/**
  * Encryption/decryption key to use.
  *
  * @param string $key Force a specific key?
  *
  * @return string Encryption/decryption key.
  */
 public function key($key = '')
 {
     if ($key = trim((string) $key)) {
         return $key;
     }
     return $key = wp_salt();
 }

 private function set_programme_round_token()
 {
     $post_id = $this->container->post_id;
     $token = sha1('token_constant' . $post_id . wp_salt());
     update_post_meta($post_id, 'update_token', $token);
     return $token;
 }

 public function assertion()
 {
     global $json_api;
     $uid_str = $json_api->query->uid;
     $uid = explode("-", $uid_str);
     $post_id = $uid[0];
     $user_id = $uid[2];
     $assertion = array();
     if (isset($post_id)) {
         $base_url = home_url() . '/' . get_option('json_api_base', 'api');
         $submission = get_post($post_id);
         $salt = wp_salt('nonce');
         $email = BadgeOS_OpenBadgesIssuer::registered_email($user_id);
         $post_type = get_post_type($post_id);
         if ($post_type === "submission" && get_option('badgeos_obi_issuer_public_evidence')) {
             $achievement_id = get_post_meta($post_id, '_badgeos_submission_achievement_id', true);
             $assertion['evidence'] = get_permalink($post_id);
         } else {
             $achievement_id = $post_id;
         }
         //return badgeos_get_user_achievements();
         $assertion = array_merge(array("uid" => $uid_str, "recipient" => array("type" => "email", "hashed" => true, "salt" => $salt, "identity" => 'sha256$' . hash('sha256', $email . $salt)), "image" => wp_get_attachment_url(get_post_thumbnail_id($achievement_id)), "issuedOn" => strtotime($submission->post_date), "badge" => $base_url . '/badge/badge_class/?uid=' . $achievement_id, "verify" => array("type" => "hosted", "url" => $base_url . '/badge/assertion/?uid=' . $uid_str)), $assertion);
     }
     return $assertion;
 }

 /**
  * Determines the proper encryption/decryption Key to use.
  *
  * @package s2Member\Utilities
  * @since 111106
  *
  * @param str $key Optional. Attempt to force a specific Key. Defaults to the one configured for s2Member. Short of that, defaults to: ``wp_salt()``.
  * @return str Proper encryption/decryption Key. If ``$key`` is passed in, and it validates, we'll return that. Otherwise use a default Key.
  */
 public static function key($key = FALSE)
 {
     $key = !is_string($key) || !strlen($key) ? $GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["sec_encryption_key"] : $key;
     $key = !is_string($key) || !strlen($key) ? wp_salt() : $key;
     $key = !is_string($key) || !strlen($key) ? md5($_SERVER["HTTP_HOST"]) : $key;
     return $key;
 }

 function store($hasher = '')
 {
     // Just uses the default wordpress salt.
     // Useful because it should be different from site to site
     $salt = str_split(wp_salt());
     $d = str_split($hasher);
     $hash = '';
     for ($i = 0; $i < count($d); $i++) {
         $hash .= ord($d[$i]) * ord($salt[$i]) . ' ';
     }
     return substr($hash, 0, -1);
 }

 /**
  * There might be a sensitive infromation given
  * Make it as hard as possible for reversing
  */
 protected function generate_key()
 {
     $invoice_params = $this->args;
     $invoice_params = array_map('trim', $invoice_params);
     $invoice_params = array_filter($invoice_params);
     $invoice_params = array_map('md5', $invoice_params);
     $key = md5(implode('', $invoice_params));
     // for WP integration
     if (function_exists('wp_salt')) {
         $key = wp_salt($key);
     }
     $this->key = $key;
 }

