EasyDigitalDownloads
3 years ago
Elementor
2 years ago
Integrations
3 years ago
MemberPress
2 years ago
Plugins
2 years ago
Promos
3 years ago
Rules
2 years ago
Shortcodes
2 years ago
WPForms
3 years ago
WooCommerce
2 years ago
Actions.php
2 years ago
Ajax.php
4 years ago
Api.php
2 years ago
ApiAuth.php
4 years ago
ApiKey.php
2 years ago
AssetLoader.php
5 years ago
BaseRestApi.php
3 years ago
Blocks.php
2 years ago
ClassicEditor.php
3 years ago
ConstantContact.php
4 years ago
Debug.php
4 years ago
EasyDigitalDownloads.php
3 years ago
Elementor.php
3 years ago
Inserter.php
3 years ago
InstallSkin.php
5 years ago
InstallSkinCompat.php
5 years ago
MailPoet.php
4 years ago
MemberPress.php
2 years ago
Menu.php
2 years ago
Notifications.php
3 years ago
OmuApi.php
4 years ago
Output.php
2 years ago
Pages.php
2 years ago
Partners.php
2 years ago
Plugins.php
3 years ago
Promos.php
3 years ago
Refresh.php
2 years ago
RestApi.php
2 years ago
RevenueAttribution.php
4 years ago
Review.php
4 years ago
Rules.php
3 years ago
Save.php
2 years ago
Shortcode.php
4 years ago
Sites.php
2 years ago
Support.php
3 years ago
Type.php
3 years ago
Urls.php
2 years ago
Utils.php
3 years ago
Validate.php
4 years ago
WPForms.php
2 years ago
Welcome.php
4 years ago
Widget.php
4 years ago
WooCommerce.php
2 years ago
Wordfence.php
3 years ago
WpErrorException.php
5 years ago
ApiAuth.php
125 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Api Auth class. |
| 4 | * |
| 5 | * @since 2.6.5 |
| 6 | * |
| 7 | * @package OMAPI |
| 8 | * @author Justin Sternberg |
| 9 | */ |
| 10 | |
| 11 | // Exit if accessed directly. |
| 12 | if ( ! defined( 'ABSPATH' ) ) { |
| 13 | exit; |
| 14 | } |
| 15 | |
| 16 | /** |
| 17 | * Api Auth class. |
| 18 | * |
| 19 | * @since 2.6.5 |
| 20 | */ |
| 21 | class OMAPI_ApiAuth { |
| 22 | |
| 23 | /** |
| 24 | * Get the auth token from the DB.. |
| 25 | * |
| 26 | * @since 2.6.5 |
| 27 | * |
| 28 | * @return array Auth token array. |
| 29 | */ |
| 30 | public static function get_token() { |
| 31 | return get_option( |
| 32 | 'optinmonster_site_token', |
| 33 | array( |
| 34 | 'expires' => 0, |
| 35 | 'tt' => '', |
| 36 | ) |
| 37 | ); |
| 38 | } |
| 39 | |
| 40 | /** |
| 41 | * Check if token exists in DB. |
| 42 | * |
| 43 | * @since 2.6.5 |
| 44 | * |
| 45 | * @return boolean Whether it exists. |
| 46 | */ |
| 47 | public static function has_token() { |
| 48 | $token = self::get_token(); |
| 49 | |
| 50 | return ! empty( $token['expires'] ) && ! empty( $token['tt'] ); |
| 51 | } |
| 52 | |
| 53 | /** |
| 54 | * Get the tt value from the auth token (or generate the auth token). |
| 55 | * |
| 56 | * @since 2.6.5 |
| 57 | * |
| 58 | * @return string The tt value from the auth token. |
| 59 | */ |
| 60 | public static function get_tt() { |
| 61 | $token = self::get_token(); |
| 62 | |
| 63 | if ( empty( $token['tt'] ) ) { |
| 64 | |
| 65 | // if TT is empty, generate a new one, save it and then return it. |
| 66 | $token = array( |
| 67 | 'expires' => time() + ( 2 * MINUTE_IN_SECONDS ), |
| 68 | 'tt' => self::generate_tt(), |
| 69 | ); |
| 70 | update_option( 'optinmonster_site_token', $token ); |
| 71 | } |
| 72 | |
| 73 | return $token['tt']; |
| 74 | } |
| 75 | |
| 76 | /** |
| 77 | * Generate the tt value (long random string). |
| 78 | * |
| 79 | * @since 2.6.5 |
| 80 | * |
| 81 | * @return string Tt value. |
| 82 | */ |
| 83 | public static function generate_tt() { |
| 84 | return hash( 'sha512', wp_generate_password( 128, true, true ) . AUTH_SALT . uniqid( '', true ) ); |
| 85 | } |
| 86 | |
| 87 | /** |
| 88 | * Validate whether given tt value matches auth token tt value, |
| 89 | * and whether the auth token has expired. |
| 90 | * |
| 91 | * @since 2.6.5 |
| 92 | * |
| 93 | * @param string $passed_tt The tt value to validate. |
| 94 | * |
| 95 | * @return bool Whether tt value is validated with the token. |
| 96 | */ |
| 97 | public static function validate_token( $passed_tt = '' ) { |
| 98 | if ( empty( $passed_tt ) ) { |
| 99 | return false; |
| 100 | } |
| 101 | |
| 102 | $token = self::get_token(); |
| 103 | if ( empty( $token ) ) { |
| 104 | return false; |
| 105 | } |
| 106 | |
| 107 | $expired = ! empty( $token['expires'] ) ? $token['expires'] < time() : true; |
| 108 | $tt = ! empty( $token['tt'] ) ? $token['tt'] : ''; |
| 109 | $matches = hash_equals( $tt, $passed_tt ); |
| 110 | |
| 111 | return $matches && ! $expired; |
| 112 | } |
| 113 | |
| 114 | /** |
| 115 | * Delete the auth token. |
| 116 | * |
| 117 | * @since 2.6.5 |
| 118 | * |
| 119 | * @return bool True if the option was deleted, false otherwise. |
| 120 | */ |
| 121 | public static function delete_token() { |
| 122 | return delete_option( 'optinmonster_site_token' ); |
| 123 | } |
| 124 | } |
| 125 |