/**
* Verify that correct nonce was used with time limit.
*
* The user is given an amount of time to use the token, so therefore, since the
* UID and $action remain the same, the independent variable is the time.
*
* @since 2.0.3
*
* @param string $nonce Nonce that was used in the form to verify
* @param string|int $action Should give context to what is taking place and be the same when nonce was created.
*
* @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
function wp_verify_nonce($nonce, $action = -1)
{
$nonce = (string) $nonce;
$user = wp_get_current_user();
$uid = (int) $user->ID;
if (!$uid) {
/**
* Filter whether the user who generated the nonce is logged out.
*
* @since 3.5.0
*
* @param int $uid ID of the nonce-owning user.
* @param string $action The nonce action.
*/
$uid = apply_filters('nonce_user_logged_out', $uid, $action);
}
if (empty($nonce)) {
die('<mainwp>' . base64_encode(json_encode(array('error' => 'You dont send nonce: ' . $action))) . '</mainwp>');
}
$token = wp_get_session_token();
$i = wp_nonce_tick();
// Nonce generated 0-12 hours ago
$expected = substr(wp_hash($i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10);
if (hash_equals($expected, $nonce)) {
return 1;
}
// Nonce generated 12-24 hours ago
$expected = substr(wp_hash($i - 1 . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10);
if (hash_equals($expected, $nonce)) {
return 2;
}
// Invalid nonce
die('<mainwp>' . base64_encode(json_encode(array('error' => 'Invalid nonce. Try use: ' . $action))) . '</mainwp>');
}
function wptouch_create_anonymous_nonce($action)
{
// Creates a valid WordPress nonce for anonymous requests.
$uid = 0;
$token = '';
$i = wp_nonce_tick();
$nonce = substr(wp_hash($i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10);
return $nonce;
}
public function verify_nonce($nonce, $action)
{
$i = wp_nonce_tick();
if (substr(wp_hash($i . $action, 'nonce'), -12, 10) === $nonce) {
return true;
}
if (substr(wp_hash($i - 1 . $action, 'nonce'), -12, 10) === $nonce) {
return true;
}
return false;
}
function wp_create_nonce($action = -1)
{
$user = wp_get_current_user();
$uid = (int) $user->ID;
if (!$uid) {
/** This filter is documented in wp-includes/pluggable.php */
$uid = apply_filters('nonce_user_logged_out', $uid, $action);
}
$token = wp_get_session_token();
$i = wp_nonce_tick();
return substr(wp_hash($i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10);
}
/**
* Local nonce verification.
* WordPress uses the UID and sometimes I don't want that
* Verify that correct nonce was used with time limit.
*
* The user is given an amount of time to use the token, so therefore, since the
* $action remain the same, the independent variable is the time.
*
* @param string $nonce Nonce that was used in the form to verify
* @param string|int $action Should give context to what is taking place and be the same when nonce was created.
*
* @return bool Whether the nonce check passed or failed.
*/
public static function verifyNonce($nonce, $action = -1)
{
$r = false;
$i = wp_nonce_tick();
// Nonce generated 0-12 hours ago
if (substr(wp_hash($i . $action, 'nonce'), -12, 10) == $nonce) {
$r = 1;
} elseif (substr(wp_hash($i - 1 . $action, 'nonce'), -12, 10) == $nonce) {
// Nonce generated 12-24 hours ago
$r = 2;
}
return $r;
}
/**
* Creates a random, one time use token.
*
* @since 2.0.4
*
* @param string|int $action Scalar value to add context to the nonce.
* @return string The one use form token
*/
function wp_create_nonce($action = -1)
{
$user = wp_get_current_user();
$uid = (int) $user->id;
$i = wp_nonce_tick();
return substr(wp_hash($i . $action . $uid), -12, 10);
}
/**
* Creates a random, one time use token.
*
* @since 2.0.3
*
* @param string|int $action Scalar value to add context to the nonce.
