eventespresso / event-espresso-core

core/EE_Encryption.core.php

Indentation +509 added lines, -509 removed lines

@@ -16,515 +16,515 @@
 class EE_Encryption
 {
 
-    /**
-     * key used for saving the encryption key to the wp_options table
-     */
-    const ENCRYPTION_OPTION_KEY = 'ee_encryption_key';
-
-    /**
-     * the OPENSSL cipher method used
-     */
-    const OPENSSL_CIPHER_METHOD = 'aes-256-ctr';
-
-    /**
-     * the OPENSSL digest method used
-     */
-    const OPENSSL_DIGEST_METHOD = 'sha512';
-
-    /**
-     * separates the encrypted text from the initialization vector
-     */
-    const OPENSSL_IV_DELIMITER = ':iv:';
-
-    /**
-     * appended to text encrypted using the acme encryption
-     */
-    const ACME_ENCRYPTION_FLAG = '::ae';
-
-
-
-    /**
-     * instance of the EE_Encryption object
-     */
-    protected static $_instance;
-
-    /**
-     * @var string $_encryption_key
-     */
-    protected $_encryption_key;
-
-    /**
-     * @var boolean $_use_openssl_encrypt
-     */
-    protected $_use_openssl_encrypt = false;
-
-    /**
-     * @var boolean $_use_mcrypt
-     */
-    protected $_use_mcrypt = false;
-
-    /**
-     * @var boolean $_use_base64_encode
-     */
-    protected $_use_base64_encode = false;
-
-
-
-    /**
-     * protected constructor to prevent direct creation
-     */
-    protected function __construct()
-    {
-        if (! defined('ESPRESSO_ENCRYPT')) {
-            define('ESPRESSO_ENCRYPT', true);
-        }
-        if (extension_loaded('openssl')) {
-            $this->_use_openssl_encrypt = true;
-        } else if (extension_loaded('mcrypt')) {
-            $this->_use_mcrypt = true;
-        }
-        if (function_exists('base64_encode')) {
-            $this->_use_base64_encode = true;
-        }
-    }
-
-
-
-    /**
-     * singleton method used to instantiate class object
-     *
-     * @return EE_Encryption
-     */
-    public static function instance()
-    {
-        // check if class object is instantiated
-        if (! self::$_instance instanceof EE_Encryption) {
-            self::$_instance = new self();
-        }
-        return self::$_instance;
-    }
-
-
-
-    /**
-     * get encryption key
-     *
-     * @return string
-     */
-    public function get_encryption_key()
-    {
-        // if encryption key has not been set
-        if (empty($this->_encryption_key)) {
-            // retrieve encryption_key from db
-            $this->_encryption_key = get_option(EE_Encryption::ENCRYPTION_OPTION_KEY, '');
-            // WHAT?? No encryption_key in the db ??
-            if ($this->_encryption_key === '') {
-                // let's make one. And md5 it to make it just the right size for a key
-                $new_key = md5($this->generate_random_string());
-                // now save it to the db for later
-                add_option(EE_Encryption::ENCRYPTION_OPTION_KEY, $new_key);
-                // here's the key - FINALLY !
-                $this->_encryption_key = $new_key;
-            }
-        }
-        return $this->_encryption_key;
-    }
-
-
-
-    /**
-     * encrypts data
-     *
-     * @param string $text_string - the text to be encrypted
-     * @return string
-     * @throws RuntimeException
-     */
-    public function encrypt($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string)) {
-            return $text_string;
-        }
-        if ($this->_use_openssl_encrypt) {
-            $encrypted_text = $this->openssl_encrypt($text_string);
-        } else {
-            $encrypted_text = $this->acme_encrypt($text_string);
-        }
-        return $encrypted_text;
-    }
-
-
-
-    /**
-     * decrypts data
-     *
-     * @param string $encrypted_text - the text to be decrypted
-     * @return string
-     * @throws RuntimeException
-     */
-    public function decrypt($encrypted_text = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encrypted_text)) {
-            return $encrypted_text;
-        }
-        // if PHP's mcrypt functions are installed then we'll use them
-        if ($this->_use_openssl_encrypt) {
-            $decrypted_text = $this->openssl_decrypt($encrypted_text);
-        } else {
-            $decrypted_text = $this->acme_decrypt($encrypted_text);
-        }
-        return $decrypted_text;
-    }
-
-
-
-    /**
-     * encodes string with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $text_string the text to be encoded
-     * @return string
-     */
-    public function base64_string_encode($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string) || ! $this->_use_base64_encode) {
-            return $text_string;
-        }
-        // encode
-        return base64_encode($text_string);
-    }
-
-
-
-    /**
-     * decodes string that has been encoded with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $encoded_string the text to be decoded
-     * @return string
-     */
-    public function base64_string_decode($encoded_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encoded_string) || ! $this->valid_base_64($encoded_string)) {
-            return $encoded_string;
-        }
-        // decode
-        return base64_decode($encoded_string);
-    }
-
-
-
-    /**
-     * encodes  url string with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $text_string the text to be encoded
-     * @return string
-     */
-    public function base64_url_encode($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string) || ! $this->_use_base64_encode) {
-            return $text_string;
-        }
-        // encode
-        $encoded_string = base64_encode($text_string);
-        // remove chars to make encoding more URL friendly
-        return strtr($encoded_string, '+/=', '-_,');
-    }
-
-
-
-    /**
-     * decodes  url string that has been encoded with PHP's base64 encoding
-     *
-     * @see http://php.net/manual/en/function.base64-encode.php
-     * @param string $encoded_string the text to be decoded
-     * @return string
-     */
-    public function base64_url_decode($encoded_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encoded_string) || ! $this->valid_base_64($encoded_string)) {
-            return $encoded_string;
-        }
-        // replace previously removed characters
-        $encoded_string = strtr($encoded_string, '-_,', '+/=');
-        // decode
-        return base64_decode($encoded_string);
-    }
-
-
-
-    /**
-     * encrypts data using PHP's openssl functions
-     *
-     * @param string $text_string the text to be encrypted
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function openssl_encrypt($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string)) {
-            return $text_string;
-        }
-        // get initialization vector size
-        $iv_size = openssl_cipher_iv_length(EE_Encryption::OPENSSL_CIPHER_METHOD);
-        // generate initialization vector
-        $iv = openssl_random_pseudo_bytes($iv_size, $is_strong);
-        if ($iv === false || $is_strong === false) {
-            throw new RuntimeException(
