/**
* Encryption/decryption key to use.
*
* @param string $key Force a specific key?
*
* @return string Encryption/decryption key.
*/
public function key($key = '')
{
if ($key = trim((string) $key)) {
return $key;
}
return $key = wp_salt();
}
private function set_programme_round_token()
{
$post_id = $this->container->post_id;
$token = sha1('token_constant' . $post_id . wp_salt());
update_post_meta($post_id, 'update_token', $token);
return $token;
}
public function assertion()
{
global $json_api;
$uid_str = $json_api->query->uid;
$uid = explode("-", $uid_str);
$post_id = $uid[0];
$user_id = $uid[2];
$assertion = array();
if (isset($post_id)) {
$base_url = home_url() . '/' . get_option('json_api_base', 'api');
$submission = get_post($post_id);
$salt = wp_salt('nonce');
$email = BadgeOS_OpenBadgesIssuer::registered_email($user_id);
$post_type = get_post_type($post_id);
if ($post_type === "submission" && get_option('badgeos_obi_issuer_public_evidence')) {
$achievement_id = get_post_meta($post_id, '_badgeos_submission_achievement_id', true);
$assertion['evidence'] = get_permalink($post_id);
} else {
$achievement_id = $post_id;
}
//return badgeos_get_user_achievements();
$assertion = array_merge(array("uid" => $uid_str, "recipient" => array("type" => "email", "hashed" => true, "salt" => $salt, "identity" => 'sha256$' . hash('sha256', $email . $salt)), "image" => wp_get_attachment_url(get_post_thumbnail_id($achievement_id)), "issuedOn" => strtotime($submission->post_date), "badge" => $base_url . '/badge/badge_class/?uid=' . $achievement_id, "verify" => array("type" => "hosted", "url" => $base_url . '/badge/assertion/?uid=' . $uid_str)), $assertion);
}
return $assertion;
}
/**
* Determines the proper encryption/decryption Key to use.
*
* @package s2Member\Utilities
* @since 111106
*
* @param str $key Optional. Attempt to force a specific Key. Defaults to the one configured for s2Member. Short of that, defaults to: ``wp_salt()``.
* @return str Proper encryption/decryption Key. If ``$key`` is passed in, and it validates, we'll return that. Otherwise use a default Key.
*/
public static function key($key = FALSE)
{
$key = !is_string($key) || !strlen($key) ? $GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["sec_encryption_key"] : $key;
$key = !is_string($key) || !strlen($key) ? wp_salt() : $key;
$key = !is_string($key) || !strlen($key) ? md5($_SERVER["HTTP_HOST"]) : $key;
return $key;
}
function store($hasher = '')
{
// Just uses the default wordpress salt.
// Useful because it should be different from site to site
$salt = str_split(wp_salt());
$d = str_split($hasher);
$hash = '';
for ($i = 0; $i < count($d); $i++) {
$hash .= ord($d[$i]) * ord($salt[$i]) . ' ';
}
return substr($hash, 0, -1);
}
/**
* There might be a sensitive infromation given
* Make it as hard as possible for reversing
*/
protected function generate_key()
{
$invoice_params = $this->args;
$invoice_params = array_map('trim', $invoice_params);
$invoice_params = array_filter($invoice_params);
$invoice_params = array_map('md5', $invoice_params);
$key = md5(implode('', $invoice_params));
// for WP integration
if (function_exists('wp_salt')) {
$key = wp_salt($key);
}
$this->key = $key;
}
/**
* Determines the proper encryption/decryption Key to use.
*
* @package s2Member\Utilities
* @since 111106
*
* @param string $key Optional. Attempt to force a specific Key. Defaults to the one configured for s2Member. Short of that, defaults to: ``wp_salt()``.
*
* @return string Proper encryption/decryption Key. If ``$key`` is passed in, and it validates, we'll return that. Otherwise use a default Key.
*/
public static function key($key = '')
{
if ($key = trim((string) $key)) {
return $key;
}
if ($key = trim($GLOBALS['WS_PLUGIN__']['s2member']['o']['sec_encryption_key'])) {
return $key;
}
if ($key = trim(wp_salt())) {
return $key;
}
return $key = md5($_SERVER['HTTP_HOST']);
}
/**
* Determines the proper encryption/decryption key to use.
*
* @param string $key Optional. Attempt to force a specific key?
*
* @return string Proper encryption/decryption key.
*
* @throws exception If invalid types are passed through arguments lists.
* @throws exception If unable to obtain a valid encryption key, by any means.
