Give_Email_Access - Code Metrics - WordImpress/Give - Measure and Improve Code Quality continuously with Scrutinizer

Give_Email_Access A
last analyzed 2018-09-17 22:00 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	356
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	4

Test Coverage

Coverage

Importance

Changes

Metric	Value
dl	0
loc	356
ccs	0
cts	121
cp	0
rs	10
c	0
b	0
f	0
wmc	27
lcom	1
cbo	4

10 Methods

Rating	Name	Size	Complexity
A	__construct()	5	1
A	init()	28	4
A	send_email()	3	1
B	check_for_token()	28	7
A	is_valid_token()	25	4
A	set_verify_key()	22	2
A	is_valid_verify_key()	25	2
A	users_donations_args()	5	1
A	create_columns()	7	1
A	can_send_email()	24	4

<?php
/**
 * Email Access
 *
 * @package     Give
 * @subpackage  Classes/Give_Email_Access
 * @copyright   Copyright (c) 2016, WordImpress
 * @license     https://opensource.org/licenses/gpl-license GNU Public License
 * @since       1.4
 */

// Exit if accessed directly.
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * Give_Email_Access class
 *
 * This class handles email access, allowing donors access to their donation w/o logging in;
 *
 * Based on the work from Matt Gibbs - https://github.com/FacetWP/edd-no-logins
 *
 * @since 1.0
 */
class Give_Email_Access {

	/**
	 * Token exists
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @var    bool
	 */
	public $token_exists = false;

	/**
	 * Token email
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @var    bool
	 */
	public $token_email = false;

	/**
	 * Token
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @var    bool
	 */
	public $token = false;

	/**
	 * Error
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @var    string
	 */
	public $error = '';

	/**
	 * Verify throttle
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @var
	 */
	public $verify_throttle;

	/**
	 * Limit throttle
	 *
	 * @since  1.8.17
	 * @access public
	 *
	 * @var
	 */
	public $limit_throttle;

	/**
	 * Verify expiration
	 *
	 * @since  1.0
	 * @access private
	 *
	 * @var    string
	 */
	private $token_expiration;

	/**
	 * Class Constructor
	 *
	 * Set up the Give Email Access Class.
	 *
	 * @since  1.0
	 * @access public
	 */
	public function __construct() {

		// get it started
		add_action( 'init', array( $this, 'init' ) );
	}

	/**
	 * Init
	 *
	 * Register defaults and filters
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @return void
	 */
	public function init() {

		// Bail Out, if user is logged in.
		if ( is_user_logged_in() ) {
			return;
		}

		// Are db columns setup?
		$column_exists = Give()->donors->does_column_exist( 'token' );
		if ( ! $column_exists ) {
			$this->create_columns();
		}

		// Timeouts.
		$this->verify_throttle  = apply_filters( 'give_nl_verify_throttle', 300 );
		$this->limit_throttle   = apply_filters( 'give_nl_limit_throttle', 3 );
		$this->token_expiration = apply_filters( 'give_nl_token_expiration', 7200 );

		// Setup login.
		$this->check_for_token();

		if ( $this->token_exists ) {
			add_filter( 'give_can_view_receipt', '__return_true' );
			add_filter( 'give_user_pending_verification', '__return_false' );
			add_filter( 'give_get_users_donations_args', array( $this, 'users_donations_args' ) );
		}

	}

	/**
	 * Prevent email spamming.
	 *
	 * @param int $donor_id Donor ID.
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @return bool
	 */
	public function can_send_email( $donor_id ) {

		$donor = Give()->donors->get_donor_by( 'id', $donor_id );

		if ( is_object( $donor ) ) {

			$email_throttle_count = (int) give_get_meta( $donor_id, '_give_email_throttle_count', true );

			$cache_key = "give_cache_email_throttle_limit_exhausted_{$donor_id}";
			if (
				$email_throttle_count < $this->limit_throttle &&
				true !== Give_Cache::get( $cache_key )
			) {
				give_update_meta( $donor_id, '_give_email_throttle_count', $email_throttle_count + 1 );
			} else {
				give_update_meta( $donor_id, '_give_email_throttle_count', 0 );
				Give_Cache::set( $cache_key, true, $this->verify_throttle );
				return false;
			}


