/**
* XOR two-way encryption/decryption, with a base64 wrapper.
*
* @package s2Member\Utilities
* @since 3.5
*
* @param str $string A string of data to encrypt.
* @param str $key Optional. Key used for encryption. Defaults to the one configured for s2Member. Short of that, defaults to: ``wp_salt()``.
* @param bool $w_md5_cs Optional. Defaults to true. When true, an MD5 checksum is used in the encrypted string *(recommended)*.
* @return str Encrypted string.
*/
public static function xencrypt($string = FALSE, $key = FALSE, $w_md5_cs = TRUE)
{
$string = is_string($string) ? $string : "";
$string = strlen($string) ? "~xe|" . $string : "";
$key = c_ws_plugin__s2member_utils_encryption::key($key);
for ($i = 1, $e = ""; $i <= strlen($string); $i++) {
$char = substr($string, $i - 1, 1);
$keychar = substr($key, $i % strlen($key) - 1, 1);
$e .= chr(ord($char) + ord($keychar));
}
$e = strlen($e) ? "~xe" . ($w_md5_cs ? ":" . md5($e) : "") . "|" . $e : "";
return strlen($e) ? $base64 = c_ws_plugin__s2member_utils_strings::base64_url_safe_encode($e) : "";
}
/**
* Creates an Amazon CloudFront RSA-SHA1 signature URL.
*
* @package s2Member\Files
* @since 110926
*
* @param string $file Input file path, to be signed by this routine.
* @param bool $stream Is this resource file to be served as streaming media?
* @param bool $inline Is this resource file to be served inline, or no?
* @param bool $ssl Is this resource file to be served via SSL, or no?
* @param string $basename The absolute basename of the resource file.
* @param string $mimetype The MIME content-type of the resource file.
*
* @return string An RSA-SHA1 signature URL for Amazon CloudFront.
*/
public static function amazon_cf_url($file = '', $stream = FALSE, $inline = FALSE, $ssl = FALSE, $basename = '', $mimetype = '')
{
$file = trim((string) $file, '/');
// Trim & force string.
$url_e_file = c_ws_plugin__s2member_utils_strings::urldecode_ur_chars_deep(urlencode($file));
$url_e_file = str_ireplace('%2F', '/', $url_e_file);
foreach ($GLOBALS['WS_PLUGIN__']['s2member']['o'] as $option => $option_value) {
if (preg_match('/^amazon_cf_files_/', $option) && ($option = preg_replace('/^amazon_cf_files_/', '', $option))) {
$cfc[$option] = $option_value;
}
}
$cfc['expires'] = strtotime('+' . apply_filters('ws_plugin__s2member_amazon_cf_file_expires_time', '24 hours', get_defined_vars()));
$cf_extn = strtolower(substr($file, strrpos($file, '.') + 1));
// Parses the file extension out so we can scan it in some special scenarios.
$cf_ip_res = c_ws_plugin__s2member_utils_conds::is_localhost() ? FALSE : TRUE;
// Do NOT restrict access to a particular IP during `localhost` development. The IP may NOT be the same one Amazon CloudFront sees.
$cf_stream_extn_resource_exclusions = array_unique((array) apply_filters('ws_plugin__s2member_amazon_cf_file_streaming_extension_resource_exclusions', array('mp3'), get_defined_vars()));
// MP3 files should NOT include an extension in their resource reference.
$cf_resource = $stream ? in_array($cf_extn, $cf_stream_extn_resource_exclusions) ? substr($file, 0, strrpos($file, '.')) : $file : 'http' . ($ssl ? 's' : '') . '://' . ($cfc['distro_downloads_cname'] ? $cfc['distro_downloads_cname'] : $cfc['distro_downloads_dname']) . '/' . $url_e_file;
$cf_url = $stream ? 'rtmp' . ($ssl ? 'e' : '') . '://' . ($cfc['distro_streaming_cname'] ? $cfc['distro_streaming_cname'] : $cfc['distro_streaming_dname']) . '/cfx/st/' . $file : 'http' . ($ssl ? 's' : '') . '://' . ($cfc['distro_downloads_cname'] ? $cfc['distro_downloads_cname'] : $cfc['distro_downloads_dname']) . '/' . $url_e_file;
$cf_policy = '{"Statement":[{"Resource":"' . c_ws_plugin__s2member_utils_strings::esc_dq($cf_resource) . '","Condition":{' . ($cf_ip_res ? '"IpAddress":{"AWS:SourceIp":"' . c_ws_plugin__s2member_utils_strings::esc_dq($_SERVER['REMOTE_ADDR']) . '/32"},' : '') . '"DateLessThan":{"AWS:EpochTime":' . (int) $cfc['expires'] . '}}}]}';
$cf_signature = c_ws_plugin__s2member_files_in::amazon_cf_rsa_sign($cf_policy);
$cf_base64_url_safe_policy = c_ws_plugin__s2member_utils_strings::base64_url_safe_encode($cf_policy, array('+', '=', '/'), array('-', '_', '~'), FALSE);
$cf_base64_url_safe_signature = c_ws_plugin__s2member_utils_strings::base64_url_safe_encode($cf_signature, array('+', '=', '/'), array('-', '_', '~'), FALSE);
return add_query_arg(c_ws_plugin__s2member_utils_strings::urldecode_ur_chars_deep(urlencode_deep(array('Policy' => $cf_base64_url_safe_policy, 'Signature' => $cf_base64_url_safe_signature, 'Key-Pair-Id' => $cfc['private_key_id']))), $cf_url);
}
/**
* XOR two-way encryption/decryption, with a base64 wrapper.
