AyeCode /
invoicing
@@ -14,125 +14,125 @@ discard block |
||
| 14 | 14 | */ |
| 15 | 15 | class WPInv_Session_Handler extends WPInv_Session { |
| 16 | 16 | |
| 17 | - /** |
|
| 18 | - * Cookie name used for the session. |
|
| 19 | - * |
|
| 20 | - * @var string cookie name |
|
| 21 | - */ |
|
| 22 | - protected $_cookie; |
|
| 23 | - |
|
| 24 | - /** |
|
| 25 | - * Stores session expiry. |
|
| 26 | - * |
|
| 27 | - * @var int session due to expire timestamp |
|
| 28 | - */ |
|
| 29 | - protected $_session_expiring; |
|
| 30 | - |
|
| 31 | - /** |
|
| 32 | - * Stores session due to expire timestamp. |
|
| 33 | - * |
|
| 34 | - * @var string session expiration timestamp |
|
| 35 | - */ |
|
| 36 | - protected $_session_expiration; |
|
| 37 | - |
|
| 38 | - /** |
|
| 39 | - * True when the cookie exists. |
|
| 40 | - * |
|
| 41 | - * @var bool Based on whether a cookie exists. |
|
| 42 | - */ |
|
| 43 | - protected $_has_cookie = false; |
|
| 44 | - |
|
| 45 | - /** |
|
| 46 | - * Table name for session data. |
|
| 47 | - * |
|
| 48 | - * @var string Custom session table name |
|
| 49 | - */ |
|
| 50 | - protected $_table; |
|
| 51 | - |
|
| 52 | - /** |
|
| 53 | - * Constructor for the session class. |
|
| 54 | - */ |
|
| 55 | - public function old__construct() { |
|
| 56 | - |
|
| 57 | - $this->_cookie = apply_filters( 'wpinv_cookie', 'wpinv_session_' . COOKIEHASH ); |
|
| 17 | + /** |
|
| 18 | + * Cookie name used for the session. |
|
| 19 | + * |
|
| 20 | + * @var string cookie name |
|
| 21 | + */ |
|
| 22 | + protected $_cookie; |
|
| 23 | + |
|
| 24 | + /** |
|
| 25 | + * Stores session expiry. |
|
| 26 | + * |
|
| 27 | + * @var int session due to expire timestamp |
|
| 28 | + */ |
|
| 29 | + protected $_session_expiring; |
|
| 30 | + |
|
| 31 | + /** |
|
| 32 | + * Stores session due to expire timestamp. |
|
| 33 | + * |
|
| 34 | + * @var string session expiration timestamp |
|
| 35 | + */ |
|
| 36 | + protected $_session_expiration; |
|
| 37 | + |
|
| 38 | + /** |
|
| 39 | + * True when the cookie exists. |
|
| 40 | + * |
|
| 41 | + * @var bool Based on whether a cookie exists. |
|
| 42 | + */ |
|
| 43 | + protected $_has_cookie = false; |
|
| 44 | + |
|
| 45 | + /** |
|
| 46 | + * Table name for session data. |
|
| 47 | + * |
|
| 48 | + * @var string Custom session table name |
|
| 49 | + */ |
|
| 50 | + protected $_table; |
|
| 51 | + |
|
| 52 | + /** |
|
| 53 | + * Constructor for the session class. |
|
| 54 | + */ |
|
| 55 | + public function old__construct() { |
|
| 56 | + |
|
| 57 | + $this->_cookie = apply_filters( 'wpinv_cookie', 'wpinv_session_' . COOKIEHASH ); |
|
| 58 | 58 | add_action( 'init', array( $this, 'init' ), -1 ); |
| 59 | - add_action( 'wp_logout', array( $this, 'destroy_session' ) ); |
|
| 60 | - add_action( 'wp', array( $this, 'set_customer_session_cookie' ), 10 ); |
|
| 61 | - add_action( 'shutdown', array( $this, 'save_data' ), 20 ); |
|
| 62 | - |
|
| 63 | - } |
|
| 64 | - |
|
| 65 | - /** |
|
| 66 | - * Init hooks and session data. |
|
| 67 | - * |
|
| 68 | - * @since 3.3.0 |
|
| 69 | - */ |
|
| 70 | - public function init() { |
|
| 71 | - $this->init_session_cookie(); |
|
| 72 | - |
|
| 73 | - if ( ! is_user_logged_in() ) { |
|
| 74 | - add_filter( 'nonce_user_logged_out', array( $this, 'nonce_user_logged_out' ), 10, 2 ); |
|
| 75 | - } |
|
| 76 | - } |
|
| 77 | - |
|
| 78 | - /** |
|
| 79 | - * Setup cookie and customer ID. |
|
| 80 | - * |
|
| 81 | - * @since 3.6.0 |
|
| 82 | - */ |
|
| 83 | - public function init_session_cookie() { |
|
| 84 | - $cookie = $this->get_session_cookie(); |
|
| 85 | - |
|
| 86 | - if ( $cookie ) { |
|
| 87 | - $this->_customer_id = $cookie[0]; |
|
| 88 | - $this->_session_expiration = $cookie[1]; |
|
| 89 | - $this->_session_expiring = $cookie[2]; |
|
| 90 | - $this->_has_cookie = true; |
|
| 91 | - $this->_data = $this->get_session_data(); |
|
| 92 | - |
|
| 93 | - // If the user logs in, update session. |
|
| 94 | - if ( is_user_logged_in() && get_current_user_id() != $this->_customer_id ) { |
|
| 95 | - $this->_customer_id = get_current_user_id(); |
|
| 96 | - $this->_dirty = true; |
|
| 97 | - $this->save_data(); |
|
| 98 | - $this->set_customer_session_cookie( true ); |
|
| 99 | - } |
|
| 100 | - |
|
| 101 | - // Update session if its close to expiring. |
|
| 102 | - if ( time() > $this->_session_expiring ) { |
|
| 103 | - $this->set_session_expiration(); |
|
| 104 | - $this->update_session_timestamp( $this->_customer_id, $this->_session_expiration ); |
|
| 105 | - } |
|
| 106 | - } else { |
|
| 107 | - $this->set_session_expiration(); |
|
| 108 | - $this->_customer_id = $this->generate_customer_id(); |
|
