PluginProbe ʕ •ᴥ•ʔ
SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments / 2.31.3
SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments v2.31.3
4.4.1 4.4.0 4.3.3 4.3.2 4.3.1 4.3.0 4.2.3 4.2.2 4.2.1 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.10 1.1.11 1.1.12 1.1.13 1.1.14 1.1.15 1.1.16 1.1.17 1.1.18 1.1.19 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 1.1.8 1.1.9 1.10.0 1.10.1 1.10.2 1.10.3 1.10.4 1.11.0 1.11.1 1.11.2 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.7.0 1.7.1 1.7.2 1.8.0 1.8.1 1.8.2 1.8.3 1.8.4 1.8.5 1.9.0 1.9.1 1.9.2 1.9.3 1.9.4 1.9.5 2.0.0 2.0.1 2.1.0 2.1.1 2.1.2 2.1.3 2.1.4 2.10.0 2.10.1 2.11.0 2.11.1 2.11.2 2.11.3 2.11.4 2.12.0 2.13.0 2.14.0 2.14.1 2.15.0 2.15.1 2.16.0 2.16.1 2.16.2 2.16.3 2.17.0 2.17.1 2.17.2 2.18.0 2.19.0 2.19.2 2.19.3 2.19.4 2.2.0 2.2.1 2.20.0 2.20.1 2.20.2 2.20.3 2.20.4 2.20.5 2.20.6 2.21.0 2.22.0 2.22.1 2.23.0 2.24.0 2.25.0 2.25.1 2.25.2 2.26.0 2.27.0 2.27.1 2.28.0 2.29.0 2.29.1 2.29.2 2.29.3 2.29.4 2.3.0 2.3.1 2.30.0 2.31.0 2.31.1 2.31.2 2.31.3 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.40.0 2.40.1 2.5.0 2.5.1 2.5.2 2.6.0 2.6.1 2.6.2 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.8.0 2.8.1 2.8.2 2.8.3 2.8.4 2.9.0 3.0.0 3.0.0-RC1 3.0.0-RC2 3.0.0-beta1 3.0.0-beta2 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.10.0 3.10.1 3.11.0 3.12.0 3.13.0 3.13.1 3.13.2 3.13.3 3.13.4 3.14.0 3.15.0 3.15.1 3.15.2 3.15.3 3.15.4 3.15.5 3.16.0 3.16.1 3.16.2 3.16.3 3.16.4 3.16.5 3.16.6 3.16.7 3.16.8 3.17.0 3.17.1 3.17.2 3.17.3 3.17.4 3.17.5 3.17.6 3.18.0 3.19.0 3.19.1 3.19.2 3.2.0 3.2.1 3.2.2 3.20.0 3.20.1 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.4.3 3.5.0 3.5.1 3.5.2 3.5.3 3.6.0 3.6.1 3.6.2 3.7.0 3.7.1 3.7.2 3.7.3 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.9.0 4.0.0 4.0.1 4.0.2 4.0.3 trunk 4.1.0 0.2.19.1 4.1.1 1.0.0 4.2.0 1.0.1 1.0.2
surecart / app / src / Support / Encryption.php
surecart / app / src / Support Last commit date
Blocks 1 year ago Contracts 1 year ago Errors 1 year ago Scripts 2 years ago Arrays.php 3 years ago ColorService.php 3 years ago Currency.php 1 year ago Encryption.php 3 years ago Server.php 2 years ago TimeDate.php 2 years ago Translations.php 3 years ago URL.php 2 years ago UtilityService.php 3 years ago UtilityServiceProvider.php 3 years ago kses.json 1 year ago
Encryption.php
158 lines
1 <?php
2 /**
3 * Based on the code from the following packages:
4 * Class Google\Site_Kit\Core\Storage\Data_Encryption
5 *
6 * @package Google\Site_Kit
7 * @copyright 2019 Google LLC
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://sitekit.withgoogle.com
10 */
11
12 namespace SureCart\Support;
13
14 /**
15 * Class responsible for encrypting and decrypting data.
16 *
17 * @since 1.0.0
18 * @access private
19 * @ignore
20 */
21 class Encryption {
22 /**
23 * Key to use for encryption.