*
* @package s2Member\Utilities
* @since 3.5
*
* @param string $string A string of data to encrypt.
* @param string $key Optional. Key used for encryption. Defaults to the one configured for s2Member. Short of that, defaults to: ``wp_salt()``.
* @param bool $w_md5_cs Optional. Defaults to true. When true, an MD5 checksum is used in the encrypted string *(recommended)*.
*
* @return string Encrypted string.
*/
public static function xencrypt($string = '', $key = '', $w_md5_cs = TRUE)
{
$string = is_string($string) ? $string : '';
$string = isset($string[0]) ? '~xe|' . $string : '';
$key = c_ws_plugin__s2member_utils_encryption::key($key);
for ($i = 1, $e = ''; $i <= strlen($string); $i++) {
$char = substr($string, $i - 1, 1);
$keychar = substr($key, $i % strlen($key) - 1, 1);
$e .= chr(ord($char) + ord($keychar));
}
$e = isset($e[0]) ? '~xe' . ($w_md5_cs ? ':' . md5($e) : '') . '|' . $e : '';
return isset($e) && is_string($e) && isset($e[0]) ? $base64 = c_ws_plugin__s2member_utils_strings::base64_url_safe_encode($e) : '';
// Default to empty string.
}
/**
* Creates an Amazon CloudFront RSA-SHA1 signature URL.
*
* @package s2Member\Files
* @since 110926
*
* @param str $file Input file path, to be signed by this routine.
* @param bool $stream Is this resource file to be served as streaming media?
* @param bool $inline Is this resource file to be served inline, or no?
* @param bool $ssl Is this resource file to be served via SSL, or no?
* @param str $basename The absolute basename of the resource file.
* @param str $mimetype The MIME content-type of the resource file.
* @return str An RSA-SHA1 signature URL for Amazon CloudFront.
*/
public static function amazon_cf_url($file = FALSE, $stream = FALSE, $inline = FALSE, $ssl = FALSE, $basename = FALSE, $mimetype = FALSE)
{
$file = trim((string) $file, "/");
$url_e_file = c_ws_plugin__s2member_utils_strings::urldecode_ur_chars_deep(urlencode($file));
$url_e_file = str_ireplace("%2F", "/", $url_e_file);
foreach ($GLOBALS["WS_PLUGIN__"]["s2member"]["o"] as $option => $option_value) {
if (preg_match("/^amazon_cf_files_/", $option) && ($option = preg_replace("/^amazon_cf_files_/", "", $option))) {
$cfc[$option] = $option_value;
}
}
$cfc["expires"] = strtotime("+" . apply_filters("ws_plugin__s2member_amazon_cf_file_expires_time", "24 hours", get_defined_vars()));
$cf_extn = strtolower(substr($file, strrpos($file, ".") + 1));
$cf_ip_res = c_ws_plugin__s2member_utils_conds::is_localhost() ? false : true;
$cf_stream_extn_resource_exclusions = array_unique((array) apply_filters("ws_plugin__s2member_amazon_cf_file_streaming_extension_resource_exclusions", array("mp3"), get_defined_vars()));
$cf_resource = $stream ? in_array($cf_extn, $cf_stream_extn_resource_exclusions) ? substr($file, 0, strrpos($file, ".")) : $file : "http" . ($ssl ? "s" : "") . "://" . ($cfc["distro_downloads_cname"] ? $cfc["distro_downloads_cname"] : $cfc["distro_downloads_dname"]) . "/" . $url_e_file;
$cf_url = $stream ? "rtmp" . ($ssl ? "e" : "") . "://" . ($cfc["distro_streaming_cname"] ? $cfc["distro_streaming_cname"] : $cfc["distro_streaming_dname"]) . "/cfx/st/" . $file : "http" . ($ssl ? "s" : "") . "://" . ($cfc["distro_downloads_cname"] ? $cfc["distro_downloads_cname"] : $cfc["distro_downloads_dname"]) . "/" . $url_e_file;
$cf_policy = '{"Statement":[{"Resource":"' . c_ws_plugin__s2member_utils_strings::esc_dq($cf_resource) . '","Condition":{' . ($cf_ip_res ? '"IpAddress":{"AWS:SourceIp":"' . c_ws_plugin__s2member_utils_strings::esc_dq($_SERVER["REMOTE_ADDR"]) . '/32"},' : '') . '"DateLessThan":{"AWS:EpochTime":' . (int) $cfc["expires"] . '}}}]}';
$cf_signature = c_ws_plugin__s2member_files_in::amazon_cf_rsa_sign($cf_policy);
$cf_base64_url_safe_policy = c_ws_plugin__s2member_utils_strings::base64_url_safe_encode($cf_policy, array("+", "=", "/"), array("-", "_", "~"), false);
$cf_base64_url_safe_signature = c_ws_plugin__s2member_utils_strings::base64_url_safe_encode($cf_signature, array("+", "=", "/"), array("-", "_", "~"), false);
return add_query_arg(c_ws_plugin__s2member_utils_strings::urldecode_ur_chars_deep(urlencode_deep(array("Policy" => $cf_base64_url_safe_policy, "Signature" => $cf_base64_url_safe_signature, "Key-Pair-Id" => $cfc["private_key_id"]))), $cf_url);
}