-                esc_html__('Failed to generate OpenSSL initialization vector.', 'event_espresso')
-            );
-        }
-        // encrypt it
-        $encrypted_text = openssl_encrypt(
-            $text_string,
-            EE_Encryption::OPENSSL_CIPHER_METHOD,
-            openssl_digest($this->get_encryption_key(), EE_Encryption::OPENSSL_DIGEST_METHOD),
-            0,
-            $iv
-        );
-        // append the initialization vector
-        $encrypted_text .= EE_Encryption::OPENSSL_IV_DELIMITER . $iv;
-        // trim and maybe encode
-        return $this->_use_base64_encode
-            ? trim(base64_encode($encrypted_text))
-            : trim($encrypted_text);
-    }
-
-
-
-    /**
-     * decrypts data that has been encrypted with PHP's openssl functions
-     *
-     * @param string $encrypted_text the text to be decrypted
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function openssl_decrypt($encrypted_text = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encrypted_text)) {
-            return $encrypted_text;
-        }
-        // decode
-        $encrypted_text = $this->valid_base_64($encrypted_text)
-            ? base64_decode($encrypted_text)
-            : $encrypted_text;
-        $encrypted_components = explode(
-            EE_Encryption::OPENSSL_IV_DELIMITER,
-            $encrypted_text,
-            2
-        );
-        // check that iv exists, and if not, maybe text was encoded using mcrypt?
-        if (! isset($encrypted_components[1]) && $this->_use_mcrypt) {
-            return $this->m_decrypt($encrypted_text);
-        }
-        // decrypt it
-        $decrypted_text = openssl_decrypt(
-            $encrypted_components[0],
-            EE_Encryption::OPENSSL_CIPHER_METHOD,
-            openssl_digest($this->get_encryption_key(), EE_Encryption::OPENSSL_DIGEST_METHOD),
-            0,
-            $encrypted_components[1]
-        );
-        $decrypted_text = trim($decrypted_text);
-        return $decrypted_text;
-    }
-
-
-
-    /**
-     * encrypts data for acme servers that didn't bother to install PHP mcrypt
-     *
-     * @see http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
-     * @param string $text_string the text to be decrypted
-     * @return string
-     */
-    protected function acme_encrypt($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string)) {
-            return $text_string;
-        }
-        $key_bits = str_split(
-            str_pad('', strlen($text_string), $this->get_encryption_key(), STR_PAD_RIGHT)
-        );
-        $string_bits = str_split($text_string);
-        foreach ($string_bits as $k => $v) {
-            $temp = ord($v) + ord($key_bits[$k]);
-            $string_bits[$k] = chr($temp > 255 ? ($temp - 256) : $temp);
-        }
-        $encrypted_text = implode('', $string_bits);
-        $encrypted_text .= EE_Encryption::ACME_ENCRYPTION_FLAG;
-        return $this->_use_base64_encode
-            ? base64_encode($encrypted_text)
-            : $encrypted_text;
-    }
-
-
-
-    /**
-     * decrypts data for acme servers that didn't bother to install PHP mcrypt
-     *
-     * @see http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
-     * @param string $encrypted_text the text to be decrypted
-     * @return string
-     */
-    protected function acme_decrypt($encrypted_text = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encrypted_text)) {
-            return $encrypted_text;
-        }
-        // decode the data ?
-        $encrypted_text = $this->valid_base_64($encrypted_text)
-            ? base64_decode($encrypted_text)
-            : $encrypted_text;
-        if (strpos($encrypted_text, EE_Encryption::ACME_ENCRYPTION_FLAG) === false && $this->_use_mcrypt) {
-            return $this->m_decrypt($encrypted_text);
-        }
-        $key_bits = str_split(
-            str_pad('', strlen($encrypted_text), $this->get_encryption_key(), STR_PAD_RIGHT)
-        );
-        $string_bits = str_split($encrypted_text);
-        foreach ($string_bits as $k => $v) {
-            $temp = ord($v) - ord($key_bits[$k]);
-            $string_bits[$k] = chr($temp < 0 ? ($temp + 256) : $temp);
-        }
-        return implode('', $string_bits);
-    }
-
-
-
-    /**
-     * @see http://stackoverflow.com/questions/2556345/detect-base64-encoding-in-php#30231906
-     * @param $string
-     * @return bool
-     */
-    protected function valid_base_64($string)
-    {
-        // ensure data is a string
-        if (! is_string($string) || ! $this->_use_base64_encode) {
-            return false;
-        }
-        $decoded = base64_decode($string, true);
-        // Check if there is no invalid character in string
-        if (! preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) {
-            return false;
-        }
-        // Decode the string in strict mode and send the response
-        if (! base64_decode($string, true)) {
-            return false;
-        }
-        // Encode and compare it to original one
-        return base64_encode($decoded) === $string;
-    }
-
-
-
-    /**
-     * generate random string
-     *
-     * @see http://stackoverflow.com/questions/637278/what-is-the-best-way-to-generate-a-random-key-within-php
-     * @param int $length number of characters for random string
-     * @return string
-     */
-    public function generate_random_string($length = 40)
-    {
-        $iterations = ceil($length / 40);
-        $random_string = '';
-        for ($i = 0; $i < $iterations; $i++) {
-            $random_string .= sha1(microtime(true) . mt_rand(10000, 90000));
-        }
-        $random_string = substr($random_string, 0, $length);
-        return $random_string;
-    }
-
-
-
-    /**
-     * encrypts data using PHP's mcrypt functions
-     *
-     * @deprecated 4.9.39
-     * @param string $text_string
-     * @internal   param $string - the text to be encrypted
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function m_encrypt($text_string = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($text_string)) {
-            return $text_string;
-        }
-        // get the initialization vector size
-        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
-        // initialization vector
-        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
-        if ($iv === false) {
-            throw new RuntimeException(
-                esc_html__('Failed to generate mcrypt initialization vector.', 'event_espresso')
-            );
-        }
-        // encrypt it
-        $encrypted_text = mcrypt_encrypt(
-            MCRYPT_RIJNDAEL_256,
-            $this->get_encryption_key(),
-            $text_string,
-            MCRYPT_MODE_ECB,
-            $iv
-        );
-        // trim and maybe encode
-        return $this->_use_base64_encode
-            ? trim(base64_encode($encrypted_text))
-            : trim($encrypted_text);
-    }
-
-
-
-    /**
-     * decrypts data that has been encrypted with PHP's mcrypt functions
-     *
-     * @deprecated 4.9.39
