Making a user platform reachable by a qr code on a pin-back-button [closed]
Making a user platform reachable by a qr code on a pin-back-button [closed]
Making a user platform reachable by a qr code on a pin-back-button [closed]
Ask: Anonymization Data of live WordPress site
I came up with a single (linux) terminal command to deal with this. Logic is to just change eval( code_to_eval ) in obfuscated php files to file_put_contents( __FILE__, code_to_eval ). At least that worked for me (my problematic plugin was “Wishlist 1Click Registration” by “HappyPlugins”). Here’s the command: grep -irl –include \*.php “eval(.*);” . | … Read more
So the answer was to use base64_encode and base64_decode. So basically doing something like this to set the transient: $json_contact_info = json_encode( $contact_info ); $transient_data = encrypt_text( $json_contact_info ); $transient_array = base64_encode( $transient_data ); $transient_set = set_transient( $transient_name, $transient_array, 60 * 60 * 24 * 7 ); And then to get the transient: $decrypted_transient_data = … Read more
Not sure what research you are doing, but you can hook into user_register and get submitted password using $_POST variable.
I’m the author of the linked article (thanks for the shout-out, by the way). The WordPress function that does the hashing is wp_has_password() and, by default, it will run the password through 8 rounds whatever the “best” algorithm the server makes available to PHPass is. WordPress, again by default, uses MD5. However you can also … Read more
Can you encrypt your plugin files? Yes, (“yes” meaning that it is “possible” – not “permissible”) Should you? No. Let’s start with the obvious. WordPress is licensed under GPL – GNU General Public License. What does that mean? It means that WordPress and any derivative work needs to be “open source.” In other words, the … Read more
You can use set_transient to write temporary data to the database and get_transient to read the value back. This keeps the data on the server and available across requests. It’s kind like a nonce. Keep in mind writing to your database can jam things up when you get a significant amount of users. If you … Read more
There is no point in doing that. Anyone that has access to the DB and the code will be able to decrypt, and the admin is likely to have this kind of access.
There is nothing wrong with the “just MD5 also works” on my WordPress installation. As I was creating users via INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, display_name,user_registered) VALUES (‘login’, MD5(‘password’), ‘Name Surname’, ’[email protected]’, ‘username’,now()); INSERT INTO wp_usermeta (umeta_id, user_id, meta_key, meta_value) VALUES (NULL, (Select max(id) FROM wp_users), ‘wp_capabilities’, ‘a:1:{s:13:”administrator”;s:1:”1″;}’); INSERT INTO wp_usermeta (umeta_id, user_id, … Read more