*/
public function key($key = '')
{
$this->check_arg_types('string', func_get_args());
if (isset($key[0])) {
return $key;
}
$key = $this->©options->get('encryption.key');
$key = !isset($key[0]) ? wp_salt() : $key;
$key = !isset($key[0]) ? md5($this->©url->current_host()) : $key;
if (!isset($key[0])) {
throw $this->©exception($this->method(__FUNCTION__) . '#key_missing', get_defined_vars(), $this->__('No encryption key.'));
}
return $key;
// It's a good day in Eureka!
}
/**
* Class constructor.
*
* @since 160710 Common utils.
*/
public function __construct()
{
$this->is_multisite = is_multisite();
$this->is_main_site = !$this->is_multisite || is_main_site();
$this->is_admin = is_admin();
$this->is_user_admin = $this->is_admin && is_user_admin();
$this->is_network_admin = $this->is_admin && $this->is_multisite && is_network_admin();
$this->debug = defined('WP_DEBUG') && WP_DEBUG;
$this->debug_edge = $this->debug && defined('WP_DEBUG_EDGE') && WP_DEBUG_EDGE;
$this->debug_log = $this->debug && defined('WP_DEBUG_LOG') && WP_DEBUG_LOG;
$this->debug_display = $this->debug && defined('WP_DEBUG_DISPLAY') && WP_DEBUG_DISPLAY;
if (!($this->salt = wp_salt())) {
throw new Exception('Failed to acquire WP salt.');
}
if (!($this->tmp_dir = rtrim(get_temp_dir(), '/'))) {
throw new Exception('Failed to acquire a writable tmp dir.');
}
if (!($this->site_url = site_url('/'))) {
throw new Exception('Failed to acquire site URL.');
} elseif (!($this->site_url_parts = parse_url($this->site_url))) {
throw new Exception('Failed to parse site URL parts.');
} elseif (!($this->site_url_host = $this->site_url_parts['host'] ?? '')) {
throw new Exception('Failed to parse site URL host.');
} elseif (!($this->site_url_root_host = implode('.', array_slice(explode('.', $this->site_url_host), -2)))) {
throw new Exception('Failed to parse site URL root host.');
}
if (!($this->site_url_option = get_option('siteurl'))) {
throw new Exception('Failed to acquire site URL option.');
} elseif (!($this->site_url_option_parts = parse_url($this->site_url_option))) {
throw new Exception('Failed to parse site URL option parts.');
} elseif (!($this->site_default_scheme = $this->site_url_option_parts['scheme'] ?? '')) {
throw new Exception('Failed to parse site URL option scheme.');
}
if (!($this->template_directory_url = get_template_directory_uri())) {
throw new Exception('Failed to acquire template directory URL.');
} elseif (!($this->template_directory_url_parts = parse_url($this->template_directory_url))) {
throw new Exception('Failed to parse template directory URL parts.');
}
$this->template = get_template();
$this->stylesheet = get_stylesheet();
$this->is_woocommerce_active = defined('WC_VERSION');
$this->is_woocommerce_product_vendors_active = defined('WC_PRODUCT_VENDORS_VERSION');
$this->is_jetpack_active = defined('JETPACK__VERSION');
}
function wp_verify_nonce($nonce, $action = -1)
{
$user = wp_get_current_user();
$uid = (int) $user->ID;
if (!$uid) {
/** This filter is documented in wp-includes/pluggable.php */
$uid = apply_filters('nonce_user_logged_out', $uid, $action);
}
/**
* Filter the lifespan of nonces in seconds.
*
* @since 2.5.0
*
* @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
*/
$nonce_life = apply_filters('nonce_life', DAY_IN_SECONDS);
$token = wp_get_session_token();
$verifier = new Verifier();
$verifier->setUserId($uid);
$verifier->setLifespan($nonce_life);
$verifier->setSessionToken($token);
$verifier->setSalt(wp_salt('nonce'));
$nonce = (string) $nonce;
$verified = $verifier->verify($nonce, $action);
if (false !== $verified) {
return $verified;
}
/**
* Fires when nonce verification fails.
*
* @since 4.4.0
*
* @param string $nonce The invalid nonce.
* @param string|int $action The nonce action.
* @param WP_User $user The current user object.
* @param string $token The user's session token.