		}

		return true;
	}

	/**
	 * Send the user's token
	 *
	 * @param int    $donor_id Donor id.
	 * @param string $email    Donor email.
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @return bool
	 */
	public function send_email( $donor_id, $email ) {
		return apply_filters( 'give_email-access_email_notification', $donor_id, $email );
	}

	/**
	 * Has the user authenticated?
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @return bool
	 */
	public function check_for_token() {

		$token = isset( $_GET['give_nl'] ) ? give_clean( $_GET['give_nl'] ) : '';


		// Check for cookie.
		if ( empty( $token ) ) {
			$token = isset( $_COOKIE['give_nl'] ) ? give_clean( $_COOKIE['give_nl'] ) : '';

		}

		// Must have a token.
		if ( ! empty( $token ) ) {

			if ( ! $this->is_valid_token( $token ) ) {
				if ( ! $this->is_valid_verify_key( $token ) ) {
					return false;
				}
			}

			// Set Receipt Access Session.
			Give()->session->set( 'receipt_access', true );
			$this->token_exists = true;
			// Set cookie.
			$lifetime = current_time( 'timestamp' ) + Give()->session->set_expiration_time();
			@setcookie( 'give_nl', $token, $lifetime, COOKIEPATH, COOKIE_DOMAIN, false );
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

			return true;
		}
	}

	/**
	 * Is this a valid token?
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @param  $token string The token.
	 *
	 * @return bool
	 */
	public function is_valid_token( $token ) {

		global $wpdb;

		// Make sure token isn't expired.
		$expires = date( 'Y-m-d H:i:s', time() - $this->token_expiration );

		$email = $wpdb->get_var(

			$wpdb->prepare( "SELECT email FROM {$wpdb->donors} WHERE verify_key = %s AND verify_throttle >= %s LIMIT 1", $token, $expires )
		);

		if ( ! empty( $email ) ) {
			$this->token_email = $email;
			$this->token       = $token;
			return true;
		}

		// Set error only if email access form isn't being submitted.
		if ( ! isset( $_POST['give_email'] ) && ! isset( $_POST['_wpnonce'] ) ) {

			give_set_error( 'give_email_token_expired', apply_filters( 'give_email_token_expired_message', __( 'Your access token has expired. Please request a new one below:', 'give' ) ) );
		}

		return false;

	}

	/**
	 * Add the verify key to DB
	 *
	 * @param int    $donor_id   Donor id.
	 * @param string $email      Donor email.
	 * @param string $verify_key The verification key.
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @return void
	 */
	public function set_verify_key( $donor_id, $email, $verify_key ) {

		global $wpdb;

		$now = date( 'Y-m-d H:i:s' );

		// Insert or update?
		$row_id = (int) $wpdb->get_var(

			$wpdb->prepare( "SELECT id FROM {$wpdb->donors} WHERE id = %d LIMIT 1", $donor_id )
		);

		// Update.
		if ( ! empty( $row_id ) ) {
			$wpdb->query(

				$wpdb->prepare( "UPDATE {$wpdb->donors} SET verify_key = %s, verify_throttle = %s WHERE id = %d LIMIT 1", $verify_key, $now, $row_id )
			);
		} // Insert.
		else {
			$wpdb->query(

				$wpdb->prepare( "INSERT INTO {$wpdb->donors} ( verify_key, verify_throttle) VALUES (%s, %s)", $verify_key, $now )
			);
		}
	}

	/**
	 * Is this a valid verify key?
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @param  $token string The token.
	 *
	 * @return bool
	 */
	public function is_valid_verify_key( $token ) {
		/* @var WPDB $wpdb */
		global $wpdb;

		// See if the verify_key exists.
		$row = $wpdb->get_row(

			$wpdb->prepare( "SELECT id, email FROM {$wpdb->donors} WHERE verify_key = %s LIMIT 1", $token )
		);

		$now = date( 'Y-m-d H:i:s' );

		// Set token and remove verify key.
		if ( ! empty( $row ) ) {
			$wpdb->query(

				$wpdb->prepare( "UPDATE {$wpdb->donors} SET verify_key = '', token = %s, verify_throttle = %s WHERE id = %d LIMIT 1", $token, $now, $row->id )
			);

