Edit File by line
/home/zeestwma/richards.../wp-conte.../plugins/wpforms-.../src/Integrat.../LiteConn...
File: API.php
<?php
[0] Fix | Delete
[1] Fix | Delete
namespace WPForms\Integrations\LiteConnect;
[2] Fix | Delete
[3] Fix | Delete
use WPForms\Helpers\Transient;
[4] Fix | Delete
[5] Fix | Delete
/**
[6] Fix | Delete
* Class API.
[7] Fix | Delete
*
[8] Fix | Delete
* @since 1.7.4
[9] Fix | Delete
*/
[10] Fix | Delete
class API {
[11] Fix | Delete
[12] Fix | Delete
/**
[13] Fix | Delete
* Option name.
[14] Fix | Delete
*
[15] Fix | Delete
* @since 1.7.4
[16] Fix | Delete
*
[17] Fix | Delete
* @var string
[18] Fix | Delete
*/
[19] Fix | Delete
const LITE_CONNECT_OPTION = 'wpforms_lite_connect';
[20] Fix | Delete
[21] Fix | Delete
/**
[22] Fix | Delete
* Staging option name.
[23] Fix | Delete
*
[24] Fix | Delete
* @since 1.7.4
[25] Fix | Delete
*
[26] Fix | Delete
* @var string
[27] Fix | Delete
*/
[28] Fix | Delete
const STAGING_LITE_CONNECT_OPTION = 'wpforms_lite_connect_staging';
[29] Fix | Delete
[30] Fix | Delete
/**
[31] Fix | Delete
* Lite Connect API URL.
[32] Fix | Delete
*
[33] Fix | Delete
* @since 1.7.4
[34] Fix | Delete
*
[35] Fix | Delete
* @var string
[36] Fix | Delete
*/
[37] Fix | Delete
const API_URL = 'https://wpformsliteconnect.com';
[38] Fix | Delete
[39] Fix | Delete
/**
[40] Fix | Delete
* Lite Connect staging API URL.
[41] Fix | Delete
*
[42] Fix | Delete
* @since 1.7.4
[43] Fix | Delete
*
[44] Fix | Delete
* @var string
[45] Fix | Delete
*/
[46] Fix | Delete
const STAGING_API_URL = 'https://staging.wpformsliteconnect.com';
[47] Fix | Delete
[48] Fix | Delete
/**
[49] Fix | Delete
* Lite Connect generate_site_key() lock transient name.
[50] Fix | Delete
*
[51] Fix | Delete
* @since 1.7.4
[52] Fix | Delete
*
[53] Fix | Delete
* @var string
[54] Fix | Delete
*/
[55] Fix | Delete
const LITE_CONNECT_SITE_KEY_LOCK = 'lite_connect_site_key_lock';
[56] Fix | Delete
[57] Fix | Delete
/**
[58] Fix | Delete
* Lite Connect generate_access_token() lock transient name.
[59] Fix | Delete
*
[60] Fix | Delete
* @since 1.7.4
[61] Fix | Delete
*/
[62] Fix | Delete
const LITE_CONNECT_ACCESS_TOKEN_LOCK = 'lite_connect_access_token_lock';
[63] Fix | Delete
[64] Fix | Delete
/**
[65] Fix | Delete
* Lite Connect create_not_logged_in_nonce() action.
[66] Fix | Delete
*
[67] Fix | Delete
* @since 1.7.4
[68] Fix | Delete
*
[69] Fix | Delete
* @var string
[70] Fix | Delete
*/
[71] Fix | Delete
const KEY_NONCE_ACTION = 'lite_connect_key_action';
[72] Fix | Delete
[73] Fix | Delete
/**
[74] Fix | Delete
* Max number of attempts for generate_site_key().
[75] Fix | Delete
*
[76] Fix | Delete
* @since 1.7.5
[77] Fix | Delete
*
[78] Fix | Delete
* @var integer
[79] Fix | Delete
*/
[80] Fix | Delete
const MAX_GENERATE_KEY_ATTEMPTS = 20;
[81] Fix | Delete
[82] Fix | Delete
/**
[83] Fix | Delete
* Generate key attempt counter.