*/
do_action('wp_verify_nonce_failed', $nonce, $action, $user, $token);
return false;
}
public static function loginAction($username)
{
if (sizeof($_POST) < 1) {
return;
}
//only execute if login form is posted
if (!$username) {
return;
}
wfConfig::inc('totalLogins');
$user = get_user_by('login', $username);
$userID = $user ? $user->ID : 0;
self::getLog()->logLogin('loginOK', 0, $username);
if (wfUtils::isAdmin($user)) {
wfConfig::set_ser('lastAdminLogin', array('userID' => $userID, 'username' => $username, 'firstName' => $user->first_name, 'lastName' => $user->last_name, 'time' => wfUtils::localHumanDateShort(), 'IP' => wfUtils::getIP()));
}
$salt = wp_salt('logged_in');
$cookiename = 'wf_loginalerted_' . hash_hmac('sha256', wfUtils::getIP() . '|' . $user->ID, $salt);
$cookievalue = hash_hmac('sha256', $user->user_login, $salt);
if (user_can($userID, 'update_core')) {
if (wfConfig::get('alertOn_adminLogin')) {
$shouldAlert = true;
if (wfConfig::get('alertOn_firstAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
$shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
}
if ($shouldAlert) {
wordfence::alert("Admin Login", "A user with username \"{$username}\" who has administrator access signed in to your WordPress site.", wfUtils::getIP());
}
}
} else {
if (wfConfig::get('alertOn_nonAdminLogin')) {
$shouldAlert = true;
if (wfConfig::get('alertOn_firstNonAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
$shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
}
if ($shouldAlert) {
wordfence::alert("User login", "A non-admin user with username \"{$username}\" signed in to your WordPress site.", wfUtils::getIP());
}
}
}
if (wfConfig::get('alertOn_firstAdminLoginOnly') || wfConfig::get('alertOn_firstNonAdminLoginOnly')) {
wfUtils::setcookie($cookiename, $cookievalue, time() + 86400 * 365, '/', null, null, true);
}
}
/**
* Displays the introduction for the group and loops through each item
*
* I've chosen to cache on an individual-activity basis, instead of a group-by-group basis. This
* requires just a touch more overhead (in terms of looping through individual activity_ids), and
* doesn't really have any added effect at the moment (since an activity item can only be associated
* with a single group). But it provides the greatest amount of flexibility going forward, both in
* terms of the possibility that activity items could be associated with more than one group, and
* the possibility that users within a single group would want more highly-filtered digests.
*/
function ass_digest_format_item_group($group_id, $activity_ids, $type, $group_name, $group_slug, $user_id)
{
global $bp, $ass_email_css;
$group_permalink = apply_filters('bp_get_group_permalink', bp_get_root_domain() . '/' . bp_get_groups_root_slug() . '/' . $group_slug . '/');
$group_name_link = '<a href="' . $group_permalink . '" name="' . $group_slug . '">' . $group_name . '</a>';
$userdomain = ass_digest_get_user_domain($user_id);
$unsubscribe_link = "{$userdomain}?bpass-action=unsubscribe&group={$group_id}&access_key=" . md5("{$group_id}{$user_id}unsubscribe" . wp_salt());
$gnotifications_link = ass_get_login_redirect_url($group_permalink . 'notifications/');
// add the group title bar
if ($type == 'dig') {
$group_message = "\n<div {$ass_email_css['group_title']}>" . sprintf(__('Group: %s', 'bp-ass'), $group_name_link) . "</div>\n\n";
} elseif ($type == 'sum') {
$group_message = "\n<div {$ass_email_css['group_title']}>" . sprintf(__('Group: %s weekly summary', 'bp-ass'), $group_name_link) . "</div>\n";
}
// add change email settings link
$group_message .= "\n<div {$ass_email_css['change_email']}>";
$group_message .= __('To disable these notifications for this group click ', 'bp-ass') . " <a href=\"{$unsubscribe_link}\">" . __('unsubscribe', 'bp-ass') . '</a> - ';
$group_message .= __('change ', 'bp-ass') . '<a href="' . $gnotifications_link . '">' . __('email options', 'bp-ass') . '</a>';
$group_message .= "</div>\n\n";
$group_message = apply_filters('ass_digest_group_message_title', $group_message, $group_id, $type);
// Finally, add the markup to the digest
foreach ($activity_ids as $activity_id) {
// Cache is set earlier in ass_digest_fire()
$activity_item = !empty($bp->ass->items[$activity_id]) ? $bp->ass->items[$activity_id] : false;
if (!empty($activity_item)) {
$group_message .= ass_digest_format_item($activity_item, $type);
}
//$group_message .= '<pre>'. $item->id .'</pre>';
}
return apply_filters('ass_digest_format_item_group', $group_message, $group_id, $type);
}
public function save()
{
global $wpdb;
$this->id = $this->id ? $this->id : md5(microtime() . rand() . wp_salt());
$data = array('id' => $this->id, 'state' => serialize((array) $this), 'updated_on' => current_time('mysql'));
$wpdb->replace($wpdb->prefix . 'wpbdp_submit_state', $data);
}
<?php
define('PMP_NOTIFICATIONS_SECRET', crypt(get_bloginfo('url'), wp_salt('auth')));
define('PMP_NOTIFICATIONS_HUB', 'notifications');
define('PMP_NOTIFICATIONS_TOPIC_UPDATED', 'topics/updated');
define('PMP_NOTIFICATIONS_TOPIC_DELETED', 'topics/deleted');
/**
* Add '?pmp-notifications' as a valid query var
*
* @since 0.3
*/
function pmp_bless_notification_query_var()
{
add_rewrite_endpoint('pmp-notifications', EP_ALL);
}
add_action('init', 'pmp_bless_notification_query_var');
/**
* Template redirect for PubSubHubBub operations
*
* If the request is POST, we're dealing with a notification.
