Caldera_Forms_API_Token

Entry viewer shortcode.

Defined (1)

The class is defined in the following location(s).

/classes/api/token.php  
  1. class Caldera_Forms_API_Token { 
  2.  
  3. /** 
  4. * Create an API token 
  5. * Used as a possible way of authenticating for GET only. Don't use for POST. 
  6. * @since 1.5.0 
  7. * @param string $lowest_role The lowest user role -- IE editor -- that this token is valid for. Use "public" to make public. 
  8. * @param string $form_id Form ID to generate token for. 
  9. * @return string 
  10. */ 
  11. public static function make_token( $lowest_role, $form_id ) { 
  12.  
  13. /** 
  14. * Filter secret portion of API token 
  15. * @since 1.5.0 
  16. * @param string $secret Secret thing to use 
  17. * @param string $form_id ID of form generating/checking token on 
  18. */ 
  19. $secret = apply_filters( 'caldera_forms_api_token_secret', get_option( 'caldera_forms_api_token_secret', NONCE_SALT . md5_file( __FILE__ ) ), $form_id ); 
  20. return sha1( 'cf_viewer_' . $lowest_role . $secret . $form_id ); 
  21.  
  22.  
  23. /** 
  24. * Check a token 
  25. * @since 1.5.0 
  26. * @param string $token Token to check 
  27. * @param string $form_id Form ID to check based on. 
  28. * @param WP_User|null $user Optional. User to check for sufficient role of. Defaults to current user. If null and not logged in, only "public" is checked for. 
  29. * @return bool 
  30. */ 
  31. public static function check_token( $token, $form_id, WP_User $user = null ) { 
  32. if ( null == $user ) { 
  33. $user = get_user_by( 'ID', get_current_user_id() ); 
  34.  
  35. if( null == $user ) { 
  36. return self::verify_token( $token, 'public', $form_id ); 
  37.  
  38. foreach( array_merge( array_keys( caldera_forms_get_roles() ), 'public' ) as $role ) { 
  39. if( true == self::verify_token( $token, $role, $form_id ) ) { 
  40. return true; 
  41.  
  42. return false; 
  43.  
  44.  
  45. /** 
  46. * Check a token against a role 
  47. * @since 1.5.0 
  48. * @param string $check_token Token to check. 
  49. * @param string $role User role to check against. 
  50. * @param string $form_id ID of form this token is for. 
  51. * @return bool 
  52. */ 
  53. protected static function verify_token( $check_token, $role, $form_id ) { 
  54. return hash_equals( self::make_token( $role, $form_id ), $check_token ); 
  55.  
  56.