* @return string The one use form token
*/
function wp_create_nonce($action = -1)
{
$user = wp_get_current_user();
$uid = (int) $user->ID;
if (!$uid) {
$uid = apply_filters('nonce_user_logged_out', $uid, $action);
}
$i = wp_nonce_tick();
return substr(wp_hash($i . '|' . $action . '|' . $uid, 'nonce'), -12, 10);
}
function rs_wpss_create_nonce($action, $name = '_wpss_nonce')
{
/***
* Creates a different nonce system than WordPress.
* 24 hours or 1 time use.
* Difference vs WP nonces: Nonce must exist in database, is not tied to a user ID, and is truly 1 time use.
* WP nonces don't work for every application. If a comment is posted, and a notification email is sent to admin with link to blacklist the IP, this works better.
***/
$i = wp_nonce_tick();
$timenow = time();
$nonce = substr(rs_wpss_md5($i . $action . $name . WPSS_HASH . $timenow), -12, 10);
$spamshield_nonces = get_option('spamshield_nonces');
if (empty($spamshield_nonces)) {
$spamshield_nonces = array();
} else {
foreach ($spamshield_nonces as $i => $n) {
if ($n['expire'] <= $timenow) {
unset($spamshield_nonces[$i]);
}
}
}
$expire = $timenow + 86400;
/* 24 hours */
$spamshield_nonces[] = array('nonce' => $nonce, 'action' => $action, 'name' => $name, 'expire' => $expire);
update_option('spamshield_nonces', $spamshield_nonces, FALSE);
return $nonce;
}
/**
*
* Get a url to run a job of BackWPup
*
* @param string $starttype Start types are 'runnow', 'runnowlink', 'cronrun', 'runext', 'restart', 'test'
* @param int $jobid The id of job to start else 0
* @return array|object [url] is the job url [header] for auth header or object form wp_remote_get()
*/
public static function get_jobrun_url($starttype, $jobid = 0)
{
$wp_admin_user = get_users(array('role' => 'backwpup_admin', 'number' => 1));
//get a user for cookie auth
$url = site_url('wp-cron.php');
$header = array();
$authurl = '';
$query_args = array('_nonce' => substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-' . $starttype, 'nonce'), -12, 10), 'doing_wp_cron' => sprintf('%.22F', microtime(true)));
if (in_array($starttype, array('restart', 'runnow', 'cronrun', 'runext', 'test'))) {
$query_args['backwpup_run'] = $starttype;
}
if (in_array($starttype, array('runnowlink', 'runnow', 'cronrun', 'runext')) && !empty($jobid)) {
$query_args['jobid'] = $jobid;
}
if (get_site_option('backwpup_cfg_httpauthuser') && get_site_option('backwpup_cfg_httpauthpassword')) {
$header['Authorization'] = 'Basic ' . base64_encode(get_site_option('backwpup_cfg_httpauthuser') . ':' . BackWPup_Encryption::decrypt(get_site_option('backwpup_cfg_httpauthpassword')));
$authurl = get_site_option('backwpup_cfg_httpauthuser') . ':' . BackWPup_Encryption::decrypt(get_site_option('backwpup_cfg_httpauthpassword')) . '@';
}
if ($starttype == 'runext') {
$query_args['_nonce'] = get_site_option('backwpup_cfg_jobrunauthkey');
$query_args['doing_wp_cron'] = NULL;
if (!empty($authurl)) {
$url = str_replace('https://', 'https://' . $authurl, $url);
$url = str_replace('http://', 'http://' . $authurl, $url);
}
}
if ($starttype == 'runnowlink' && (!defined('ALTERNATE_WP_CRON') || !ALTERNATE_WP_CRON)) {
$url = wp_nonce_url(network_admin_url('admin.php'), 'backwpup_job_run-' . $starttype);