			$this->token_email = $row->email;
			$this->token       = $token;

			return true;
		}

		return false;
	}

	/**
	 * Users donations args
	 *
	 * Force Give to find donations by email, not user ID.
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @param  $args array User Donations arguments.
	 *
	 * @return mixed
	 */
	public function users_donations_args( $args ) {
		$args['user'] = $this->token_email;

		return $args;
	}

	/**
	 * Create required columns
	 *
	 * Create the necessary columns for email access
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @return void
	 */
	public function create_columns() {

		global $wpdb;

		// Create columns in donors table.
		$wpdb->query( "ALTER TABLE {$wpdb->donors} ADD `token` VARCHAR(255) CHARACTER SET utf8 NOT NULL, ADD `verify_key` VARCHAR(255) CHARACTER SET utf8 NOT NULL AFTER `token`, ADD `verify_throttle` DATETIME NOT NULL AFTER `verify_key`" );

	}

}


1			<?php
2			/**
3			* Email Access
4			*
5			* @package Give
6			* @subpackage Classes/Give_Email_Access
7			* @copyright Copyright (c) 2016, WordImpress
8			* @license https://opensource.org/licenses/gpl-license GNU Public License
9			* @since 1.4
10			*/
11
12			// Exit if accessed directly.
13			if ( ! defined( 'ABSPATH' ) ) {
14			exit;
15			}
16
17			/**
18			* Give_Email_Access class
19			*
20			* This class handles email access, allowing donors access to their donation w/o logging in;
21			*
22			* Based on the work from Matt Gibbs - https://github.com/FacetWP/edd-no-logins
23			*
24			* @since 1.0
25			*/
26			class Give_Email_Access {
27
28			/**
29			* Token exists
30			*
31			* @since 1.0
32			* @access public
33			*
34			* @var bool
35			*/
36			public $token_exists = false;
37
38			/**
39			* Token email
40			*
41			* @since 1.0
42			* @access public
43			*
44			* @var bool
45			*/
46			public $token_email = false;
47
48			/**
49			* Token
50			*
51			* @since 1.0
52			* @access public
53			*
54			* @var bool
55			*/
56			public $token = false;
57
58			/**
59			* Error
60			*
61			* @since 1.0
62			* @access public
63			*
64			* @var string
65			*/
66			public $error = '';
67
68			/**
69			* Verify throttle
70			*
71			* @since 1.0
72			* @access public
73			*
74			* @var
75			*/
76			public $verify_throttle;
77
78			/**
79			* Limit throttle
80			*
81			* @since 1.8.17
82			* @access public
83			*
84			* @var
85			*/
86			public $limit_throttle;
87
88			/**
89			* Verify expiration
90			*
91			* @since 1.0
92			* @access private
93			*
94			* @var string
95			*/
96			private $token_expiration;
97
98			/**
99			* Class Constructor
100			*
101			* Set up the Give Email Access Class.
102			*
103			* @since 1.0
104			* @access public
105			*/
106			public function __construct() {
107
108			// get it started
109			add_action( 'init', array( $this, 'init' ) );
110			}
111
112			/**
113			* Init
114			*
115			* Register defaults and filters
116			*
117			* @since 1.0
118			* @access public
119			*
120			* @return void
121			*/
122			public function init() {
123
124			// Bail Out, if user is logged in.
125			if ( is_user_logged_in() ) {
126			return;
127			}
128
129			// Are db columns setup?
130			$column_exists = Give()->donors->does_column_exist( 'token' );
131			if ( ! $column_exists ) {
132			$this->create_columns();
133			}
134
135			// Timeouts.
136			$this->verify_throttle = apply_filters( 'give_nl_verify_throttle', 300 );
137			$this->limit_throttle = apply_filters( 'give_nl_limit_throttle', 3 );
138			$this->token_expiration = apply_filters( 'give_nl_token_expiration', 7200 );
139
140			// Setup login.
141			$this->check_for_token();
142
143			if ( $this->token_exists ) {
144			add_filter( 'give_can_view_receipt', '__return_true' );
145			add_filter( 'give_user_pending_verification', '__return_false' );
146			add_filter( 'give_get_users_donations_args', array( $this, 'users_donations_args' ) );
147			}
148
149			}
150
151			/**
152			* Prevent email spamming.
153			*
154			* @param int $donor_id Donor ID.
155			*
156			* @since 1.0
157			* @access public
158			*
159			* @return bool
160			*/
