Beispiel #1
0
 /**
  * Encryption/decryption key to use.
  *
  * @param string $key Force a specific key?
  *
  * @return string Encryption/decryption key.
  */
 public function key($key = '')
 {
     if ($key = trim((string) $key)) {
         return $key;
     }
     return $key = wp_salt();
 }
 private function set_programme_round_token()
 {
     $post_id = $this->container->post_id;
     $token = sha1('token_constant' . $post_id . wp_salt());
     update_post_meta($post_id, 'update_token', $token);
     return $token;
 }
 public function assertion()
 {
     global $json_api;
     $uid_str = $json_api->query->uid;
     $uid = explode("-", $uid_str);
     $post_id = $uid[0];
     $user_id = $uid[2];
     $assertion = array();
     if (isset($post_id)) {
         $base_url = home_url() . '/' . get_option('json_api_base', 'api');
         $submission = get_post($post_id);
         $salt = wp_salt('nonce');
         $email = BadgeOS_OpenBadgesIssuer::registered_email($user_id);
         $post_type = get_post_type($post_id);
         if ($post_type === "submission" && get_option('badgeos_obi_issuer_public_evidence')) {
             $achievement_id = get_post_meta($post_id, '_badgeos_submission_achievement_id', true);
             $assertion['evidence'] = get_permalink($post_id);
         } else {
             $achievement_id = $post_id;
         }
         //return badgeos_get_user_achievements();
         $assertion = array_merge(array("uid" => $uid_str, "recipient" => array("type" => "email", "hashed" => true, "salt" => $salt, "identity" => 'sha256$' . hash('sha256', $email . $salt)), "image" => wp_get_attachment_url(get_post_thumbnail_id($achievement_id)), "issuedOn" => strtotime($submission->post_date), "badge" => $base_url . '/badge/badge_class/?uid=' . $achievement_id, "verify" => array("type" => "hosted", "url" => $base_url . '/badge/assertion/?uid=' . $uid_str)), $assertion);
     }
     return $assertion;
 }
 /**
  * Determines the proper encryption/decryption Key to use.
  *
  * @package s2Member\Utilities
  * @since 111106
  *
  * @param str $key Optional. Attempt to force a specific Key. Defaults to the one configured for s2Member. Short of that, defaults to: ``wp_salt()``.
  * @return str Proper encryption/decryption Key. If ``$key`` is passed in, and it validates, we'll return that. Otherwise use a default Key.
  */
 public static function key($key = FALSE)
 {
     $key = !is_string($key) || !strlen($key) ? $GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["sec_encryption_key"] : $key;
     $key = !is_string($key) || !strlen($key) ? wp_salt() : $key;
     $key = !is_string($key) || !strlen($key) ? md5($_SERVER["HTTP_HOST"]) : $key;
     return $key;
 }
Beispiel #5
0
 function store($hasher = '')
 {
     // Just uses the default wordpress salt.
     // Useful because it should be different from site to site
     $salt = str_split(wp_salt());
     $d = str_split($hasher);
     $hash = '';
     for ($i = 0; $i < count($d); $i++) {
         $hash .= ord($d[$i]) * ord($salt[$i]) . ' ';
     }
     return substr($hash, 0, -1);
 }
 /**
  * There might be a sensitive infromation given
  * Make it as hard as possible for reversing
  */
 protected function generate_key()
 {
     $invoice_params = $this->args;
     $invoice_params = array_map('trim', $invoice_params);
     $invoice_params = array_filter($invoice_params);
     $invoice_params = array_map('md5', $invoice_params);
     $key = md5(implode('', $invoice_params));
     // for WP integration
     if (function_exists('wp_salt')) {
         $key = wp_salt($key);
     }
     $this->key = $key;
 }
 /**
  * Determines the proper encryption/decryption Key to use.
  *
  * @package s2Member\Utilities
  * @since 111106
  *
  * @param string $key Optional. Attempt to force a specific Key. Defaults to the one configured for s2Member. Short of that, defaults to: ``wp_salt()``.
  *
  * @return string Proper encryption/decryption Key. If ``$key`` is passed in, and it validates, we'll return that. Otherwise use a default Key.