-     * @param string $encrypted_text the text to be decrypted
-     * @return string
-     * @throws RuntimeException
-     */
-    protected function m_decrypt($encrypted_text = '')
-    {
-        // you give me nothing??? GET OUT !
-        if (empty($encrypted_text)) {
-            return $encrypted_text;
-        }
-        // decode
-        $encrypted_text = $this->valid_base_64($encrypted_text)
-            ? base64_decode($encrypted_text)
-            : $encrypted_text;
-        // get the initialization vector size
-        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
-        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
-        if ($iv === false) {
-            throw new RuntimeException(
-                esc_html__('Failed to generate mcrypt initialization vector.', 'event_espresso')
-            );
-        }
-        // decrypt it
-        $decrypted_text = mcrypt_decrypt(
-            MCRYPT_RIJNDAEL_256,
-            $this->get_encryption_key(),
-            $encrypted_text,
-            MCRYPT_MODE_ECB,
-            $iv
-        );
-        $decrypted_text = trim($decrypted_text);
-        return $decrypted_text;
-    }
+	/**
+	 * key used for saving the encryption key to the wp_options table
+	 */
+	const ENCRYPTION_OPTION_KEY = 'ee_encryption_key';
+
+	/**
+	 * the OPENSSL cipher method used
+	 */
+	const OPENSSL_CIPHER_METHOD = 'aes-256-ctr';
+
+	/**
+	 * the OPENSSL digest method used
+	 */
+	const OPENSSL_DIGEST_METHOD = 'sha512';
+
+	/**
+	 * separates the encrypted text from the initialization vector
+	 */
+	const OPENSSL_IV_DELIMITER = ':iv:';
+
+	/**
+	 * appended to text encrypted using the acme encryption
+	 */
+	const ACME_ENCRYPTION_FLAG = '::ae';
+
+
+
+	/**
+	 * instance of the EE_Encryption object
+	 */
+	protected static $_instance;
+
+	/**
+	 * @var string $_encryption_key
+	 */
+	protected $_encryption_key;
+
+	/**
+	 * @var boolean $_use_openssl_encrypt
+	 */
+	protected $_use_openssl_encrypt = false;
+
+	/**
+	 * @var boolean $_use_mcrypt
+	 */
+	protected $_use_mcrypt = false;
+
+	/**
+	 * @var boolean $_use_base64_encode
+	 */
+	protected $_use_base64_encode = false;
+
+
+
+	/**
+	 * protected constructor to prevent direct creation
+	 */
+	protected function __construct()
+	{
+		if (! defined('ESPRESSO_ENCRYPT')) {
+			define('ESPRESSO_ENCRYPT', true);
+		}
+		if (extension_loaded('openssl')) {
+			$this->_use_openssl_encrypt = true;
+		} else if (extension_loaded('mcrypt')) {
+			$this->_use_mcrypt = true;
+		}
+		if (function_exists('base64_encode')) {
+			$this->_use_base64_encode = true;
+		}
+	}
+
+
+
+	/**
+	 * singleton method used to instantiate class object
+	 *
+	 * @return EE_Encryption
+	 */
+	public static function instance()
+	{
+		// check if class object is instantiated
+		if (! self::$_instance instanceof EE_Encryption) {
+			self::$_instance = new self();
+		}
+		return self::$_instance;
+	}
+
+
+
+	/**
+	 * get encryption key
+	 *
+	 * @return string
+	 */
+	public function get_encryption_key()
+	{
+		// if encryption key has not been set
+		if (empty($this->_encryption_key)) {
+			// retrieve encryption_key from db
+			$this->_encryption_key = get_option(EE_Encryption::ENCRYPTION_OPTION_KEY, '');
+			// WHAT?? No encryption_key in the db ??
+			if ($this->_encryption_key === '') {
+				// let's make one. And md5 it to make it just the right size for a key
+				$new_key = md5($this->generate_random_string());
+				// now save it to the db for later
+				add_option(EE_Encryption::ENCRYPTION_OPTION_KEY, $new_key);
+				// here's the key - FINALLY !
+				$this->_encryption_key = $new_key;
+			}
+		}
+		return $this->_encryption_key;
+	}
+
+
+
+	/**
+	 * encrypts data
+	 *
+	 * @param string $text_string - the text to be encrypted
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function encrypt($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string)) {
+			return $text_string;
+		}
+		if ($this->_use_openssl_encrypt) {
+			$encrypted_text = $this->openssl_encrypt($text_string);
+		} else {
+			$encrypted_text = $this->acme_encrypt($text_string);
+		}
+		return $encrypted_text;
+	}
+
+
+
+	/**
+	 * decrypts data
+	 *
+	 * @param string $encrypted_text - the text to be decrypted
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	public function decrypt($encrypted_text = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encrypted_text)) {
+			return $encrypted_text;
+		}
+		// if PHP's mcrypt functions are installed then we'll use them
+		if ($this->_use_openssl_encrypt) {
+			$decrypted_text = $this->openssl_decrypt($encrypted_text);
+		} else {
+			$decrypted_text = $this->acme_decrypt($encrypted_text);
+		}
+		return $decrypted_text;
+	}
+
+
+
+	/**
+	 * encodes string with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $text_string the text to be encoded
+	 * @return string
+	 */
+	public function base64_string_encode($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string) || ! $this->_use_base64_encode) {
+			return $text_string;
+		}
+		// encode
+		return base64_encode($text_string);
+	}
+
+
+
+	/**
+	 * decodes string that has been encoded with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $encoded_string the text to be decoded
+	 * @return string
+	 */
+	public function base64_string_decode($encoded_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encoded_string) || ! $this->valid_base_64($encoded_string)) {
+			return $encoded_string;
+		}
+		// decode
+		return base64_decode($encoded_string);
+	}
+
+
+
+	/**
+	 * encodes  url string with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $text_string the text to be encoded
+	 * @return string
+	 */
+	public function base64_url_encode($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string) || ! $this->_use_base64_encode) {
+			return $text_string;
+		}
+		// encode
+		$encoded_string = base64_encode($text_string);
+		// remove chars to make encoding more URL friendly
+		return strtr($encoded_string, '+/=', '-_,');
+	}
+
+
+
+	/**
+	 * decodes  url string that has been encoded with PHP's base64 encoding
+	 *
+	 * @see http://php.net/manual/en/function.base64-encode.php
+	 * @param string $encoded_string the text to be decoded
+	 * @return string
+	 */
+	public function base64_url_decode($encoded_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encoded_string) || ! $this->valid_base_64($encoded_string)) {
+			return $encoded_string;
+		}
+		// replace previously removed characters
+		$encoded_string = strtr($encoded_string, '-_,', '+/=');
+		// decode
+		return base64_decode($encoded_string);
+	}
+
+
+
+	/**
+	 * encrypts data using PHP's openssl functions
+	 *
+	 * @param string $text_string the text to be encrypted
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function openssl_encrypt($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string)) {
+			return $text_string;
+		}
+		// get initialization vector size
+		$iv_size = openssl_cipher_iv_length(EE_Encryption::OPENSSL_CIPHER_METHOD);
+		// generate initialization vector
+		$iv = openssl_random_pseudo_bytes($iv_size, $is_strong);