| 109 | - $this->_data = $this->get_session_data(); |
|
| 110 | - } |
|
| 111 | - } |
|
| 112 | - |
|
| 113 | - /** |
|
| 114 | - * Sets the session cookie on-demand (usually after adding an item to the cart). |
|
| 115 | - * |
|
| 116 | - * Since the cookie name (as of 2.1) is prepended with wp, cache systems like batcache will not cache pages when set. |
|
| 117 | - * |
|
| 118 | - * Warning: Cookies will only be set if this is called before the headers are sent. |
|
| 119 | - * |
|
| 120 | - * @param bool $set Should the session cookie be set. |
|
| 121 | - */ |
|
| 122 | - public function set_customer_session_cookie( $set ) { |
|
| 123 | - if ( $set ) { |
|
| 124 | - $to_hash = $this->_customer_id . '|' . $this->_session_expiration; |
|
| 125 | - $cookie_hash = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) ); |
|
| 126 | - $cookie_value = $this->_customer_id . '||' . $this->_session_expiration . '||' . $this->_session_expiring . '||' . $cookie_hash; |
|
| 127 | - $this->_has_cookie = true; |
|
| 128 | - |
|
| 129 | - if ( ! isset( $_COOKIE[ $this->_cookie ] ) || $_COOKIE[ $this->_cookie ] !== $cookie_value ) { |
|
| 130 | - $this->setcookie( $this->_cookie, $cookie_value, $this->_session_expiration, $this->use_secure_cookie(), true ); |
|
| 131 | - } |
|
| 132 | - } |
|
| 133 | - } |
|
| 134 | - |
|
| 135 | - public function setcookie( $name, $value, $expire = 0, $secure = false, $httponly = false ) { |
|
| 59 | + add_action( 'wp_logout', array( $this, 'destroy_session' ) ); |
|
| 60 | + add_action( 'wp', array( $this, 'set_customer_session_cookie' ), 10 ); |
|
| 61 | + add_action( 'shutdown', array( $this, 'save_data' ), 20 ); |
|
| 62 | + |
|
| 63 | + } |
|
| 64 | + |
|
| 65 | + /** |
|
| 66 | + * Init hooks and session data. |
|
| 67 | + * |
|
| 68 | + * @since 3.3.0 |
|
| 69 | + */ |
|
| 70 | + public function init() { |
|
| 71 | + $this->init_session_cookie(); |
|
| 72 | + |
|
| 73 | + if ( ! is_user_logged_in() ) { |
|
| 74 | + add_filter( 'nonce_user_logged_out', array( $this, 'nonce_user_logged_out' ), 10, 2 ); |
|
| 75 | + } |
|
| 76 | + } |
|
| 77 | + |
|
| 78 | + /** |
|
| 79 | + * Setup cookie and customer ID. |
|
| 80 | + * |
|
| 81 | + * @since 3.6.0 |
|
| 82 | + */ |
|
| 83 | + public function init_session_cookie() { |
|
| 84 | + $cookie = $this->get_session_cookie(); |
|
| 85 | + |
|
| 86 | + if ( $cookie ) { |
|
| 87 | + $this->_customer_id = $cookie[0]; |
|
| 88 | + $this->_session_expiration = $cookie[1]; |
|
| 89 | + $this->_session_expiring = $cookie[2]; |
|
| 90 | + $this->_has_cookie = true; |
|
| 91 | + $this->_data = $this->get_session_data(); |
|
| 92 | + |
|
| 93 | + // If the user logs in, update session. |
|
| 94 | + if ( is_user_logged_in() && get_current_user_id() != $this->_customer_id ) { |
|
| 95 | + $this->_customer_id = get_current_user_id(); |
|
| 96 | + $this->_dirty = true; |
|
| 97 | + $this->save_data(); |
|
| 98 | + $this->set_customer_session_cookie( true ); |
|
| 99 | + } |
|
| 100 | + |
|
| 101 | + // Update session if its close to expiring. |
|
| 102 | + if ( time() > $this->_session_expiring ) { |
|
| 103 | + $this->set_session_expiration(); |
|
| 104 | + $this->update_session_timestamp( $this->_customer_id, $this->_session_expiration ); |
|
| 105 | + } |
|
| 106 | + } else { |
|
| 107 | + $this->set_session_expiration(); |
|
| 108 | + $this->_customer_id = $this->generate_customer_id(); |
|
| 109 | + $this->_data = $this->get_session_data(); |
|
| 110 | + } |
|
| 111 | + } |
|
| 112 | + |
|
| 113 | + /** |
|
| 114 | + * Sets the session cookie on-demand (usually after adding an item to the cart). |
|
| 115 | + * |
|
| 116 | + * Since the cookie name (as of 2.1) is prepended with wp, cache systems like batcache will not cache pages when set. |
|
| 117 | + * |
|
| 118 | + * Warning: Cookies will only be set if this is called before the headers are sent. |
|
| 119 | + * |
|
| 120 | + * @param bool $set Should the session cookie be set. |
|
| 121 | + */ |
|
| 122 | + public function set_customer_session_cookie( $set ) { |
|
| 123 | + if ( $set ) { |
|
| 124 | + $to_hash = $this->_customer_id . '|' . $this->_session_expiration; |
|
| 125 | + $cookie_hash = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) ); |
|
| 126 | + $cookie_value = $this->_customer_id . '||' . $this->_session_expiration . '||' . $this->_session_expiring . '||' . $cookie_hash; |
|
| 127 | + $this->_has_cookie = true; |
|
| 128 | + |
|
| 129 | + if ( ! isset( $_COOKIE[ $this->_cookie ] ) || $_COOKIE[ $this->_cookie ] !== $cookie_value ) { |
|
| 130 | + $this->setcookie( $this->_cookie, $cookie_value, $this->_session_expiration, $this->use_secure_cookie(), true ); |
|