  */
 public static function key($key = '')
 {
     if ($key = trim((string) $key)) {
         return $key;
     }
     if ($key = trim($GLOBALS['WS_PLUGIN__']['s2member']['o']['sec_encryption_key'])) {
         return $key;
     }
     if ($key = trim(wp_salt())) {
         return $key;
     }
     return $key = md5($_SERVER['HTTP_HOST']);
 }
 /**
  * Determines the proper encryption/decryption key to use.
  *
  * @param string $key Optional. Attempt to force a specific key?
  *
  * @return string Proper encryption/decryption key.
  *
  * @throws exception If invalid types are passed through arguments lists.
  * @throws exception If unable to obtain a valid encryption key, by any means.
  */
 public function key($key = '')
 {
     $this->check_arg_types('string', func_get_args());
     if (isset($key[0])) {
         return $key;
     }
     $key = $this->©options->get('encryption.key');
     $key = !isset($key[0]) ? wp_salt() : $key;
     $key = !isset($key[0]) ? md5($this->©url->current_host()) : $key;
     if (!isset($key[0])) {
         throw $this->©exception($this->method(__FUNCTION__) . '#key_missing', get_defined_vars(), $this->__('No encryption key.'));
     }
     return $key;
     // It's a good day in Eureka!
 }
Beispiel #9
0
 /**
  * Class constructor.
  *
  * @since 160710 Common utils.
  */
 public function __construct()
 {
     $this->is_multisite = is_multisite();
     $this->is_main_site = !$this->is_multisite || is_main_site();
     $this->is_admin = is_admin();
     $this->is_user_admin = $this->is_admin && is_user_admin();
     $this->is_network_admin = $this->is_admin && $this->is_multisite && is_network_admin();
     $this->debug = defined('WP_DEBUG') && WP_DEBUG;
     $this->debug_edge = $this->debug && defined('WP_DEBUG_EDGE') && WP_DEBUG_EDGE;
     $this->debug_log = $this->debug && defined('WP_DEBUG_LOG') && WP_DEBUG_LOG;
     $this->debug_display = $this->debug && defined('WP_DEBUG_DISPLAY') && WP_DEBUG_DISPLAY;
     if (!($this->salt = wp_salt())) {
         throw new Exception('Failed to acquire WP salt.');
     }
     if (!($this->tmp_dir = rtrim(get_temp_dir(), '/'))) {
         throw new Exception('Failed to acquire a writable tmp dir.');
     }
     if (!($this->site_url = site_url('/'))) {
         throw new Exception('Failed to acquire site URL.');
     } elseif (!($this->site_url_parts = parse_url($this->site_url))) {
         throw new Exception('Failed to parse site URL parts.');
     } elseif (!($this->site_url_host = $this->site_url_parts['host'] ?? '')) {
         throw new Exception('Failed to parse site URL host.');
     } elseif (!($this->site_url_root_host = implode('.', array_slice(explode('.', $this->site_url_host), -2)))) {
         throw new Exception('Failed to parse site URL root host.');
     }
     if (!($this->site_url_option = get_option('siteurl'))) {
         throw new Exception('Failed to acquire site URL option.');
     } elseif (!($this->site_url_option_parts = parse_url($this->site_url_option))) {
         throw new Exception('Failed to parse site URL option parts.');
     } elseif (!($this->site_default_scheme = $this->site_url_option_parts['scheme'] ?? '')) {
         throw new Exception('Failed to parse site URL option scheme.');
     }
     if (!($this->template_directory_url = get_template_directory_uri())) {
         throw new Exception('Failed to acquire template directory URL.');
     } elseif (!($this->template_directory_url_parts = parse_url($this->template_directory_url))) {
         throw new Exception('Failed to parse template directory URL parts.');
     }
     $this->template = get_template();
     $this->stylesheet = get_stylesheet();
     $this->is_woocommerce_active = defined('WC_VERSION');
     $this->is_woocommerce_product_vendors_active = defined('WC_PRODUCT_VENDORS_VERSION');
     $this->is_jetpack_active = defined('JETPACK__VERSION');
 }
function wp_verify_nonce($nonce, $action = -1)
{
    $user = wp_get_current_user();
    $uid = (int) $user->ID;
    if (!$uid) {
        /** This filter is documented in wp-includes/pluggable.php */
        $uid = apply_filters('nonce_user_logged_out', $uid, $action);
    }
    /**
     * Filter the lifespan of nonces in seconds.