[84] Fix | Delete
*
[85] Fix | Delete
* @since 1.7.5
[86] Fix | Delete
*
[87] Fix | Delete
* @var string
[88] Fix | Delete
*/
[89] Fix | Delete
const GENERATE_KEY_ATTEMPT_COUNTER_OPTION = 'wpforms_lite_connect_generate_key_attempt_counter';
[90] Fix | Delete
[91] Fix | Delete
/**
[92] Fix | Delete
* Lite Connect API URL.
[93] Fix | Delete
*
[94] Fix | Delete
* @since 1.7.4
[95] Fix | Delete
*
[96] Fix | Delete
* @var string
[97] Fix | Delete
*/
[98] Fix | Delete
protected $api_url;
[99] Fix | Delete
[100] Fix | Delete
/**
[101] Fix | Delete
* The site domain.
[102] Fix | Delete
*
[103] Fix | Delete
* @since 1.7.4
[104] Fix | Delete
*
[105] Fix | Delete
* @var string
[106] Fix | Delete
*/
[107] Fix | Delete
protected $domain;
[108] Fix | Delete
[109] Fix | Delete
/**
[110] Fix | Delete
* The site ID.
[111] Fix | Delete
*
[112] Fix | Delete
* @since 1.7.4
[113] Fix | Delete
*
[114] Fix | Delete
* @var string
[115] Fix | Delete
*/
[116] Fix | Delete
protected $site_id;
[117] Fix | Delete
[118] Fix | Delete
/**
[119] Fix | Delete
* API constructor.
[120] Fix | Delete
*
[121] Fix | Delete
* @since 1.7.4
[122] Fix | Delete
*/
[123] Fix | Delete
public function __construct() {
[124] Fix | Delete
[125] Fix | Delete
// Get the domain name.
[126] Fix | Delete
// Strip protocol `http(s)://` and `www.` from the site URL.
[127] Fix | Delete
$this->domain = preg_replace( '/(https?:\/\/)?(www\.)?(.*)\/?/', '$3', home_url() );
[128] Fix | Delete
[129] Fix | Delete
$this->api_url = self::API_URL;
[130] Fix | Delete
[131] Fix | Delete
if ( defined( 'WPFORMS_LITE_CONNECT_STAGING' ) && WPFORMS_LITE_CONNECT_STAGING ) {
[132] Fix | Delete
$this->api_url = self::STAGING_API_URL;
[133] Fix | Delete
}
[134] Fix | Delete
[135] Fix | Delete
$this->set_site_id();
[136] Fix | Delete
}
[137] Fix | Delete
[138] Fix | Delete
/**
[139] Fix | Delete
* Generate the site key.
[140] Fix | Delete
*
[141] Fix | Delete
* @since 1.7.4
[142] Fix | Delete
*
[143] Fix | Delete
* @return false
[144] Fix | Delete
*/
[145] Fix | Delete
protected function generate_site_key() {
[146] Fix | Delete
[147] Fix | Delete
if ( $this->is_max_generate_key_attempts_reached() ) {
[148] Fix | Delete
return false;
[149] Fix | Delete
}
[150] Fix | Delete
[151] Fix | Delete
if ( Transient::get( self::LITE_CONNECT_SITE_KEY_LOCK ) ) {
[152] Fix | Delete
return false;
[153] Fix | Delete
}
[154] Fix | Delete
[155] Fix | Delete
Transient::set( self::LITE_CONNECT_SITE_KEY_LOCK, true, MINUTE_IN_SECONDS );
[156] Fix | Delete
[157] Fix | Delete
$admin_email = Integration::get_enabled_email();
[158] Fix | Delete
$user = get_user_by( 'email', $admin_email );
[159] Fix | Delete
$data = [
[160] Fix | Delete
'domain' => $this->domain,
[161] Fix | Delete
'admin_email' => $admin_email,
[162] Fix | Delete
'first_name' => ! empty( $user->first_name ) ? $user->first_name : '',
[163] Fix | Delete
'last_name' => ! empty( $user->last_name ) ? $user->last_name : '',
[164] Fix | Delete
'nonce' => $this->create_not_logged_in_nonce(),
[165] Fix | Delete
'callback' => add_query_arg( [ LiteConnect::AUTH_KEY_ARG => '' ], trailingslashit( home_url() ) ),
[166] Fix | Delete
];
[167] Fix | Delete
[168] Fix | Delete
$response = $this->request(
[169] Fix | Delete
'/auth/key',
[170] Fix | Delete
$data
[171] Fix | Delete
);
[172] Fix | Delete
[173] Fix | Delete
if ( $response !== false ) {
[174] Fix | Delete
Transient::delete( self::LITE_CONNECT_SITE_KEY_LOCK );
[175] Fix | Delete
}
[176] Fix | Delete
[177] Fix | Delete
$this->update_generate_key_attempts_count();
[178] Fix | Delete
[179] Fix | Delete
// At this point, we do not have the site key.