+		if ($iv === false || $is_strong === false) {
+			throw new RuntimeException(
+				esc_html__('Failed to generate OpenSSL initialization vector.', 'event_espresso')
+			);
+		}
+		// encrypt it
+		$encrypted_text = openssl_encrypt(
+			$text_string,
+			EE_Encryption::OPENSSL_CIPHER_METHOD,
+			openssl_digest($this->get_encryption_key(), EE_Encryption::OPENSSL_DIGEST_METHOD),
+			0,
+			$iv
+		);
+		// append the initialization vector
+		$encrypted_text .= EE_Encryption::OPENSSL_IV_DELIMITER . $iv;
+		// trim and maybe encode
+		return $this->_use_base64_encode
+			? trim(base64_encode($encrypted_text))
+			: trim($encrypted_text);
+	}
+
+
+
+	/**
+	 * decrypts data that has been encrypted with PHP's openssl functions
+	 *
+	 * @param string $encrypted_text the text to be decrypted
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function openssl_decrypt($encrypted_text = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encrypted_text)) {
+			return $encrypted_text;
+		}
+		// decode
+		$encrypted_text = $this->valid_base_64($encrypted_text)
+			? base64_decode($encrypted_text)
+			: $encrypted_text;
+		$encrypted_components = explode(
+			EE_Encryption::OPENSSL_IV_DELIMITER,
+			$encrypted_text,
+			2
+		);
+		// check that iv exists, and if not, maybe text was encoded using mcrypt?
+		if (! isset($encrypted_components[1]) && $this->_use_mcrypt) {
+			return $this->m_decrypt($encrypted_text);
+		}
+		// decrypt it
+		$decrypted_text = openssl_decrypt(
+			$encrypted_components[0],
+			EE_Encryption::OPENSSL_CIPHER_METHOD,
+			openssl_digest($this->get_encryption_key(), EE_Encryption::OPENSSL_DIGEST_METHOD),
+			0,
+			$encrypted_components[1]
+		);
+		$decrypted_text = trim($decrypted_text);
+		return $decrypted_text;
+	}
+
+
+
+	/**
+	 * encrypts data for acme servers that didn't bother to install PHP mcrypt
+	 *
+	 * @see http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
+	 * @param string $text_string the text to be decrypted
+	 * @return string
+	 */
+	protected function acme_encrypt($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string)) {
+			return $text_string;
+		}
+		$key_bits = str_split(
+			str_pad('', strlen($text_string), $this->get_encryption_key(), STR_PAD_RIGHT)
+		);
+		$string_bits = str_split($text_string);
+		foreach ($string_bits as $k => $v) {
+			$temp = ord($v) + ord($key_bits[$k]);
+			$string_bits[$k] = chr($temp > 255 ? ($temp - 256) : $temp);
+		}
+		$encrypted_text = implode('', $string_bits);
+		$encrypted_text .= EE_Encryption::ACME_ENCRYPTION_FLAG;
+		return $this->_use_base64_encode
+			? base64_encode($encrypted_text)
+			: $encrypted_text;
+	}
+
+
+
+	/**
+	 * decrypts data for acme servers that didn't bother to install PHP mcrypt
+	 *
+	 * @see http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
+	 * @param string $encrypted_text the text to be decrypted
+	 * @return string
+	 */
+	protected function acme_decrypt($encrypted_text = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encrypted_text)) {
+			return $encrypted_text;
+		}
+		// decode the data ?
+		$encrypted_text = $this->valid_base_64($encrypted_text)
+			? base64_decode($encrypted_text)
+			: $encrypted_text;
+		if (strpos($encrypted_text, EE_Encryption::ACME_ENCRYPTION_FLAG) === false && $this->_use_mcrypt) {
+			return $this->m_decrypt($encrypted_text);
+		}
+		$key_bits = str_split(
+			str_pad('', strlen($encrypted_text), $this->get_encryption_key(), STR_PAD_RIGHT)
+		);
+		$string_bits = str_split($encrypted_text);
+		foreach ($string_bits as $k => $v) {
+			$temp = ord($v) - ord($key_bits[$k]);
+			$string_bits[$k] = chr($temp < 0 ? ($temp + 256) : $temp);
+		}
+		return implode('', $string_bits);
+	}
+
+
+
+	/**
+	 * @see http://stackoverflow.com/questions/2556345/detect-base64-encoding-in-php#30231906
+	 * @param $string
+	 * @return bool
+	 */
+	protected function valid_base_64($string)
+	{
+		// ensure data is a string
+		if (! is_string($string) || ! $this->_use_base64_encode) {
+			return false;
+		}
+		$decoded = base64_decode($string, true);
+		// Check if there is no invalid character in string
+		if (! preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) {
+			return false;
+		}
+		// Decode the string in strict mode and send the response
+		if (! base64_decode($string, true)) {
+			return false;
+		}
+		// Encode and compare it to original one
+		return base64_encode($decoded) === $string;
+	}
+
+
+
+	/**
+	 * generate random string
+	 *
+	 * @see http://stackoverflow.com/questions/637278/what-is-the-best-way-to-generate-a-random-key-within-php
+	 * @param int $length number of characters for random string
+	 * @return string
+	 */
+	public function generate_random_string($length = 40)
+	{
+		$iterations = ceil($length / 40);
+		$random_string = '';
+		for ($i = 0; $i < $iterations; $i++) {
+			$random_string .= sha1(microtime(true) . mt_rand(10000, 90000));
+		}
+		$random_string = substr($random_string, 0, $length);
+		return $random_string;
+	}
+
+
+
+	/**
+	 * encrypts data using PHP's mcrypt functions
+	 *
+	 * @deprecated 4.9.39
+	 * @param string $text_string
+	 * @internal   param $string - the text to be encrypted
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function m_encrypt($text_string = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($text_string)) {
+			return $text_string;
+		}
+		// get the initialization vector size
+		$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
+		// initialization vector
+		$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+		if ($iv === false) {
+			throw new RuntimeException(
+				esc_html__('Failed to generate mcrypt initialization vector.', 'event_espresso')
+			);
+		}
+		// encrypt it
+		$encrypted_text = mcrypt_encrypt(
+			MCRYPT_RIJNDAEL_256,
+			$this->get_encryption_key(),
+			$text_string,
+			MCRYPT_MODE_ECB,
+			$iv
+		);
+		// trim and maybe encode
+		return $this->_use_base64_encode
+			? trim(base64_encode($encrypted_text))
+			: trim($encrypted_text);
+	}
+
+
+
+	/**
+	 * decrypts data that has been encrypted with PHP's mcrypt functions
+	 *
+	 * @deprecated 4.9.39
+	 * @param string $encrypted_text the text to be decrypted
+	 * @return string
+	 * @throws RuntimeException
+	 */
+	protected function m_decrypt($encrypted_text = '')
+	{
+		// you give me nothing??? GET OUT !
+		if (empty($encrypted_text)) {
+			return $encrypted_text;
+		}
+		// decode
+		$encrypted_text = $this->valid_base_64($encrypted_text)
+			? base64_decode($encrypted_text)
+			: $encrypted_text;
+		// get the initialization vector size
+		$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
+		$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
+		if ($iv === false) {
+			throw new RuntimeException(
+				esc_html__('Failed to generate mcrypt initialization vector.', 'event_espresso')
+			);
+		}
+		// decrypt it
+		$decrypted_text = mcrypt_decrypt(
+			MCRYPT_RIJNDAEL_256,
+			$this->get_encryption_key(),
+			$encrypted_text,
+			MCRYPT_MODE_ECB,
+			$iv
+		);
+		$decrypted_text = trim($decrypted_text);
+		return $decrypted_text;
+	}
 