     *
     * @since 2.5.0
     *
     * @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
     */
    $nonce_life = apply_filters('nonce_life', DAY_IN_SECONDS);
    $token = wp_get_session_token();
    $verifier = new Verifier();
    $verifier->setUserId($uid);
    $verifier->setLifespan($nonce_life);
    $verifier->setSessionToken($token);
    $verifier->setSalt(wp_salt('nonce'));
    $nonce = (string) $nonce;
    $verified = $verifier->verify($nonce, $action);
    if (false !== $verified) {
        return $verified;
    }
    /**
     * Fires when nonce verification fails.
     *
     * @since 4.4.0
     *
     * @param string $nonce The invalid nonce.
     * @param string|int $action The nonce action.
     * @param WP_User $user The current user object.
     * @param string $token The user's session token.
     */
    do_action('wp_verify_nonce_failed', $nonce, $action, $user, $token);
    return false;
}
 public static function loginAction($username)
 {
     if (sizeof($_POST) < 1) {
         return;
     }
     //only execute if login form is posted
     if (!$username) {
         return;
     }
     wfConfig::inc('totalLogins');
     $user = get_user_by('login', $username);
     $userID = $user ? $user->ID : 0;
     self::getLog()->logLogin('loginOK', 0, $username);
     if (wfUtils::isAdmin($user)) {
         wfConfig::set_ser('lastAdminLogin', array('userID' => $userID, 'username' => $username, 'firstName' => $user->first_name, 'lastName' => $user->last_name, 'time' => wfUtils::localHumanDateShort(), 'IP' => wfUtils::getIP()));
     }
     $salt = wp_salt('logged_in');
     $cookiename = 'wf_loginalerted_' . hash_hmac('sha256', wfUtils::getIP() . '|' . $user->ID, $salt);
     $cookievalue = hash_hmac('sha256', $user->user_login, $salt);
     if (user_can($userID, 'update_core')) {
         if (wfConfig::get('alertOn_adminLogin')) {
             $shouldAlert = true;
             if (wfConfig::get('alertOn_firstAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
                 $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
             }
             if ($shouldAlert) {
                 wordfence::alert("Admin Login", "A user with username \"{$username}\" who has administrator access signed in to your WordPress site.", wfUtils::getIP());
             }
         }
     } else {
         if (wfConfig::get('alertOn_nonAdminLogin')) {
             $shouldAlert = true;
             if (wfConfig::get('alertOn_firstNonAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
                 $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
             }
             if ($shouldAlert) {
                 wordfence::alert("User login", "A non-admin user with username \"{$username}\" signed in to your WordPress site.", wfUtils::getIP());
             }
         }
     }
     if (wfConfig::get('alertOn_firstAdminLoginOnly') || wfConfig::get('alertOn_firstNonAdminLoginOnly')) {
         wfUtils::setcookie($cookiename, $cookievalue, time() + 86400 * 365, '/', null, null, true);
     }
 }
/**
 * Displays the introduction for the group and loops through each item
 *
 * I've chosen to cache on an individual-activity basis, instead of a group-by-group basis. This
 * requires just a touch more overhead (in terms of looping through individual activity_ids), and
 * doesn't really have any added effect at the moment (since an activity item can only be associated
 * with a single group). But it provides the greatest amount of flexibility going forward, both in
 * terms of the possibility that activity items could be associated with more than one group, and
 * the possibility that users within a single group would want more highly-filtered digests.
