PluginProbe ʕ •ᴥ•ʔ
Superb Addons: Blocks, Patterns, Pre-built Pages, Sliders, Popups, Free Forms, Animations & More / 4.0.0
Superb Addons: Blocks, Patterns, Pre-built Pages, Sliders, Popups, Free Forms, Animations & More v4.0.0
4.0.7 4.0.6 4.0.5 4.0.4 4.0.3 4.0.2 4.0.1 4.0.0 trunk 1.0.0 2.0.0 2.0.1 2.0.2 2.0.3 3.0 3.0.1 3.0.2 3.0.5 3.0.6 3.0.7 3.0.8 3.0.9 3.1.0 3.1.2 3.1.3 3.2.0 3.2.1 3.2.2 3.2.4 3.2.5 3.2.7 3.2.8 3.2.9 3.3.0 3.3.1 3.3.2 3.4.0 3.4.1 3.4.2 3.4.5 3.4.6 3.5.0 3.5.1 3.5.2 3.5.3 3.5.4 3.5.6 3.5.7 3.5.8 3.5.9 3.6.0 3.6.1 3.6.2 3.7.0 3.7.1
superb-blocks / src / gutenberg / form / class-form-encryption.php
superb-blocks / src / gutenberg / form Last commit date
class-form-access-control.php 2 months ago class-form-captcha-handler.php 2 months ago class-form-controller.php 2 months ago class-form-email-config-check.php 2 months ago class-form-email-handler.php 2 months ago class-form-encryption.php 2 months ago class-form-exporter.php 2 months ago class-form-field-validator.php 2 months ago class-form-file-handler.php 2 months ago class-form-google-auth.php 2 months ago class-form-integration-handler.php 2 months ago class-form-math-parser.php 2 months ago class-form-permissions.php 2 months ago class-form-registry.php 2 months ago class-form-settings.php 2 months ago class-form-submission-cpt.php 2 months ago class-form-submission-handler.php 2 months ago
class-form-encryption.php
112 lines
1 <?php
2
3 namespace SuperbAddons\Gutenberg\Form;
4
5 defined('ABSPATH') || exit();
6
7 class FormEncryption
8 {
9 const PREFIX = 'spbenc:';
10
11 /**
12 * Derive a 32-byte key for a specific purpose.
13 * Separate purposes (encrypt vs hmac) get separate keys.
14 *
15 * @param string $purpose
16 * @return string 32 raw bytes
17 */
18 private static function DeriveKey($purpose)
19 {
20 return hash('sha256', $purpose . AUTH_KEY . AUTH_SALT, true);
21 }
22
23 /**
24 * Check if the OpenSSL extension is available.
25 *
26 * @return bool
27 */
28 public static function IsAvailable()
29 {
30 return function_exists('openssl_encrypt');
31 }
32
33 /**
34 * Encrypt a plaintext string.
35 * Returns a prefixed base64 string, or the original plaintext
36 * if encryption is unavailable or the value is empty.
37 *
38 * @param string $plaintext
39 * @return string
40 */
41 public static function Encrypt($plaintext)
42 {
43 if (!self::IsAvailable() || $plaintext === '') {
44 return $plaintext;
45 }
46
47 $enc_key = self::DeriveKey('encrypt');
48 $mac_key = self::DeriveKey('hmac');
49 $iv = openssl_random_pseudo_bytes(16);
50 $ciphertext = openssl_encrypt($plaintext, 'aes-256-cbc', $enc_key, OPENSSL_RAW_DATA, $iv);
51
52 if ($ciphertext === false) {
53 return $plaintext;
54 }
55
56 $hmac = hash_hmac('sha256', $iv . $ciphertext, $mac_key, true);
57
58 return self::PREFIX . base64_encode($hmac . $iv . $ciphertext);
59 }
60
61 /**
62 * Decrypt an encrypted value.
63 * Returns the plaintext, or false on verification/decryption failure.
64 * If the value is not encrypted (no prefix), returns it as-is for backwards compat.
65 *
66 * @param string $encoded
67 * @return string|false
68 */
69 public static function Decrypt($encoded)
70 {
71 if (!self::IsEncrypted($encoded)) {
72 return $encoded;
73 }
74
75 if (!self::IsAvailable()) {
76 return false;
77 }
78
79 $data = base64_decode(substr($encoded, strlen(self::PREFIX)));
80 if ($data === false || strlen($data) < 49) { // 32 hmac + 16 iv + 1 min ciphertext
81 return false;
82 }
83
84 $hmac = substr($data, 0, 32);
85 $iv = substr($data, 32, 16);
86 $ciphertext = substr($data, 48);
87
88 $mac_key = self::DeriveKey('hmac');
89 $calc_hmac = hash_hmac('sha256', $iv . $ciphertext, $mac_key, true);
90
91 if (!hash_equals($hmac, $calc_hmac)) {
92 return false;
93 }
94
95 $enc_key = self::DeriveKey('encrypt');
96 $plaintext = openssl_decrypt($ciphertext, 'aes-256-cbc', $enc_key, OPENSSL_RAW_DATA, $iv);
97
98 return $plaintext !== false ? $plaintext : false;
99 }
100
101 /**
102 * Check if a value has the encryption prefix.
103 *
104 * @param string $value
105 * @return bool
106 */
107 public static function IsEncrypted($value)
108 {
109 return is_string($value) && strpos($value, self::PREFIX) === 0;
110 }
111 }
112