/** * Session handler assigned by session_set_save_handler(). * * This function is used to handle any initialization, such as file paths or * database connections, that is needed before accessing session data. The plugin * does not need to initialize anything in this function. * * This function should not be called directly. * * @return true */ function _pantheon_session_open() { // We use !empty() in the following check to ensure that blank session IDs are not valid. if ( ! empty( $_COOKIE[ session_name() ] ) || ( is_ssl() && ! empty( $_COOKIE[ substr(session_name(), 1) ] ) ) ) { // If a session cookie exists, initialize the session. Otherwise the // session is only started on demand in _pantheon_session_write(), making // anonymous users not use a session cookie unless something is stored in // $_SESSION. This allows HTTP proxies to cache anonymous pageviews. if ( get_current_user_id() || ! empty( $_SESSION ) ) { nocache_headers(); } } else { // Set a session identifier for this request. This is necessary because // we lazily start sessions at the end of this request require_once( ABSPATH . 'wp-includes/class-phpass.php'); $hasher = new PasswordHash( 8, false ); session_id( md5( $hasher->get_random_bytes( 32 ) ) ); if ( is_ssl() ) { $insecure_session_name = substr( session_name(), 1 ); $insecure_session_id = md5( $hasher->get_random_bytes( 32 ) ); //set custom expire time during cookie session creation $lifetime = (int) apply_filters( 'pantheon_session_expiration', 0 ); setcookie( $insecure_session_name, $insecure_session_id, $_SERVER['REQUEST_TIME'] + $lifetime); } } return true; }
public static function generate_key($bitsize = self::DEFAULT_KEY_BIT_SIZE) { global $wp_hasher; if ($bitsize < 8 || $bitsize % 8 !== 0) { // @TODO: handle this wp_die(-1); } if (empty($wp_hasher)) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash(8, true); } return base64_encode($wp_hasher->get_random_bytes($bitsize / 8)); }
/** * Generate a unique customer ID for guests, or return user ID if logged in. * * Uses Portable PHP password hashing framework to generate a unique cryptographically strong ID. * * @return int|string */ public function generate_customer_id() { if (is_user_logged_in()) { return get_current_user_id(); } else { require_once ABSPATH . 'wp-includes/class-phpass.php'; $hasher = new PasswordHash(8, false); return md5($hasher->get_random_bytes(32)); } }
/** * Generate a cryptographically strong unique ID for the session token. * * @return string */ protected function generate_id() { require_once ABSPATH . 'wp-includes/class-phpass.php'; $hasher = new PasswordHash(8, false); return md5($hasher->get_random_bytes(32)); }
function tep_create_random_value($length, $type = 'mixed') { if ($type != 'mixed' && $type != 'chars' && $type != 'digits') { $type = 'mixed'; } $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $digits = '0123456789'; $base = ''; if ($type == 'mixed' || $type == 'chars') { $base .= $chars; } if ($type == 'mixed' || $type == 'digits') { $base .= $digits; } $value = ''; if (!class_exists('PasswordHash')) { include 'includes/classes/passwordhash.php'; } $hasher = new PasswordHash(10, true); do { $random = base64_encode($hasher->get_random_bytes($length)); for ($i = 0, $n = strlen($random); $i < $n; $i++) { $char = substr($random, $i, 1); if (strpos($base, $char) !== false) { $value .= $char; } } } while (strlen($value) < $length); if (strlen($value) > $length) { $value = substr($value, 0, $length); } return $value; }
/** * Generate a session id * * @return string session id */ protected function _set_session_id() { require_once ABSPATH . 'wp-includes/class-phpass.php'; $hash = new PasswordHash(8, false); self::$session_id = md5($hash->get_random_bytes(32)); return self::$session_id; }
private function encrypt($password, $master_password = false) { // decrypt the master password if ($master_password === false) { $master_password = $this->account->decrypt_password(); } // generate a random salt require_once "PasswordHash.php"; $hasher = new PasswordHash(8, false); $salt = $hasher->get_random_bytes(100); // hash the master password $master_password = $this->keygen_s2k($master_password, $salt, 32); // encrypt the password with the hashed master password $crypt = new PHP_Crypt($master_password, PHP_Crypt::CIPHER_AES_256, PHP_Crypt::MODE_CTR); $iv = $crypt->createIV(); $encrypted_password = $crypt->encrypt($password); // return all important variables return array("iv" => $iv, "encrypted_password" => $encrypted_password, "salt" => $salt); }
function createRandomValue($length, $type = 'mixed') { if ($type != 'mixed' && $type != 'chars' && $type != 'digits') { $type = 'mixed'; } $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $digits = '0123456789'; $base = ''; if ($type == 'mixed' || $type == 'chars') { $base .= $chars; } if ($type == 'mixed' || $type == 'digits') { $base .= $digits; } $value = ''; if (!class_exists('PasswordHash') && file_exists(DIR_FS_CATALOG . 'includes/classes/passwordhash.php')) { include DIR_FS_CATALOG . 'includes/classes/passwordhash.php'; $hasher = new PasswordHash(10, true); do { $random = base64_encode($hasher->get_random_bytes($length)); for ($i = 0, $n = strlen($random); $i < $n; $i++) { $char = substr($random, $i, 1); if (strpos($base, $char) !== false) { $value .= $char; } } } while (strlen($value) < $length); if (strlen($value) > $length) { $value = substr($value, 0, $length); } return $value; } // fallback for v2.3.1 while (strlen($value) < $length) { if ($type == 'digits') { $char = tep_rand(0, 9); } else { $char = chr(tep_rand(0, 255)); } if ($type == 'mixed') { if (preg_match('/^[a-z0-9]$/i', $char)) { $value .= $char; } } elseif ($type == 'chars') { if (preg_match('/^[a-z]$/i', $char)) { $value .= $char; } } elseif ($type == 'digits') { if (preg_match('/^[0-9]$/i', $char)) { $value .= $char; } } } return $value; }
function tep_generate_password($length) { if (!class_exists('PasswordHash')) { include DIR_WS_CLASSES . 'passwordhash.php'; } $hasher = new PasswordHash(10, true); return substr(base64_encode($hasher->get_random_bytes($length * 2)), 0, $length); }