| 131 | + } |
|
| 132 | + } |
|
| 133 | + } |
|
| 134 | + |
|
| 135 | + public function setcookie( $name, $value, $expire = 0, $secure = false, $httponly = false ) { |
|
| 136 | 136 | if ( ! headers_sent() ) { |
| 137 | 137 | setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, apply_filters( 'wpinv_cookie_httponly', $httponly, $name, $value, $expire, $secure ) ); |
| 138 | 138 | } elseif ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { |
@@ -141,86 +141,86 @@ discard block |
||
| 141 | 141 | } |
| 142 | 142 | } |
| 143 | 143 | |
| 144 | - /** |
|
| 145 | - * Should the session cookie be secure? |
|
| 146 | - * |
|
| 147 | - * @since 3.6.0 |
|
| 148 | - * @return bool |
|
| 149 | - */ |
|
| 150 | - protected function use_secure_cookie() { |
|
| 144 | + /** |
|
| 145 | + * Should the session cookie be secure? |
|
| 146 | + * |
|
| 147 | + * @since 3.6.0 |
|
| 148 | + * @return bool |
|
| 149 | + */ |
|
| 150 | + protected function use_secure_cookie() { |
|
| 151 | 151 | $is_https = false !== strstr( get_option( 'home' ), 'https:' ); |
| 152 | - return apply_filters( 'wpinv_session_use_secure_cookie', $is_https && is_ssl() ); |
|
| 153 | - } |
|
| 154 | - |
|
| 155 | - /** |
|
| 156 | - * Return true if the current user has an active session, i.e. a cookie to retrieve values. |
|
| 157 | - * |
|
| 158 | - * @return bool |
|
| 159 | - */ |
|
| 160 | - public function has_session() { |
|
| 161 | - return isset( $_COOKIE[ $this->_cookie ] ) || $this->_has_cookie || is_user_logged_in(); // @codingStandardsIgnoreLine. |
|
| 162 | - } |
|
| 163 | - |
|
| 164 | - /** |
|
| 165 | - * Set session expiration. |
|
| 166 | - */ |
|
| 167 | - public function set_session_expiration() { |
|
| 168 | - $this->_session_expiring = time() + intval( apply_filters( 'wpinv_session_expiring', 60 * 60 * 47 ) ); // 47 Hours. |
|
| 169 | - $this->_session_expiration = time() + intval( apply_filters( 'wpinv_session_expiration', 60 * 60 * 48 ) ); // 48 Hours. |
|
| 170 | - } |
|
| 171 | - |
|
| 172 | - /** |
|
| 173 | - * Generates session ids. |
|
| 174 | - * |
|
| 175 | - * @return string |
|
| 176 | - */ |
|
| 177 | - public function generate_customer_id() { |
|
| 178 | - require_once ABSPATH . 'wp-includes/class-phpass.php'; |
|
| 179 | - $hasher = new PasswordHash( 8, false ); |
|
| 180 | - return md5( $hasher->get_random_bytes( 32 ) ); |
|
| 181 | - } |
|
| 182 | - |
|
| 183 | - /** |
|
| 184 | - * Get the session cookie, if set. Otherwise return false. |
|
| 185 | - * |
|
| 186 | - * Session cookies without a customer ID are invalid. |
|
| 187 | - * |
|
| 188 | - * @return bool|array |
|
| 189 | - */ |
|
| 190 | - public function get_session_cookie() { |
|
| 191 | - $cookie_value = isset( $_COOKIE[ $this->_cookie ] ) ? wp_unslash( $_COOKIE[ $this->_cookie ] ) : false; // @codingStandardsIgnoreLine. |
|
| 192 | - |
|
| 193 | - if ( empty( $cookie_value ) || ! is_string( $cookie_value ) ) { |
|
| 194 | - return false; |
|
| 195 | - } |
|
| 196 | - |
|
| 197 | - list( $customer_id, $session_expiration, $session_expiring, $cookie_hash ) = explode( '||', $cookie_value ); |
|
| 198 | - |
|
| 199 | - if ( empty( $customer_id ) ) { |
|
| 200 | - return false; |
|
| 201 | - } |
|
| 202 | - |
|
| 203 | - // Validate hash. |
|
| 204 | - $to_hash = $customer_id . '|' . $session_expiration; |
|
| 205 | - $hash = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) ); |
|
| 206 | - |
|
| 207 | - if ( empty( $cookie_hash ) || ! hash_equals( $hash, $cookie_hash ) ) { |
|
| 208 | - return false; |
|
| 209 | - } |
|
| 210 | - |
|
| 211 | - return array( $customer_id, $session_expiration, $session_expiring, $cookie_hash ); |
|
| 212 | - } |
|
| 213 | - |
|
| 214 | - /** |
|
| 215 | - * Get session data. |
|
| 216 | - * |
|
| 217 | - * @return array |
|
| 218 | - */ |
|
| 219 | - public function get_session_data() { |
|
| 220 | - return $this->has_session() ? (array) $this->get_session( $this->_customer_id ) : array(); |
|
| 221 | - } |
|
| 222 | - |
|
| 223 | - public function generate_key( $customer_id ) { |
|
| 152 | + return apply_filters( 'wpinv_session_use_secure_cookie', $is_https && is_ssl() ); |
|
| 153 | + } |
|
| 154 | + |
|
| 155 | + /** |
|
| 156 | + * Return true if the current user has an active session, i.e. a cookie to retrieve values. |
|
| 157 | + * |
|
| 158 | + * @return bool |
|
| 159 | + */ |
|
| 160 | + public function has_session() { |
|
| 161 | + return isset( $_COOKIE[ $this->_cookie ] ) || $this->_has_cookie || is_user_logged_in(); // @codingStandardsIgnoreLine. |
|
| 162 | + } |
|
| 163 | + |
|
| 164 | + /** |
|
| 165 | + * Set session expiration. |
|
| 166 | + */ |
|
| 167 | + public function set_session_expiration() { |