161			public function can_send_email( $donor_id ) {
162
163			$donor = Give()->donors->get_donor_by( 'id', $donor_id );
164
165			if ( is_object( $donor ) ) {
166
167			$email_throttle_count = (int) give_get_meta( $donor_id, '_give_email_throttle_count', true );
168
169			$cache_key = "give_cache_email_throttle_limit_exhausted_{$donor_id}";
170			if (
171			$email_throttle_count < $this->limit_throttle &&
172			true !== Give_Cache::get( $cache_key )
173			) {
174			give_update_meta( $donor_id, '_give_email_throttle_count', $email_throttle_count + 1 );
175			} else {
176			give_update_meta( $donor_id, '_give_email_throttle_count', 0 );
177			Give_Cache::set( $cache_key, true, $this->verify_throttle );
178			return false;
179			}
			0 ignored issues – show introduced 2017-12-08 07:53 UTC by Report Bug Copy Issue Report Blank line found after control structure Loading history...
180
181			}
182
183			return true;
184			}
185
186			/**
187			* Send the user's token
188			*
189			* @param int $donor_id Donor id.
190			* @param string $email Donor email.
191			*
192			* @since 1.0
193			* @access public
194			*
195			* @return bool
196			*/
197			public function send_email( $donor_id, $email ) {
198			return apply_filters( 'give_email-access_email_notification', $donor_id, $email );
199			}
200
201			/**
202			* Has the user authenticated?
203			*
204			* @since 1.0
205			* @access public
206			*
207			* @return bool
208			*/
209			public function check_for_token() {
210
211			$token = isset( $_GET['give_nl'] ) ? give_clean( $_GET['give_nl'] ) : '';
			0 ignored issues – show introduced 2018-05-02 19:53 UTC by Report Bug Copy Issue Report Detected access of super global var $_GET, probably need manual inspection. Loading history... introduced 2018-05-02 19:53 UTC by Report Bug Copy Issue Report Detected usage of a non-sanitized input variable: $_GET Loading history...
212
213			// Check for cookie.
214			if ( empty( $token ) ) {
215			$token = isset( $_COOKIE['give_nl'] ) ? give_clean( $_COOKIE['give_nl'] ) : '';
			0 ignored issues – show introduced 2018-05-02 19:53 UTC by Report Bug Copy Issue Report Due to using Batcache, server side based client related logic will not work, use JS instead. Loading history...
216			}
217
218			// Must have a token.
219			if ( ! empty( $token ) ) {
220
221			if ( ! $this->is_valid_token( $token ) ) {
222			if ( ! $this->is_valid_verify_key( $token ) ) {
223			return false;
224			}
225			}
226
227			// Set Receipt Access Session.
228			Give()->session->set( 'receipt_access', true );
229			$this->token_exists = true;
230			// Set cookie.
231			$lifetime = current_time( 'timestamp' ) + Give()->session->set_expiration_time();
232			@setcookie( 'give_nl', $token, $lifetime, COOKIEPATH, COOKIE_DOMAIN, false );
			0 ignored issues – show Security Best Practice introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history... Coding Style introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Silencing errors is discouraged Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Due to using Batcache, server side based client related logic will not work, use JS instead. Loading history...
233
234			return true;
235			}
236			}
237
238			/**
239			* Is this a valid token?
240			*
241			* @since 1.0
242			* @access public
243			*
244			* @param $token string The token.
245			*
246			* @return bool
247			*/
248			public function is_valid_token( $token ) {
249
250			global $wpdb;
251
252			// Make sure token isn't expired.
253			$expires = date( 'Y-m-d H:i:s', time() - $this->token_expiration );
254
255			$email = $wpdb->get_var(
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history...
256			$wpdb->prepare( "SELECT email FROM {$wpdb->donors} WHERE verify_key = %s AND verify_throttle >= %s LIMIT 1", $token, $expires )
257			);
258
259			if ( ! empty( $email ) ) {
260			$this->token_email = $email;
261			$this->token = $token;
262			return true;
263			}
264
265			// Set error only if email access form isn't being submitted.
266			if ( ! isset( $_POST['give_email'] ) && ! isset( $_POST['_wpnonce'] ) ) {
