Making a user platform reachable by a qr code on a pin-back-button [closed]
Making a user platform reachable by a qr code on a pin-back-button [closed]
encryption
Ask: Anonymization Data of live WordPress site
Ask: Anonymization Data of live WordPress site
How to Deobfuscate a sourcecop protected WordPress plugin?
I came up with a single (linux) terminal command to deal with this. Logic is to just change eval( code_to_eval ) in obfuscated php files to file_put_contents( __FILE__, code_to_eval ). At least that worked for me (my problematic plugin was “Wishlist 1Click Registration” by “HappyPlugins”). Here’s the command: grep -irl –include \*.php “eval(.*);” . | … Read more
Why can’t I save encrypted data in a transient?
So the answer was to use base64_encode and base64_decode. So basically doing something like this to set the transient: $json_contact_info = json_encode( $contact_info ); $transient_data = encrypt_text( $json_contact_info ); $transient_array = base64_encode( $transient_data ); $transient_set = set_transient( $transient_name, $transient_array, 60 * 60 * 24 * 7 ); And then to get the transient: $decrypted_transient_data = … Read more
How to get real password (before encrypt) when register a user?
Not sure what research you are doing, but you can hook into user_register and get submitted password using $_POST variable.
How WordPress hashes passwords
I’m the author of the linked article (thanks for the shout-out, by the way). The WordPress function that does the hashing is wp_has_password() and, by default, it will run the password through 8 rounds whatever the “best” algorithm the server makes available to PHPass is. WordPress, again by default, uses MD5. However you can also … Read more
I want to encrypt my WordPress plugin
Can you encrypt your plugin files? Yes, (“yes” meaning that it is “possible” – not “permissible”) Should you? No. Let’s start with the obvious. WordPress is licensed under GPL – GNU General Public License. What does that mean? It means that WordPress and any derivative work needs to be “open source.” In other words, the … Read more
Retrieve $_POST data to send to javascript without using localize script
You can use set_transient to write temporary data to the database and get_transient to read the value back. This keeps the data on the server and available across requests. It’s kind like a nonce. Keep in mind writing to your database can jam things up when you get a significant amount of users. If you … Read more
Encrypt API key [duplicate]
There is no point in doing that. Anyone that has access to the DB and the code will be able to decrypt, and the admin is likely to have this kind of access.
Not able to log for the first time on a salted WordPress by creating pwd on BD
There is nothing wrong with the “just MD5 also works” on my WordPress installation. As I was creating users via INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, display_name,user_registered) VALUES (‘login’, MD5(‘password’), ‘Name Surname’, ’[email protected]’, ‘username’,now()); INSERT INTO wp_usermeta (umeta_id, user_id, meta_key, meta_value) VALUES (NULL, (Select max(id) FROM wp_users), ‘wp_capabilities’, ‘a:1:{s:13:”administrator”;s:1:”1″;}’); INSERT INTO wp_usermeta (umeta_id, user_id, … Read more