/**
* Verifies an s2Member-generated signature; in a full URL, a partial URI, or in just a query string.
*
* @package s2Member\Utilities
* @since 111106
*
* @param str $url_uri_query A full URL, a partial URI, or just a query string. Must have an s2Member-generated signature to validate.
* @param bool $check_time Optional. Defaults to false. If true, s2Member will also check if the signature has expired, based on ``$exp_secs``.
* @param str|int $exp_secs Optional. Defaults to (int)10. If ``$check_time`` is true, s2Member will check if the signature has expired, based on ``$exp_secs``.
* @param str $sig_var Optional. The name of the s2Member-generated signature variable. Defaults to `_s2member_sig`.
* @return bool True if the s2Member-generated signature is OK, else false.
*/
public static function s2member_sig_ok($url_uri_query = FALSE, $check_time = FALSE, $exp_secs = FALSE, $sig_var = FALSE)
{
$url_uri_query = $query = c_ws_plugin__s2member_utils_strings::trim((string) $url_uri_query, false, "?&=");
if (preg_match("/^(?:[a-z]+\\:\\/\\/|\\/)/i", $url_uri_query)) {
$query = trim(c_ws_plugin__s2member_utils_urls::parse_url($url_uri_query, PHP_URL_QUERY), "?&=");
}
/**/
$check_time = $check_time ? true : false;
$exp_secs = is_numeric($exp_secs) ? (int) $exp_secs : 10;
$sig_var = $sig_var && is_string($sig_var) ? $sig_var : "_s2member_sig";
/**/
$key = c_ws_plugin__s2member_utils_encryption::key();
/**/
if (preg_match_all("/" . preg_quote($sig_var, "/") . "\\=([0-9]+)-([^&\$]+)/", $query, $sigs)) {
$query = c_ws_plugin__s2member_utils_urls::remove_s2member_sigs($query, $sig_var);
/**/
wp_parse_str($query, $vars);
$vars = c_ws_plugin__s2member_utils_arrays::remove_0b_strings(c_ws_plugin__s2member_utils_strings::trim_deep($vars));
$vars = serialize(c_ws_plugin__s2member_utils_arrays::ksort_deep($vars));
/**/
($time = $sigs[1][$i = count($sigs[1]) - 1]) . ($sig = $sigs[2][$i]) . ($valid_sig = md5($key . $time . $vars));
/**/
if ($check_time) {
return $sig === $valid_sig && $time >= strtotime("-" . $exp_secs . " seconds");
} else {
/* Ignoring time? Just need to compare signatures in this case. */
return $sig === $valid_sig;
}
} else {
/* Return false. No ``$query``, or no ``$sigs``. */
return false;
}
}
/**
* XOR two-way encryption/decryption, with a base64 wrapper.
*
* @package s2Member\Utilities
* @since 3.5
*
* @param string $base64 A string of data to decrypt. Should still be base64 encoded.
* @param string $key Optional. Key used originally for encryption. Defaults to the one configured for s2Member. Short of that, defaults to: ``wp_salt()``.
*
* @return string Decrypted string.
*/
public static function xdecrypt($base64 = '', $key = '')
{
$base64 = is_string($base64) ? $base64 : '';
$e = isset($base64[0]) ? c_ws_plugin__s2member_utils_strings::base64_url_safe_decode($base64) : '';
if (isset($e[0]) && preg_match('/^~xe(?:\\:([a-zA-Z0-9]+))?\\|(.*)$/s', $e, $md5_e)) {
$key = c_ws_plugin__s2member_utils_encryption::key($key);
if (isset($md5_e[2][0]) && (empty($md5_e[1]) || $md5_e[1] === md5($md5_e[2]))) {
for ($i = 1, $d = ''; $i <= strlen($md5_e[2]); $i++) {
$char = substr($md5_e[2], $i - 1, 1);
$keychar = substr($key, $i % strlen($key) - 1, 1);
$d .= chr(ord($char) - ord($keychar));
}
}
if (isset($d) && is_string($d) && isset($d[0])) {
if (!strlen($d = preg_replace('/^~xe\\|/', '', $d, 1, $xe)) || !$xe) {
$d = '';
}
}
// Force empty string; bad decryption.
return isset($d) && is_string($d) && isset($d[0]) ? $string = $d : '';
// Default to empty string.
}
return '';
// Default to empty string.
}
/**
* XOR two-way encryption/decryption, with a base64 wrapper.
