/**
* Session handler assigned by session_set_save_handler().
*
* This function is used to handle any initialization, such as file paths or
* database connections, that is needed before accessing session data. The plugin
* does not need to initialize anything in this function.
*
* This function should not be called directly.
*
* @return true
*/
function _pantheon_session_open() {
// We use !empty() in the following check to ensure that blank session IDs are not valid.
if ( ! empty( $_COOKIE[ session_name() ] ) || ( is_ssl() && ! empty( $_COOKIE[ substr(session_name(), 1) ] ) ) ) {
// If a session cookie exists, initialize the session. Otherwise the
// session is only started on demand in _pantheon_session_write(), making
// anonymous users not use a session cookie unless something is stored in
// $_SESSION. This allows HTTP proxies to cache anonymous pageviews.
if ( get_current_user_id() || ! empty( $_SESSION ) ) {
nocache_headers();
}
} else {
// Set a session identifier for this request. This is necessary because
// we lazily start sessions at the end of this request
require_once( ABSPATH . 'wp-includes/class-phpass.php');
$hasher = new PasswordHash( 8, false );
session_id( md5( $hasher->get_random_bytes( 32 ) ) );
if ( is_ssl() ) {
$insecure_session_name = substr( session_name(), 1 );
$insecure_session_id = md5( $hasher->get_random_bytes( 32 ) );
//set custom expire time during cookie session creation
$lifetime = (int) apply_filters( 'pantheon_session_expiration', 0 );
setcookie( $insecure_session_name, $insecure_session_id, $_SERVER['REQUEST_TIME'] + $lifetime);
}
}
return true;
}
public static function generate_key($bitsize = self::DEFAULT_KEY_BIT_SIZE)
{
global $wp_hasher;
if ($bitsize < 8 || $bitsize % 8 !== 0) {
// @TODO: handle this
wp_die(-1);
}
if (empty($wp_hasher)) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash(8, true);
}
return base64_encode($wp_hasher->get_random_bytes($bitsize / 8));
}
/**
* Generate a unique customer ID for guests, or return user ID if logged in.
*
* Uses Portable PHP password hashing framework to generate a unique cryptographically strong ID.
*
* @return int|string
*/
public function generate_customer_id()
{
if (is_user_logged_in()) {
return get_current_user_id();
} else {
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, false);
return md5($hasher->get_random_bytes(32));
}
}
/**
* Generate a cryptographically strong unique ID for the session token.
*
* @return string
*/
protected function generate_id()
{
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hasher = new PasswordHash(8, false);
return md5($hasher->get_random_bytes(32));
}
function tep_create_random_value($length, $type = 'mixed')
{
if ($type != 'mixed' && $type != 'chars' && $type != 'digits') {
$type = 'mixed';
}
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$digits = '0123456789';
$base = '';
if ($type == 'mixed' || $type == 'chars') {
$base .= $chars;
}
if ($type == 'mixed' || $type == 'digits') {
$base .= $digits;
}
$value = '';
if (!class_exists('PasswordHash')) {
include 'includes/classes/passwordhash.php';
}
$hasher = new PasswordHash(10, true);
do {
$random = base64_encode($hasher->get_random_bytes($length));
for ($i = 0, $n = strlen($random); $i < $n; $i++) {
$char = substr($random, $i, 1);
if (strpos($base, $char) !== false) {
$value .= $char;
}
}
} while (strlen($value) < $length);
if (strlen($value) > $length) {
$value = substr($value, 0, $length);
}
return $value;
}
/**
* Generate a session id
*
* @return string session id
*/
protected function _set_session_id()
{
require_once ABSPATH . 'wp-includes/class-phpass.php';
$hash = new PasswordHash(8, false);
self::$session_id = md5($hash->get_random_bytes(32));
return self::$session_id;
}
private function encrypt($password, $master_password = false)
{
// decrypt the master password
if ($master_password === false) {
$master_password = $this->account->decrypt_password();
}
// generate a random salt
require_once "PasswordHash.php";
$hasher = new PasswordHash(8, false);
$salt = $hasher->get_random_bytes(100);
// hash the master password
$master_password = $this->keygen_s2k($master_password, $salt, 32);
// encrypt the password with the hashed master password
$crypt = new PHP_Crypt($master_password, PHP_Crypt::CIPHER_AES_256, PHP_Crypt::MODE_CTR);
$iv = $crypt->createIV();
$encrypted_password = $crypt->encrypt($password);
// return all important variables
return array("iv" => $iv, "encrypted_password" => $encrypted_password, "salt" => $salt);
}
function createRandomValue($length, $type = 'mixed')
{
if ($type != 'mixed' && $type != 'chars' && $type != 'digits') {
$type = 'mixed';
}
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$digits = '0123456789';
$base = '';
if ($type == 'mixed' || $type == 'chars') {
$base .= $chars;
}
if ($type == 'mixed' || $type == 'digits') {
$base .= $digits;
}
$value = '';
if (!class_exists('PasswordHash') && file_exists(DIR_FS_CATALOG . 'includes/classes/passwordhash.php')) {
include DIR_FS_CATALOG . 'includes/classes/passwordhash.php';
$hasher = new PasswordHash(10, true);
do {
$random = base64_encode($hasher->get_random_bytes($length));
for ($i = 0, $n = strlen($random); $i < $n; $i++) {
$char = substr($random, $i, 1);
if (strpos($base, $char) !== false) {
$value .= $char;
}
}
} while (strlen($value) < $length);
if (strlen($value) > $length) {
$value = substr($value, 0, $length);
}
return $value;
}
// fallback for v2.3.1
while (strlen($value) < $length) {
if ($type == 'digits') {
$char = tep_rand(0, 9);
} else {
$char = chr(tep_rand(0, 255));
}
if ($type == 'mixed') {
if (preg_match('/^[a-z0-9]$/i', $char)) {
$value .= $char;
}
} elseif ($type == 'chars') {
if (preg_match('/^[a-z]$/i', $char)) {
$value .= $char;
}
} elseif ($type == 'digits') {
if (preg_match('/^[0-9]$/i', $char)) {
$value .= $char;
}
}
}
return $value;
}
function tep_generate_password($length)
{
if (!class_exists('PasswordHash')) {
include DIR_WS_CLASSES . 'passwordhash.php';
}
$hasher = new PasswordHash(10, true);
return substr(base64_encode($hasher->get_random_bytes($length * 2)), 0, $length);
}
