PluginProbe ʕ •ᴥ•ʔ
LatePoint – Calendar Booking Plugin for Appointments and Events / 5.2.2
LatePoint – Calendar Booking Plugin for Appointments and Events v5.2.2
5.6.7 5.6.6 5.6.5 5.6.4 5.6.3 5.6.2 5.6.1 5.6.0 5.5.2 5.5.1 5.5.0 5.4.2 trunk 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.1.8 5.1.9 5.1.91 5.1.92 5.1.93 5.1.94 5.2.0 5.2.1 5.2.10 5.2.11 5.2.2 5.2.3 5.2.4 5.2.5 5.2.6 5.2.7 5.2.8 5.2.9 5.3.0 5.3.1 5.3.2 5.4.0 5.4.1
latepoint / lib / helpers / sessions_helper.php
latepoint / lib / helpers Last commit date
activities_helper.php 1 year ago agent_helper.php 1 year ago auth_helper.php 9 months ago blocks_helper.php 1 year ago booking_helper.php 1 year ago bricks_helper.php 1 year ago bundles_helper.php 1 year ago calendar_helper.php 9 months ago carts_helper.php 1 year ago connector_helper.php 1 year ago csv_helper.php 9 months ago customer_helper.php 9 months ago customer_import_helper.php 9 months ago database_helper.php 9 months ago debug_helper.php 1 year ago defaults_helper.php 1 year ago elementor_helper.php 1 year ago email_helper.php 9 months ago encrypt_helper.php 1 year ago events_helper.php 1 year ago form_helper.php 9 months ago icalendar_helper.php 1 year ago image_helper.php 1 year ago invoices_helper.php 9 months ago license_helper.php 1 year ago location_helper.php 1 year ago marketing_systems_helper.php 1 year ago meeting_systems_helper.php 1 year ago menu_helper.php 9 months ago meta_helper.php 1 year ago migrations_helper.php 1 year ago money_helper.php 1 year ago notifications_helper.php 9 months ago order_intent_helper.php 9 months ago orders_helper.php 1 year ago otp_helper.php 9 months ago pages_helper.php 1 year ago params_helper.php 1 year ago payments_helper.php 1 year ago price_breakdown_helper.php 1 year ago process_jobs_helper.php 1 year ago processes_helper.php 1 year ago replacer_helper.php 1 year ago resource_helper.php 1 year ago roles_helper.php 9 months ago router_helper.php 1 year ago service_helper.php 1 year ago sessions_helper.php 1 year ago settings_helper.php 9 months ago short_links_systems_helper.php 9 months ago shortcodes_helper.php 9 months ago sms_helper.php 1 year ago steps_helper.php 9 months ago stripe_connect_helper.php 9 months ago styles_helper.php 9 months ago support_topics_helper.php 1 year ago time_helper.php 9 months ago timeline_helper.php 9 months ago transaction_helper.php 1 year ago transaction_intent_helper.php 1 year ago util_helper.php 9 months ago version_specific_updates_helper.php 9 months ago whatsapp_helper.php 1 year ago work_periods_helper.php 1 year ago wp_datetime.php 1 year ago wp_user_helper.php 1 year ago
sessions_helper.php
98 lines
1 <?php
2
3 class OsSessionsHelper {
4
5 private static $logged_in_customer_id = false;
6
7 public static function setcookie( $name, $value, $expire = 0, $secure = false, $httponly = false ) {
8 if ( ! headers_sent() ) {
9 setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, $httponly );
10 } elseif ( class_exists('Constants') && Constants::is_true( 'WP_DEBUG' ) ) {
11 headers_sent( $file, $line );
12 trigger_error( "{$name} cookie cannot be set - headers already sent by {$file} on line {$line}", E_USER_NOTICE ); // @codingStandardsIgnoreLine
13 }
14 }
15
16 public static function get_customer_session_cookie(){
17 if(isset($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE])){
18 return sanitize_text_field( wp_unslash($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE]));
19 }else{
20 return false;
21 }
22 }
23
24 public static function get_customer_token($customer_id){
25 return 'latepoint';
26 }
27
28 public static function set_customer_session_cookie( $session, $expiration, $token ) {
29 $to_hash = $session->id . '|' . $session->hash . '|' . $expiration . '|' . $token;
30 // If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
31 $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
32 $cookie_hash = hash_hmac( $algo, $to_hash, wp_hash( $to_hash ) );
33 $cookie_value = $session->id . '||' . $expiration . '||' . $cookie_hash;
34
35 if ( ! isset( $_COOKIE[ LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE ] ) || $_COOKIE[ LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE ] !== $cookie_value ) {
36 self::setcookie( LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE, $cookie_value);
37 }
38 }
39
40 public static function get_customer_id_from_session(){
41 if(self::$logged_in_customer_id) return self::$logged_in_customer_id;
42 $cookie = self::get_customer_session_cookie();
43 if(!$cookie) return false;
44 list($session_id, $expiration, $cookie_hash) = explode('||', $cookie);
45 if(!isset($session_id) || !is_numeric($session_id) || !isset($expiration) || !isset($cookie_hash)) return false;
46 $session = new OsSessionModel($session_id);
47 if(!$session) return false;
48
49 $token = self::get_customer_token($session->session_key);
50
51 $to_hash = $session->id . '|' . $session->hash . '|' . $expiration . '|' . $token;
52
53 $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
54 $control_hash = hash_hmac( $algo, $to_hash, wp_hash( $to_hash ) );
55 // check if the cookie was altered by malicious user
56 if($control_hash != $cookie_hash){
57 OsAuthHelper::logout_customer();
58 self::destroy_customer_session_cookie();
59 return false;
60 }else{
61 self::$logged_in_customer_id = $session->session_key;
62 return self::$logged_in_customer_id;
63 }
64 }
65
66 public static function start_or_use_session_for_customer($customer_id){
67 // find existing session for the customer
68 $session_model = new OsSessionModel();
69 $session = $session_model->where(['session_key' => $customer_id])->set_limit(1)->get_results_as_models();
70 $token = self::get_customer_token($customer_id);
71 if($session){
72 // expired session, renew
73 if($session->expiration < time()){
74 $session->expiration = time() + 2 * DAY_IN_SECONDS;
75 $session->save();
76 }
77 }else{
78 $session = new OsSessionModel();
79 $session->session_key = $customer_id;
80 $session->expiration = time() + 2 * DAY_IN_SECONDS;
81 $session->session_value = maybe_serialize([]);
82 $session->hash = wp_generate_password(20, false, false);
83 $session->save();
84 }
85 self::set_customer_session_cookie($session, $session->expiration, $token);
86 self::$logged_in_customer_id = $customer_id;
87 }
88
89 public static function destroy_customer_session_cookie() {
90 self::$logged_in_customer_id = false;
91 if (isset($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE])) {
92 unset($_COOKIE[LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE]);
93 setcookie(LATEPOINT_CUSTOMER_LOGGED_IN_COOKIE, '', time() - 3600, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN);
94 }
95 }
96
97
98 }