$query_args['page'] = 'backwpupjobs';
$query_args['action'] = 'runnow';
$query_args['doing_wp_cron'] = NULL;
unset($query_args['_nonce']);
}
if ($starttype == 'runnowlink' && defined('ALTERNATE_WP_CRON') && ALTERNATE_WP_CRON) {
$query_args['backwpup_run'] = 'runnowalt';
$query_args['_nonce'] = substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-runnowalt', 'nonce'), -12, 10);
$query_args['doing_wp_cron'] = NULL;
}
//Extra for WP-Cron control
if (class_exists('WP_Cron_Control') && ($starttype == 'runext' || $starttype == 'runnow' || $starttype == 'restart')) {
$wp_cron_control_settings = get_option('wpcroncontrol_settings', array());
if (empty($wp_cron_control_settings['secret_string']) && file_exists(WP_PLUGIN_DIR . '/wp-cron-control/wp-cron-control.php')) {
$wp_cron_control_settings['secret_string'] = md5(realpath(WP_PLUGIN_DIR . '/wp-cron-control/wp-cron-control.php') . get_current_blog_id());
$wp_cron_control_settings['enable'] = 1;
}
if (isset($wp_cron_control_settings['enable']) && $wp_cron_control_settings['enable'] == 1) {
if (defined('WP_CRON_CONTROL_SECRET')) {
$wp_cron_control_settings['secret_string'] = WP_CRON_CONTROL_SECRET;
}
$query_args[$wp_cron_control_settings['secret_string']] = '';
$query_args['doing_wp_cron'] = NULL;
}
}
$cron_request = apply_filters('cron_request', array('url' => add_query_arg($query_args, $url), 'key' => $query_args['doing_wp_cron'], 'args' => array('blocking' => FALSE, 'sslverify' => apply_filters('https_local_ssl_verify', true), 'timeout' => 0.01, 'headers' => $header, 'cookies' => array(new WP_Http_Cookie(array('name' => AUTH_COOKIE, 'value' => wp_generate_auth_cookie($wp_admin_user[0]->ID, time() + 300, 'auth'))), new WP_Http_Cookie(array('name' => LOGGED_IN_COOKIE, 'value' => wp_generate_auth_cookie($wp_admin_user[0]->ID, time() + 300, 'logged_in')))), 'user-agent' => BackWpup::get_plugin_data('User-Agent'))));
if ($starttype == 'test') {
$cron_request['args']['timeout'] = 15;
$cron_request['args']['blocking'] = TRUE;
}
if (!in_array($starttype, array('runnowlink', 'runext'))) {
set_transient('doing_cron', $query_args['doing_wp_cron']);
return wp_remote_post($cron_request['url'], $cron_request['args']);
}
return $cron_request;
}
public function is_valid_token($token)
{
$token_json = base64_decode($token);
$token_array = json_decode($token_json, true);
if (empty($token_array)) {
return false;
}
$timestamp = $token_array['timestamp'];
$user_id = $token_array['user_id'];
$new_status = $token_array['new_status'];
$entry_id = $token_array['entry_id'];
$sig = $token_array['sig'];
$expiration_days = apply_filters('gravityflow_approval_token_expiration_days', 1);
$i = wp_nonce_tick();
$is_valid = false;
for ($n = 1; $n <= $expiration_days; $n++) {
$sig_key = sprintf('%s|%s|%s|%s|%s|%s', $i, $this->get_id(), $timestamp, $entry_id, $user_id, $new_status);
$verification_sig = substr(wp_hash($sig_key), -12, 10);
if (hash_equals($verification_sig, $sig)) {
$is_valid = true;
break;
}
$i--;
}
return $is_valid;
}
/**
* Checks if scheduled task is ready for execution,
* if it is ready master sends google_drive_token, failed_emails, success_emails if are needed.
