/**
* Check for valid user via login form or stored cookie. Returns true or an error message
*
*/
function yourls_is_valid_user()
{
// Allow plugins to short-circuit the whole function
$pre = yourls_apply_filter('shunt_is_valid_user', null);
if (null !== $pre) {
return $pre;
}
// $unfiltered_valid : are credentials valid? Boolean value. It's "unfiltered" to allow plugins to eventually filter it.
$unfiltered_valid = false;
// Logout request
if (isset($_GET['action']) && $_GET['action'] == 'logout') {
yourls_do_action('logout');
yourls_store_cookie(null);
return yourls__('Logged out successfully');
}
// Check cookies or login request. Login form has precedence.
yourls_do_action('pre_login');
// Determine auth method and check credentials
if (yourls_is_API() && isset($_REQUEST['timestamp']) && !empty($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
yourls_do_action('pre_login_signature_timestamp');
$unfiltered_valid = yourls_check_signature_timestamp();
} elseif (yourls_is_API() && !isset($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
yourls_do_action('pre_login_signature');
$unfiltered_valid = yourls_check_signature();
} elseif (isset($_REQUEST['username']) && isset($_REQUEST['password']) && !empty($_REQUEST['username']) && !empty($_REQUEST['password'])) {
yourls_do_action('pre_login_username_password');
$unfiltered_valid = yourls_check_username_password();
} elseif (!yourls_is_API() && isset($_COOKIE[yourls_cookie_name()])) {
yourls_do_action('pre_login_cookie');
$unfiltered_valid = yourls_check_auth_cookie();
}
// Regardless of validity, allow plugins to filter the boolean and have final word
$valid = yourls_apply_filter('is_valid_user', $unfiltered_valid);
// Login for the win!
if ($valid) {
yourls_do_action('login');
// (Re)store encrypted cookie if needed
if (!yourls_is_API()) {
yourls_store_cookie(YOURLS_USER);
// Login form : redirect to requested URL to avoid re-submitting the login form on page reload
if (isset($_REQUEST['username']) && isset($_REQUEST['password']) && isset($_SERVER['REQUEST_URI'])) {
$url = $_SERVER['REQUEST_URI'];
yourls_redirect($url);
}
}
// Login successful
return true;
}
// Login failed
yourls_do_action('login_failed');
if (isset($_REQUEST['username']) || isset($_REQUEST['password'])) {
return yourls__('Invalid username or password');
} else {
return yourls__('Please log in');
}
}
/**
* Check for valid user. Returns true or an error message
*
*/
function yourls_is_valid_user()
{
static $valid = false;
if ($valid) {
return true;
}
$unfiltered_valid = false;
// Logout request
if (isset($_GET['action']) && $_GET['action'] == 'logout') {
yourls_do_action('logout');
yourls_store_cookie(null);
return yourls__('Logged out successfully');
}
// Check cookies or login request. Login form has precedence.
global $yourls_user_passwords;
yourls_do_action('pre_login');
// Determine auth method and check credentials
if (yourls_is_API() && isset($_REQUEST['timestamp']) && !empty($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
yourls_do_action('pre_login_signature_timestamp');
$unfiltered_valid = yourls_check_signature_timestamp();
} elseif (yourls_is_API() && !isset($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
yourls_do_action('pre_login_signature');
$unfiltered_valid = yourls_check_signature();
} elseif (isset($_REQUEST['username']) && isset($_REQUEST['password']) && !empty($_REQUEST['username']) && !empty($_REQUEST['password'])) {
yourls_do_action('pre_login_username_password');
$unfiltered_valid = yourls_check_username_password();
} elseif (!yourls_is_API() && isset($_COOKIE['yourls_username']) && isset($_COOKIE['yourls_password'])) {
yourls_do_action('pre_login_cookie');
$unfiltered_valid = yourls_check_auth_cookie();
}
$valid = yourls_apply_filter('is_valid_user', $unfiltered_valid);
// Login for the win!
if ($valid) {
yourls_do_action('login');
// (Re)store encrypted cookie if needed and tell it's ok
if (!yourls_is_API() && $unfiltered_valid) {
yourls_store_cookie(YOURLS_USER);
}
return true;
}
// Login failed
yourls_do_action('login_failed');
if (isset($_REQUEST['username']) || isset($_REQUEST['password'])) {
return yourls__('Invalid username or password');
} else {
return yourls__('Please log in');
}
}
function yourls_is_valid_user()
{
static $valid = false;
if ($valid) {
return true;
}
// Logout request
if (isset($_GET['mode']) && $_GET['mode'] == 'logout') {
yourls_store_cookie(null);
return 'Logged out successfully';
}
// Check cookies or login request. Login form has precedence.
global $yourls_user_passwords;
// In the future maybe I'll implement nonces like in WP. Will be something like
// ?nonce=fn(login,pwd,action)
// Determine auth method and check credentials
if (yourls_is_API() && isset($_REQUEST['timestamp']) && !empty($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
$valid = yourls_check_signature_timestamp();
} elseif (yourls_is_API() && !isset($_REQUEST['timestamp']) && isset($_REQUEST['signature']) && !empty($_REQUEST['signature'])) {
$valid = yourls_check_signature();
} elseif (isset($_REQUEST['username']) && isset($_REQUEST['password']) && !empty($_REQUEST['username']) && !empty($_REQUEST['password'])) {
$valid = yourls_check_username_password();
} elseif (!yourls_is_API() && isset($_COOKIE['yourls_username']) && isset($_COOKIE['yourls_password'])) {
$valid = yourls_check_auth_cookie();
}
// Login for the win!
if ($valid) {
// (Re)store encrypted cookie and tell it's ok
if (!yourls_is_API()) {
// No need to store a cookie when used in API mode.
yourls_store_cookie(YOURLS_USER);
}
return true;
}
// Login failed
if (isset($_REQUEST['username']) || isset($_REQUEST['password'])) {
return 'Invalid username or password';
} else {
return 'Please log in';
}
}