|
| 168 | + $this->_session_expiring = time() + intval( apply_filters( 'wpinv_session_expiring', 60 * 60 * 47 ) ); // 47 Hours. |
|
| 169 | + $this->_session_expiration = time() + intval( apply_filters( 'wpinv_session_expiration', 60 * 60 * 48 ) ); // 48 Hours. |
|
| 170 | + } |
|
| 171 | + |
|
| 172 | + /** |
|
| 173 | + * Generates session ids. |
|
| 174 | + * |
|
| 175 | + * @return string |
|
| 176 | + */ |
|
| 177 | + public function generate_customer_id() { |
|
| 178 | + require_once ABSPATH . 'wp-includes/class-phpass.php'; |
|
| 179 | + $hasher = new PasswordHash( 8, false ); |
|
| 180 | + return md5( $hasher->get_random_bytes( 32 ) ); |
|
| 181 | + } |
|
| 182 | + |
|
| 183 | + /** |
|
| 184 | + * Get the session cookie, if set. Otherwise return false. |
|
| 185 | + * |
|
| 186 | + * Session cookies without a customer ID are invalid. |
|
| 187 | + * |
|
| 188 | + * @return bool|array |
|
| 189 | + */ |
|
| 190 | + public function get_session_cookie() { |
|
| 191 | + $cookie_value = isset( $_COOKIE[ $this->_cookie ] ) ? wp_unslash( $_COOKIE[ $this->_cookie ] ) : false; // @codingStandardsIgnoreLine. |
|
| 192 | + |
|
| 193 | + if ( empty( $cookie_value ) || ! is_string( $cookie_value ) ) { |
|
| 194 | + return false; |
|
| 195 | + } |
|
| 196 | + |
|
| 197 | + list( $customer_id, $session_expiration, $session_expiring, $cookie_hash ) = explode( '||', $cookie_value ); |
|
| 198 | + |
|
| 199 | + if ( empty( $customer_id ) ) { |
|
| 200 | + return false; |
|
| 201 | + } |
|
| 202 | + |
|
| 203 | + // Validate hash. |
|
| 204 | + $to_hash = $customer_id . '|' . $session_expiration; |
|
| 205 | + $hash = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) ); |
|
| 206 | + |
|
| 207 | + if ( empty( $cookie_hash ) || ! hash_equals( $hash, $cookie_hash ) ) { |
|
| 208 | + return false; |
|
| 209 | + } |
|
| 210 | + |
|
| 211 | + return array( $customer_id, $session_expiration, $session_expiring, $cookie_hash ); |
|
| 212 | + } |
|
| 213 | + |
|
| 214 | + /** |
|
| 215 | + * Get session data. |
|
| 216 | + * |
|
| 217 | + * @return array |
|
| 218 | + */ |
|
| 219 | + public function get_session_data() { |
|
| 220 | + return $this->has_session() ? (array) $this->get_session( $this->_customer_id ) : array(); |
|
| 221 | + } |
|
| 222 | + |
|
| 223 | + public function generate_key( $customer_id ) { |
|
| 224 | 224 | if ( ! $customer_id ) { |
| 225 | 225 | return; |
| 226 | 226 | } |
@@ -228,68 +228,68 @@ discard block |
||
| 228 | 228 | return 'wpi_trans_' . $customer_id; |
| 229 | 229 | } |
| 230 | 230 | |
| 231 | - /** |
|
| 232 | - * Save data. |
|
| 233 | - */ |
|
| 234 | - public function save_data() { |
|
| 235 | - // Dirty if something changed - prevents saving nothing new. |
|
| 236 | - if ( $this->_dirty && $this->has_session() ) { |
|
| 231 | + /** |
|
| 232 | + * Save data. |
|
| 233 | + */ |
|
| 234 | + public function save_data() { |
|
| 235 | + // Dirty if something changed - prevents saving nothing new. |
|
| 236 | + if ( $this->_dirty && $this->has_session() ) { |
|
| 237 | 237 | |
| 238 | 238 | set_transient( $this->generate_key( $this->_customer_id ), $this->_data, $this->_session_expiration ); |
| 239 | 239 | |
| 240 | - $this->_dirty = false; |
|
| 241 | - } |
|
| 242 | - } |
|
| 243 | - |
|
| 244 | - /** |
|
| 245 | - * Destroy all session data. |
|
| 246 | - */ |
|
| 247 | - public function destroy_session() { |
|
| 248 | - $this->delete_session( $this->_customer_id ); |
|
| 249 | - $this->forget_session(); |
|
| 250 | - } |
|
| 251 | - |
|
| 252 | - /** |
|
| 253 | - * Forget all session data without destroying it. |
|
| 254 | - */ |
|
| 255 | - public function forget_session() { |
|
| 256 | - $this->setcookie( $this->_cookie, '', time() - YEAR_IN_SECONDS, $this->use_secure_cookie(), true ); |
|
| 257 | - |
|
| 258 | - wpinv_empty_cart(); |
|
| 259 | - |
|
| 260 | - $this->_data = array(); |
|
| 261 | - $this->_dirty = false; |
|
| 262 | - $this->_customer_id = $this->generate_customer_id(); |
|
| 263 | - } |
|
| 264 | - |
|
| 265 | - /** |
|
| 266 | - * When a user is logged out, ensure they have a unique nonce by using the customer/session ID. |
|
| 267 | - * |
|
| 268 | - * @param int $uid User ID. |
|
| 269 | - * @return string |
|
| 270 | - */ |
|
| 271 | - public function nonce_user_logged_out( $uid ) { |
|
| 272 | - |
|
| 273 | - // Check if one of our nonces. |
|
| 274 | - if ( substr( $uid, 0, 5 ) === 'wpinv' || substr( $uid, 0, 7 ) === 'getpaid' ) { |
|
| 275 | - return $this->has_session() && $this->_customer_id ? $this->_customer_id : $uid; |
|
| 276 | - } |
|
| 277 | - |
|
| 278 | - return $uid; |
|
| 279 | - } |
|
| 280 | - |
