HEX
Server: Apache
System: Linux 162-240-236-42.bluehost.com 3.10.0-1160.114.2.el7.x86_64 #1 SMP Wed Mar 20 15:54:52 UTC 2024 x86_64
User: bt667 (1004)
PHP: 8.2.29
Disabled: NONE
$ pwd: /home/bt667/www/wp-content/plugins/easy-digital-downloads/includes/utils/
Upload Files
File: /home/bt667/www/wp-content/plugins/easy-digital-downloads/includes/utils/class-tokenizer.php
<?php
/**
 * Tokenizer
 *
 * A class for generating tokens as an alternative to nonce verification.
 * This is designed to work a little better with full page caching.
 *
 * @package   easy-digital-downloads
 * @copyright Copyright (c) 2021, Sandhills Development, LLC
 * @license   GPL2+
 * @since     2.11
 */

namespace EDD\Utils;

class Tokenizer {

	/**
	 * @var mixed Data to tokenize.
	 */
	private $data;

	/**
	 * Tokenizer constructor.
	 *
	 * @param string|int|float $data Data to be tokenized.
	 */
	public function __construct( $data ) {
		$this->data = $data;
	}

	/**
	 * Retrieves the signing key.
	 *
	 * @since 2.11
	 *
	 * @return string
	 */
	private function get_signing_key() {
		$key = get_option( 'edd_tokenizer_signing_key' );
		if ( empty( $key ) ) {
			$key = $this->generate_and_save_signing_key();
		}

		return $key;
	}

	/**
	 * Generates and saves a new signing key.
	 *
	 * @since 2.11
	 *
	 * @return string
	 */
	private function generate_and_save_signing_key() {
		if ( function_exists( 'random_bytes' ) ) {
			try {
				$key = bin2hex( random_bytes( 32 ) );
			} catch ( \Exception $e ) {
				// If this failed for some reason, we'll generate using the fallback below.
			}
		}

		if ( empty( $key ) ) {
			$key = function_exists( 'openssl_random_pseudo_bytes' ) ? bin2hex( openssl_random_pseudo_bytes( 32 ) ) : md5( uniqid() );
		}

		update_option( 'edd_tokenizer_signing_key', $key );

		return $key;
	}

	/**
	 * Generates a token from the data.
	 *
	 * @since 2.11
	 *
	 * @return string|false
	 */
	public function generate_token() {
		return hash_hmac( 'sha256', $this->data, $this->get_signing_key() );
	}

	/**
	 * Determines whether or not the supplied token is valid for the
	 * supplied data.
	 *
	 * @since 2.11
	 *
	 * @param string           $token Token to check.
	 * @param string|int|float $data  Data that's been tokenized.
	 *
	 * @return bool
	 */
	public static function is_token_valid( $token, $data ) {
		$real_token = self::tokenize( $data );

		return hash_equals( $token, $real_token );
	}

	/**
	 * Generates a token for the supplied data.
	 *
	 * @since 2.11
	 *
	 * @param string|int|float $data
	 *
	 * @return string|false
	 */
	public static function tokenize( $data ) {
		$generator = new Tokenizer( $data );

		return $generator->generate_token();
	}

}
@ Telegram