24 *
25 * @since 1.0.0
26 * @var string
27 */
28 private $key;
29
30 /**
31 * Salt to use for encryption.
32 *
33 * @since 1.0.0
34 * @var string
35 */
36 private $salt;
37
38 /**
39 * Constructor.
40 *
41 * @since 1.0.0
42 */
43 final public function __construct() {
44 $this->key = $this->getDefaultKey();
45 $this->salt = $this->getDefaultSalt();
46 }
47
48 /**
49 * Encrypts a value.
50 *
51 * If a user-based key is set, that key is used. Otherwise the default key is used.
52 *
53 * @since 1.0.0
54 *
55 * @param string $value Value to encrypt.
56 * @return string|bool Encrypted value, or false on failure.
57 */
58 protected function encrypt( $value ) {
59 if ( ! extension_loaded( 'openssl' ) ) {
60 return $value;
61 }
62
63 $method = 'aes-256-ctr';
64 $ivlen = openssl_cipher_iv_length( $method );
65 $iv = openssl_random_pseudo_bytes( $ivlen );
66
67 $raw_value = openssl_encrypt( $value . $this->salt, $method, $this->key, 0, $iv );
68 if ( ! $raw_value ) {
69 return false;
70 }
71
72 return base64_encode( $iv . $raw_value ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
73 }
74
75 /**
76 * Decrypts a value.
77 *
78 * If a user-based key is set, that key is used. Otherwise the default key is used.
79 *
80 * @since 1.0.0
81 *
82 * @param string $raw_value Value to decrypt.
83 * @return string|bool Decrypted value, or false on failure.
84 */
85 protected function decrypt( $raw_value ) {
86 if ( ! extension_loaded( 'openssl' ) ) {
87 return $raw_value;
88 }
89
90 $raw_value = base64_decode( $raw_value, true ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
91
92 $method = 'aes-256-ctr';
93 $ivlen = openssl_cipher_iv_length( $method );
94 $iv = substr( $raw_value, 0, $ivlen );
95
96 $raw_value = substr( $raw_value, $ivlen );
97
98 $value = openssl_decrypt( $raw_value, $method, $this->key, 0, $iv );
99 if ( ! $value || substr( $value, - strlen( $this->salt ) ) !== $this->salt ) {
100 return false;
101 }
102
103 return substr( $value, 0, - strlen( $this->salt ) );
104 }
105
106 /**
107 * Gets the default encryption key to use.
108 *
109 * @since 1.0.0
110 *
111 * @return string Default (not user-based) encryption key.
112 */
113 protected function getDefaultKey() {
114 if ( defined( 'SURECART_ENCRYPTION_KEY' ) && '' !== SURECART_ENCRYPTION_KEY ) {
115 return SURECART_ENCRYPTION_KEY;
116 }
117
118 if ( defined( 'LOGGED_IN_KEY' ) && '' !== LOGGED_IN_KEY ) {
119 return LOGGED_IN_KEY;
120 }
121
122 // If this is reached, you're either not on a live site or have a serious security issue.
123 return 'there-is-no-default-key-for-encryption';
124 }
125
126 /**
127 * Gets the default encryption salt to use.
128 *
129 * @since 1.0.0
130 *
131 * @return string Encryption salt.
132 */
133 private function getDefaultSalt() {
134 if ( defined( 'SURECART_ENCRYPTION_SALT' ) && '' !== SURECART_ENCRYPTION_SALT ) {
135 return SURECART_ENCRYPTION_SALT;
136 }
137
138 if ( defined( 'LOGGED_IN_SALT' ) && '' !== LOGGED_IN_SALT ) {
139 return LOGGED_IN_SALT;
140 }
141
142 // If this is reached, you're either not on a live site or have a serious security issue.
143 return 'there-is-no-default-salt-for-encryption';
144 }
145
146 /**
147 * Static Facade Accessor
148 *
149 * @param string $method Method to call.
150 * @param mixed $params Method params.
151 *
152 * @return mixed
153 */
154 public static function __callStatic( $method, $params ) {
155 return call_user_func_array( [ new static(), $method ], $params );
156 }
157 }
158