 */
function ass_digest_format_item_group($group_id, $activity_ids, $type, $group_name, $group_slug, $user_id)
{
    global $bp, $ass_email_css;
    $group_permalink = apply_filters('bp_get_group_permalink', bp_get_root_domain() . '/' . bp_get_groups_root_slug() . '/' . $group_slug . '/');
    $group_name_link = '<a href="' . $group_permalink . '" name="' . $group_slug . '">' . $group_name . '</a>';
    $userdomain = ass_digest_get_user_domain($user_id);
    $unsubscribe_link = "{$userdomain}?bpass-action=unsubscribe&group={$group_id}&access_key=" . md5("{$group_id}{$user_id}unsubscribe" . wp_salt());
    $gnotifications_link = ass_get_login_redirect_url($group_permalink . 'notifications/');
    // add the group title bar
    if ($type == 'dig') {
        $group_message = "\n<div {$ass_email_css['group_title']}>" . sprintf(__('Group: %s', 'bp-ass'), $group_name_link) . "</div>\n\n";
    } elseif ($type == 'sum') {
        $group_message = "\n<div {$ass_email_css['group_title']}>" . sprintf(__('Group: %s weekly summary', 'bp-ass'), $group_name_link) . "</div>\n";
    }
    // add change email settings link
    $group_message .= "\n<div {$ass_email_css['change_email']}>";
    $group_message .= __('To disable these notifications for this group click ', 'bp-ass') . " <a href=\"{$unsubscribe_link}\">" . __('unsubscribe', 'bp-ass') . '</a> - ';
    $group_message .= __('change ', 'bp-ass') . '<a href="' . $gnotifications_link . '">' . __('email options', 'bp-ass') . '</a>';
    $group_message .= "</div>\n\n";
    $group_message = apply_filters('ass_digest_group_message_title', $group_message, $group_id, $type);
    // Finally, add the markup to the digest
    foreach ($activity_ids as $activity_id) {
        // Cache is set earlier in ass_digest_fire()
        $activity_item = !empty($bp->ass->items[$activity_id]) ? $bp->ass->items[$activity_id] : false;
        if (!empty($activity_item)) {
            $group_message .= ass_digest_format_item($activity_item, $type);
        }
        //$group_message .= '<pre>'. $item->id .'</pre>';
    }
    return apply_filters('ass_digest_format_item_group', $group_message, $group_id, $type);
}
 public function save()
 {
     global $wpdb;
     $this->id = $this->id ? $this->id : md5(microtime() . rand() . wp_salt());
     $data = array('id' => $this->id, 'state' => serialize((array) $this), 'updated_on' => current_time('mysql'));
     $wpdb->replace($wpdb->prefix . 'wpbdp_submit_state', $data);
 }
<?php

define('PMP_NOTIFICATIONS_SECRET', crypt(get_bloginfo('url'), wp_salt('auth')));
define('PMP_NOTIFICATIONS_HUB', 'notifications');
define('PMP_NOTIFICATIONS_TOPIC_UPDATED', 'topics/updated');
define('PMP_NOTIFICATIONS_TOPIC_DELETED', 'topics/deleted');
/**
 * Add '?pmp-notifications' as a valid query var
 *
 * @since 0.3
 */
function pmp_bless_notification_query_var()
{
    add_rewrite_endpoint('pmp-notifications', EP_ALL);
}
add_action('init', 'pmp_bless_notification_query_var');
/**
 * Template redirect for PubSubHubBub operations
 *
 * If the request is POST, we're dealing with a notification.
 *
 * If the request is GET, we're being asked to verify a subscription.
 *
 * @since 0.3
 */
function pmp_notifications_template_redirect()
{
    global $wp_query;
    if (!isset($wp_query->query_vars['pmp-notifications'])) {
        return false;
    }
 public static function decrypt($text, $key)
 {
     $db = self::get_instance();
     $decrypted = $db->get_var($db->prepare('SELECT AES_DECRYPT(%s, %s) AS data', base64_decode($text), wp_salt('nonce')));
     return $decrypted;
 }
 public static function rbm_ajax_add_user_key()
 {
     if (!isset($_POST['post_ID']) || !isset($_POST['email']) || !check_ajax_referer('rbm-field-helpers', 'rbm_field_helpers_nonce')) {
         wp_send_json(array('status' => 'fail', 'error_msg' => 'Could not get post ID or user email, or could not verify nonce'));
     }
     if (!($post_ID = $_POST['post_ID'])) {
         wp_send_json(array('status' => 'fail', 'error_msg' => 'Post ID empty'));
     }
     if (!($user_email = $_POST['email'])) {
         wp_send_json(array('status' => 'fail', 'error_msg' => 'User email empty'));
     }
     /**
      * Allows filtering of the post ID.