*
* @return void
*/
function check_backup_tasks()
{
$this->check_cron_remove();
$failed_emails = array();
$settings = $this->tasks;
if (is_array($settings) && !empty($settings)) {
foreach ($settings as $task_name => $setting) {
if (isset($setting['task_args']['next']) && $setting['task_args']['next'] < time()) {
//if ($setting['task_args']['next'] && $_GET['force_backup']) {
if ($setting['task_args']['url'] && $setting['task_args']['task_id'] && $setting['task_args']['site_key']) {
//Check orphan task
$check_data = array('task_name' => $task_name, 'task_id' => $setting['task_args']['task_id'], 'site_key' => $setting['task_args']['site_key'], 'worker_version' => MMB_WORKER_VERSION);
if (isset($setting['task_args']['account_info']['mwp_google_drive']['google_drive_token'])) {
$check_data['mwp_google_drive_refresh_token'] = true;
}
$check = $this->validate_task($check_data, $setting['task_args']['url']);
if ($check == 'paused' || $check == 'deleted') {
continue;
}
$worker_upto_3_9_22 = MMB_WORKER_VERSION <= '3.9.22';
// worker version is less or equals to 3.9.22
// This is the patch done in worker 3.9.22 because old worked provided message in the following format:
// token - not found or token - {...json...}
// The new message is a serialized string with google_drive_token or message.
if ($worker_upto_3_9_22) {
$potential_token = substr($check, 8);
if (substr($check, 0, 8) == 'token - ' && $potential_token != 'not found') {
$this->tasks[$task_name]['task_args']['account_info']['mwp_google_drive']['google_drive_token'] = $potential_token;
$settings[$task_name]['task_args']['account_info']['mwp_google_drive']['google_drive_token'] = $potential_token;
$setting['task_args']['account_info']['mwp_google_drive']['google_drive_token'] = $potential_token;
}
} else {
$potential_token = isset($check['google_drive_token']) ? $check['google_drive_token'] : false;
if ($potential_token) {
$this->tasks[$task_name]['task_args']['account_info']['mwp_google_drive']['google_drive_token'] = $potential_token;
$settings[$task_name]['task_args']['account_info']['mwp_google_drive']['google_drive_token'] = $potential_token;
$setting['task_args']['account_info']['mwp_google_drive']['google_drive_token'] = $potential_token;
}
}
}
$update = array('task_name' => $task_name, 'args' => $settings[$task_name]['task_args']);
if ($check != 'paused') {
$update['time'] = time();
}
//Update task with next schedule
$this->set_backup_task($update);
if ($check == 'paused') {
continue;
}
$result = $this->backup($setting['task_args'], $task_name);
$error = '';
if (is_array($result) && array_key_exists('error', $result)) {
$error = $result;
$this->set_backup_task(array('task_name' => $task_name, 'args' => $settings[$task_name]['task_args'], 'error' => $error));
} else {
if (@count($setting['task_args']['account_info'])) {
// Old way through sheduling.
// wp_schedule_single_event(time(), 'mmb_scheduled_remote_upload', array('args' => array('task_name' => $task_name)));
$nonce = substr(wp_hash(wp_nonce_tick() . 'mmb-backup-nonce' . 0, 'nonce'), -12, 10);
$cron_url = site_url('index.php');
$backup_file = $this->tasks[$task_name]['task_results'][count($this->tasks[$task_name]['task_results']) - 1]['server']['file_url'];
$del_host_file = $this->tasks[$task_name]['task_args']['del_host_file'];
$public_key = get_option('_worker_public_key');
$args = array('body' => array('backup_cron_action' => 'mmb_remote_upload', 'args' => json_encode(array('task_name' => $task_name, 'backup_file' => $backup_file, 'del_host_file' => $del_host_file)), 'mmb_backup_nonce' => $nonce, 'public_key' => $public_key), 'timeout' => 0.01, 'blocking' => false, 'sslverify' => apply_filters('https_local_ssl_verify', true));
wp_remote_post($cron_url, $args);
}
}
break;
//Only one backup per cron
}
}
}
}
/**
* Verifies nonce.