 }
 /* End of file EE_Encryption.class.php */

modules/bot_trap/EED_Bot_Trap.module.php

Indentation +292 added lines, -292 removed lines

@@ -17,323 +17,323 @@
 {
 
 
-    /**
-     * @return EED_Bot_Trap|EED_Module
-     */
-    public static function instance()
-    {
-        return parent::get_instance(__CLASS__);
-    }
+	/**
+	 * @return EED_Bot_Trap|EED_Module
+	 */
+	public static function instance()
+	{
+		return parent::get_instance(__CLASS__);
+	}
 
 
-    /**
-     * set_hooks - for hooking into EE Core, other modules, etc
-     *
-     * @return void
-     */
-    public static function set_hooks()
-    {
-        if (
-            apply_filters('FHEE__EED_Bot_Trap__set_hooks__use_bot_trap', true) &&
-            \EE_Registry::instance()->CFG->registration->use_bot_trap
-        ) {
-            \EED_Bot_Trap::set_trap();
-            // redirect bots to bogus success page
-            \EE_Config::register_route('ticket_selection_received', 'EED_Bot_Trap', 'display_bot_trap_success');
-        }
-    }
+	/**
+	 * set_hooks - for hooking into EE Core, other modules, etc
+	 *
+	 * @return void
+	 */
+	public static function set_hooks()
+	{
+		if (
+			apply_filters('FHEE__EED_Bot_Trap__set_hooks__use_bot_trap', true) &&
+			\EE_Registry::instance()->CFG->registration->use_bot_trap
+		) {
+			\EED_Bot_Trap::set_trap();
+			// redirect bots to bogus success page
+			\EE_Config::register_route('ticket_selection_received', 'EED_Bot_Trap', 'display_bot_trap_success');
+		}
+	}
 
 
-    /**
-     * set_hooks_admin - for hooking into EE Admin Core, other modules, etc
-     *
-     * @return void
-     */
-    public static function set_trap()
-    {
-        define('EE_BOT_TRAP_BASE_URL', plugin_dir_url(__FILE__) . DS);
-        add_action(
-            'AHEE__ticket_selector_chart__template__after_ticket_selector',
-            array('EED_Bot_Trap', 'generate_bot_trap'),
-            10, 2
-        );
-        add_action(
-            'EED_Ticket_Selector__process_ticket_selections__before',
-            array('EED_Bot_Trap', 'process_bot_trap'),
-            1, 2
-        );
-    }
+	/**
+	 * set_hooks_admin - for hooking into EE Admin Core, other modules, etc
+	 *
+	 * @return void
+	 */
+	public static function set_trap()
+	{
+		define('EE_BOT_TRAP_BASE_URL', plugin_dir_url(__FILE__) . DS);
+		add_action(
+			'AHEE__ticket_selector_chart__template__after_ticket_selector',
+			array('EED_Bot_Trap', 'generate_bot_trap'),
+			10, 2
+		);
+		add_action(
+			'EED_Ticket_Selector__process_ticket_selections__before',
+			array('EED_Bot_Trap', 'process_bot_trap'),
+			1, 2
+		);
+	}
 
 
-    /**
-     * set_hooks_admin - for hooking into EE Admin Core, other modules, etc
-     *
-     * @return void
-     */
-    public static function set_hooks_admin()
-    {
-        if (
-            defined('DOING_AJAX')
-            && DOING_AJAX
-            && apply_filters('FHEE__EED_Bot_Trap__set_hooks__use_bot_trap', true)
-            && \EE_Registry::instance()->CFG->registration->use_bot_trap
-        ) {
-            \EED_Bot_Trap::set_trap();
-        }
-        add_action(
-            'AHEE__Extend_Registration_Form_Admin_Page___reg_form_settings_template',
-            array('EED_Bot_Trap', 'bot_trap_settings_form'),
-            5
-        );
-        add_filter(
-            'FHEE__Extend_Registration_Form_Admin_Page___update_reg_form_settings__CFG_registration',
-            array('EED_Bot_Trap', 'update_bot_trap_settings_form'),
-            10, 1
-        );
-    }
+	/**
+	 * set_hooks_admin - for hooking into EE Admin Core, other modules, etc
+	 *
+	 * @return void
+	 */
+	public static function set_hooks_admin()
+	{
+		if (
+			defined('DOING_AJAX')
+			&& DOING_AJAX
+			&& apply_filters('FHEE__EED_Bot_Trap__set_hooks__use_bot_trap', true)
+			&& \EE_Registry::instance()->CFG->registration->use_bot_trap
+		) {
+			\EED_Bot_Trap::set_trap();
+		}
+		add_action(
+			'AHEE__Extend_Registration_Form_Admin_Page___reg_form_settings_template',
+			array('EED_Bot_Trap', 'bot_trap_settings_form'),
+			5
+		);
+		add_filter(
+			'FHEE__Extend_Registration_Form_Admin_Page___update_reg_form_settings__CFG_registration',
+			array('EED_Bot_Trap', 'update_bot_trap_settings_form'),
+			10, 1
+		);
+	}
 
 
-    /**
-     * run - initial module setup
-     *
-     * @param WP $WP
-     * @return void
-     */
-    public function run($WP)
-    {
-    }
+	/**
+	 * run - initial module setup
+	 *
+	 * @param WP $WP
+	 * @return void
+	 */
+	public function run($WP)
+	{
+	}
 
 
-    /**
-     * generate_bot_trap
-     *
-     * @return void
-     * @throws RuntimeException
-     */
-    public static function generate_bot_trap()
-    {
-        $do_not_enter = esc_html__('please do not enter anything in this input', 'event_espresso');
-        $time = microtime(true);
-        $html = '<div class="tkt-slctr-request-processor-dv" style="float:left; margin:0 0 0 -999em; height: 0;">';
-        $html .= '<label for="tkt-slctr-request-processor-email-' . $time . '">' . $do_not_enter . '</label>';
-        $html .= '<input type="email" id="tkt-slctr-request-processor-email-';
-        $html .= $time . '" name="tkt-slctr-request-processor-email" value=""/>';
-        $html .= '<input type="hidden" name="tkt-slctr-request-processor-token" value="';
-        if (EE_Registry::instance()->CFG->registration->use_encryption) {
-            EE_Registry::instance()->load_core('EE_Encryption');
-            $html .= EE_Encryption::instance()->encrypt($time);
-        } else {
-            $html .= $time;
-        }
-        $html .= '"/>';
-        $html .= '</div><!-- .tkt-slctr-request-processor-dv -->';
-        echo $html;
-    }
+	/**
+	 * generate_bot_trap
+	 *
+	 * @return void
+	 * @throws RuntimeException
+	 */
+	public static function generate_bot_trap()
+	{
+		$do_not_enter = esc_html__('please do not enter anything in this input', 'event_espresso');
+		$time = microtime(true);
+		$html = '<div class="tkt-slctr-request-processor-dv" style="float:left; margin:0 0 0 -999em; height: 0;">';
+		$html .= '<label for="tkt-slctr-request-processor-email-' . $time . '">' . $do_not_enter . '</label>';
+		$html .= '<input type="email" id="tkt-slctr-request-processor-email-';
+		$html .= $time . '" name="tkt-slctr-request-processor-email" value=""/>';
+		$html .= '<input type="hidden" name="tkt-slctr-request-processor-token" value="';
+		if (EE_Registry::instance()->CFG->registration->use_encryption) {
+			EE_Registry::instance()->load_core('EE_Encryption');
+			$html .= EE_Encryption::instance()->encrypt($time);
+		} else {
+			$html .= $time;
+		}
+		$html .= '"/>';
+		$html .= '</div><!-- .tkt-slctr-request-processor-dv -->';
+		echo $html;
+	}
 