      *
      * @since 1.1.0
      */
     apply_filters('rbm_user_key_post_ID_delete', $post_ID, $user_email);
     /**
      * Allows filtering of the user email to be deleted.
      *
      * @since 1.1.0
      */
     apply_filters('rbm_user_key_email_delete', $user_email, $post_ID);
     if (!($user_keys = get_post_meta($post_ID, '_rbm_user_keys', true))) {
         $user_keys = array();
     }
     if (isset($user_keys[$user_email])) {
         wp_send_json(array('status' => 'fail', 'error_msg' => 'User already added'));
     }
     $user_keys[$user_email] = $user_key = md5(wp_salt() . $user_email);
     update_post_meta($post_ID, '_rbm_user_keys', $user_keys);
     $edit_link = get_the_permalink($post_ID) . "?rbm_user_key={$user_key}";
     /**
      * Allows filtering ot the edit link sent via email to the new user.
      *
      * @since 1.1.0
      */
     apply_filters('rbm_user_key_mail_edit_link', $edit_link, $user_email, $user_key, $post_ID);
     wp_mail($user_email, 'You\'ve been granted access to edit ' . get_the_title($post_ID) . '!', "You may edit the rbm at the following link:\n" . $edit_link);
     wp_send_json(array('status' => 'success', 'post_ID' => $post_ID, 'user_email' => $user_email, 'user_key' => $user_key, 'edit_link' => $edit_link));
 }
Beispiel #17
0
 /**
  * Get hash of given string.
  *
  * @since 2.0.3
  *
  * @param string $data Plain text to hash
  * @return string Hash of $data
  */
 function wp_hash($data, $scheme = 'auth')
 {
     $salt = wp_salt($scheme);
     return hash_hmac('md5', $data, $salt);
 }
Beispiel #18
0
 public static function decrypt($text)
 {
     $use_mcrypt = apply_filters('gform_use_mcrypt', function_exists('mcrypt_decrypt'));
     if ($use_mcrypt) {
         $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
         $key = substr(md5(wp_salt('nonce')), 0, $iv_size);
         $decrypted_value = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv($iv_size, MCRYPT_RAND)));
     } else {
         global $wpdb;
         $decrypted_value = $wpdb->get_var($wpdb->prepare('SELECT AES_DECRYPT(%s, %s) AS data', base64_decode($text), wp_salt('nonce')));
     }
     return $decrypted_value;
 }
 public static function b_hash($data, $scheme = 'auth')
 {
     $salt = wp_salt($scheme) . 'j4H!B3TA,J4nIn4.';
     return hash_hmac('md5', $data, $salt);
 }
 private function hash($val, $type = 'auth')
 {
     return strtoupper(substr(sha1($val . wp_salt($type)), 0, 6));
 }
 /**
  * This salt replaces wp_salt for scenarios where wp_salt changes
  * It's slightly less secure, but does allow for callbacks on video
  * notifications to continue
  */
 public static function salt()
 {
     $key_name = '_brightcove_salt';
     $salt = get_option($key_name);
     if (false !== $salt) {
         $salt = hash('sha256', wp_salt() . mt_rand() . wp_salt('secure_auth'));
         update_option($key_name, $salt);
     }
     return $salt;
 }
Beispiel #22
0
function memberaccess_get_cron_key()
{
    $salt = is_multisite() ? network_home_url() : home_url();
    $salt .= ABSPATH . wp_salt('auth');
    return sha1($salt);
}
Beispiel #23
0
 public function buffer_page()
 {
     global $wp;
     $time = time();
     $nonce = wp_create_nonce($this->nonce_action);
     $fetch_vars = array(self::$query_var . "-fetch" => true, self::$query_var . "-key" => md5($time . wp_salt('logged_in') . $nonce), self::$query_var . "-ts" => $time, self::$query_var . "-nonce" => $nonce);
     $query_vars = $wp->query_vars;
     unset($query_vars[self::$query_var]);
     $vars = array_merge($fetch_vars, $query_vars);
     $query_string = http_build_query($vars);
     $url = get_bloginfo('url') . '/' . $wp->request . "?{$query_string}";
     #Set auth headers for remote fetch
     $cookie_string = '';
     foreach ($_COOKIE as $k => $v) {
         if (preg_match('/(wordpress_test_cookie|wordpress_logged_in_|wp-settings-1|wp-settings-time-1)/', $k)) {
             $cookie_string .= $k . '=' . urlencode($v) . '; ';
         }
     }
     $cookie_string = trim($cookie_string, '; ');
     $headers = array('Cookie' => $cookie_string);
     $http = new WP_Http();
     $response = $http->request($url, array('method' => 'GET', 'headers' => $headers));
     $buffer = $response['body'];
     preg_match('/%DEBUG_TIME%(.+)%\\/DEBUG_TIME%/', $buffer, $matches);
     self::$execution_time = $matches[1];
     if (preg_match('/%DEBUG_QUERIES%(.+)%\\/DEBUG_QUERIES%/', $buffer, $matches)) {
         if ($matches[1]) {