[180] Fix | Delete
// It will be sent to us in the 'wpforms/auth/key/nonce' callback.
[181] Fix | Delete
return false;
[182] Fix | Delete
}
[183] Fix | Delete
[184] Fix | Delete
/**
[185] Fix | Delete
* Generate the access token.
[186] Fix | Delete
*
[187] Fix | Delete
* @since 1.7.4
[188] Fix | Delete
*
[189] Fix | Delete
* @param string $site_key The site key.
[190] Fix | Delete
*
[191] Fix | Delete
* @return false|string
[192] Fix | Delete
*/
[193] Fix | Delete
protected function generate_access_token( $site_key ) {
[194] Fix | Delete
[195] Fix | Delete
// Verify if an access token is already being generated.
[196] Fix | Delete
if ( Transient::get( self::LITE_CONNECT_ACCESS_TOKEN_LOCK ) ) {
[197] Fix | Delete
return false;
[198] Fix | Delete
}
[199] Fix | Delete
[200] Fix | Delete
// Set a lock to avoid multiple requests to generate the access token.
[201] Fix | Delete
Transient::set( self::LITE_CONNECT_ACCESS_TOKEN_LOCK, true, MINUTE_IN_SECONDS );
[202] Fix | Delete
[203] Fix | Delete
$response = $this->request(
[204] Fix | Delete
'/auth/access_token',
[205] Fix | Delete
[
[206] Fix | Delete
'domain' => $this->domain,
[207] Fix | Delete
'site_id' => $this->site_id,
[208] Fix | Delete
'wp_version' => get_bloginfo( 'version' ),
[209] Fix | Delete
],
[210] Fix | Delete
[
[211] Fix | Delete
'X-WPForms-Lite-Connect-Site-Key' => $site_key,
[212] Fix | Delete
]
[213] Fix | Delete
);
[214] Fix | Delete
[215] Fix | Delete
if ( $response && strpos( $response, '{"error":' ) === false ) {
[216] Fix | Delete
// Delete lock.
[217] Fix | Delete
Transient::delete( self::LITE_CONNECT_ACCESS_TOKEN_LOCK );
[218] Fix | Delete
}
[219] Fix | Delete
[220] Fix | Delete
return $response;
[221] Fix | Delete
}
[222] Fix | Delete
[223] Fix | Delete
/**
[224] Fix | Delete
* Add an entry to the Lite Connect API.
[225] Fix | Delete
*
[226] Fix | Delete
* @since 1.7.4
[227] Fix | Delete
*
[228] Fix | Delete
* @param string $access_token The access token.
[229] Fix | Delete
* @param int $form_id The form ID.
[230] Fix | Delete
* @param string $entry_data The entry data.
[231] Fix | Delete
*
[232] Fix | Delete
* @return false|string
[233] Fix | Delete
*/
[234] Fix | Delete
public function add_form_entry( $access_token, $form_id, $entry_data ) {
[235] Fix | Delete
[236] Fix | Delete
return $this->request(
[237] Fix | Delete
'/storage/entries',
[238] Fix | Delete
[
[239] Fix | Delete
'site_id' => $this->site_id,
[240] Fix | Delete
'form_id' => $form_id,
[241] Fix | Delete
'data' => $entry_data,
[242] Fix | Delete
],
[243] Fix | Delete
[
[244] Fix | Delete
'X-WPForms-Lite-Connect-Access-Token' => $access_token,
[245] Fix | Delete
]
[246] Fix | Delete
);
[247] Fix | Delete
}
[248] Fix | Delete
[249] Fix | Delete
/**
[250] Fix | Delete
* Send a request to the Lite Connect API.