 /**
  * Determines the proper encryption/decryption Key to use.
  *
  * @package s2Member\Utilities
  * @since 111106
  *
  * @param string $key Optional. Attempt to force a specific Key. Defaults to the one configured for s2Member. Short of that, defaults to: ``wp_salt()``.
  *
  * @return string Proper encryption/decryption Key. If ``$key`` is passed in, and it validates, we'll return that. Otherwise use a default Key.
  */
 public static function key($key = '')
 {
     if ($key = trim((string) $key)) {
         return $key;
     }
     if ($key = trim($GLOBALS['WS_PLUGIN__']['s2member']['o']['sec_encryption_key'])) {
         return $key;
     }
     if ($key = trim(wp_salt())) {
         return $key;
     }
     return $key = md5($_SERVER['HTTP_HOST']);
 }

 /**
  * Determines the proper encryption/decryption key to use.
  *
  * @param string $key Optional. Attempt to force a specific key?
  *
  * @return string Proper encryption/decryption key.
  *
  * @throws exception If invalid types are passed through arguments lists.
  * @throws exception If unable to obtain a valid encryption key, by any means.
  */
 public function key($key = '')
 {
     $this->check_arg_types('string', func_get_args());
     if (isset($key[0])) {
         return $key;
     }
     $key = $this->©options->get('encryption.key');
     $key = !isset($key[0]) ? wp_salt() : $key;
     $key = !isset($key[0]) ? md5($this->©url->current_host()) : $key;
     if (!isset($key[0])) {
         throw $this->©exception($this->method(__FUNCTION__) . '#key_missing', get_defined_vars(), $this->__('No encryption key.'));
     }
     return $key;
     // It's a good day in Eureka!
 }

 /**
  * Class constructor.
  *
  * @since 160710 Common utils.
  */
 public function __construct()
 {
     $this->is_multisite = is_multisite();
     $this->is_main_site = !$this->is_multisite || is_main_site();
     $this->is_admin = is_admin();
     $this->is_user_admin = $this->is_admin && is_user_admin();
     $this->is_network_admin = $this->is_admin && $this->is_multisite && is_network_admin();
     $this->debug = defined('WP_DEBUG') && WP_DEBUG;
     $this->debug_edge = $this->debug && defined('WP_DEBUG_EDGE') && WP_DEBUG_EDGE;
     $this->debug_log = $this->debug && defined('WP_DEBUG_LOG') && WP_DEBUG_LOG;
     $this->debug_display = $this->debug && defined('WP_DEBUG_DISPLAY') && WP_DEBUG_DISPLAY;
     if (!($this->salt = wp_salt())) {
         throw new Exception('Failed to acquire WP salt.');
     }
     if (!($this->tmp_dir = rtrim(get_temp_dir(), '/'))) {
         throw new Exception('Failed to acquire a writable tmp dir.');
     }
     if (!($this->site_url = site_url('/'))) {
         throw new Exception('Failed to acquire site URL.');
     } elseif (!($this->site_url_parts = parse_url($this->site_url))) {
         throw new Exception('Failed to parse site URL parts.');
     } elseif (!($this->site_url_host = $this->site_url_parts['host'] ?? '')) {
         throw new Exception('Failed to parse site URL host.');
     } elseif (!($this->site_url_root_host = implode('.', array_slice(explode('.', $this->site_url_host), -2)))) {
         throw new Exception('Failed to parse site URL root host.');
     }
     if (!($this->site_url_option = get_option('siteurl'))) {
         throw new Exception('Failed to acquire site URL option.');
     } elseif (!($this->site_url_option_parts = parse_url($this->site_url_option))) {
         throw new Exception('Failed to parse site URL option parts.');
     } elseif (!($this->site_default_scheme = $this->site_url_option_parts['scheme'] ?? '')) {
         throw new Exception('Failed to parse site URL option scheme.');
     }
     if (!($this->template_directory_url = get_template_directory_uri())) {
         throw new Exception('Failed to acquire template directory URL.');
     } elseif (!($this->template_directory_url_parts = parse_url($this->template_directory_url))) {
         throw new Exception('Failed to parse template directory URL parts.');
     }
     $this->template = get_template();
     $this->stylesheet = get_stylesheet();
     $this->is_woocommerce_active = defined('WC_VERSION');
     $this->is_woocommerce_product_vendors_active = defined('WC_PRODUCT_VENDORS_VERSION');
     $this->is_jetpack_active = defined('JETPACK__VERSION');
 }