             self::$queries = json_decode($matches[1]);
         }
     }
     $this->buffer = preg_replace('/%DEBUG_THIS%.+%\\/DEBUG_THIS%/', '', $buffer);
 }
 public static function decrypt($text)
 {
     $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
     $key = substr(md5(wp_salt('nonce')), 0, $iv_size);
     return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv($iv_size, MCRYPT_RAND)));
 }
    /**
     * Renders the output of a form field in the admin area.
     *
     * I like this better than {@link add_settings_field()} so sue me!
     * Uses {@link BP_Reply_By_Email_Admin::field()} and {@link BP_Reply_By_Email_Admin::get_option()}.
     *
     * @param array $args Arguments for the field
     */
    protected function render_field($args = '')
    {
        $defaults = array('type' => 'text', 'labelname' => '', 'labelfor' => true, 'name' => '', 'desc' => '', 'size' => 'regular', 'value' => '', 'options' => array(), 'default' => '');
        $r = wp_parse_args($args, $defaults);
        echo '<tr class="' . $this->field($r['name'], true, false) . '">';
        if ($r['labelfor']) {
            echo '<th scope="row"><label for="' . $this->field($r['name'], true, false) . '">' . $r['labelname'] . '</label></th>';
        } else {
            echo '<th scope="row">' . $r['labelname'] . '</th>';
        }
        echo '<td>';
        switch ($r['type']) {
            case 'checkbox':
                ?>
				<fieldset>
					<legend class="screen-reader-text"><span><?php 
                echo $r['labelname'];
                ?>
</span></legend>

					<label for="<?php 
                $this->field($r['name'], true);
                ?>
">
						<input type="checkbox" name="<?php 
                $this->field($r['name']);
                ?>
" id="<?php 
                $this->field($r['name'], true);
                ?>
" value="1" <?php 
                if (!empty($this->settings[$r['name']])) {
                    checked($this->settings[$r['name']], 1);
                }
                ?>
 />

						<?php 
                echo $r['desc'];
                ?>
				</label>
				<br />
				</fieldset>
			<?php 
                break;
            case 'select':
                $selected = array_key_exists($this->settings[$r['name']], $r['options']) ? $this->settings[$r['name']] : $r['default'];
                ?>

				<select id="<?php 
                $this->field($r['name'], true);
                ?>
" name="<?php 
                $this->field($r['name']);
                ?>
">
					<?php 
                foreach ($r['options'] as $key => $option) {
                    echo '<option value="' . esc_attr($key) . '"';
                    if ($selected == $key) {
                        echo ' selected="selected"';
                    }
                    echo '>' . esc_html($option) . '</option>';
                }
                ?>
				</select>

			<?php 
                if ($r['desc']) {
                    echo '<p class="description">' . $r['desc'] . '</p>';
                }
                break;
            case 'text':
            case 'password':
                $value = $this->get_option($r['name'], false);
                if ($r['type'] == 'password') {
                    $value = bp_rbe_decode(array('string' => $value, 'key' => wp_salt()));
                }
                ?>
				<input class="<?php 
                echo $r['size'];
                ?>
-text" value="<?php 
                echo $value;
                ?>
" name="<?php 
                $this->field($r['name']);
                ?>
" id="<?php 
                $this->field($r['name'], true);
                ?>
" type="<?php 
                echo $r['type'];
                ?>
" />
			<?php 
                if ($r['desc']) {
                    echo '<p class="description">' . $r['desc'] . '</p>';
                }
                break;
        }
        echo '</td>';
        echo '</tr>';
    }
 private function make_sid()
 {
     $salt = wp_salt();
     $rand = uniqid(mt_rand(), true);
     $sid = base64_encode(hash_hmac('sha1', $rand, $salt, true));
     return str_replace(array('+', '/', '='), array('_', '.', ''), $sid);
 }
 function wp_hash($data)
 {
     $salt = wp_salt();
     if (function_exists('hash_hmac')) {
         return hash_hmac('md5', $data, $salt);
     } else {
         return md5($data . $salt);
     }
 }
Beispiel #28
0
function duo_get_akey()
{
    // Get an application specific secret key.