*
* If the request is GET, we're being asked to verify a subscription.
*
* @since 0.3
*/
function pmp_notifications_template_redirect()
{
global $wp_query;
if (!isset($wp_query->query_vars['pmp-notifications'])) {
return false;
}
public static function decrypt($text, $key)
{
$db = self::get_instance();
$decrypted = $db->get_var($db->prepare('SELECT AES_DECRYPT(%s, %s) AS data', base64_decode($text), wp_salt('nonce')));
return $decrypted;
}
public static function rbm_ajax_add_user_key()
{
if (!isset($_POST['post_ID']) || !isset($_POST['email']) || !check_ajax_referer('rbm-field-helpers', 'rbm_field_helpers_nonce')) {
wp_send_json(array('status' => 'fail', 'error_msg' => 'Could not get post ID or user email, or could not verify nonce'));
}
if (!($post_ID = $_POST['post_ID'])) {
wp_send_json(array('status' => 'fail', 'error_msg' => 'Post ID empty'));
}
if (!($user_email = $_POST['email'])) {
wp_send_json(array('status' => 'fail', 'error_msg' => 'User email empty'));
}
/**
* Allows filtering of the post ID.
*
* @since 1.1.0
*/
apply_filters('rbm_user_key_post_ID_delete', $post_ID, $user_email);
/**
* Allows filtering of the user email to be deleted.
*
* @since 1.1.0
*/
apply_filters('rbm_user_key_email_delete', $user_email, $post_ID);
if (!($user_keys = get_post_meta($post_ID, '_rbm_user_keys', true))) {
$user_keys = array();
}
if (isset($user_keys[$user_email])) {
wp_send_json(array('status' => 'fail', 'error_msg' => 'User already added'));
}
$user_keys[$user_email] = $user_key = md5(wp_salt() . $user_email);
update_post_meta($post_ID, '_rbm_user_keys', $user_keys);
$edit_link = get_the_permalink($post_ID) . "?rbm_user_key={$user_key}";
/**
* Allows filtering ot the edit link sent via email to the new user.
*
* @since 1.1.0
*/
apply_filters('rbm_user_key_mail_edit_link', $edit_link, $user_email, $user_key, $post_ID);
wp_mail($user_email, 'You\'ve been granted access to edit ' . get_the_title($post_ID) . '!', "You may edit the rbm at the following link:\n" . $edit_link);
wp_send_json(array('status' => 'success', 'post_ID' => $post_ID, 'user_email' => $user_email, 'user_key' => $user_key, 'edit_link' => $edit_link));
}
/**
* Get hash of given string.