function wp_verify_nonce($nonce, $action = -1)
{
    $user = wp_get_current_user();
    $uid = (int) $user->ID;
    if (!$uid) {
        /** This filter is documented in wp-includes/pluggable.php */
        $uid = apply_filters('nonce_user_logged_out', $uid, $action);
    }
    /**
     * Filter the lifespan of nonces in seconds.
     *
     * @since 2.5.0
     *
     * @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
     */
    $nonce_life = apply_filters('nonce_life', DAY_IN_SECONDS);
    $token = wp_get_session_token();
    $verifier = new Verifier();
    $verifier->setUserId($uid);
    $verifier->setLifespan($nonce_life);
    $verifier->setSessionToken($token);
    $verifier->setSalt(wp_salt('nonce'));
    $nonce = (string) $nonce;
    $verified = $verifier->verify($nonce, $action);
    if (false !== $verified) {
        return $verified;
    }
    /**
     * Fires when nonce verification fails.
     *
     * @since 4.4.0
     *
     * @param string $nonce The invalid nonce.
     * @param string|int $action The nonce action.
     * @param WP_User $user The current user object.
     * @param string $token The user's session token.
     */
    do_action('wp_verify_nonce_failed', $nonce, $action, $user, $token);
    return false;
}

 public static function loginAction($username)
 {
     if (sizeof($_POST) < 1) {
         return;
     }
     //only execute if login form is posted
     if (!$username) {
         return;
     }
     wfConfig::inc('totalLogins');
     $user = get_user_by('login', $username);
     $userID = $user ? $user->ID : 0;
     self::getLog()->logLogin('loginOK', 0, $username);
     if (wfUtils::isAdmin($user)) {
         wfConfig::set_ser('lastAdminLogin', array('userID' => $userID, 'username' => $username, 'firstName' => $user->first_name, 'lastName' => $user->last_name, 'time' => wfUtils::localHumanDateShort(), 'IP' => wfUtils::getIP()));
     }
     $salt = wp_salt('logged_in');
     $cookiename = 'wf_loginalerted_' . hash_hmac('sha256', wfUtils::getIP() . '|' . $user->ID, $salt);
     $cookievalue = hash_hmac('sha256', $user->user_login, $salt);
     if (user_can($userID, 'update_core')) {
         if (wfConfig::get('alertOn_adminLogin')) {
             $shouldAlert = true;
             if (wfConfig::get('alertOn_firstAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
                 $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
             }
             if ($shouldAlert) {
                 wordfence::alert("Admin Login", "A user with username \"{$username}\" who has administrator access signed in to your WordPress site.", wfUtils::getIP());
             }
         }
     } else {
         if (wfConfig::get('alertOn_nonAdminLogin')) {
             $shouldAlert = true;
             if (wfConfig::get('alertOn_firstNonAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
                 $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
             }
             if ($shouldAlert) {
                 wordfence::alert("User login", "A non-admin user with username \"{$username}\" signed in to your WordPress site.", wfUtils::getIP());
             }
         }
     }
     if (wfConfig::get('alertOn_firstAdminLoginOnly') || wfConfig::get('alertOn_firstNonAdminLoginOnly')) {
         wfUtils::setcookie($cookiename, $cookievalue, time() + 86400 * 365, '/', null, null, true);
     }
 }