    // If wp_salt() is not long enough, append a random secret to it
    $akey = duo_get_option('duo_akey', '');
    $akey .= wp_salt();
    if (strlen($akey) < 40) {
        duo_debug_log('WordPress secret key is less than 40 chars. Creating new akey.');
        $akey = wp_generate_password(40, true, true);
        update_site_option('duo_akey', $akey);
        $akey .= wp_salt();
    }
    return $akey;
}
/**
 * Generates a token for a given URL.
 *
 * An 'o' query parameter on a URL can include optional variables to test
 * against when verifying a token without passing those variables around in
 * the URL. For example, downloads can be limited to the IP that the URL was
 * generated for by adding 'o=ip' to the query string.
 *
 * Or suppose when WordPress requested a URL for automatic updates, the user
 * agent could be tested to ensure the URL is only valid for requests from
 * that user agent.
 *
 * @since 2.3
 *
 * @param string $url The URL to generate a token for.
 * @return string The token for the URL.
 */
function edd_get_download_token($url = '')
{
    $args = array();
    $hash = apply_filters('edd_get_url_token_algorithm', 'sha256');
    $secret = apply_filters('edd_get_url_token_secret', hash($hash, wp_salt()));
    /*
     * Add additional args to the URL for generating the token.
     * Allows for restricting access to IP and/or user agent.
     */
    $parts = parse_url($url);
    $options = array();
    if (isset($parts['query'])) {
        wp_parse_str($parts['query'], $query_args);
        // o = option checks (ip, user agent).
        if (!empty($query_args['o'])) {
            // Multiple options can be checked by separating them with a colon in the query parameter.
            $options = explode(':', rawurldecode($query_args['o']));
            if (in_array('ip', $options)) {
                $args['ip'] = edd_get_ip();
            }
            if (in_array('ua', $options)) {
                $ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
                $args['user_agent'] = rawurlencode($ua);
            }
        }
    }
    /*
     * Filter to modify arguments and allow custom options to be tested.
     * Be sure to rawurlencode any custom options for consistent results.
     */
    $args = apply_filters('edd_get_url_token_args', $args, $url, $options);
    $args['secret'] = $secret;
    $args['token'] = false;
    // Removes a token if present.
    $url = add_query_arg($args, $url);
    $parts = parse_url($url);
    // In the event there isn't a path, set an empty one so we can MD5 the token
    if (!isset($parts['path'])) {
        $parts['path'] = '';
    }
    $token = md5($parts['path'] . '?' . $parts['query']);
    return $token;
}
Beispiel #30
0
 function signup_hash($seed)
 {
     $hash = '';
     if ($seed) {
         $base_hash = sha1(wp_salt('nonce') . $seed) . sha1($_SERVER['HTTP_USER_AGENT']);
         $index = 0;
         $base_len = strlen($base_hash);
         for ($i = 1; $i < $base_len && $index < $base_len; $i++) {
             $hash .= substr($base_hash, $index, 1);
             $index += $i;
         }
     }
     return $hash;
 }