|
| 281 | - /** |
|
| 282 | - * Returns the session. |
|
| 283 | - * |
|
| 284 | - * @param string $customer_id Customer ID. |
|
| 285 | - * @param mixed $default Default session value. |
|
| 286 | - * @return string|array |
|
| 287 | - */ |
|
| 288 | - public function get_session( $customer_id, $default = false ) { |
|
| 289 | - |
|
| 290 | - if ( defined( 'WP_SETUP_CONFIG' ) ) { |
|
| 291 | - return array(); |
|
| 292 | - } |
|
| 240 | + $this->_dirty = false; |
|
| 241 | + } |
|
| 242 | + } |
|
| 243 | + |
|
| 244 | + /** |
|
| 245 | + * Destroy all session data. |
|
| 246 | + */ |
|
| 247 | + public function destroy_session() { |
|
| 248 | + $this->delete_session( $this->_customer_id ); |
|
| 249 | + $this->forget_session(); |
|
| 250 | + } |
|
| 251 | + |
|
| 252 | + /** |
|
| 253 | + * Forget all session data without destroying it. |
|
| 254 | + */ |
|
| 255 | + public function forget_session() { |
|
| 256 | + $this->setcookie( $this->_cookie, '', time() - YEAR_IN_SECONDS, $this->use_secure_cookie(), true ); |
|
| 257 | + |
|
| 258 | + wpinv_empty_cart(); |
|
| 259 | + |
|
| 260 | + $this->_data = array(); |
|
| 261 | + $this->_dirty = false; |
|
| 262 | + $this->_customer_id = $this->generate_customer_id(); |
|
| 263 | + } |
|
| 264 | + |
|
| 265 | + /** |
|
| 266 | + * When a user is logged out, ensure they have a unique nonce by using the customer/session ID. |
|
| 267 | + * |
|
| 268 | + * @param int $uid User ID. |
|
| 269 | + * @return string |
|
| 270 | + */ |
|
| 271 | + public function nonce_user_logged_out( $uid ) { |
|
| 272 | + |
|
| 273 | + // Check if one of our nonces. |
|
| 274 | + if ( substr( $uid, 0, 5 ) === 'wpinv' || substr( $uid, 0, 7 ) === 'getpaid' ) { |
|
| 275 | + return $this->has_session() && $this->_customer_id ? $this->_customer_id : $uid; |
|
| 276 | + } |
|
| 277 | + |
|
| 278 | + return $uid; |
|
| 279 | + } |
|
| 280 | + |
|
| 281 | + /** |
|
| 282 | + * Returns the session. |
|
| 283 | + * |
|
| 284 | + * @param string $customer_id Customer ID. |
|
| 285 | + * @param mixed $default Default session value. |
|
| 286 | + * @return string|array |
|
| 287 | + */ |
|
| 288 | + public function get_session( $customer_id, $default = false ) { |
|
| 289 | + |
|
| 290 | + if ( defined( 'WP_SETUP_CONFIG' ) ) { |
|
| 291 | + return array(); |
|
| 292 | + } |
|
| 293 | 293 | |
| 294 | 294 | $key = $this->generate_key( $customer_id ); |
| 295 | 295 | $value = get_transient( $key ); |
@@ -298,30 +298,30 @@ discard block |
||
| 298 | 298 | $value = $default; |
| 299 | 299 | } |
| 300 | 300 | |
| 301 | - return maybe_unserialize( $value ); |
|
| 302 | - } |
|
| 301 | + return maybe_unserialize( $value ); |
|
| 302 | + } |
|
| 303 | 303 | |
| 304 | - /** |
|
| 305 | - * Delete the session from the cache and database. |
|
| 306 | - * |
|
| 307 | - * @param int $customer_id Customer ID. |
|
| 308 | - */ |
|
| 309 | - public function delete_session( $customer_id ) { |
|
| 304 | + /** |
|
| 305 | + * Delete the session from the cache and database. |
|
| 306 | + * |
|
| 307 | + * @param int $customer_id Customer ID. |
|
| 308 | + */ |
|
| 309 | + public function delete_session( $customer_id ) { |
|
| 310 | 310 | |
| 311 | 311 | $key = $this->generate_key( $customer_id ); |
| 312 | 312 | |
| 313 | - delete_transient( $key ); |
|
| 314 | - } |
|
| 313 | + delete_transient( $key ); |
|
| 314 | + } |
|
| 315 | 315 | |
| 316 | - /** |
|
| 317 | - * Update the session expiry timestamp. |
|
| 318 | - * |
|
| 319 | - * @param string $customer_id Customer ID. |
|
| 320 | - * @param int $timestamp Timestamp to expire the cookie. |
|
| 321 | - */ |
|
| 322 | - public function update_session_timestamp( $customer_id, $timestamp ) { |
|
| 316 | + /** |
|
| 317 | + * Update the session expiry timestamp. |
|
| 318 | + * |
|
| 319 | + * @param string $customer_id Customer ID. |
|
| 320 | + * @param int $timestamp Timestamp to expire the cookie. |
|
| 321 | + */ |
|
| 322 | + public function update_session_timestamp( $customer_id, $timestamp ) { |
|
| 323 | 323 | |
| 324 | 324 | set_transient( $this->generate_key( $customer_id ), maybe_serialize( $this->_data ), $timestamp ); |
| 325 | 325 | |
| 326 | - } |
|
| 326 | + } |
|
| 327 | 327 | } |
@@ -5,7 +5,7 @@ discard block |
||
| 5 | 5 | * |
| 6 | 6 | */ |
| 7 | 7 | |
| 8 | -defined( 'ABSPATH' ) || exit; |
|
| 8 | +defined('ABSPATH') || exit; |
|
| 9 | 9 | |
| 10 | 10 | /** |
| 11 | 11 | * Session handler class. |
@@ -54,11 +54,11 @@ discard block |
||
| 54 | 54 | */ |
| 55 | 55 | public function old__construct() { |
| 56 | 56 | |
| 57 | - $this->_cookie = apply_filters( 'wpinv_cookie', 'wpinv_session_' . COOKIEHASH ); |
|