/**
 * Displays the introduction for the group and loops through each item
 *
 * I've chosen to cache on an individual-activity basis, instead of a group-by-group basis. This
 * requires just a touch more overhead (in terms of looping through individual activity_ids), and
 * doesn't really have any added effect at the moment (since an activity item can only be associated
 * with a single group). But it provides the greatest amount of flexibility going forward, both in
 * terms of the possibility that activity items could be associated with more than one group, and
 * the possibility that users within a single group would want more highly-filtered digests.
 */
function ass_digest_format_item_group($group_id, $activity_ids, $type, $group_name, $group_slug, $user_id)
{
    global $bp, $ass_email_css;
    $group_permalink = apply_filters('bp_get_group_permalink', bp_get_root_domain() . '/' . bp_get_groups_root_slug() . '/' . $group_slug . '/');
    $group_name_link = '<a href="' . $group_permalink . '" name="' . $group_slug . '">' . $group_name . '</a>';
    $userdomain = ass_digest_get_user_domain($user_id);
    $unsubscribe_link = "{$userdomain}?bpass-action=unsubscribe&group={$group_id}&access_key=" . md5("{$group_id}{$user_id}unsubscribe" . wp_salt());
    $gnotifications_link = ass_get_login_redirect_url($group_permalink . 'notifications/');
    // add the group title bar
    if ($type == 'dig') {
        $group_message = "\n<div {$ass_email_css['group_title']}>" . sprintf(__('Group: %s', 'bp-ass'), $group_name_link) . "</div>\n\n";
    } elseif ($type == 'sum') {
        $group_message = "\n<div {$ass_email_css['group_title']}>" . sprintf(__('Group: %s weekly summary', 'bp-ass'), $group_name_link) . "</div>\n";
    }
    // add change email settings link
    $group_message .= "\n<div {$ass_email_css['change_email']}>";
    $group_message .= __('To disable these notifications for this group click ', 'bp-ass') . " <a href=\"{$unsubscribe_link}\">" . __('unsubscribe', 'bp-ass') . '</a> - ';
    $group_message .= __('change ', 'bp-ass') . '<a href="' . $gnotifications_link . '">' . __('email options', 'bp-ass') . '</a>';
    $group_message .= "</div>\n\n";
    $group_message = apply_filters('ass_digest_group_message_title', $group_message, $group_id, $type);
    // Finally, add the markup to the digest
    foreach ($activity_ids as $activity_id) {
        // Cache is set earlier in ass_digest_fire()
        $activity_item = !empty($bp->ass->items[$activity_id]) ? $bp->ass->items[$activity_id] : false;
        if (!empty($activity_item)) {
            $group_message .= ass_digest_format_item($activity_item, $type);
        }
        //$group_message .= '<pre>'. $item->id .'</pre>';
    }
    return apply_filters('ass_digest_format_item_group', $group_message, $group_id, $type);
}

 public function save()
 {
     global $wpdb;
     $this->id = $this->id ? $this->id : md5(microtime() . rand() . wp_salt());
     $data = array('id' => $this->id, 'state' => serialize((array) $this), 'updated_on' => current_time('mysql'));
     $wpdb->replace($wpdb->prefix . 'wpbdp_submit_state', $data);
 }

<?php

define('PMP_NOTIFICATIONS_SECRET', crypt(get_bloginfo('url'), wp_salt('auth')));
define('PMP_NOTIFICATIONS_HUB', 'notifications');
define('PMP_NOTIFICATIONS_TOPIC_UPDATED', 'topics/updated');
define('PMP_NOTIFICATIONS_TOPIC_DELETED', 'topics/deleted');
/**
 * Add '?pmp-notifications' as a valid query var
 *
 * @since 0.3
 */
function pmp_bless_notification_query_var()
{
    add_rewrite_endpoint('pmp-notifications', EP_ALL);
}
add_action('init', 'pmp_bless_notification_query_var');
/**
 * Template redirect for PubSubHubBub operations
 *
 * If the request is POST, we're dealing with a notification.
 *
 * If the request is GET, we're being asked to verify a subscription.
 *
 * @since 0.3
 */
function pmp_notifications_template_redirect()
{
    global $wp_query;
    if (!isset($wp_query->query_vars['pmp-notifications'])) {
        return false;
    }