 
-    /**
-     * process_bot_trap
-     *
-     * @param array|string $triggered_trap_callback Callback that will be executed for handling the
-     *                                              response if the bot trap is triggered.
-     *                                              It should receive one argument: a boolean indicating
-     *                                              whether the trap was triggered by suspicious timing or not.
-     * @throws RuntimeException
-     */
-    public static function process_bot_trap($triggered_trap_callback = array())
-    {
-        // what's your email address Mr. Bot ?
-        $empty_trap = isset($_REQUEST['tkt-slctr-request-processor-email'])
-            && $_REQUEST['tkt-slctr-request-processor-email'] === '';
-        // get encrypted timestamp for when the form was originally displayed
-        $bot_trap_timestamp = isset($_REQUEST['tkt-slctr-request-processor-token'])
-            ? sanitize_text_field($_REQUEST['tkt-slctr-request-processor-token'])
-            : '';
-        // decrypt and convert to absolute  integer
-        if (EE_Registry::instance()->CFG->registration->use_encryption) {
-            EE_Registry::instance()->load_core('EE_Encryption');
-            $bot_trap_timestamp = absint(EE_Encryption::instance()->decrypt($bot_trap_timestamp));
-        } else {
-            $bot_trap_timestamp = absint($bot_trap_timestamp);
-        }
-        // ticket form submitted too impossibly fast ( after now ) or more than an hour later ???
-        $suspicious_timing = $bot_trap_timestamp > time() || $bot_trap_timestamp < (time() - HOUR_IN_SECONDS);
-        // are we human ?
-        if ($empty_trap && !$suspicious_timing) {
-            do_action('AHEE__EED_Bot_Trap__process_bot_trap__trap_not_triggered');
-            return;
-        }
-        // check the given callback is valid first before executing
-        if (!is_callable($triggered_trap_callback)) {
-            // invalid callback so lets just sub in our default.
-            $triggered_trap_callback = array('EED_Bot_Trap', 'triggered_trap_response');
-        }
-        call_user_func($triggered_trap_callback, $suspicious_timing);
-    }
+	/**
+	 * process_bot_trap
+	 *
+	 * @param array|string $triggered_trap_callback Callback that will be executed for handling the
+	 *                                              response if the bot trap is triggered.
+	 *                                              It should receive one argument: a boolean indicating
+	 *                                              whether the trap was triggered by suspicious timing or not.
+	 * @throws RuntimeException
+	 */
+	public static function process_bot_trap($triggered_trap_callback = array())
+	{
+		// what's your email address Mr. Bot ?
+		$empty_trap = isset($_REQUEST['tkt-slctr-request-processor-email'])
+			&& $_REQUEST['tkt-slctr-request-processor-email'] === '';
+		// get encrypted timestamp for when the form was originally displayed
+		$bot_trap_timestamp = isset($_REQUEST['tkt-slctr-request-processor-token'])
+			? sanitize_text_field($_REQUEST['tkt-slctr-request-processor-token'])
+			: '';
+		// decrypt and convert to absolute  integer
+		if (EE_Registry::instance()->CFG->registration->use_encryption) {
+			EE_Registry::instance()->load_core('EE_Encryption');
+			$bot_trap_timestamp = absint(EE_Encryption::instance()->decrypt($bot_trap_timestamp));
+		} else {
+			$bot_trap_timestamp = absint($bot_trap_timestamp);
+		}
+		// ticket form submitted too impossibly fast ( after now ) or more than an hour later ???
+		$suspicious_timing = $bot_trap_timestamp > time() || $bot_trap_timestamp < (time() - HOUR_IN_SECONDS);
+		// are we human ?
+		if ($empty_trap && !$suspicious_timing) {
+			do_action('AHEE__EED_Bot_Trap__process_bot_trap__trap_not_triggered');
+			return;
+		}
+		// check the given callback is valid first before executing
+		if (!is_callable($triggered_trap_callback)) {
+			// invalid callback so lets just sub in our default.
+			$triggered_trap_callback = array('EED_Bot_Trap', 'triggered_trap_response');
+		}
+		call_user_func($triggered_trap_callback, $suspicious_timing);
+	}
 
 
-    /**
-     * This is the default callback executed by EED_Bot_Trap::process_bot_trap that handles the response.
-     *
-     * @param bool $suspicious_timing If true, then the bot trap was triggered due to the suspicious timing test.
-     */
-    public static function triggered_trap_response($suspicious_timing)
-    {
-        // UH OH...
-        $redirect_url = add_query_arg(
-            array('ee' => 'ticket_selection_received'),
-            EE_Registry::instance()->CFG->core->reg_page_url()
-        );
-        if ($suspicious_timing) {
-            $redirect_url = add_query_arg(
-                array(
-                    'ee-notice' => urlencode(
-                        esc_html__(
-                            'We\'re sorry, but your ticket selections could not be processed due to a server timing error. Please hit the back button on your browser and try again.',
-                            'event_espresso'
-                        )
-                    )
-                ),
-                $redirect_url
-            );
-        }
-        $redirect_url = apply_filters('FHEE__EED_Bot_Trap__process_bot_trap__redirect_url', $redirect_url);
-        // if AJAX, return the redirect URL
-        if (defined('DOING_AJAX') && DOING_AJAX) {
-            echo wp_json_encode(
-                array_merge(
-                    EE_Error::get_notices(false),
-                    array(
-                        'redirect_url' => $redirect_url
-                    )
-                )
-            );
-            exit();
-        }
-        wp_safe_redirect($redirect_url);
-        exit();
-    }
+	/**
+	 * This is the default callback executed by EED_Bot_Trap::process_bot_trap that handles the response.
+	 *
+	 * @param bool $suspicious_timing If true, then the bot trap was triggered due to the suspicious timing test.
+	 */
+	public static function triggered_trap_response($suspicious_timing)
+	{
+		// UH OH...
+		$redirect_url = add_query_arg(
+			array('ee' => 'ticket_selection_received'),
+			EE_Registry::instance()->CFG->core->reg_page_url()
+		);
+		if ($suspicious_timing) {
+			$redirect_url = add_query_arg(
+				array(
+					'ee-notice' => urlencode(
+						esc_html__(
+							'We\'re sorry, but your ticket selections could not be processed due to a server timing error. Please hit the back button on your browser and try again.',
+							'event_espresso'
+						)
+					)
+				),
+				$redirect_url
+			);
+		}
+		$redirect_url = apply_filters('FHEE__EED_Bot_Trap__process_bot_trap__redirect_url', $redirect_url);
+		// if AJAX, return the redirect URL
+		if (defined('DOING_AJAX') && DOING_AJAX) {
+			echo wp_json_encode(
+				array_merge(
+					EE_Error::get_notices(false),
+					array(
+						'redirect_url' => $redirect_url
+					)
+				)
+			);
+			exit();
+		}
+		wp_safe_redirect($redirect_url);
+		exit();
+	}
 