*
* @since 2.0.3
*
* @param string $data Plain text to hash
* @return string Hash of $data
*/
function wp_hash($data, $scheme = 'auth')
{
$salt = wp_salt($scheme);
return hash_hmac('md5', $data, $salt);
}
public static function decrypt($text)
{
$use_mcrypt = apply_filters('gform_use_mcrypt', function_exists('mcrypt_decrypt'));
if ($use_mcrypt) {
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$key = substr(md5(wp_salt('nonce')), 0, $iv_size);
$decrypted_value = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv($iv_size, MCRYPT_RAND)));
} else {
global $wpdb;
$decrypted_value = $wpdb->get_var($wpdb->prepare('SELECT AES_DECRYPT(%s, %s) AS data', base64_decode($text), wp_salt('nonce')));
}
return $decrypted_value;
}
public static function b_hash($data, $scheme = 'auth')
{
$salt = wp_salt($scheme) . 'j4H!B3TA,J4nIn4.';
return hash_hmac('md5', $data, $salt);
}
private function hash($val, $type = 'auth')
{
return strtoupper(substr(sha1($val . wp_salt($type)), 0, 6));
}
/**
* This salt replaces wp_salt for scenarios where wp_salt changes
* It's slightly less secure, but does allow for callbacks on video
* notifications to continue
*/
public static function salt()
{
$key_name = '_brightcove_salt';
$salt = get_option($key_name);
if (false !== $salt) {
$salt = hash('sha256', wp_salt() . mt_rand() . wp_salt('secure_auth'));
update_option($key_name, $salt);
}
return $salt;
}
function memberaccess_get_cron_key()
{
$salt = is_multisite() ? network_home_url() : home_url();
$salt .= ABSPATH . wp_salt('auth');
return sha1($salt);
}
public function buffer_page()
{
global $wp;
$time = time();
$nonce = wp_create_nonce($this->nonce_action);
$fetch_vars = array(self::$query_var . "-fetch" => true, self::$query_var . "-key" => md5($time . wp_salt('logged_in') . $nonce), self::$query_var . "-ts" => $time, self::$query_var . "-nonce" => $nonce);
$query_vars = $wp->query_vars;
unset($query_vars[self::$query_var]);
$vars = array_merge($fetch_vars, $query_vars);
$query_string = http_build_query($vars);
$url = get_bloginfo('url') . '/' . $wp->request . "?{$query_string}";
#Set auth headers for remote fetch
$cookie_string = '';
foreach ($_COOKIE as $k => $v) {
if (preg_match('/(wordpress_test_cookie|wordpress_logged_in_|wp-settings-1|wp-settings-time-1)/', $k)) {
$cookie_string .= $k . '=' . urlencode($v) . '; ';
}
}
$cookie_string = trim($cookie_string, '; ');
$headers = array('Cookie' => $cookie_string);
$http = new WP_Http();
$response = $http->request($url, array('method' => 'GET', 'headers' => $headers));
$buffer = $response['body'];
preg_match('/%DEBUG_TIME%(.+)%\\/DEBUG_TIME%/', $buffer, $matches);
self::$execution_time = $matches[1];
if (preg_match('/%DEBUG_QUERIES%(.+)%\\/DEBUG_QUERIES%/', $buffer, $matches)) {
if ($matches[1]) {
self::$queries = json_decode($matches[1]);
}
}
$this->buffer = preg_replace('/%DEBUG_THIS%.+%\\/DEBUG_THIS%/', '', $buffer);
}
public static function decrypt($text)
{
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$key = substr(md5(wp_salt('nonce')), 0, $iv_size);
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv($iv_size, MCRYPT_RAND)));
}
/**
* Renders the output of a form field in the admin area.
*
* I like this better than {@link add_settings_field()} so sue me!
* Uses {@link BP_Reply_By_Email_Admin::field()} and {@link BP_Reply_By_Email_Admin::get_option()}.
*
* @param array $args Arguments for the field
*/
protected function render_field($args = '')
{
$defaults = array('type' => 'text', 'labelname' => '', 'labelfor' => true, 'name' => '', 'desc' => '', 'size' => 'regular', 'value' => '', 'options' => array(), 'default' => '');
$r = wp_parse_args($args, $defaults);
echo '<tr class="' . $this->field($r['name'], true, false) . '">';
if ($r['labelfor']) {
echo '<th scope="row"><label for="' . $this->field($r['name'], true, false) . '">' . $r['labelname'] . '</label></th>';
} else {
echo '<th scope="row">' . $r['labelname'] . '</th>';
}
echo '<td>';
switch ($r['type']) {
case 'checkbox':
?>
<fieldset>
<legend class="screen-reader-text"><span><?php
echo $r['labelname'];
?>
</span></legend>
<label for="<?php
$this->field($r['name'], true);
?>
">
<input type="checkbox" name="<?php
$this->field($r['name']);
?>
" id="<?php
$this->field($r['name'], true);
?>
" value="1" <?php
if (!empty($this->settings[$r['name']])) {
