3_set_transient( $address, $nonce, $expiration );534 wp_send_json( 'Sign this message to validate that you are the owner of the account. Random string: ' . $nonce );535 }536537 }538 /**539 * Retrieve address through public key540 *541 * @param string $pubkey wallet public key.542 */543 public function pub_key_to_address( $pubkey ) {544 return ‘0x’ . substr( Keccak::hash( substr( hex2bin( $pubkey->encode( ‘hex’ ) ), 1 ), 256 ), 24 );545 }546 /**547 * Verify Signature548 *549 * @param string $message plain text message.550 * @param string $signature signed message.551 * @param string $address wallet address.552 */553 public function verify_signature( $message, $signature, $address ) {554555 $retrived_pubkey = null;556 if ( extension_loaded( ‘bcmath’ ) || extension_loaded( ‘gmp’ ) ) {557 $msglen = strlen( $message );558 $hash = Keccak::hash( "\x19Ethereum Signed Message:\n{$msglen}{$message}", 256 );559 $sign = array(560 ‘r’ => substr( $signature, 2, 64 ),561 ‘s’ => substr( $signature, 66, 64 ),562 );563 $recid = ord( hex2bin( substr( $signature, 130, 2 ) ) ) - 27;564 if ( ( $recid & 1 ) !== $recid ) {565 if ( preg_match( '/00$/’, $signature ) ) {566 $recid = 0;567 } elseif ( preg_match( '/01$/’, $signature ) ) {568 $recid = 1;569 } else {570 return 0;571 }572 }573574 $ec = new EC( ‘secp256k1’ );575 $retrived_pubkey = $ec->recoverPubKey( $hash, $sign, $recid );576 $retrived_address = $this->pub_key_to_address( $retrived_pubkey );577578 } else {579580 $url = \MoWeb3Constants::HASCOIN_ETHEREUM_SIGNATURE_VERIFICATION_API;581582 $headers = array(583 ‘Content-Type’ => 'application/json’,584 ‘authorization’ => \MoWeb3Constants::HASCOIN_AUTHORIZATION_KEY,585 );586587 $body = array(588 ‘message’ => $message,589 ‘signature’ => $signature,590 );591592 $args = array(593 ‘method’ => 'POST’,594 ‘body’ => wp_json_encode( $body ),595 ‘headers’ => $headers,596 );597598 $response = wp_remote_post( $url, ( $args ) );599 if ( is_wp_error( $response ) ) {600 $error_message = $response->get_error_message();601 echo 'Something went wrong: ' . esc_attr( $error_message );602 exit();603 }604 $response = wp_remote_retrieve_body( $response );605 $response = json_decode( $response, true );606 $retrived_address = $response[‘address’];607 }608609 return strtolower( $address ) === strtolower( $retrived_address );610 }611 /**612 * Wallet authentication613 *614 * @param string $address wallet address.615 * @param string $signature signatures signed by wallet.616 */617 public function handle_auth_request( $address, $signature ) {618619 $nonce = $this->utils->mo_web3_get_transient( $address );620 $message = 'Sign this message to validate that you are the owner of the account. Random string: ' . $nonce;621622 if ( $this->verify_signature( $message, $signature, $address ) ) {623 $nonce = uniqid();624 $expiration = 24 * 60 * 60;625 $this->utils->mo_web3_set_transient( $address, $nonce, $expiration );626627 $admin_nft_setting = $this->utils->mo_web3_get_option( ‘mo_web3_nft_settings’ );628629 $response = array(630 ‘isSignatureVerified’ => 1,631 ‘nonce’ => $nonce,632633 );634 if ( $admin_nft_setting ) {635 $response[‘adminNftSetting’] = $admin_nft_setting;636637 }638 wp_send_json( $response );639640 } else {641 $response = array(642 ‘isSignatureVerified’ => 0,643 ‘nonce’ => null,644 );645 wp_send_json( $response );646 }647 }648 }649}