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Detected access of super global var $_POST, probably need manual inspection. Loading history...
267			give_set_error( 'give_email_token_expired', apply_filters( 'give_email_token_expired_message', __( 'Your access token has expired. Please request a new one below:', 'give' ) ) );
268			}
269
270			return false;
271
272			}
273
274			/**
275			* Add the verify key to DB
276			*
277			* @param int $donor_id Donor id.
278			* @param string $email Donor email.
279			* @param string $verify_key The verification key.
280			*
281			* @since 1.0
282			* @access public
283			*
284			* @return void
285			*/
286			public function set_verify_key( $donor_id, $email, $verify_key ) {
			0 ignored issues – show Unused Code introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report The parameter `$email` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
287			global $wpdb;
288
289			$now = date( 'Y-m-d H:i:s' );
290
291			// Insert or update?
292			$row_id = (int) $wpdb->get_var(
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history...
293			$wpdb->prepare( "SELECT id FROM {$wpdb->donors} WHERE id = %d LIMIT 1", $donor_id )
294			);
295
296			// Update.
297			if ( ! empty( $row_id ) ) {
298			$wpdb->query(
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history...
299			$wpdb->prepare( "UPDATE {$wpdb->donors} SET verify_key = %s, verify_throttle = %s WHERE id = %d LIMIT 1", $verify_key, $now, $row_id )
300			);
301			} // Insert.
302			else {
303			$wpdb->query(
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history...
304			$wpdb->prepare( "INSERT INTO {$wpdb->donors} ( verify_key, verify_throttle) VALUES (%s, %s)", $verify_key, $now )
305			);
306			}
307			}
308
309			/**
310			* Is this a valid verify key?
311			*
312			* @since 1.0
313			* @access public
314			*
315			* @param $token string The token.
316			*
317			* @return bool
318			*/
319			public function is_valid_verify_key( $token ) {
320			/* @var WPDB $wpdb */
321			global $wpdb;
322
323			// See if the verify_key exists.
324			$row = $wpdb->get_row(
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history...
325			$wpdb->prepare( "SELECT id, email FROM {$wpdb->donors} WHERE verify_key = %s LIMIT 1", $token )
326			);
327
328			$now = date( 'Y-m-d H:i:s' );
329
330			// Set token and remove verify key.
331			if ( ! empty( $row ) ) {
332			$wpdb->query(
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history...
333			$wpdb->prepare( "UPDATE {$wpdb->donors} SET verify_key = '', token = %s, verify_throttle = %s WHERE id = %d LIMIT 1", $token, $now, $row->id )
334			);
335
336			$this->token_email = $row->email;
337			$this->token = $token;
338
339			return true;
340			}
341
342			return false;
343			}
344
345			/**
346			* Users donations args
347			*
348			* Force Give to find donations by email, not user ID.
349			*
350			* @since 1.0
351			* @access public
352			*
353			* @param $args array User Donations arguments.
354			*
355			* @return mixed
356			*/
357			public function users_donations_args( $args ) {
358			$args['user'] = $this->token_email;
359
360			return $args;
361			}
362
363			/**
364			* Create required columns
365			*
366			* Create the necessary columns for email access
367			*
368			* @since 1.0
369			* @access public
370			*
371			* @return void
372			*/
373			public function create_columns() {
374
375			global $wpdb;
376
377			// Create columns in donors table.
378			$wpdb->query( "ALTER TABLE {$wpdb->donors} ADD `token` VARCHAR(255) CHARACTER SET utf8 NOT NULL, ADD `verify_key` VARCHAR(255) CHARACTER SET utf8 NOT NULL AFTER `token`, ADD `verify_throttle` DATETIME NOT NULL AFTER `verify_key`" );
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Attempting a database schema change is highly discouraged. Loading history...
379			}
380
381			}
382

WordImpress / Give

Give_Email_Access A last analyzed 2018-09-17 22:00 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

10 Methods

Duplication Side-by-Side

Filter issues like

Give_Email_Access A
last analyzed 2018-09-17 22:00 UTC