 
-    /**
-     * display_bot_trap_success
-     * shows a "success" screen to bots so that they (ie: the ppl managing them)
-     * think the form was submitted successfully
-     *
-     * @return void
-     */
-    public static function display_bot_trap_success()
-    {
-        add_filter('FHEE__EED_Single_Page_Checkout__run', '__return_false');
-        $bot_notice = esc_html__(
-            'Thank you so much. Your ticket selections have been received for consideration.',
-            'event_espresso'
-        );
-        $bot_notice = isset($_REQUEST['ee-notice']) && $_REQUEST['ee-notice'] !== ''
-            ? sanitize_text_field(stripslashes($_REQUEST['ee-notice']))
-            : $bot_notice;
-        EE_Registry::instance()->REQ->add_output(EEH_HTML::div($bot_notice, '', 'ee-attention'));
-    }
+	/**
+	 * display_bot_trap_success
+	 * shows a "success" screen to bots so that they (ie: the ppl managing them)
+	 * think the form was submitted successfully
+	 *
+	 * @return void
+	 */
+	public static function display_bot_trap_success()
+	{
+		add_filter('FHEE__EED_Single_Page_Checkout__run', '__return_false');
+		$bot_notice = esc_html__(
+			'Thank you so much. Your ticket selections have been received for consideration.',
+			'event_espresso'
+		);
+		$bot_notice = isset($_REQUEST['ee-notice']) && $_REQUEST['ee-notice'] !== ''
+			? sanitize_text_field(stripslashes($_REQUEST['ee-notice']))
+			: $bot_notice;
+		EE_Registry::instance()->REQ->add_output(EEH_HTML::div($bot_notice, '', 'ee-attention'));
+	}
 
 
 
-    /***********************************    ADMIN    **********************************/
+	/***********************************    ADMIN    **********************************/
 
 
-    /**
-     * bot_trap_settings_form
-     *
-     * @return void
-     * @throws EE_Error
-     */
-    public static function bot_trap_settings_form()
-    {
-        EED_Bot_Trap::_bot_trap_settings_form()->enqueue_js();
-        echo EED_Bot_Trap::_bot_trap_settings_form()->get_html();
-    }
+	/**
+	 * bot_trap_settings_form
+	 *
+	 * @return void
+	 * @throws EE_Error
+	 */
+	public static function bot_trap_settings_form()
+	{
+		EED_Bot_Trap::_bot_trap_settings_form()->enqueue_js();
+		echo EED_Bot_Trap::_bot_trap_settings_form()->get_html();
+	}
 
 
-    /**
-     * _bot_trap_settings_form
-     *
-     * @return EE_Form_Section_Proper
-     * @throws EE_Error
-     */
-    protected static function _bot_trap_settings_form()
-    {
-        return new EE_Form_Section_Proper(
-            array(
-                'name' => 'bot_trap_settings',
-                'html_id' => 'bot_trap_settings',
-                'layout_strategy' => new EE_Admin_Two_Column_Layout(),
-                'subsections' => array(
-                    'bot_trap_hdr' => new EE_Form_Section_HTML(EEH_HTML::h2(esc_html__('Bot Trap Settings', 'event_espresso'))),
-                    'use_bot_trap' => new EE_Yes_No_Input(
-                        array(
-                            'html_label_text' => esc_html__('Enable Bot Trap', 'event_espresso'),
-                            'html_help_text' => esc_html__('The Event Espresso Bot Trap will insert a fake input into your Ticket Selector forms that is hidden from regular site visitors, but visible to spam bots. Because the input asks for an email address, it is irresistible to spam bots who will of course enter text into it. Since regular site visitors can not see this input, any value detected during form submission means a bot has been detected, which will then be blocked from submitting the form.', 'event_espresso'),
-                            'default' => EE_Registry::instance()->CFG->registration->use_bot_trap !== null
-                                ? EE_Registry::instance()->CFG->registration->use_bot_trap
-                                : true,
-                            'required' => false
-                        )
-                    ),
-                    'use_encryption' => new EE_Yes_No_Input(
-                        array(
-                            'html_label_text' => esc_html__('Encrypt Bot Trap Data', 'event_espresso'),
-                            'html_help_text' => esc_html__(
-                                'One way to detect spam bots is by looking at how long it takes them to submit a form. They are often inhumanly fast, or will submit forms hours, days, or even weeks after the form was first scraped off the web. The Event Espresso Bot Trap will send a timestamp with the Ticket Selector form when it is submitted. By default, this timestamp is encrypted so that the spam bots can not change it, but encryption may cause issues on some servers due to configuration "conflicts". If you continuously get caught in the bot trap, then try setting this option to "No". This may increase the number of spam submissions you receive, but increases server compatibility.',
-                                'event_espresso'
-                            ),
-                            'default' => EE_Registry::instance()->CFG->registration->use_encryption !== null
-                                ? EE_Registry::instance()->CFG->registration->use_encryption
-                                : true,
-                            'required' => false
-                        )
-                    ),
-                )
-            )
-        );
-    }
+	/**
+	 * _bot_trap_settings_form
+	 *
+	 * @return EE_Form_Section_Proper
+	 * @throws EE_Error
+	 */
+	protected static function _bot_trap_settings_form()
+	{
+		return new EE_Form_Section_Proper(
+			array(
+				'name' => 'bot_trap_settings',
+				'html_id' => 'bot_trap_settings',
+				'layout_strategy' => new EE_Admin_Two_Column_Layout(),
+				'subsections' => array(
+					'bot_trap_hdr' => new EE_Form_Section_HTML(EEH_HTML::h2(esc_html__('Bot Trap Settings', 'event_espresso'))),
+					'use_bot_trap' => new EE_Yes_No_Input(
+						array(
+							'html_label_text' => esc_html__('Enable Bot Trap', 'event_espresso'),
+							'html_help_text' => esc_html__('The Event Espresso Bot Trap will insert a fake input into your Ticket Selector forms that is hidden from regular site visitors, but visible to spam bots. Because the input asks for an email address, it is irresistible to spam bots who will of course enter text into it. Since regular site visitors can not see this input, any value detected during form submission means a bot has been detected, which will then be blocked from submitting the form.', 'event_espresso'),
+							'default' => EE_Registry::instance()->CFG->registration->use_bot_trap !== null
+								? EE_Registry::instance()->CFG->registration->use_bot_trap
+								: true,
+							'required' => false
+						)
+					),
+					'use_encryption' => new EE_Yes_No_Input(
+						array(
+							'html_label_text' => esc_html__('Encrypt Bot Trap Data', 'event_espresso'),
+							'html_help_text' => esc_html__(
+								'One way to detect spam bots is by looking at how long it takes them to submit a form. They are often inhumanly fast, or will submit forms hours, days, or even weeks after the form was first scraped off the web. The Event Espresso Bot Trap will send a timestamp with the Ticket Selector form when it is submitted. By default, this timestamp is encrypted so that the spam bots can not change it, but encryption may cause issues on some servers due to configuration "conflicts". If you continuously get caught in the bot trap, then try setting this option to "No". This may increase the number of spam submissions you receive, but increases server compatibility.',
+								'event_espresso'
+							),
+							'default' => EE_Registry::instance()->CFG->registration->use_encryption !== null
+								? EE_Registry::instance()->CFG->registration->use_encryption
+								: true,
+							'required' => false
+						)
+					),
+				)
+			)
+		);
+	}
 
