/** * Plugin Name: JSON Basic Authentication * Description: Basic Authentication handler for the JSON API, used for development and debugging purposes * Author: WordPress API Team * Author URI: https://github.com/WP-API * Version: 0.1 * Plugin URI: https://github.com/WP-API/Basic-Auth */ function json_basic_auth_handler($user) { global $wp_json_basic_auth_error; $wp_json_basic_auth_error = null; // Don't authenticate twice if (!empty($user)) { return $user; } // Check that we're trying to authenticate if (!isset($_SERVER['PHP_AUTH_USER'])) { return $user; } $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; /** * In multi-site, wp_authenticate_spam_check filter is run on authentication. This filter calls * get_currentuserinfo which in turn calls the determine_current_user filter. This leads to infinite * recursion and a stack overflow unless the current function is removed from the determine_current_user * filter during authentication. */ remove_filter('determine_current_user', 'json_basic_auth_handler', 20); $user = wp_authenticate($username, $password); add_filter('determine_current_user', 'json_basic_auth_handler', 20); if (is_wp_error($user)) { $wp_json_basic_auth_error = $user; return null; } $wp_json_basic_auth_error = true; return $user->ID; }
public function generate_auth_cookie($args) { /** * @var $nonce * @var $username * @var $password * */ extract($args); if (!wp_verify_nonce($nonce, 'auth_gmapp')) { return array('error' => array('code' => 'nononce', 'message' => "Something goes wrong (nonce error)... try again.")); } if (!$username) { return array('error' => array('code' => 'nologin', 'message' => "You must include a 'username' var in your request.")); } if (!$password) { return array('error' => array('code' => 'nopassword', 'message' => "You must include a 'password' var in your request.")); } $user = wp_authenticate($username, $password); if (is_wp_error($user)) { remove_action('wp_login_failed', $username); return array('error' => array('code' => 'passerror', 'message' => "Invalid username and/or password.")); } $expiration = time() + apply_filters('auth_cookie_expiration', 1209600, $user->ID, true); $cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in'); preg_match('|src="(.+?)"|', get_avatar($user->ID, 32), $avatar); if (!isset($avatar[1])) { $avatar[1] = ''; } return array("cookie" => $cookie, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities, "avatar" => $avatar[1])); }
/** * Plugin Name: JSON Basic Authentication * Description: Basic Authentication handler for the JSON API, used for development and debugging purposes * Author: WordPress API Team * Author URI: https://github.com/WP-API * Version: 0.1 * Plugin URI: https://github.com/WP-API/Basic-Auth */ function json_basic_auth_handler($request) { global $wp_json_basic_auth_error; $wp_json_basic_auth_error = null; // Check that we're trying to authenticate if (!isset($_SERVER['PHP_AUTH_USER'])) { return $request; } $username = $_SERVER['PHP_AUTH_USER']; $is_email = strpos($username, '@'); if ($is_email) { $ud = get_user_by_email($username); $username = $ud->user_login; } $password = $_SERVER['PHP_AUTH_PW']; $user = wp_authenticate($username, $password); if ($user) { wp_set_current_user($user->ID, $user->user_login); wp_set_auth_cookie($user->ID); do_action('wp_login', $user->user_login); } /** * In multi-site, wp_authenticate_spam_check filter is run on authentication. This filter calls * get_currentuserinfo which in turn calls the determine_current_user filter. This leads to infinite * recursion and a stack overflow unless the current function is removed from the determine_current_user * filter during authentication. */ if (is_wp_error($user)) { $wp_json_basic_auth_error = $user; return null; } $wp_json_basic_auth_error = true; return null; }
