<?php

[0] Fix | Delete

[1] Fix | Delete

if ( ! class_exists( 'PPW_Entire_Site_Services' ) ) {

[2] Fix | Delete

class PPW_Entire_Site_Services {

[3] Fix | Delete

/**

[4] Fix | Delete

* Auth cookie

[5] Fix | Delete

*

[6] Fix | Delete

* @return bool

[7] Fix | Delete

*/

[8] Fix | Delete

function validate_auth_cookie_entire_site() {

[9] Fix | Delete

$cookie_elements = $this->parse_cookie_entire_site();

[10] Fix | Delete

if ( false === $cookie_elements ) {

[11] Fix | Delete

return false;

[12] Fix | Delete

}

[13] Fix | Delete

[14] Fix | Delete

if ( (int) $cookie_elements[1] < time() ) {

[15] Fix | Delete

return false;

[16] Fix | Delete

}

[17] Fix | Delete

[18] Fix | Delete

$password = ppw_core_get_setting_entire_site_type_string( PPW_Constants::PASSWORD_ENTIRE_SITE );

[19] Fix | Delete

//$hash = hash_hmac( 'md5', PPW_Constants::ENTIRE_SITE_COOKIE_NAME, $password );

[20] Fix | Delete

$hash = hash_hmac( 'md5', PPW_Constants::COOKIE_EXPIRED_SITEWIDE, $password );

[21] Fix | Delete

[22] Fix | Delete

return $cookie_elements[0] === $hash;

[23] Fix | Delete

}

[24] Fix | Delete

[25] Fix | Delete

/**

[26] Fix | Delete

* Parse cookie

[27] Fix | Delete

*

[28] Fix | Delete

* @return array|bool

[29] Fix | Delete

*/

[30] Fix | Delete

function parse_cookie_entire_site() {

[31] Fix | Delete

$_cookie = wp_unslash( $_COOKIE );

[32] Fix | Delete

//$cookie_name = PPW_Constants::ENTIRE_SITE_COOKIE_NAME;

[33] Fix | Delete

$cookie_name = PPW_Constants::COOKIE_EXPIRED_SITEWIDE;

[34] Fix | Delete

if ( empty( $_cookie[ $cookie_name ] ) ) {

[35] Fix | Delete

return false;

[36] Fix | Delete

}

[37] Fix | Delete

[38] Fix | Delete

$cookie = $_cookie[ $cookie_name ];

[39] Fix | Delete

$cookie_elements = explode( '|', $cookie );

[40] Fix | Delete

if ( count( $cookie_elements ) !== 2 ) {

[41] Fix | Delete

return false;

[42] Fix | Delete

}

[43] Fix | Delete

[44] Fix | Delete

return $cookie_elements;

[45] Fix | Delete

}

[46] Fix | Delete

[47] Fix | Delete

/**

[48] Fix | Delete

* Check is valid password

[49] Fix | Delete

*

[50] Fix | Delete

* @param $password

[51] Fix | Delete

*

[52] Fix | Delete

* @return bool

[53] Fix | Delete

*/

[54] Fix | Delete

public function entire_site_is_valid_password( $password ) {

[55] Fix | Delete

$_request = wp_unslash( $_REQUEST ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Processing form data without nonce verification. - Not verify nonce for password validate.

[56] Fix | Delete

if ( ! isset( $_request['input_wp_protect_password'] ) ) {

[57] Fix | Delete

return false;

[58] Fix | Delete

}

[59] Fix | Delete

[60] Fix | Delete

$password_input = $_request['input_wp_protect_password'];

[61] Fix | Delete

[62] Fix | Delete

$validated = md5( $password_input ) === $password;

[63] Fix | Delete

[64] Fix | Delete

return apply_filters( 'ppw_sitewide_valid_password', $validated );

[65] Fix | Delete

}

[66] Fix | Delete

[67] Fix | Delete

/**

[68] Fix | Delete

* Set password to cookie

[69] Fix | Delete

*

[70] Fix | Delete

* @param string $password Password.

[71] Fix | Delete

*/

[72] Fix | Delete

public function entire_site_set_password_to_cookie( $password ) {

[73] Fix | Delete

$expiration = time() + 7 * DAY_IN_SECONDS;

[74] Fix | Delete

$cookie_expired = ppw_core_get_setting_type_string_sitewide( PPW_Constants::COOKIE_EXPIRED_SITEWIDE );

[75] Fix | Delete

if ( ! empty( $cookie_expired ) ) {

[76] Fix | Delete

$time = explode( ' ', $cookie_expired )[0];

[77] Fix | Delete

$unit = ppw_core_get_unit_time( $cookie_expired );

[78] Fix | Delete

if ( 0 !== $unit ) {

[79] Fix | Delete

$expiration = time() + (int) $time * $unit;

[80] Fix | Delete

}

[81] Fix | Delete

}

[82] Fix | Delete

[83] Fix | Delete

//$hash = hash_hmac( 'md5', PPW_Constants::ENTIRE_SITE_COOKIE_NAME, $password );

[84] Fix | Delete

$hash = hash_hmac( 'md5', PPW_Constants::COOKIE_EXPIRED_SITEWIDE, $password );

[85] Fix | Delete

$cookie = $hash . '|' . $expiration;

[86] Fix | Delete

$expiration = apply_filters( 'ppw_sitewide_cookie_expiration', $expiration, $password );

[87] Fix | Delete

ppw_free_bypass_cache_with_cookie_for_pro_version( $cookie, $expiration );

[88] Fix | Delete

//setcookie( PPW_Constants::ENTIRE_SITE_COOKIE_NAME, $cookie, $expiration, COOKIEPATH, COOKIE_DOMAIN );

[89] Fix | Delete

setcookie( PPW_Constants::COOKIE_EXPIRED_SITEWIDE, $cookie, $expiration, COOKIEPATH, COOKIE_DOMAIN );

[90] Fix | Delete

}

[91] Fix | Delete

[92] Fix | Delete

/**

[93] Fix | Delete

* Redirect after enter password

[94] Fix | Delete

*/

[95] Fix | Delete

public function entire_site_redirect_after_enter_password() {

[96] Fix | Delete

// Can get the HTTP_REFERER first as the redirect URL that:

[97] Fix | Delete

// Fixes the private link redirection belonged to PPP Pro.

