| Server IP : 178.212.43.201 / Your IP : 10.100.0.33 Web Server : Apache/2.4.37 (Oracle Linux Server) OpenSSL/1.1.1k System : Linux spa0007.srv.paxillus.pl 5.4.17-2136.355.3.1.el8uek.x86_64 #3 SMP Sat May 9 17:11:55 PDT 2026 x86_64 User : apache ( 48) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/www/html/paxillus/wp-content/plugins/cloudflare/src/ |
Upload File : |
<?php
namespace Cloudflare\APO;
class SecurityUtil
{
/**
* @return bool|string
*/
public static function generate16bytesOfSecureRandomData()
{
if (function_exists('random_bytes')) {
$randBytes = random_bytes(16);
} elseif (function_exists('openssl_random_pseudo_bytes')) {
$wasItSecure = false;
$randBytes = openssl_random_pseudo_bytes(16, $wasItSecure);
if ($wasItSecure === false) {
return false;
}
} else {
return false;
}
return bin2hex($randBytes);
}
/**
* @param $secret - string a cryptographically strong secret
* @param $user - string a piece of unique user data
* @param $timeValidUntil - int of time the token will be valid for in seconds
*
* @return string
*/
public static function csrfTokenGenerate($secret, $user, $timeValidUntil = null)
{
if ($timeValidUntil === null) {
$timeValidUntil = time() + 86400;
}
$hashedSecret = hash('sha512', $secret);
$dataToHash = sprintf('%s-%s-%s', $hashedSecret, $user, $timeValidUntil);
$hashedData = static::hashFunction($dataToHash);
return sprintf('%s-%s', $timeValidUntil, $hashedData);
}
/**
* @param $secret - string a cryptographically strong secret
* @param $user - string a piece of unique user data
* @param $token- string the token that needs to be validated.
*
* @return bool
*/
public static function csrfTokenValidate($secret, $user, $token)
{
$tokenParts = explode('-', $token);
if (count($tokenParts) !== 2) {
return false;
}
list($timeValidFor, $hash) = $tokenParts;
$hashedSecret = hash('sha512', $secret);
$dataToHash = sprintf('%s-%s-%s', $hashedSecret, $user, $timeValidFor);
$newHash = static::hashFunction($dataToHash);
if ($newHash !== $hash) {
return false;
}
if (time() > $timeValidFor) {
return false;
}
return true;
}
/**
* @param $data - string the data that will be hashed.
*
* @return string
*/
private static function hashFunction($data)
{
$hash = hash('sha512', $data);
return substr($hash, 64);
}
}