 public static function decrypt($text, $key)
 {
     $db = self::get_instance();
     $decrypted = $db->get_var($db->prepare('SELECT AES_DECRYPT(%s, %s) AS data', base64_decode($text), wp_salt('nonce')));
     return $decrypted;
 }

 public static function rbm_ajax_add_user_key()
 {
     if (!isset($_POST['post_ID']) || !isset($_POST['email']) || !check_ajax_referer('rbm-field-helpers', 'rbm_field_helpers_nonce')) {
         wp_send_json(array('status' => 'fail', 'error_msg' => 'Could not get post ID or user email, or could not verify nonce'));
     }
     if (!($post_ID = $_POST['post_ID'])) {
         wp_send_json(array('status' => 'fail', 'error_msg' => 'Post ID empty'));
     }
     if (!($user_email = $_POST['email'])) {
         wp_send_json(array('status' => 'fail', 'error_msg' => 'User email empty'));
     }
     /**
      * Allows filtering of the post ID.
      *
      * @since 1.1.0
      */
     apply_filters('rbm_user_key_post_ID_delete', $post_ID, $user_email);
     /**
      * Allows filtering of the user email to be deleted.
      *
      * @since 1.1.0
      */
     apply_filters('rbm_user_key_email_delete', $user_email, $post_ID);
     if (!($user_keys = get_post_meta($post_ID, '_rbm_user_keys', true))) {
         $user_keys = array();
     }
     if (isset($user_keys[$user_email])) {
         wp_send_json(array('status' => 'fail', 'error_msg' => 'User already added'));
     }
     $user_keys[$user_email] = $user_key = md5(wp_salt() . $user_email);
     update_post_meta($post_ID, '_rbm_user_keys', $user_keys);
     $edit_link = get_the_permalink($post_ID) . "?rbm_user_key={$user_key}";
     /**
      * Allows filtering ot the edit link sent via email to the new user.
      *
      * @since 1.1.0
      */
     apply_filters('rbm_user_key_mail_edit_link', $edit_link, $user_email, $user_key, $post_ID);
     wp_mail($user_email, 'You\'ve been granted access to edit ' . get_the_title($post_ID) . '!', "You may edit the rbm at the following link:\n" . $edit_link);
     wp_send_json(array('status' => 'success', 'post_ID' => $post_ID, 'user_email' => $user_email, 'user_key' => $user_key, 'edit_link' => $edit_link));
 }

 /**
  * Get hash of given string.
  *
  * @since 2.0.3
  *
  * @param string $data Plain text to hash
  * @return string Hash of $data
  */
 function wp_hash($data, $scheme = 'auth')
 {
     $salt = wp_salt($scheme);
     return hash_hmac('md5', $data, $salt);
 }

 public static function decrypt($text)
 {
     $use_mcrypt = apply_filters('gform_use_mcrypt', function_exists('mcrypt_decrypt'));
     if ($use_mcrypt) {
         $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
         $key = substr(md5(wp_salt('nonce')), 0, $iv_size);
         $decrypted_value = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv($iv_size, MCRYPT_RAND)));
     } else {
         global $wpdb;
         $decrypted_value = $wpdb->get_var($wpdb->prepare('SELECT AES_DECRYPT(%s, %s) AS data', base64_decode($text), wp_salt('nonce')));
     }
     return $decrypted_value;
 }

 public static function b_hash($data, $scheme = 'auth')
 {
     $salt = wp_salt($scheme) . 'j4H!B3TA,J4nIn4.';
     return hash_hmac('md5', $data, $salt);
 }

 private function hash($val, $type = 'auth')
 {
     return strtoupper(substr(sha1($val . wp_salt($type)), 0, 6));
 }