[251] Fix | Delete
*
[252] Fix | Delete
* @since 1.7.4
[253] Fix | Delete
*
[254] Fix | Delete
* @param string $uri The request's URI.
[255] Fix | Delete
* @param array $body The request's body.
[256] Fix | Delete
* @param array $headers The HTTP headers.
[257] Fix | Delete
*
[258] Fix | Delete
* @return false|string
[259] Fix | Delete
*/
[260] Fix | Delete
protected function request( $uri, $body, $headers = [] ) {
[261] Fix | Delete
[262] Fix | Delete
$url = $this->api_url . $uri;
[263] Fix | Delete
$user_agent = 'WPForms/' . WPFORMS_VERSION . '; ' . home_url();
[264] Fix | Delete
[265] Fix | Delete
/**
[266] Fix | Delete
* Allow to filter Lite Connect request timeout.
[267] Fix | Delete
*
[268] Fix | Delete
* @since 1.8.8
[269] Fix | Delete
*
[270] Fix | Delete
* @param int $timeout Timeout value in seconds.
[271] Fix | Delete
*/
[272] Fix | Delete
$timeout = (int) apply_filters( 'wpforms_integrations_lite_connect_api_request_timeout', 60 );
[273] Fix | Delete
[274] Fix | Delete
$response = wp_remote_post(
[275] Fix | Delete
$url,
[276] Fix | Delete
[
[277] Fix | Delete
'method' => 'POST',
[278] Fix | Delete
'timeout' => $timeout,
[279] Fix | Delete
'headers' => $headers,
[280] Fix | Delete
'body' => $body,
[281] Fix | Delete
'user-agent' => $user_agent,
[282] Fix | Delete
]
[283] Fix | Delete
);
[284] Fix | Delete
[285] Fix | Delete
if (
[286] Fix | Delete
is_wp_error( $response ) ||
[287] Fix | Delete
(
[288] Fix | Delete
isset( $response['response']['code'] ) &&
[289] Fix | Delete
(int) $response['response']['code'] !== 200
[290] Fix | Delete
)
[291] Fix | Delete
) {
[292] Fix | Delete
if ( ! is_wp_error( $response ) ) {
[293] Fix | Delete
unset( $response['headers'], $response['http_response'], $response['cookies'], $response['filename'] );
[294] Fix | Delete
}
[295] Fix | Delete
[296] Fix | Delete
$args = [
[297] Fix | Delete
'type' => [ 'error' ],
[298] Fix | Delete
];
[299] Fix | Delete
[300] Fix | Delete
if ( isset( $body['form_id'] ) ) {
[301] Fix | Delete
$args['form_id'] = $body['form_id'];
[302] Fix | Delete
}
[303] Fix | Delete
[304] Fix | Delete
wpforms_log(
[305] Fix | Delete
'Lite Connect: remote API request error',
[306] Fix | Delete
[
[307] Fix | Delete
'response' => $response,
[308] Fix | Delete
'request' => [
[309] Fix | Delete
'url' => $url,
[310] Fix | Delete
'body' => $this->prepare_log_data( $body ),
[311] Fix | Delete
'headers' => $this->prepare_log_data( $headers ),
[312] Fix | Delete
'user-agent' => $user_agent,
[313] Fix | Delete
],
[314] Fix | Delete
],
[315] Fix | Delete
$args
[316] Fix | Delete
);
[317] Fix | Delete
}
[318] Fix | Delete
[319] Fix | Delete
if ( is_wp_error( $response ) ) {
[320] Fix | Delete
return false;
[321] Fix | Delete
}
[322] Fix | Delete
[323] Fix | Delete
return wp_remote_retrieve_body( $response );
[324] Fix | Delete
}
[325] Fix | Delete
[326] Fix | Delete
/**
[327] Fix | Delete
* Prepare data for logging.
