Skip to content

Commit bb999aa

Browse files
eug-Leug-L
committed
store visitor hash in session instead of api key
1 parent 857823b commit bb999aa

File tree

1 file changed

+55
-32
lines changed

1 file changed

+55
-32
lines changed

tawkto/tawkto.php

Lines changed: 55 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,6 @@ class TawkTo_Settings {
3333
const CIPHER = 'AES-256-CBC';
3434
const CIPHER_IV_LENGTH = 16;
3535
const NO_CHANGE = 'nochange';
36-
const TAWK_API_KEY = 'tawkto-js-api-key';
3736

3837
/**
3938
* @var $plugin_ver Plugin version
@@ -433,8 +432,6 @@ private static function validate_js_api_key( &$fields ) {
433432
return;
434433
}
435434

436-
delete_transient( self::TAWK_API_KEY );
437-
438435
if ( '' === $fields['js_api_key'] ) {
439436
return;
440437
}
@@ -539,7 +536,7 @@ private static function get_encrypted_data( $data ) {
539536
* @param string $data - Data to be decrypted.
540537
* @return string
541538
*/
542-
private static function get_decrypted_data( $data ) {
539+
public static function get_decrypted_data( $data ) {
543540
// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
544541
$decoded_data = base64_decode( $data );
545542

@@ -559,29 +556,6 @@ private static function get_decrypted_data( $data ) {
559556
return $decrypted_data;
560557
}
561558

562-
/**
563-
* Retrieves JS API Key
564-
*
565-
* @return string
566-
*/
567-
public static function get_js_api_key() {
568-
if ( ! empty( get_transient( self::TAWK_API_KEY ) ) ) {
569-
return get_transient( self::TAWK_API_KEY );
570-
}
571-
572-
$security = get_option( self::TAWK_SECURITY_OPTIONS );
573-
574-
if ( ! isset( $security['js_api_key'] ) ) {
575-
return '';
576-
}
577-
578-
$key = self::get_decrypted_data( $security['js_api_key'] );
579-
580-
set_transient( self::TAWK_API_KEY, $key, 60 * 60 );
581-
582-
return $key;
583-
}
584-
585559
/**
586560
* Adds settings error
587561
*
@@ -614,6 +588,7 @@ private static function show_tawk_options_error( $message ) {
614588
*/
615589
class TawkTo {
616590
const PLUGIN_VERSION_VARIABLE = 'tawkto-version';
591+
const TAWK_VISITOR_SESSION = 'tawkto-visitor-session';
617592

618593
/**
619594
* @var $plugin_version Plugin version
@@ -628,6 +603,19 @@ class TawkTo {
628603
public function __construct() {
629604
$tawkto_settings = new TawkTo_Settings();
630605
add_shortcode( 'tawkto', array( $this, 'shortcode_print_embed_code' ) );
606+
607+
add_action( 'init', array( $this, 'start_session' ) );
608+
}
609+
610+
/**
611+
* Starts user session
612+
*
613+
* @return void
614+
*/
615+
public function start_session() {
616+
if ( session_status() === PHP_SESSION_NONE ) {
617+
session_start();
618+
}
631619
}
632620

633621
/**
@@ -674,8 +662,6 @@ public static function deactivate() {
674662
delete_option( TawkTo_Settings::TAWK_PRIVACY_OPTIONS );
675663
delete_option( TawkTo_Settings::TAWK_SECURITY_OPTIONS );
676664
delete_option( self::PLUGIN_VERSION_VARIABLE );
677-
678-
delete_transient( TawkTo_Settings::TAWK_API_KEY );
679665
}
680666

681667
/**
@@ -698,16 +684,53 @@ public function get_current_customer_details() {
698684
'email' => $current_user->user_email,
699685
);
700686

701-
$js_api_key = TawkTo_Settings::get_js_api_key();
702-
if ( ! empty( $user_info['email'] ) && ! empty( $js_api_key ) ) {
703-
$user_info['hash'] = hash_hmac( 'sha256', $user_info['email'], $js_api_key );
687+
$hash = self::get_visitor_hash( $user_info['email'] );
688+
if ( ! empty( $user_info['email'] ) && ! empty( $hash ) ) {
689+
$user_info['hash'] = $hash;
704690
}
705691

706692
return wp_json_encode( $user_info );
707693
}
708694
return null;
709695
}
710696

697+
/**
698+
* Retrieves visitor hash
699+
*
700+
* @param string $email - Visitor email address.
701+
* @return string
702+
*/
703+
public static function get_visitor_hash( $email ) {
704+
$config_version = get_option( TawkTo_Settings::TAWK_CONFIG_VERSION );
705+
706+
if ( isset( $_SESSION[ self::TAWK_VISITOR_SESSION ] ) ) {
707+
$current_session = $_SESSION[ self::TAWK_VISITOR_SESSION ];
708+
709+
if ( $current_session['email'] === $email &&
710+
$current_session['config_version'] === $config_version ) {
711+
return $current_session['hash'];
712+
}
713+
}
714+
715+
$security = get_option( TawkTo_Settings::TAWK_SECURITY_OPTIONS );
716+
717+
if ( empty( $security['js_api_key'] ) ) {
718+
return '';
719+
}
720+
721+
$key = TawkTo_Settings::get_decrypted_data( $security['js_api_key'] );
722+
723+
$hash = hash_hmac( 'sha256', $email, $key );
724+
725+
$_SESSION[ self::TAWK_VISITOR_SESSION ] = array(
726+
'hash' => $hash,
727+
'email' => $email,
728+
'config_version' => $config_version,
729+
);
730+
731+
return $hash;
732+
}
733+
711734
/**
712735
* Creates the embed code
713736
*/

0 commit comments

Comments
 (0)