public function generate_auth_cookie() { global $json_api; if (!$json_api->query->username) { $json_api->error("You must include a 'username' var in your request."); } if (!$json_api->query->password) { $json_api->error("You must include a 'password' var in your request."); } if ($json_api->query->seconds) { $seconds = (int) $json_api->query->seconds; } else { $seconds = 1209600; } //14 days $user = wp_authenticate($json_api->query->username, $json_api->query->password); if (is_wp_error($user)) { $json_api->error("Invalid username and/or password.", 'error', '401'); remove_action('wp_login_failed', $json_api->query->username); } $expiration = time() + apply_filters('auth_cookie_expiration', $seconds, $user->ID, true); $cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in'); preg_match('|src="(.+?)"|', get_avatar($user->ID, 32), $avatar); return array("cookie" => $cookie, "cookie_name" => LOGGED_IN_COOKIE, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities, "avatar" => $avatar[1])); }
/** * Handle login submissions. Authenticate using AuthService. * @return */ public function authenticateAction() { $form = $this->getForm(); $urlRedirect = false; $redirect = 'home'; $params = array(); $request = $this->getRequest(); if ($request->isPost()) { $form->setData($request->getPost()); if ($form->isValid()) { /* Handle Authentication */ $username = $request->getPost('Username'); $password = $request->getPost('Password'); $WP_User = wp_authenticate($username, $password); if (is_wp_error($WP_User)) { $redirect = 'login'; $this->flashmessenger()->addErrorMessage("Invalid User Credentials"); } else { wp_set_auth_cookie($WP_User->ID); $this->flashmessenger()->addSuccessMessage("Login Successful"); } } else { /* Form error messages */ foreach ($form->getMessages() as $message) { $this->flashmessenger()->addErrorMessage(implode(",", $message)); } } } return $this->redirect()->toRoute($redirect); }
function user_pass_ok($user_login,$user_pass) { $user = wp_authenticate($user_login, $user_pass); if ( is_wp_error($user) ) return false; return true; }
function simple_http_authentication() { if (is_wp_error(wp_authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))) { header('WWW-Authenticate: Basic realm="' . wp_title('-', false) . '"'); header('HTTP/1.0 401 Unauthorized'); echo __('You need to authenticate with a registered user on WordPress.', 'simple-http-authentication'); exit; } }
protected function authenticate($username, $password) { $user = wp_authenticate($username, $password); if (!$user || is_wp_error($user)) { return null; } else { return $user->ID; } }
public function token() { if (!($grant_type = $this->http->get('grant_type'))) { status_header(401); wp_send_json_error('The grant type was not specified in the request'); } $types = array('client_credentials', 'password'); if (in_array($grant_type, $types)) { if (!($client_id = $this->http->get('client_id'))) { status_header(401); wp_send_json_error('Missing parameter: client_id'); } if (!($client_secret = $this->http->get('client_secret'))) { status_header(401); wp_send_json_error('Missing parameter: client_secret'); } if (in_array($grant_type, array('password'))) { if (!($username = $this->http->get('username'))) { status_header(401); wp_send_json_error('Missing parameter: username'); } if (!($password = $this->http->get('password'))) { status_header(401); wp_send_json_error('Missing parameter: password'); } } if (is_array($this->settings['username'])) { foreach ($this->settings['username'] as $property) { if ($user = get_user_by($property, $username)) { break; } } } else { $user = get_user_by($this->settings['username'], $username); } $is_authenticated = wp_authenticate($user->user_login, $password); if (!is_wp_error($is_authenticated)) { $token = wp_generate_password(40, false, false); $tokens = get_user_meta($user->ID, 'access_token', false); if (count($tokens) >= 5) { delete_user_meta($user->ID, 'access_token', reset($tokens)); } add_user_meta($user->ID, 'access_token', $token); status_header(200); wp_send_json_success(array('access_token' => $token, 'expires_in' => 3600, 'token_type' => 'Bearer', 'scope' => 'basic', 'refresh_token' => null)); } else { status_header(401); wp_send_json_error($is_authenticated->get_error_message()); } } else { status_header(401); wp_send_json_error('Unsupported grant type: ' . $grant_type); } }