[328] Fix | Delete
*
[329] Fix | Delete
* @since 1.7.4
[330] Fix | Delete
*
[331] Fix | Delete
* @param mixed $data Data to log.
[332] Fix | Delete
*
[333] Fix | Delete
* @return mixed
[334] Fix | Delete
*/
[335] Fix | Delete
private function prepare_log_data( $data ) {
[336] Fix | Delete
[337] Fix | Delete
$asterisks = '***';
[338] Fix | Delete
[339] Fix | Delete
if ( ! empty( $data['X-WPForms-Lite-Connect-Access-Token'] ) ) {
[340] Fix | Delete
$data['X-WPForms-Lite-Connect-Access-Token'] = $asterisks;
[341] Fix | Delete
}
[342] Fix | Delete
[343] Fix | Delete
if ( ! empty( $data['X-WPForms-Lite-Connect-Site-Key'] ) ) {
[344] Fix | Delete
$data['X-WPForms-Lite-Connect-Site-Key'] = $asterisks;
[345] Fix | Delete
}
[346] Fix | Delete
[347] Fix | Delete
if ( ! empty( $data['nonce'] ) ) {
[348] Fix | Delete
$data['nonce'] = $asterisks;
[349] Fix | Delete
}
[350] Fix | Delete
[351] Fix | Delete
return $data;
[352] Fix | Delete
}
[353] Fix | Delete
[354] Fix | Delete
/**
[355] Fix | Delete
* Get debug setting.
[356] Fix | Delete
*
[357] Fix | Delete
* @since 1.7.4
[358] Fix | Delete
*
[359] Fix | Delete
* @param string $name Setting name.
[360] Fix | Delete
*
[361] Fix | Delete
* @return false|mixed
[362] Fix | Delete
*/
[363] Fix | Delete
protected function get_debug_setting( $name ) {
[364] Fix | Delete
[365] Fix | Delete
// To be defined in wp-config.php.
[366] Fix | Delete
if ( ! defined( 'WPFORMS_DEBUG_LITE_CONNECT' ) || ! is_array( WPFORMS_DEBUG_LITE_CONNECT ) ) {
[367] Fix | Delete
return false;
[368] Fix | Delete
}
[369] Fix | Delete
[370] Fix | Delete
return ! empty( WPFORMS_DEBUG_LITE_CONNECT[ $name ] ) ? WPFORMS_DEBUG_LITE_CONNECT[ $name ] : false;
[371] Fix | Delete
}
[372] Fix | Delete
[373] Fix | Delete
/**
[374] Fix | Delete
* Create not logged in nonce.
[375] Fix | Delete
* We need it, because callback from the server to the wpforms/auth/key/nonce will be processed as not logged in.
[376] Fix | Delete
*
[377] Fix | Delete
* @since 1.7.4
[378] Fix | Delete
*
[379] Fix | Delete
* @return string
[380] Fix | Delete
*/
[381] Fix | Delete
private function create_not_logged_in_nonce() {
[382] Fix | Delete
[383] Fix | Delete
$user = wp_get_current_user();
[384] Fix | Delete
$user_id = $user ? $user->ID : 0;
[385] Fix | Delete
[386] Fix | Delete
wp_set_current_user( 0 );
[387] Fix | Delete
[388] Fix | Delete
$saved_cookie = $_COOKIE;
[389] Fix | Delete
$_COOKIE = [];
[390] Fix | Delete
$nonce = wp_create_nonce( self::KEY_NONCE_ACTION );
[391] Fix | Delete
$_COOKIE = $saved_cookie;
[392] Fix | Delete
[393] Fix | Delete
wp_set_current_user( $user_id );
[394] Fix | Delete
[395] Fix | Delete
return $nonce;
[396] Fix | Delete
}
[397] Fix | Delete
[398] Fix | Delete
/**
[399] Fix | Delete
* Set site ID.
[400] Fix | Delete
*
[401] Fix | Delete
* @since 1.7.4
[402] Fix | Delete
*
[403] Fix | Delete
* @return void
[404] Fix | Delete
*/
[405] Fix | Delete
private function set_site_id() {
[406] Fix | Delete
[407] Fix | Delete
// At first, try to use the site ID from the wp-config.php file.