| 58 | - add_action( 'init', array( $this, 'init' ), -1 ); |
|
| 59 | - add_action( 'wp_logout', array( $this, 'destroy_session' ) ); |
|
| 60 | - add_action( 'wp', array( $this, 'set_customer_session_cookie' ), 10 ); |
|
| 61 | - add_action( 'shutdown', array( $this, 'save_data' ), 20 ); |
|
| 57 | + $this->_cookie = apply_filters('wpinv_cookie', 'wpinv_session_' . COOKIEHASH); |
|
| 58 | + add_action('init', array($this, 'init'), -1); |
|
| 59 | + add_action('wp_logout', array($this, 'destroy_session')); |
|
| 60 | + add_action('wp', array($this, 'set_customer_session_cookie'), 10); |
|
| 61 | + add_action('shutdown', array($this, 'save_data'), 20); |
|
| 62 | 62 | |
| 63 | 63 | } |
| 64 | 64 | |
@@ -70,8 +70,8 @@ discard block |
||
| 70 | 70 | public function init() { |
| 71 | 71 | $this->init_session_cookie(); |
| 72 | 72 | |
| 73 | - if ( ! is_user_logged_in() ) { |
|
| 74 | - add_filter( 'nonce_user_logged_out', array( $this, 'nonce_user_logged_out' ), 10, 2 ); |
|
| 73 | + if (!is_user_logged_in()) { |
|
| 74 | + add_filter('nonce_user_logged_out', array($this, 'nonce_user_logged_out'), 10, 2); |
|
| 75 | 75 | } |
| 76 | 76 | } |
| 77 | 77 | |
@@ -83,7 +83,7 @@ discard block |
||
| 83 | 83 | public function init_session_cookie() { |
| 84 | 84 | $cookie = $this->get_session_cookie(); |
| 85 | 85 | |
| 86 | - if ( $cookie ) { |
|
| 86 | + if ($cookie) { |
|
| 87 | 87 | $this->_customer_id = $cookie[0]; |
| 88 | 88 | $this->_session_expiration = $cookie[1]; |
| 89 | 89 | $this->_session_expiring = $cookie[2]; |
@@ -91,17 +91,17 @@ discard block |
||
| 91 | 91 | $this->_data = $this->get_session_data(); |
| 92 | 92 | |
| 93 | 93 | // If the user logs in, update session. |
| 94 | - if ( is_user_logged_in() && get_current_user_id() != $this->_customer_id ) { |
|
| 94 | + if (is_user_logged_in() && get_current_user_id() != $this->_customer_id) { |
|
| 95 | 95 | $this->_customer_id = get_current_user_id(); |
| 96 | 96 | $this->_dirty = true; |
| 97 | 97 | $this->save_data(); |
| 98 | - $this->set_customer_session_cookie( true ); |
|
| 98 | + $this->set_customer_session_cookie(true); |
|
| 99 | 99 | } |
| 100 | 100 | |
| 101 | 101 | // Update session if its close to expiring. |
| 102 | - if ( time() > $this->_session_expiring ) { |
|
| 102 | + if (time() > $this->_session_expiring) { |
|
| 103 | 103 | $this->set_session_expiration(); |
| 104 | - $this->update_session_timestamp( $this->_customer_id, $this->_session_expiration ); |
|
| 104 | + $this->update_session_timestamp($this->_customer_id, $this->_session_expiration); |
|
| 105 | 105 | } |
| 106 | 106 | } else { |
| 107 | 107 | $this->set_session_expiration(); |
@@ -119,25 +119,25 @@ discard block |
||
| 119 | 119 | * |
| 120 | 120 | * @param bool $set Should the session cookie be set. |
| 121 | 121 | */ |
| 122 | - public function set_customer_session_cookie( $set ) { |
|
| 123 | - if ( $set ) { |
|
| 122 | + public function set_customer_session_cookie($set) { |
|
| 123 | + if ($set) { |
|
| 124 | 124 | $to_hash = $this->_customer_id . '|' . $this->_session_expiration; |
| 125 | - $cookie_hash = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) ); |
|
| 125 | + $cookie_hash = hash_hmac('md5', $to_hash, wp_hash($to_hash)); |
|
| 126 | 126 | $cookie_value = $this->_customer_id . '||' . $this->_session_expiration . '||' . $this->_session_expiring . '||' . $cookie_hash; |
| 127 | 127 | $this->_has_cookie = true; |
| 128 | 128 | |
| 129 | - if ( ! isset( $_COOKIE[ $this->_cookie ] ) || $_COOKIE[ $this->_cookie ] !== $cookie_value ) { |
|
| 130 | - $this->setcookie( $this->_cookie, $cookie_value, $this->_session_expiration, $this->use_secure_cookie(), true ); |
|
| 129 | + if (!isset($_COOKIE[$this->_cookie]) || $_COOKIE[$this->_cookie] !== $cookie_value) { |
|
| 130 | + $this->setcookie($this->_cookie, $cookie_value, $this->_session_expiration, $this->use_secure_cookie(), true); |
|
| 131 | 131 | } |
| 132 | 132 | } |
| 133 | 133 | } |
| 134 | 134 | |
| 135 | - public function setcookie( $name, $value, $expire = 0, $secure = false, $httponly = false ) { |
|
| 136 | - if ( ! headers_sent() ) { |
|
| 137 | - setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, apply_filters( 'wpinv_cookie_httponly', $httponly, $name, $value, $expire, $secure ) ); |
|
| 138 | - } elseif ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { |
|
| 139 | - headers_sent( $file, $line ); |
|
| 140 | - trigger_error( "{$name} cookie cannot be set - headers already sent by {$file} on line {$line}", E_USER_NOTICE ); // @codingStandardsIgnoreLine |
|
| 135 | + public function setcookie($name, $value, $expire = 0, $secure = false, $httponly = false) { |
|
| 136 | + if (!headers_sent()) { |