function check_xmlrpc($username, $password) { if (!get_option('enable_xmlrpc')) { return new IXR_Error(405, sprintf(__('XML-RPC services are disabled on this blog. An admin user can enable them at %s'), admin_url('options-writing.php'))); } $user = wp_authenticate($username, $password); if (is_wp_error($user)) { return new IXR_Error(403, __('Bad login/pass combination.')); } return true; }
/** * @ticket 23494 */ function test_password_trimming() { $another_user = $this->factory->user->create(array('user_login' => 'password-triming-tests')); $passwords_to_test = array('a password with no trailing or leading spaces', 'a password with trailing spaces ', ' a password with leading spaces', ' a password with trailing and leading spaces '); foreach ($passwords_to_test as $password_to_test) { wp_set_password($password_to_test, $another_user); $authed_user = wp_authenticate('password-triming-tests', $password_to_test); $this->assertInstanceOf('WP_User', $authed_user); $this->assertEquals($another_user, $authed_user->ID); } }
/** * Login a user * @param $username * @param $password * @return bool|WP_Error|WP_User */ function _login($username, $password, $blog_id = 1) { $retval = FALSE; if (!is_a($user_obj = wp_authenticate($username, $password), 'WP_Error')) { wp_set_current_user($user_obj->ID); $retval = $user_obj; if (is_multisite()) { switch_to_blog($blog_id); } } return $retval; }
/** * Plugin Name: JSON Basic Authentication * Description: Basic Authentication handler for the JSON API, used for development and debugging purposes * Author: WordPress API Team * Author URI: https://github.com/WP-API * Version: 0.1 * Plugin URI: https://github.com/WP-API/Basic-Auth */ function json_basic_auth_handler($user) { global $wp_json_basic_auth_error; $wp_json_basic_auth_error = null; // Don't authenticate twice if (!empty($user)) { return $user; } //account for issue where some servers remove the PHP auth headers //so instead look for auth info in a custom environment variable set by rewrite rules //probably in .htaccess if (!isset($_SERVER['PHP_AUTH_USER'])) { if (isset($_SERVER['HTTP_AUTHORIZATION'])) { $header = $_SERVER['HTTP_AUTHORIZATION']; } elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { $header = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; } else { $header = null; } if (!empty($header)) { list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($header, 6))); } } // Check that we're trying to authenticate if (!isset($_SERVER['PHP_AUTH_USER'])) { return $user; } $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; /** * In multi-site, wp_authenticate_spam_check filter is run on authentication. This filter calls * get_currentuserinfo which in turn calls the determine_current_user filter. This leads to infinite * recursion and a stack overflow unless the current function is removed from the determine_current_user * filter during authentication. */ remove_filter('determine_current_user', 'json_basic_auth_handler', 20); remove_filter('authenticate', 'wp_authenticate_spam_check', 99); $user = wp_authenticate($username, $password); add_filter('determine_current_user', 'json_basic_auth_handler', 20); add_filter('authenticate', 'wp_authenticate_spam_check', 99); if (is_wp_error($user)) { $wp_json_basic_auth_error = $user; return null; } $wp_json_basic_auth_error = true; //if we found a user, remove regular cookie filters because //they're just going to overwrite what we've found if ($user->ID) { remove_filter('determine_current_user', 'wp_validate_auth_cookie'); remove_filter('determine_current_user', 'wp_validate_logged_in_cookie', 20); } return $user->ID; }
function test_ignore_password_change() { $this->make_user_by_role('author'); $new_pass = '******'; $new_data = array('password' => $new_pass); $result = $this->myxmlrpcserver->wp_editProfile(array(1, 'author', 'author', $new_data)); $this->assertNotInstanceOf('IXR_Error', $result); $this->assertTrue($result); $auth_old = wp_authenticate('author', 'author'); $auth_new = wp_authenticate('author', $new_pass); $this->assertInstanceOf('WP_User', $auth_old); $this->assertWPError($auth_new); }