[408] Fix | Delete
$debug_site_id = $this->get_debug_setting( 'id' );
[409] Fix | Delete
[410] Fix | Delete
if ( $debug_site_id !== false ) {
[411] Fix | Delete
$this->site_id = $debug_site_id;
[412] Fix | Delete
[413] Fix | Delete
return;
[414] Fix | Delete
}
[415] Fix | Delete
[416] Fix | Delete
// Otherwise, use the site ID generated and saved as setting.
[417] Fix | Delete
$site = wpforms_setting( 'site', false, Integration::get_option_name() );
[418] Fix | Delete
[419] Fix | Delete
if ( ! isset( $site['id'] ) ) {
[420] Fix | Delete
return;
[421] Fix | Delete
}
[422] Fix | Delete
[423] Fix | Delete
$this->site_id = $site['id'];
[424] Fix | Delete
}
[425] Fix | Delete
[426] Fix | Delete
/**
[427] Fix | Delete
* Check that we have not reached the max number of attempts to get keys from API using generate_keys().
[428] Fix | Delete
*
[429] Fix | Delete
* @since 1.7.5
[430] Fix | Delete
*
[431] Fix | Delete
* @return bool
[432] Fix | Delete
*/
[433] Fix | Delete
private function is_max_generate_key_attempts_reached() {
[434] Fix | Delete
[435] Fix | Delete
$attempts_count = get_option( self::GENERATE_KEY_ATTEMPT_COUNTER_OPTION, 0 );
[436] Fix | Delete
[437] Fix | Delete
return $attempts_count >= self::MAX_GENERATE_KEY_ATTEMPTS;
[438] Fix | Delete
}
[439] Fix | Delete
[440] Fix | Delete
/**
[441] Fix | Delete
* Update count of the attempts to get keys from API using generate_keys().
[442] Fix | Delete
* It allows us to prevent sending requests to the API server infinitely.
[443] Fix | Delete
*
[444] Fix | Delete
* @since 1.7.5
[445] Fix | Delete
*/
[446] Fix | Delete
private function update_generate_key_attempts_count() {
[447] Fix | Delete
[448] Fix | Delete
global $wpdb;
[449] Fix | Delete
[450] Fix | Delete
$counter = get_option( self::GENERATE_KEY_ATTEMPT_COUNTER_OPTION, 0 );
[451] Fix | Delete
[452] Fix | Delete
if ( $counter >= self::MAX_GENERATE_KEY_ATTEMPTS - 1 ) {
[453] Fix | Delete
// Disable Lite Connect.
[454] Fix | Delete
$wpforms_settings = get_option( 'wpforms_settings', [] );
[455] Fix | Delete
$wpforms_settings[ LiteConnect::SETTINGS_SLUG ] = 0;
[456] Fix | Delete
[457] Fix | Delete
update_option( 'wpforms_settings', $wpforms_settings );
[458] Fix | Delete
}
[459] Fix | Delete
[460] Fix | Delete
// Store actual attempt counter value to the option.
[461] Fix | Delete
// We need here an atomic operation to avoid race conditions with getting site key via callback.
[462] Fix | Delete
// phpcs:disable WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize
[463] Fix | Delete
// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
[464] Fix | Delete
$wpdb->query(
[465] Fix | Delete
$wpdb->prepare(
[466] Fix | Delete
"INSERT INTO $wpdb->options
[467] Fix | Delete
(option_name, option_value, autoload)
[468] Fix | Delete
VALUES ( %s, 1, 'no' )
[469] Fix | Delete
ON DUPLICATE KEY UPDATE
[470] Fix | Delete
option_value = option_value + 1",
[471] Fix | Delete
self::GENERATE_KEY_ATTEMPT_COUNTER_OPTION
[472] Fix | Delete
)
[473] Fix | Delete
);
[474] Fix | Delete
// phpcs:enable WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize
[475] Fix | Delete
[476] Fix | Delete
wp_cache_delete( self::GENERATE_KEY_ATTEMPT_COUNTER_OPTION, 'options' );
[477] Fix | Delete
}
[478] Fix | Delete
}
[479] Fix | Delete
[480] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function