|
| 137 | + setcookie($name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, apply_filters('wpinv_cookie_httponly', $httponly, $name, $value, $expire, $secure)); |
|
| 138 | + } elseif (defined('WP_DEBUG') && WP_DEBUG) { |
|
| 139 | + headers_sent($file, $line); |
|
| 140 | + trigger_error("{$name} cookie cannot be set - headers already sent by {$file} on line {$line}", E_USER_NOTICE); // @codingStandardsIgnoreLine |
|
| 141 | 141 | } |
| 142 | 142 | } |
| 143 | 143 | |
@@ -148,8 +148,8 @@ discard block |
||
| 148 | 148 | * @return bool |
| 149 | 149 | */ |
| 150 | 150 | protected function use_secure_cookie() { |
| 151 | - $is_https = false !== strstr( get_option( 'home' ), 'https:' ); |
|
| 152 | - return apply_filters( 'wpinv_session_use_secure_cookie', $is_https && is_ssl() ); |
|
| 151 | + $is_https = false !== strstr(get_option('home'), 'https:'); |
|
| 152 | + return apply_filters('wpinv_session_use_secure_cookie', $is_https && is_ssl()); |
|
| 153 | 153 | } |
| 154 | 154 | |
| 155 | 155 | /** |
@@ -158,15 +158,15 @@ discard block |
||
| 158 | 158 | * @return bool |
| 159 | 159 | */ |
| 160 | 160 | public function has_session() { |
| 161 | - return isset( $_COOKIE[ $this->_cookie ] ) || $this->_has_cookie || is_user_logged_in(); // @codingStandardsIgnoreLine. |
|
| 161 | + return isset($_COOKIE[$this->_cookie]) || $this->_has_cookie || is_user_logged_in(); // @codingStandardsIgnoreLine. |
|
| 162 | 162 | } |
| 163 | 163 | |
| 164 | 164 | /** |
| 165 | 165 | * Set session expiration. |
| 166 | 166 | */ |
| 167 | 167 | public function set_session_expiration() { |
| 168 | - $this->_session_expiring = time() + intval( apply_filters( 'wpinv_session_expiring', 60 * 60 * 47 ) ); // 47 Hours. |
|
| 169 | - $this->_session_expiration = time() + intval( apply_filters( 'wpinv_session_expiration', 60 * 60 * 48 ) ); // 48 Hours. |
|
| 168 | + $this->_session_expiring = time() + intval(apply_filters('wpinv_session_expiring', 60 * 60 * 47)); // 47 Hours. |
|
| 169 | + $this->_session_expiration = time() + intval(apply_filters('wpinv_session_expiration', 60 * 60 * 48)); // 48 Hours. |
|
| 170 | 170 | } |
| 171 | 171 | |
| 172 | 172 | /** |
@@ -176,8 +176,8 @@ discard block |
||
| 176 | 176 | */ |
| 177 | 177 | public function generate_customer_id() { |
| 178 | 178 | require_once ABSPATH . 'wp-includes/class-phpass.php'; |
| 179 | - $hasher = new PasswordHash( 8, false ); |
|
| 180 | - return md5( $hasher->get_random_bytes( 32 ) ); |
|
| 179 | + $hasher = new PasswordHash(8, false); |
|
| 180 | + return md5($hasher->get_random_bytes(32)); |
|
| 181 | 181 | } |
| 182 | 182 | |
| 183 | 183 | /** |
@@ -188,27 +188,27 @@ discard block |
||
| 188 | 188 | * @return bool|array |
| 189 | 189 | */ |
| 190 | 190 | public function get_session_cookie() { |
| 191 | - $cookie_value = isset( $_COOKIE[ $this->_cookie ] ) ? wp_unslash( $_COOKIE[ $this->_cookie ] ) : false; // @codingStandardsIgnoreLine. |
|
| 191 | + $cookie_value = isset($_COOKIE[$this->_cookie]) ? wp_unslash($_COOKIE[$this->_cookie]) : false; // @codingStandardsIgnoreLine. |
|
| 192 | 192 | |
| 193 | - if ( empty( $cookie_value ) || ! is_string( $cookie_value ) ) { |
|
| 193 | + if (empty($cookie_value) || !is_string($cookie_value)) { |
|
| 194 | 194 | return false; |
| 195 | 195 | } |
| 196 | 196 | |
| 197 | - list( $customer_id, $session_expiration, $session_expiring, $cookie_hash ) = explode( '||', $cookie_value ); |
|
| 197 | + list($customer_id, $session_expiration, $session_expiring, $cookie_hash) = explode('||', $cookie_value); |
|
| 198 | 198 | |
| 199 | - if ( empty( $customer_id ) ) { |
|
| 199 | + if (empty($customer_id)) { |
|
| 200 | 200 | return false; |
| 201 | 201 | } |
| 202 | 202 | |
| 203 | 203 | // Validate hash. |
| 204 | 204 | $to_hash = $customer_id . '|' . $session_expiration; |
| 205 | - $hash = hash_hmac( 'md5', $to_hash, wp_hash( $to_hash ) ); |
|
| 205 | + $hash = hash_hmac('md5', $to_hash, wp_hash($to_hash)); |
|
| 206 | 206 | |
| 207 | - if ( empty( $cookie_hash ) || ! hash_equals( $hash, $cookie_hash ) ) { |
|
| 207 | + if (empty($cookie_hash) || !hash_equals($hash, $cookie_hash)) { |
|
| 208 | 208 | return false; |
| 209 | 209 | } |
| 210 | 210 | |
| 211 | - return array( $customer_id, $session_expiration, $session_expiring, $cookie_hash ); |
|
| 211 | + return array($customer_id, $session_expiration, $session_expiring, $cookie_hash); |
|
| 212 | 212 | } |
| 213 | 213 | |
| 214 | 214 | /** |
@@ -217,11 +217,11 @@ discard block |
||
| 217 | 217 | * @return array |
| 218 | 218 | */ |
| 219 | 219 | public function get_session_data() { |
| 220 | - return $this->has_session() ? (array) $this->get_session( $this->_customer_id ) : array(); |
