PluginProbe ʕ •ᴥ•ʔ
Appointment Booking Plugin – LatePoint | Calendar & Scheduling for WordPress / 5.1.7
Appointment Booking Plugin – LatePoint | Calendar & Scheduling for WordPress v5.1.7
5.6.8 5.6.7 5.6.6 5.6.5 5.6.4 5.6.3 5.6.2 5.6.1 5.6.0 5.5.2 5.5.1 5.5.0 5.4.2 trunk 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.1.8 5.1.9 5.1.91 5.1.92 5.1.93 5.1.94 5.2.0 5.2.1 5.2.10 5.2.11 5.2.2 5.2.3 5.2.4 5.2.5 5.2.6 5.2.7 5.2.8 5.2.9 5.3.0 5.3.1 5.3.2 5.4.0 5.4.1
latepoint / lib / helpers / sessions_helper.php
latepoint / lib / helpers Last commit date
activities_helper.php 1 year ago agent_helper.php 1 year ago auth_helper.php 1 year ago blocks_helper.php 1 year ago booking_helper.php 1 year ago bricks_helper.php 1 year ago bundles_helper.php 1 year ago calendar_helper.php 1 year ago carts_helper.php 1 year ago connector_helper.php 1 year ago csv_helper.php 1 year ago customer_helper.php 1 year ago database_helper.php 1 year ago debug_helper.php 1 year ago defaults_helper.php 1 year ago elementor_helper.php 1 year ago email_helper.php 1 year ago encrypt_helper.php 1 year ago events_helper.php 1 year ago form_helper.php 1 year ago icalendar_helper.php 1 year ago image_helper.php 1 year ago invoices_helper.php 1 year ago license_helper.php 1 year ago location_helper.php 1 year ago marketing_systems_helper.php 1 year ago meeting_systems_helper.php 1 year ago menu_helper.php 1 year ago meta_helper.php 1 year ago migrations_helper.php 1 year ago money_helper.php 1 year ago notifications_helper.php 1 year ago order_intent_helper.php 1 year ago orders_helper.php 1 year ago pages_helper.php 1 year ago params_helper.php 1 year ago payments_helper.php 1 year ago price_breakdown_helper.php 1 year ago process_jobs_helper.php 1 year ago processes_helper.php 1 year ago replacer_helper.php 1 year ago resource_helper.php 1 year ago roles_helper.php 1 year ago router_helper.php 1 year ago service_helper.php 1 year ago sessions_helper.php 1 year ago settings_helper.php 1 year ago shortcodes_helper.php 1 year ago sms_helper.php 1 year ago steps_helper.php 1 year ago stripe_connect_helper.php 1 year ago styles_helper.php 1 year ago support_topics_helper.php 1 year ago time_helper.php 1 year ago timeline_helper.php 1 year ago transaction_intent_helper.php 1 year ago util_helper.php 1 year ago version_specific_updates_helper.php 1 year ago whatsapp_helper.php 1 year ago work_periods_helper.php 1 year ago wp_datetime.php 1 year ago wp_user_helper.php 1 year ago
sessions_helper.php
98 lines
1 <?php
2
3 class OsSessionsHelper {
4
5 private static $logged_in_customer_id = false;
6
7 public static function setcookie( $name, $value, $expire = 0, $secure = false, $httponly = false ) {
8 if ( ! headers_sent() ) {
9 setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, $httponly );
10 } elseif ( class_exists('Constants') && Constants::is_true( 'WP_DEBUG' ) ) {
11 headers_sent( $file, $line );
12 trigger_error( "{$name} cookie cannot be set - headers already sent by {$file} on line {$line}", E_USER_NOTICE ); // @codingStandardsIgnoreLine
13 }
14 }
15
16 public static function get_customer_session_cookie(){
17 if(isset($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE])){
18 return sanitize_text_field( wp_unslash($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE]));
19 }else{
20 return false;
21 }
22 }
23
24 public static function get_customer_token($customer_id){
25 return 'latepoint';
26 }
27
28 public static function set_customer_session_cookie( $session, $expiration, $token ) {
29 $to_hash = $session->id . '|' . $session->hash . '|' . $expiration . '|' . $token;
30 // If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
31 $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
32 $cookie_hash = hash_hmac( $algo, $to_hash, wp_hash( $to_hash ) );
33 $cookie_value = $session->id . '||' . $expiration . '||' . $cookie_hash;
34
35 if ( ! isset( $_COOKIE[ LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE ] ) || $_COOKIE[ LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE ] !== $cookie_value ) {
36 self::setcookie( LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE, $cookie_value);
37 }
38 }
39
40 public static function get_customer_id_from_session(){
41 if(self::$logged_in_customer_id) return self::$logged_in_customer_id;
42 $cookie = self::get_customer_session_cookie();
43 if(!$cookie) return false;
44 list($session_id, $expiration, $cookie_hash) = explode('||', $cookie);
45 if(!isset($session_id) || !is_numeric($session_id) || !isset($expiration) || !isset($cookie_hash)) return false;
46 $session = new OsSessionModel($session_id);
47 if(!$session) return false;
48
49 $token = self::get_customer_token($session->session_key);
50
51 $to_hash = $session->id . '|' . $session->hash . '|' . $expiration . '|' . $token;
52
53 $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
54 $control_hash = hash_hmac( $algo, $to_hash, wp_hash( $to_hash ) );
55 // check if the cookie was altered by malicious user
56 if($control_hash != $cookie_hash){
57 OsAuthHelper::logout_customer();
58 self::destroy_customer_session_cookie();
59 return false;
60 }else{
61 self::$logged_in_customer_id = $session->session_key;
62 return self::$logged_in_customer_id;
63 }
64 }
65
66 public static function start_or_use_session_for_customer($customer_id){
67 // find existing session for the customer
68 $session_model = new OsSessionModel();
69 $session = $session_model->where(['session_key' => $customer_id])->set_limit(1)->get_results_as_models();
70 $token = self::get_customer_token($customer_id);
71 if($session){
72 // expired session, renew
73 if($session->expiration < time()){
74 $session->expiration = time() + 2 * DAY_IN_SECONDS;
75 $session->save();
76 }
77 }else{
78 $session = new OsSessionModel();
79 $session->session_key = $customer_id;
80 $session->expiration = time() + 2 * DAY_IN_SECONDS;
81 $session->session_value = maybe_serialize([]);
82 $session->hash = wp_generate_password(20, false, false);
83 $session->save();
84 }
85 self::set_customer_session_cookie($session, $session->expiration, $token);
86 self::$logged_in_customer_id = $customer_id;
87 }
88
89 public static function destroy_customer_session_cookie() {
90 self::$logged_in_customer_id = false;
91 if (isset($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE])) {
92 unset($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE]);
93 setcookie(LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE, '', time() - 3600, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN);
94 }
95 }
96
97
98 }