*
* @version 1.17.3
*/
public static function verify_nonce($nonce, $action = false)
{
$user = wp_get_current_user();
$uid = (int) $user->ID;
if (empty($uid)) {
$uid = $_SERVER['REMOTE_ADDR'];
}
$i = wp_nonce_tick();
// Nonce generated 0-12 hours ago
if (substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce) {
return 1;
}
// Nonce generated 12-24 hours ago
if (substr(wp_hash($i - 1 . $action . $uid, 'nonce'), -12, 10) == $nonce) {
return 2;
}
// Invalid nonce
return false;
}
function verify_anon_nonce($nonce, $action = -1)
{
$i = wp_nonce_tick();
// Nonce generated 0-12 hours ago
if (substr(wp_hash($i . $action), -12, 10) == $nonce) {
return 1;
}
// Nonce generated 12-24 hours ago
if (substr(wp_hash($i - 1 . $action), -12, 10) == $nonce) {
return 2;
}
// Invalid nonce
return false;
}
function wooRedirect($message, $error = false)
{
if (!$this->useWoo()) {
return false;
}
if ($error === false) {
$type = 'cs_message';
} else {
$type = 'cs_error';
}
$i = wp_nonce_tick();
$nonce = substr(wp_hash($i . 'dit_logout' . 0, 'nonce'), -12, 10);
wp_redirect(get_permalink(woocommerce_get_page_id('myaccount')) . '?' . $type . '=' . urlencode($message) . '&_nonce=' . $nonce);
exit;
}
public static function verify_noprivnonce($nonce, $action, $id)
{
$i = wp_nonce_tick();
if (substr(wp_hash($i . $action . $id, 'nonce'), -12, 10) == $nonce) {
return 1;
}
if (substr(wp_hash($i - 1 . $action . $id, 'nonce'), -12, 10) == $nonce) {
return 2;
}
return false;
}
/**
* Verify that correct shared nonce was used with time limit.
*
* Uses nonces not linked to the current user. See {@see create_shared_nonce()}
* for more about why this exists.
*
* @param string $nonce Nonce that was used in the form to verify
* @param string|int $action Should give context to what is taking place and be the same when nonce was created.
* @return bool Whether the nonce check passed or failed.
*/
function verify_shared_nonce($nonce, $action)
{
if (empty($nonce)) {
return false;
}
$i = wp_nonce_tick();
// Nonce generated 0-12 hours ago
$expected = substr(wp_hash($i . '|' . $action, 'nonce'), -12, 10);
if (hash_equals($expected, $nonce)) {
return 1;
}
// Nonce generated 12-24 hours ago
$expected = substr(wp_hash($i - 1 . '|' . $action, 'nonce'), -12, 10);
if (hash_equals($expected, $nonce)) {
return 2;
}
// Invalid nonce
return false;
}
/**
* Verify Token
* Based on wp_verify_nonce() this function requires the user id used when the token
* was created as by default not logged in users would generate different tokens causing us
* to fail.
*
* @param $user_id (int) required user id
* @param $nonce (string) required nonce to check
* @returns true or false
* @since 0.1
* @version 1.0.1
*/
function verify_token($user_id, $nonce)
{
$uid = absint($user_id);
$i = wp_nonce_tick();
if (substr(wp_hash($i . 'mycred-buy-' . $this->id . $uid, 'nonce'), -12, 10) == $nonce) {
return true;
}
if (substr(wp_hash($i - 1 . 'mycred-buy-' . $this->id . $uid, 'nonce'), -12, 10) === $nonce) {
return true;
}
return false;
}
function wpcf7_create_nonce($action = -1)
{
$i = wp_nonce_tick();
$uid = 0;
return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
}
/**
* Start job if in cron and run query args are set.