|
| 220 | + return $this->has_session() ? (array) $this->get_session($this->_customer_id) : array(); |
|
| 221 | 221 | } |
| 222 | 222 | |
| 223 | - public function generate_key( $customer_id ) { |
|
| 224 | - if ( ! $customer_id ) { |
|
| 223 | + public function generate_key($customer_id) { |
|
| 224 | + if (!$customer_id) { |
|
| 225 | 225 | return; |
| 226 | 226 | } |
| 227 | 227 | |
@@ -233,9 +233,9 @@ discard block |
||
| 233 | 233 | */ |
| 234 | 234 | public function save_data() { |
| 235 | 235 | // Dirty if something changed - prevents saving nothing new. |
| 236 | - if ( $this->_dirty && $this->has_session() ) { |
|
| 236 | + if ($this->_dirty && $this->has_session()) { |
|
| 237 | 237 | |
| 238 | - set_transient( $this->generate_key( $this->_customer_id ), $this->_data, $this->_session_expiration ); |
|
| 238 | + set_transient($this->generate_key($this->_customer_id), $this->_data, $this->_session_expiration); |
|
| 239 | 239 | |
| 240 | 240 | $this->_dirty = false; |
| 241 | 241 | } |
@@ -245,7 +245,7 @@ discard block |
||
| 245 | 245 | * Destroy all session data. |
| 246 | 246 | */ |
| 247 | 247 | public function destroy_session() { |
| 248 | - $this->delete_session( $this->_customer_id ); |
|
| 248 | + $this->delete_session($this->_customer_id); |
|
| 249 | 249 | $this->forget_session(); |
| 250 | 250 | } |
| 251 | 251 | |
@@ -253,7 +253,7 @@ discard block |
||
| 253 | 253 | * Forget all session data without destroying it. |
| 254 | 254 | */ |
| 255 | 255 | public function forget_session() { |
| 256 | - $this->setcookie( $this->_cookie, '', time() - YEAR_IN_SECONDS, $this->use_secure_cookie(), true ); |
|
| 256 | + $this->setcookie($this->_cookie, '', time() - YEAR_IN_SECONDS, $this->use_secure_cookie(), true); |
|
| 257 | 257 | |
| 258 | 258 | wpinv_empty_cart(); |
| 259 | 259 | |
@@ -268,10 +268,10 @@ discard block |
||
| 268 | 268 | * @param int $uid User ID. |
| 269 | 269 | * @return string |
| 270 | 270 | */ |
| 271 | - public function nonce_user_logged_out( $uid ) { |
|
| 271 | + public function nonce_user_logged_out($uid) { |
|
| 272 | 272 | |
| 273 | 273 | // Check if one of our nonces. |
| 274 | - if ( substr( $uid, 0, 5 ) === 'wpinv' || substr( $uid, 0, 7 ) === 'getpaid' ) { |
|
| 274 | + if (substr($uid, 0, 5) === 'wpinv' || substr($uid, 0, 7) === 'getpaid') { |
|
| 275 | 275 | return $this->has_session() && $this->_customer_id ? $this->_customer_id : $uid; |
| 276 | 276 | } |
| 277 | 277 | |
@@ -285,20 +285,20 @@ discard block |
||
| 285 | 285 | * @param mixed $default Default session value. |
| 286 | 286 | * @return string|array |
| 287 | 287 | */ |
| 288 | - public function get_session( $customer_id, $default = false ) { |
|
| 288 | + public function get_session($customer_id, $default = false) { |
|
| 289 | 289 | |
| 290 | - if ( defined( 'WP_SETUP_CONFIG' ) ) { |
|
| 290 | + if (defined('WP_SETUP_CONFIG')) { |
|
| 291 | 291 | return array(); |
| 292 | 292 | } |
| 293 | 293 | |
| 294 | - $key = $this->generate_key( $customer_id ); |
|
| 295 | - $value = get_transient( $key ); |
|
| 294 | + $key = $this->generate_key($customer_id); |
|
| 295 | + $value = get_transient($key); |
|
| 296 | 296 | |
| 297 | - if ( ! $value ) { |
|
| 297 | + if (!$value) { |
|
| 298 | 298 | $value = $default; |
| 299 | 299 | } |
| 300 | 300 | |
| 301 | - return maybe_unserialize( $value ); |
|
| 301 | + return maybe_unserialize($value); |
|
| 302 | 302 | } |
| 303 | 303 | |
| 304 | 304 | /** |
@@ -306,11 +306,11 @@ discard block |
||
| 306 | 306 | * |
| 307 | 307 | * @param int $customer_id Customer ID. |
| 308 | 308 | */ |
| 309 | - public function delete_session( $customer_id ) { |
|
| 309 | + public function delete_session($customer_id) { |
|
| 310 | 310 | |
| 311 | - $key = $this->generate_key( $customer_id ); |
|
| 311 | + $key = $this->generate_key($customer_id); |
|
| 312 | 312 | |
| 313 | - delete_transient( $key ); |
|
| 313 | + delete_transient($key); |
|
| 314 | 314 | } |
| 315 | 315 | |
| 316 | 316 | /** |
@@ -319,9 +319,9 @@ discard block |
||
| 319 | 319 | * @param string $customer_id Customer ID. |
| 320 | 320 | * @param int $timestamp Timestamp to expire the cookie. |
| 321 | 321 | */ |
| 322 | - public function update_session_timestamp( $customer_id, $timestamp ) { |
|
| 322 | + public function update_session_timestamp($customer_id, $timestamp) { |
|
| 323 | 323 | |
| 324 | - set_transient( $this->generate_key( $customer_id ), maybe_serialize( $this->_data ), $timestamp ); |
|
| 324 | + set_transient($this->generate_key($customer_id), maybe_serialize($this->_data), $timestamp); |
|
| 325 | 325 | |
| 326 | 326 | } |
| 327 | 327 | } |
