get_hash() public static method

Uses a HMAC rather than a straight hash to avoid vulnerabilities.
See also: http://benlog.com/articles/2008/06/19/dont-hash-secrets/
See also: http://blog.jcoglan.com/2012/06/09/why-you-should-never-use-hash-functions-for-message-authentication/
public static get_hash ( integer $post_id, WP_User $user, $site_id ) : string
$post_id integer Post ID
$user WP_User User object
return string Verification hash (10 characters long)
Esempio n. 1
0
 public function is_valid()
 {
     $user = $this->get_user();
     return $this->nonce === Falcon::get_hash($this->post, $user, $this->site);
 }
Esempio n. 2
0
 /**
  * Validate the reply-to address
  *
  * Ensures that the reply-to address is a valid formattable email address
  * @param string $input New reply-to address
  * @return string Updated reply-to address if valid, otherwise the old address
  */
 public static function validate_replyto($input)
 {
     $oldvalue = Falcon::get_option('bbsub_replyto', '');
     if (strpos($input, '+') !== false) {
         add_settings_error('bbsub_replyto', 'bbsub_replyto_invalid', __('The reply-to address must not contain a plus address section', 'falcon'));
         return $oldvalue;
     }
     list($user_part, $host_part) = explode('@', $input);
     $user_part .= '+%1$s-%2$d-%3$d-%4$s';
     $address = $user_part . '@' . $host_part;
     // Test it out!
     $hash = Falcon::get_hash('5', wp_get_current_user(), '42');
     $formatted = sprintf($address, 5, 42, wp_get_current_user()->ID, $hmac);
     // Check that the resulting email is valid
     if (!is_email($formatted)) {
         add_settings_error('bbsub_replyto', 'bbsub_replyto_invalid', __('The reply-to address must be a valid address', 'falcon'));
         return $oldvalue;
     }
     return $input;
 }