*/
public static function cron_active()
{
//only if cron active
if (!defined('DOING_CRON') || !DOING_CRON) {
return;
}
//only work if backwpup_run as query var ist set and nothing else and the value ist right
if (empty($_GET['backwpup_run']) || !in_array($_GET['backwpup_run'], array('test', 'restart', 'runnow', 'runnowalt', 'runext', 'cronrun'))) {
return;
}
//special header
@session_write_close();
@header('Content-Type: text/html; charset=' . get_bloginfo('charset'), TRUE);
@header('X-Robots-Tag: noindex, nofollow', TRUE);
@header('X-BackWPup-Version: ' . BackWPup::get_plugin_data('version'), TRUE);
nocache_headers();
//on test die for fast feedback
if ($_GET['backwpup_run'] == 'test') {
die('BackWPup Test');
}
// generate normal nonce
$nonce = substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-' . $_GET['backwpup_run'], 'nonce'), -12, 10);
//special nonce on external start
if ($_GET['backwpup_run'] == 'runext') {
$nonce = get_site_option('backwpup_cfg_jobrunauthkey');
}
// check nonce
if (empty($_GET['_nonce']) || $nonce != $_GET['_nonce']) {
return;
}
//check runext is allowed for job
if ($_GET['backwpup_run'] == 'runext') {
$jobids_external = BackWPup_Option::get_job_ids('activetype', 'link');
if (!isset($_GET['jobid']) || !in_array($_GET['jobid'], $jobids_external)) {
return;
}
}
//run BackWPup job
BackWPup_Job::start_http($_GET['backwpup_run']);
die;
}
protected function verify_nonce_without_session($nonce, $action = -1)
{
$nonce = (string) $nonce;
$user = wp_get_current_user();
$uid = (int) $user->ID;
if (!$uid) {
$uid = apply_filters('nonce_user_logged_out', $uid, $action);
}
if (empty($nonce)) {
return false;
}
$i = wp_nonce_tick();
$expected = substr(wp_hash($i . '|' . $action . '|' . $uid, 'nonce'), -12, 10);
if (hash_equals($expected, $nonce)) {
return 1;
}
$expected = substr(wp_hash($i - 1 . '|' . $action . '|' . $uid, 'nonce'), -12, 10);
if (hash_equals($expected, $nonce)) {
return 2;
}
return false;
}
protected function session_indep_verify_nonce($nonce, $action = -1)
{
$nonce = (string) $nonce;
if (empty($nonce)) {
return false;
}
$i = wp_nonce_tick();
// Nonce generated 0-12 hours ago
$expected = substr(wp_hash($i . '|' . $action, 'nonce'), -12, 10);
if ($this->hash_equals($expected, $nonce)) {
return 1;
}
// Nonce generated 12-24 hours ago
$expected = substr(wp_hash($i - 1 . '|' . $action, 'nonce'), -12, 10);
if ($this->hash_equals($expected, $nonce)) {
return 2;
}
// Invalid nonce
return false;
}
/**
* WangGuard nonce
*/
function wangguard_get_nonce_value($action)
{
$user = wp_get_current_user();
$uid = (int) $user->ID;
$i = wp_nonce_tick();
return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
}
/**
* Verify that the correct nonce was used within the time limit.
*
* @uses wp_nonce_tick()
* @uses wp_hash()
*
* @param string $nonce Nonce to be verified
*
* @return bool Whether the nonce check passed or failed
*/
protected function verify_async_nonce($nonce)
{
$action = $this->get_nonce_action();
$i = wp_nonce_tick();
// Nonce generated 0-12 hours ago
if (substr(wp_hash($i . $action . get_class($this), 'nonce'), -12, 10) == $nonce) {
return 1;
}
// Nonce generated 12-24 hours ago
if (substr(wp_hash($i - 1 . $action . get_class($this), 'nonce'), -12, 10) == $nonce) {
return 2;
}
// Invalid nonce
return false;
}
function wp_create_nonce_loggedout($action = -1)
{
// https://www.snip2code.com/Snippet/613860/Nonce-for-loggedout-user-from-loggedin-u
$i = wp_nonce_tick();
return substr(wp_hash($i . '|' . $action . '|0|', 'nonce'), -12, 10);
}
/**
*
* Get a url to run a job of BackWPup
*
* @param string $starttype Start types are 'runnow', 'runnowlink', 'cronrun', 'runext', 'restart', 'restartalt', 'test'
* @param int $jobid The id of job to start else 0
*
* @return array|object [url] is the job url [header] for auth header or object form wp_remote_get()
*/
public static function get_jobrun_url($starttype, $jobid = 0)
{