/** * Authenticate requests for SatisPress packages using HTTP Basic Authentication. * * @since 0.2.0 */ public function authorize_package_request() { $user = is_user_logged_in() ? wp_get_current_user() : false; if (!$user && isset($_SERVER['PHP_AUTH_USER'])) { $user = wp_authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); } $user = apply_filters('satispress_pre_basic_authentication', $user); // Request credentials if the user isn't logged in yet. if (!$user || is_wp_error($user)) { header('WWW-Authenticate: Basic realm="SatisPress"'); header('HTTP/1.0 401 Unauthorized'); exit; } }
/** * Log user in. * * @since 2.8 * * @param string $username User's username. * @param string $password User's password. * @return mixed WP_User object if authentication passed, false otherwise */ function login($username, $password) { if (!get_option('enable_xmlrpc')) { $this->error = new IXR_Error(405, sprintf(__('XML-RPC services are disabled on this blog. An admin user can enable them at %s'), admin_url('options-writing.php'))); return false; } $user = wp_authenticate($username, $password); if (is_wp_error($user)) { $this->error = new IXR_Error(403, __('Bad login/pass combination.')); return false; } set_current_user($user->ID); return $user; }
function login_ajax_request() { $username = isset($_POST['username']) ? $_POST['username'] : null; $password = isset($_POST['password']) ? $_POST['password'] : null; $object = wp_authenticate($username, $password); if (!$object instanceof WP_User) { $json = json_encode(false); } else { wp_signon(array('user_login' => $username, 'user_password' => $password)); unset($object->data->user_pass); $json = json_encode($object->data); } header("Content-type: application/json", true); die($json); }
function as_secure_cookie($secure_cookie, $credentials) { global $use_ssl; if (empty($credentials) || $use_ssl === false) { as_log("Credentials empty or use_ssl is false"); return $secure_cookie; } elseif ($use_ssl) { as_log("Verifying user and setting HTTP auth cookie"); $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); // // set the non-secure cookies and let WP set the secure cookie // wp_set_auth_cookie($user->ID, $credentials['remember'], false); return true; } }
public function process($ip, &$stats = array(), &$options = array(), &$post = array()) { $sname = $this->getSname(); if (!class_exists('GoogleAuthenticator') && strpos($sname, 'wp-login.php') !== false && function_exists('wp_authenticate')) { $log = $post['author']; $pwd = $post['pwd']; if (empty($log) || empty($pwd)) { return false; } $user = @wp_authenticate($log, $pwd); if (!is_wp_error($user)) { // user login is good return 'authenticated user login'; } return false; } return false; }
public function isValid(array $values) { $valid = parent::isValid($values); if (!$valid) { return false; } $credentials = $values; $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); if (is_wp_error($user)) { if ($user->get_error_codes() == array('empty_username', 'empty_password')) { $user = new WP_Error('', ''); } return $user; } wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie); do_action('wp_login', $credentials['user_login']); return $user; }
/** * Checks the user login information * * This webservice checks the sent user login information and can return either * true/false or the user basic information to the calling application * * @package WiziappWordpressPlugin * @subpackage AppWebServices * @author comobix.com plugins@comobix.com * * @param boolean $only_validate a flag indicating if the function should return a full response or just true/false * @return boolean|array if $only_validate the function will return true/false but if not, * the websrvice will return the user information: (id, name, package, next_billing, direction) * along with the usual information * * @todo Calculate the next billing date according to the membership plugin * @todo Get this from the user/blog */ function wiziapp_check_login($only_validate = FALSE) { @header('Content-Type: application/json'); $username = $_REQUEST['username']; $password = $_REQUEST['password']; $deviceToken = $_REQUEST['device_token']; $appToken = $_SERVER['HTTP_APPLICATION']; $udid = $_SERVER['HTTP_UDID']; // if the request doesn't contain all that