/** * Authenticate the user using the NXTClass auth cookie. */ function nxt_authenticate_cookie($user, $username, $password) { if (is_a($user, 'nxt_User')) { return $user; } if (empty($username) && empty($password)) { $user_id = nxt_validate_auth_cookie(); if ($user_id) { return new nxt_User($user_id); } global $auth_secure_cookie; if ($auth_secure_cookie) { $auth_cookie = SECURE_AUTH_COOKIE; } else { $auth_cookie = AUTH_COOKIE; } if (!empty($_COOKIE[$auth_cookie])) { return new nxt_Error('expired_session', __('Please log in again.')); } // If the cookie is not set, be silent. } return $user; }
/** * Checks if a user is logged in, if not it redirects them to the login page. * * @since 1.5 */ function auth_redirect() { // Checks if a user is logged in, if not redirects them to the login page $secure = is_ssl() || force_ssl_admin(); $secure = apply_filters('secure_auth_redirect', $secure); // If https is required and request is http, redirect if ($secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'nxt-admin')) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { nxt_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); exit; } else { nxt_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } if (is_user_admin()) { $scheme = 'logged_in'; } else { $scheme = apply_filters('auth_redirect_scheme', ''); } if ($user_id = nxt_validate_auth_cookie('', $scheme)) { do_action('auth_redirect', $user_id); // If the user wants ssl but the session is not ssl, redirect. if (!$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'nxt-admin')) { if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) { nxt_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI'])); exit; } else { nxt_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } return; // The cookie is good so we're done } // The cookie is no good so force login nocache_headers(); if (is_ssl()) { $proto = 'https://'; } else { $proto = 'http://'; } $redirect = strpos($_SERVER['REQUEST_URI'], '/options.php') && nxt_get_referer() ? nxt_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $login_url = nxt_login_url($redirect, true); nxt_redirect($login_url); exit; }
<?php /** * NXTClass Administration Generic POST Handler. * * @package NXTClass * @subpackage Administration */ /** We are located in NXTClass Administration Screens */ define('nxt_ADMIN', true); if (defined('ABSPATH')) { require_once ABSPATH . 'nxt-load.php'; } else { require_once '../nxt-load.php'; } require_once ABSPATH . 'nxt-admin/includes/admin.php'; nocache_headers(); do_action('admin_init'); $action = 'admin_post'; if (!nxt_validate_auth_cookie()) { $action .= '_nopriv'; } if (!empty($_REQUEST['action'])) { $action .= '_' . $_REQUEST['action']; } do_action($action);