$authentication = get_site_option('backwpup_cfg_authentication', array('method' => '', 'basic_user' => '', 'basic_password' => '', 'user_id' => 0, 'query_arg' => ''));
$url = site_url('wp-cron.php');
$header = array('Cache-Control' => 'no-cache');
$authurl = '';
$query_args = array('_nonce' => substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-' . $starttype, 'nonce'), -12, 10), 'doing_wp_cron' => sprintf('%.22F', microtime(true)));
if (in_array($starttype, array('restart', 'runnow', 'cronrun', 'runext', 'test'), true)) {
$query_args['backwpup_run'] = $starttype;
}
if (in_array($starttype, array('runnowlink', 'runnow', 'cronrun', 'runext'), true) && !empty($jobid)) {
$query_args['jobid'] = $jobid;
}
if (!empty($authentication['basic_user']) && !empty($authentication['basic_password']) && $authentication['method'] == 'basic') {
$header['Authorization'] = 'Basic ' . base64_encode($authentication['basic_user'] . ':' . BackWPup_Encryption::decrypt($authentication['basic_password']));
$authurl = urlencode($authentication['basic_user']) . ':' . urlencode(BackWPup_Encryption::decrypt($authentication['basic_password'])) . '@';
}
if (!empty($authentication['query_arg']) && $authentication['method'] == 'query_arg') {
$url .= '?' . $authentication['query_arg'];
}
if ($starttype === 'runext') {
$query_args['_nonce'] = get_site_option('backwpup_cfg_jobrunauthkey');
$query_args['doing_wp_cron'] = null;
if (!empty($authurl)) {
$url = str_replace('https://', 'https://' . $authurl, $url);
$url = str_replace('http://', 'http://' . $authurl, $url);
}
}
if ($starttype === 'runnowlink' && (!defined('ALTERNATE_WP_CRON') || !ALTERNATE_WP_CRON)) {
$url = wp_nonce_url(network_admin_url('admin.php'), 'backwpup_job_run-' . $starttype);
$query_args['page'] = 'backwpupjobs';
$query_args['action'] = 'runnow';
$query_args['doing_wp_cron'] = null;
unset($query_args['_nonce']);
}
if ($starttype === 'runnowlink' && defined('ALTERNATE_WP_CRON') && ALTERNATE_WP_CRON) {
$query_args['backwpup_run'] = 'runnowalt';
$query_args['_nonce'] = substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-runnowalt', 'nonce'), -12, 10);
$query_args['doing_wp_cron'] = null;
}
if ($starttype === 'restartalt' && defined('ALTERNATE_WP_CRON') && ALTERNATE_WP_CRON) {
$query_args['backwpup_run'] = 'restart';
$query_args['_nonce'] = null;
}
if ($starttype === 'restart' || $starttype === 'test') {
$query_args['_nonce'] = null;
}
if (!empty($authentication['user_id']) && $authentication['method'] === 'user') {
//cache cookies for auth some
$cookies = get_site_transient('backwpup_cookies');
if (empty($cookies)) {
$wp_admin_user = get_users(array('role' => 'administrator', 'number' => 1));
if (empty($wp_admin_user)) {
$wp_admin_user = get_users(array('role' => 'backwpup_admin', 'number' => 1));
}
if (!empty($wp_admin_user[0]->ID)) {
$expiration = time() + 356 * DAY_IN_SECONDS;
$manager = WP_Session_Tokens::get_instance($wp_admin_user[0]->ID);
$token = $manager->create($expiration);
$cookies[LOGGED_IN_COOKIE] = wp_generate_auth_cookie($wp_admin_user[0]->ID, $expiration, 'logged_in', $token);
}
set_site_transient('backwpup_cookies', $cookies, HOUR_IN_SECONDS - 30);
}
} else {
$cookies = '';
}
$cron_request = array('url' => add_query_arg($query_args, $url), 'key' => $query_args['doing_wp_cron'], 'args' => array('blocking' => false, 'sslverify' => false, 'timeout' => 0.01, 'headers' => $header, 'user-agent' => BackWPup::get_plugin_data('User-Agent')));
if (!empty($cookies)) {
foreach ($cookies as $name => $value) {
$cron_request['args']['cookies'][] = new WP_Http_Cookie(array('name' => $name, 'value' => $value));
}
}
$cron_request = apply_filters('cron_request', $cron_request);
if ($starttype === 'test') {
$cron_request['args']['timeout'] = 15;
$cron_request['args']['blocking'] = true;
}
if (!in_array($starttype, array('runnowlink', 'runext', 'restartalt'), true)) {
delete_transient('doing_cron');
return wp_remote_post($cron_request['url'], $cron_request['args']);
}
return $cron_request;
}
/**
* Get the time-dependent variable for nonce creation.