we need - leave if (!empty($username) && !empty($password) && !empty($appToken) && !empty($udid)) { $user = wp_authenticate($username, $password); if (is_wp_error($user)) { $status = FALSE; } else { /* * Notify the global admin of the CMS user id that is connected * to the device token */ if (!empty($deviceToken)) { $params = array('device_token' => $deviceToken); $headers = array('udid' => $udid); $response = wiziapp_http_request($params, '/push/user/' . $user->ID, $method = 'POST', $headers); // Mark the user so we will know he has a device token update_usermeta($user->ID, 'wiziapp_got_valid_mobile_token', $deviceToken); } $status = TRUE; } if ($only_validate) { return $status ? $user : FALSE; } else { // id, name, package, next_billing $result = array(); if ($status) { $result = array("id" => $user->ID, "name" => $user->display_name, "package" => $user->user_level, "next_billing" => null, "direction" => "LTR"); } $header = array('action' => 'login', 'status' => $status, 'code' => $status ? 200 : 4004, 'message' => $status ? '' : __('Incorrect username or password', 'wiziapp')); echo json_encode(array_merge(array('header' => $header), $result)); exit; } } else { $GLOBALS['WiziappLog']->write('error', "Something in the request was missing: !empty({$username}) && !empty({$deviceToken}) && !empty({$appToken}) && !empty({$udid})", "remote"); } }
/** * Authenticate user with remember capability. * * The credentials is an array that has 'user_login', 'user_password', and * 'remember' indices. If the credentials is not given, then the log in form * will be assumed and used if set. * * The various authentication cookies will be set by this function and will be * set for a longer period depending on if the 'remember' credential is set to * true. * * @since 2.5.0 * * @param array $credentials Optional. User info in order to sign on. * @param bool $secure_cookie Optional. Whether to use secure cookie. * @return object Either WP_Error on failure, or WP_User on success. */ function wp_signon( $credentials = '', $secure_cookie = '' ) { if ( empty($credentials) ) { if ( ! empty($_POST['log']) ) $credentials['user_login'] = $_POST['log']; if ( ! empty($_POST['pwd']) ) $credentials['user_password'] = $_POST['pwd']; if ( ! empty($_POST['rememberme']) ) $credentials['remember'] = $_POST['rememberme']; } if ( !empty($credentials['remember']) ) $credentials['remember'] = true; else $credentials['remember'] = false; // TODO do we deprecate the wp_authentication action? do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password'])); if ( '' === $secure_cookie ) $secure_cookie = is_ssl(); $secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, $credentials); global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie $auth_secure_cookie = $secure_cookie; add_filter('authenticate', 'wp_authenticate_cookie', 30, 3); $user = wp_authenticate($credentials['user_login'], $credentials['user_password']); if ( is_wp_error($user) ) { if ( $user->get_error_codes() == array('empty_username', 'empty_password') ) { $user = new WP_Error('', ''); } return $user; } wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie); do_action('wp_login', $user->user_login, $user); return $user; }
/** * authenticate user against deprecated user_login if login fails and send a message with the new user_login * * @ince 0.0.1 * @access public * @static * @use_filter authenticate * @return void */ public static function authenticate($user, $username, $password) { if (is_wp_error($user) && !empty($username) && !empty($password)) { $deprecated_login = $username; global $wpdb; $sql = $wpdb->prepare("\n\t\t\t\tselect user_login from {$wpdb->users} where ID in (\n\t\t\t\t\tselect user_id from {$wpdb->usermeta} where\n\t\t\t\t\t\tmeta_key = 'deprecated_login'\n\t\t\t\t\t\tand meta_value = %s\n\t\t\t\t)\n\n\t\t\t", $deprecated_login); $username = $wpdb->get_var($sql); if (!empty($username)) { $user = wp_authenticate($username, $password); if (!is_wp_error($user)) { //notify user about changed username $message = "Hallo " . $deprecated_login . ",<br><br>" . "Diese Nachricht erhalten Sie, weil sie sich mit dem Benutzername '{$deprecated_login}' " . "im Netzwerk von rpi-virtuell/reliwerk angemeldet haben." . "<br>" . "Aus technischen Gründen (der Benutzername enthält Punkte, Sonderzeichen oder Leerzeichen) " . "musste dieser geändert werden und heißt nun '<b>" . $username . "</b>' " . "Bitte verwenden Sie zur Anmeldung nur noch den geänderten Benutzernamen.