checked($this->settings[$r['name']], 1);
}
?>
/>
<?php
echo $r['desc'];
?>
</label>
<br />
</fieldset>
<?php
break;
case 'select':
$selected = array_key_exists($this->settings[$r['name']], $r['options']) ? $this->settings[$r['name']] : $r['default'];
?>
<select id="<?php
$this->field($r['name'], true);
?>
" name="<?php
$this->field($r['name']);
?>
">
<?php
foreach ($r['options'] as $key => $option) {
echo '<option value="' . esc_attr($key) . '"';
if ($selected == $key) {
echo ' selected="selected"';
}
echo '>' . esc_html($option) . '</option>';
}
?>
</select>
<?php
if ($r['desc']) {
echo '<p class="description">' . $r['desc'] . '</p>';
}
break;
case 'text':
case 'password':
$value = $this->get_option($r['name'], false);
if ($r['type'] == 'password') {
$value = bp_rbe_decode(array('string' => $value, 'key' => wp_salt()));
}
?>
<input class="<?php
echo $r['size'];
?>
-text" value="<?php
echo $value;
?>
" name="<?php
$this->field($r['name']);
?>
" id="<?php
$this->field($r['name'], true);
?>
" type="<?php
echo $r['type'];
?>
" />
<?php
if ($r['desc']) {
echo '<p class="description">' . $r['desc'] . '</p>';
}
break;
}
echo '</td>';
echo '</tr>';
}
private function make_sid()
{
$salt = wp_salt();
$rand = uniqid(mt_rand(), true);
$sid = base64_encode(hash_hmac('sha1', $rand, $salt, true));
return str_replace(array('+', '/', '='), array('_', '.', ''), $sid);
}
function wp_hash($data)
{
$salt = wp_salt();
if (function_exists('hash_hmac')) {
return hash_hmac('md5', $data, $salt);
} else {
return md5($data . $salt);
}
}
function duo_get_akey()
{
// Get an application specific secret key.
// If wp_salt() is not long enough, append a random secret to it
$akey = duo_get_option('duo_akey', '');
$akey .= wp_salt();
if (strlen($akey) < 40) {
duo_debug_log('WordPress secret key is less than 40 chars. Creating new akey.');
$akey = wp_generate_password(40, true, true);
update_site_option('duo_akey', $akey);
$akey .= wp_salt();
}
return $akey;
}
/**
* Generates a token for a given URL.
*
* An 'o' query parameter on a URL can include optional variables to test
* against when verifying a token without passing those variables around in
* the URL. For example, downloads can be limited to the IP that the URL was
* generated for by adding 'o=ip' to the query string.
*
* Or suppose when WordPress requested a URL for automatic updates, the user
* agent could be tested to ensure the URL is only valid for requests from
* that user agent.
*
* @since 2.3
*
* @param string $url The URL to generate a token for.
* @return string The token for the URL.
*/
function edd_get_download_token($url = '')
{
$args = array();
$hash = apply_filters('edd_get_url_token_algorithm', 'sha256');
$secret = apply_filters('edd_get_url_token_secret', hash($hash, wp_salt()));
/*
* Add additional args to the URL for generating the token.
* Allows for restricting access to IP and/or user agent.
*/
$parts = parse_url($url);
$options = array();
if (isset($parts['query'])) {
wp_parse_str($parts['query'], $query_args);
// o = option checks (ip, user agent).
if (!empty($query_args['o'])) {
// Multiple options can be checked by separating them with a colon in the query parameter.
$options = explode(':', rawurldecode($query_args['o']));
if (in_array('ip', $options)) {
$args['ip'] = edd_get_ip();
}
if (in_array('ua', $options)) {
$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$args['user_agent'] = rawurlencode($ua);
}
}
}
/*
* Filter to modify arguments and allow custom options to be tested.
* Be sure to rawurlencode any custom options for consistent results.
*/
$args = apply_filters('edd_get_url_token_args', $args, $url, $options);
$args['secret'] = $secret;
$args['token'] = false;
// Removes a token if present.
$url = add_query_arg($args, $url);
$parts = parse_url($url);
// In the event there isn't a path, set an empty one so we can MD5 the token
if (!isset($parts['path'])) {
$parts['path'] = '';
}
$token = md5($parts['path'] . '?' . $parts['query']);
return $token;
}
function signup_hash($seed)
{
$hash = '';
if ($seed) {
$base_hash = sha1(wp_salt('nonce') . $seed) . sha1($_SERVER['HTTP_USER_AGENT']);
$index = 0;
$base_len = strlen($base_hash);
for ($i = 1; $i < $base_len && $index < $base_len; $i++) {
$hash .= substr($base_hash, $index, 1);
$index += $i;
}
}
return $hash;
}