/**
* Authenticate the user using the NXTClass auth cookie.
*/
function nxt_authenticate_cookie($user, $username, $password)
{
if (is_a($user, 'nxt_User')) {
return $user;
}
if (empty($username) && empty($password)) {
$user_id = nxt_validate_auth_cookie();
if ($user_id) {
return new nxt_User($user_id);
}
global $auth_secure_cookie;
if ($auth_secure_cookie) {
$auth_cookie = SECURE_AUTH_COOKIE;
} else {
$auth_cookie = AUTH_COOKIE;
}
if (!empty($_COOKIE[$auth_cookie])) {
return new nxt_Error('expired_session', __('Please log in again.'));
}
// If the cookie is not set, be silent.
}
return $user;
}
/**
* Checks if a user is logged in, if not it redirects them to the login page.
*
* @since 1.5
*/
function auth_redirect()
{
// Checks if a user is logged in, if not redirects them to the login page
$secure = is_ssl() || force_ssl_admin();
$secure = apply_filters('secure_auth_redirect', $secure);
// If https is required and request is http, redirect
if ($secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'nxt-admin')) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
nxt_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit;
} else {
nxt_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
if (is_user_admin()) {
$scheme = 'logged_in';
} else {
$scheme = apply_filters('auth_redirect_scheme', '');
}
if ($user_id = nxt_validate_auth_cookie('', $scheme)) {
do_action('auth_redirect', $user_id);
// If the user wants ssl but the session is not ssl, redirect.
if (!$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'nxt-admin')) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
nxt_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit;
} else {
nxt_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
}
return;
// The cookie is good so we're done
}
// The cookie is no good so force login
nocache_headers();
if (is_ssl()) {
$proto = 'https://';
} else {
$proto = 'http://';
}
$redirect = strpos($_SERVER['REQUEST_URI'], '/options.php') && nxt_get_referer() ? nxt_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$login_url = nxt_login_url($redirect, true);
nxt_redirect($login_url);
exit;
}
<?php
/**
* NXTClass Administration Generic POST Handler.
*
* @package NXTClass
* @subpackage Administration
*/
/** We are located in NXTClass Administration Screens */
define('nxt_ADMIN', true);
if (defined('ABSPATH')) {
require_once ABSPATH . 'nxt-load.php';
} else {
require_once '../nxt-load.php';
}
require_once ABSPATH . 'nxt-admin/includes/admin.php';
nocache_headers();
do_action('admin_init');
$action = 'admin_post';
if (!nxt_validate_auth_cookie()) {
$action .= '_nopriv';
}
if (!empty($_REQUEST['action'])) {
$action .= '_' . $_REQUEST['action'];
}
do_action($action);