[98] Fix | Delete

$_server = wp_unslash( $_SERVER );

[99] Fix | Delete

if ( ! empty( $_server['HTTP_REFERER'] ) ) {

[100] Fix | Delete

$current_url = $_server['HTTP_REFERER'];

[101] Fix | Delete

} else {

[102] Fix | Delete

global $wp;

[103] Fix | Delete

$current_url = add_query_arg( $wp->query_string, '', home_url( $wp->request ) );

[104] Fix | Delete

}

[105] Fix | Delete

[106] Fix | Delete

// TODO: consider to user wp_safe_redirect.

[107] Fix | Delete

wp_redirect( $current_url );

[108] Fix | Delete

}

[109] Fix | Delete

[110] Fix | Delete

/**

[111] Fix | Delete

* Handle before update settings for entire site

[112] Fix | Delete

*

[113] Fix | Delete

* @param $data_settings

[114] Fix | Delete

*

[115] Fix | Delete

* @return bool

[116] Fix | Delete

*/

[117] Fix | Delete

public function handle_before_update_settings( $data_settings ) {

[118] Fix | Delete

[119] Fix | Delete

if ( array_key_exists( PPW_Constants::IS_PROTECT_ENTIRE_SITE, $data_settings ) && $data_settings[ PPW_Constants::IS_PROTECT_ENTIRE_SITE ] === "true" ) {

[120] Fix | Delete

// Create new password

[121] Fix | Delete

if ( ! array_key_exists( PPW_Constants::SET_NEW_PASSWORD_ENTIRE_SITE, $data_settings ) ) {

[122] Fix | Delete

return $this->create_new_password( $data_settings );

[123] Fix | Delete

}

[124] Fix | Delete

[125] Fix | Delete

// Change password

[126] Fix | Delete

if ( array_key_exists( PPW_Constants::SET_NEW_PASSWORD_ENTIRE_SITE, $data_settings ) && $data_settings[ PPW_Constants::SET_NEW_PASSWORD_ENTIRE_SITE ] === "true" ) {

[127] Fix | Delete

return $this->change_password( $data_settings );

[128] Fix | Delete

}

[129] Fix | Delete

[130] Fix | Delete

if ( array_key_exists( PPW_Constants::COOKIE_EXPIRED_SITEWIDE, $data_settings ) ) {

[131] Fix | Delete

$password_for_website = ppw_core_get_setting_entire_site_type_string(PPW_Constants::PASSWORD_ENTIRE_SITE);

[132] Fix | Delete

$data_settings[PPW_Constants::PASSWORD_ENTIRE_SITE] = $password_for_website;

[133] Fix | Delete

// Update sitewide expiration cookies

[134] Fix | Delete

update_option( PPW_Constants::ENTIRE_SITE_OPTIONS, $data_settings );

[135] Fix | Delete

}

[136] Fix | Delete

// Don't change password

[137] Fix | Delete

return true;

[138] Fix | Delete

}

[139] Fix | Delete

[140] Fix | Delete

[141] Fix | Delete

[142] Fix | Delete

// Unprotect entire site

[143] Fix | Delete

return delete_option( PPW_Constants::ENTIRE_SITE_OPTIONS );

[144] Fix | Delete

}

[145] Fix | Delete

[146] Fix | Delete

/**

[147] Fix | Delete

* Create new password entire site

[148] Fix | Delete

*

[149] Fix | Delete

* @param $data_settings

[150] Fix | Delete

*

[151] Fix | Delete

* @return bool

[152] Fix | Delete

*/

[153] Fix | Delete

public function create_new_password( $data_settings ) {

[154] Fix | Delete

$data_settings[ PPW_Constants::PASSWORD_ENTIRE_SITE ] = md5( $data_settings[ PPW_Constants::PASSWORD_ENTIRE_SITE ] );

[155] Fix | Delete

update_option( PPW_Constants::ENTIRE_SITE_OPTIONS, $data_settings );

[156] Fix | Delete

[157] Fix | Delete

return true;

[158] Fix | Delete

}

[159] Fix | Delete

[160] Fix | Delete

/**

[161] Fix | Delete

* Change password entire site

[162] Fix | Delete

*

[163] Fix | Delete

* @param $data_settings

[164] Fix | Delete

*

[165] Fix | Delete

* @return bool

[166] Fix | Delete

*/

[167] Fix | Delete

public function change_password( $data_settings ) {

[168] Fix | Delete

$data_settings[ PPW_Constants::PASSWORD_ENTIRE_SITE ] = md5( $data_settings[ PPW_Constants::PASSWORD_ENTIRE_SITE ] );

[169] Fix | Delete

unset( $data_settings[ PPW_Constants::SET_NEW_PASSWORD_ENTIRE_SITE ] );

[170] Fix | Delete

update_option( PPW_Constants::ENTIRE_SITE_OPTIONS, $data_settings );

[171] Fix | Delete

[172] Fix | Delete

return true;

[173] Fix | Delete

}

[174] Fix | Delete

}

[175] Fix | Delete

}

[176] Fix | Delete

[177] Fix | Delete