<br><br>" . "Vielen Dank für dein Verständnis! <br><br>" . "Dein Technik Team für <a href='http://about.rpi-virtuell.de'>rpi-virtuell</a>"; if ($user->user_email) { $bool = wp_mail($user->user_email, '[rpi-virtuell.de login] Dein Benutzername wurde geändert.', $message); } } } } return $user; }
public function basic_auth() { nocache_headers(); if (is_user_logged_in()) { return; } $usr = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : ''; $pwd = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : ''; if (empty($usr) && empty($pwd) && isset($_SERVER['HTTP_AUTHORIZATION']) && $_SERVER['HTTP_AUTHORIZATION']) { list($type, $auth) = explode(' ', $_SERVER['HTTP_AUTHORIZATION']); if (strtolower($type) === 'basic') { list($usr, $pwd) = explode(':', base64_decode($auth)); } } if (!is_wp_error(wp_authenticate($usr, $pwd))) { return; } header('WWW-Authenticate: Basic realm="Please Enter Your Password"'); header('HTTP/1.1 401 Unauthorized'); echo 'Authorization Required'; die; }
public function Validate($username, $password) { Log::Debug('Attempting to authenticate user against WordPress. User=%s', $username); $user = wp_authenticate($username, $password); if (is_wp_error($user)) { Log::Error('WordPress authentication error: %s', $user->get_error_message()); return false; } if ($user->exists()) { Log::Debug('WordPress authentication successful. User=%s', $username); $this->user = $user; $this->password = $password; return true; } else { Log::Debug('WordPress authentication failed. User=%s', $username); if ($this->options->RetryAgainstDatabase()) { Log::Debug('WordPress authentication retrying against database'); return $this->authToDecorate->Validate($username, $password); } } return false; }
/** * Ausführung der XMLRPC-Anfrage * * @since 1.1.0 * @change 1.2.5 * * @param array $args Array mit Parametern (Zugangsdaten) * @return string String mit Ergebnissen */ public static function xmlrpc_callback($args) { /* Keine Zugangsdaten? */ if (empty($args[0]) or empty($args[1])) { return '{"error": "Empty login data"}'; } /* Nutzer einloggen */ $user = wp_authenticate($args[0], $args[1]); /* Falsche Zugangsdaten */ if (!$user or is_wp_error($user)) { return '{"error": "Incorrect login"}'; } /* Berechtigung prüfen */ if (!user_can($user, 'edit_dashboard')) { return '{"error": "User can check failed"}'; } /* Leer? */ if (!($data = Statify_Dashboard::get_stats())) { return '{"error": "No data"}'; } return json_encode($data['visits']); }
public function generate_auth_cookie() { global $json_api; $nonce_id = $json_api->get_nonce_id('auth', 'generate_auth_cookie'); if (!wp_verify_nonce($json_api->query->nonce, $nonce_id)) { $json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method."); } if (!$json_api->query->username) { $json_api->error("You must include a 'username' var in your request."); } if (!$json_api->query->password) { $json_api->error("You must include a 'password' var in your request."); } $user = wp_authenticate($json_api->query->username, $json_api->query->password); if (is_wp_error($user)) { $json_api->error("Invalid username and/or password.", 'error', '401'); remove_action('wp_login_failed', $json_api->query->username); } $expiration = time() + apply_filters('auth_cookie_expiration', 1209600, $user->ID, true); $cookie = wp_generate_auth_cookie($user->ID, $expiration, 'logged_in'); return array("cookie" => $cookie, "user" => array("id" => $user->ID, "username" => $user->user_login, "nicename" => $user->user_nicename, "email" => $user->user_email, "url" => $user->user_url, "registered" => $user->user_registered, "displayname" => $user->display_name, "firstname" => $user->user_firstname, "lastname" => $user->last_name, "nickname" => $user->nickname, "description" => $user->user_description, "capabilities" => $user->wp_capabilities)); }