*
* @package s2Member\Utilities
* @since 3.5
*
* @param str $base64 A string of data to decrypt. Should still be base64 encoded.
* @param str $key Optional. Key used originally for encryption. Defaults to the one configured for s2Member. Short of that, defaults to: ``wp_salt()``.
* @return str Decrypted string.
*/
public static function xdecrypt($base64 = FALSE, $key = FALSE)
{
$base64 = is_string($base64) ? $base64 : "";
$e = strlen($base64) ? c_ws_plugin__s2member_utils_strings::base64_url_safe_decode($base64) : "";
if (strlen($e) && preg_match("/^~xe(?:\\:([a-zA-Z0-9]+))?\\|(.*?)\$/s", $e, $md5_e)) {
$key = c_ws_plugin__s2member_utils_encryption::key($key);
if (strlen($md5_e[2]) && (!$md5_e[1] || $md5_e[1] === md5($md5_e[2]))) {
for ($i = 1, $d = ""; $i <= strlen($md5_e[2]); $i++) {
$char = substr($md5_e[2], $i - 1, 1);
$keychar = substr($key, $i % strlen($key) - 1, 1);
$d .= chr(ord($char) - ord($keychar));
}
}
if (isset($d) && is_string($d) && strlen($d)) {
if (strlen($d = preg_replace("/^~xe\\|/", "", $d, 1, $xe)) && $xe) {
$d = $d;
} else {
// Else we need to empty this out.
$d = "";
}
}
return isset($d) && is_string($d) && strlen($d) ? $string = $d : "";
} else {
// Otherwise we must fail here with an empty string value.
return "";
}
}
/**
* Verifies an s2Member-generated signature; in a full URL, a partial URI, or in just a query string.
*
* @package s2Member\Utilities
* @since 111106
*
* @param string $url_uri_query A full URL, a partial URI, or just a query string. Must have an s2Member-generated signature to validate.
* @param bool $check_time Optional. Defaults to false. If true, s2Member will also check if the signature has expired, based on ``$exp_secs``.
* @param string|int $exp_secs Optional. Defaults to (int)10. If ``$check_time`` is true, s2Member will check if the signature has expired, based on ``$exp_secs``.
* @param string $sig_var Optional. The name of the s2Member-generated signature variable. Defaults to `_s2member_sig`.
* @return bool True if the s2Member-generated signature is OK, else false.
*/
public static function s2member_sig_ok($url_uri_query = FALSE, $check_time = FALSE, $exp_secs = FALSE, $sig_var = FALSE)
{
$url_uri_query = $query = c_ws_plugin__s2member_utils_strings::trim((string) $url_uri_query, false, '?&=');
if (preg_match('/^(?:[a-z]+\\:\\/\\/|\\/)/i', $url_uri_query)) {
// Is this a full URL or a partial URI?
$query = trim(c_ws_plugin__s2member_utils_urls::parse_url($url_uri_query, PHP_URL_QUERY), '?&=');
}
$check_time = (bool) $check_time;
// Check time?
$exp_secs = is_numeric($exp_secs) ? (int) $exp_secs : 10;
$sig_var = $sig_var && is_string($sig_var) ? $sig_var : '_s2member_sig';
$key = c_ws_plugin__s2member_utils_encryption::key();
// Obtain key.
if (preg_match_all('/' . preg_quote($sig_var, '/') . '\\=([0-9]+)-([^&$]+)/', $query, $sigs)) {
$query = c_ws_plugin__s2member_utils_urls::remove_s2member_sigs($query, $sig_var);
wp_parse_str($query, $vars);
// Parse the query string into an array of ``$vars``.
$vars = c_ws_plugin__s2member_utils_arrays::remove_0b_strings(c_ws_plugin__s2member_utils_strings::trim_deep($vars));
$vars = serialize(c_ws_plugin__s2member_utils_arrays::ksort_deep($vars));
$i = count($sigs[1]) - 1;
// Last one.
$time = $sigs[1][$i];
// Timestamp.
$sig = $sigs[2][$i];
// Signature.
$valid_sig = md5($key . $time . $vars);
if ($check_time) {
// This must NOT be older than ``$exp_secs`` seconds ago.
return $sig === $valid_sig && $time >= strtotime('-' . $exp_secs . ' seconds');
}
return $sig === $valid_sig;
}
return false;
// False, it's NOT ok.
}
