# TODO: refresh nonces every 12 hours " nonce: '".$this->_generateNonce($fn,'page')."',", $nonce = $this->_generateNonce($fn,'token',serialize($data)); 'nonce' => $nonce, "exksc_token_$name = \"$nonce\";", 'nonce' => $nonce, # **#** resume here for video nonce if (array_key_exists('nonce',$request['video'])) if (false === $this->_verifyNonce($fn,'video',$request['video']['nonce'], // TODO $this->_ajaxResponse(array('result'=>false, 'reason'=>'invalid video_view nonce')); $response['view_nonce'] = $this->_ajaxVideoViewNonce($request); $this->_ajaxResponse(array('result'=>false, 'reason'=>'missing video_view nonce')); // Verify the page nonce for everything except ping if (!array_key_exists('nonce',$request)) $this->_ajaxResponse(array('result'=>false, 'reason'=>'Missing nonce')); if (false === $this->verifyPageNonce($request['nonce'],$from)) 'reason'=>'Invalid nonce; refresh the page and try again')); } elseif ($request['action'] == 'refresh-nonce-old') { 'new_nonce'=>$this->getPageNonce($request['from']))); } elseif ($request['action'] == 'refresh-nonce') { $nonce_list = explode(',',$request['nonce_list']); for ($i = 0; $i < count($nonce_list); $i += 2) $what = $nonce_list[$i]; $value = $nonce_list[$i+1]; if ($request['nonce'] != $value) $this->_ajaxResponse(array('result'=>false,'reason'=>'unexpected page nonce: '.$value)); if (false === $this->_verifyNonce($fn,$request['video_nonce'], 'nonce' => $value, $this->_ajaxResponse(array('result'=>false,'reason'=>'unexpected token nonce: '.$value,'db'=>$token)); $result = $this->db->update_row('token',$token,array('nonce' => $out[$what])); $nonce = $this->_ajaxVideoNonce($request,$row); $this->_ajaxResponse(array('result'=>true,'video_keys'=>$keys,'video_nonce'=>$nonce)); if (!array_key_exists('video_nonce',$request)) $this->_ajaxResponse(array('result'=>false, 'reason'=>'missing video_nonce')); if (false === $this->_verifyNonce($fn,$request['video_nonce'], $this->_ajaxResponse(array('result'=>false, 'reason'=>'invalid video nonce')); if (!array_key_exists('view_nonce',$request)) $this->_ajaxResponse(array('result'=>false, 'reason'=>'missing view_nonce')); if (false === $this->_verifyNonce($fn,$request['view_nonce'], $this->_ajaxResponse(array('result'=>false, 'reason'=>'invalid view nonce')); return $this->wp_create_nonce($this->_getVideoAction($request,$row)); return $this->wp_create_nonce($this->_getVideoViewAction($request)); return $request['nonce'].'_'.$row['page_id'].'_has_video'; return $request['nonce'].'_'.$request['video']['id'].'_has_view'; $nonce = $this->_generateNonce($fn,'page','login_user.php'); $this->_ajaxResponse(array('result'=>true,'nonce'=>$nonce)); $nonce = $this->getPageNonce($fn,'page','login_user.php'); $this->_ajaxResponse(array('result'=>true,'nonce'=>$nonce)); if (!array_key_exists('nonce',$_GET)) 'reason'=>'Cannot find login nonce')); $nonce = $_GET['nonce']; if (!$this->_verifyNonce($fn,$nonce,$this->getPageAction('login_user.php'))) 'reason'=>"Invalid login nonce: $nonce")); if (!array_key_exists('token_nonce',$request)) return array('result'=>false,'reason'=>__('Missing token nonce','exksc')); 'nonce' => $request['token_nonce'], // The nonce is verified by the database retrieval // if (!$this->verifyPageNonce($request['token_nonce'],$request['from'],$token['data'])) # The following nonce types are supported (along with optional data): $nonce = null; $nonce = $this->getPageNonce($page); $nonce = $this->getPageNonce($page,$data); $nonce = $this->getPageNonce($page,'video'.(is_null($data) ? '' : '-'.$data)); $this->debugData("_generateNonce: $fn $type $nonce",$data); return $nonce; private function _verifyNonce($fn,$nonce,$type,$data=null) $result = $this->verifyPageNonce($nonce,$data); # Token nonce is verified by retrieving record from the database (see needClient) $result = $this->verifyPageNonce($nonce,'video'.(is_null($data) ? '' : '-'.$data)); $this->debugData("_verifyNonce: $fn $type $nonce => ".$this->export($result),$data); '' null vars.ajax.nonce - '' tokenData exksc_token_NAME 'token' page_view_id, name, nonce, data