public function authenticate() { nocache_headers(); if ($is_allowed = $this->isAllowed()) { return true; } $username = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : ''; $password = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : ''; if (empty($username) && empty($password) && $this->http->header('Authorization')) { list($type, $auth) = explode(' ', $this->http->header('Authorization')); if (strtolower($type) === 'basic') { list($username, $password) = explode(':', base64_decode($auth)); } } $user = get_user_by($this->settings['username'], $username); $is_authenticated = wp_authenticate($user->user_login, $password); if (!is_wp_error($is_authenticated)) { return true; } header('WWW-Authenticate: Basic realm="Please Enter Your Password"'); wp_die('You need to enter a Username and a Password if you want to see this website.', 'Authorization Required', array('response' => 401)); }
/** * Plugin Name: JSON Basic Authentication * Description: Basic Authentication handler for the JSON API, used for development and debugging purposes * Author: WordPress API Team * Author URI: https://github.com/WP-API * Version: 0.1 * Plugin URI: https://github.com/WP-API/Basic-Auth */ function json_basic_auth_handler($user) { global $wp_json_basic_auth_error; $wp_json_basic_auth_error = null; // Don't authenticate twice if (!empty($user)) { return $user; } /** * Custom addition from https://github.com/WP-API/Basic-Auth/issues/21 to support MAMP-style local servers * The following allows Basic Auth support when PHP is running as any form of CGI * In order for this to work one needs to add : "SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1" to the .htaccess */ if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6))); } // Check that we're trying to authenticate if (!isset($_SERVER['PHP_AUTH_USER'])) { return $user; } $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; /** * In multi-site, wp_authenticate_spam_check filter is run on authentication. This filter calls * get_currentuserinfo which in turn calls the determine_current_user filter. This leads to infinite * recursion and a stack overflow unless the current function is removed from the determine_current_user * filter during authentication. */ remove_filter('determine_current_user', 'json_basic_auth_handler', 20); $user = wp_authenticate($username, $password); add_filter('determine_current_user', 'json_basic_auth_handler', 20); if (is_wp_error($user)) { $wp_json_basic_auth_error = $user; return null; } $wp_json_basic_auth_error = true; return $user->ID; }
/** * Sign the contract. * * @since 1.3 * @param * @return */ function mdjm_sign_event_contract_action($data) { // Check the password is correct $user = wp_get_current_user(); $password_confirmation = wp_authenticate($user->user_login, $data['mdjm_verify_password']); $data['mdjm_accept_terms'] = !empty($data['mdjm_accept_terms']) ? $data['mdjm_accept_terms'] : false; $data['mdjm_confirm_client'] = !empty($data['mdjm_confirm_client']) ? $data['mdjm_confirm_client'] : false; if (is_wp_error($password_confirmation)) { $message = 'password_error'; } elseif (!wp_verify_nonce($data['mdjm_nonce'], 'sign_contract')) { $message = 'nonce_fail'; } else { // Setup the signed contract details $posted = array(); foreach ($data as $key => $value) { if ($key != 'mdjm_nonce' && $key != 'mdjm_action' && $key != 'mdjm_redirect' && $key != 'mdjm_submit_sign_contract') { // All fields are required if (empty($value)) { wp_redirect(add_query_arg(array('event_id' => $data['event_id'], 'mdjm_message' => 'contract_data_missing'), mdjm_get_formatted_url(mdjm_get_option('contracts_page')))); die; } elseif (is_string($value) || is_int($value)) { $posted[$key] = strip_tags(addslashes($value)); } elseif (is_array($value)) { $posted[$key] = array_map('absint', $value); } } } if (mdjm_sign_event_contract($data['event_id'], $posted)) { $message = 'contract_signed'; } else { $message = 'contract_not_signed'; } } wp_redirect(add_query_arg(array('event_id' => $data['event_id'], 'mdjm_message' => $message), mdjm_get_formatted_url(mdjm_get_option('contracts_page')))); die; }