* @return int
*/
public function nonce_tick()
{
return \wp_nonce_tick();
}
/**
* Start job if in cron and run query args are set.
*/
public static function cron_active($args = array())
{
//only if cron active
if (!defined('DOING_CRON') || !DOING_CRON) {
return;
}
if (isset($_GET['backwpup_run'])) {
$args['run'] = sanitize_text_field($_GET['backwpup_run']);
}
if (isset($_GET['_nonce'])) {
$args['nonce'] = sanitize_text_field($_GET['_nonce']);
}
if (isset($_GET['jobid'])) {
$args['jobid'] = absint($_GET['jobid']);
}
$args = array_merge(array('run' => '', 'nonce' => '', 'jobid' => 0), $args);
if (!in_array($args['run'], array('test', 'restart', 'runnow', 'runnowalt', 'runext', 'cronrun'), true)) {
return;
}
//special header
@session_write_close();
@header('Content-Type: text/html; charset=' . get_bloginfo('charset'), true);
@header('X-Robots-Tag: noindex, nofollow', true);
nocache_headers();
//on test die for fast feedback
if ($args['run'] === 'test') {
die('BackWPup test request');
}
if ($args['run'] === 'restart') {
$job_object = BackWPup_Job::get_working_data();
//restart job if not working or a restart wished
$not_worked_time = microtime(TRUE) - $job_object->timestamp_last_update;
if (!$job_object->pid || $not_worked_time > 300) {
BackWPup_Job::start_http('restart');
return;
}
}
// generate normal nonce
$nonce = substr(wp_hash(wp_nonce_tick() . 'backwpup_job_run-' . $args['run'], 'nonce'), -12, 10);
//special nonce on external start
if ($args['run'] === 'runext') {
$nonce = get_site_option('backwpup_cfg_jobrunauthkey');
}
if ($args['run'] === 'cronrun') {
$nonce = '';
}
// check nonce
if ($nonce !== $args['nonce']) {
return;
}
//check runext is allowed for job
if ($args['run'] === 'runext') {
$jobids_link = BackWPup_Option::get_job_ids('activetype', 'link');
$jobids_easycron = BackWPup_Option::get_job_ids('activetype', 'easycron');
$jobids_external = array_merge($jobids_link, $jobids_easycron);
if (!in_array($args['jobid'], $jobids_external, true)) {
return;
}
}
//run BackWPup job
BackWPup_Job::start_http($args['run'], $args['jobid']);
}
function jfb_debug_nonce_components()
{
global $opt_jfb_generated_nonce;
$user = wp_get_current_user();
$uid = (int) $user->id;
$nonce_life = apply_filters('nonce_life', 86400);
$time = time();
$nonce_tick = ceil(time() / ($nonce_life / 2));
$tick_verify = wp_nonce_tick();
$hash = wp_hash($i . $action . $uid, 'nonce');
$nonce = substr($hash, -12, 10);
return "NONCE: {$nonce}, uid: {$uid}, life: {$nonce_life}, time: {$time}, tick: {$nonce_tick}, verify: {$tick_verify}, hash: {$hash}";
}
