activities_helper.php
1 year ago
agent_helper.php
1 year ago
auth_helper.php
9 months ago
blocks_helper.php
1 year ago
booking_helper.php
1 year ago
bricks_helper.php
1 year ago
bundles_helper.php
1 year ago
calendar_helper.php
9 months ago
carts_helper.php
1 year ago
connector_helper.php
1 year ago
csv_helper.php
9 months ago
customer_helper.php
9 months ago
customer_import_helper.php
9 months ago
database_helper.php
9 months ago
debug_helper.php
1 year ago
defaults_helper.php
1 year ago
elementor_helper.php
1 year ago
email_helper.php
9 months ago
encrypt_helper.php
1 year ago
events_helper.php
1 year ago
form_helper.php
9 months ago
icalendar_helper.php
1 year ago
image_helper.php
1 year ago
invoices_helper.php
9 months ago
license_helper.php
1 year ago
location_helper.php
1 year ago
marketing_systems_helper.php
1 year ago
meeting_systems_helper.php
1 year ago
menu_helper.php
9 months ago
meta_helper.php
1 year ago
migrations_helper.php
1 year ago
money_helper.php
1 year ago
notifications_helper.php
9 months ago
order_intent_helper.php
9 months ago
orders_helper.php
1 year ago
otp_helper.php
9 months ago
pages_helper.php
1 year ago
params_helper.php
1 year ago
payments_helper.php
1 year ago
price_breakdown_helper.php
1 year ago
process_jobs_helper.php
1 year ago
processes_helper.php
1 year ago
replacer_helper.php
1 year ago
resource_helper.php
1 year ago
roles_helper.php
9 months ago
router_helper.php
1 year ago
service_helper.php
1 year ago
sessions_helper.php
1 year ago
settings_helper.php
9 months ago
short_links_systems_helper.php
9 months ago
shortcodes_helper.php
9 months ago
sms_helper.php
1 year ago
steps_helper.php
9 months ago
stripe_connect_helper.php
9 months ago
styles_helper.php
9 months ago
support_topics_helper.php
1 year ago
time_helper.php
9 months ago
timeline_helper.php
9 months ago
transaction_helper.php
1 year ago
transaction_intent_helper.php
1 year ago
util_helper.php
9 months ago
version_specific_updates_helper.php
9 months ago
whatsapp_helper.php
1 year ago
work_periods_helper.php
1 year ago
wp_datetime.php
1 year ago
wp_user_helper.php
1 year ago
sessions_helper.php
98 lines
| 1 | <?php |
| 2 | |
| 3 | class OsSessionsHelper { |
| 4 | |
| 5 | private static $logged_in_customer_id = false; |
| 6 | |
| 7 | public static function setcookie( $name, $value, $expire = 0, $secure = false, $httponly = false ) { |
| 8 | if ( ! headers_sent() ) { |
| 9 | setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, $httponly ); |
| 10 | } elseif ( class_exists('Constants') && Constants::is_true( 'WP_DEBUG' ) ) { |
| 11 | headers_sent( $file, $line ); |
| 12 | trigger_error( "{$name} cookie cannot be set - headers already sent by {$file} on line {$line}", E_USER_NOTICE ); // @codingStandardsIgnoreLine |
| 13 | } |
| 14 | } |
| 15 | |
| 16 | public static function get_customer_session_cookie(){ |
| 17 | if(isset($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE])){ |
| 18 | return sanitize_text_field( wp_unslash($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE])); |
| 19 | }else{ |
| 20 | return false; |
| 21 | } |
| 22 | } |
| 23 | |
| 24 | public static function get_customer_token($customer_id){ |
| 25 | return 'latepoint'; |
| 26 | } |
| 27 | |
| 28 | public static function set_customer_session_cookie( $session, $expiration, $token ) { |
| 29 | $to_hash = $session->id . '|' . $session->hash . '|' . $expiration . '|' . $token; |
| 30 | // If ext/hash is not present, compat.php's hash_hmac() does not support sha256. |
| 31 | $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1'; |
| 32 | $cookie_hash = hash_hmac( $algo, $to_hash, wp_hash( $to_hash ) ); |
| 33 | $cookie_value = $session->id . '||' . $expiration . '||' . $cookie_hash; |
| 34 | |
| 35 | if ( ! isset( $_COOKIE[ LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE ] ) || $_COOKIE[ LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE ] !== $cookie_value ) { |
| 36 | self::setcookie( LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE, $cookie_value); |
| 37 | } |
| 38 | } |
| 39 | |
| 40 | public static function get_customer_id_from_session(){ |
| 41 | if(self::$logged_in_customer_id) return self::$logged_in_customer_id; |
| 42 | $cookie = self::get_customer_session_cookie(); |
| 43 | if(!$cookie) return false; |
| 44 | list($session_id, $expiration, $cookie_hash) = explode('||', $cookie); |
| 45 | if(!isset($session_id) || !is_numeric($session_id) || !isset($expiration) || !isset($cookie_hash)) return false; |
| 46 | $session = new OsSessionModel($session_id); |
| 47 | if(!$session) return false; |
| 48 | |
| 49 | $token = self::get_customer_token($session->session_key); |
| 50 | |
| 51 | $to_hash = $session->id . '|' . $session->hash . '|' . $expiration . '|' . $token; |
| 52 | |
| 53 | $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1'; |
| 54 | $control_hash = hash_hmac( $algo, $to_hash, wp_hash( $to_hash ) ); |
| 55 | // check if the cookie was altered by malicious user |
| 56 | if($control_hash != $cookie_hash){ |
| 57 | OsAuthHelper::logout_customer(); |
| 58 | self::destroy_customer_session_cookie(); |
| 59 | return false; |
| 60 | }else{ |
| 61 | self::$logged_in_customer_id = $session->session_key; |
| 62 | return self::$logged_in_customer_id; |
| 63 | } |
| 64 | } |
| 65 | |
| 66 | public static function start_or_use_session_for_customer($customer_id){ |
| 67 | // find existing session for the customer |
| 68 | $session_model = new OsSessionModel(); |
| 69 | $session = $session_model->where(['session_key' => $customer_id])->set_limit(1)->get_results_as_models(); |
| 70 | $token = self::get_customer_token($customer_id); |
| 71 | if($session){ |
| 72 | // expired session, renew |
| 73 | if($session->expiration < time()){ |
| 74 | $session->expiration = time() + 2 * DAY_IN_SECONDS; |
| 75 | $session->save(); |
| 76 | } |
| 77 | }else{ |
| 78 | $session = new OsSessionModel(); |
| 79 | $session->session_key = $customer_id; |
| 80 | $session->expiration = time() + 2 * DAY_IN_SECONDS; |
| 81 | $session->session_value = maybe_serialize([]); |
| 82 | $session->hash = wp_generate_password(20, false, false); |
| 83 | $session->save(); |
| 84 | } |
| 85 | self::set_customer_session_cookie($session, $session->expiration, $token); |
| 86 | self::$logged_in_customer_id = $customer_id; |
| 87 | } |
| 88 | |
| 89 | public static function destroy_customer_session_cookie() { |
| 90 | self::$logged_in_customer_id = false; |
| 91 | if (isset($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE])) { |
| 92 | unset($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE]); |
| 93 | setcookie(LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE, '', time() - 3600, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN); |
| 94 | } |
| 95 | } |
| 96 | |
| 97 | |
| 98 | } |