 
-    /**
-     * update_bot_trap_settings_form
-     *
-     * @param EE_Registration_Config $EE_Registration_Config
-     * @return EE_Registration_Config
-     * @throws ReflectionException
-     * @throws EE_Error
-     */
-    public static function update_bot_trap_settings_form(EE_Registration_Config $EE_Registration_Config)
-    {
-        try {
-            $bot_trap_settings_form = EED_Bot_Trap::_bot_trap_settings_form();
-            // if not displaying a form, then check for form submission
-            if ($bot_trap_settings_form->was_submitted()) {
-                // capture form data
-                $bot_trap_settings_form->receive_form_submission();
-                // validate form data
-                if ($bot_trap_settings_form->is_valid()) {
-                    // grab validated data from form
-                    $valid_data = $bot_trap_settings_form->valid_data();
-                    if (isset($valid_data['use_bot_trap'], $valid_data['use_encryption'])) {
-                        $EE_Registration_Config->use_bot_trap = $valid_data['use_bot_trap'];
-                        $EE_Registration_Config->use_encryption = $valid_data['use_encryption'];
-                    } else {
-                        EE_Error::add_error(esc_html__('Invalid or missing Bot Trap settings. Please refresh the form and try again.', 'event_espresso'), __FILE__, __FUNCTION__, __LINE__);
-                    }
-                } else {
-                    if ($bot_trap_settings_form->submission_error_message() !== '') {
-                        EE_Error::add_error($bot_trap_settings_form->submission_error_message(), __FILE__, __FUNCTION__, __LINE__);
-                    }
-                }
-            }
-        } catch (EE_Error $e) {
-            $e->get_error();
-        }
-        return $EE_Registration_Config;
-    }
+	/**
+	 * update_bot_trap_settings_form
+	 *
+	 * @param EE_Registration_Config $EE_Registration_Config
+	 * @return EE_Registration_Config
+	 * @throws ReflectionException
+	 * @throws EE_Error
+	 */
+	public static function update_bot_trap_settings_form(EE_Registration_Config $EE_Registration_Config)
+	{
+		try {
+			$bot_trap_settings_form = EED_Bot_Trap::_bot_trap_settings_form();
+			// if not displaying a form, then check for form submission
+			if ($bot_trap_settings_form->was_submitted()) {
+				// capture form data
+				$bot_trap_settings_form->receive_form_submission();
+				// validate form data
+				if ($bot_trap_settings_form->is_valid()) {
+					// grab validated data from form
+					$valid_data = $bot_trap_settings_form->valid_data();
+					if (isset($valid_data['use_bot_trap'], $valid_data['use_encryption'])) {
+						$EE_Registration_Config->use_bot_trap = $valid_data['use_bot_trap'];
+						$EE_Registration_Config->use_encryption = $valid_data['use_encryption'];
+					} else {
+						EE_Error::add_error(esc_html__('Invalid or missing Bot Trap settings. Please refresh the form and try again.', 'event_espresso'), __FILE__, __FUNCTION__, __LINE__);
+					}
+				} else {
+					if ($bot_trap_settings_form->submission_error_message() !== '') {
+						EE_Error::add_error($bot_trap_settings_form->submission_error_message(), __FILE__, __FUNCTION__, __LINE__);
+					}
+				}
+			}
+		} catch (EE_Error $e) {
+			$e->get_error();
+		}
+		return $EE_Registration_Config;
+	}
 
 
 }

Spacing +5 added lines, -5 removed lines

@@ -51,7 +51,7 @@ 
      */
     public static function set_trap()
     {
-        define('EE_BOT_TRAP_BASE_URL', plugin_dir_url(__FILE__) . DS);
+        define('EE_BOT_TRAP_BASE_URL', plugin_dir_url(__FILE__).DS);
         add_action(
             'AHEE__ticket_selector_chart__template__after_ticket_selector',
             array('EED_Bot_Trap', 'generate_bot_trap'),
@@ -115,9 +115,9 @@ 
         $do_not_enter = esc_html__('please do not enter anything in this input', 'event_espresso');
         $time = microtime(true);
         $html = '<div class="tkt-slctr-request-processor-dv" style="float:left; margin:0 0 0 -999em; height: 0;">';
-        $html .= '<label for="tkt-slctr-request-processor-email-' . $time . '">' . $do_not_enter . '</label>';
+        $html .= '<label for="tkt-slctr-request-processor-email-'.$time.'">'.$do_not_enter.'</label>';
         $html .= '<input type="email" id="tkt-slctr-request-processor-email-';
-        $html .= $time . '" name="tkt-slctr-request-processor-email" value=""/>';
+        $html .= $time.'" name="tkt-slctr-request-processor-email" value=""/>';
         $html .= '<input type="hidden" name="tkt-slctr-request-processor-token" value="';
         if (EE_Registry::instance()->CFG->registration->use_encryption) {
             EE_Registry::instance()->load_core('EE_Encryption');
@@ -159,12 +159,12 @@ 
         // ticket form submitted too impossibly fast ( after now ) or more than an hour later ???
         $suspicious_timing = $bot_trap_timestamp > time() || $bot_trap_timestamp < (time() - HOUR_IN_SECONDS);
         // are we human ?
-        if ($empty_trap && !$suspicious_timing) {
+        if ($empty_trap && ! $suspicious_timing) {
             do_action('AHEE__EED_Bot_Trap__process_bot_trap__trap_not_triggered');
             return;
         }
         // check the given callback is valid first before executing
-        if (!is_callable($triggered_trap_callback)) {
+        if ( ! is_callable($triggered_trap_callback)) {
             // invalid callback so lets just sub in our default.
             $triggered_trap_callback = array('EED_Bot_Trap', 'triggered_trap_response');
         }